3 # Uncomment this to turn on verbose mode.
8 PKGDIR = $(CURDIR)/debian/ossec-hids
9 DESTDIR = $(PKGDIR)/var/ossec
11 # OSSEC INSTALL SUBDIRS
12 SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run
14 ###################### hardening #################
16 include /usr/share/hardening-includes/hardening.make
18 CFLAGS=$(shell dpkg-buildflags --get CFLAGS)
19 LDFLAGS=$(shell dpkg-buildflags --get LDFLAGS)
20 CFLAGS+=$(HARDENING_CFLAGS)
21 LDFLAGS+=$(HARDENING_LDFLAGS)
23 ###################### main ######################
30 $(MAKE) -C $(SRCDIR) setlocal all build
42 # Add here commands to clean up after the build process.
43 $(MAKE) -C $(SRCDIR) clean
46 rm -f $(SRCDIR)/Config.OS \
47 $(SRCDIR)/analysisd/compiled_rules/compiled_rules.h \
48 $(SRCDIR)/analysisd/ossec-logtest \
49 $(SRCDIR)/isbigendian \
50 $(SRCDIR)/isbigendian.c \
51 $(SRCDIR)/analysisd/ossec-makelists
62 # ugly directory creation
63 for i in $(SUBDIRS); do \
64 mkdir -p -m 700 $(DESTDIR)/$$i; \
67 # various files installation
68 install -m 644 etc/internal_options.conf $(DESTDIR)/etc
69 install -m 644 etc/decoder.xml $(DESTDIR)/etc
70 install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared
71 if [ -e ossec-debian.conf ]; then \
72 install -m 440 ossec-debian.conf $(DESTDIR)/etc/ossec.conf; \
74 install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \
76 install -m 440 etc/ossec-*.conf $(DESTDIR)/etc
77 cp -r etc/rules/* $(DESTDIR)/rules
78 install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless
79 install -s -m 755 bin/* $(DESTDIR)/bin
80 install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin
81 ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control
82 install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin
83 install -m 755 active-response/firewalls/*.sh \
84 $(DESTDIR)/active-response/bin
87 chmod -R 550 $(DESTDIR)
88 chmod -R 770 $(DESTDIR)/queue/alerts
89 chmod -R 770 $(DESTDIR)/queue/ossec
90 chmod -R 750 $(DESTDIR)/queue/fts
91 chmod -R 750 $(DESTDIR)/queue/syscheck
92 chmod -R 750 $(DESTDIR)/queue/rootcheck
93 chmod -R 750 $(DESTDIR)/queue/diff
94 chmod -R 755 $(DESTDIR)/queue/agent-info
95 chmod -R 755 $(DESTDIR)/queue/rids
96 chmod -R 755 $(DESTDIR)/queue/agentless
97 chmod -R 750 $(DESTDIR)/stats
98 chmod -R 750 $(DESTDIR)/logs
99 chmod -R 550 $(DESTDIR)/rules
100 chmod 770 $(DESTDIR)/var/run
101 chmod 550 $(DESTDIR)/etc
102 chmod 440 $(DESTDIR)/etc/internal_options.conf
103 chmod -R 770 $(DESTDIR)/etc/shared
104 chmod 700 $(DESTDIR)/.ssh
105 chmod 755 $(DESTDIR)/active-response/bin/*
106 chmod 550 $(DESTDIR)/bin/*
107 chmod 440 $(DESTDIR)/etc/ossec.conf
109 # fixups: no need for execute bits on files there
110 find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';'
111 find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';'
114 mkdir -p $(PKGDIR)/etc/init.d
115 if [ -e ossec-hids-debian.init ]; then \
116 install -m 755 ossec-hids-debian.init \
117 $(PKGDIR)/etc/init.d/ossec-hids; \
119 install -m 755 src/init/ossec-hids.init \
120 $(PKGDIR)/etc/init.d/ossec-hids; \
124 echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf
125 echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf
126 echo "DATE=\"$(shell date --utc -d "$(shell dpkg-parsechangelog | sed -ne 's/Date: //p')")\"" >> $(PKGDIR)/etc/ossec-init.conf
127 echo "TYPE=\"local\"" >> $(PKGDIR)/etc/ossec-init.conf
129 # Build architecture-independent files here.
130 binary-indep: build install
131 # We have nothing to do by default.
133 # Build architecture-dependent files here.
134 binary-arch: build install
142 # dh_installlogrotate
164 binary: binary-indep binary-arch
165 .PHONY: build clean binary-indep binary-arch binary install