3 # Uncomment this to turn on verbose mode.
8 PKGDIR = $(CURDIR)/debian/ossec-hids
9 DESTDIR = $(PKGDIR)/var/ossec
11 # OSSEC INSTALL SUBDIRS
12 SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run
13 BINARIES = agent_control clear_stats list_agents manage_agents ossec-agentd ossec-agentlessd ossec-analysisd ossec-authd ossec-csyslogd ossec-dbd ossec-execd ossec-logcollector ossec-logtest ossec-maild ossec-makelists ossec-monitord ossec-regex ossec-regex-convert ossec-remoted ossec-reportd ossec-syscheckd rootcheck_control syscheck_control syscheck_update verify-agent-conf
15 ###################### hardening #################
17 export DEB_BUILD_HARDENING=1
18 export DEB_BUILD_HARDENING_FORTIFY=1
20 ###################### main ######################
27 $(MAKE) -C $(SRCDIR) TARGET=local
39 # Add here commands to clean up after the build process.
40 $(MAKE) -C $(SRCDIR) clean
43 rm -f $(SRCDIR)/Config.OS \
44 $(SRCDIR)/analysisd/compiled_rules/compiled_rules.h \
45 $(SRCDIR)/analysisd/ossec-logtest \
46 $(SRCDIR)/isbigendian \
47 $(SRCDIR)/isbigendian.c \
48 $(SRCDIR)/analysisd/ossec-makelists
59 # ugly directory creation
60 for i in $(SUBDIRS); do \
61 mkdir -p -m 700 $(DESTDIR)/$$i; \
64 # various files installation
65 install -m 644 etc/internal_options.conf $(DESTDIR)/etc
66 install -m 644 etc/decoder.xml $(DESTDIR)/etc
67 install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared
68 if [ -e ossec-debian.conf ]; then \
69 install -m 440 ossec-debian.conf $(DESTDIR)/etc/ossec.conf; \
71 install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \
73 install -m 440 etc/ossec-*.conf $(DESTDIR)/etc
74 cp -r etc/rules/* $(DESTDIR)/rules
75 install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless
77 #install -s -m 755 bin/* $(DESTDIR)/bin
78 for bin in $(BINARIES); do \
79 install -s -m 755 src/$$bin $(DESTDIR)/bin; \
82 install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin
83 ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control
84 install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin
85 install -m 755 active-response/firewalls/*.sh \
86 $(DESTDIR)/active-response/bin
89 chmod -R 550 $(DESTDIR)
90 chmod -R 770 $(DESTDIR)/queue/alerts
91 chmod -R 770 $(DESTDIR)/queue/ossec
92 chmod -R 750 $(DESTDIR)/queue/fts
93 chmod -R 750 $(DESTDIR)/queue/syscheck
94 chmod -R 750 $(DESTDIR)/queue/rootcheck
95 chmod -R 750 $(DESTDIR)/queue/diff
96 chmod -R 755 $(DESTDIR)/queue/agent-info
97 chmod -R 755 $(DESTDIR)/queue/rids
98 chmod -R 755 $(DESTDIR)/queue/agentless
99 chmod -R 750 $(DESTDIR)/stats
100 chmod -R 750 $(DESTDIR)/logs
101 chmod -R 550 $(DESTDIR)/rules
102 chmod 770 $(DESTDIR)/var/run
103 chmod 550 $(DESTDIR)/etc
104 chmod 440 $(DESTDIR)/etc/internal_options.conf
105 chmod -R 770 $(DESTDIR)/etc/shared
106 chmod 700 $(DESTDIR)/.ssh
107 chmod 755 $(DESTDIR)/active-response/bin/*
108 chmod 550 $(DESTDIR)/bin/*
109 chmod 440 $(DESTDIR)/etc/ossec.conf
111 # fixups: no need for execute bits on files there
112 find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';'
113 find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';'
116 mkdir -p $(PKGDIR)/etc/init.d
117 if [ -e ossec-hids-debian.init ]; then \
118 install -m 755 ossec-hids-debian.init \
119 $(PKGDIR)/etc/init.d/ossec-hids; \
121 install -m 755 src/init/ossec-hids.init \
122 $(PKGDIR)/etc/init.d/ossec-hids; \
126 echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf
127 echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf
128 echo "DATE=\"$(shell date --utc -d "$(shell dpkg-parsechangelog | sed -ne 's/Date: //p')")\"" >> $(PKGDIR)/etc/ossec-init.conf
129 echo "TYPE=\"local\"" >> $(PKGDIR)/etc/ossec-init.conf
131 # Build architecture-independent files here.
132 binary-indep: build install
133 # We have nothing to do by default.
135 # Build architecture-dependent files here.
136 binary-arch: build install
144 # dh_installlogrotate
166 binary: binary-indep binary-arch
167 .PHONY: build clean binary-indep binary-arch binary install