3 # Uncomment this to turn on verbose mode.
8 PKGDIR = $(CURDIR)/debian/ossec-hids
9 DESTDIR = $(PKGDIR)/var/ossec
11 # OSSEC INSTALL SUBDIRS
12 SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run
14 ###################### hardening #################
16 export DEB_BUILD_HARDENING=1
17 export DEB_BUILD_HARDENING_FORTIFY=1
19 ###################### main ######################
26 $(MAKE) -C $(SRCDIR) setlocal all build
38 # Add here commands to clean up after the build process.
39 $(MAKE) -C $(SRCDIR) clean
42 rm -f $(SRCDIR)/Config.OS \
43 $(SRCDIR)/analysisd/compiled_rules/compiled_rules.h \
44 $(SRCDIR)/analysisd/ossec-logtest \
45 $(SRCDIR)/isbigendian \
46 $(SRCDIR)/isbigendian.c \
47 $(SRCDIR)/analysisd/ossec-makelists
58 # ugly directory creation
59 for i in $(SUBDIRS); do \
60 mkdir -p -m 700 $(DESTDIR)/$$i; \
63 # various files installation
64 install -m 644 etc/internal_options.conf $(DESTDIR)/etc
65 install -m 644 etc/decoder.xml $(DESTDIR)/etc
66 install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared
67 if [ -e ossec-debian.conf ]; then \
68 install -m 440 ossec-debian.conf $(DESTDIR)/etc/ossec.conf; \
70 install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \
72 install -m 440 etc/ossec-*.conf $(DESTDIR)/etc
73 cp -r etc/rules/* $(DESTDIR)/rules
74 install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless
75 install -s -m 755 bin/* $(DESTDIR)/bin
76 install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin
77 ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control
78 install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin
79 install -m 755 active-response/firewalls/*.sh \
80 $(DESTDIR)/active-response/bin
83 chmod -R 550 $(DESTDIR)
84 chmod -R 770 $(DESTDIR)/queue/alerts
85 chmod -R 770 $(DESTDIR)/queue/ossec
86 chmod -R 750 $(DESTDIR)/queue/fts
87 chmod -R 750 $(DESTDIR)/queue/syscheck
88 chmod -R 750 $(DESTDIR)/queue/rootcheck
89 chmod -R 750 $(DESTDIR)/queue/diff
90 chmod -R 755 $(DESTDIR)/queue/agent-info
91 chmod -R 755 $(DESTDIR)/queue/rids
92 chmod -R 755 $(DESTDIR)/queue/agentless
93 chmod -R 750 $(DESTDIR)/stats
94 chmod -R 750 $(DESTDIR)/logs
95 chmod -R 550 $(DESTDIR)/rules
96 chmod 770 $(DESTDIR)/var/run
97 chmod 550 $(DESTDIR)/etc
98 chmod 440 $(DESTDIR)/etc/internal_options.conf
99 chmod -R 770 $(DESTDIR)/etc/shared
100 chmod 700 $(DESTDIR)/.ssh
101 chmod 755 $(DESTDIR)/active-response/bin/*
102 chmod 550 $(DESTDIR)/bin/*
103 chmod 440 $(DESTDIR)/etc/ossec.conf
105 # fixups: no need for execute bits on files there
106 find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';'
107 find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';'
110 mkdir -p $(PKGDIR)/etc/init.d
111 if [ -e ossec-hids-debian.init ]; then \
112 install -m 755 ossec-hids-debian.init \
113 $(PKGDIR)/etc/init.d/ossec-hids; \
115 install -m 755 src/init/ossec-hids.init \
116 $(PKGDIR)/etc/init.d/ossec-hids; \
120 echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf
121 echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf
122 echo "DATE=\"$(shell date --utc -d "$(shell dpkg-parsechangelog | sed -ne 's/Date: //p')")\"" >> $(PKGDIR)/etc/ossec-init.conf
123 echo "TYPE=\"local\"" >> $(PKGDIR)/etc/ossec-init.conf
125 # Build architecture-independent files here.
126 binary-indep: build install
127 # We have nothing to do by default.
129 # Build architecture-dependent files here.
130 binary-arch: build install
138 # dh_installlogrotate
160 binary: binary-indep binary-arch
161 .PHONY: build clean binary-indep binary-arch binary install