2 # OSSEC 1.3 .spec file - AGENT
3 # Fri Aug 17 15:19:40 EDT 2007
8 # o Safety checks for %clean
12 # o create an RPM_README.txt and put it in the source tree
16 Summary: Open Source Host-based Intrusion Detection System (Server)
17 Name: ossec-hids-agent-FC7
21 Group: Applications/Security
22 URL: http://www.ossec.net
23 Packager: Michael Williams (maverick@maverick.org)
24 Source: http://www.ossec.net/files/ossec-hids-1.3.tar.gz
25 Requires: /usr/sbin/useradd, /usr/sbin/groupadd, /usr/sbin/groupdel, /usr/sbin/userdel, /sbin/service, /sbin/chkconfig
28 OSSEC is an Open Source Host-based Intrusion
29 Detection System. It performs log analysis,
30 integrity checking, Windows registry monitoring,
31 rootkit detection, real-time alerting and active
37 %setup -n ossec-hids-1.3
40 /bin/cp /usr/local/src/OSSEC-RPM/1.3/agent/preloaded-vars.conf ${RPM_BUILD_DIR}/ossec-hids-1.3/etc/
45 rm -rf $RPM_BUILD_ROOT
48 ################################################################################
51 if ! grep "^ossec" /etc/group > /dev/null ; then
52 /usr/sbin/groupadd ossec
56 ################################################################################
59 for USER in ossec ; do
60 if ! grep "^${USER}" /etc/passwd > /dev/null ; then
61 /usr/sbin/useradd -d /var/ossec -s /bin/false -g ossec ${USER}
69 ################################################################################
70 # Create OSSEC /etc/init.d/ossec file
72 cat <<EOF >> /etc/init.d/ossec
78 # chkconfig: 2345 12 88
79 # description: OSSEC is an open source host based IDS
84 # Source function library.
85 . /etc/init.d/functions
87 [ -f /var/ossec/bin/ossec-control ] || exit 0
95 /var/ossec/bin/ossec-control start
98 /var/ossec/bin/ossec-control stop
101 /var/ossec/bin/ossec-control status
104 /var/ossec/bin/ossec-control restart
107 echo "Usage: /var/ossec/bin/ossec-control {start|stop|status|restart}"
113 /bin/chown root.root /etc/init.d/ossec
114 /bin/chmod 755 /etc/init.d/ossec
116 ################################################################################
117 # Set configuration so OSSEC starts on reboot
119 /sbin/chkconfig --add ossec
120 /sbin/chkconfig ossec on
123 # Run service command, make sure OSSEC is stopped
124 /sbin/service ossec stop
126 # Run chkconfig, stop ossec from starting on boot
127 /sbin/chkconfig ossec off
128 /sbin/chkconfig --del ossec
131 [ -f /etc/init.d/ossec ] && rm /etc/init.d/ossec
134 for USER in ossec ossecm ossecr ; do
135 if grep "^${USER}" /etc/passwd > /dev/null ; then
136 /usr/sbin/userdel -r ${USER}
141 if grep "^ossec" /etc/group > /dev/null ; then
142 /usr/sbin/groupdel ossec
147 %doc README BUGS CONFIG CONTRIB INSTALL LICENSE
150 %attr(550, root, ossec) /var/ossec/
152 %attr(550, root, ossec) /var/ossec/var
153 %dir /var/ossec/var/run
154 %attr(770, root, ossec) /var/ossec/var/run
155 %dir /var/ossec/active-response
156 %attr(550, root, ossec) /var/ossec/active-response
157 %dir /var/ossec/active-response/bin
158 %attr(550, root, ossec) /var/ossec/active-response/bin
159 /var/ossec/active-response/bin/route-null.sh
160 %attr(755, root, ossec) /var/ossec/active-response/bin/route-null.sh
161 /var/ossec/active-response/bin/host-deny.sh
162 %attr(755, root, ossec) /var/ossec/active-response/bin/host-deny.sh
163 /var/ossec/active-response/bin/firewall-drop.sh
164 %attr(755, root, ossec) /var/ossec/active-response/bin/firewall-drop.sh
165 %dir /var/ossec/active-response/bin/firewalls
166 %attr(755, root, ossec) /var/ossec/active-response/bin/firewalls
167 /var/ossec/active-response/bin/firewalls/pf.sh
168 /var/ossec/active-response/bin/firewalls/ipfw.sh
169 /var/ossec/active-response/bin/firewalls/ipfw_mac.sh
170 /var/ossec/active-response/bin/disable-account.sh
171 %attr(755, root, ossec) /var/ossec/active-response/bin/disable-account.sh
173 %attr(550, root, ossec) /var/ossec/bin
174 /var/ossec/bin/ossec-agentd
175 %attr(550, root, ossec) /var/ossec/bin/ossec-agentd
176 /var/ossec/bin/ossec-logcollector
177 %attr(550, root, ossec) /var/ossec/bin/ossec-logcollector
178 /var/ossec/bin/ossec-control
179 %attr(550, root, ossec) /var/ossec/bin/ossec-control
180 /var/ossec/bin/ossec-syscheckd
181 %attr(550, root, ossec) /var/ossec/bin/ossec-syscheckd
182 /var/ossec/bin/manage_agents
183 %attr(550, root, ossec) /var/ossec/bin/manage_agents
184 /var/ossec/bin/ossec-execd
185 %attr(550, root, ossec) /var/ossec/bin/ossec-execd
187 %attr(550, root, ossec) /var/ossec/etc
188 /var/ossec/etc/internal_options.conf
189 %attr(440, root, ossec) /var/ossec/etc/internal_options.conf
190 /var/ossec/etc/localtime
191 %attr(644, root, root) /var/ossec/etc/localtime
192 %dir /var/ossec/etc/shared
193 %attr(770, root, ossec) /var/ossec/etc/shared
194 /var/ossec/etc/shared/win_malware_rcl.txt
195 %attr(770, root, ossec) /var/ossec/etc/shared/win_malware_rcl.txt
196 /var/ossec/etc/shared/win_applications_rcl.txt
197 %attr(770, root, ossec) /var/ossec/etc/shared/win_applications_rcl.txt
198 /var/ossec/etc/shared/win_audit_rcl.txt
199 %attr(770, root, ossec) /var/ossec/etc/shared/win_audit_rcl.txt
200 /var/ossec/etc/shared/rootkit_files.txt
201 %attr(770, root, ossec) /var/ossec/etc/shared/rootkit_files.txt
202 /var/ossec/etc/shared/rootkit_trojans.txt
203 %attr(770, root, ossec) /var/ossec/etc/shared/rootkit_trojans.txt
204 /var/ossec/etc/ossec.conf
205 %attr(440, root, ossec) /var/ossec/etc/ossec.conf
207 %attr(750, ossec, ossec) /var/ossec/logs
208 /var/ossec/logs/ossec.log
209 %attr(664, ossec, ossec) /var/ossec/logs/ossec.log
210 %dir /var/ossec/queue
211 %attr(550, root, ossec) /var/ossec/queue
212 %dir /var/ossec/queue/rids
213 %attr(775, root, ossec) /var/ossec/queue/rids
214 %dir /var/ossec/queue/alerts
215 %attr(550, root, ossec) /var/ossec/queue/alerts
216 %dir /var/ossec/queue/syscheck
217 %attr(550, root, ossec) /var/ossec/queue/syscheck
218 %dir /var/ossec/queue/ossec
219 %attr(770, ossec, ossec) /var/ossec/queue/ossec