From ad6aedb9016c5ab9dbc0ac73830206dc71025930 Mon Sep 17 00:00:00 2001
From: Dinko Korunic <Dinko.Korunic@CARNet.hr>
Date: Sun, 21 Oct 2007 16:02:05 +0000
Subject: [PATCH 1/1] r1: [svn-inject] Installing original source of
 ossec-hids-cn

---
 README.CARNet    |    7 ++++
 changelog.CARNet |    1 +
 debian/changelog |    5 +++
 debian/compat    |    1 +
 debian/control   |   23 +++++++++++
 debian/docs      |    2 +
 debian/postinst  |  114 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 debian/postrm    |   58 +++++++++++++++++++++++++++
 debian/rules     |   73 ++++++++++++++++++++++++++++++++++
 9 files changed, 284 insertions(+)
 create mode 100644 README.CARNet
 create mode 120000 changelog.CARNet
 create mode 100644 debian/changelog
 create mode 100644 debian/compat
 create mode 100644 debian/control
 create mode 100644 debian/docs
 create mode 100755 debian/postinst
 create mode 100755 debian/postrm
 create mode 100755 debian/rules

diff --git a/README.CARNet b/README.CARNet
new file mode 100644
index 0000000..0ae07bc
--- /dev/null
+++ b/README.CARNet
@@ -0,0 +1,7 @@
+ossec-hids-cn
+~~~~~~~~~~~~~
+
+Ovaj paket donosi neka dodatna pravila i iznimke za CARNet pakete, odnosno
+OSSEC detekciju problema vezanih uz CARNet pakete.
+
+ -- Dinko Korunic <kreator@carnet.hr>  Sun, 21 Oct 2007 17:32:00 +0200
diff --git a/changelog.CARNet b/changelog.CARNet
new file mode 120000
index 0000000..194579e
--- /dev/null
+++ b/changelog.CARNet
@@ -0,0 +1 @@
+changelog.Debian
\ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..c730abc
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+ossec-hids-cn (1.3-1) stable; urgency=low
+
+  * inicijalna verzija paketa
+
+ -- Dinko Korunic <kreator@carnet.hr>  Sun, 21 Oct 2007 17:50:14 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..b8626c4
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+4
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..fb76baf
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,23 @@
+Source: ossec-hids-cn
+Section: net
+Priority: optional
+Maintainer: Dinko Korunic <kreator@carnet.hr>
+Build-Depends: debhelper (>= 4)
+Standards-Version: 3.7.2
+
+Package: ossec-hids-cn
+Architecture: all
+Depends: ossec-hids (>= 1.3-1), carnet-tools-cn (>= 2.1.8)
+Description: OSSEC HIDS CARNetization
+ OSSEC is a scalable, multi-platform, open source Host-based Intrusion
+ Detection System (HIDS). It has a powerful correlation and analysis
+ engine, integrating log analysis, file integrity checking, Windows
+ registry monitoring, centralized policy enforcement, rootkit detection,
+ real-time alerting and active response.
+ .
+ It runs on most operating systems, including Linux, OpenBSD, FreeBSD,
+ MacOS, Solaris and Windows.
+ .
+ More information on OSSEC is available at: http://www.ossec.net/ .
+ .
+ This package brings CARNet-related configuration for OSSEC.
diff --git a/debian/docs b/debian/docs
new file mode 100644
index 0000000..ef5ce6c
--- /dev/null
+++ b/debian/docs
@@ -0,0 +1,2 @@
+changelog.CARNet
+README.CARNet
diff --git a/debian/postinst b/debian/postinst
new file mode 100755
index 0000000..eb8c4f2
--- /dev/null
+++ b/debian/postinst
@@ -0,0 +1,114 @@
+#!/bin/sh
+# postinst script for bind9-cn
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+    configure|reconfigure)
+      # continue below
+    ;;
+
+    *)
+        exit 0
+    ;;
+esac
+
+# import CN-functions
+. /usr/share/carnet-tools/functions.sh
+
+# get installation directory
+. /etc/ossec-init.conf
+if [ "X${DIRECTORY}" = "X" ]; then
+    DIRECTORY="/var/ossec"
+fi
+
+# sanity check
+if [ ! -d "$DIRECTORY/rules" ]; then
+    echo "CN: There is no "$DIRECTORY/rules" directory, exiting..."
+    echo "CN: Please reinstall ossec-hids package"
+    exit 1
+fi
+
+# find first available sid
+local_rules="$DIRECTORY/rules/local_rules.xml"
+script='
+BEGIN {
+    FS = "\""
+}
+/^[ \t]*<rule id="[[:digit:]]+" .*>/ {
+    if (max < $2)
+        max = $2
+}
+END {
+    print max
+};
+'
+sid=100000
+if [ -e "$local_rules" ]; then
+    sid=$(awk "$script" "$local_rules")
+fi
+
+# update local rules with our policy
+if [ -e "$local_rules" ]; then
+    cp "$local_rules" "$local_rules.$$"
+else
+    touch "$local_rules.$$"
+fi
+
+cp-update --comment '<!--' --comment-end '-->' \
+    ossec-hids-cn "$local_rules.$$" <<EOF
+<group name="syslog,errors,local">
+ <rule id="$(expr "$sid" + 1)" level="0">
+   <if_sid>1002</if_sid>
+   <match>rsync</match>
+   <description>Events ignored</description>
+ </rule>
+
+ <rule id="$(expr "$sid" + 1)" level="0">
+   <if_sid>1002</if_sid>
+   <program_name>^sophie|^smartd</program_name>
+   <description>Events ignored</description>
+ </rule>
+</group>
+
+<group name="syslog,postfix,local">
+ <rule id="$(expr "$sid" + 1)" level="0">
+   <if_sid>3303</if_sid>
+   <description>Events ignored</description>
+ </rule>
+
+ <rule id="$(expr "$sid" + 1)" level="0">
+  <if_sid>3356</if_sid>
+  <description>Ignore blacklisted mail...</description>
+ </rule>
+</group>
+EOF
+cp_mv "$local_rules.$$" "$local_rules"
+
+# and restart the service
+if [ -x /usr/sbin/invoke-rc.d ]; then
+    invoke-rc.d ossec-hids restart
+else
+    /etc/init.d/ossec-hids restart
+fi
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/postrm b/debian/postrm
new file mode 100755
index 0000000..536075c
--- /dev/null
+++ b/debian/postrm
@@ -0,0 +1,58 @@
+#!/bin/sh
+# postrm script for bind9-cn
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+    purge)
+      # continue below
+    ;;
+
+    *)
+        exit 0
+    ;;
+esac
+
+# import CN-functions
+. /usr/share/carnet-tools/functions.sh
+
+# get installation directory
+. /etc/ossec-init.conf
+if [ "X${DIRECTORY}" = "X" ]; then
+    DIRECTORY="/var/ossec"
+fi
+
+# remove our block
+local_rules="$DIRECTORY/rules/local_rules.xml"
+if [ -e "$local_rules" ]; then
+    cp-update --comment '<!--' --comment-end '-->' \
+        -r ossec-hids-cn "$local_rules"
+fi
+
+# and start the service
+if [ -x /usr/sbin/invoke-rc.d ]; then
+    invoke-rc.d ossec-hids restart
+else
+    /etc/init.d/ossec-hids restart
+fi
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..ec73f03
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,73 @@
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper. 
+# This file is public domain software, originally written by Joey Hess.
+#
+# This version is for packages that are architecture independent.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+build: build-stamp
+build-stamp:
+	dh_testdir
+
+	# Add here commands to compile the package.
+	#$(MAKE)
+
+	touch build-stamp
+
+clean:
+	dh_testdir
+	dh_testroot
+	rm -f build-stamp
+
+	# Add here commands to clean up after the build process.
+	#-$(MAKE) clean
+	#-$(MAKE) distclean
+
+	dh_clean
+
+install: build
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+
+	# Add here commands to install the package into debian/<packagename>.
+	#$(MAKE) prefix=`pwd`/debian/`dh_listpackages`/usr install
+
+# Build architecture-independent files here.
+binary-indep: build install
+	dh_testdir
+	dh_testroot
+	dh_installchangelogs
+	dh_installdocs
+#	dh_installexamples
+#	dh_installmenu
+#	dh_installdebconf
+#	dh_installlogrotate
+#	dh_installemacsen
+#	dh_installcatalogs
+#	dh_installpam
+#	dh_installmime
+#	dh_installinit
+#	dh_installcron
+#	dh_installinfo
+#	dh_undocumented
+	dh_installman
+	dh_link
+	dh_compress
+	dh_fixperms
+#	dh_perl
+#	dh_python
+	dh_installdeb
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+# Build architecture-dependent files here.
+binary-arch: build install
+# We have nothing to do by default.
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
-- 
1.7.10.4