From ad6aedb9016c5ab9dbc0ac73830206dc71025930 Mon Sep 17 00:00:00 2001 From: Dinko Korunic <Dinko.Korunic@CARNet.hr> Date: Sun, 21 Oct 2007 16:02:05 +0000 Subject: [PATCH 1/1] r1: [svn-inject] Installing original source of ossec-hids-cn --- README.CARNet | 7 ++++ changelog.CARNet | 1 + debian/changelog | 5 +++ debian/compat | 1 + debian/control | 23 +++++++++++ debian/docs | 2 + debian/postinst | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ debian/postrm | 58 +++++++++++++++++++++++++++ debian/rules | 73 ++++++++++++++++++++++++++++++++++ 9 files changed, 284 insertions(+) create mode 100644 README.CARNet create mode 120000 changelog.CARNet create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/control create mode 100644 debian/docs create mode 100755 debian/postinst create mode 100755 debian/postrm create mode 100755 debian/rules diff --git a/README.CARNet b/README.CARNet new file mode 100644 index 0000000..0ae07bc --- /dev/null +++ b/README.CARNet @@ -0,0 +1,7 @@ +ossec-hids-cn +~~~~~~~~~~~~~ + +Ovaj paket donosi neka dodatna pravila i iznimke za CARNet pakete, odnosno +OSSEC detekciju problema vezanih uz CARNet pakete. + + -- Dinko Korunic <kreator@carnet.hr> Sun, 21 Oct 2007 17:32:00 +0200 diff --git a/changelog.CARNet b/changelog.CARNet new file mode 120000 index 0000000..194579e --- /dev/null +++ b/changelog.CARNet @@ -0,0 +1 @@ +changelog.Debian \ No newline at end of file diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..c730abc --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +ossec-hids-cn (1.3-1) stable; urgency=low + + * inicijalna verzija paketa + + -- Dinko Korunic <kreator@carnet.hr> Sun, 21 Oct 2007 17:50:14 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b8626c4 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +4 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..fb76baf --- /dev/null +++ b/debian/control @@ -0,0 +1,23 @@ +Source: ossec-hids-cn +Section: net +Priority: optional +Maintainer: Dinko Korunic <kreator@carnet.hr> +Build-Depends: debhelper (>= 4) +Standards-Version: 3.7.2 + +Package: ossec-hids-cn +Architecture: all +Depends: ossec-hids (>= 1.3-1), carnet-tools-cn (>= 2.1.8) +Description: OSSEC HIDS CARNetization + OSSEC is a scalable, multi-platform, open source Host-based Intrusion + Detection System (HIDS). It has a powerful correlation and analysis + engine, integrating log analysis, file integrity checking, Windows + registry monitoring, centralized policy enforcement, rootkit detection, + real-time alerting and active response. + . + It runs on most operating systems, including Linux, OpenBSD, FreeBSD, + MacOS, Solaris and Windows. + . + More information on OSSEC is available at: http://www.ossec.net/ . + . + This package brings CARNet-related configuration for OSSEC. diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..ef5ce6c --- /dev/null +++ b/debian/docs @@ -0,0 +1,2 @@ +changelog.CARNet +README.CARNet diff --git a/debian/postinst b/debian/postinst new file mode 100755 index 0000000..eb8c4f2 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,114 @@ +#!/bin/sh +# postinst script for bind9-cn +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# + +case "$1" in + configure|reconfigure) + # continue below + ;; + + *) + exit 0 + ;; +esac + +# import CN-functions +. /usr/share/carnet-tools/functions.sh + +# get installation directory +. /etc/ossec-init.conf +if [ "X${DIRECTORY}" = "X" ]; then + DIRECTORY="/var/ossec" +fi + +# sanity check +if [ ! -d "$DIRECTORY/rules" ]; then + echo "CN: There is no "$DIRECTORY/rules" directory, exiting..." + echo "CN: Please reinstall ossec-hids package" + exit 1 +fi + +# find first available sid +local_rules="$DIRECTORY/rules/local_rules.xml" +script=' +BEGIN { + FS = "\"" +} +/^[ \t]*<rule id="[[:digit:]]+" .*>/ { + if (max < $2) + max = $2 +} +END { + print max +}; +' +sid=100000 +if [ -e "$local_rules" ]; then + sid=$(awk "$script" "$local_rules") +fi + +# update local rules with our policy +if [ -e "$local_rules" ]; then + cp "$local_rules" "$local_rules.$$" +else + touch "$local_rules.$$" +fi + +cp-update --comment '<!--' --comment-end '-->' \ + ossec-hids-cn "$local_rules.$$" <<EOF +<group name="syslog,errors,local"> + <rule id="$(expr "$sid" + 1)" level="0"> + <if_sid>1002</if_sid> + <match>rsync</match> + <description>Events ignored</description> + </rule> + + <rule id="$(expr "$sid" + 1)" level="0"> + <if_sid>1002</if_sid> + <program_name>^sophie|^smartd</program_name> + <description>Events ignored</description> + </rule> +</group> + +<group name="syslog,postfix,local"> + <rule id="$(expr "$sid" + 1)" level="0"> + <if_sid>3303</if_sid> + <description>Events ignored</description> + </rule> + + <rule id="$(expr "$sid" + 1)" level="0"> + <if_sid>3356</if_sid> + <description>Ignore blacklisted mail...</description> + </rule> +</group> +EOF +cp_mv "$local_rules.$$" "$local_rules" + +# and restart the service +if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d ossec-hids restart +else + /etc/init.d/ossec-hids restart +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/postrm b/debian/postrm new file mode 100755 index 0000000..536075c --- /dev/null +++ b/debian/postrm @@ -0,0 +1,58 @@ +#!/bin/sh +# postrm script for bind9-cn +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postrm> `remove' +# * <postrm> `purge' +# * <old-postrm> `upgrade' <new-version> +# * <new-postrm> `failed-upgrade' <old-version> +# * <new-postrm> `abort-install' +# * <new-postrm> `abort-install' <old-version> +# * <new-postrm> `abort-upgrade' <old-version> +# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in + purge) + # continue below + ;; + + *) + exit 0 + ;; +esac + +# import CN-functions +. /usr/share/carnet-tools/functions.sh + +# get installation directory +. /etc/ossec-init.conf +if [ "X${DIRECTORY}" = "X" ]; then + DIRECTORY="/var/ossec" +fi + +# remove our block +local_rules="$DIRECTORY/rules/local_rules.xml" +if [ -e "$local_rules" ]; then + cp-update --comment '<!--' --comment-end '-->' \ + -r ossec-hids-cn "$local_rules" +fi + +# and start the service +if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d ossec-hids restart +else + /etc/init.d/ossec-hids restart +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..ec73f03 --- /dev/null +++ b/debian/rules @@ -0,0 +1,73 @@ +#!/usr/bin/make -f +# Sample debian/rules that uses debhelper. +# This file is public domain software, originally written by Joey Hess. +# +# This version is for packages that are architecture independent. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +build: build-stamp +build-stamp: + dh_testdir + + # Add here commands to compile the package. + #$(MAKE) + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + #-$(MAKE) clean + #-$(MAKE) distclean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/<packagename>. + #$(MAKE) prefix=`pwd`/debian/`dh_listpackages`/usr install + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs +# dh_installexamples +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installcatalogs +# dh_installpam +# dh_installmime +# dh_installinit +# dh_installcron +# dh_installinfo +# dh_undocumented + dh_installman + dh_link + dh_compress + dh_fixperms +# dh_perl +# dh_python + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install +# We have nothing to do by default. + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install -- 1.7.10.4