diff options
| author | Lukáš Jirkovský | 2015-06-21 18:44:27 +0200 |
|---|---|---|
| committer | Lukáš Jirkovský | 2015-06-21 18:44:27 +0200 |
| commit | ea9d115ba4a83913082622bbc2ffeb8210ec0487 (patch) | |
| tree | 6ce02fc96b58165edb5b967db176fa12d27fe699 | |
| download | aur-ea9d115ba4a83913082622bbc2ffeb8210ec0487.tar.gz | |
initial import
| -rw-r--r-- | .SRCINFO | 21 | ||||
| -rw-r--r-- | PKGBUILD | 72 | ||||
| -rw-r--r-- | config | 21 | ||||
| -rw-r--r-- | ossec.install | 24 | ||||
| -rw-r--r-- | ossec.service | 10 |
5 files changed, 148 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..e852dadd775f --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,21 @@ +pkgbase = ossec-agent + pkgdesc = Open Source Host-based Intrusion Detection System + pkgver = 2.8.2 + pkgrel = 1 + url = http://www.ossec.net/ + install = ossec.install + arch = i686 + arch = x86_64 + license = GPL3 + depends = openssl + options = emptydirs + backup = var/ossec/etc/ossec.conf + source = http://www.ossec.net/files/ossec-hids-2.8.2.tar.gz + source = ossec.service + source = config + md5sums = 3036d5babc96216135759338466e1f79 + md5sums = 4a197f7f05b2a1d0da54e4fdef1718a5 + md5sums = ff3c9d0cec6fbd907e4c301625cb4112 + +pkgname = ossec-agent + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..93754a7f1863 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,72 @@ +# Maintainer: Lukas Jirkovsky <l.jirkovsky@gmail.com> +pkgname=ossec-agent +pkgver=2.8.2 +pkgrel=1 +pkgdesc="Open Source Host-based Intrusion Detection System" +arch=('i686' 'x86_64') +url="http://www.ossec.net/" +license=('GPL3') +depends=('openssl') +backup=('var/ossec/etc/ossec.conf') +install=ossec.install +options=('emptydirs') +source=(http://www.ossec.net/files/ossec-hids-$pkgver.tar.gz \ + ossec.service config) +md5sums=('3036d5babc96216135759338466e1f79' + '4a197f7f05b2a1d0da54e4fdef1718a5' + 'ff3c9d0cec6fbd907e4c301625cb4112') + +_instdir=/var/ossec + +_preparevars() { + export USER_NO_STOP=yes + export USER_LANGUAGE=en + export USER_INSTALL_TYPE=agent + export USER_DIR=$_instdir + export USER_BINARYINSTALL=x +} + +build() { + cd "$srcdir/ossec-hids-$pkgver" + + _preparevars + . "$srcdir/config" # load configuration + + # fix placement of ossec-init.conf + sed -i "s|^OSSEC_INIT.*|OSSEC_INIT=\"$pkgdir/etc/ossec-init.conf\"|" src/init/shared.sh + # change the install location + sed -i "s|^DIR=.*|DIR=$pkgdir/$_instdir|" src/InstallAgent.sh + + # change user names to existing users to make sure the installation works + # the users are later changed to id's for which appropriate users are created by the ossec.install + sed -i -e 's|^USER=.*|USER=nobody|' -e 's|^USER_MAIL=.*|USER_MAIL=mail|' \ + -e 's|^USER_REM=.*|USER_REM=daemon|' src/InstallServer.sh + # change group name to nobody, group is created by ossec.install + # this ensures install will work perfectly, the we will change the group later + sed -i 's|^GROUP=.*|GROUP=nobody|' src/InstallServer.sh + + cd src + make all + make build +} + +package() { + cd "$srcdir/ossec-hids-$pkgver" + + _preparevars + . "$srcdir/config" # load configuration + + mkdir -p $pkgdir/etc + + ./install.sh + + # install systemd service + install -Dm0644 "$srcdir"/ossec.service "$pkgdir"/usr/lib/systemd/system/ossec.service + + # change the users + find "$pkgdir" -user nobody -exec chown 524 '{}' ';' + find "$pkgdir" -user mail -exec chown 525 '{}' ';' + find "$pkgdir" -user daemon -exec chown 526 '{}' ';' + # change the groups + find "$pkgdir" -group nobody -exec chgrp 525 '{}' ';' +} diff --git a/config b/config new file mode 100644 index 000000000000..0f81ca568708 --- /dev/null +++ b/config @@ -0,0 +1,21 @@ +#!/bin/sh + +# What's the IP Address of the OSSEC HIDS server?: +export USER_AGENT_SERVER_IP=127.0.0.1 + +# Do you want to run the integrity check daemon? (y/n) [y]: +export USER_ENABLE_SYSCHECK=y + +#Do you want to run the rootkit detection engine? (y/n) [y]: +export USER_ENABLE_ROOTCHECK=y + +# Active response allows you to execute a specific +# command based on the events received. For example, +# you can block an IP address or disable access for +# a specific user. +# More information at: +# http://www.ossec.net/en/manual.html#active-response +# +# - Do you want to enable active response? (y/n) [y]: +export USER_ENABLE_ACTIVE_RESPONSE=y + diff --git a/ossec.install b/ossec.install new file mode 100644 index 000000000000..477b6ac46397 --- /dev/null +++ b/ossec.install @@ -0,0 +1,24 @@ +# arg 1: the new package version +pre_install() { + getent group ossec >/dev/null || usr/sbin/groupadd -g 525 ossec + getent passwd ossec >/dev/null || usr/sbin/useradd -u 524 -g ossec -d '/var/ossec' -s /bin/false ossec + getent passwd ossecm >/dev/null || usr/sbin/useradd -u 525 -g ossec -d '/var/ossec' -s /bin/false ossecm + getent passwd ossecr >/dev/null || usr/sbin/useradd -u 526 -g ossec -d '/var/ossec' -s /bin/false ossecr + usr/bin/passwd -l ossec &>/dev/null + usr/bin/passwd -l ossecm &>/dev/null + usr/bin/passwd -l ossecr &>/dev/null +} + +post_upgrade() { + pre_install $1 +} + +# arg 1: the old package version +post_remove() { + usr/sbin/userdel ossec &>/dev/null + usr/sbin/userdel ossecm &>/dev/null + usr/sbin/userdel ossecr &>/dev/null + usr/sbin/groupdel ossec &>/dev/null +} + +# vim:set ts=2 sw=2 et: diff --git a/ossec.service b/ossec.service new file mode 100644 index 000000000000..ceff8dfb70e6 --- /dev/null +++ b/ossec.service @@ -0,0 +1,10 @@ +[Unit] +Description=OSSEC Host-based Intrusion Detection System + +[Service] +Type=forking +ExecStart=/var/ossec/bin/ossec-control start +ExecStop=/var/ossec/bin/ossec-control stop + +[Install] +WantedBy=basic.target |