Porting ossec-hids from alpine, moving the server features to another package

5 files changed, 41 insertions, 174 deletions

diff --git a/.SRCINFO b/.SRCINFO
index af74e609d702..9c6699f7977f 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,23 +1,18 @@
 pkgbase = ossec-hids
-	pkgdesc = Open Source Host-based Intrusion Detection System
-	pkgver = 3.5.0
+	pkgdesc = Open Source Host-based Intrusion Detection System - Meta
+	pkgver = 3.7.0
 	pkgrel = 1
-	url = https://ossec.github.io/
-	install = ossec.install
-	arch = any
+	url = https://www.ossec.net/
+	arch = x86_64
+	arch = aarch64
+	arch = armv7h
 	license = GPL2
-	depends = openssl
-	optdepends = geoip-database-extra
-	options = emptydirs
-	backup = var/ossec/etc/ossec.conf
-	backup = var/ossec/etc/client.keys
-	backup = var/ossec/rules/local_rules.xml
-	source = https://github.com/ossec/ossec-hids/archive/3.5.0.tar.gz
-	source = ossec.service
-	source = config
-	sha256sums = 720458e7da9fb1437efab3030a3bd42ca84dc652dd1931dedce745456d40e1ad
-	sha256sums = be5f6fe7e10603a0897c2502e0e6913fbb544a66f59674aaaef87d0f31d09eb9
-	sha256sums = c919180fd99a7918aa9877802acf6dc4e7769a1b7b156630329f01ff57e87240
+	optdepends = ossec-hids-agent
+	optdepends = ossec-hids-local
+	optdepends = ossec-hids-server
+	options = !strip
+	backup = etc/ossec.conf
+	source = https://github.com/ossec/ossec-hids/archive/refs/tags/3.7.0.tar.gz
+	sha256sums = 23f5ede50f5de449db0a571fc453977f7079b4b47ce90b0ef31feed20df100e9
 
 pkgname = ossec-hids
-
diff --git a/PKGBUILD b/PKGBUILD
index f724d822b6ef..d98df1ef917e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,73 +1,31 @@
-# Maintainer: AK <crt@archlinux.email>
-pkgname=ossec-hids
-pkgver=3.5.0
-pkgrel=1
-pkgdesc="Open Source Host-based Intrusion Detection System"
-arch=('any')
-url="https://ossec.github.io/"
-license=('GPL2')
-depends=('openssl')
-optdepends=('geoip-database-extra')
-backup=('var/ossec/etc/ossec.conf'
-        'var/ossec/etc/client.keys'
-        'var/ossec/rules/local_rules.xml')
-install=ossec.install
-options=('emptydirs')
-source=(https://github.com/ossec/$pkgname/archive/$pkgver.tar.gz \
-        ossec.service
-        config)
-sha256sums=('720458e7da9fb1437efab3030a3bd42ca84dc652dd1931dedce745456d40e1ad'
-            'be5f6fe7e10603a0897c2502e0e6913fbb544a66f59674aaaef87d0f31d09eb9'
-            'c919180fd99a7918aa9877802acf6dc4e7769a1b7b156630329f01ff57e87240')
-
-_instdir=/var/ossec
-
-_preparevars() {
-  export USER_INSTALL_TYPE=server # (server, agent, local, hybrid?)
-  export USER_NO_STOP=yes
-  export USER_DIR=$_instdir
-  export USER_BINARYINSTALL=x
-  export USE_GEOIP=1
-}
+# Maintainer: AlphaJack <alphajack at tuta dot io>
 
-build() {
-  cd "$srcdir/$pkgname-$pkgver"
-
-  _preparevars
-  . "$srcdir/config" # load configuration
-
-  # fix placement of ossec-init.conf
-  sed -i "s|^OSSEC_INIT.*|OSSEC_INIT=\"$pkgdir/etc/ossec-init.conf\"|" src/init/shared.sh
-
-  cd src
-  make TARGET=$USER_INSTALL_TYPE USE_GEOIP=$USE_GEOIP
-}
+# https://git.alpinelinux.org/aports/tree/community/ossec-hids
 
-package() {
-  cd "$srcdir/$pkgname-$pkgver"
-
-  _preparevars
-  . "$srcdir/config" # load configuration
-
-  # install -dm755 "$pkgdir/etc"
-  mkdir -p $pkgdir/etc
-  USER_DIR="$pkgdir/$_instdir" ./install.sh
-
-  # fix DIRECTORY path in ossec-init.conf
-  sed -i '/DIRECTORY=/c\DIRECTORY="/var/ossec"' "$pkgdir/etc/ossec-init.conf"
-
-  # install systemd service unit
-  install -Dm0644 "$srcdir/ossec.service" "$pkgdir/usr/lib/systemd/system/ossec.service"
-  # install license
-  install -D -m644 LICENSE "$pkgdir"/usr/share/licenses/ossec-hids/LICENSE
-
-  # change user permissions
-  find "$pkgdir" -user nobody -exec chown 524 '{}' ';'
-  find "$pkgdir" -user mail -exec chown 525 '{}' ';'
-  find "$pkgdir" -user daemon -exec chown 526 '{}' ';'
-  # change group permissions
-  find "$pkgdir" -group nobody -exec chgrp 525 '{}' ';'
-
-  grep -FRlZ "$startdir" "$pkgdir" | \
-    xargs -0 -- sed -i "s|$startdir|/tmp/build|g"
+pkgname="ossec-hids"
+pkgver=3.7.0
+pkgrel=1
+pkgdesc="Open Source Host-based Intrusion Detection System - Meta"
+url="https://www.ossec.net/"
+license=("GPL2")
+arch=("x86_64" "aarch64" "armv7h")
+optdepends=("ossec-hids-agent"
+            "ossec-hids-local"
+            "ossec-hids-server")
+source=("https://github.com/ossec/ossec-hids/archive/refs/tags/$pkgver.tar.gz")
+sha256sums=('23f5ede50f5de449db0a571fc453977f7079b4b47ce90b0ef31feed20df100e9')
+backup=("etc/ossec.conf")
+options=("!strip")
+
+package(){
+ cd "$pkgname-$pkgver"
+ # configuration
+ install -D -m 644 -D "etc/ossec.conf" -t "$pkgdir/etc"
+ # contributions
+ install -d "$pkgdir/usr/share/ossec-hids"
+ cp -a "contrib/"* "$pkgdir/usr/share/ossec-hids"
+ rm -r "$pkgdir/usr/share/ossec-hids/"{selinux,debian-packages,specs}
+ # documentation
+ install -d "$pkgdir/usr/share/doc/ossec-hids"
+ cp -a "doc/"* "$pkgdir/usr/share/doc/ossec-hids"
 }
diff --git a/config b/config
deleted file mode 100644
index fefef47f667c..000000000000
--- a/config
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/bin/sh
-
-# Do you want to update it? (y/n) [y]:
-export USER_UPDATE=y
-
-# Do you want to update the rules? (y/n) [y]:
-export USER_UPDATE_RULES=y
-
-# User Language:
-export USER_LANGUAGE=en
-
-# Do you want e-mail notification? (y/n) [y]:
-export USER_ENABLE_EMAIL=y
-# What's your e-mail address?
-export USER_EMAIL_ADDRESS=ossecm@localhost
-#  What's your SMTP server ip/host?
-export USER_EMAIL_SMTP=localhost
-
-# Do you want to run the integrity check daemon? (y/n) [y]:
-export USER_ENABLE_SYSCHECK=y
-
-#Do you want to run the rootkit detection engine? (y/n) [y]:
-export USER_ENABLE_ROOTCHECK=y
-
-#       Active response allows you to execute a specific 
-#       command based on the events received. For example,
-#       you can block an IP address or disable access for
-#       a specific user.  
-#       More information at:
-#       https://ossec.github.io/docs/manual/ar/
-#       
-#   - Do you want to enable active response? (y/n) [y]: 
-export USER_ENABLE_ACTIVE_RESPONSE=y
-
-#   - By default, we can enable the host-deny and the 
-#     firewall-drop responses. The first one will add
-#     a host to the /etc/hosts.deny and the second one
-#     will block the host on iptables (if linux) or on
-#     ipfilter (if Solaris, FreeBSD or NetBSD).
-#   - They can be used to stop SSHD brute force scans, 
-#     portscans and some other forms of attacks. You can 
-#     also add them to block on snort events, for example.
-#
-#   - Do you want to enable the firewall-drop response? (y/n) [y]:
-export USER_ENABLE_FIREWALL_RESPONSE=y
-
-# Do you want to add more IPs to the white list? (y/n)? [n]:
-# if set to y, installer will ask you to enter the list of IPs
-# if you want to use this feature, you must also export USER_NO_STOP=no
-export USER_WHITE_LIST=n
-
-# Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:
-export USER_ENABLE_SYSLOG=y
diff --git a/ossec.install b/ossec.install
deleted file mode 100644
index 2fcdd267e5ff..000000000000
--- a/ossec.install
+++ /dev/null
@@ -1,23 +0,0 @@
-# arg 1:  the new package version
-post_install() {
-  getent group ossec >/dev/null || groupadd -g 525 ossec
-  getent passwd ossec >/dev/null || useradd -u 524 -g ossec -d '/var/ossec' -s /bin/false ossec
-  getent passwd ossecm >/dev/null || useradd -u 525 -g ossec -d '/var/ossec' -s /bin/false ossecm
-  getent passwd ossecr >/dev/null || useradd -u 526 -g ossec -d '/var/ossec' -s /bin/false ossecr
-
-  echo ">> Documentation: https://ossec.github.io/docs/"
-}
-
-post_upgrade() {
-  post_install $1
-}
-
-# arg 1:  the old package version
-post_remove() {
-  userdel ossec &>/dev/null
-  userdel ossecm &>/dev/null
-  userdel ossecr &>/dev/null
-  groupdel ossec &>/dev/null
-}
-
-# vim:set ts=2 sw=2 et:
diff --git a/ossec.service b/ossec.service
deleted file mode 100644
index ceff8dfb70e6..000000000000
--- a/ossec.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=OSSEC Host-based Intrusion Detection System
-
-[Service]
-Type=forking
-ExecStart=/var/ossec/bin/ossec-control start
-ExecStop=/var/ossec/bin/ossec-control stop
-
-[Install]
-WantedBy=basic.target