diff options
author | AlphaJack | 2023-08-21 13:56:34 +0200 |
---|---|---|
committer | AlphaJack | 2023-08-21 13:56:34 +0200 |
commit | ead1597488172055b6ad6c2b32c72b357864c83f (patch) | |
tree | 8a4154d3697b36ba6e25c597d9af9e0e26a60922 | |
parent | 11382d6e5b31740701a66c7cd101204eeca866af (diff) | |
download | aur-ead1597488172055b6ad6c2b32c72b357864c83f.tar.gz |
Porting ossec-hids from alpine, moving the server features to another package
-rw-r--r-- | .SRCINFO | 31 | ||||
-rw-r--r-- | PKGBUILD | 98 | ||||
-rw-r--r-- | config | 53 | ||||
-rw-r--r-- | ossec.install | 23 | ||||
-rw-r--r-- | ossec.service | 10 |
5 files changed, 41 insertions, 174 deletions
@@ -1,23 +1,18 @@ pkgbase = ossec-hids - pkgdesc = Open Source Host-based Intrusion Detection System - pkgver = 3.5.0 + pkgdesc = Open Source Host-based Intrusion Detection System - Meta + pkgver = 3.7.0 pkgrel = 1 - url = https://ossec.github.io/ - install = ossec.install - arch = any + url = https://www.ossec.net/ + arch = x86_64 + arch = aarch64 + arch = armv7h license = GPL2 - depends = openssl - optdepends = geoip-database-extra - options = emptydirs - backup = var/ossec/etc/ossec.conf - backup = var/ossec/etc/client.keys - backup = var/ossec/rules/local_rules.xml - source = https://github.com/ossec/ossec-hids/archive/3.5.0.tar.gz - source = ossec.service - source = config - sha256sums = 720458e7da9fb1437efab3030a3bd42ca84dc652dd1931dedce745456d40e1ad - sha256sums = be5f6fe7e10603a0897c2502e0e6913fbb544a66f59674aaaef87d0f31d09eb9 - sha256sums = c919180fd99a7918aa9877802acf6dc4e7769a1b7b156630329f01ff57e87240 + optdepends = ossec-hids-agent + optdepends = ossec-hids-local + optdepends = ossec-hids-server + options = !strip + backup = etc/ossec.conf + source = https://github.com/ossec/ossec-hids/archive/refs/tags/3.7.0.tar.gz + sha256sums = 23f5ede50f5de449db0a571fc453977f7079b4b47ce90b0ef31feed20df100e9 pkgname = ossec-hids - @@ -1,73 +1,31 @@ -# Maintainer: AK <crt@archlinux.email> -pkgname=ossec-hids -pkgver=3.5.0 -pkgrel=1 -pkgdesc="Open Source Host-based Intrusion Detection System" -arch=('any') -url="https://ossec.github.io/" -license=('GPL2') -depends=('openssl') -optdepends=('geoip-database-extra') -backup=('var/ossec/etc/ossec.conf' - 'var/ossec/etc/client.keys' - 'var/ossec/rules/local_rules.xml') -install=ossec.install -options=('emptydirs') -source=(https://github.com/ossec/$pkgname/archive/$pkgver.tar.gz \ - ossec.service - config) -sha256sums=('720458e7da9fb1437efab3030a3bd42ca84dc652dd1931dedce745456d40e1ad' - 'be5f6fe7e10603a0897c2502e0e6913fbb544a66f59674aaaef87d0f31d09eb9' - 'c919180fd99a7918aa9877802acf6dc4e7769a1b7b156630329f01ff57e87240') - -_instdir=/var/ossec - -_preparevars() { - export USER_INSTALL_TYPE=server # (server, agent, local, hybrid?) - export USER_NO_STOP=yes - export USER_DIR=$_instdir - export USER_BINARYINSTALL=x - export USE_GEOIP=1 -} +# Maintainer: AlphaJack <alphajack at tuta dot io> -build() { - cd "$srcdir/$pkgname-$pkgver" - - _preparevars - . "$srcdir/config" # load configuration - - # fix placement of ossec-init.conf - sed -i "s|^OSSEC_INIT.*|OSSEC_INIT=\"$pkgdir/etc/ossec-init.conf\"|" src/init/shared.sh - - cd src - make TARGET=$USER_INSTALL_TYPE USE_GEOIP=$USE_GEOIP -} +# https://git.alpinelinux.org/aports/tree/community/ossec-hids -package() { - cd "$srcdir/$pkgname-$pkgver" - - _preparevars - . "$srcdir/config" # load configuration - - # install -dm755 "$pkgdir/etc" - mkdir -p $pkgdir/etc - USER_DIR="$pkgdir/$_instdir" ./install.sh - - # fix DIRECTORY path in ossec-init.conf - sed -i '/DIRECTORY=/c\DIRECTORY="/var/ossec"' "$pkgdir/etc/ossec-init.conf" - - # install systemd service unit - install -Dm0644 "$srcdir/ossec.service" "$pkgdir/usr/lib/systemd/system/ossec.service" - # install license - install -D -m644 LICENSE "$pkgdir"/usr/share/licenses/ossec-hids/LICENSE - - # change user permissions - find "$pkgdir" -user nobody -exec chown 524 '{}' ';' - find "$pkgdir" -user mail -exec chown 525 '{}' ';' - find "$pkgdir" -user daemon -exec chown 526 '{}' ';' - # change group permissions - find "$pkgdir" -group nobody -exec chgrp 525 '{}' ';' - - grep -FRlZ "$startdir" "$pkgdir" | \ - xargs -0 -- sed -i "s|$startdir|/tmp/build|g" +pkgname="ossec-hids" +pkgver=3.7.0 +pkgrel=1 +pkgdesc="Open Source Host-based Intrusion Detection System - Meta" +url="https://www.ossec.net/" +license=("GPL2") +arch=("x86_64" "aarch64" "armv7h") +optdepends=("ossec-hids-agent" + "ossec-hids-local" + "ossec-hids-server") +source=("https://github.com/ossec/ossec-hids/archive/refs/tags/$pkgver.tar.gz") +sha256sums=('23f5ede50f5de449db0a571fc453977f7079b4b47ce90b0ef31feed20df100e9') +backup=("etc/ossec.conf") +options=("!strip") + +package(){ + cd "$pkgname-$pkgver" + # configuration + install -D -m 644 -D "etc/ossec.conf" -t "$pkgdir/etc" + # contributions + install -d "$pkgdir/usr/share/ossec-hids" + cp -a "contrib/"* "$pkgdir/usr/share/ossec-hids" + rm -r "$pkgdir/usr/share/ossec-hids/"{selinux,debian-packages,specs} + # documentation + install -d "$pkgdir/usr/share/doc/ossec-hids" + cp -a "doc/"* "$pkgdir/usr/share/doc/ossec-hids" } diff --git a/config b/config deleted file mode 100644 index fefef47f667c..000000000000 --- a/config +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh - -# Do you want to update it? (y/n) [y]: -export USER_UPDATE=y - -# Do you want to update the rules? (y/n) [y]: -export USER_UPDATE_RULES=y - -# User Language: -export USER_LANGUAGE=en - -# Do you want e-mail notification? (y/n) [y]: -export USER_ENABLE_EMAIL=y -# What's your e-mail address? -export USER_EMAIL_ADDRESS=ossecm@localhost -# What's your SMTP server ip/host? -export USER_EMAIL_SMTP=localhost - -# Do you want to run the integrity check daemon? (y/n) [y]: -export USER_ENABLE_SYSCHECK=y - -#Do you want to run the rootkit detection engine? (y/n) [y]: -export USER_ENABLE_ROOTCHECK=y - -# Active response allows you to execute a specific -# command based on the events received. For example, -# you can block an IP address or disable access for -# a specific user. -# More information at: -# https://ossec.github.io/docs/manual/ar/ -# -# - Do you want to enable active response? (y/n) [y]: -export USER_ENABLE_ACTIVE_RESPONSE=y - -# - By default, we can enable the host-deny and the -# firewall-drop responses. The first one will add -# a host to the /etc/hosts.deny and the second one -# will block the host on iptables (if linux) or on -# ipfilter (if Solaris, FreeBSD or NetBSD). -# - They can be used to stop SSHD brute force scans, -# portscans and some other forms of attacks. You can -# also add them to block on snort events, for example. -# -# - Do you want to enable the firewall-drop response? (y/n) [y]: -export USER_ENABLE_FIREWALL_RESPONSE=y - -# Do you want to add more IPs to the white list? (y/n)? [n]: -# if set to y, installer will ask you to enter the list of IPs -# if you want to use this feature, you must also export USER_NO_STOP=no -export USER_WHITE_LIST=n - -# Do you want to enable remote syslog (port 514 udp)? (y/n) [y]: -export USER_ENABLE_SYSLOG=y diff --git a/ossec.install b/ossec.install deleted file mode 100644 index 2fcdd267e5ff..000000000000 --- a/ossec.install +++ /dev/null @@ -1,23 +0,0 @@ -# arg 1: the new package version -post_install() { - getent group ossec >/dev/null || groupadd -g 525 ossec - getent passwd ossec >/dev/null || useradd -u 524 -g ossec -d '/var/ossec' -s /bin/false ossec - getent passwd ossecm >/dev/null || useradd -u 525 -g ossec -d '/var/ossec' -s /bin/false ossecm - getent passwd ossecr >/dev/null || useradd -u 526 -g ossec -d '/var/ossec' -s /bin/false ossecr - - echo ">> Documentation: https://ossec.github.io/docs/" -} - -post_upgrade() { - post_install $1 -} - -# arg 1: the old package version -post_remove() { - userdel ossec &>/dev/null - userdel ossecm &>/dev/null - userdel ossecr &>/dev/null - groupdel ossec &>/dev/null -} - -# vim:set ts=2 sw=2 et: diff --git a/ossec.service b/ossec.service deleted file mode 100644 index ceff8dfb70e6..000000000000 --- a/ossec.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=OSSEC Host-based Intrusion Detection System - -[Service] -Type=forking -ExecStart=/var/ossec/bin/ossec-control start -ExecStop=/var/ossec/bin/ossec-control stop - -[Install] -WantedBy=basic.target |