diff options
author | Lukáš Jirkovský | 2015-06-21 18:41:33 +0200 |
---|---|---|
committer | Lukáš Jirkovský | 2015-06-21 18:43:28 +0200 |
commit | eade2237ff6b4577e8e358f50c0d96d577545ffd (patch) | |
tree | 5995aa3fcf76b0407dfcf8f9c78516de4a6721a8 | |
download | aur-eade2237ff6b4577e8e358f50c0d96d577545ffd.tar.gz |
initial import
-rw-r--r-- | .SRCINFO | 21 | ||||
-rw-r--r-- | PKGBUILD | 72 | ||||
-rw-r--r-- | config | 42 | ||||
-rw-r--r-- | ossec.install | 24 | ||||
-rw-r--r-- | ossec.service | 10 |
5 files changed, 169 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..27e188e1eb2f --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,21 @@ +pkgbase = ossec-local + pkgdesc = Open Source Host-based Intrusion Detection System + pkgver = 2.8.2 + pkgrel = 1 + url = http://www.ossec.net/ + install = ossec.install + arch = i686 + arch = x86_64 + license = GPL3 + depends = openssl + options = emptydirs + backup = var/ossec/etc/ossec.conf + source = http://www.ossec.net/files/ossec-hids-2.8.2.tar.gz + source = ossec.service + source = config + md5sums = 3036d5babc96216135759338466e1f79 + md5sums = 4a197f7f05b2a1d0da54e4fdef1718a5 + md5sums = 510463fc82537b59a45fe55993e6d712 + +pkgname = ossec-local + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..cf9eed543f86 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,72 @@ +# Maintainer: Lukas Jirkovsky <l.jirkovsky@gmail.com> +pkgname=ossec-local +pkgver=2.8.2 +pkgrel=1 +pkgdesc="Open Source Host-based Intrusion Detection System" +arch=('i686' 'x86_64') +url="http://www.ossec.net/" +license=('GPL3') +depends=('openssl') +backup=('var/ossec/etc/ossec.conf') +install=ossec.install +options=('emptydirs') +source=(http://www.ossec.net/files/ossec-hids-$pkgver.tar.gz \ + ossec.service config) +md5sums=('3036d5babc96216135759338466e1f79' + '4a197f7f05b2a1d0da54e4fdef1718a5' + '510463fc82537b59a45fe55993e6d712') + +_instdir=/var/ossec + +_preparevars() { + export USER_NO_STOP=yes + export USER_LANGUAGE=en + export USER_INSTALL_TYPE=local + export USER_DIR=$_instdir + export USER_BINARYINSTALL=x +} + +build() { + cd "$srcdir/ossec-hids-$pkgver" + + _preparevars + . "$srcdir/config" # load configuration + + # fix placement of ossec-init.conf + sed -i "s|^OSSEC_INIT.*|OSSEC_INIT=\"$pkgdir/etc/ossec-init.conf\"|" src/init/shared.sh + # change the install location + sed -i "s|^DIR=.*|DIR=$pkgdir/$_instdir|" src/InstallServer.sh + + # change user names to existing users to make sure the installation works + # the users are later changed to id's for which appropriate users are created by the ossec.install + sed -i -e 's|^USER=.*|USER=nobody|' -e 's|^USER_MAIL=.*|USER_MAIL=mail|' \ + -e 's|^USER_REM=.*|USER_REM=daemon|' src/InstallServer.sh + # change group name to nobody, group is created by ossec.install + # this ensures install will work perfectly, the we will change the group later + sed -i 's|^GROUP=.*|GROUP=nobody|' src/InstallServer.sh + + cd src + make all + make build +} + +package() { + cd "$srcdir/ossec-hids-$pkgver" + + _preparevars + . "$srcdir/config" # load configuration + + mkdir -p $pkgdir/etc + + ./install.sh + + # install systemd service + install -Dm0644 "$srcdir"/ossec.service "$pkgdir"/usr/lib/systemd/system/ossec.service + + # change the users + find "$pkgdir" -user nobody -exec chown 524 '{}' ';' + find "$pkgdir" -user mail -exec chown 525 '{}' ';' + find "$pkgdir" -user daemon -exec chown 526 '{}' ';' + # change the groups + find "$pkgdir" -group nobody -exec chgrp 525 '{}' ';' +} diff --git a/config b/config new file mode 100644 index 000000000000..f494edc4a139 --- /dev/null +++ b/config @@ -0,0 +1,42 @@ +#!/bin/sh + +#Do you want e-mail notification? (y/n) [y]: +export USER_ENABLE_EMAIL=n +# What's your e-mail address? +export USER_EMAIL_ADDRESS=foo@example.com +# What's your SMTP server ip/host? +export USER_EMAIL_SMTP= + +# Do you want to run the integrity check daemon? (y/n) [y]: +export USER_ENABLE_SYSCHECK=y + +#Do you want to run the rootkit detection engine? (y/n) [y]: +export USER_ENABLE_ROOTCHECK=y + +# Active response allows you to execute a specific +# command based on the events received. For example, +# you can block an IP address or disable access for +# a specific user. +# More information at: +# http://www.ossec.net/en/manual.html#active-response +# +# - Do you want to enable active response? (y/n) [y]: +export USER_ENABLE_ACTIVE_RESPONSE=y + +# - By default, we can enable the host-deny and the +# firewall-drop responses. The first one will add +# a host to the /etc/hosts.deny and the second one +# will block the host on iptables (if linux) or on +# ipfilter (if Solaris, FreeBSD or NetBSD). +# - They can be used to stop SSHD brute force scans, +# portscans and some other forms of attacks. You can +# also add them to block on snort events, for example. +# +# - Do you want to enable the firewall-drop response? (y/n) [y]: +export USER_ENABLE_FIREWALL_RESPONSE=y + +# Do you want to add more IPs to the white list? (y/n)? [n]: +# if set to y, installer will ask you to enter the list of IPs +# if you want to use this feature, you must also export USER_NO_STOP=no +export USER_WHITE_LIST=n + diff --git a/ossec.install b/ossec.install new file mode 100644 index 000000000000..477b6ac46397 --- /dev/null +++ b/ossec.install @@ -0,0 +1,24 @@ +# arg 1: the new package version +pre_install() { + getent group ossec >/dev/null || usr/sbin/groupadd -g 525 ossec + getent passwd ossec >/dev/null || usr/sbin/useradd -u 524 -g ossec -d '/var/ossec' -s /bin/false ossec + getent passwd ossecm >/dev/null || usr/sbin/useradd -u 525 -g ossec -d '/var/ossec' -s /bin/false ossecm + getent passwd ossecr >/dev/null || usr/sbin/useradd -u 526 -g ossec -d '/var/ossec' -s /bin/false ossecr + usr/bin/passwd -l ossec &>/dev/null + usr/bin/passwd -l ossecm &>/dev/null + usr/bin/passwd -l ossecr &>/dev/null +} + +post_upgrade() { + pre_install $1 +} + +# arg 1: the old package version +post_remove() { + usr/sbin/userdel ossec &>/dev/null + usr/sbin/userdel ossecm &>/dev/null + usr/sbin/userdel ossecr &>/dev/null + usr/sbin/groupdel ossec &>/dev/null +} + +# vim:set ts=2 sw=2 et: diff --git a/ossec.service b/ossec.service new file mode 100644 index 000000000000..ceff8dfb70e6 --- /dev/null +++ b/ossec.service @@ -0,0 +1,10 @@ +[Unit] +Description=OSSEC Host-based Intrusion Detection System + +[Service] +Type=forking +ExecStart=/var/ossec/bin/ossec-control start +ExecStop=/var/ossec/bin/ossec-control stop + +[Install] +WantedBy=basic.target |