initial import

5 files changed, 169 insertions, 0 deletions

diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..27e188e1eb2f
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,21 @@
+pkgbase = ossec-local
+	pkgdesc = Open Source Host-based Intrusion Detection System
+	pkgver = 2.8.2
+	pkgrel = 1
+	url = http://www.ossec.net/
+	install = ossec.install
+	arch = i686
+	arch = x86_64
+	license = GPL3
+	depends = openssl
+	options = emptydirs
+	backup = var/ossec/etc/ossec.conf
+	source = http://www.ossec.net/files/ossec-hids-2.8.2.tar.gz
+	source = ossec.service
+	source = config
+	md5sums = 3036d5babc96216135759338466e1f79
+	md5sums = 4a197f7f05b2a1d0da54e4fdef1718a5
+	md5sums = 510463fc82537b59a45fe55993e6d712
+
+pkgname = ossec-local
+
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..cf9eed543f86
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,72 @@
+# Maintainer: Lukas Jirkovsky <l.jirkovsky@gmail.com>
+pkgname=ossec-local
+pkgver=2.8.2
+pkgrel=1
+pkgdesc="Open Source Host-based Intrusion Detection System"
+arch=('i686' 'x86_64')
+url="http://www.ossec.net/"
+license=('GPL3')
+depends=('openssl')
+backup=('var/ossec/etc/ossec.conf')
+install=ossec.install
+options=('emptydirs')
+source=(http://www.ossec.net/files/ossec-hids-$pkgver.tar.gz \
+        ossec.service config)
+md5sums=('3036d5babc96216135759338466e1f79'
+         '4a197f7f05b2a1d0da54e4fdef1718a5'
+         '510463fc82537b59a45fe55993e6d712')
+
+_instdir=/var/ossec
+
+_preparevars() {
+  export USER_NO_STOP=yes
+  export USER_LANGUAGE=en
+  export USER_INSTALL_TYPE=local
+  export USER_DIR=$_instdir
+  export USER_BINARYINSTALL=x
+}
+
+build() {
+  cd "$srcdir/ossec-hids-$pkgver"
+
+  _preparevars
+  . "$srcdir/config" # load configuration
+
+  # fix placement of ossec-init.conf
+  sed -i "s|^OSSEC_INIT.*|OSSEC_INIT=\"$pkgdir/etc/ossec-init.conf\"|" src/init/shared.sh
+  # change the install location
+  sed -i "s|^DIR=.*|DIR=$pkgdir/$_instdir|" src/InstallServer.sh
+
+  # change user names to existing users to make sure the installation works
+  # the users are later changed to id's for which appropriate users are created by the ossec.install
+  sed -i -e 's|^USER=.*|USER=nobody|' -e 's|^USER_MAIL=.*|USER_MAIL=mail|' \
+    -e 's|^USER_REM=.*|USER_REM=daemon|' src/InstallServer.sh
+  # change group name to nobody, group is created by ossec.install
+  # this ensures install will work perfectly, the we will change the group later
+  sed -i 's|^GROUP=.*|GROUP=nobody|' src/InstallServer.sh
+
+  cd src
+  make all
+  make build
+}
+
+package() {
+  cd "$srcdir/ossec-hids-$pkgver"
+
+  _preparevars
+  . "$srcdir/config" # load configuration
+
+  mkdir -p $pkgdir/etc
+
+  ./install.sh
+
+  # install systemd service
+  install -Dm0644 "$srcdir"/ossec.service "$pkgdir"/usr/lib/systemd/system/ossec.service
+
+  # change the users
+  find "$pkgdir" -user nobody -exec chown 524 '{}' ';'
+  find "$pkgdir" -user mail -exec chown 525 '{}' ';'
+  find "$pkgdir" -user daemon -exec chown 526 '{}' ';'
+  # change the groups
+  find "$pkgdir" -group nobody -exec chgrp 525 '{}' ';'
+}
diff --git a/config b/config
new file mode 100644
index 000000000000..f494edc4a139
--- /dev/null
+++ b/config
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+#Do you want e-mail notification? (y/n) [y]:
+export USER_ENABLE_EMAIL=n
+# What's your e-mail address?
+export USER_EMAIL_ADDRESS=foo@example.com
+#  What's your SMTP server ip/host?
+export USER_EMAIL_SMTP=
+
+# Do you want to run the integrity check daemon? (y/n) [y]:
+export USER_ENABLE_SYSCHECK=y
+
+#Do you want to run the rootkit detection engine? (y/n) [y]:
+export USER_ENABLE_ROOTCHECK=y
+
+#       Active response allows you to execute a specific 
+#       command based on the events received. For example,
+#       you can block an IP address or disable access for
+#       a specific user.  
+#       More information at:
+#       http://www.ossec.net/en/manual.html#active-response
+#       
+#   - Do you want to enable active response? (y/n) [y]: 
+export USER_ENABLE_ACTIVE_RESPONSE=y
+
+#   - By default, we can enable the host-deny and the 
+#     firewall-drop responses. The first one will add
+#     a host to the /etc/hosts.deny and the second one
+#     will block the host on iptables (if linux) or on
+#     ipfilter (if Solaris, FreeBSD or NetBSD).
+#   - They can be used to stop SSHD brute force scans, 
+#     portscans and some other forms of attacks. You can 
+#     also add them to block on snort events, for example.
+#
+#   - Do you want to enable the firewall-drop response? (y/n) [y]:
+export USER_ENABLE_FIREWALL_RESPONSE=y
+
+# Do you want to add more IPs to the white list? (y/n)? [n]:
+# if set to y, installer will ask you to enter the list of IPs
+# if you want to use this feature, you must also export USER_NO_STOP=no
+export USER_WHITE_LIST=n
+
diff --git a/ossec.install b/ossec.install
new file mode 100644
index 000000000000..477b6ac46397
--- /dev/null
+++ b/ossec.install
@@ -0,0 +1,24 @@
+# arg 1:  the new package version
+pre_install() {
+  getent group ossec >/dev/null || usr/sbin/groupadd -g 525 ossec
+  getent passwd ossec >/dev/null || usr/sbin/useradd -u 524 -g ossec -d '/var/ossec' -s /bin/false ossec
+  getent passwd ossecm >/dev/null || usr/sbin/useradd -u 525 -g ossec -d '/var/ossec' -s /bin/false ossecm
+  getent passwd ossecr >/dev/null || usr/sbin/useradd -u 526 -g ossec -d '/var/ossec' -s /bin/false ossecr
+  usr/bin/passwd -l ossec &>/dev/null
+  usr/bin/passwd -l ossecm &>/dev/null
+  usr/bin/passwd -l ossecr &>/dev/null
+}
+
+post_upgrade() {
+  pre_install $1
+}
+
+# arg 1:  the old package version
+post_remove() {
+  usr/sbin/userdel ossec &>/dev/null
+  usr/sbin/userdel ossecm &>/dev/null
+  usr/sbin/userdel ossecr &>/dev/null
+  usr/sbin/groupdel ossec &>/dev/null
+}
+
+# vim:set ts=2 sw=2 et:
diff --git a/ossec.service b/ossec.service
new file mode 100644
index 000000000000..ceff8dfb70e6
--- /dev/null
+++ b/ossec.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=OSSEC Host-based Intrusion Detection System
+
+[Service]
+Type=forking
+ExecStart=/var/ossec/bin/ossec-control start
+ExecStop=/var/ossec/bin/ossec-control stop
+
+[Install]
+WantedBy=basic.target