From 025d7587388aea47d3d8ddde08457bd4a615158c Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Wed, 18 May 2022 12:41:08 -0700 Subject: ossec-hids: update to 3.7.0 See https://github.com/ossec/ossec-hids/releases/tag/3.7.0 Signed-off-by: Armin Kuster --- recipes-ids/ossec/ossec-hids_3.6.0.bb | 165 ---------------------------------- recipes-ids/ossec/ossec-hids_3.7.0.bb | 165 ++++++++++++++++++++++++++++++++++ 2 files changed, 165 insertions(+), 165 deletions(-) delete mode 100644 recipes-ids/ossec/ossec-hids_3.6.0.bb create mode 100644 recipes-ids/ossec/ossec-hids_3.7.0.bb diff --git a/recipes-ids/ossec/ossec-hids_3.6.0.bb b/recipes-ids/ossec/ossec-hids_3.6.0.bb deleted file mode 100644 index b0759b1..0000000 --- a/recipes-ids/ossec/ossec-hids_3.6.0.bb +++ /dev/null @@ -1,165 +0,0 @@ -SUMMARY = "A full platform to monitor and control your systems" -LICENSE = "GPL-2.0-only" -LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9" - - -DEPENDS = "openssl libpcre2 zlib libevent" -SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \ - file://0001-Makefile-drop-running-scrips-install.patch \ - file://0002-Makefile-don-t-set-uid-gid.patch \ - " - -SRCREV = "1303c78e2c67d7acee0508cb00c3bc63baaa27c2" - -UPSTREAM_CHECK_COMMITS = "1" - -inherit autotools-brokensep useradd - -S = "${WORKDIR}/git" - -OSSEC_UID ?= "ossec" -OSSEC_RUID ?= "ossecr" -OSSEC_GID ?= "ossec" -OSSEC_EMAIL ?= "ossecm" - -do_configure[noexec] = "1" - -do_compile() { - cd ${S}/src - make PREFIX=${prefix} TARGET=local USE_SYSTEMD=No build -} - -do_install(){ - install -d ${D}${sysconfdir} - install -d ${D}/var/ossec/${sysconfdir} - - cd ${S}/src - make TARGET=local PREFIX=${D}/var/ossec install - - echo "DIRECTORY=\"/var/ossec\"" > ${D}/${sysconfdir}/ossec-init.conf - echo "VERSION=\"${PV}\"" >> ${D}/${sysconfdir}/ossec-init.conf - echo "DATE=\"`date`\"" >> ${D}/${sysconfdir}/ossec-init.conf - echo "TYPE=\"local\"" >> ${D}/${sysconfdir}/ossec-init.conf - chmod 600 ${D}/${sysconfdir}/ossec-init.conf - install -m 640 ${D}/${sysconfdir}/ossec-init.conf ${D}/var/ossec/${sysconfdir}/ossec-init.conf -} - -pkg_postinst_ontarget:${PN} () { - DIR="/var/ossec" - - usermod -g ossec -G ossec -a root - - # Default for all directories - chmod -R 550 ${DIR} - chown -R root:${OSSEC_GID} ${DIR} - - # To the ossec queue (default for agentd to read) - chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/ossec - chmod -R 770 ${DIR}/queue/ossec - - # For the logging user - chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs - chmod -R 750 ${DIR}/logs - chmod -R 775 ${DIR}/queue/rids - touch ${DIR}/logs/ossec.log - chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs/ossec.log - chmod 664 ${DIR}/logs/ossec.log - - chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/diff - chmod -R 750 ${DIR}/queue/diff - chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true - - # For the etc dir - chmod 550 ${DIR}/etc - chown -R root:${OSSEC_GID} ${DIR}/etc - if [ -f /etc/localtime ]; then - cp -pL /etc/localtime ${DIR}/etc/; - chmod 555 ${DIR}/etc/localtime - chown root:${OSSEC_GID} ${DIR}/etc/localtime - fi - - if [ -f /etc/TIMEZONE ]; then - cp -p /etc/TIMEZONE ${DIR}/etc/; - chmod 555 ${DIR}/etc/TIMEZONE - fi - - # More files - chown root:${OSSEC_GID} ${DIR}/etc/internal_options.conf - chown root:${OSSEC_GID} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true - chown root:${OSSEC_GID} ${DIR}/etc/client.keys >/dev/null 2>&1 || true - chown root:${OSSEC_GID} ${DIR}/agentless/* - chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/.ssh - chown root:${OSSEC_GID} ${DIR}/etc/shared/* - - chmod 550 ${DIR}/etc - chmod 440 ${DIR}/etc/internal_options.conf - chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true - chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true - chmod 550 ${DIR}/agentless/* - chmod 700 ${DIR}/.ssh - chmod 770 ${DIR}/etc/shared - chmod 660 ${DIR}/etc/shared/* - - # For the /var/run - chmod 770 ${DIR}/var/run - chown root:${OSSEC_GID} ${DIR}/var/run - - # For util.sh - chown root:${OSSEC_GID} ${DIR}/bin/util.sh - chmod +x ${DIR}/bin/util.sh - - # For binaries and active response - chmod 755 ${DIR}/active-response/bin/* - chown root:${OSSEC_GID} ${DIR}/active-response/bin/* - chown root:${OSSEC_GID} ${DIR}/bin/* - chmod 550 ${DIR}/bin/* - - # For ossec.conf - chown root:${OSSEC_GID} ${DIR}/etc/ossec.conf - chmod 660 ${DIR}/etc/ossec.conf - - # Debconf - . /usr/share/debconf/confmodule - db_input high ossec-hids-agent/server-ip || true - db_go - - db_get ossec-hids-agent/server-ip - SERVER_IP=$RET - - sed -i "s/[^<]\+<\/server-ip>/${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf - db_stop - - # ossec-init.conf - if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then - if [ -e /etc/ossec-init.conf ]; then - rm -f /etc/ossec-init.conf - fi - ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf - fi - - # init.d/ossec file - if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then - if [ -e /etc/init.d/ossec ]; then - rm -f /etc/init.d/ossec - fi - ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec - fi - - # Service - if [ -x /etc/init.d/ossec ]; then - update-rc.d -f ossec defaults - fi - - # Delete tmp directory - if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then - rm -r ${OSSEC_HIDS_TMP_DIR} - fi -} - -USERADD_PACKAGES = "${PN}" -USERADD_PARAM:${PN} = "--system --home-dir /var/ossec -g ossec --shell /bin/false ossec" -GROUPADD_PARAM:${PN} = "--system ossec" - -RDEPENDS:${PN} = "openssl bash" - -COMPATIBLE_HOST:libc-musl = "null" diff --git a/recipes-ids/ossec/ossec-hids_3.7.0.bb b/recipes-ids/ossec/ossec-hids_3.7.0.bb new file mode 100644 index 0000000..c211f03 --- /dev/null +++ b/recipes-ids/ossec/ossec-hids_3.7.0.bb @@ -0,0 +1,165 @@ +SUMMARY = "A full platform to monitor and control your systems" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9" + + +DEPENDS = "openssl libpcre2 zlib libevent" +SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \ + file://0001-Makefile-drop-running-scrips-install.patch \ + file://0002-Makefile-don-t-set-uid-gid.patch \ + " + +SRCREV = "1ecffb1b884607cb12e619f9ab3c04f530801083" + +UPSTREAM_CHECK_COMMITS = "1" + +inherit autotools-brokensep useradd + +S = "${WORKDIR}/git" + +OSSEC_UID ?= "ossec" +OSSEC_RUID ?= "ossecr" +OSSEC_GID ?= "ossec" +OSSEC_EMAIL ?= "ossecm" + +do_configure[noexec] = "1" + +do_compile() { + cd ${S}/src + make PREFIX=${prefix} TARGET=local USE_SYSTEMD=No build +} + +do_install(){ + install -d ${D}${sysconfdir} + install -d ${D}/var/ossec/${sysconfdir} + + cd ${S}/src + make TARGET=local PREFIX=${D}/var/ossec install + + echo "DIRECTORY=\"/var/ossec\"" > ${D}/${sysconfdir}/ossec-init.conf + echo "VERSION=\"${PV}\"" >> ${D}/${sysconfdir}/ossec-init.conf + echo "DATE=\"`date`\"" >> ${D}/${sysconfdir}/ossec-init.conf + echo "TYPE=\"local\"" >> ${D}/${sysconfdir}/ossec-init.conf + chmod 600 ${D}/${sysconfdir}/ossec-init.conf + install -m 640 ${D}/${sysconfdir}/ossec-init.conf ${D}/var/ossec/${sysconfdir}/ossec-init.conf +} + +pkg_postinst_ontarget:${PN} () { + DIR="/var/ossec" + + usermod -g ossec -G ossec -a root + + # Default for all directories + chmod -R 550 ${DIR} + chown -R root:${OSSEC_GID} ${DIR} + + # To the ossec queue (default for agentd to read) + chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/ossec + chmod -R 770 ${DIR}/queue/ossec + + # For the logging user + chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs + chmod -R 750 ${DIR}/logs + chmod -R 775 ${DIR}/queue/rids + touch ${DIR}/logs/ossec.log + chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs/ossec.log + chmod 664 ${DIR}/logs/ossec.log + + chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/diff + chmod -R 750 ${DIR}/queue/diff + chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true + + # For the etc dir + chmod 550 ${DIR}/etc + chown -R root:${OSSEC_GID} ${DIR}/etc + if [ -f /etc/localtime ]; then + cp -pL /etc/localtime ${DIR}/etc/; + chmod 555 ${DIR}/etc/localtime + chown root:${OSSEC_GID} ${DIR}/etc/localtime + fi + + if [ -f /etc/TIMEZONE ]; then + cp -p /etc/TIMEZONE ${DIR}/etc/; + chmod 555 ${DIR}/etc/TIMEZONE + fi + + # More files + chown root:${OSSEC_GID} ${DIR}/etc/internal_options.conf + chown root:${OSSEC_GID} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true + chown root:${OSSEC_GID} ${DIR}/etc/client.keys >/dev/null 2>&1 || true + chown root:${OSSEC_GID} ${DIR}/agentless/* + chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/.ssh + chown root:${OSSEC_GID} ${DIR}/etc/shared/* + + chmod 550 ${DIR}/etc + chmod 440 ${DIR}/etc/internal_options.conf + chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true + chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true + chmod 550 ${DIR}/agentless/* + chmod 700 ${DIR}/.ssh + chmod 770 ${DIR}/etc/shared + chmod 660 ${DIR}/etc/shared/* + + # For the /var/run + chmod 770 ${DIR}/var/run + chown root:${OSSEC_GID} ${DIR}/var/run + + # For util.sh + chown root:${OSSEC_GID} ${DIR}/bin/util.sh + chmod +x ${DIR}/bin/util.sh + + # For binaries and active response + chmod 755 ${DIR}/active-response/bin/* + chown root:${OSSEC_GID} ${DIR}/active-response/bin/* + chown root:${OSSEC_GID} ${DIR}/bin/* + chmod 550 ${DIR}/bin/* + + # For ossec.conf + chown root:${OSSEC_GID} ${DIR}/etc/ossec.conf + chmod 660 ${DIR}/etc/ossec.conf + + # Debconf + . /usr/share/debconf/confmodule + db_input high ossec-hids-agent/server-ip || true + db_go + + db_get ossec-hids-agent/server-ip + SERVER_IP=$RET + + sed -i "s/[^<]\+<\/server-ip>/${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf + db_stop + + # ossec-init.conf + if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then + if [ -e /etc/ossec-init.conf ]; then + rm -f /etc/ossec-init.conf + fi + ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf + fi + + # init.d/ossec file + if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then + if [ -e /etc/init.d/ossec ]; then + rm -f /etc/init.d/ossec + fi + ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec + fi + + # Service + if [ -x /etc/init.d/ossec ]; then + update-rc.d -f ossec defaults + fi + + # Delete tmp directory + if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then + rm -r ${OSSEC_HIDS_TMP_DIR} + fi +} + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --home-dir /var/ossec -g ossec --shell /bin/false ossec" +GROUPADD_PARAM:${PN} = "--system ossec" + +RDEPENDS:${PN} = "openssl bash" + +COMPATIBLE_HOST:libc-musl = "null" -- cgit v1.2.3-54-g00ecf