aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--testing/ossec-hids-local/APKBUILD87
-rw-r--r--testing/ossec-hids-local/config63
-rw-r--r--testing/ossec-hids-local/makefile.patch47
-rw-r--r--testing/ossec-hids-local/musl_lack_of_a_out_h.patch13
-rw-r--r--testing/ossec-hids-local/ossec-hids-local.logrotate5
5 files changed, 215 insertions, 0 deletions
diff --git a/testing/ossec-hids-local/APKBUILD b/testing/ossec-hids-local/APKBUILD
new file mode 100644
index 0000000000..77a93abe8d
--- /dev/null
+++ b/testing/ossec-hids-local/APKBUILD
@@ -0,0 +1,87 @@
+# Contributor: Francesco Colista <fcolista@alpinelinux.org>
+# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
+pkgname=ossec-hids-local
+_target=${pkgname/ossec-hids-/}
+pkgver=3.6.0
+pkgrel=0
+pkgdesc="Open Source Host-based Intrusion Detection System"
+url="https://www.ossec.net/"
+arch="all !aarch64 !armhf !armv7"
+license="GPL-2.0-only WITH openssl-exception"
+depends="inotify-tools procps ossec-hids-openrc"
+makedepends="linux-headers bsd-compat-headers openssl-dev \
+libevent-dev inotify-tools-dev findutils file zlib-dev pcre2-dev \
+sqlite-dev lua5.3-dev geoip-dev czmq-dev"
+checkdepends="check-dev subunit-dev"
+subpackages="$pkgname-doc"
+pkgusers="ossec ossecm ossecr"
+pkggroups="ossec"
+source="$pkgname-$pkgver.tar.gz::https://github.com/ossec/ossec-hids/archive/$pkgver.tar.gz
+ $pkgname.logrotate
+ musl_lack_of_a_out_h.patch
+ makefile.patch
+ config"
+builddir="$srcdir"/ossec-hids-$pkgver
+
+prepare() {
+ default_prepare
+ export V=1
+ export USER_INSTALL_TYPE=$_target
+ export USER_NO_STOP=yes
+ export USER_DIR=/var/ossec
+ export USER_BINARYINSTALL=x
+ export USE_GEOIP=yes
+ export USE_ZEROMQ=yes
+ export LUA_ENABLE=yes
+ export USE_SQLITE=yes
+ export DATABASE=sqlite
+ export USE_INOTIFY=yes
+ export PCRE2_SYSTEM=yes
+}
+
+build() {
+ cd "$builddir"/src
+ make clean
+ make TARGET=$_target PREFIX=/var/ossec
+}
+
+check() {
+ cd "$builddir"/src
+ make test PREFIX=/var/ossec
+}
+
+package() {
+ install -Dm644 -D "$srcdir"/$pkgname.logrotate "$pkgdir"/etc/logrotate.d/$pkgname
+ install -Dm644 -D etc/ossec-$_target.conf "$pkgdir"/etc/ossec-$_target.conf
+
+ mkdir -p "$pkgdir"/var/ossec/etc
+ cat << EOF > "$pkgdir"/var/ossec/etc/ossec-init.conf
+DIRECTORY="/var/ossec"
+VERSION="$(cat src/VERSION)"
+DATE="$(date)"
+TYPE="$_target"
+EOF
+
+ set -- $pkgusers
+ cd "$builddir"/src
+ find "$pkgdir" -user nobody -exec chown 524 '{}' ';'
+ find "$pkgdir" -user mail -exec chown 525 '{}' ';'
+ find "$pkgdir" -user daemon -exec chown 526 '{}' ';'
+ find "$pkgdir" -group nobody -exec chgrp 525 '{}' ';'
+
+ make TARGET="$_target" PREFIX="$pkgdir"/var/ossec install
+}
+
+doc() {
+ cd "$builddir"
+ pkgdesc="Documentation for $pkgname"
+ mkdir -p "$subpkgdir"/usr/share/doc/$pkgname
+ cp -a doc/* \
+ "$subpkgdir"/usr/share/doc/$pkgname
+}
+
+sha512sums="1f5e897de757df264dfb56def74b7d8f886b6b9d772b5b3d0197c9cd00a32fd7fd8a7b53566851fea3cd74d433b5594cbd074e50b7dbe36305fb3c243e8ddcf5 ossec-hids-local-3.6.0.tar.gz
+6cdf4852feabfdd043405e2570bb9a3013eb11c1865e9178fb67a019717d44fb0fedba05ab74c4334a1bae0a0c45912213dd7d6c7e1eab31853d40beea7596a0 ossec-hids-local.logrotate
+4e076581cc3977c527f30da6c43552db18bc35ea7b745c1504f4d15ebfbcef42c9604804af28fc90744a85f847a0f0c5bf991476cae71e3d860adb7cfa33a63b musl_lack_of_a_out_h.patch
+27ccd8197541693c6cfa85e1598b40a5bd2dbd1dec2b7bd057211b45fd0c14c42c2ddd01d9ac57491eda93bb318961642d3adce55b395351d530609250ca003f makefile.patch
+5213936052ed3adf8d9bb36d044386e2decf85ad59e7d5a69b4b73c708ea779dc03049c3429e9b658efceb347b950b0192ca4f66bb56a3101c2016f106dcc287 config"
diff --git a/testing/ossec-hids-local/config b/testing/ossec-hids-local/config
new file mode 100644
index 0000000000..4400290be7
--- /dev/null
+++ b/testing/ossec-hids-local/config
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+# Do you want to update it? (y/n) [y]:
+export USER_UPDATE=y
+
+# Do you want to update the rules? (y/n) [y]:
+export USER_UPDATE_RULES=y
+
+# User Language:
+export USER_LANGUAGE=en
+
+# Do you want e-mail notification? (y/n) [y]:
+export USER_ENABLE_EMAIL=y
+# What's your e-mail address?
+export USER_EMAIL_ADDRESS=foo@example.com
+# What's your SMTP server ip/host?
+export USER_EMAIL_SMTP=localhost
+
+# Do you want to run the integrity check daemon? (y/n) [y]:
+export USER_ENABLE_SYSCHECK=y
+
+#Do you want to run the rootkit detection engine? (y/n) [y]:
+export USER_ENABLE_ROOTCHECK=y
+
+# Active response allows you to execute a specific
+# command based on the events received. For example,
+# you can block an IP address or disable access for
+# a specific user.
+# More information at:
+# https://ossec.github.io/docs/manual/ar/
+#
+# - Do you want to enable active response? (y/n) [y]:
+export USER_ENABLE_ACTIVE_RESPONSE=y
+
+# - By default, we can enable the host-deny and the
+# firewall-drop responses. The first one will add
+# a host to the /etc/hosts.deny and the second one
+# will block the host on iptables (if linux) or on
+# ipfilter (if Solaris, FreeBSD or NetBSD).
+# - They can be used to stop SSHD brute force scans,
+# portscans and some other forms of attacks. You can
+# also add them to block on snort events, for example.
+#
+# - Do you want to enable the firewall-drop response? (y/n) [y]:
+export USER_ENABLE_FIREWALL_RESPONSE=y
+
+# Do you want to add more IPs to the white list? (y/n)? [n]:
+# if set to y, installer will ask you to enter the list of IPs
+# if you want to use this feature, you must also export USER_NO_STOP=no
+export USER_WHITE_LIST=n
+
+# Do you want to enable remote syslog (port 514 udp)? (y/n) [y]:
+export USER_ENABLE_SYSLOG=y
+
+# IP address or hostname of the ossec server. Only used on agent installations.
+# export USER_AGENT_SERVER_IP="127.0.0.1"
+# export USER_AGENT_SERVER_NAME
+# Agent's config profile name. This is used to create agent.conf configuration profiles
+# for this particular profile name. Only used on agent installations.
+# Can be any string. E.g. LinuxDBServer or WindowsDomainController
+export USER_AGENT_CONFIG_PROFILE="generic"
+
+
diff --git a/testing/ossec-hids-local/makefile.patch b/testing/ossec-hids-local/makefile.patch
new file mode 100644
index 0000000000..e3f15a6b96
--- /dev/null
+++ b/testing/ossec-hids-local/makefile.patch
@@ -0,0 +1,47 @@
+diff --git a/src/Makefile b/src/Makefile
+index 1a3c9bd..b2ddfb1 100644
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -22,13 +22,13 @@ OSSEC_USER_MAIL?=ossecm
+ OSSEC_USER_REM?=ossecr
+
+ INSTALL_CMD?=install -m $(1) -o $(2) -g $(3)
+-INSTALL_LOCALTIME?=yes
+-INSTALL_RESOLVCONF?=yes
++INSTALL_LOCALTIME=no
++INSTALL_RESOLVCONF=no
+
+ USE_PRELUDE?=no
+ USE_ZEROMQ?=no
+ USE_GEOIP?=no
+-USE_INOTIFY=no
++USE_INOTIFY=yes
+ USE_PCRE2_JIT=yes
+
+ ifneq (${TARGET},winagent)
+@@ -399,7 +399,6 @@ install-hybrid: install-server-generic
+ install-server: install-server-generic
+
+ install-common: build
+- ./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX}
+ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/
+ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs
+ $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/ossec.log
+@@ -1254,7 +1253,7 @@ ossec-makelists: analysisd/makelists-live.o ${analysisd_live_o} ${format_o} aler
+ #### test ##########
+ ####################
+
+-CFLAGS_TEST = -g -O0 --coverage
++CFLAGS_TEST = -g -O0
+
+ LDFLAGS_TEST = -lcheck -lm -pthread -lrt -lsubunit
+
+@@ -1265,7 +1264,7 @@ endif #TEST
+
+ test_programs = test_os_zlib test_os_xml test_os_regex test_os_crypto test_shared
+
+-.PHONY: test run_tests build_tests test_valgrind test_coverage
++.PHONY: test run_tests build_tests test_valgrind
+
+ test: build_tests
+ ${MAKE} run_tests
diff --git a/testing/ossec-hids-local/musl_lack_of_a_out_h.patch b/testing/ossec-hids-local/musl_lack_of_a_out_h.patch
new file mode 100644
index 0000000000..a4d2b12a61
--- /dev/null
+++ b/testing/ossec-hids-local/musl_lack_of_a_out_h.patch
@@ -0,0 +1,13 @@
+diff --git a/src/rootcheck/os_string.c b/src/rootcheck/os_string.c
+index e7ca284..85b6d9b 100644
+--- a/src/rootcheck/os_string.c
++++ b/src/rootcheck/os_string.c
+@@ -44,7 +44,7 @@
+
+ #ifdef SOLARIS
+ #include <sys/exechdr.h>
+-#elif defined Darwin || defined HPUX
++#elif defined Darwin || defined HPUX || defined linux
+
+ /* For some reason darwin does not have that */
+ struct exec {
diff --git a/testing/ossec-hids-local/ossec-hids-local.logrotate b/testing/ossec-hids-local/ossec-hids-local.logrotate
new file mode 100644
index 0000000000..7b6406819f
--- /dev/null
+++ b/testing/ossec-hids-local/ossec-hids-local.logrotate
@@ -0,0 +1,5 @@
+/var/ossec/logs/active-responses.log /var/ossec/logs/ossec.log {
+ missingok
+ notifempty
+ copytruncate
+}