File ossec-hids.spec of Package ossec-hids

Overview Repositories Revisions Requests Users Attributes Meta

File ossec-hids.spec of Package ossec-hids

#
# spec file for package ossec-hids
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/

#
# Notes
# agent - read local files (syslog, snort, etc) and forward
# server -  above + notifications + remote agents
# local - do everything server does, but not recieve messages

%define experimental 1
%define short_name  ossec
%define ossec_dir   /var/lib/ossec

# backward compatible requirement SLE...
%{?!_initddir:%define _initddir %_initrddir}

%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%endif

Summary:        An Open Source Host-based Intrusion Detection System
Name:           ossec-hids
Version:        3.7.0
Release:        0
License:        GPL-2.0+
Group:          Productivity/Security
Source0:        https://github.com/ossec/%{name}/archive/v%{version}/%{version}.tar.gz
Source2:        ossec-hids.logrotate
Source3:        ossec-init.conf
Source4:        ossec-hids.service
Source5:        sysconfig.ossec-hids
Source6:        sysconfig.ossec-hids-client
Source7:        sysconfig.ossec-hids-server

Source99:       %{name}.keyring
Source100:      ossec-hids-rpmlintrc
Patch1:         ossec-hids-location.patch
URL:            http://www.%{short_name}.net/
Vendor:         http://www.ossec.net
BuildRequires:  coreutils
#
%if 0%{?suse_version} > 1120
BuildRequires:  zlib-devel-static
%else
BuildRequires:  zlib-devel
BuildRequires: -post-build-checks
%endif
BuildRequires:  glibc-devel
BuildRequires:  libevent-devel
BuildRequires:  openssl-devel
BuildRequires:  mysql-devel
BuildRequires:  pcre2-devel
BuildRequires:  postgresql-devel
BuildRequires:  update-alternatives
BuildRequires:  apache2-devel
BuildRequires:  libGeoIP-devel
%if 0%{?suse_version} >= 1210
BuildRequires:  systemd
%endif
%{?systemd_requires}
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
#BuildArch:        noarch
#
Requires(pre):  %{_sbindir}/groupadd
Requires(pre):  %{_sbindir}/useradd
Requires(post): update-alternatives
Requires(postun): update-alternatives
PreReq:         %fillup_prereq
PreReq:         %insserv_prereq
Requires:       logrotate
Provides:       ossec
ExclusiveOS:    linux

%description
OSSEC HIDS is an Open Source Host-based Intrusion Detection
System. It performs log analysis, integrity checking, rootkit
detection, time-based alerting and active response.

%package client
Summary:    The OSSEC HIDS Client
Group:      Productivity/Security
Provides:   ossec-client
Requires:   %{name} = %{version}-%{release} 
Conflicts:  %{name}-server

%description client
The %{name}-client package contains the client part of the
OSSEC HIDS. Install this package on every client to be
monitored.

%package server
Summary:    The OSSEC HIDS Server
Group:      Productivity/Security
Provides:   ossec-server
Requires:   %{name} = %{version}-%{release} 
Conflicts:  %{name}-client

%description server
The %{name}-server package contains the server part of the
OSSEC HIDS. Install this package on a central machine for
log collection and alerting.

%package server-mysql
Summary:    The OSSEC HIDS Server with MySQL Support
Group:      Productivity/Security
Requires:   %{name}-server = %{version}-%{release}
Requires:   mysql-server
Requires(post): update-alternatives
Requires(postun): update-alternatives

%description server-mysql
This package provides mysql support for ossec

%package server-postgresql
Summary:    The OSSEC HIDS Server with PostgreSQL Support
Group:      Productivity/Security
Requires:   %{name}-server = %{version}-%{release}
Requires:   postgresql-server
Requires(post): update-alternatives
Requires(postun): update-alternatives

%description server-postgresql
This package provides postgresql support for ossec

%prep
%setup -q -n %{version}
%patch1 -p1

# Prepare for docs
rm -rf contrib/specs
rm -rf contrib/ossec-testing
#chmod -x contrib/*

%build
mkdir bin

pushd src
# Build the agent version first
%{__make} %{?_smp_mflags} TARGET=agent ZLIB_SYSTEM=yes PCRE2_SYSTEM=yes USE_GEOIP=1

mv manage_agents ../manage_client
mv ossec-logcollector  ../client-logcollector
mv ossec-syscheckd  ../client-syscheckd

# Rebuild for server
#
# mysql
make clean

%{__make} %{?_smp_mflags} TARGET=hybrid ZLIB_SYSTEM=yes PCRE2_SYSTEM=yes USE_GEOIP=1 DATABASE=mysql
mv ossec-dbd ../mysql.ossec-dbd

# postgres
make clean

%{__make} %{?_smp_mflags} TARGET=hybrid ZLIB_SYSTEM=yes PCRE2_SYSTEM=yes USE_GEOIP=1 DATABASE=pgsql
mv ossec-dbd ../pg.ossec-dbd

#
make clean
%{__make} %{?_smp_mflags} TARGET=hybrid ZLIB_SYSTEM=yes PCRE2_SYSTEM=yes USE_GEOIP=1
mv ossec-dbd ../bin/ossec-dbd.vanilla
mv ../pg.ossec-dbd ../bin/ossec-dbd.pg
mv ../mysql.ossec-dbd ../bin/ossec-dbd.mysql
popd

# Do not strip, only compress documentation
%define __os_install_post /usr/lib/rpm/brp-compress

# Exclude from requires
%define _use_internal_dependency_generator 0

%install
mkdir -p %{buildroot}%{_initrddir}
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}%{ossec_dir}/{bin,stats,rules,tmp}
mkdir -p %{buildroot}%{ossec_dir}/rules/translated/pure_ftpd
mkdir -p %{buildroot}%{ossec_dir}/logs/{archives,alerts,firewall}
mkdir -p %{buildroot}%{ossec_dir}/queue/{alerts,%{short_name},fts,syscheck,rootcheck,agent-info,rids}
mkdir -p %{buildroot}%{ossec_dir}/var/run
mkdir -p %{buildroot}%{ossec_dir}/etc/shared
mkdir -p %{buildroot}%{ossec_dir}/etc/templates
mkdir -p %{buildroot}%{ossec_dir}/etc/sql
mkdir -p %{buildroot}%{ossec_dir}/active-response/bin

#install -m 0600 %{short_name}-init.conf                 %{buildroot}%{_sysconfdir}
install -m 0644 etc/%{short_name}.conf                  %{buildroot}%{ossec_dir}/etc/%{short_name}.conf.sample
install -m 0644 etc/%{short_name}-{agent,server}.conf   %{buildroot}%{ossec_dir}/etc
install -m 0644 etc/*.xml                               %{buildroot}%{ossec_dir}/etc
install -m 0644 etc/internal_options*                   %{buildroot}%{ossec_dir}/etc
install -m 0644 etc/rules/*xml                          %{buildroot}%{ossec_dir}/rules
install -m 0644 etc/rules/translated/pure_ftpd/*        %{buildroot}%{ossec_dir}/rules/translated/pure_ftpd
install -m 0644 etc/templates/config/*                  %{buildroot}%{ossec_dir}/etc/templates/
install -m 0550 bin/*                                   %{buildroot}%{ossec_dir}/bin
install -m 0550 src/ossec-*                             %{buildroot}%{ossec_dir}/bin
install -m 0550 src/list_agents                         %{buildroot}%{ossec_dir}/bin
install -m 0550 src/manage_agents                       %{buildroot}%{ossec_dir}/bin
install -m 0550 src/syscheck_update                     %{buildroot}%{ossec_dir}/bin
install -m 0550 src/clear_stats                         %{buildroot}%{ossec_dir}/bin
install -m 0550 src/agent_control                       %{buildroot}%{ossec_dir}/bin
install -m 0550 src/rootcheck_control                   %{buildroot}%{ossec_dir}/bin
install -m 0550 src/syscheck_control                    %{buildroot}%{ossec_dir}/bin
install -m 0550 src/verify-agent-conf                   %{buildroot}%{ossec_dir}/bin

#
install -m 0550 manage_client                           %{buildroot}%{ossec_dir}/bin
install -m 0550 client-logcollector                     %{buildroot}%{ossec_dir}/bin
install -m 0550 client-syscheckd                        %{buildroot}%{ossec_dir}/bin
#
install -m 0755 active-response/*.sh                    %{buildroot}%{ossec_dir}/active-response/bin
install -m 0644 src/rootcheck/db/*.txt                  %{buildroot}%{ossec_dir}/etc/shared
install -m 0644 src/os_dbd/mysql.schema                 %{buildroot}%{ossec_dir}/etc/sql/mysql.schema
install -m 0644 src/os_dbd/postgresql.schema            %{buildroot}%{ossec_dir}/etc/sql/postgresql.schema
install -m 0550 src/init/%{short_name}-{client,server}.sh %{buildroot}%{ossec_dir}/bin

# init script
install -m 0755 src/init/%{name}-suse.init  %{buildroot}%{_initrddir}/%{name}
ln -s  %{_initrddir}/%{name}                %{buildroot}%{_sbindir}/rc%{name}

# systemd service file
%if 0%{?_unitdir:1}
install -Dpm 0644  %{SOURCE4} %{buildroot}%_unitdir/%{name}.service
%endif

install -d -m 0755 %{buildroot}%{_fillupdir}
install -m 0644 %{S:5} %{buildroot}%{_fillupdir}

DATE=`date`
find %{buildroot}%{_fillupdir} -type f -exec \
    sed -i -e "s/BUILD_VER/%{version}/" -e "s/BUILD_DATE/$DATE/" {} +

# set correct ossec-dir
for ii in etc rules active-response
do
    find %{buildroot}%{ossec_dir}/$ii -type f -exec sed -i 's%/var/ossec%/var/lib/ossec%' {} +
done

# create the faux ossec.conf, %ghost'ed files must exist in the buildroot
touch %{buildroot}%{ossec_dir}/etc/%{short_name}.conf

mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
install -m 0644 %{SOURCE2} %{buildroot}/etc/logrotate.d/%{name}

#
%pre
%{_sbindir}/groupadd -r %{short_name} 2>/dev/null || :

%{_sbindir}/useradd -g %{short_name} -G %{short_name} \
    -d %{ossec_dir} \
    -r -s /sbin/nologin %{short_name} 2>/dev/null || :

#
%pre server
for users in %{short_name}m %{short_name}e %{short_name}r
do
%{_sbindir}/useradd -g %{short_name} -G %{short_name} \
    -d %{ossec_dir} \
    -r -s /sbin/nologin $users 2>/dev/null || :
done

%if 0%{?_unitdir:1}
%service_add_pre %{name}.service
%endif

#
%pre client
%if 0%{?_unitdir:1}
%service_add_pre %{name}.service
%endif

%post
%{fillup_only}
#
%post client

%if 0%{?_unitdir:1}
%service_add_post %{name}.service
%endif

if [ ! -f  %{ossec_dir}/etc/%{short_name}.conf ]; then
  ln -sf %{short_name}-agent.conf %{ossec_dir}/etc/%{short_name}.conf
fi

ln -sf %{short_name}-client.sh %{ossec_dir}/bin/%{short_name}-control

# daemon trickery
ln -sf %{ossec_dir}/bin/client-logcollector  %{ossec_dir}/bin/%{short_name}-logcollector 
ln -sf %{ossec_dir}/bin/client-syscheckd     %{ossec_dir}/bin/%{short_name}-syscheckd

# Create log file
touch %{ossec_dir}/logs/ossec.log
chown %{short_name}:%{short_name} %{ossec_dir}/logs/ossec.log
chmod 0664 %{ossec_dir}/logs/ossec.log

%post server
#%%{fillup_only -nsa ossec-hids server}

%if 0%{?_unitdir:1}
%service_add_post %{name}.service
%endif

if [ ! -f %{ossec_dir}/etc/%{short_name}.conf ]; then
  ln -sf %{short_name}-server.conf %{ossec_dir}/etc/%{short_name}.conf
fi

ln -sf %{short_name}-server.sh %{ossec_dir}/bin/%{short_name}-control

# Create log file
touch %{ossec_dir}/logs/ossec.log
chown %{short_name}:%{short_name} %{ossec_dir}/logs/ossec.log
chmod 0664 %{ossec_dir}/logs/ossec.log

#
update-alternatives --quiet --install \
    %{ossec_dir}/bin/%{short_name}-dbd \
    %{short_name}-dbd \
    %{ossec_dir}/bin/%{short_name}-dbd.vanilla 10

%post server-mysql
update-alternatives --quiet --install \
    %{ossec_dir}/bin/%{short_name}-dbd \
    %{short_name}-dbd \
    %{ossec_dir}/bin/%{short_name}-dbd.mysql 20

%post server-postgresql
update-alternatives --quiet --install \
    %{ossec_dir}/bin/%{short_name}-dbd \
    %{short_name}-dbd \
    %{ossec_dir}/bin/%{short_name}-dbd.pg 20

#
%preun client
%stop_on_removal %{name}

%if 0%{?_unitdir:1}
%service_del_preun %{name}.service
%endif

if [ $1 = 0 ]; then
  # cleanup on removal
  %{__rm} -f %{ossec_dir}/etc/localtime
  %{__rm} -f %{ossec_dir}/etc/%{short_name}.conf
  %{__rm} -f %{ossec_dir}/bin/%{short_name}-control
  %{__rm} -f %{ossec_dir}/bin/%{short_name}-logcollector 
  %{__rm} -f %{ossec_dir}/bin/%{short_name}-syscheckd 
fi

#
%postun client
%if 0%{?_unitdir:1}
%service_del_postun %{name}.service
%endif

%insserv_cleanup

#
%preun server
%stop_on_removal %{name}

%if 0%{?_unitdir:1}
%service_del_preun %{name}.service
%endif

if [ $1 = 0 ]; then
  # cleanup on removal
  %{__rm} -f %{ossec_dir}/etc/localtime
  %{__rm} -f %{ossec_dir}/etc/%{short_name}.conf
  %{__rm} -f %{ossec_dir}/bin/%{short_name}-control
fi

#
update-alternatives --remove \
    %{short_name}-dbd %{ossec_dir}/bin/%{short_name}-dbd.vanilla

#
%postun server
%if 0%{?_unitdir:1}
%service_del_postun %{name}.service
%endif
%insserv_cleanup

# This occures during install of ossec-hids!!!
%triggerin -- glibc
[ -r %{_sysconfdir}/localtime ] && cp -fpL %{_sysconfdir}/localtime %{ossec_dir}/etc

%preun server-mysql
update-alternatives --remove \
    %{short_name}-dbd %{ossec_dir}/bin/%{short_name}-dbd.mysql

%preun server-postgresql
update-alternatives --remove \
    %{short_name}-dbd %{ossec_dir}/bin/%{short_name}-dbd.pg

%clean
%{__rm} -rf %{buildroot}

%files
%defattr(-,root,root)
%doc BUGS CONFIG INSTALL* README.md
%doc %dir
%attr(550,root,%{short_name}) %dir %{ossec_dir}
%attr(550,root,%{short_name}) %dir %{ossec_dir}/active-response
%attr(550,root,%{short_name}) %dir %{ossec_dir}/active-response/bin
%attr(550,root,%{short_name}) %dir %{ossec_dir}/bin
%attr(550,root,%{short_name}) %dir %{ossec_dir}/etc
%attr(550,root,%{short_name}) %dir %{ossec_dir}/etc/sql
%attr(770,%{short_name},%{short_name}) %dir %{ossec_dir}/etc/shared
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/etc/templates
%attr(640,%{short_name},%{short_name}) %{ossec_dir}/etc/templates/*
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/logs
%attr(550,root,%{short_name}) %dir %{ossec_dir}/queue
%attr(770,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/alerts
%attr(770,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/%{short_name}
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/syscheck
%attr(770,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/rids
%attr(550,root,%{short_name}) %dir %{ossec_dir}/var
%attr(770,root,%{short_name}) %dir %{ossec_dir}/var/run
%config(noreplace) %{_sysconfdir}/logrotate.d/ossec-hids
%config(noreplace) %{_sysconfdir}/init.d/ossec-hids
%{_sbindir}/rc%{name}
%{_fillupdir}/sysconfig.ossec-hids
%if 0%{?_unitdir:1}
%_unitdir/%{name}.service
%endif

%files client
%defattr(-,root,root)
%config(noreplace) %{ossec_dir}/etc/%{short_name}-agent.conf
%config(noreplace) %{ossec_dir}/etc/internal_options*
%config(noreplace) %{ossec_dir}/etc/shared/*
%{ossec_dir}/etc/*.sample
%{ossec_dir}/active-response/bin/*
%{ossec_dir}/bin/%{short_name}-client.sh
%{ossec_dir}/bin/%{short_name}-agentd
%{ossec_dir}/bin/client-logcollector
%{ossec_dir}/bin/client-syscheckd
%{ossec_dir}/bin/ossec-logcollector
%{ossec_dir}/bin/ossec-syscheckd
%{ossec_dir}/bin/%{short_name}-execd
%{ossec_dir}/bin/manage_client
%{ossec_dir}/bin/ossec-authd

%files server
%defattr(-,root,root)
%ghost %config(missingok,noreplace) %{ossec_dir}/etc/ossec.conf
%config(noreplace) %{ossec_dir}/etc/%{short_name}-server.conf
%config(noreplace) %{ossec_dir}/etc/internal_options*
%config %{ossec_dir}/etc/*.xml
%config(noreplace) %{ossec_dir}/etc/shared/*
%{ossec_dir}/etc/*.sample
%{ossec_dir}/active-response/bin/*
%{ossec_dir}/bin/%{short_name}-server.sh
%{ossec_dir}/bin/%{short_name}-agentd
%{ossec_dir}/bin/%{short_name}-analysisd
%{ossec_dir}/bin/%{short_name}-execd
%{ossec_dir}/bin/%{short_name}-logcollector
%{ossec_dir}/bin/%{short_name}-maild
%{ossec_dir}/bin/%{short_name}-monitord
%{ossec_dir}/bin/%{short_name}-remoted
%{ossec_dir}/bin/%{short_name}-syscheckd
%{ossec_dir}/bin/%{short_name}-dbd.vanilla
%{ossec_dir}/bin/%{short_name}-reportd
%{ossec_dir}/bin/%{short_name}-agentlessd
%{ossec_dir}/bin/%{short_name}-makelists
%{ossec_dir}/bin/%{short_name}-regex
%{ossec_dir}/bin/ossec-csyslogd
%{ossec_dir}/bin/list_agents
%{ossec_dir}/bin/manage_agents
%{ossec_dir}/bin/syscheck_update
%{ossec_dir}/bin/clear_stats
%{ossec_dir}/bin/agent_control
%{ossec_dir}/bin/ossec-regex-convert
%{ossec_dir}/bin/rootcheck_control
%{ossec_dir}/bin/syscheck_control
%{ossec_dir}/bin/ossec-logtest
%{ossec_dir}/bin/verify-agent-conf
%{ossec_dir}/bin/ossec-authd

%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/logs/archives
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/logs/alerts
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/logs/firewall
%attr(755,%{short_name}r,%{short_name}) %dir %{ossec_dir}/queue/agent-info
%attr(700,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/fts
%attr(700,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/rootcheck
%attr(550,root,%{short_name}) %dir %{ossec_dir}/rules
%config %{ossec_dir}/rules/*
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/stats
%attr(550,root,%{short_name}) %dir %{ossec_dir}/tmp

%files server-mysql
%defattr(-,root,root)
%{ossec_dir}/etc/sql/mysql.schema
%{ossec_dir}/bin/%{short_name}-dbd.mysql

%files server-postgresql
%defattr(-,root,root)
%{ossec_dir}/etc/sql/postgresql.schema
%{ossec_dir}/bin/%{short_name}-dbd.pg

%changelog

Places

File ossec-hids.spec of Package ossec-hids

Places