File ossec-hids.spec of Package ossec-hids
#
# spec file for package ossec-hids
#
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# Notes
# agent - read local files (syslog, snort, etc) and forward
# server - above + notifications + remote agents
# local - do everything server does, but not recieve messages
%define experimental 1
%define short_name ossec
%define ossec_dir /var/lib/ossec
# backward compatible requirement SLE...
%{?!_initddir:%define _initddir %_initrddir}
%if ! %{defined _fillupdir}
%define _fillupdir /var/adm/fillup-templates
%endif
Summary: An Open Source Host-based Intrusion Detection System
Name: ossec-hids
Version: 3.2.0
Release: 0
License: GPL-2.0+
Group: Productivity/Security
Source0: https://github.com/ossec/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
Source2: ossec-hids.logrotate
Source3: ossec-init.conf
Source4: ossec-hids.service
Source5: sysconfig.ossec-hids
Source6: sysconfig.ossec-hids-client
Source7: sysconfig.ossec-hids-server
Source98: https://github.com/ossec/ossec-hids/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
Source99: %{name}.keyring
Patch1: ossec-hids-location.patch
URL: http://www.%{short_name}.net/
Vendor: http://www.ossec.net
BuildRequires: coreutils
#
%if 0%{?suse_version} > 1120
BuildRequires: zlib-devel-static
%else
BuildRequires: zlib-devel
BuildRequires: -post-build-checks
%endif
BuildRequires: glibc-devel
BuildRequires: openssl-devel
BuildRequires: mysql-devel
BuildRequires: postgresql-devel
BuildRequires: update-alternatives
BuildRequires: apache2-devel
BuildRequires: libGeoIP-devel
%if 0%{?suse_version} >= 1210
BuildRequires: systemd
%endif
%{?systemd_requires}
BuildRoot: %{_tmppath}/%{name}-%{version}-build
#BuildArch: noarch
#
Requires(pre): %{_sbindir}/groupadd
Requires(pre): %{_sbindir}/useradd
Requires(post): update-alternatives
Requires(postun): update-alternatives
PreReq: %fillup_prereq
PreReq: %insserv_prereq
Requires: logrotate
Provides: ossec
ExclusiveOS: linux
%description
OSSEC HIDS is an Open Source Host-based Intrusion Detection
System. It performs log analysis, integrity checking, rootkit
detection, time-based alerting and active response.
%package client
Summary: The OSSEC HIDS Client
Group: Productivity/Security
Provides: ossec-client
Requires: %{name} = %{version}-%{release}
Conflicts: %{name}-server
%description client
The %{name}-client package contains the client part of the
OSSEC HIDS. Install this package on every client to be
monitored.
%package server
Summary: The OSSEC HIDS Server
Group: Productivity/Security
Provides: ossec-server
Requires: %{name} = %{version}-%{release}
Conflicts: %{name}-client
%description server
The %{name}-server package contains the server part of the
OSSEC HIDS. Install this package on a central machine for
log collection and alerting.
%package server-mysql
Summary: The OSSEC HIDS Server with MySQL Support
Group: Productivity/Security
Requires: %{name}-server = %{version}-%{release}
Requires: mysql-server
Requires(post): update-alternatives
Requires(postun): update-alternatives
%description server-mysql
This package provides mysql support for ossec
%package server-postgresql
Summary: The OSSEC HIDS Server with PostgreSQL Support
Group: Productivity/Security
Requires: %{name}-server = %{version}-%{release}
Requires: postgresql-server
Requires(post): update-alternatives
Requires(postun): update-alternatives
%description server-postgresql
This package provides postgresql support for ossec
%prep
%setup -q -n ossec-hids-%{version}
%patch1 -p1
# Prepare for docs
rm -rf contrib/specs
rm -rf contrib/ossec-testing
#chmod -x contrib/*
%build
mkdir bin
pushd src
# Build the agent version first
%{__make} %{?_smp_mflags} TARGET=agent ZLIB_SYSTEM=yes PCRE2_SYSTEM=yes USE_GEOIP=1
mv manage_agents ../manage_client
mv ossec-logcollector ../client-logcollector
mv ossec-syscheckd ../client-syscheckd
# Rebuild for server
#
# mysql
make clean
%{__make} %{?_smp_mflags} TARGET=hybrid ZLIB_SYSTEM=yes PCRE2_SYSTEM=yes USE_GEOIP=1 DATABASE=mysql
mv ossec-dbd ../mysql.ossec-dbd
# postgres
make clean
%{__make} %{?_smp_mflags} TARGET=hybrid ZLIB_SYSTEM=yes PCRE2_SYSTEM=yes USE_GEOIP=1 DATABASE=pgsql
mv ossec-dbd ../pg.ossec-dbd
#
make clean
%{__make} %{?_smp_mflags} TARGET=hybrid ZLIB_SYSTEM=yes PCRE2_SYSTEM=yes USE_GEOIP=1
mv ossec-dbd ../bin/ossec-dbd.vanilla
mv ../pg.ossec-dbd ../bin/ossec-dbd.pg
mv ../mysql.ossec-dbd ../bin/ossec-dbd.mysql
popd
# Do not strip, only compress documentation
%define __os_install_post /usr/lib/rpm/brp-compress
# Exclude from requires
%define _use_internal_dependency_generator 0
%install
mkdir -p %{buildroot}%{_initrddir}
mkdir -p %{buildroot}%{_sbindir}
mkdir -p %{buildroot}%{ossec_dir}/{bin,stats,rules,tmp}
mkdir -p %{buildroot}%{ossec_dir}/rules/translated/pure_ftpd
mkdir -p %{buildroot}%{ossec_dir}/logs/{archives,alerts,firewall}
mkdir -p %{buildroot}%{ossec_dir}/queue/{alerts,%{short_name},fts,syscheck,rootcheck,agent-info,rids}
mkdir -p %{buildroot}%{ossec_dir}/var/run
mkdir -p %{buildroot}%{ossec_dir}/etc/shared
mkdir -p %{buildroot}%{ossec_dir}/etc/templates
mkdir -p %{buildroot}%{ossec_dir}/etc/sql
mkdir -p %{buildroot}%{ossec_dir}/active-response/bin
#install -m 0600 %{short_name}-init.conf %{buildroot}%{_sysconfdir}
install -m 0644 etc/%{short_name}.conf %{buildroot}%{ossec_dir}/etc/%{short_name}.conf.sample
install -m 0644 etc/%{short_name}-{agent,server}.conf %{buildroot}%{ossec_dir}/etc
install -m 0644 etc/*.xml %{buildroot}%{ossec_dir}/etc
install -m 0644 etc/internal_options* %{buildroot}%{ossec_dir}/etc
install -m 0644 etc/rules/*xml %{buildroot}%{ossec_dir}/rules
install -m 0644 etc/rules/translated/pure_ftpd/* %{buildroot}%{ossec_dir}/rules/translated/pure_ftpd
install -m 0644 etc/templates/config/* %{buildroot}%{ossec_dir}/etc/templates/
install -m 0550 bin/* %{buildroot}%{ossec_dir}/bin
install -m 0550 src/ossec-* %{buildroot}%{ossec_dir}/bin
install -m 0550 src/list_agents %{buildroot}%{ossec_dir}/bin
install -m 0550 src/manage_agents %{buildroot}%{ossec_dir}/bin
install -m 0550 src/syscheck_update %{buildroot}%{ossec_dir}/bin
install -m 0550 src/clear_stats %{buildroot}%{ossec_dir}/bin
install -m 0550 src/agent_control %{buildroot}%{ossec_dir}/bin
install -m 0550 src/rootcheck_control %{buildroot}%{ossec_dir}/bin
install -m 0550 src/syscheck_control %{buildroot}%{ossec_dir}/bin
install -m 0550 src/verify-agent-conf %{buildroot}%{ossec_dir}/bin
#
install -m 0550 manage_client %{buildroot}%{ossec_dir}/bin
install -m 0550 client-logcollector %{buildroot}%{ossec_dir}/bin
install -m 0550 client-syscheckd %{buildroot}%{ossec_dir}/bin
#
install -m 0755 active-response/*.sh %{buildroot}%{ossec_dir}/active-response/bin
install -m 0644 src/rootcheck/db/*.txt %{buildroot}%{ossec_dir}/etc/shared
install -m 0644 src/os_dbd/mysql.schema %{buildroot}%{ossec_dir}/etc/sql/mysql.schema
install -m 0644 src/os_dbd/postgresql.schema %{buildroot}%{ossec_dir}/etc/sql/postgresql.schema
install -m 0550 src/init/%{short_name}-{client,server}.sh %{buildroot}%{ossec_dir}/bin
# init script
install -m 0755 src/init/%{name}-suse.init %{buildroot}%{_initrddir}/%{name}
ln -s %{_initrddir}/%{name} %{buildroot}%{_sbindir}/rc%{name}
# systemd service file
%if 0%{?_unitdir:1}
install -Dpm 0644 %{SOURCE4} %{buildroot}%_unitdir/%{name}.service
%endif
install -d -m 0755 %{buildroot}%{_fillupdir}
install -m 0644 %{S:5} %{buildroot}%{_fillupdir}
DATE=`date`
find %{buildroot}%{_fillupdir} -type f -exec \
sed -i -e "s/BUILD_VER/%{version}/" -e "s/BUILD_DATE/$DATE/" {} +
# set correct ossec-dir
for ii in etc rules active-response
do
find %{buildroot}%{ossec_dir}/$ii -type f -exec sed -i 's%/var/ossec%/var/lib/ossec%' {} +
done
# create the faux ossec.conf, %ghost'ed files must exist in the buildroot
touch %{buildroot}%{ossec_dir}/etc/%{short_name}.conf
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
install -m 0644 %{SOURCE2} %{buildroot}/etc/logrotate.d/%{name}
#
%pre
%{_sbindir}/groupadd -r %{short_name} 2>/dev/null || :
%{_sbindir}/useradd -g %{short_name} -G %{short_name} \
-d %{ossec_dir} \
-r -s /sbin/nologin %{short_name} 2>/dev/null || :
#
%pre server
for users in %{short_name}m %{short_name}e %{short_name}r
do
%{_sbindir}/useradd -g %{short_name} -G %{short_name} \
-d %{ossec_dir} \
-r -s /sbin/nologin $users 2>/dev/null || :
done
%if 0%{?_unitdir:1}
%service_add_pre %{name}.service
%endif
#
%pre client
%if 0%{?_unitdir:1}
%service_add_pre %{name}.service
%endif
%post
%{fillup_only}
#
%post client
#%%{fillup_only -nsa ossec-hids client}
%if 0%{?_unitdir:1}
%service_add_post %{name}.service
%endif
if [ ! -f %{ossec_dir}/etc/%{short_name}.conf ]; then
ln -sf %{short_name}-agent.conf %{ossec_dir}/etc/%{short_name}.conf
fi
ln -sf %{short_name}-client.sh %{ossec_dir}/bin/%{short_name}-control
# daemon trickery
ln -sf %{ossec_dir}/bin/client-logcollector %{ossec_dir}/bin/%{short_name}-logcollector
ln -sf %{ossec_dir}/bin/client-syscheckd %{ossec_dir}/bin/%{short_name}-syscheckd
# Create log file
touch %{ossec_dir}/logs/ossec.log
chown %{short_name}:%{short_name} %{ossec_dir}/logs/ossec.log
chmod 0664 %{ossec_dir}/logs/ossec.log
%post server
#%%{fillup_only -nsa ossec-hids server}
%if 0%{?_unitdir:1}
%service_add_post %{name}.service
%endif
if [ ! -f %{ossec_dir}/etc/%{short_name}.conf ]; then
ln -sf %{short_name}-server.conf %{ossec_dir}/etc/%{short_name}.conf
fi
ln -sf %{short_name}-server.sh %{ossec_dir}/bin/%{short_name}-control
# Create log file
touch %{ossec_dir}/logs/ossec.log
chown %{short_name}:%{short_name} %{ossec_dir}/logs/ossec.log
chmod 0664 %{ossec_dir}/logs/ossec.log
#
update-alternatives --quiet --install \
%{ossec_dir}/bin/%{short_name}-dbd \
%{short_name}-dbd \
%{ossec_dir}/bin/%{short_name}-dbd.vanilla 10
%post server-mysql
update-alternatives --quiet --install \
%{ossec_dir}/bin/%{short_name}-dbd \
%{short_name}-dbd \
%{ossec_dir}/bin/%{short_name}-dbd.mysql 20
%post server-postgresql
update-alternatives --quiet --install \
%{ossec_dir}/bin/%{short_name}-dbd \
%{short_name}-dbd \
%{ossec_dir}/bin/%{short_name}-dbd.pg 20
#
%preun client
%stop_on_removal %{name}
%if 0%{?_unitdir:1}
%service_del_preun %{name}.service
%endif
if [ $1 = 0 ]; then
# cleanup on removal
%{__rm} -f %{ossec_dir}/etc/localtime
%{__rm} -f %{ossec_dir}/etc/%{short_name}.conf
%{__rm} -f %{ossec_dir}/bin/%{short_name}-control
%{__rm} -f %{ossec_dir}/bin/%{short_name}-logcollector
%{__rm} -f %{ossec_dir}/bin/%{short_name}-syscheckd
fi
#
%postun client
%if 0%{?_unitdir:1}
%service_del_postun %{name}.service
%endif
%insserv_cleanup
#
%preun server
%stop_on_removal %{name}
%if 0%{?_unitdir:1}
%service_del_preun %{name}.service
%endif
if [ $1 = 0 ]; then
# cleanup on removal
%{__rm} -f %{ossec_dir}/etc/localtime
%{__rm} -f %{ossec_dir}/etc/%{short_name}.conf
%{__rm} -f %{ossec_dir}/bin/%{short_name}-control
fi
#
update-alternatives --remove \
%{short_name}-dbd %{ossec_dir}/bin/%{short_name}-dbd.vanilla
#
%postun server
%if 0%{?_unitdir:1}
%service_del_postun %{name}.service
%endif
%insserv_cleanup
# This occures during install of ossec-hids!!!
%triggerin -- glibc
[ -r %{_sysconfdir}/localtime ] && cp -fpL %{_sysconfdir}/localtime %{ossec_dir}/etc
%preun server-mysql
update-alternatives --remove \
%{short_name}-dbd %{ossec_dir}/bin/%{short_name}-dbd.mysql
%preun server-postgresql
update-alternatives --remove \
%{short_name}-dbd %{ossec_dir}/bin/%{short_name}-dbd.pg
%clean
%{__rm} -rf %{buildroot}
%files
%defattr(-,root,root)
%doc BUGS CONFIG INSTALL* README.md
%doc %dir
%attr(550,root,%{short_name}) %dir %{ossec_dir}
%attr(550,root,%{short_name}) %dir %{ossec_dir}/active-response
%attr(550,root,%{short_name}) %dir %{ossec_dir}/active-response/bin
%attr(550,root,%{short_name}) %dir %{ossec_dir}/bin
%attr(550,root,%{short_name}) %dir %{ossec_dir}/etc
%attr(550,root,%{short_name}) %dir %{ossec_dir}/etc/sql
%attr(770,%{short_name},%{short_name}) %dir %{ossec_dir}/etc/shared
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/etc/templates
%attr(640,%{short_name},%{short_name}) %{ossec_dir}/etc/templates/*
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/logs
%attr(550,root,%{short_name}) %dir %{ossec_dir}/queue
%attr(770,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/alerts
%attr(770,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/%{short_name}
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/syscheck
%attr(770,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/rids
%attr(550,root,%{short_name}) %dir %{ossec_dir}/var
%attr(770,root,%{short_name}) %dir %{ossec_dir}/var/run
%config(noreplace) %{_sysconfdir}/logrotate.d/ossec-hids
%config(noreplace) %{_sysconfdir}/init.d/ossec-hids
%{_sbindir}/rc%{name}
%{_fillupdir}/sysconfig.ossec-hids
%if 0%{?_unitdir:1}
%_unitdir/%{name}.service
%endif
%files client
%defattr(-,root,root)
#%%attr(600,root,root) %verify(not md5 size mtime) %config %{_sysconfdir}/%{short_name}-init.conf
%config(noreplace) %{ossec_dir}/etc/%{short_name}-agent.conf
%config(noreplace) %{ossec_dir}/etc/internal_options*
%config(noreplace) %{ossec_dir}/etc/shared/*
%{ossec_dir}/etc/*.sample
%{ossec_dir}/active-response/bin/*
%{ossec_dir}/bin/%{short_name}-client.sh
%{ossec_dir}/bin/%{short_name}-agentd
%{ossec_dir}/bin/client-logcollector
%{ossec_dir}/bin/client-syscheckd
%{ossec_dir}/bin/ossec-logcollector
%{ossec_dir}/bin/ossec-syscheckd
%{ossec_dir}/bin/%{short_name}-execd
%{ossec_dir}/bin/manage_client
%{ossec_dir}/bin/ossec-authd
%files server
%defattr(-,root,root)
#%%attr(600,root,root) %verify(not md5 size mtime) %config %{_sysconfdir}/%{short_name}-init.conf
%ghost %config(missingok,noreplace) %{ossec_dir}/etc/ossec.conf
%config(noreplace) %{ossec_dir}/etc/%{short_name}-server.conf
%config(noreplace) %{ossec_dir}/etc/internal_options*
%config %{ossec_dir}/etc/*.xml
%config(noreplace) %{ossec_dir}/etc/shared/*
%{ossec_dir}/etc/*.sample
%{ossec_dir}/active-response/bin/*
%{ossec_dir}/bin/%{short_name}-server.sh
%{ossec_dir}/bin/%{short_name}-agentd
%{ossec_dir}/bin/%{short_name}-analysisd
%{ossec_dir}/bin/%{short_name}-execd
%{ossec_dir}/bin/%{short_name}-logcollector
%{ossec_dir}/bin/%{short_name}-maild
%{ossec_dir}/bin/%{short_name}-monitord
%{ossec_dir}/bin/%{short_name}-remoted
%{ossec_dir}/bin/%{short_name}-syscheckd
#%%ghost %{ossec_dir}/bin/%{short_name}-dbd
%{ossec_dir}/bin/%{short_name}-dbd.vanilla
%{ossec_dir}/bin/%{short_name}-reportd
%{ossec_dir}/bin/%{short_name}-agentlessd
%{ossec_dir}/bin/%{short_name}-makelists
%{ossec_dir}/bin/%{short_name}-regex
%{ossec_dir}/bin/ossec-csyslogd
%{ossec_dir}/bin/list_agents
%{ossec_dir}/bin/manage_agents
%{ossec_dir}/bin/syscheck_update
%{ossec_dir}/bin/clear_stats
%{ossec_dir}/bin/agent_control
%{ossec_dir}/bin/rootcheck_control
%{ossec_dir}/bin/syscheck_control
%{ossec_dir}/bin/ossec-logtest
%{ossec_dir}/bin/verify-agent-conf
%{ossec_dir}/bin/ossec-authd
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/logs/archives
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/logs/alerts
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/logs/firewall
%attr(755,%{short_name}r,%{short_name}) %dir %{ossec_dir}/queue/agent-info
%attr(700,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/fts
%attr(700,%{short_name},%{short_name}) %dir %{ossec_dir}/queue/rootcheck
%attr(550,root,%{short_name}) %dir %{ossec_dir}/rules
%config %{ossec_dir}/rules/*
%attr(750,%{short_name},%{short_name}) %dir %{ossec_dir}/stats
%attr(550,root,%{short_name}) %dir %{ossec_dir}/tmp
%files server-mysql
%defattr(-,root,root)
%{ossec_dir}/etc/sql/mysql.schema
#%%ghost %{ossec_dir}/bin/%{short_name}-dbd
%{ossec_dir}/bin/%{short_name}-dbd.mysql
%files server-postgresql
%defattr(-,root,root)
%{ossec_dir}/etc/sql/postgresql.schema
#%%ghost %{ossec_dir}/bin/%{short_name}-dbd
%{ossec_dir}/bin/%{short_name}-dbd.pg
%changelog