Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / 6aa7eec5002756f5398774a35fb9d985e15a4573 / . / meta-security / recipes-ids / ossec / ossec-hids_3.7.0.bb
blob: c211f03212bfefe9387be1f4fac033d02eb9f627 [file] [log] [blame]
Andrew Geissler5e7fd512021-05-07 16:09:00 -0500[diff] [blame]1SUMMARY = "A full platform to monitor and control your systems"
Patrick Williams03907ee2022-05-01 06:28:52 -0500[diff] [blame]2LICENSE = "GPL-2.0-only"
Andrew Geissler5e7fd512021-05-07 16:09:00 -0500[diff] [blame]3LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9"
4
5
6DEPENDS = "openssl libpcre2 zlib libevent"
Patrick Williams53961c22022-01-20 11:06:23 -0600[diff] [blame]7SRC_URI = "git://github.com/ossec/ossec-hids;branch=master;protocol=https \
Andrew Geissler5e7fd512021-05-07 16:09:00 -0500[diff] [blame]8 file://0001-Makefile-drop-running-scrips-install.patch \
9 file://0002-Makefile-don-t-set-uid-gid.patch \
10 "
11
Andrew Geisslerd5838332022-05-27 11:33:10 -0500[diff] [blame]12SRCREV = "1ecffb1b884607cb12e619f9ab3c04f530801083"
Andrew Geissler5e7fd512021-05-07 16:09:00 -0500[diff] [blame]13
William A. Kennington IIIee32beb2021-06-02 12:48:35 -0700[diff] [blame]14UPSTREAM_CHECK_COMMITS = "1"
15
Andrew Geissler5e7fd512021-05-07 16:09:00 -0500[diff] [blame]16inherit autotools-brokensep useradd
17
18S = "${WORKDIR}/git"
19
20OSSEC_UID ?= "ossec"
21OSSEC_RUID ?= "ossecr"
22OSSEC_GID ?= "ossec"
23OSSEC_EMAIL ?= "ossecm"
24
25do_configure[noexec] = "1"
26
27do_compile() {
28 cd ${S}/src
29 make PREFIX=${prefix} TARGET=local USE_SYSTEMD=No build
30}
31
32do_install(){
33 install -d ${D}${sysconfdir}
34 install -d ${D}/var/ossec/${sysconfdir}
35
36 cd ${S}/src
37 make TARGET=local PREFIX=${D}/var/ossec install
38
39 echo "DIRECTORY=\"/var/ossec\"" > ${D}/${sysconfdir}/ossec-init.conf
40 echo "VERSION=\"${PV}\"" >> ${D}/${sysconfdir}/ossec-init.conf
41 echo "DATE=\"`date`\"" >> ${D}/${sysconfdir}/ossec-init.conf
42 echo "TYPE=\"local\"" >> ${D}/${sysconfdir}/ossec-init.conf
43 chmod 600 ${D}/${sysconfdir}/ossec-init.conf
44 install -m 640 ${D}/${sysconfdir}/ossec-init.conf ${D}/var/ossec/${sysconfdir}/ossec-init.conf
45}
46
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]47pkg_postinst_ontarget:${PN} () {
Andrew Geissler5e7fd512021-05-07 16:09:00 -0500[diff] [blame]48 DIR="/var/ossec"
49
50 usermod -g ossec -G ossec -a root
51
52 # Default for all directories
53 chmod -R 550 ${DIR}
54 chown -R root:${OSSEC_GID} ${DIR}
55
56 # To the ossec queue (default for agentd to read)
57 chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/ossec
58 chmod -R 770 ${DIR}/queue/ossec
59
60 # For the logging user
61 chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs
62 chmod -R 750 ${DIR}/logs
63 chmod -R 775 ${DIR}/queue/rids
64 touch ${DIR}/logs/ossec.log
65 chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs/ossec.log
66 chmod 664 ${DIR}/logs/ossec.log
67
68 chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/diff
69 chmod -R 750 ${DIR}/queue/diff
70 chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true
71
72 # For the etc dir
73 chmod 550 ${DIR}/etc
74 chown -R root:${OSSEC_GID} ${DIR}/etc
75 if [ -f /etc/localtime ]; then
76 cp -pL /etc/localtime ${DIR}/etc/;
77 chmod 555 ${DIR}/etc/localtime
78 chown root:${OSSEC_GID} ${DIR}/etc/localtime
79 fi
80
81 if [ -f /etc/TIMEZONE ]; then
82 cp -p /etc/TIMEZONE ${DIR}/etc/;
83 chmod 555 ${DIR}/etc/TIMEZONE
84 fi
85
86 # More files
87 chown root:${OSSEC_GID} ${DIR}/etc/internal_options.conf
88 chown root:${OSSEC_GID} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
89 chown root:${OSSEC_GID} ${DIR}/etc/client.keys >/dev/null 2>&1 || true
90 chown root:${OSSEC_GID} ${DIR}/agentless/*
91 chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/.ssh
92 chown root:${OSSEC_GID} ${DIR}/etc/shared/*
93
94 chmod 550 ${DIR}/etc
95 chmod 440 ${DIR}/etc/internal_options.conf
96 chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
97 chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true
98 chmod 550 ${DIR}/agentless/*
99 chmod 700 ${DIR}/.ssh
100 chmod 770 ${DIR}/etc/shared
101 chmod 660 ${DIR}/etc/shared/*
102
103 # For the /var/run
104 chmod 770 ${DIR}/var/run
105 chown root:${OSSEC_GID} ${DIR}/var/run
106
107 # For util.sh
108 chown root:${OSSEC_GID} ${DIR}/bin/util.sh
109 chmod +x ${DIR}/bin/util.sh
110
111 # For binaries and active response
112 chmod 755 ${DIR}/active-response/bin/*
113 chown root:${OSSEC_GID} ${DIR}/active-response/bin/*
114 chown root:${OSSEC_GID} ${DIR}/bin/*
115 chmod 550 ${DIR}/bin/*
116
117 # For ossec.conf
118 chown root:${OSSEC_GID} ${DIR}/etc/ossec.conf
119 chmod 660 ${DIR}/etc/ossec.conf
120
121 # Debconf
122 . /usr/share/debconf/confmodule
123 db_input high ossec-hids-agent/server-ip || true
124 db_go
125
126 db_get ossec-hids-agent/server-ip
127 SERVER_IP=$RET
128
129 sed -i "s/<server-ip>[^<]\+<\/server-ip>/<server-ip>${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf
130 db_stop
131
132 # ossec-init.conf
133 if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
134 if [ -e /etc/ossec-init.conf ]; then
135 rm -f /etc/ossec-init.conf
136 fi
137 ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf
138 fi
139
140 # init.d/ossec file
141 if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
142 if [ -e /etc/init.d/ossec ]; then
143 rm -f /etc/init.d/ossec
144 fi
145 ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec
146 fi
147
148 # Service
149 if [ -x /etc/init.d/ossec ]; then
150 update-rc.d -f ossec defaults
151 fi
152
153 # Delete tmp directory
154 if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then
155 rm -r ${OSSEC_HIDS_TMP_DIR}
156 fi
157}
158
159USERADD_PACKAGES = "${PN}"
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]160USERADD_PARAM:${PN} = "--system --home-dir /var/ossec -g ossec --shell /bin/false ossec"
161GROUPADD_PARAM:${PN} = "--system ossec"
Andrew Geissler5e7fd512021-05-07 16:09:00 -0500[diff] [blame]162
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]163RDEPENDS:${PN} = "openssl bash"
Andrew Geisslera1a6aef2021-06-25 14:23:58 -0500[diff] [blame]164
Patrick Williams213cb262021-08-07 19:21:33 -0500[diff] [blame]165COMPATIBLE_HOST:libc-musl = "null"