Blame - meta-security/recipes-ids/ossec/ossec-hids_3.6.0.bb - stefanberger/openbmc

blob: 10354a7d25954de3f5191f7745b3a2c6ef0edaf1 [file] [log] [blame]

Andrew Geissler	5e7fd51	2021-05-07 16:09:00 -0500	[diff] [blame]	1	SUMMARY = "A full platform to monitor and control your systems"
				2	LICENSE = "GPL-2.0"
				3	LIC_FILES_CHKSUM = "file://LICENSE;md5=d625d1520b5e38faefb81cf9772badc9"
				4
				5
				6	DEPENDS = "openssl libpcre2 zlib libevent"
				7	SRC_URI = "git://github.com/ossec/ossec-hids;branch=master \
				8	file://0001-Makefile-drop-running-scrips-install.patch \
				9	file://0002-Makefile-don-t-set-uid-gid.patch \
				10	"
				11
				12	SRCREV = "1303c78e2c67d7acee0508cb00c3bc63baaa27c2"
				13
				14	inherit autotools-brokensep useradd
				15
				16	S = "${WORKDIR}/git"
				17
				18	OSSEC_UID ?= "ossec"
				19	OSSEC_RUID ?= "ossecr"
				20	OSSEC_GID ?= "ossec"
				21	OSSEC_EMAIL ?= "ossecm"
				22
				23	do_configure[noexec] = "1"
				24
				25	do_compile() {
				26	cd ${S}/src
				27	make PREFIX=${prefix} TARGET=local USE_SYSTEMD=No build
				28	}
				29
				30	do_install(){
				31	install -d ${D}${sysconfdir}
				32	install -d ${D}/var/ossec/${sysconfdir}
				33
				34	cd ${S}/src
				35	make TARGET=local PREFIX=${D}/var/ossec install
				36
				37	echo "DIRECTORY=\"/var/ossec\"" > ${D}/${sysconfdir}/ossec-init.conf
				38	echo "VERSION=\"${PV}\"" >> ${D}/${sysconfdir}/ossec-init.conf
				39	echo "DATE=\"`date`\"" >> ${D}/${sysconfdir}/ossec-init.conf
				40	echo "TYPE=\"local\"" >> ${D}/${sysconfdir}/ossec-init.conf
				41	chmod 600 ${D}/${sysconfdir}/ossec-init.conf
				42	install -m 640 ${D}/${sysconfdir}/ossec-init.conf ${D}/var/ossec/${sysconfdir}/ossec-init.conf
				43	}
				44
				45	pkg_postinst_ontarget_${PN} () {
				46	DIR="/var/ossec"
				47
				48	usermod -g ossec -G ossec -a root
				49
				50	# Default for all directories
				51	chmod -R 550 ${DIR}
				52	chown -R root:${OSSEC_GID} ${DIR}
				53
				54	# To the ossec queue (default for agentd to read)
				55	chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/ossec
				56	chmod -R 770 ${DIR}/queue/ossec
				57
				58	# For the logging user
				59	chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs
				60	chmod -R 750 ${DIR}/logs
				61	chmod -R 775 ${DIR}/queue/rids
				62	touch ${DIR}/logs/ossec.log
				63	chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs/ossec.log
				64	chmod 664 ${DIR}/logs/ossec.log
				65
				66	chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/diff
				67	chmod -R 750 ${DIR}/queue/diff
				68	chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 \|\| true
				69
				70	# For the etc dir
				71	chmod 550 ${DIR}/etc
				72	chown -R root:${OSSEC_GID} ${DIR}/etc
				73	if [ -f /etc/localtime ]; then
				74	cp -pL /etc/localtime ${DIR}/etc/;
				75	chmod 555 ${DIR}/etc/localtime
				76	chown root:${OSSEC_GID} ${DIR}/etc/localtime
				77	fi
				78
				79	if [ -f /etc/TIMEZONE ]; then
				80	cp -p /etc/TIMEZONE ${DIR}/etc/;
				81	chmod 555 ${DIR}/etc/TIMEZONE
				82	fi
				83
				84	# More files
				85	chown root:${OSSEC_GID} ${DIR}/etc/internal_options.conf
				86	chown root:${OSSEC_GID} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 \|\| true
				87	chown root:${OSSEC_GID} ${DIR}/etc/client.keys >/dev/null 2>&1 \|\| true
				88	chown root:${OSSEC_GID} ${DIR}/agentless/*
				89	chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/.ssh
				90	chown root:${OSSEC_GID} ${DIR}/etc/shared/*
				91
				92	chmod 550 ${DIR}/etc
				93	chmod 440 ${DIR}/etc/internal_options.conf
				94	chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 \|\| true
				95	chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 \|\| true
				96	chmod 550 ${DIR}/agentless/*
				97	chmod 700 ${DIR}/.ssh
				98	chmod 770 ${DIR}/etc/shared
				99	chmod 660 ${DIR}/etc/shared/*
				100
				101	# For the /var/run
				102	chmod 770 ${DIR}/var/run
				103	chown root:${OSSEC_GID} ${DIR}/var/run
				104
				105	# For util.sh
				106	chown root:${OSSEC_GID} ${DIR}/bin/util.sh
				107	chmod +x ${DIR}/bin/util.sh
				108
				109	# For binaries and active response
				110	chmod 755 ${DIR}/active-response/bin/*
				111	chown root:${OSSEC_GID} ${DIR}/active-response/bin/*
				112	chown root:${OSSEC_GID} ${DIR}/bin/*
				113	chmod 550 ${DIR}/bin/*
				114
				115	# For ossec.conf
				116	chown root:${OSSEC_GID} ${DIR}/etc/ossec.conf
				117	chmod 660 ${DIR}/etc/ossec.conf
				118
				119	# Debconf
				120	. /usr/share/debconf/confmodule
				121	db_input high ossec-hids-agent/server-ip \|\| true
				122	db_go
				123
				124	db_get ossec-hids-agent/server-ip
				125	SERVER_IP=$RET
				126
				127	sed -i "s/<server-ip>[^<]\+<\/server-ip>/<server-ip>${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf
				128	db_stop
				129
				130	# ossec-init.conf
				131	if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
				132	if [ -e /etc/ossec-init.conf ]; then
				133	rm -f /etc/ossec-init.conf
				134	fi
				135	ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf
				136	fi
				137
				138	# init.d/ossec file
				139	if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
				140	if [ -e /etc/init.d/ossec ]; then
				141	rm -f /etc/init.d/ossec
				142	fi
				143	ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec
				144	fi
				145
				146	# Service
				147	if [ -x /etc/init.d/ossec ]; then
				148	update-rc.d -f ossec defaults
				149	fi
				150
				151	# Delete tmp directory
				152	if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then
				153	rm -r ${OSSEC_HIDS_TMP_DIR}
				154	fi
				155	}
				156
				157	USERADD_PACKAGES = "${PN}"
				158	USERADD_PARAM_${PN} = "--system --home-dir /var/ossec -g ossec --shell /bin/false ossec"
				159	GROUPADD_PARAM_${PN} = "--system ossec"
				160
				161	RDEPENDS_${PN} = "openssl bash"