Import security/ossec-hids.
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response. Help from and OK sthen@, thanks!
This commit is contained in:
parent
af59bb7b3f
commit
5a374c9b3d
52
security/ossec-hids/Makefile
Normal file
52
security/ossec-hids/Makefile
Normal file
@ -0,0 +1,52 @@
|
||||
# $OpenBSD: Makefile,v 1.1.1.1 2018/12/21 22:01:56 pirofti Exp $
|
||||
|
||||
COMMENT = host-based intrusion detection system
|
||||
|
||||
GH_ACCOUNT = ossec
|
||||
GH_PROJECT = ossec-hids
|
||||
GH_TAGNAME = 3.0.0
|
||||
|
||||
CATEGORIES = security
|
||||
|
||||
HOMEPAGE = https://www.ossec.net/
|
||||
|
||||
MAINTAINER = Paul Irofti <pirofti@openbsd.org>
|
||||
|
||||
# GPLv2
|
||||
PERMIT_PACKAGE_CDROM = Yes
|
||||
|
||||
WANTLIB += c crypto lib/inotify/inotify m magic pthread ssl
|
||||
|
||||
LIB_DEPENDS = devel/libinotify \
|
||||
devel/libmagic
|
||||
|
||||
USE_GMAKE = Yes
|
||||
NO_BUILD = Yes
|
||||
|
||||
INSTALL_FLAGS = CFLAGS="${CFLAGS}" \
|
||||
USER_NO_STOP=y \
|
||||
USER_LANGUAGE=en \
|
||||
USER_INSTALL_TYPE=server \
|
||||
USER_HYBID=go \
|
||||
USER_DIR=${PREFIX}/ossec-hids \
|
||||
USER_DELETE_DIR=n \
|
||||
USER_ENABLE_EMAIL=y \
|
||||
USER_EMAIL_ADDRESS="root@localhost" \
|
||||
USER_EMAIL_SMTP="127.0.0.1" \
|
||||
USER_ENABLE_SYSCHECK=y \
|
||||
USER_ENABLE_ROOTCHECK=y \
|
||||
USER_ENABLE_ACTIVE_RESPONSE=y \
|
||||
USER_ENABLE_FIREWALL_RESPONSE=y \
|
||||
USER_ENABLE_SYSLOG=y \
|
||||
USER_AGENT_SERVER_IP="127.0.0.1" \
|
||||
USE_INOTIFY=y \
|
||||
LOCALBASE=${LOCALBASE} \
|
||||
V=1
|
||||
|
||||
do-configure:
|
||||
${SUBST_CMD} ${WRKSRC}/src/headers/defs.h
|
||||
|
||||
do-install:
|
||||
cd ${WRKBUILD} && ${INSTALL_FLAGS} /bin/sh install.sh
|
||||
|
||||
.include <bsd.port.mk>
|
2
security/ossec-hids/distinfo
Normal file
2
security/ossec-hids/distinfo
Normal file
@ -0,0 +1,2 @@
|
||||
SHA256 (ossec-hids-3.0.0.tar.gz) = onHWZe1QKz30/wVaF3FZ38C8imndROqx98V/6P/0Kpg=
|
||||
SIZE (ossec-hids-3.0.0.tar.gz) = 1817324
|
131
security/ossec-hids/patches/patch-install_sh
Normal file
131
security/ossec-hids/patches/patch-install_sh
Normal file
@ -0,0 +1,131 @@
|
||||
$OpenBSD: patch-install_sh,v 1.1.1.1 2018/12/21 22:01:56 pirofti Exp $
|
||||
|
||||
Index: install.sh
|
||||
--- install.sh.orig
|
||||
+++ install.sh
|
||||
@@ -102,7 +102,7 @@ Install()
|
||||
if [ "X${USER_BINARYINSTALL}" = "X" ]; then
|
||||
# Add DATABASE=pgsql or DATABASE=mysql to add support for database
|
||||
# alert entry
|
||||
- ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} build
|
||||
+ ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} TRUEPREFIX=${TRUEPREFIX} LOCALBASE=${LOCALBASE} build
|
||||
if [ $? != 0 ]; then
|
||||
cd ../
|
||||
catError "0x5-build"
|
||||
@@ -114,22 +114,23 @@ Install()
|
||||
UpdateStopOSSEC
|
||||
fi
|
||||
|
||||
- ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} install
|
||||
+ ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} TRUEPREFIX=${TRUEPREFIX} LOCALBASE=${LOCALBASE} install
|
||||
|
||||
cd ../
|
||||
|
||||
|
||||
# Generate the /etc/ossec-init.conf
|
||||
+ OSSEC_INIT=${INSTALLDIR}/etc/ossec-init.conf
|
||||
VERSION_FILE="./src/VERSION"
|
||||
VERSION=`cat ${VERSION_FILE}`
|
||||
chmod 700 ${OSSEC_INIT} > /dev/null 2>&1
|
||||
- echo "DIRECTORY=\"${INSTALLDIR}\"" > ${OSSEC_INIT}
|
||||
+ echo "DIRECTORY=\"${TRUEINSTALLDIR}\"" > ${OSSEC_INIT}
|
||||
echo "VERSION=\"${VERSION}\"" >> ${OSSEC_INIT}
|
||||
echo "DATE=\"`date`\"" >> ${OSSEC_INIT}
|
||||
echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT}
|
||||
chmod 600 ${OSSEC_INIT}
|
||||
- cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT}
|
||||
- chmod 640 ${INSTALLDIR}${OSSEC_INIT}
|
||||
+ #cp -pr ${OSSEC_INIT} ${INSTALLDIR}/share/ossec/examples/${OSSEC_INIT}
|
||||
+ chmod 640 ${OSSEC_INIT}
|
||||
|
||||
|
||||
# If update_rules is set, we need to tweak
|
||||
@@ -144,12 +145,12 @@ Install()
|
||||
fi
|
||||
|
||||
# Calling the init script to start ossec hids during boot
|
||||
- if [ "X${update_only}" = "X" ]; then
|
||||
- runInit
|
||||
- if [ $? = 1 ]; then
|
||||
- notmodified="yes"
|
||||
- fi
|
||||
- fi
|
||||
+ #if [ "X${update_only}" = "X" ]; then
|
||||
+ # runInit
|
||||
+ # if [ $? = 1 ]; then
|
||||
+ # notmodified="yes"
|
||||
+ # fi
|
||||
+ #fi
|
||||
|
||||
}
|
||||
|
||||
@@ -222,12 +223,8 @@ UseRootcheck()
|
||||
if [ "X$ROOTCHECK" = "Xyes" ]; then
|
||||
echo "" >> $NEWCONFIG
|
||||
echo " <rootcheck>" >> $NEWCONFIG
|
||||
- echo " <rootkit_files>$INSTALLDIR/etc/shared/rootkit_files.txt</rootkit_files>" >> $NEWCONFIG
|
||||
- echo " <rootkit_trojans>$INSTALLDIR/etc/shared/rootkit_trojans.txt</rootkit_trojans>" >> $NEWCONFIG
|
||||
- echo " <system_audit>$INSTALLDIR/etc/shared/system_audit_rcl.txt</system_audit>" >> $NEWCONFIG
|
||||
- echo " <system_audit>$INSTALLDIR/etc/shared/cis_debian_linux_rcl.txt</system_audit>" >> $NEWCONFIG
|
||||
- echo " <system_audit>$INSTALLDIR/etc/shared/cis_rhel_linux_rcl.txt</system_audit>" >> $NEWCONFIG
|
||||
- echo " <system_audit>$INSTALLDIR/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>" >> $NEWCONFIG
|
||||
+ echo " <rootkit_files>$TRUEINSTALLDIR/etc/shared/rootkit_files.txt</rootkit_files>" >> $NEWCONFIG
|
||||
+ echo " <rootkit_trojans>$TRUEINSTALLDIR/etc/shared/rootkit_trojans.txt</rootkit_trojans>" >> $NEWCONFIG
|
||||
echo " </rootcheck>" >> $NEWCONFIG
|
||||
# Patch for systems that use s-nail instead of GNU Mailutils (such as Arch Linux).
|
||||
if strings /usr/bin/mail | grep "x-shsh bash" 1> /dev/null; then
|
||||
@@ -547,7 +544,7 @@ ConfigureServer()
|
||||
echo " <email_notification>yes</email_notification>" >> $NEWCONFIG
|
||||
echo " <email_to>$EMAIL</email_to>" >> $NEWCONFIG
|
||||
echo " <smtp_server>$SMTP</smtp_server>" >> $NEWCONFIG
|
||||
- echo " <email_from>ossecm@${HOST}</email_from>" >> $NEWCONFIG
|
||||
+ echo " <email_from>ossecm@localhost</email_from>" >> $NEWCONFIG
|
||||
else
|
||||
echo " <email_notification>no</email_notification>" >> $NEWCONFIG
|
||||
fi
|
||||
@@ -625,7 +622,7 @@ ConfigureServer()
|
||||
echo " <white_list>${ip}</white_list>" >>$NEWCONFIG
|
||||
fi
|
||||
done
|
||||
- AddWhite
|
||||
+ #AddWhite
|
||||
|
||||
# If Openbsd or Freebsd with pf enable, ask about
|
||||
# automatically setting it up.
|
||||
@@ -761,6 +758,7 @@ setEnv()
|
||||
done
|
||||
else
|
||||
INSTALLDIR=${USER_DIR}
|
||||
+ TRUEINSTALLDIR=${TRUEPREFIX}/ossec-hids
|
||||
fi
|
||||
|
||||
|
||||
@@ -961,11 +959,6 @@ main()
|
||||
catError "0x1-location";
|
||||
fi
|
||||
|
||||
- # Must be root
|
||||
- if [ ! "X$ME" = "Xroot" ]; then
|
||||
- catError "0x2-beroot";
|
||||
- fi
|
||||
-
|
||||
# Checking dependencies
|
||||
checkDependencies
|
||||
|
||||
@@ -1123,6 +1116,7 @@ main()
|
||||
|
||||
else
|
||||
INSTYPE=${USER_INSTALL_TYPE}
|
||||
+ HYBID=${USER_HYBID}
|
||||
fi
|
||||
|
||||
|
||||
@@ -1250,6 +1244,8 @@ if [ "x$HYBID" = "xgo" ]; then
|
||||
echo 'USER_UPDATE_RULES="n"' >> ./etc/preloaded-vars.conf
|
||||
echo "" >> ./etc/preloaded-vars.conf
|
||||
echo 'USER_CLEANINSTALL="y"' >> ./etc/preloaded-vars.conf
|
||||
+ echo "" >> ./etc/preloaded-vars.conf
|
||||
+ echo 'USER_HYBID=""' >> ./etc/preloaded-vars.conf
|
||||
echo "" >> ./etc/preloaded-vars.conf
|
||||
|
||||
cd src && ${MAKEBIN} clean && cd ..
|
239
security/ossec-hids/patches/patch-src_Makefile
Normal file
239
security/ossec-hids/patches/patch-src_Makefile
Normal file
@ -0,0 +1,239 @@
|
||||
$OpenBSD: patch-src_Makefile,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
|
||||
|
||||
Index: src/Makefile
|
||||
--- src/Makefile.orig
|
||||
+++ src/Makefile
|
||||
@@ -15,15 +15,15 @@ PREFIX?=/var/ossec
|
||||
PG_CONFIG?=pg_config
|
||||
MY_CONFIG?=mysql_config
|
||||
PRELUDE_CONFIG?=libprelude-config
|
||||
-OSSEC_GROUP?=ossec
|
||||
-OSSEC_USER?=ossec
|
||||
-OSSEC_USER_MAIL?=ossecm
|
||||
-OSSEC_USER_REM?=ossecr
|
||||
+OSSEC_GROUP?=_ossec
|
||||
+OSSEC_USER?=_ossec
|
||||
+OSSEC_USER_MAIL?=_ossecm
|
||||
+OSSEC_USER_REM?=_ossecr
|
||||
|
||||
USE_PRELUDE?=no
|
||||
USE_ZEROMQ?=no
|
||||
USE_GEOIP?=no
|
||||
-USE_INOTIFY=no
|
||||
+USE_INOTIFY=yes
|
||||
|
||||
ifneq (${TARGET},winagent)
|
||||
USE_OPENSSL?=auto
|
||||
@@ -38,7 +38,7 @@ export MYLDFLAGS= "${LDFLAGS}"
|
||||
export MYCFLAGS= "${CFLAGS}"
|
||||
|
||||
DEFINES=-DMAX_AGENTS=${MAXAGENTS} -DOSSECHIDS
|
||||
-DEFINES+=-DDEFAULTDIR=\"${PREFIX}\"
|
||||
+DEFINES+=-DDEFAULTDIR=\"${TRUEPREFIX}/ossec-hids\"
|
||||
DEFINES+=-DUSER=\"${OSSEC_USER}\"
|
||||
DEFINES+=-DREMUSER=\"${OSSEC_USER_REM}\"
|
||||
DEFINES+=-DGROUPGLOBAL=\"${OSSEC_GROUP}\"
|
||||
@@ -90,9 +90,11 @@ else
|
||||
ifeq (${uname_S},OpenBSD)
|
||||
# DEFINES+=-DOpenBSD
|
||||
DEFINES+=-pthread
|
||||
+ DEFINES+=-DUSE_MAGIC
|
||||
LUA_PLAT=posix
|
||||
- CFLAGS+=-I/usr/local/include
|
||||
- OSSEC_LDFLAGS+=-L/usr/local/lib
|
||||
+ CFLAGS+=-I${LOCALBASE}/include
|
||||
+ OSSEC_LDFLAGS+=-L${LOCALBASE}/lib
|
||||
+ OSSEC_LDFLAGS+=-lmagic
|
||||
else
|
||||
ifeq (${uname_S},HP-UX)
|
||||
DEFINES+=-DHPUX
|
||||
@@ -121,7 +123,7 @@ OSSEC_CFLAGS=${CFLAGS}
|
||||
ifdef DEBUG
|
||||
OSSEC_CFLAGS+=-g
|
||||
else
|
||||
- OSSEC_CFLAGS+=-O2
|
||||
+ #OSSEC_CFLAGS+=-O2
|
||||
endif #DEBUG
|
||||
|
||||
ifneq (,$(filter ${CLEANFULL},yes y Y 1))
|
||||
@@ -189,6 +191,10 @@ ifneq (,$(filter ${USE_INOTIFY},auto yes y Y 1))
|
||||
OSSEC_LDFLAGS+=-linotify -L/usr/local/lib -I/usr/local/include
|
||||
OSSEC_CFLAGS+=-I/usr/local/include
|
||||
endif
|
||||
+ ifeq (${uname_S},OpenBSD)
|
||||
+ OSSEC_LDFLAGS+=-Wl,-rpath=${LOCALBASE}/lib/inotify -linotify -L${LOCALBASE}/lib/inotify -I${LOCALBASE}/include/inotify
|
||||
+ OSSEC_CFLAGS+=-I${LOCALBASE}/include/inotify
|
||||
+ endif
|
||||
endif
|
||||
|
||||
ifneq (,$(filter ${USE_PRELUDE},auto yes y Y 1))
|
||||
@@ -360,7 +366,7 @@ install-agent: install-common
|
||||
install -m 0550 -o root -g 0 ossec-agentd ${PREFIX}/bin
|
||||
install -m 0550 -o root -g 0 agent-auth ${PREFIX}/bin
|
||||
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids
|
||||
+ install -d -m 0750 ${PREFIX}/queue/rids
|
||||
|
||||
install-local: install-server-generic
|
||||
|
||||
@@ -369,12 +375,11 @@ install-hybrid: install-server-generic
|
||||
install-server: install-server-generic
|
||||
|
||||
install-common: build
|
||||
- ./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX}
|
||||
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs
|
||||
- install -m 0660 -o ${OSSEC_USER} -g ${OSSEC_GROUP} /dev/null ${PREFIX}/logs/ossec.log
|
||||
+ install -d -m 0750 ${PREFIX}/
|
||||
+ install -d -m 0750 ${PREFIX}/logs
|
||||
+ install -m 0660 /dev/null ${PREFIX}/logs/ossec.log
|
||||
|
||||
- install -d -m 0550 -o root -g 0 ${PREFIX}/bin
|
||||
+ install -d -m 0750 -o root -g 0 ${PREFIX}/bin
|
||||
install -m 0550 -o root -g 0 ossec-logcollector ${PREFIX}/bin
|
||||
install -m 0550 -o root -g 0 ossec-syscheckd ${PREFIX}/bin
|
||||
install -m 0550 -o root -g 0 ossec-execd ${PREFIX}/bin
|
||||
@@ -383,72 +388,73 @@ install-common: build
|
||||
install -m 0550 -o root -g 0 ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control
|
||||
|
||||
ifeq (${LUA_ENABLE},yes)
|
||||
- install -d -m 0550 -o root -g 0 ${PREFIX}/lua
|
||||
+ install -d -m 0750 -o root -g 0 ${PREFIX}/lua
|
||||
install -d -m 0550 -o root -g 0 ${PREFIX}/lua/native
|
||||
install -d -m 0550 -o root -g 0 ${PREFIX}/lua/compiled
|
||||
install -m 0550 -o root -g 0 external/lua/src/ossec-lua ${PREFIX}/bin/
|
||||
install -m 0550 -o root -g 0 external/lua/src/ossec-luac ${PREFIX}/bin/
|
||||
endif
|
||||
|
||||
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/queue
|
||||
- install -d -m 0770 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/alerts
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/ossec
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/syscheck
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/diff
|
||||
+ install -d -m 0750 ${PREFIX}/queue
|
||||
+ install -d -m 0770 ${PREFIX}/queue/alerts
|
||||
+ install -d -m 0750 ${PREFIX}/queue/ossec
|
||||
+ install -d -m 0750 ${PREFIX}/queue/syscheck
|
||||
+ install -d -m 0750 ${PREFIX}/queue/diff
|
||||
|
||||
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc
|
||||
- install -m 0440 -o root -g ${OSSEC_GROUP} /etc/localtime ${PREFIX}/etc
|
||||
+ install -d -m 0750 ${PREFIX}/etc
|
||||
+ install -m 0440 /etc/localtime ${PREFIX}/etc
|
||||
|
||||
- install -d -m 1550 -o root -g ${OSSEC_GROUP} ${PREFIX}/tmp
|
||||
+ install -d -m 1550 ${PREFIX}/tmp
|
||||
|
||||
ifneq (,$(wildcard /etc/TIMEZONE))
|
||||
- install -m 440 -o root -g ${OSSEC_GROUP} /etc/TIMEZONE ${PREFIX}/etc/
|
||||
+ install -m 440 /etc/TIMEZONE ${PREFIX}/etc/
|
||||
endif
|
||||
# Solaris Needs some extra files
|
||||
ifeq (${uname_S},SunOS)
|
||||
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/usr/share/lib/zoneinfo/
|
||||
+ install -d -m 0550 ${PREFIX}/usr/share/lib/zoneinfo/
|
||||
cp -r /usr/share/lib/zoneinfo/* ${PREFIX}/usr/share/lib/zoneinfo/
|
||||
endif
|
||||
- install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/internal_options.conf ${PREFIX}/etc/
|
||||
+ install -m 0640 -b ../etc/internal_options.conf ${PREFIX}/etc/
|
||||
ifeq (,$(wildcard ${PREFIX}/etc/local_internal_options.conf))
|
||||
- install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
|
||||
+ install -m 0640 ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf
|
||||
endif
|
||||
ifeq (,$(wildcard ${PREFIX}/etc/client.keys))
|
||||
- install -m 0640 -o root -g ${OSSEC_GROUP} /dev/null ${PREFIX}/etc/client.keys
|
||||
+ install -m 0640 /dev/null ${PREFIX}/etc/client.keys
|
||||
endif
|
||||
ifeq (,$(wildcard ${PREFIX}/etc/ossec.conf))
|
||||
ifneq (,$(wildcard ../etc/ossec.mc))
|
||||
- install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
|
||||
+ install -m 0640 ../etc/ossec.mc ${PREFIX}/etc/ossec.conf
|
||||
else
|
||||
- install -m 0640 -o root -g ${OSSEC_GROUP} ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
|
||||
+ install -m 0640 ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf
|
||||
endif
|
||||
endif
|
||||
|
||||
- install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc/shared
|
||||
- install -m 0640 -o ossec -g ${OSSEC_GROUP} rootcheck/db/*.txt ${PREFIX}/etc/shared/
|
||||
+ install -d -m 0770 ${PREFIX}/etc/shared
|
||||
+ install -m 0640 rootcheck/db/*.txt ${PREFIX}/etc/shared/
|
||||
|
||||
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response
|
||||
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response/bin
|
||||
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/agentless
|
||||
- install -m 0550 -o root -g ${OSSEC_GROUP} agentlessd/scripts/* ${PREFIX}/agentless/
|
||||
+ install -d -m 0750 ${PREFIX}/active-response
|
||||
+ install -d -m 0750 ${PREFIX}/active-response/bin
|
||||
+ install -d -m 0750 ${PREFIX}/agentless
|
||||
+ install -m 0550 agentlessd/scripts/* ${PREFIX}/agentless/
|
||||
|
||||
- install -d -m 0700 -o root -g ${OSSEC_GROUP} ${PREFIX}/.ssh
|
||||
+ install -d -m 0700 ${PREFIX}/.ssh
|
||||
|
||||
- install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/*.sh ${PREFIX}/active-response/bin/
|
||||
- install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
|
||||
+ install -m 0550 ../active-response/*.sh ${PREFIX}/active-response/bin/
|
||||
+ install -m 0550 ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/
|
||||
|
||||
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/var
|
||||
- install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/var/run
|
||||
+ install -d -m 0750 ${PREFIX}/var
|
||||
+ install -d -m 0770 ${PREFIX}/var/run
|
||||
+ install -d -m 0770 ${PREFIX}/var/start-script-lock
|
||||
|
||||
./init/fw-check.sh execute
|
||||
|
||||
|
||||
|
||||
install-server-generic: install-common
|
||||
- install -m 0660 -o ${OSSEC_USER} -g ${OSSEC_GROUP} /dev/null ${PREFIX}/logs/active-responses.log
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/archives
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/alerts
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/firewall
|
||||
+ install -m 0660 /dev/null ${PREFIX}/logs/active-responses.log
|
||||
+ install -d -m 0750 ${PREFIX}/logs/archives
|
||||
+ install -d -m 0750 ${PREFIX}/logs/alerts
|
||||
+ install -d -m 0750 ${PREFIX}/logs/firewall
|
||||
|
||||
install -m 0550 -o root -g 0 ossec-agentlessd ${PREFIX}/bin
|
||||
install -m 0550 -o root -g 0 ossec-analysisd ${PREFIX}/bin
|
||||
@@ -470,27 +476,27 @@ install-server-generic: install-common
|
||||
install -m 0550 -o root -g 0 syscheck_control ${PREFIX}/bin/
|
||||
install -m 0550 -o root -g 0 rootcheck_control ${PREFIX}/bin/
|
||||
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/stats
|
||||
- install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules
|
||||
+ install -d -m 0750 ${PREFIX}/stats
|
||||
+ install -d -m 0750 ${PREFIX}/rules
|
||||
ifneq (,$(wildcard ${PREFIX}/rules/local_rules.xml))
|
||||
cp ${PREFIX}/rules/local_rules.xml ${PREFIX}/rules/local_rules.xml.installbackup
|
||||
- install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules
|
||||
- install -m 0640 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
|
||||
+ install -m 0640 -b ../etc/rules/*.xml ${PREFIX}/rules
|
||||
+ install -m 0640 ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml
|
||||
rm ${PREFIX}/rules/local_rules.xml.installbackup
|
||||
else
|
||||
- install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules
|
||||
+ install -m 0640 -b ../etc/rules/*.xml ${PREFIX}/rules
|
||||
endif
|
||||
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/fts
|
||||
+ install -d -m 0750 ${PREFIX}/queue/fts
|
||||
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rootcheck
|
||||
+ install -d -m 0750 ${PREFIX}/queue/rootcheck
|
||||
|
||||
- install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/agent-info
|
||||
- install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/agentless
|
||||
+ install -d -m 0750 ${PREFIX}/queue/agent-info
|
||||
+ install -d -m 0750 ${PREFIX}/queue/agentless
|
||||
|
||||
- install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids
|
||||
+ install -d -m 0750 ${PREFIX}/queue/rids
|
||||
|
||||
- install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/decoder.xml ${PREFIX}/etc/
|
||||
+ install -m 0640 ../etc/decoder.xml ${PREFIX}/etc/
|
||||
|
||||
rm -f ${PREFIX}/etc/shared/merged.mg
|
||||
|
@ -0,0 +1,14 @@
|
||||
$OpenBSD: patch-src_external_lua-5_2_3_src_Makefile,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
|
||||
|
||||
Index: src/external/lua-5.2.3/src/Makefile
|
||||
--- src/external/lua-5.2.3/src/Makefile.orig
|
||||
+++ src/external/lua-5.2.3/src/Makefile
|
||||
@@ -9,7 +9,7 @@ PLAT= none
|
||||
PREFIX?=/var/ossec
|
||||
|
||||
#CC= gcc
|
||||
-CFLAGS= -O2 -Wall -DLUA_COMPAT_ALL -DPREFIX=\"$(PREFIX)\" $(SYSCFLAGS) $(MYCFLAGS)
|
||||
+CFLAGS+= -Wall -DLUA_COMPAT_ALL -DPREFIX=\"$(PREFIX)\" $(SYSCFLAGS) $(MYCFLAGS)
|
||||
LDFLAGS= $(SYSLDFLAGS) $(MYLDFLAGS)
|
||||
LIBS= -lm $(SYSLIBS) $(MYLIBS)
|
||||
|
@ -0,0 +1,24 @@
|
||||
$OpenBSD: patch-src_external_zlib-1_2_11_Makefile_in,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
|
||||
|
||||
Index: src/external/zlib-1.2.11/Makefile.in
|
||||
--- src/external/zlib-1.2.11/Makefile.in.orig
|
||||
+++ src/external/zlib-1.2.11/Makefile.in
|
||||
@@ -16,15 +16,15 @@
|
||||
# To install in $HOME instead of /usr/local, use:
|
||||
# make install prefix=$HOME
|
||||
|
||||
-CC=cc
|
||||
+#CC=cc
|
||||
|
||||
-CFLAGS=-O
|
||||
+#CFLAGS=-O
|
||||
#CFLAGS=-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7
|
||||
#CFLAGS=-g -DZLIB_DEBUG
|
||||
#CFLAGS=-O3 -Wall -Wwrite-strings -Wpointer-arith -Wconversion \
|
||||
# -Wstrict-prototypes -Wmissing-prototypes
|
||||
|
||||
-SFLAGS=-O
|
||||
+#SFLAGS=-O
|
||||
LDFLAGS=
|
||||
TEST_LDFLAGS=-L. libz.a
|
||||
LDSHARED=$(CC)
|
34
security/ossec-hids/patches/patch-src_headers_defs_h
Normal file
34
security/ossec-hids/patches/patch-src_headers_defs_h
Normal file
@ -0,0 +1,34 @@
|
||||
$OpenBSD: patch-src_headers_defs_h,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
|
||||
|
||||
Index: src/headers/defs.h
|
||||
--- src/headers/defs.h.orig
|
||||
+++ src/headers/defs.h
|
||||
@@ -71,23 +71,23 @@ http://www.ossec.net/main/license/\n"
|
||||
|
||||
/* User Configuration */
|
||||
#ifndef MAILUSER
|
||||
-#define MAILUSER "ossecm"
|
||||
+#define MAILUSER "_ossecm"
|
||||
#endif
|
||||
|
||||
#ifndef USER
|
||||
-#define USER "ossec"
|
||||
+#define USER "_ossec"
|
||||
#endif
|
||||
|
||||
#ifndef REMUSER
|
||||
-#define REMUSER "ossecr"
|
||||
+#define REMUSER "_ossecr"
|
||||
#endif
|
||||
|
||||
#ifndef GROUPGLOBAL
|
||||
-#define GROUPGLOBAL "ossec"
|
||||
+#define GROUPGLOBAL "_ossec"
|
||||
#endif
|
||||
|
||||
#ifndef DEFAULTDIR
|
||||
-#define DEFAULTDIR "/var/ossec"
|
||||
+#define DEFAULTDIR "${TRUEPREFIX}/ossec-hids"
|
||||
#endif
|
||||
|
||||
/* Default queue */
|
15
security/ossec-hids/patches/patch-src_headers_shared_h
Normal file
15
security/ossec-hids/patches/patch-src_headers_shared_h
Normal file
@ -0,0 +1,15 @@
|
||||
$OpenBSD: patch-src_headers_shared_h,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
|
||||
|
||||
Index: src/headers/shared.h
|
||||
--- src/headers/shared.h.orig
|
||||
+++ src/headers/shared.h
|
||||
@@ -39,6 +39,9 @@
|
||||
#include <sys/stat.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/param.h>
|
||||
+#ifdef __OpenBSD__
|
||||
+#include <sys/mount.h>
|
||||
+#endif
|
||||
|
||||
#ifndef WIN32
|
||||
#include <sys/wait.h>
|
46
security/ossec-hids/patches/patch-src_shared_fs_op_c
Normal file
46
security/ossec-hids/patches/patch-src_shared_fs_op_c
Normal file
@ -0,0 +1,46 @@
|
||||
$OpenBSD: patch-src_shared_fs_op_c,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
|
||||
|
||||
Index: src/shared/fs_op.c
|
||||
--- src/shared/fs_op.c.orig
|
||||
+++ src/shared/fs_op.c
|
||||
@@ -35,7 +35,7 @@ const struct file_system_type skip_file_systems[] = {
|
||||
|
||||
short IsNFS(const char *dir_name)
|
||||
{
|
||||
-#if !defined(WIN32) && (defined(Linux) || defined(FreeBSD))
|
||||
+#if !defined(WIN32) && (defined(Linux) || defined(FreeBSD) || defined(OpenBSD))
|
||||
struct statfs stfs;
|
||||
|
||||
/* ignore NFS (0x6969) or CIFS (0xFF534D42) mounts */
|
||||
@@ -43,7 +43,11 @@ short IsNFS(const char *dir_name)
|
||||
{
|
||||
int i;
|
||||
for ( i=0; network_file_systems[i].name != NULL; i++ ) {
|
||||
+#if __OpenBSD__
|
||||
+ if(strcasecmp(network_file_systems[i].name, stfs.f_fstypename) == 0 ) {
|
||||
+#else
|
||||
if(network_file_systems[i].f_type == stfs.f_type ) {
|
||||
+#endif
|
||||
return network_file_systems[i].flag;
|
||||
}
|
||||
}
|
||||
@@ -69,14 +73,18 @@ short IsNFS(const char *dir_name)
|
||||
|
||||
short skipFS(const char *dir_name)
|
||||
{
|
||||
-#if !defined(WIN32) && (defined(Linux) || defined(FreeBSD))
|
||||
+#if !defined(WIN32) && (defined(Linux) || defined(FreeBSD) || defined(OpenBSD))
|
||||
struct statfs stfs;
|
||||
|
||||
if ( ! statfs(dir_name, &stfs) )
|
||||
{
|
||||
int i;
|
||||
for ( i=0; skip_file_systems[i].name != NULL; i++ ) {
|
||||
+#if __OpenBSD__
|
||||
+ if(strcasecmp(skip_file_systems[i].name, stfs.f_fstypename) == 0 ) {
|
||||
+#else
|
||||
if(skip_file_systems[i].f_type == stfs.f_type ) {
|
||||
+#endif
|
||||
debug1("%s: Skipping dir (FS %s): %s ", ARGV0, skip_file_systems[i].name, dir_name);
|
||||
return skip_file_systems[i].flag;
|
||||
}
|
4
security/ossec-hids/pkg/DESCR
Normal file
4
security/ossec-hids/pkg/DESCR
Normal file
@ -0,0 +1,4 @@
|
||||
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection
|
||||
System (HIDS). It has a powerful correlation and analysis engine, integrating
|
||||
log analysis, file integrity checking, Windows registry monitoring, centralized
|
||||
policy enforcement, rootkit detection, real-time alerting and active response.
|
6
security/ossec-hids/pkg/MESSAGE
Normal file
6
security/ossec-hids/pkg/MESSAGE
Normal file
@ -0,0 +1,6 @@
|
||||
For hybrid setups (server and agent on the same machine),
|
||||
remember to first execute
|
||||
|
||||
${TRUEPREFIX}/ossec-hids/bin/manage_agents
|
||||
|
||||
to add a local agent and then start the daemons through rcctl(1).
|
291
security/ossec-hids/pkg/PLIST
Normal file
291
security/ossec-hids/pkg/PLIST
Normal file
@ -0,0 +1,291 @@
|
||||
@comment $OpenBSD: PLIST,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
|
||||
@newgroup _ossec:827
|
||||
@newuser _ossec:827:_ossec:daemon:OSSEC Account:/nonexistent:/sbin/nologin
|
||||
@newuser _ossecm:828:_ossec:daemon:OSSEC Mail Account:/nonexistent:/sbin/nologin
|
||||
@newuser _ossecr:829:_ossec:daemon:OSSEC Rem Account:/nonexistent:/sbin/nologin
|
||||
ossec-hids/bin/
|
||||
@bin ossec-hids/bin/agent_control
|
||||
@bin ossec-hids/bin/clear_stats
|
||||
@bin ossec-hids/bin/list_agents
|
||||
@bin ossec-hids/bin/manage_agents
|
||||
@bin ossec-hids/bin/ossec-agentlessd
|
||||
@bin ossec-hids/bin/ossec-analysisd
|
||||
@bin ossec-hids/bin/ossec-authd
|
||||
ossec-hids/ossec-agent/bin/
|
||||
@bin ossec-hids/ossec-agent/bin/agent-auth
|
||||
@bin ossec-hids/ossec-agent/bin/manage_agents
|
||||
@bin ossec-hids/ossec-agent/bin/ossec-agentd
|
||||
@bin ossec-hids/ossec-agent/bin/ossec-execd
|
||||
ossec-hids/lua/
|
||||
ossec-hids/lua/compiled/
|
||||
ossec-hids/lua/native/
|
||||
ossec-hids/ossec-agent/lua/
|
||||
ossec-hids/ossec-agent/lua/compiled/
|
||||
ossec-hids/ossec-agent/lua/native/
|
||||
ossec-hids/ossec-agent/
|
||||
ossec-hids/tmp/
|
||||
ossec-hids/ossec-agent/tmp/
|
||||
@group _ossec
|
||||
ossec-hids/queue/
|
||||
ossec-hids/ossec-agent/queue/
|
||||
ossec-hids/etc/
|
||||
ossec-hids/etc/client.keys
|
||||
ossec-hids/etc/decoder.xml
|
||||
ossec-hids/etc/internal_options.conf
|
||||
ossec-hids/etc/local_internal_options.conf
|
||||
ossec-hids/etc/localtime
|
||||
ossec-hids/etc/ossec.conf
|
||||
@mode 770
|
||||
ossec-hids/etc/shared/
|
||||
ossec-hids/ossec-agent/etc/shared/
|
||||
@mode
|
||||
ossec-hids/etc/shared/cis_apache2224_rcl.txt
|
||||
ossec-hids/etc/shared/cis_debian_linux_rcl.txt
|
||||
ossec-hids/etc/shared/cis_mysql5-6_community_rcl.txt
|
||||
ossec-hids/etc/shared/cis_mysql5-6_enterprise_rcl.txt
|
||||
ossec-hids/etc/shared/cis_rhel5_linux_rcl.txt
|
||||
ossec-hids/etc/shared/cis_rhel6_linux_rcl.txt
|
||||
ossec-hids/etc/shared/cis_rhel7_linux_rcl.txt
|
||||
ossec-hids/etc/shared/cis_rhel_linux_rcl.txt
|
||||
ossec-hids/etc/shared/cis_sles11_linux_rcl.txt
|
||||
ossec-hids/etc/shared/cis_sles12_linux_rcl.txt
|
||||
ossec-hids/etc/shared/cis_win2012r2_domainL1_rcl.txt
|
||||
ossec-hids/etc/shared/cis_win2012r2_domainL2_rcl.txt
|
||||
ossec-hids/etc/shared/cis_win2012r2_memberL1_rcl.txt
|
||||
ossec-hids/etc/shared/cis_win2012r2_memberL2_rcl.txt
|
||||
ossec-hids/etc/shared/rootkit_files.txt
|
||||
ossec-hids/etc/shared/rootkit_trojans.txt
|
||||
ossec-hids/etc/shared/system_audit_rcl.txt
|
||||
ossec-hids/etc/shared/system_audit_ssh.txt
|
||||
ossec-hids/etc/shared/win_applications_rcl.txt
|
||||
ossec-hids/etc/shared/win_audit_rcl.txt
|
||||
ossec-hids/etc/shared/win_malware_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/
|
||||
ossec-hids/ossec-agent/etc/client.keys
|
||||
ossec-hids/ossec-agent/etc/internal_options.conf
|
||||
ossec-hids/ossec-agent/etc/local_internal_options.conf
|
||||
ossec-hids/ossec-agent/etc/localtime
|
||||
ossec-hids/ossec-agent/etc/ossec-init.conf
|
||||
ossec-hids/ossec-agent/etc/ossec.conf
|
||||
ossec-hids/ossec-agent/etc/shared/cis_apache2224_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_debian_linux_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_mysql5-6_community_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_mysql5-6_enterprise_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_rhel5_linux_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_rhel6_linux_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_rhel7_linux_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_rhel_linux_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_sles11_linux_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_sles12_linux_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_win2012r2_domainL1_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_win2012r2_domainL2_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_win2012r2_memberL1_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/cis_win2012r2_memberL2_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/rootkit_files.txt
|
||||
ossec-hids/ossec-agent/etc/shared/rootkit_trojans.txt
|
||||
ossec-hids/ossec-agent/etc/shared/system_audit_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/system_audit_ssh.txt
|
||||
ossec-hids/ossec-agent/etc/shared/win_applications_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/win_audit_rcl.txt
|
||||
ossec-hids/ossec-agent/etc/shared/win_malware_rcl.txt
|
||||
ossec-hids/bin/ossec-control
|
||||
ossec-hids/ossec-agent/bin/ossec-control
|
||||
ossec-hids/.ssh/
|
||||
ossec-hids/ossec-agent/.ssh/
|
||||
ossec-hids/active-response/
|
||||
ossec-hids/active-response/bin/
|
||||
ossec-hids/active-response/bin/disable-account.sh
|
||||
ossec-hids/active-response/bin/firewall-drop.sh
|
||||
ossec-hids/active-response/bin/firewalld-drop.sh
|
||||
ossec-hids/active-response/bin/host-deny.sh
|
||||
ossec-hids/active-response/bin/ip-customblock.sh
|
||||
ossec-hids/active-response/bin/ipfw.sh
|
||||
ossec-hids/active-response/bin/ipfw_mac.sh
|
||||
ossec-hids/active-response/bin/npf.sh
|
||||
ossec-hids/active-response/bin/ossec-pagerduty.sh
|
||||
ossec-hids/active-response/bin/ossec-slack.sh
|
||||
ossec-hids/active-response/bin/ossec-tweeter.sh
|
||||
ossec-hids/active-response/bin/pf.sh
|
||||
ossec-hids/active-response/bin/restart-ossec.sh
|
||||
ossec-hids/active-response/bin/route-null.sh
|
||||
ossec-hids/ossec-agent/active-response/
|
||||
ossec-hids/ossec-agent/active-response/bin/
|
||||
ossec-hids/ossec-agent/active-response/bin/disable-account.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/firewall-drop.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/firewalld-drop.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/host-deny.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/ip-customblock.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/ipfw.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/ipfw_mac.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/npf.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/ossec-pagerduty.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/ossec-slack.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/ossec-tweeter.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/pf.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/restart-ossec.sh
|
||||
ossec-hids/ossec-agent/active-response/bin/route-null.sh
|
||||
ossec-hids/agentless/
|
||||
ossec-hids/agentless/main.exp
|
||||
ossec-hids/agentless/register_host.sh
|
||||
ossec-hids/agentless/ssh.exp
|
||||
ossec-hids/agentless/ssh_asa-fwsmconfig_diff
|
||||
ossec-hids/agentless/ssh_foundry_diff
|
||||
ossec-hids/agentless/ssh_generic_diff
|
||||
ossec-hids/agentless/ssh_integrity_check_bsd
|
||||
ossec-hids/agentless/ssh_integrity_check_linux
|
||||
ossec-hids/agentless/ssh_nopass.exp
|
||||
ossec-hids/agentless/ssh_pixconfig_diff
|
||||
ossec-hids/agentless/sshlogin.exp
|
||||
ossec-hids/agentless/su.exp
|
||||
ossec-hids/ossec-agent/agentless/
|
||||
ossec-hids/ossec-agent/agentless/main.exp
|
||||
ossec-hids/ossec-agent/agentless/register_host.sh
|
||||
ossec-hids/ossec-agent/agentless/ssh.exp
|
||||
ossec-hids/ossec-agent/agentless/ssh_asa-fwsmconfig_diff
|
||||
ossec-hids/ossec-agent/agentless/ssh_foundry_diff
|
||||
ossec-hids/ossec-agent/agentless/ssh_generic_diff
|
||||
ossec-hids/ossec-agent/agentless/ssh_integrity_check_bsd
|
||||
ossec-hids/ossec-agent/agentless/ssh_integrity_check_linux
|
||||
ossec-hids/ossec-agent/agentless/ssh_nopass.exp
|
||||
ossec-hids/ossec-agent/agentless/ssh_pixconfig_diff
|
||||
ossec-hids/ossec-agent/agentless/sshlogin.exp
|
||||
ossec-hids/ossec-agent/agentless/su.exp
|
||||
ossec-hids/rules/apache_rules.xml
|
||||
ossec-hids/rules/apparmor_rules.xml
|
||||
ossec-hids/rules/arpwatch_rules.xml
|
||||
ossec-hids/rules/asterisk_rules.xml
|
||||
ossec-hids/rules/attack_rules.xml
|
||||
ossec-hids/rules/cimserver_rules.xml
|
||||
ossec-hids/rules/cisco-ios_rules.xml
|
||||
ossec-hids/rules/clam_av_rules.xml
|
||||
ossec-hids/rules/courier_rules.xml
|
||||
ossec-hids/rules/dovecot_rules.xml
|
||||
ossec-hids/rules/dropbear_rules.xml
|
||||
ossec-hids/rules/exim_rules.xml
|
||||
ossec-hids/rules/firewall_rules.xml
|
||||
ossec-hids/rules/firewalld_rules.xml
|
||||
ossec-hids/rules/ftpd_rules.xml
|
||||
ossec-hids/rules/hordeimp_rules.xml
|
||||
ossec-hids/rules/ids_rules.xml
|
||||
ossec-hids/rules/imapd_rules.xml
|
||||
ossec-hids/rules/local_rules.xml
|
||||
ossec-hids/rules/mailscanner_rules.xml
|
||||
ossec-hids/rules/mcafee_av_rules.xml
|
||||
ossec-hids/rules/ms-exchange_rules.xml
|
||||
ossec-hids/rules/ms-se_rules.xml
|
||||
ossec-hids/rules/ms_dhcp_rules.xml
|
||||
ossec-hids/rules/ms_ftpd_rules.xml
|
||||
ossec-hids/rules/msauth_rules.xml
|
||||
ossec-hids/rules/mysql_rules.xml
|
||||
ossec-hids/rules/named_rules.xml
|
||||
ossec-hids/rules/netscreenfw_rules.xml
|
||||
ossec-hids/rules/nginx_rules.xml
|
||||
ossec-hids/rules/nsd_rules.xml
|
||||
ossec-hids/rules/openbsd-dhcpd_rules.xml
|
||||
ossec-hids/rules/openbsd_rules.xml
|
||||
ossec-hids/rules/opensmtpd_rules.xml
|
||||
ossec-hids/rules/ossec_rules.xml
|
||||
ossec-hids/rules/owncloud_rules.xml
|
||||
ossec-hids/rules/pam_rules.xml
|
||||
ossec-hids/rules/php_rules.xml
|
||||
ossec-hids/rules/pix_rules.xml
|
||||
ossec-hids/rules/policy_rules.xml
|
||||
ossec-hids/rules/postfix_rules.xml
|
||||
ossec-hids/rules/postgresql_rules.xml
|
||||
ossec-hids/rules/proftpd_rules.xml
|
||||
ossec-hids/rules/proxmox-ve_rules.xml
|
||||
ossec-hids/rules/psad_rules.xml
|
||||
ossec-hids/rules/pure-ftpd_rules.xml
|
||||
ossec-hids/rules/racoon_rules.xml
|
||||
ossec-hids/rules/roundcube_rules.xml
|
||||
ossec-hids/rules/rules_config.xml
|
||||
ossec-hids/rules/sendmail_rules.xml
|
||||
ossec-hids/rules/smbd_rules.xml
|
||||
ossec-hids/rules/solaris_bsm_rules.xml
|
||||
ossec-hids/rules/sonicwall_rules.xml
|
||||
ossec-hids/rules/spamd_rules.xml
|
||||
ossec-hids/rules/squid_rules.xml
|
||||
ossec-hids/rules/sshd_rules.xml
|
||||
ossec-hids/rules/symantec-av_rules.xml
|
||||
ossec-hids/rules/symantec-ws_rules.xml
|
||||
ossec-hids/rules/syslog_rules.xml
|
||||
ossec-hids/rules/sysmon_rules.xml
|
||||
ossec-hids/rules/systemd_rules.xml
|
||||
ossec-hids/rules/telnetd_rules.xml
|
||||
ossec-hids/rules/trend-osce_rules.xml
|
||||
ossec-hids/rules/unbound_rules.xml
|
||||
ossec-hids/rules/vmpop3d_rules.xml
|
||||
ossec-hids/rules/vmware_rules.xml
|
||||
ossec-hids/rules/vpn_concentrator_rules.xml
|
||||
ossec-hids/rules/vpopmail_rules.xml
|
||||
ossec-hids/rules/vsftpd_rules.xml
|
||||
ossec-hids/rules/web_appsec_rules.xml
|
||||
ossec-hids/rules/web_rules.xml
|
||||
ossec-hids/rules/wordpress_rules.xml
|
||||
ossec-hids/rules/zeus_rules.xml
|
||||
@owner _ossec
|
||||
@group _ossec
|
||||
@bin ossec-hids/bin/ossec-csyslogd
|
||||
@bin ossec-hids/bin/ossec-dbd
|
||||
@bin ossec-hids/bin/ossec-execd
|
||||
@bin ossec-hids/bin/ossec-logcollector
|
||||
@bin ossec-hids/bin/ossec-logtest
|
||||
@bin ossec-hids/bin/ossec-lua
|
||||
@bin ossec-hids/bin/ossec-luac
|
||||
@bin ossec-hids/bin/ossec-maild
|
||||
@bin ossec-hids/bin/ossec-makelists
|
||||
@bin ossec-hids/bin/ossec-monitord
|
||||
@bin ossec-hids/bin/ossec-regex
|
||||
@bin ossec-hids/bin/ossec-remoted
|
||||
@bin ossec-hids/bin/ossec-reportd
|
||||
@bin ossec-hids/bin/ossec-syscheckd
|
||||
@bin ossec-hids/bin/rootcheck_control
|
||||
@bin ossec-hids/bin/syscheck_control
|
||||
@bin ossec-hids/bin/syscheck_update
|
||||
@bin ossec-hids/bin/util.sh
|
||||
@bin ossec-hids/bin/verify-agent-conf
|
||||
ossec-hids/stats/
|
||||
ossec-hids/queue/agentless/
|
||||
@mode 770
|
||||
ossec-hids/queue/alerts/
|
||||
ossec-hids/ossec-agent/queue/alerts/
|
||||
@mode
|
||||
ossec-hids/queue/diff/
|
||||
ossec-hids/queue/fts/
|
||||
ossec-hids/queue/ossec/
|
||||
ossec-hids/queue/rootcheck/
|
||||
ossec-hids/queue/syscheck/
|
||||
ossec-hids/ossec-agent/queue/diff/
|
||||
ossec-hids/ossec-agent/queue/ossec/
|
||||
ossec-hids/ossec-agent/queue/syscheck/
|
||||
ossec-hids/logs/
|
||||
ossec-hids/logs/alerts/
|
||||
ossec-hids/logs/archives/
|
||||
ossec-hids/logs/firewall/
|
||||
@mode 660
|
||||
ossec-hids/logs/active-responses.log
|
||||
ossec-hids/logs/ossec.log
|
||||
ossec-hids/ossec-agent/logs/ossec.log
|
||||
@mode
|
||||
ossec-hids/ossec-agent/logs/
|
||||
ossec-hids/var/
|
||||
@mode 770
|
||||
ossec-hids/var/run/
|
||||
ossec-hids/var/start-script-lock/
|
||||
ossec-hids/ossec-agent/var/run/
|
||||
ossec-hids/ossec-agent/var/start-script-lock/
|
||||
@mode
|
||||
ossec-hids/ossec-agent/var/
|
||||
@bin ossec-hids/ossec-agent/bin/ossec-lua
|
||||
@bin ossec-hids/ossec-agent/bin/ossec-luac
|
||||
@bin ossec-hids/ossec-agent/bin/ossec-syscheckd
|
||||
ossec-hids/ossec-agent/bin/util.sh
|
||||
@owner _ossecr
|
||||
@group _ossec
|
||||
ossec-hids/queue/agent-info/
|
||||
ossec-hids/queue/rids/
|
||||
ossec-hids/ossec-agent/queue/rids/
|
||||
@owner
|
||||
@group
|
||||
@mode
|
||||
@rcscript ${RCDIR}/ossec_hids
|
25
security/ossec-hids/pkg/ossec_hids.rc
Executable file
25
security/ossec-hids/pkg/ossec_hids.rc
Executable file
@ -0,0 +1,25 @@
|
||||
#!/bin/ksh
|
||||
#
|
||||
# $OpenBSD: ossec_hids.rc,v 1.1.1.1 2018/12/21 22:01:57 pirofti Exp $
|
||||
|
||||
daemon="${TRUEPREFIX}/ossec-hids/bin/ossec-control"
|
||||
|
||||
. /etc/rc.d/rc.subr
|
||||
|
||||
rc_start() {
|
||||
${rcexec} "${daemon} ${daemon_flags} start"
|
||||
}
|
||||
|
||||
rc_check() {
|
||||
${rcexec} "${daemon} ${daemon_flags} status"
|
||||
}
|
||||
|
||||
rc_reload() {
|
||||
${rcexec} "${daemon} ${daemon_flags} reload"
|
||||
}
|
||||
|
||||
rc_stop() {
|
||||
${rcexec} "${daemon} ${daemon_flags} stop"
|
||||
}
|
||||
|
||||
rc_cmd $1
|
Loading…
Reference in New Issue
Block a user