Page MenuHomeSolus

OSSEC
Closed, WontfixPublic

Description

OSSEC
http://ossec.github.io/

Provide a HIDS - Host based Intrusion Detection System, to improve the Security Software section. OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, rootkit detection, real-time alerting and active response

Open Source=Yes
https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz

DataDrake triaged this task as Normal priority.Nov 17 2016, 1:11 PM
DataDrake moved this task from Backlog to Accepted For Inclusion on the Package Requests board.
Azphreal added a subscriber: Azphreal.EditedSep 25 2017, 4:39 AM

Had a go at packaging this. Part of the make install script for the HIDS adds a new user and installs files owned by this user. What's the usual method of doing this for Solus?

@Azphreal have a look at D809 sysusers and tmpfiles

Azphreal added a comment.EditedSep 25 2017, 8:17 AM

@kyrios123 Thanks. Are these advanced sort of specifications properly documented anywhere?

edit: Also, correct me if I'm wrong, but this doesn't fix install's error on trying to create a file/folder owned by a group that doesn't exist when %make_install is run:

install -d -m 0550 -o root -g ossec /var/ossec/
install: invalid group 'ossec'

Is the solution to patch the specifics out and do it manually afterwards, or...?

kyrios123 added a comment.EditedSep 25 2017, 5:21 PM

man sysusers.d and man tmpfiles.d ?

I haven't checked ossec, you but must not install the directory if it's in tmpfiles.d. it should look like this:
d /var/ossec 0550 root ossec - -

I think I can get most of the files to install to the right place, but permissions are wrong for most of them.

Pointing code to look at the new directories is a challenge. I'm not well-versed enough in C to be able to know what needs updating and what's still hard-coded, and even less idea how to make it look at /usr/share/defaults/ossec/... before /etc/ossec/. I can provide what I've done if someone else wants to take a try.

tbh, I only made 1 stateless package myself so far...

JoshStrobl closed this task as Wontfix.Jun 25 2018, 7:42 PM
JoshStrobl added a project: Needs Maintainer.
JoshStrobl claimed this task.
JoshStrobl added a subscriber: JoshStrobl.

This has sat in accepted for inclusion for over a year. Clearly, there is a lack of demand for the inclusion of this software, nobody has stepped up to provide a patch, maintain it, and properly integrate it. Closing as a result. Feel free to reopen but only when someone offers a patch via our proper patch submission methods and volunteers to be maintainer.