OSSEC
http://ossec.github.io/
Provide a HIDS - Host based Intrusion Detection System, to improve the Security Software section. OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, rootkit detection, real-time alerting and active response
Open Source=Yes
https://bintray.com/artifact/download/ossec/ossec-hids/ossec-hids-2.8.3.tar.gz
Had a go at packaging this. Part of the make install script for the HIDS adds a new user and installs files owned by this user. What's the usual method of doing this for Solus?
@kyrios123 Thanks. Are these advanced sort of specifications properly documented anywhere?
edit: Also, correct me if I'm wrong, but this doesn't fix install's error on trying to create a file/folder owned by a group that doesn't exist when %make_install is run:
install -d -m 0550 -o root -g ossec /var/ossec/ install: invalid group 'ossec'
Is the solution to patch the specifics out and do it manually afterwards, or...?
man sysusers.d and man tmpfiles.d ?
I haven't checked ossec, you but must not install the directory if it's in tmpfiles.d. it should look like this:
d /var/ossec 0550 root ossec - -
I think I can get most of the files to install to the right place, but permissions are wrong for most of them.
Pointing code to look at the new directories is a challenge. I'm not well-versed enough in C to be able to know what needs updating and what's still hard-coded, and even less idea how to make it look at /usr/share/defaults/ossec/... before /etc/ossec/. I can provide what I've done if someone else wants to take a try.
This has sat in accepted for inclusion for over a year. Clearly, there is a lack of demand for the inclusion of this software, nobody has stepped up to provide a patch, maintain it, and properly integrate it. Closing as a result. Feel free to reopen but only when someone offers a patch via our proper patch submission methods and volunteers to be maintainer.