forked from ossec/ossec-hids
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathossec-hids.spec
More file actions
1278 lines (1004 loc) · 46.4 KB
/
ossec-hids.spec
File metadata and controls
1278 lines (1004 loc) · 46.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
# Atomicorp spec file for OSSEC
#
# License: AGPL
# http://www.affero.org/oagf.html
#
# Please preserve changelog entries
#
%define _default_patch_fuzz 2
%define debug_package %{nil}
%global __os_install_post %{nil}
# Amazon linux expands as rhel 7, even though its architecturally more like 6
# Declare it as 6 so we can avoid other issues
%if 0%{?amzn}
%define rhel 6
%endif
Summary: An Open Source Host-based Intrusion Detection System
Name: ossec-hids
Epoch: 1
Version: 3.8.0
Release: RELEASE-AUTO%{?dist}.art
License: GPL
Group: Applications/System
URL: https://www.ossec.net/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Vendor: https://www.ossec.net
Packager: https://www.atomicorp.com
Source0: https://github.com/ossec/ossec-hids/archive/%{version}/%{name}-%{version}.tar.gz
Source1: filter-requires.sh
Source2: %{name}.init
Source3: ossec-hids-hybrid.conf
Source4: ossec-hids.service
Source5: ossec-hids-hybrid.service
Source6: ossec-hids.logrotate
Source7: zabbix-alert.sh
Source8: ossec-configure
Source9: ossec-hids-agent.conf
Source10: ar-tracking.sh
Source11: ossec-hids-authd.service
Source12: ossec-hids-hybrid.init
Source13: default-ossec-agent.conf
Source14: ossec-hids-authd
Source15: ossec-authd
Source16: ossec-server.conf
Source1000: exclusion_rules.xml
Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd
Requires(post): openssl
BuildRequires: make
BuildRequires: systemd-devel
BuildRequires: libevent-devel
BuildRequires: gcc
BuildRequires: coreutils glibc-devel
BuildRequires: sqlite-devel
# Not available on amzn2023
#BuildRequires: GeoIP, GeoIP-devel
BuildRequires: lua-devel
#Requires: GeoIP
%if 0%{?rhel} == 5
BuildRequires: openssl101e-devel
Requires: openssl101e
%else
BuildRequires: openssl-devel
%endif
%if 0%{!?el6}
BuildRequires: inotify-tools-devel
%endif
BuildRequires: zlib-devel
BuildRequires: pcre2-devel
%if 0%{?rhel} >= 7
BuildRequires: systemd-devel
%endif
Provides: ossec-%{version}-%{release}
# Do we really need inotify-tools?
#Requires: inotify-tools
#
ExclusiveOS: linux
%define _use_internal_dependency_generator 0
%define __find_requires %{SOURCE1}
%description
OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection
System (HIDS). It has a powerful correlation and analysis engine, integrating
log analysis, file integrity checking, Windows registry monitoring, centralized
policy enforcement, rootkit detection, real-time alerting and active response.
It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS,
Solaris and Windows.
This package contains common files required for all packages.
%package agent
Summary: The OSSEC HIDS Client
Group: System Environment/Daemons
Obsoletes: ossec-hids-client
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig /sbin/service
Requires(postun): /sbin/service
Conflicts: %{name}-server
%description agent
The %{name}-agent package contains the agent part of the
OSSEC HIDS. Install this package on every system to be
monitored.
%package hybrid
Summary: The OSSEC HIDS hybrid client
Group: System Environment/Daemons
Requires: %{name} = %{epoch}:%{version}-%{release}
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig /sbin/service
Requires(postun): /sbin/service
Conflicts: %{name}-agent
%description hybrid
The %{name}-hybrid package contains the agent component of the
OSSEC HIDS for systems running in hierarchical server configurations.
%package server
Summary: The OSSEC HIDS Server
Group: System Environment/Daemons
Provides: ossec-server-%{version}-%{release}
Requires: %{name} = %{epoch}:%{version}-%{release}
#Requires: ossec-rules
#Conflicts: %{name}-client
Requires(pre): /usr/sbin/groupadd /usr/sbin/useradd
Requires(post): /sbin/chkconfig
Requires(preun): /sbin/chkconfig /sbin/service
Requires(postun): /sbin/service
%description server
The %{name}-server package contains the server part of the
OSSEC HIDS. Install this package on a central machine for
log collection and alerting.
%package mysql
Summary: The OSSEC HIDS Server mysql connector
Group: System Environment/Daemons
Requires: ossec-hids-server = %{epoch}:%{version}-%{release}
Conflicts: ossec-hids-postgres
# This is expanding as rhel6 on amzn2023
#%if 0%{?rhel} == 6
#BuildRequires: mysql-devel
#%endif
%if 0%{?rhel} == 7 || 0%{?amzn2}
BuildRequires: mariadb-devel mariadb-libs mariadb-server
%endif
%if 0%{?rhel} >= 8 || 0%{?fedora} >= 28
BuildRequires: mariadb-connector-c-devel
%endif
%description mysql
Mysql connector for OSSEC
# Placeholder for postgres
%package postgres
Summary: The OSSEC HIDS Server postgres connector
Group: System Environment/Daemons
Requires: ossec-hids-server = %{epoch}:%{version}-%{release}
Conflicts: ossec-hids-mysql
BuildRequires: postgresql-devel
%description postgres
Postgresql connector for OSSEC
%prep
%setup -q
# Handle newer versions of rpm
#%if 0%{?rpm_version} >= 415000
#% patch0 -p1
#%else
#% patch 0 -p1
#%endif
%build
CFLAGS="$RPM_OPT_FLAGS -fpic -fPIE -Wformat -Wformat-security -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -fcommon"
%if 0%{?rhel} == 5
CFLAGS+=" -I/usr/include/openssl101e -L/usr/lib64/openssl101e -L/usr/lib/openssl101e "
%endif
LDFLAGS="-fPIE -pie -Wl,-z,relro"
SH_LDFLAGS="-fPIE -pie -Wl,-z,relro"
export CFLAGS LDFLAGS SH_LDFLAGS
# Build the agent version first
pushd src
# Agent
mkdir clients/
make TARGET=agent PCRE2_SYSTEM=yes
mv manage_agents clients/manage_agent
mv ossec-logcollector clients/client-logcollector
mv ossec-syscheckd clients/client-syscheckd
mv ossec-agentd clients/
mv ossec-execd clients/client-execd
mv agent-auth clients/
# Hybrid
make clean
mkdir hybrid/
make TARGET=agent PCRE2_SYSTEM=yes PREFIX=/var/ossec/ossec-agent
mv ossec-agentd hybrid/
mv ossec-execd hybrid/
mv ossec-logcollector hybrid/
mv ossec-syscheckd hybrid/
cp clients/agent-auth hybrid/
mv manage_agents hybrid/manage_agent
# Rebuild for server
make clean
# not on amzn22023
#make DATABASE=pgsql MAXAGENTS=16384 GEOIP=1 TARGET=server PCRE2_SYSTEM=yes
make DATABASE=pgsql MAXAGENTS=16384 TARGET=server PCRE2_SYSTEM=yes
mkdir postgres
cp ossec-dbd postgres/
# Rebuild for mysql
make clean
# not on amzn2023
#make DATABASE=mysql MAXAGENTS=16384 USE_GEOIP=1 TARGET=server PCRE2_SYSTEM=yes
make DATABASE=mysql MAXAGENTS=16384 TARGET=server PCRE2_SYSTEM=yes
mkdir mariadb
cp ossec-dbd mariadb
make clean
make MAXAGENTS=16384 TARGET=server PCRE2_SYSTEM=yes
#make DATABASE=mysql MAXAGENTS=16384 TARGET=server
popd
# Generate the ossec-init.conf template
echo "DIRECTORY=\"%{_localstatedir}/ossec\"" > ossec-init.conf
echo "VERSION=\"%{version}\"" >> ossec-init.conf
echo "DATE=\"`date`\"" >> ossec-init.conf
%install
[ -n "${RPM_BUILD_ROOT}" -a "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_initrddir}
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_sysconfdir}
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_datadir}/ossec/contrib
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/{log,run}
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/active-response/bin
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/agentless
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/{bin,stats,rules,tmp}
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/rules/translated/pure_ftpd
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/lua/
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/lua/{native,compiled}
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/logs/{archives,alerts,firewall}
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/queue/{alerts,agentless,agent-info,diff,fts,ossec,rids,rootcheck,syscheck}
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/var/run
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/shared
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/templates
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/mysql
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/decoders.d
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/rules.d
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/stats
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/tmp
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/var/run
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/.ssh
# Hybrid
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/active-response/bin
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/agentless
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/bin
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/etc/shared
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/logs
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/lua/{native,compiled}
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/queue/{alerts,diff,ossec,rids,syscheck}
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/tmp
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/var/run
%{__mkdir_p} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/.ssh
# active response
install -m 0755 active-response/*.sh ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/active-response/bin
install -m 0550 src/agentlessd/scripts/* ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/agentless
# bin
install -m 0550 src/hybrid/agent-auth ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/bin
install -m 0550 src/hybrid/manage_agent ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/bin/
install -m 0550 src/hybrid/ossec-agentd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/bin/
install -m 0550 src/init/ossec-client.sh ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/bin/ossec-control
install -m 0550 src/hybrid/ossec-execd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/bin
install -m 0550 src/hybrid/ossec-logcollector ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/bin
#install -m 0550 src/external/lua/src/ossec-lua ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/bin/
#install -m 0550 src/external/lua/src/ossec-luac ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/bin/
install -m 0550 src/hybrid/ossec-syscheckd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/bin
# etc
install -m 0644 etc/internal_options.conf ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/etc
# TODO: local_internal_options, probably not needed
install -m 0644 %{SOURCE3} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/etc/ossec.conf
# TODO:ossec-init.conf
# needs to be reviewed
install -m 0644 src/rootcheck/db/*.txt ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/etc/shared
# Copy changelog
#cp %{SOURCE1} CHANGELOG
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
mkdir -p %{buildroot}%{_unitdir}
%{__install} -Dp -m0644 %{SOURCE4} %{buildroot}%{_unitdir}/ossec-hids.service
%{__install} -Dp -m0644 %{SOURCE5} %{buildroot}%{_unitdir}/ossec-hids-hybrid.service
%{__install} -Dp -m0644 %{SOURCE11} %{buildroot}%{_unitdir}/ossec-hids-authd.service
%else
%{__install} -m 0755 %{SOURCE2} ${RPM_BUILD_ROOT}%{_initrddir}/%{name}
%{__install} -m 0755 %{SOURCE14} ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-authd
%{__install} -m 0755 %{SOURCE12} ${RPM_BUILD_ROOT}%{_initrddir}/ossec-hids-hybrid
%endif
%{__install} -m 0755 %{SOURCE15} ${RPM_BUILD_ROOT}/etc/sysconfig/ossec-authd
install -m 0600 ossec-init.conf ${RPM_BUILD_ROOT}%{_sysconfdir}
install -m 0644 etc/ossec.conf ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/ossec.conf.sample
install -m 0644 %{SOURCE16} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/ossec-server.conf
install -m 0644 %{SOURCE13} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/ossec-agent.conf
install -m 0644 etc/*.xml ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc
install -m 0644 etc/internal_options* ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc
install -m 0644 etc/rules/*xml ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/rules
install -m 0644 etc/rules/translated/pure_ftpd/* ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/rules/translated/pure_ftpd
install -m 0644 etc/templates/config/* ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/templates/
#install -m 0750 bin/* ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
pushd src
# Client
install -m 0550 clients/agent-auth ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 clients/client-logcollector ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 clients/client-syscheckd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 clients/manage_agent ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 clients/ossec-agentd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
install -m 0550 clients/client-execd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
# Server components
install -m 0550 ossec-logcollector ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 ossec-syscheckd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 ossec-execd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 manage_agents ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
#install -m 0550 external/lua/src/ossec-lua ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
#install -m 0550 external/lua/src/ossec-luac ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
install -m 0550 ossec-agentlessd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 ossec-analysisd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 ossec-monitord ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 ossec-reportd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 ossec-maild ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 ossec-remoted ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 ossec-logtest ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 ossec-csyslogd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 ossec-authd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 mariadb/ossec-dbd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/ossec-dbd
install -m 0550 postgres/ossec-dbd ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/ossec-pgsql-dbd
install -m 0550 ossec-makelists ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 verify-agent-conf ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
install -m 0550 clear_stats ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
install -m 0550 list_agents ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
install -m 0550 ossec-regex ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
install -m 0550 syscheck_update ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
install -m 0550 agent_control ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
install -m 0550 syscheck_control ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
install -m 0550 rootcheck_control ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/
popd
install -m 0755 active-response/*.sh ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/active-response/bin
install -m 0644 src/rootcheck/db/*.txt ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/shared
install -m 0644 src/os_dbd/mysql.schema ${RPM_BUILD_ROOT}%{_datadir}/ossec/contrib
install -m 0644 src/os_dbd/postgresql.schema ${RPM_BUILD_ROOT}%{_datadir}/ossec/contrib
install -m 0550 src/init/ossec-{client,server}.sh ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin
install -m 0550 src/agentlessd/scripts/* ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/agentless
# Legacy file
install -m 0644 %{SOURCE1000} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/rules/exclusion_rules.xml
# Install contrib files
pushd contrib
#chmod -R 755 *
chmod 0750 {config2xml,*.sh}
chmod 0640 *.{conf,pm,pl,sql,txt}
#rm -f *.pm *.pl
rm -f ossec_rules_list.py
cp -a * ${RPM_BUILD_ROOT}%{_datadir}/ossec/contrib/
popd
# create the faux ossec.conf, %ghost'ed files must exist in the buildroot
touch ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/ossec.conf
mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
install -m 0644 %{SOURCE6} ${RPM_BUILD_ROOT}/etc/logrotate.d/%{name}
install -m 0755 %{SOURCE7} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/active-response/bin/zabbix-alert.sh
install -m 0755 %{SOURCE10} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/active-response/bin/ar-tracking.sh
install -m 0755 %{SOURCE8} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/bin/ossec-configure
install -m 0644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/etc/shared/agent.conf
install -m 0644 %{SOURCE9} ${RPM_BUILD_ROOT}%{_localstatedir}/ossec/ossec-agent/etc/shared/agent.conf
%pre
if ! id -g ossec > /dev/null 2>&1; then
groupadd -r ossec
fi
if ! id -u ossec > /dev/null 2>&1; then
useradd -g ossec -G ossec \
-d %{_localstatedir}/ossec \
-r -s /sbin/nologin ossec
fi
if ! id -u ossecr > /dev/null 2>&1; then
useradd -g ossec -G ossec \
-d %{_localstatedir}/ossec \
-r -s /sbin/nologin ossecr
fi
%pre server
if ! id -g ossec > /dev/null 2>&1; then
groupadd -r ossec
fi
if ! id -u ossec > /dev/null 2>&1; then
useradd -g ossec -G ossec \
-d %{_localstatedir}/ossec \
-r -s /sbin/nologin ossec
fi
if ! id -u ossecr > /dev/null 2>&1; then
useradd -g ossec -G ossec \
-d %{_localstatedir}/ossec \
-r -s /sbin/nologin ossecr
fi
if ! id -u ossecm > /dev/null 2>&1; then
useradd -g ossec -G ossec \
-d %{_localstatedir}/ossec \
-r -s /sbin/nologin ossecm
fi
if ! id -u ossece > /dev/null 2>&1; then
useradd -g ossec -G ossec \
-d %{_localstatedir}/ossec \
-r -s /sbin/nologin ossece
fi
%post agent
if [ $1 = 1 ]; then
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
systemctl enable ossec-hids >/dev/null 2>&1 || :
%else
/sbin/chkconfig --add %{name}
/sbin/chkconfig %{name} on
%endif
fi
echo "TYPE=\"agent\"" >> %{_sysconfdir}/ossec-init.conf
if [ ! -f %{_localstatedir}/ossec/etc/ossec.conf ]; then
ln -sf ossec-agent.conf %{_localstatedir}/ossec/etc/ossec.conf
fi
ln -sf /var/ossec/bin/ossec-client.sh %{_localstatedir}/ossec/bin/ossec-control
# daemon linking
ln -sf %{_localstatedir}/ossec/bin/client-logcollector %{_localstatedir}/ossec/bin/ossec-logcollector
ln -sf %{_localstatedir}/ossec/bin/client-syscheckd %{_localstatedir}/ossec/bin/ossec-syscheckd
ln -sf %{_localstatedir}/ossec/bin/client-execd %{_localstatedir}/ossec/bin/ossec-execd
touch %{_localstatedir}/ossec/logs/ossec.log
chown ossec:ossec %{_localstatedir}/ossec/logs/ossec.log
chmod 0664 %{_localstatedir}/ossec/logs/ossec.log
# Simple SELinux policy
if command -v semanage >/dev/null 2>&1; then
semanage fcontext -a -t bin_t '/var/ossec/bin(/.*)?' >/dev/null 2>&1 || :
restorecon -Rv /var/ossec/bin >/dev/null 2>&1 || :
fi
%define sslkey /var/ossec/etc/sslmanager.key
%define sslcert /var/ossec/etc/sslmanager.cert
%post server
if [ $1 = 1 ]; then
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
/bin/systemctl enable ossec-hids >/dev/null 2>&1 || :
%else
/sbin/chkconfig --add %{name}
/sbin/chkconfig %{name} on
%endif
fi
echo "TYPE=\"server\"" >> %{_sysconfdir}/ossec-init.conf
if [ ! -f %{_localstatedir}/ossec/etc/ossec.conf ]; then
ln -sf ossec-server.conf %{_localstatedir}/ossec/etc/ossec.conf
fi
ln -sf /var/ossec/bin/ossec-server.sh %{_localstatedir}/ossec/bin/ossec-control
touch %{_localstatedir}/ossec/logs/ossec.log
chown ossec:ossec %{_localstatedir}/ossec/logs/ossec.log
if [ ! -s %{sslkey} ] ; then
/usr/bin/openssl genrsa -rand /proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/uptime 2048 > %{sslkey} 2> /dev/null || :
fi
if [ ! -s %{sslcert} ] ; then
cat << EOF | /usr/bin/openssl req -new -key %{sslkey} \
-x509 -days 1095 -set_serial $RANDOM \
-out %{sslcert} 2>/dev/null || :
--
AtomicState
AtomicCity
Atomicorp
AtomicOrganizationalUnit
${FQDN}
root@${FQDN}
EOF
fi
# Simple SELinux policy
if command -v semanage >/dev/null 2>&1; then
semanage fcontext -a -t bin_t '/var/ossec/bin(/.*)?' >/dev/null 2>&1 || :
restorecon -Rv /var/ossec/bin >/dev/null 2>&1 || :
fi
%post hybrid
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
%endif
if [ ! -f /var/ossec/ossec-agent/etc/localtime ]; then
cp -fpL %{_sysconfdir}/localtime %{_localstatedir}/ossec/ossec-agent/etc
fi
%post postgres
ln -sf %{_localstatedir}/ossec/bin/ossec-pgsql-dbd %{_localstatedir}/ossec/bin/ossec-dbd || :
%preun agent
if [ $1 = 0 ]; then
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
systemctl stop ossec-hids >/dev/null 2>&1 || :
systemctl disable ossec-hids >/dev/null 2>&1 || :
%else
/sbin/chkconfig %{name} off
/sbin/chkconfig --del %{name}
/sbin/service ossec-hids stop || :
%endif
rm -f %{_localstatedir}/ossec/etc/localtime
rm -f %{_localstatedir}/ossec/etc/ossec.conf
rm -f %{_localstatedir}/ossec/bin/ossec-control
rm -f %{_localstatedir}/ossec/bin/ossec-logcollector
rm -f %{_localstatedir}/ossec/bin/ossec-syscheckd
rm -f %{_localstatedir}/ossec/bin/ossec-execd
fi
%preun server
if [ $1 = 0 ]; then
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
systemctl stop ossec-hids >/dev/null 2>&1 || :
systemctl disable ossec-hids >/dev/null 2>&1 || :
%else
/sbin/chkconfig %{name} off
/sbin/chkconfig --del %{name}
/sbin/service ossec-hids stop || :
%endif
rm -f %{_localstatedir}/ossec/etc/localtime
rm -f %{_localstatedir}/ossec/etc/ossec.conf
rm -f %{_localstatedir}/ossec/bin/ossec-control
fi
%postun server
# Remove the SELinux context rule only if the package is being completely removed
if [ $1 -eq 0 ]; then
if command -v semanage >/dev/null 2>&1; then
semanage fcontext -d '/var/ossec/bin(/.*)?'
fi
fi
%triggerin -- glibc
[ -r %{_sysconfdir}/localtime ] && cp -fpL %{_sysconfdir}/localtime %{_localstatedir}/ossec/etc
if [ -f /var/ossec/ossec-agent/etc ]; then
cp -fpL %{_sysconfdir}/localtime %{_localstatedir}/ossec/ossec-agent/etc
fi
%clean
[ -n "${RPM_BUILD_ROOT}" -a "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
%files
%defattr(-,root,root)
%doc BUGS CONFIG CONTRIBUTORS INSTALL LICENSE README.md CHANGELOG.md
%attr(550,root,ossec) %dir %{_localstatedir}/ossec
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/active-response
%attr(550,root,ossec) %{_localstatedir}/ossec/active-response/bin
%attr(550,root,ossec) %{_localstatedir}/ossec/agentless
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/bin
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/etc
%attr(770,ossec,ossec) %dir %{_localstatedir}/ossec/etc/shared
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/etc/templates
%attr(640,ossec,ossec) %{_localstatedir}/ossec/etc/templates/*
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/tmp
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/logs
%attr(550,root,root) %dir %{_localstatedir}/ossec/lua/*
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/queue
%attr(770,ossec,ossec) %dir %{_localstatedir}/ossec/queue/ossec
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/queue/diff
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/var
%attr(770,root,ossec) %dir %{_localstatedir}/ossec/var/run
#%attr(550,root,root) %{_localstatedir}/ossec/bin/ossec-lua*
%config(noreplace) /etc/logrotate.d/%{name}
%{_localstatedir}/ossec/bin/ossec-configure
%files agent
%defattr(-,root,root)
%attr(600,root,root) %verify(not md5 size mtime) %{_sysconfdir}/ossec-init.conf
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
%{_unitdir}/ossec-hids.service
%else
%{_initrddir}/ossec-hids
%endif
%config(noreplace) %{_localstatedir}/ossec/etc/ossec-agent.conf
%config(noreplace) %{_localstatedir}/ossec/etc/internal_options*
%{_localstatedir}/ossec/etc/*.sample
%{_localstatedir}/ossec/bin/ossec-client.sh
%{_localstatedir}/ossec/bin/ossec-agentd
%{_localstatedir}/ossec/bin/client-logcollector
%{_localstatedir}/ossec/bin/client-syscheckd
%{_localstatedir}/ossec/bin/manage_agent
%{_localstatedir}/ossec/bin/client-execd
%{_localstatedir}/ossec/bin/agent-auth
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/queue/alerts
%attr(775,root,ossec) %dir %{_localstatedir}/ossec/queue/rids
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/queue/syscheck
%files hybrid
%defattr(-,root,root)
%config(noreplace) %{_localstatedir}/ossec/ossec-agent/etc/ossec.conf
%config(noreplace) %{_localstatedir}/ossec/ossec-agent/etc/internal_options.conf
%attr(640,ossec,ossec) %config(noreplace) %{_localstatedir}/ossec/ossec-agent/etc/shared/agent.conf
%{_localstatedir}/ossec/ossec-agent/active-response/bin/
%{_localstatedir}/ossec/ossec-agent/agentless/*
%{_localstatedir}/ossec/ossec-agent/bin/*
%{_localstatedir}/ossec/ossec-agent/etc/shared/*txt
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
%{_unitdir}/ossec-hids-hybrid.service
%else
%{_initrddir}/ossec-hids-hybrid
%endif
%attr(550,root,root) %dir %{_localstatedir}/ossec/ossec-agent/lua/*
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/ossec-agent/logs
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/ossec-agent/queue/alerts
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/ossec-agent/queue/diff
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/ossec-agent/queue/ossec
%attr(775,root,ossec) %dir %{_localstatedir}/ossec/ossec-agent/queue/rids
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/ossec-agent/queue/syscheck
%attr(1750,root,ossec) %dir %{_localstatedir}/ossec/ossec-agent/tmp
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/ossec-agent/var
%attr(770,root,ossec) %dir %{_localstatedir}/ossec/ossec-agent/var/run
%files server
%defattr(-,root,root)
%attr(600,root,root) %verify(not md5 size mtime) %{_sysconfdir}/ossec-init.conf
%if 0%{?fedora} >= 17 || 0%{?rhel} >= 7
%{_unitdir}/ossec-hids.service
%{_unitdir}/ossec-hids-authd.service
%else
%{_initrddir}/ossec-hids
%{_initrddir}/ossec-hids-authd
%endif
%ghost %config(missingok,noreplace) %{_localstatedir}/ossec/etc/ossec.conf
%config(noreplace) %{_localstatedir}/ossec/etc/ossec-server.conf
%config(noreplace) %{_localstatedir}/ossec/etc/internal_options*
%config(noreplace) /etc/sysconfig/ossec-authd
%attr(640,ossec,ossec) %config(noreplace) %{_localstatedir}/ossec/etc/shared/agent.conf
%config(noreplace) %{_localstatedir}/ossec/etc/shared/*
%dir %{_datadir}/ossec/contrib
%{_datadir}/ossec/*
%{_localstatedir}/ossec/etc/rules.d/
%{_localstatedir}/ossec/etc/decoders.d/
# Legacy
%{_localstatedir}/ossec/etc/decoder.xml
%{_localstatedir}/ossec/etc/*.sample
%{_localstatedir}/ossec/bin/ossec-authd
%{_localstatedir}/ossec/bin/agent_control
%{_localstatedir}/ossec/bin/clear_stats
%{_localstatedir}/ossec/bin/list_agents
%{_localstatedir}/ossec/bin/manage_agents
%{_localstatedir}/ossec/bin/ossec-agentlessd
%{_localstatedir}/ossec/bin/ossec-analysisd
%{_localstatedir}/ossec/bin/ossec-csyslogd
%{_localstatedir}/ossec/bin/ossec-execd
%{_localstatedir}/ossec/bin/ossec-logcollector
%{_localstatedir}/ossec/bin/ossec-logtest
%{_localstatedir}/ossec/bin/ossec-maild
%{_localstatedir}/ossec/bin/ossec-makelists
%{_localstatedir}/ossec/bin/ossec-monitord
%{_localstatedir}/ossec/bin/ossec-regex
%{_localstatedir}/ossec/bin/ossec-remoted
%{_localstatedir}/ossec/bin/ossec-reportd
%{_localstatedir}/ossec/bin/ossec-server.sh
%{_localstatedir}/ossec/bin/ossec-syscheckd
%{_localstatedir}/ossec/bin/rootcheck_control
%{_localstatedir}/ossec/bin/syscheck_control
%{_localstatedir}/ossec/bin/syscheck_update
%{_localstatedir}/ossec/bin/verify-agent-conf
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/logs/archives
%attr(770,ossec,ossec) %dir %{_localstatedir}/ossec/logs/alerts
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/logs/firewall
%attr(755,ossecr,ossec) %dir %{_localstatedir}/ossec/queue/agent-info
%attr(755,ossec,ossec) %dir %{_localstatedir}/ossec/queue/agentless
%attr(770,ossec,ossec) %dir %{_localstatedir}/ossec/queue/alerts
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/queue/fts
%attr(755,ossecr,ossec) %dir %{_localstatedir}/ossec/queue/rids
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/queue/rootcheck
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/queue/syscheck
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/rules
#%config(noreplace) %{_localstatedir}/ossec/rules/*
%config %{_localstatedir}/ossec/rules/*
%attr(750,ossec,ossec) %dir %{_localstatedir}/ossec/stats
%attr(550,root,ossec) %dir %{_localstatedir}/ossec/agentless
%files mysql
%defattr(-,root,root)
%{_localstatedir}/ossec/bin/ossec-dbd
%{_datadir}/ossec/contrib/mysql.schema
%files postgres
%defattr(-,root,root)
%{_localstatedir}/ossec/bin/ossec-pgsql-dbd
%{_datadir}/ossec/contrib/postgresql.schema
# Changes
%changelog
* Tue Jan 7 2025 Support <support@atomicorp.com> - 3.8.0-1
- Update to 3.8.0
- Added ossec service files for agent/server
- Basic SElinux policy in %post
- Reduced external dependencies
* Wed Oct 12 2022 Support <support@atomicorp.com> - 3.7.0-1
- Add support for EL9
* Thu Aug 22 2019 Support <support@atomicorp.com> - 3.4.0
- Update to 3.4.0
* Fri Apr 19 2019 Support <support@atomicorp.com> - 3.3.0
- Update to 3.3.0
* Thu Jan 31 2019 Support <support@atomicorp.com> - 3.2.0
- Update to 3.2.0
* Tue Mar 21 2017 Support <support@atomicorp.com> - 2.9.0-50
- Change labels in alert mail headers to "ASL"
* Thu Feb 9 2017 Support <support@atomicorp.com> - 2.9.0-49
- Update to Ossec 2.9.0 Final
* Wed Jan 25 2017 Support <support@atomicorp.com> - 2.9.0-48
- Update to Ossec 2.9.0
* Tue Sep 9 2014 Support <support@atomicorp.com> - 2.8.1-47
- Update to 2.8.1. This is identical to 2.8.0-46, the only change is the hosts.deny CVE-2014-5284 is merged in.
* Mon Sep 8 2014 Support <support@atomicorp.com> - 2.8.0-46
- Revert BR#1596
- Add Bugfix for hosts.deny race condition (CVE-2014-5284)
* Tue Aug 12 2014 Support <support@atomicorp.com> - 2.8.0-45.1
- BR #1596, Add fork limiting patch (max 10) for execd to prevent DoS conditions
* Mon Jun 23 2014 Support <support@atomicorp.com> - 2.8.0-45
- Upgrade to 2.8.0
* Thu Jun 5 2014 Support <support@atomicorp.com> - 2.7.1-44
- Feature Request #1512, speed up shuns in execd, move sqlite down
* Mon Mar 10 2014 Support <support@atomicorp.com> - 2.7.1-43
- Relink against native mysql
* Tue Feb 4 2014 Support <support@atomicorp.com> - 2.7.1-42
- Add ar-tracking active response
* Tue Jan 7 2014 Support <support@atomicorp.com> - 2.7.1-41
- Placeholder for null exclusion rules. Legacy support
* Mon Jan 6 2014 Support <support@atomicorp.com> - 2.7.1-40
- ASL 4 version with new database format
* Wed Dec 18 2013 Support <support@atomicorp.com> - 2.7.1-36
- Add support for Fedora 20
- Modify optimization flags for FORTIFY
* Mon Dec 16 2013 Support <support@atomicorp.com> - 2.7.1-35
- Update to 2.7.1
- Add independent rules.d/decoders.d ossec-rules package
* Thu Oct 31 2013 Support <support@atomicorp.com> - 2.7-34
- FR#772, add rule 3360 for postfix slow brute force
- add dovecot-decoder.patch for cpanel dovecot
- Update 9702, 9753 for dovecot brute force
- FR#773, add rule 11308 for pure-ftp slow brute force
- FR#1347, Update for courier v4 decoder (pop3s)
- FR#1359, Update horde decoder for v5
* Thu Oct 24 2013 Support <support@atomicorp.com> - 2.7-33
- Disable ossec-dbd signature table (replaced by aslw_rules). This was very slow
* Mon Oct 7 2013 Support <support@atomicorp.com> - 2.7-32
- Break ossec-dbd into separate package
- FR#1321, update courier-imap decoder for version 4.0
* Fri Aug 2 2013 Support <support@atomicorp.com> - 2.7-31
- Bugfix #XXX, prevent truncating last character on ossec-dbd database inserts on the alerts/data table
* Mon Jul 29 2013 Support <support@atomicorp.com> - 2.7-30
- Add tld column to alert table w/ index
* Fri Jun 21 2013 Support <support@atomicorp.com> - 2.7-29
- Deprecate internal id generation in dbd
- update schema to autoincrement, increase id space to int
* Tue Jun 4 2013 Support <support@atomicorp.com> - 2.7-28
- Add is_hidden to mysql schema
* Mon Jun 3 2013 Support <support@atomicorp.com> - 2.7-27
- Add if exists to mysql schema
* Mon Jun 3 2013 Support <support@atomicorp.com> - 2.7-26
- Add os_dbd-mysql-replace-query.patch to consolidate SELECT/UPDATE into REPLACE sql
* Mon Apr 22 2013 Support <support@atomicorp.com> - 2.7-25
- Consolidate alert & data into a common table
- Add ossec-authd init script
* Mon Apr 22 2013 Support <support@atomicorp.com> - 2.7-24
- Add sqldelete command to execd
- Update to clear sqlite db at startup
* Mon Apr 15 2013 Support <support@atomicorp.com> - 2.7-23
- More minor updates to GeoIP tracking
* Fri Apr 12 2013 Support <support@atomicorp.com> - 2.7-22
- Minor update to GeoIP tracking
* Wed Apr 3 2013 Support <support@atomicorp.com> - 2.7-21
- Bugfix on permissions for files in shared/ directory for client installs
- Add GeoIP support
- Remove dependency on perl-DBD-SQLite
- Update asl-shun to new non-perl based version.
- Deprecate firewall-drop-update.patch
- Add sqlite support to execd (/var/ossec/var/execd.sqlite)
* Tue Jan 15 2013 Support <support@atomicorp.com> - 2.7-20
- Update to 2.7 final
* Mon Dec 10 2012 Support <support@atomicorp.com> - 2.7-19
- Feature Request #XXX, revert duplicate detection in log events to help detect extremely fast brute force attacks
- Add FORTIFY_SOURCE, PIE, and relro (full)
* Thu Nov 15 2012 Support <support@atomicorp.com> - 2.7-17
- Update to 2.7-rc2
* Wed Nov 14 2012 Support <support@atomicorp.com> - 2.6-16
- Update to 2.7-rc1
* Wed Aug 1 2012 Support <support@atomicorp.com> - 2.6-15
- Move active response components under the common package
* Tue Jun 19 2012 Support <support@atomicorp.com> - 2.6-14
- bugfix #xxx, correct ownership permissions on fts dir
* Mon Jun 18 2012 Support <support@atomicorp.com> - 2.6-13
- Update to init script to suppress spurious execd output
- Add alerts queue to server package with ossec/ossec permissions
* Thu Jun 7 2012 Support <support@atomicorp.com> - 2.6-12
- Bugfix #XXX, correct any/agentd condition
* Thu Jun 7 2012 Support <support@atomicorp.com> - 2.6-11
- Moved agentless packages under server
* Mon Apr 16 2012 Support <support@atomicorp.com> - 2.6-10
- Drop timeid and cat_id indexes from schema
* Tue Apr 10 2012 Support <support@atomicorp.com> - 2.6-9
- Add new index, timeid to alerts table.
* Mon Mar 26 2012 Support <support@atomicorp.com> - 2.6-8
- Add cmoraes patch, Adds config options for enabling/disabling rootkit/syscheck options, and agent config profiles
- Add ossec-memleaks patch
- Add agentless directories, and agent.conf
- Bugfix #XXX, ossec-hids.init will now return an exit code on status
* Thu Nov 10 2011 Support <support@atomicorp.com> - 2.6-7
- Add prelink_cmd support
* Tue Aug 23 2011 Support <support@atomicorp.com> - 2.6-6
- Bugfix #XXX, display multi-line events in data table correcty
* Wed Aug 17 2011 Support <support@atomicorp.com> - 2.6-5
- Update to asl-shun.pl purge event to default to 24 hours.
* Fri Aug 05 2011 Support <support@atomicorp.com> - 2.6-4
- Update to asl-shun.pl to change ordering of block rules
- Revert from 0805 snapshot
* Fri Aug 05 2011 Support <support@atomicorp.com> - 2.6-3
- Update to 0805 snapshot
* Mon Aug 01 2011 Support <support@atomicorp.com> - 2.6-2
- Update to 0801 snapshot
- Update asl-shun.pl to log to active-responses.log, blocks now go to the named chain ASL-ACTIVE-RESPONSE, and delete events are more redundant.
* Mon Jul 25 2011 Support <support@atomicorp.com> - 2.6-1
- Update to OSSEC 2.6 Final
* Mon Jul 11 2011 Support <support@atomicorp.com> - 2.6.0-0.10
- Update to snapshot 110711
* Mon Jun 13 2011 Support <support@atomicorp.com> - 2.6.0-0.9
- Update to snapshot 110613
* Thu Jun 9 2011 Support <support@atomicorp.com> - 2.6.0-0.8
- Update to snapshot 110609
* Mon Jun 6 2011 Support <support@atomicorp.com> - 2.6.0-0.7
- Update to snapshot 110606
- Moved ossecr user creation event to the ossec-hids core package
* Tue May 31 2011 Support <support@atomicorp.com> - 2.6.0-0.6
- Update to snapshot 110531
* Thu May 26 2011 Support <support@atomicorp.com> - 2.6.0-0.5
- Update to snapshot 110526
* Wed May 4 2011 Support <support@atomicorp.com> - 2.6.0-0.4
- Update to snapshot 110504
* Wed Apr 20 2011 Support <support@atomicorp.com> - 2.6.0-0.3
- Bugfix #536, Increase the default sleep time for syscheck
* Tue Apr 12 2011 Support <support@atomicorp.com> - 2.6.0-0.1
- Renamed to 2.6 branch
* Wed Apr 6 2011 Support <support@atomicorp.com> - 2.5.1-10
- Add support for the rules/decoders dir system
* Tue Apr 5 2011 Support <support@atomicorp.com> - 2.5.1-9
- Update to snapsot 110405
- Update asl-shun to support ossec alert ids
* Fri Dec 17 2010 Support <support@atomicorp.com> - 2.5.1-8
- Changed asl-shun sqlite database to /var/ossec/var/blocklist3.sqlite
- asl-shun database format now stores the full alertid
* Sun Dec 5 2010 Support <support@atomicorp.com> - 2.5.1-7
- Update to snapshot 101203
* Wed Dec 1 2010 Support <support@atomicorp.com> - 2.5.1-6
- Update to snapshot 101125
* Mon Nov 1 2010 Support <support@atomicorp.com> - 2.5.1-5