%define _localstatedir %{_var} %define prg ossec Name: ossec-hids Version: 1.4 Release: %mkrel 3 Summary: Host-based Intrusion Detection System License: GPLv2+ Group: Monitoring URL: http://www.ossec.net/ Source0: http://www.ossec.net/files/ossec-hids-%{version}.tar.gz Source2: %{name}.init Source3: asl_rules.xml Source4: authpsa_rules.xml Patch0: %{name}-build.patch Patch1: ossec-server-config.patch Patch2: decoder-asl.patch Patch3: syslog_rules.patch Patch4: ossec-client-conf.patch Patch5: firewall-drop-update.patch Provides: %{name}.pp = %{version}-%{release} Provides: ossec = %{version}-%{release} Requires(pre): rpm-helper Requires(post): rpm-helper Requires(preun): rpm-helper Requires(postun): rpm-helper BuildRequires: apache-devel BuildRequires: openssl-devel BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root %description OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. %package client Summary: The OSSEC HIDS Client Group: Monitoring Provides: %{name}-client.pp = %{version}-%{release} Provides: ossec-client = %{version}-%{release} Requires: %{name} = %{version}-%{release} Requires: %{name}.pp = %{version}-%{release} Requires(pre): rpm-helper Requires(post): rpm-helper Requires(preun): rpm-helper Requires(postun): rpm-helper Conflicts: %{name}-server <= %{version}-%{release} %description client The %{name}-client package contains the client part of the OSSEC HIDS. Install this package on every client to be monitored. %package server Summary: The OSSEC HIDS Server Group: Monitoring Provides: %{name}-server.pp = %{version}-%{release} Provides: ossec-server = %{version}-%{release} Requires: %{name} = %{version}-%{release} Requires: %{name}.pp = %{version}-%{release} Requires(pre): rpm-helper Requires(post): rpm-helper Requires(preun): rpm-helper Requires(postun): rpm-helper Conflicts: %{name}-client <= %{version}-%{release} %description server The %{name}-server package contains the server part of the OSSEC HIDS. Install this package on a central machine for log collection and alerting. %prep %setup -q %patch0 -p1 %patch1 -p0 %patch2 -p0 %patch3 -p0 %patch4 -p0 %patch5 -p0 # Prepare for docs rm -rf contrib/specs chmod -x contrib/* %build pushd src %make all %make build popd %install rm -rf ${RPM_BUILD_ROOT} mkdir -p ${RPM_BUILD_ROOT}%{_initrddir} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/{bin,stats,rules,tmp} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/logs/{archives,alerts,firewall} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/queue/{alerts,%{prg},fts,syscheck,rootcheck,agent-info,rids} mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/var/run mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/etc/shared mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/active-response/bin # Generate the ossec-init.conf template echo "DIRECTORY=\"%{_localstatedir}/lib/%{prg}\"" > %{prg}-init.conf echo "VERSION=\"%{version}\"" >> %{prg}-init.conf echo "DATE=\"`date`\"" >> %{prg}-init.conf install -m 0600 %{prg}-init.conf ${RPM_BUILD_ROOT}%{_sysconfdir} install -m 0644 etc/%{prg}.conf ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/etc/%{prg}.conf.sample install -m 0644 etc/%{prg}-{agent,server}.conf ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/etc install -m 0644 etc/*.xml ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/etc install -m 0644 etc/internal_options* ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/etc install -m 0644 etc/rules/* ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/rules install -m 0644 %{SOURCE3} ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/rules install -m 0550 bin/* ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/bin install -m 0755 active-response/*.sh ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/active-response/bin install -m 0644 src/rootcheck/db/*.txt ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/etc/shared install -m 0755 %{SOURCE2} ${RPM_BUILD_ROOT}%{_initrddir}/%{name} install -m 0550 src/init/%{prg}-{client,server}.sh ${RPM_BUILD_ROOT}%{_localstatedir}/lib/%{prg}/bin cp -fpL %{_sysconfdir}/localtime %{buildroot}%{_localstatedir}/lib/%{prg}/etc %clean rm -rf ${RPM_BUILD_ROOT} %pre %_pre_useradd %{prg} %{_localstatedir}/lib/%{prg} /sbin/nologin %pre server %_pre_useradd %{prg}m %{_localstatedir}/lib/%{prg} /sbin/nologin %_pre_useradd %{prg}e %{_localstatedir}/lib/%{prg} /sbin/nologin %_pre_useradd %{prg}r %{_localstatedir}/lib/%{prg} /sbin/nologin %post client echo "TYPE=\"agent\"" >> %{_sysconfdir}/%{prg}-init.conf if [ ! -f %{_localstatedir}/lib/%{prg}/etc/%{prg}.conf ]; then ln -sf %{prg}-agent.conf %{_localstatedir}/lib/%{prg}/etc/%{prg}.conf fi ln -sf %{prg}-client.sh %{_localstatedir}/lib/%{prg}/bin/%{prg}-control touch %{_localstatedir}/lib/%{prg}/logs/ossec.log chown %{prg}:%{prg} %{_localstatedir}/lib/%{prg}/logs/ossec.log chmod 0664 %{_localstatedir}/lib/%{prg}/logs/ossec.log %_post_service %{name} %post server echo "TYPE=\"server\"" >> %{_sysconfdir}/%{prg}-init.conf if [ ! -f %{_localstatedir}/lib/%{prg}/etc/%{prg}.conf ]; then ln -sf %{prg}-server.conf %{_localstatedir}/lib/%{prg}/etc/%{prg}.conf fi ln -sf %{prg}-server.sh %{_localstatedir}/lib/%{prg}/bin/%{prg}-control touch %{_localstatedir}/lib/%{prg}/logs/ossec.log chown %{prg}:%{prg} %{_localstatedir}/lib/%{prg}/logs/ossec.log chmod 0664 %{_localstatedir}/lib/%{prg}/logs/ossec.log %_post_service %{name} %preun client if [ $1 = 0 ]; then %_preun_service %{name} rm -f %{_localstatedir}/lib/%{prg}/etc/localtime rm -f %{_localstatedir}/lib/%{prg}/etc/%{prg}.conf rm -f %{_localstatedir}/lib/%{prg}/bin/%{prg}-control fi %preun server if [ $1 = 0 ]; then %_preun_service %{name} rm -f %{_localstatedir}/lib/%{prg}/etc/localtime rm -f %{_localstatedir}/lib/%{prg}/etc/%{prg}.conf rm -f %{_localstatedir}/lib/%{prg}/bin/%{prg}-control fi %files %defattr(0644,root,root,0755) %doc BUGS CONFIG CONTRIB INSTALL* README %doc %dir contrib doc %defattr(-,root,root,0755) %attr(550,root,%{prg}) %dir %{_localstatedir}/lib/%{prg} %attr(550,root,%{prg}) %dir %{_localstatedir}/lib/%{prg}/active-response %attr(550,root,%{prg}) %dir %{_localstatedir}/lib/%{prg}/active-response/bin %attr(550,root,%{prg}) %dir %{_localstatedir}/lib/%{prg}/bin %attr(550,root,%{prg}) %dir %{_localstatedir}/lib/%{prg}/etc %attr(770,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/etc/shared %attr(750,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/logs %attr(550,root,%{prg}) %dir %{_localstatedir}/lib/%{prg}/queue %attr(770,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/queue/alerts %attr(770,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/queue/%{prg} %attr(750,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/queue/syscheck %attr(550,root,%{prg}) %dir %{_localstatedir}/lib/%{prg}/var %attr(770,root,%{prg}) %dir %{_localstatedir}/lib/%{prg}/var/run %files client %defattr(-,root,root) #%attr(600,root,root) %verify(not md5 size mtime) %{_sysconfdir}/%{prg}-init.conf %attr(600,root,root) %config(noreplace) %{_sysconfdir}/%{prg}-init.conf %{_initrddir}/* %config(noreplace) %{_localstatedir}/lib/%{prg}/etc/%{prg}-agent.conf %config(noreplace) %{_localstatedir}/lib/%{prg}/etc/internal_options* %config(noreplace) %{_localstatedir}/lib/%{prg}/etc/shared/* %{_localstatedir}/lib/%{prg}/etc/*.sample %{_localstatedir}/lib/%{prg}/active-response/bin/* %{_localstatedir}/lib/%{prg}/bin/%{prg}-client.sh %{_localstatedir}/lib/%{prg}/bin/%{prg}-agentd %{_localstatedir}/lib/%{prg}/bin/%{prg}-logcollector %{_localstatedir}/lib/%{prg}/bin/%{prg}-syscheckd %{_localstatedir}/lib/%{prg}/bin/%{prg}-execd %{_localstatedir}/lib/%{prg}/bin/manage_client %attr(755,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/queue/rids %files server %defattr(-,root,root) #%attr(600,root,root) %verify(not md5 size mtime) %{_sysconfdir}/%{prg}-init.conf %attr(600,root,root) %config(noreplace) %{_sysconfdir}/%{prg}-init.conf %{_initrddir}/* %config(noreplace) %{_localstatedir}/lib/%{prg}/etc/%{prg}-server.conf %config(noreplace) %{_localstatedir}/lib/%{prg}/etc/internal_options* %config(noreplace) %{_localstatedir}/lib/%{prg}/etc/*.xml %config(noreplace) %{_localstatedir}/lib/%{prg}/etc/shared/* %{_localstatedir}/lib/%{prg}/etc/*.sample %{_localstatedir}/lib/%{prg}/etc/localtime %{_localstatedir}/lib/%{prg}/active-response/bin/* %{_localstatedir}/lib/%{prg}/bin/%{prg}-server.sh %{_localstatedir}/lib/%{prg}/bin/%{prg}-agentd %{_localstatedir}/lib/%{prg}/bin/%{prg}-analysisd %{_localstatedir}/lib/%{prg}/bin/%{prg}-execd %{_localstatedir}/lib/%{prg}/bin/%{prg}-logcollector %{_localstatedir}/lib/%{prg}/bin/%{prg}-maild %{_localstatedir}/lib/%{prg}/bin/%{prg}-monitord %{_localstatedir}/lib/%{prg}/bin/%{prg}-remoted %{_localstatedir}/lib/%{prg}/bin/%{prg}-syscheckd %{_localstatedir}/lib/%{prg}/bin/%{prg}-dbd %{_localstatedir}/lib/%{prg}/bin/list_agents %{_localstatedir}/lib/%{prg}/bin/manage_agents %{_localstatedir}/lib/%{prg}/bin/syscheck_update %{_localstatedir}/lib/%{prg}/bin/clear_stats %attr(750,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/logs/archives %attr(750,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/logs/alerts %attr(750,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/logs/firewall %attr(755,%{prg}r,%{prg}) %dir %{_localstatedir}/lib/%{prg}/queue/agent-info %attr(755,%{prg}r,%{prg}) %dir %{_localstatedir}/lib/%{prg}/queue/rids %attr(700,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/queue/fts %attr(700,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/queue/rootcheck %attr(550,root,%{prg}) %dir %{_localstatedir}/lib/%{prg}/rules %config(noreplace) %{_localstatedir}/lib/%{prg}/rules/* #%config %{_localstatedir}/lib/%{prg}/rules/* %attr(750,%{prg},%{prg}) %dir %{_localstatedir}/lib/%{prg}/stats %attr(550,root,%{prg}) %dir %{_localstatedir}/lib/%{prg}/tmp %changelog * Wed Jul 30 2008 Thierry Vignaud <tvignaud@mandriva.com> 1.4-3mdv2009.0 + Revision: 254926 - rebuild * Sun Feb 03 2008 David Walluck <walluck@mandriva.org> 1.4-1mdv2008.1 + Revision: 161596 - import ossec-hids