[ossec-cvs] ossec-hids: ossec-hids-agent.spec (NEW) preloaded-vars.conf (NEW) [dcid]

[OSSEC CVS <cvs-commit@xxxxxxxxx>]

Module name:	ossec-hids
Changes by:	dcid	07/09/07 18:42:19

Added files:
	ossec-hids-agent.spec preloaded-vars.conf

Log message:
Bug:
Description: Adding ossec specs (by Michael Williams (maverick at maverick.org))

--- NEW FILE: ossec-hids-agent.spec ---
#
# OSSEC 1.3 .spec file - AGENT
# Fri Aug 17 15:19:40 EDT 2007
#
#
# TODO:
#
# o Safety checks for %clean
#
# o Remove script
#
# o create an RPM_README.txt and put it in the source tree
#
#

Summary: Open Source Host-based Intrusion Detection System (Server)
Name: ossec-hids-agent-FC7
Version: 1.3
Release: 1
License: GPLv3
Group: Applications/Security
URL: http://www.ossec.net
Packager: Michael Williams (maverick@xxxxxxxxxxxx)
Source: http://www.ossec.net/files/ossec-hids-1.3.tar.gz
Requires: /usr/sbin/useradd, /usr/sbin/groupadd, /usr/sbin/groupdel, /usr/sbin/userdel, /sbin/service, /sbin/chkconfig

%description
OSSEC is an Open Source Host-based Intrusion 
Detection System. It performs log analysis, 
integrity checking, Windows registry monitoring, 
rootkit detection, real-time alerting and active 
response.


%prep

%setup -n ossec-hids-1.3

%build
/bin/cp /usr/local/src/OSSEC-RPM/1.3/agent/preloaded-vars.conf ${RPM_BUILD_DIR}/ossec-hids-1.3/etc/

./install.sh

%clean
rm -rf $RPM_BUILD_ROOT

%pre
################################################################################
# Create OSSEC group
#
if ! grep "^ossec" /etc/group > /dev/null ; then
  /usr/sbin/groupadd ossec
fi


################################################################################
# Create OSSEC users
#
for USER in ossec ; do
  if ! grep "^${USER}" /etc/passwd > /dev/null ; then
    /usr/sbin/useradd -d /var/ossec -s /bin/false -g ossec ${USER}
  fi
done

%post



################################################################################
# Create OSSEC /etc/init.d/ossec file
#
cat <<EOF >> /etc/init.d/ossec
#!/bin/bash
#
# ossec Starts ossec
#
#
# chkconfig: 2345 12 88
# description: OSSEC is an open source host based IDS
### BEGIN INIT INFO
# Provides: $ossec
### END INIT INFO

# Source function library.
. /etc/init.d/functions

[ -f /var/ossec/bin/ossec-control ] || exit 0

RETVAL=0

umask 077

case "\$1" in
  start)
        /var/ossec/bin/ossec-control start
        ;;
  stop)
        /var/ossec/bin/ossec-control stop
        ;;
  status)
        /var/ossec/bin/ossec-control status
        ;;
  restart|reload)
        /var/ossec/bin/ossec-control restart
        ;;
  *)
        echo "Usage: /var/ossec/bin/ossec-control {start|stop|status|restart}"
        exit 1
esac

EOF

/bin/chown root.root /etc/init.d/ossec
/bin/chmod 755 /etc/init.d/ossec

################################################################################
# Set configuration so OSSEC starts on reboot
#
/sbin/chkconfig --add ossec
/sbin/chkconfig ossec on

%postun
# Run service command, make sure OSSEC is stopped
/sbin/service ossec stop

# Run chkconfig, stop ossec from starting on boot
/sbin/chkconfig ossec off
/sbin/chkconfig --del ossec

# Remove init.d file
[ -f /etc/init.d/ossec ] && rm /etc/init.d/ossec

# Remove ossec users
for USER in ossec ossecm ossece ossecr ; do
  if grep "^${USER}" /etc/passwd > /dev/null ; then
    /usr/sbin/userdel -r ${USER}
  fi
done

# Remove ossec group
if grep "^ossec" /etc/group > /dev/null ; then
  /usr/sbin/groupdel ossec
fi


%files
%doc README BUGS CONFIG CONTRIB INSTALL LICENSE

%dir /var/ossec/
%attr(550, root, ossec) /var/ossec/
%dir /var/ossec/var
%attr(550, root, ossec) /var/ossec/var
%dir /var/ossec/var/run
%attr(770, root, ossec) /var/ossec/var/run
%dir /var/ossec/active-response
%attr(550, root, ossec) /var/ossec/active-response
%dir /var/ossec/active-response/bin
%attr(550, root, ossec) /var/ossec/active-response/bin
/var/ossec/active-response/bin/route-null.sh
%attr(755, root, ossec) /var/ossec/active-response/bin/route-null.sh
/var/ossec/active-response/bin/host-deny.sh
%attr(755, root, ossec) /var/ossec/active-response/bin/host-deny.sh
/var/ossec/active-response/bin/firewall-drop.sh
%attr(755, root, ossec) /var/ossec/active-response/bin/firewall-drop.sh
%dir /var/ossec/active-response/bin/firewalls
%attr(755, root, ossec) /var/ossec/active-response/bin/firewalls
/var/ossec/active-response/bin/firewalls/pf.sh
/var/ossec/active-response/bin/firewalls/ipfw.sh
/var/ossec/active-response/bin/firewalls/ipfw_mac.sh
/var/ossec/active-response/bin/disable-account.sh
%attr(755, root, ossec) /var/ossec/active-response/bin/disable-account.sh
%dir /var/ossec/bin
%attr(550, root, ossec) /var/ossec/bin
/var/ossec/bin/ossec-agentd
%attr(550, root, ossec) /var/ossec/bin/ossec-agentd
/var/ossec/bin/ossec-logcollector
%attr(550, root, ossec) /var/ossec/bin/ossec-logcollector
/var/ossec/bin/ossec-control
%attr(550, root, ossec) /var/ossec/bin/ossec-control
/var/ossec/bin/ossec-syscheckd
%attr(550, root, ossec) /var/ossec/bin/ossec-syscheckd
/var/ossec/bin/manage_agents
%attr(550, root, ossec) /var/ossec/bin/manage_agents
/var/ossec/bin/ossec-execd
%attr(550, root, ossec) /var/ossec/bin/ossec-execd
%dir /var/ossec/etc
%attr(550, root, ossec) /var/ossec/etc
/var/ossec/etc/internal_options.conf
%attr(440, root, ossec) /var/ossec/etc/internal_options.conf
/var/ossec/etc/localtime
%attr(644, root, root) /var/ossec/etc/localtime
%dir /var/ossec/etc/shared
%attr(770, root, ossec) /var/ossec/etc/shared
/var/ossec/etc/shared/win_malware_rcl.txt
%attr(770, root, ossec) /var/ossec/etc/shared/win_malware_rcl.txt
/var/ossec/etc/shared/win_applications_rcl.txt
%attr(770, root, ossec) /var/ossec/etc/shared/win_applications_rcl.txt
/var/ossec/etc/shared/win_audit_rcl.txt
%attr(770, root, ossec) /var/ossec/etc/shared/win_audit_rcl.txt
/var/ossec/etc/shared/rootkit_files.txt
%attr(770, root, ossec) /var/ossec/etc/shared/rootkit_files.txt
/var/ossec/etc/shared/rootkit_trojans.txt
%attr(770, root, ossec) /var/ossec/etc/shared/rootkit_trojans.txt
/var/ossec/etc/ossec.conf
%attr(440, root, ossec) /var/ossec/etc/ossec.conf
%dir /var/ossec/logs
%attr(750, ossec, ossec) /var/ossec/logs
/var/ossec/logs/ossec.log
%attr(664, ossec, ossec) /var/ossec/logs/ossec.log
%dir /var/ossec/queue
%attr(550, root, ossec) /var/ossec/queue
%dir /var/ossec/queue/rids
%attr(775, root, ossec) /var/ossec/queue/rids
%dir /var/ossec/queue/alerts
%attr(550, root, ossec) /var/ossec/queue/alerts
%dir /var/ossec/queue/syscheck
%attr(550, root, ossec) /var/ossec/queue/syscheck
%dir /var/ossec/queue/ossec
%attr(770, ossec, ossec) /var/ossec/queue/ossec


--- NEW FILE: preloaded-vars.conf ---
# preloaded-vars.conf, Daniel B. Cid (dcid @ ossec.net).
#
# RPM: server/local/agent version, 1.2, 2007.07.23
#
#
# Use this file to customize your installations.
# It will make the install.sh script pre-load some
# specific options to make it run automatically
# or with less questions.

# PLEASE NOTE:
# When we use "n" or "y" in here, it should be changed
# to "n" or "y" in the language your are doing the
# installation. For example, in portuguese it would
# be "s" or "n".


# USER_LANGUAGE defines to language to be used.
# It can be "en", "br", "tr", "it", "de" or "pl".
# In case of an invalid language, it will default
# to English "en" 
USER_LANGUAGE="en"     # For english
#USER_LANGUAGE="br"     # For portuguese


# If USER_NO_STOP is set to anything, the confirmation
# messages are not going to be asked.
USER_NO_STOP="y"


# USER_INSTALL_TYPE defines the installtion type to
# be used during install. It can only be "local",
# "agent" or "server".
#USER_INSTALL_TYPE="local"
USER_INSTALL_TYPE="agent"
#USER_INSTALL_TYPE="server"


# USER_DIR defines the location to install ossec
USER_DIR="/var/ossec"


# If USER_DELETE_DIR is set to "y", the directory
# to install OSSEC will be removed if present.
USER_DELETE_DIR="y"


# If USER_ENABLE_ACTIVE_RESPONSE is set to "n",
# active response will be disabled.
USER_ENABLE_ACTIVE_RESPONSE="n"


# If USER_ENABLE_SYSCHECK is set to "y", 
# syscheck will be enabled. Set to "n" to
# disable it.
USER_ENABLE_SYSCHECK="y"


# If USER_ENABLE_ROOTCHECK is set to "y",
# rootcheck will be enabled. Set to "n" to
# disable it.
USER_ENABLE_ROOTCHECK="y"


# If USER_UPDATE is set to anything, the update
# installation will be done.
#USER_UPDATE="y"

# If USER_UPDATE_RULES is set to anything, the
# rules will also be updated.
USER_UPDATE_RULES="y"

# If USER_BINARYINSTALL is set, the installation
# is not going to compile the code, but use the
# binaries from ./bin/
#USER_BINARYINSTALL="x"


### Agent Installation variables. ###

# USER_AGENT_SERVER_IP specifies the IP address of the 
# ossec server. Only used on agent installtions.
USER_AGENT_SERVER_IP="127.0.0.1"



### Server/Local Installation variables. ###

# USER_ENABLE_EMAIL enables or disables email alerting.
USER_ENABLE_EMAIL="n"

# USER_EMAIL_ADDRESS defines the destination e-mail of the alerts.
#USER_EMAIL_ADDRESS="dcid@xxxxxxxxxxxxxx"

# USER_EMAIL_SMTP defines the SMTP server to send the e-mails.
#USER_EMAIL_SMTP="test.ossec.net"


# USER_ENABLE_SYSLOG enables or disables remote syslog.
USER_ENABLE_SYSLOG="n"


# USER_ENABLE_FIREWALL_RESPONSE enables or disables
# the firewall response.
USER_ENABLE_FIREWALL_RESPONSE="n"


# Enable PF firewall (OpenBSD and FreeBSD only)
USER_ENABLE_PF="n"


# PF table to use (OpenBSD and FreeBSD only).
#USER_PF_TABLE="ossec_fwtable"


# USER_WHITE_LIST is a list of IPs or networks
# that are going to be set to never be blocked.
#USER_WHITE_LIST="192.168.2.1 192.168.1.0/24"


#### exit ? ###