Date: Tue, 27 Nov 2018 01:58:02 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r485977 - in head/security: ossec-hids-local ossec-hids-local-config ossec-hids-local-config/files ossec-hids-local/files Message-ID: <201811270158.wAR1w2lw077090@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Tue Nov 27 01:58:02 2018 New Revision: 485977 URL: https://svnweb.freebsd.org/changeset/ports/485977 Log: security/ossec-hids-local: build fix as user [1] While here: - add new option PGSQL_SC ossec-hids-*-config [1] - improved option descriptions [1] - fix build with GCC-based architectures [2] PR: 233168 [1] PR: 233291 [2] Submitted by: Dominik Lisiak <dominik.lisiak@bemsoft.pl> (maintainer) [1] Submitted by: Piotr Kubaj <pkubaj@anongoth.pl> [2] Approved by: Dominik Lisiak <dominik.lisiak@bemsoft.pl> (maintainer) [2] Added: head/security/ossec-hids-local-config/files/template-syscheck-pgsql.xml.in (contents, props changed) Modified: head/security/ossec-hids-local-config/Makefile (contents, props changed) head/security/ossec-hids-local-config/opt-logs.mk head/security/ossec-hids-local-config/opt-syscheck.mk head/security/ossec-hids-local/Makefile (contents, props changed) head/security/ossec-hids-local/files/patch-src_Makefile (contents, props changed) Modified: head/security/ossec-hids-local-config/Makefile ============================================================================== --- head/security/ossec-hids-local-config/Makefile Tue Nov 27 01:40:46 2018 (r485976) +++ head/security/ossec-hids-local-config/Makefile Tue Nov 27 01:58:02 2018 (r485977) @@ -2,7 +2,7 @@ PORTNAME= ossec-hids PORTVERSION= 3.1.0 -PORTREVISION= +PORTREVISION= 1 CATEGORIES= security PKGNAMESUFFIX= -${OSSEC_TYPE}-config @@ -427,17 +427,17 @@ agent-conf-local: do-install: ossec-dirs ossec-scripts ossec-rules ossec-conf-managed ossec-conf-local ossec-conf-sample agent-conf-managed agent-conf-local ossec-permissions: +.if defined(MAINTAINER_MODE) @${CHMOD} -R 550 ${OSSEC_DIR} - @${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_CONF_DIR}/* ${OSSEC_LOCAL_CONF_DIR}/* - @${CHMOD} 550 ${OSSEC_CONF_DIR} ${OSSEC_LOCAL_CONF_DIR} -.if ${OSSEC_TYPE} != agent + @${CHMOD} 640 ${COMMAND_CONF} ${OSSEC_LOCAL_CONF_DIR}/* ${OSSEC_CONF_DIR}/* + @${CHMOD} 550 ${OSSEC_LOCAL_CONF_DIR} ${OSSEC_CONF_DIR} +. if ${OSSEC_TYPE} != agent @${CHMOD} 640 ${RULES_DIR}/* -.endif -.if ${OSSEC_TYPE} == server - @${CHMOD} 640 ${AGENT_CONF_DIR}/* ${AGENT_LOCAL_CONF_DIR}/* - @${CHMOD} 550 ${AGENT_CONF_DIR} ${AGENT_LOCAL_CONF_DIR} -.endif -.if defined(MAINTAINER_MODE) +. endif +. if ${OSSEC_TYPE} == server + @${CHMOD} 640 ${AGENT_LOCAL_CONF_DIR}/* ${AGENT_CONF_DIR}/* + @${CHMOD} 550 ${AGENT_LOCAL_CONF_DIR} ${AGENT_CONF_DIR} +. endif @${CHOWN} -R ${USER}:${OSSEC_GROUP} ${OSSEC_DIR} @${CHOWN} -R ${USER}:${GROUP} ${BIN_DIR} .endif @@ -451,10 +451,10 @@ post-install: ossec-permissions .if defined(MAINTAINER_MODE) plist: makeplist - @${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR} + @${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR} rules: extract - @${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC} + @${SH} ${SCRIPTDIR}/rules.sh ${FILESDIR}/${RULES_DEFAULT_TEMPLATE}.in ${WRKSRC} .endif .include <bsd.port.post.mk> Added: head/security/ossec-hids-local-config/files/template-syscheck-pgsql.xml.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/ossec-hids-local-config/files/template-syscheck-pgsql.xml.in Tue Nov 27 01:58:02 2018 (r485977) @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<template_config os="FreeBSD" profile="%%SYSCHECK_PGSQL_PROFILE%%"> + + <syscheck> + <directories realtime="yes" check_all="yes" restrict=".conf">/var/db/postgres</directories> + </syscheck> + +</template_config> + +<template_config os="Linux" profile="%%SYSCHECK_PGSQL_PROFILE%%"> + + <syscheck> + <directories realtime="yes" check_all="yes" restrict=".conf">/var/lib/postgresql</directories> + </syscheck> + +</template_config> Modified: head/security/ossec-hids-local-config/opt-logs.mk ============================================================================== --- head/security/ossec-hids-local-config/opt-logs.mk Tue Nov 27 01:40:46 2018 (r485976) +++ head/security/ossec-hids-local-config/opt-logs.mk Tue Nov 27 01:58:02 2018 (r485977) @@ -6,7 +6,7 @@ LOGS_DESC= Log Monitoring # Default logs support LOGS_BASIC_OPTION= BASIC LOGS_BASIC_PROFILE= basic -LOGS_BASIC_DESC= Default system logs +LOGS_BASIC_DESC= Basic system logs LOGS_BASIC_DEFINE= server local agent pushed LOGS_BASIC_DEFAULT= server local pushed LOGS_OPTIONS+= LOGS_BASIC @@ -14,7 +14,7 @@ LOGS_OPTIONS+= LOGS_BASIC # Active response log support LOGS_OSSEC_OPTION= OSSEC LOGS_OSSEC_PROFILE= ossec -LOGS_OSSEC_DESC= Active response logs +LOGS_OSSEC_DESC= OSSEC active response logs LOGS_OSSEC_DEFINE= server local agent pushed LOGS_OSSEC_DEFAULT= server local pushed LOGS_OPTIONS+= LOGS_OSSEC Modified: head/security/ossec-hids-local-config/opt-syscheck.mk ============================================================================== --- head/security/ossec-hids-local-config/opt-syscheck.mk Tue Nov 27 01:40:46 2018 (r485976) +++ head/security/ossec-hids-local-config/opt-syscheck.mk Tue Nov 27 01:58:02 2018 (r485977) @@ -3,22 +3,6 @@ SYSCHECK_LOCAL_CONF= 530.syscheck.local.conf SYSCHECK_DESC= File Integrity Checking (syscheck) -# Default direcotries -SYSCHECK_BASIC_OPTION= BASIC_SC -SYSCHECK_BASIC_PROFILE= basic -SYSCHECK_BASIC_DESC= "bin", "sbin" and "etc" -SYSCHECK_BASIC_DEFINE= server local agent pushed -SYSCHECK_BASIC_DEFAULT= server local pushed -SYSCHECK_OPTIONS+= SYSCHECK_BASIC - -# OSSEC directories -SYSCHECK_OSSEC_OPTION= OSSEC_SC -SYSCHECK_OSSEC_PROFILE= ossec -SYSCHECK_OSSEC_DESC= OSSEC directories -SYSCHECK_OSSEC_DEFINE= server local agent pushed -SYSCHECK_OSSEC_DEFAULT= server local pushed -SYSCHECK_OPTIONS+= SYSCHECK_OSSEC - # Alert new files SYSCHECK_NEWFILES_OPTION= NEWFILES_SC SYSCHECK_NEWFILES_DESC= Alert on new files created @@ -40,3 +24,27 @@ SYSCHECK_HOSTDENY_DESC= Ignore access control files SYSCHECK_HOSTDENY_DEFINE= server local agent pushed SYSCHECK_HOSTDENY_DEFAULT= server local pushed SYSCHECK_OPTIONS+= SYSCHECK_HOSTDENY + +# Default direcotries +SYSCHECK_BASIC_OPTION= BASIC_SC +SYSCHECK_BASIC_PROFILE= basic +SYSCHECK_BASIC_DESC= "bin", "sbin" and "etc" directories +SYSCHECK_BASIC_DEFINE= server local agent pushed +SYSCHECK_BASIC_DEFAULT= server local pushed +SYSCHECK_OPTIONS+= SYSCHECK_BASIC + +# OSSEC directories +SYSCHECK_OSSEC_OPTION= OSSEC_SC +SYSCHECK_OSSEC_PROFILE= ossec +SYSCHECK_OSSEC_DESC= OSSEC directories +SYSCHECK_OSSEC_DEFINE= server local agent pushed +SYSCHECK_OSSEC_DEFAULT= server local pushed +SYSCHECK_OPTIONS+= SYSCHECK_OSSEC + +# PostgreSQL directory +SYSCHECK_PGSQL_OPTION= PGSQL_SC +SYSCHECK_PGSQL_PROFILE= postgresql +SYSCHECK_PGSQL_DESC= PostgreSQL configuration files +SYSCHECK_PGSQL_DEFINE= server local agent pushed +SYSCHECK_PGSQL_DEFAULT= pushed +SYSCHECK_OPTIONS+= SYSCHECK_PGSQL Modified: head/security/ossec-hids-local/Makefile ============================================================================== --- head/security/ossec-hids-local/Makefile Tue Nov 27 01:40:46 2018 (r485976) +++ head/security/ossec-hids-local/Makefile Tue Nov 27 01:58:02 2018 (r485977) @@ -2,7 +2,7 @@ PORTNAME= ossec-hids PORTVERSION= 3.1.0 -PORTREVISION= +PORTREVISION= 1 CATEGORIES= security PKGNAMESUFFIX= -${OSSEC_TYPE} @@ -88,7 +88,6 @@ ZEROMQ_VARS= OSSEC_ARGS+=USE_ZEROMQ=yes MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema PGSQL_VARS= OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema -OSSEC_ARGS+= TARGET=${OSSEC_TYPE} .if ${OSSEC_TYPE} == agent STRIP_FILES= agent-auth \ manage_agents \ @@ -184,6 +183,10 @@ PKGMSG_FILES= message-header CFLAGS+= -I${LOCALBASE}/include +OSSEC_ARGS+= TARGET=${OSSEC_TYPE} INSTALL_LOCALTIME=no +.if !defined(MAINTAINER_MODE) +OSSEC_ARGS+= INSTALL_CMD=install +.endif BUILD_ARGS+= ${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME} INSTALL_ARGS+= ${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME} @@ -195,6 +198,9 @@ post-patch: @${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \ -e 's|-lreadline|& ${LDFLAGS}|' \ ${WRKSRC}/src/external/lua/src/Makefile +.if ${ARCH:Mmips*} || ${ARCH:Mpowerpc*} || ${ARCH} == sparc64 + @${REINPLACE_CMD} -e 's|-Wno-implicit-fallthrough||g' ${WRKSRC}/src/Makefile +.endif do-build: @cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build @@ -229,7 +235,7 @@ post-install: .if defined(MAINTAINER_MODE) plist: makeplist - @${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR} + @${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR} .endif post-install-DOCS-on: Modified: head/security/ossec-hids-local/files/patch-src_Makefile ============================================================================== --- head/security/ossec-hids-local/files/patch-src_Makefile Tue Nov 27 01:40:46 2018 (r485976) +++ head/security/ossec-hids-local/files/patch-src_Makefile Tue Nov 27 01:58:02 2018 (r485977) @@ -1,30 +1,39 @@ --- src/Makefile.orig 2018-10-11 22:25:16 UTC +++ src/Makefile -@@ -366,10 +366,10 @@ endif +@@ -20,6 +20,9 @@ OSSEC_USER?=ossec + OSSEC_USER_MAIL?=ossecm + OSSEC_USER_REM?=ossecr + ++INSTALL_CMD?=install -m $(1) -o $(2) -g $(3) ++INSTALL_LOCALTIME?=yes ++ + USE_PRELUDE?=no + USE_ZEROMQ?=no + USE_GEOIP?=no +@@ -366,10 +369,10 @@ endif install: install-${TARGET} install-agent: install-common - install -m 0550 -o root -g 0 ossec-agentd ${PREFIX}/bin - install -m 0550 -o root -g 0 agent-auth ${PREFIX}/bin -+ install -m 0550 ossec-agentd ${PREFIX}/bin -+ install -m 0550 agent-auth ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-agentd ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) agent-auth ${PREFIX}/bin - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids -+ install -d ${PREFIX}/queue/rids ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids install-local: install-server-generic -@@ -378,128 +378,126 @@ install-hybrid: install-server-generic - install-server: install-server-generic +@@ -379,127 +382,129 @@ install-server: install-server-generic install-common: build -- ./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX} + ./init/adduser.sh ${OSSEC_USER} ${OSSEC_USER_MAIL} ${OSSEC_USER_REM} ${OSSEC_GROUP} ${PREFIX} - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/ - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs - install -m 0660 -o ${OSSEC_USER} -g ${OSSEC_GROUP} /dev/null ${PREFIX}/logs/ossec.log -+ install -d ${PREFIX} -+ install -d ${PREFIX}/logs -+ install /dev/null ${PREFIX}/logs/ossec.log ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/ ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs ++ $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/ossec.log - install -d -m 0550 -o root -g 0 ${PREFIX}/bin - install -m 0550 -o root -g 0 ossec-logcollector ${PREFIX}/bin @@ -33,13 +42,13 @@ - install -m 0550 -o root -g 0 manage_agents ${PREFIX}/bin - install -m 0550 -o root -g 0 ../contrib/util.sh ${PREFIX}/bin/ - install -m 0550 -o root -g 0 ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control -+ install -d ${PREFIX}/bin -+ install -m 0550 ossec-logcollector ${PREFIX}/bin -+ install -m 0550 ossec-syscheckd ${PREFIX}/bin -+ install -m 0550 ossec-execd ${PREFIX}/bin -+ install -m 0550 manage_agents ${PREFIX}/bin -+ install -m 0550 ../contrib/util.sh ${PREFIX}/bin/ -+ install -m 0550 ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control ++ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-logcollector ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-syscheckd ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-execd ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) manage_agents ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ../contrib/util.sh ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) ${OSSEC_CONTROL_SRC} ${PREFIX}/bin/ossec-control ifeq (${LUA_ENABLE},yes) - install -d -m 0550 -o root -g 0 ${PREFIX}/lua @@ -47,11 +56,11 @@ - install -d -m 0550 -o root -g 0 ${PREFIX}/lua/compiled - install -m 0550 -o root -g 0 ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/ - install -m 0550 -o root -g 0 ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/ -+ install -d ${PREFIX}/lua -+ install -d ${PREFIX}/lua/native -+ install -d ${PREFIX}/lua/compiled -+ install -m 0550 ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/ -+ install -m 0550 ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua ++ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/native ++ $(call INSTALL_CMD,0550,root,0) -d ${PREFIX}/lua/compiled ++ $(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-lua ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) ${EXTERNAL_LUA}src/ossec-luac ${PREFIX}/bin/ endif - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/queue @@ -59,75 +68,78 @@ - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/ossec - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/syscheck - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/diff -+ install -d ${PREFIX}/queue -+ install -d ${PREFIX}/queue/alerts -+ install -d ${PREFIX}/queue/ossec -+ install -d ${PREFIX}/queue/syscheck -+ install -d ${PREFIX}/queue/diff ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/queue ++ $(call INSTALL_CMD,0770,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/alerts ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/ossec ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/syscheck ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/diff - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc - install -m 0440 -o root -g ${OSSEC_GROUP} /etc/localtime ${PREFIX}/etc -+ install -d ${PREFIX}/etc ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/etc ++ifeq (${INSTALL_LOCALTIME},yes) ++ $(call INSTALL_CMD,0440,root,${OSSEC_GROUP}) /etc/localtime ${PREFIX}/etc ++endif - install -d -m 1550 -o root -g ${OSSEC_GROUP} ${PREFIX}/tmp -+ install -d -m 1550 ${PREFIX}/tmp ++ $(call INSTALL_CMD,1550,root,${OSSEC_GROUP}) -d ${PREFIX}/tmp ifneq (,$(wildcard /etc/TIMEZONE)) - install -m 440 -o root -g ${OSSEC_GROUP} /etc/TIMEZONE ${PREFIX}/etc/ -+ install -m 440 /etc/TIMEZONE ${PREFIX}/etc/ ++ $(call INSTALL_CMD,440,root,${OSSEC_GROUP}) /etc/TIMEZONE ${PREFIX}/etc/ endif # Solaris Needs some extra files ifeq (${uname_S},SunOS) - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/usr/share/lib/zoneinfo/ -+ install -d ${PREFIX}/usr/share/lib/zoneinfo/ ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/usr/share/lib/zoneinfo/ cp -r /usr/share/lib/zoneinfo/* ${PREFIX}/usr/share/lib/zoneinfo/ endif - install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/internal_options.conf ${PREFIX}/etc/ -+ install -m 0640 -b ../etc/internal_options.conf ${PREFIX}/etc/ ++ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/internal_options.conf ${PREFIX}/etc/ ifeq (,$(wildcard ${PREFIX}/etc/local_internal_options.conf)) - install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf -+ install -m 0640 ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf ++ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/local_internal_options.conf ${PREFIX}/etc/local_internal_options.conf endif ifeq (,$(wildcard ${PREFIX}/etc/client.keys)) - install -m 0640 -o root -g ${OSSEC_GROUP} /dev/null ${PREFIX}/etc/client.keys -+ install -m 0640 /dev/null ${PREFIX}/etc/client.keys ++ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) /dev/null ${PREFIX}/etc/client.keys endif ifeq (,$(wildcard ${PREFIX}/etc/ossec.conf)) ifneq (,$(wildcard ../etc/ossec.mc)) - install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/ossec.mc ${PREFIX}/etc/ossec.conf -+ install -m 0640 ../etc/ossec.mc ${PREFIX}/etc/ossec.conf ++ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/ossec.mc ${PREFIX}/etc/ossec.conf else - install -m 0640 -o root -g ${OSSEC_GROUP} ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf -+ install -m 0640 ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf ++ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${OSSEC_CONF_SRC} ${PREFIX}/etc/ossec.conf endif endif - install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc/shared - install -m 0640 -o ${OSSEC_USER} -g ${OSSEC_GROUP} rootcheck/db/*.txt ${PREFIX}/etc/shared/ -+ install -d ${PREFIX}/etc/shared -+ install -m 0640 rootcheck/db/*.txt ${PREFIX}/etc/shared/ ++ $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/etc/shared ++ $(call INSTALL_CMD,0640,${OSSEC_USER},${OSSEC_GROUP}) rootcheck/db/*.txt ${PREFIX}/etc/shared/ - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response/bin - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/agentless - install -m 0550 -o root -g ${OSSEC_GROUP} agentlessd/scripts/* ${PREFIX}/agentless/ -+ install -d ${PREFIX}/active-response -+ install -d ${PREFIX}/active-response/bin -+ install -d ${PREFIX}/agentless -+ install -m 0550 agentlessd/scripts/* ${PREFIX}/agentless/ ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/active-response/bin ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/agentless ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) agentlessd/scripts/* ${PREFIX}/agentless/ - install -d -m 0700 -o root -g ${OSSEC_GROUP} ${PREFIX}/.ssh -+ install -d ${PREFIX}/.ssh ++ $(call INSTALL_CMD,0700,root,${OSSEC_GROUP}) -d ${PREFIX}/.ssh - install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/*.sh ${PREFIX}/active-response/bin/ - install -m 0550 -o root -g ${OSSEC_GROUP} ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/ -+ install -m 0550 ../active-response/*.sh ${PREFIX}/active-response/bin/ -+ install -m 0550 ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/ ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/*.sh ${PREFIX}/active-response/bin/ ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) ../active-response/firewalls/*.sh ${PREFIX}/active-response/bin/ - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/var - install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/var/run -+ install -d ${PREFIX}/var -+ install -d ${PREFIX}/var/run ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/var ++ $(call INSTALL_CMD,0770,root,${OSSEC_GROUP}) -d ${PREFIX}/var/run ./init/fw-check.sh execute @@ -138,10 +150,10 @@ - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/archives - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/alerts - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/logs/firewall -+ install -m 0660 /dev/null ${PREFIX}/logs/active-responses.log -+ install -d ${PREFIX}/logs/archives -+ install -d ${PREFIX}/logs/alerts -+ install -d ${PREFIX}/logs/firewall ++ $(call INSTALL_CMD,0660,${OSSEC_USER},${OSSEC_GROUP}) /dev/null ${PREFIX}/logs/active-responses.log ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/archives ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/alerts ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/logs/firewall - install -m 0550 -o root -g 0 ossec-agentlessd ${PREFIX}/bin - install -m 0550 -o root -g 0 ossec-analysisd ${PREFIX}/bin @@ -162,58 +174,58 @@ - install -m 0550 -o root -g 0 agent_control ${PREFIX}/bin/ - install -m 0550 -o root -g 0 syscheck_control ${PREFIX}/bin/ - install -m 0550 -o root -g 0 rootcheck_control ${PREFIX}/bin/ -+ install -m 0550 ossec-agentlessd ${PREFIX}/bin -+ install -m 0550 ossec-analysisd ${PREFIX}/bin -+ install -m 0550 ossec-monitord ${PREFIX}/bin -+ install -m 0550 ossec-reportd ${PREFIX}/bin -+ install -m 0550 ossec-maild ${PREFIX}/bin -+ install -m 0550 ossec-remoted ${PREFIX}/bin -+ install -m 0550 ossec-logtest ${PREFIX}/bin -+ install -m 0550 ossec-csyslogd ${PREFIX}/bin -+ install -m 0550 ossec-authd ${PREFIX}/bin -+ install -m 0550 ossec-dbd ${PREFIX}/bin -+ install -m 0550 ossec-makelists ${PREFIX}/bin -+ install -m 0550 verify-agent-conf ${PREFIX}/bin/ -+ install -m 0550 clear_stats ${PREFIX}/bin/ -+ install -m 0550 list_agents ${PREFIX}/bin/ -+ install -m 0550 ossec-regex ${PREFIX}/bin/ -+ install -m 0550 syscheck_update ${PREFIX}/bin/ -+ install -m 0550 agent_control ${PREFIX}/bin/ -+ install -m 0550 syscheck_control ${PREFIX}/bin/ -+ install -m 0550 rootcheck_control ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) ossec-agentlessd ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-analysisd ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-monitord ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-reportd ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-maild ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-remoted ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-logtest ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-csyslogd ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-authd ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-dbd ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) ossec-makelists ${PREFIX}/bin ++ $(call INSTALL_CMD,0550,root,0) verify-agent-conf ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) clear_stats ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) list_agents ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) ossec-regex ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) syscheck_update ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) agent_control ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) syscheck_control ${PREFIX}/bin/ ++ $(call INSTALL_CMD,0550,root,0) rootcheck_control ${PREFIX}/bin/ - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/stats - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules -+ install -d ${PREFIX}/stats -+ install -d ${PREFIX}/rules ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/stats ++ $(call INSTALL_CMD,0550,root,${OSSEC_GROUP}) -d ${PREFIX}/rules ifneq (,$(wildcard ${PREFIX}/rules/local_rules.xml)) cp ${PREFIX}/rules/local_rules.xml ${PREFIX}/rules/local_rules.xml.installbackup - install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules - install -m 0640 -o root -g ${OSSEC_GROUP} ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml -+ install -m 0640 -b ../etc/rules/*.xml ${PREFIX}/rules -+ install -m 0640 ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml ++ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules ++ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ${PREFIX}/rules/local_rules.xml.installbackup ${PREFIX}/rules/local_rules.xml rm ${PREFIX}/rules/local_rules.xml.installbackup else - install -m 0640 -o root -g ${OSSEC_GROUP} -b ../etc/rules/*.xml ${PREFIX}/rules -+ install -m 0640 -b ../etc/rules/*.xml ${PREFIX}/rules ++ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) -b ../etc/rules/*.xml ${PREFIX}/rules endif - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/fts -+ install -d ${PREFIX}/queue/fts ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/fts - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rootcheck -+ install -d ${PREFIX}/queue/rootcheck ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/rootcheck - install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/agent-info - install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/agentless -+ install -d ${PREFIX}/queue/agent-info -+ install -d ${PREFIX}/queue/agentless ++ $(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/agent-info ++ $(call INSTALL_CMD,0750,${OSSEC_USER},${OSSEC_GROUP}) -d ${PREFIX}/queue/agentless - install -d -m 0750 -o ${OSSEC_USER_REM} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids -+ install -d ${PREFIX}/queue/rids ++ $(call INSTALL_CMD,0750,${OSSEC_USER_REM},${OSSEC_GROUP}) -d ${PREFIX}/queue/rids - install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/decoder.xml ${PREFIX}/etc/ -+ install -m 0640 ../etc/decoder.xml ${PREFIX}/etc/ ++ $(call INSTALL_CMD,0640,root,${OSSEC_GROUP}) ../etc/decoder.xml ${PREFIX}/etc/ rm -f ${PREFIX}/etc/shared/merged.mg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811270158.wAR1w2lw077090>