Add initial attempt at ossec

Note: This will almost certainly not work as-is, but at least it compiles. NixOS module to come.
2012-07-09 11:44:44 -04:00 · 2012-07-09 11:44:44 -04:00 · 45bbcb9638
commit 45bbcb9638
parent 57e1ad943e
3 changed files with 218 additions and 0 deletions
--- a/pkgs/tools/security/ossec/default.nix
+++ b/pkgs/tools/security/ossec/default.nix
@ -0,0 +1,40 @@
+{ stdenv, fetchurl, which }:
+
+stdenv.mkDerivation {
+  name = "ossec-client-2.6";
+
+  src = fetchurl {
+    url = http://www.ossec.net/files/ossec-hids-2.6.tar.gz;
+
+    sha256 = "0k1b59wdv9h50gbyy88qw3cnpdm8hv0nrl0znm92h9a11i5b39ip";
+  };
+
+  buildInputs = [ which ];
+
+  phases = [ "unpackPhase" "patchPhase" "buildPhase" ];
+
+  patches = [ ./no-root.patch ];
+
+  buildPhase = ''
+    echo "en
+
+agent
+$out
+no
+127.0.0.1
+yes
+yes
+yes
+
+
+"   | ./install.sh
+  '';
+
+  meta = {
+    description = "Open soruce host-based instrusion detection system";
+    homepage = http://www.ossec.net;
+    license = stdenv.lib.licenses.gpl2;
+    maintainers = [ stdenv.lib.maintainers.shlevy ];
+  };
+}
+
--- a/pkgs/tools/security/ossec/no-root.patch
+++ b/pkgs/tools/security/ossec/no-root.patch
@ -0,0 +1,176 @@
+diff -Naur ossec-hids-2.6-orig/install.sh ossec-hids-2.6/install.sh
+--- ossec-hids-2.6-orig/install.sh	2011-07-11 15:36:58.000000000 -0400
+++ ossec-hids-2.6/install.sh	2012-07-09 09:58:57.970692818 -0400
+@@ -119,14 +119,14 @@
+     # Generate the /etc/ossec-init.conf
+     VERSION_FILE="./src/VERSION"
+     VERSION=`cat ${VERSION_FILE}`
+-    chmod 700 ${OSSEC_INIT} > /dev/null 2>&1
+-    echo "DIRECTORY=\"${INSTALLDIR}\"" > ${OSSEC_INIT}
+-    echo "VERSION=\"${VERSION}\"" >> ${OSSEC_INIT}
+-    echo "DATE=\"`date`\"" >> ${OSSEC_INIT}
+-    echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT}
+-    chmod 600 ${OSSEC_INIT}
+-    cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT}
+-    chmod 644 ${INSTALLDIR}${OSSEC_INIT}
+    echo chmod 700 ${OSSEC_INIT} > /dev/null 2>&1
+    echo "DIRECTORY=\"${INSTALLDIR}\"" > ${INSTALLDIR}${OSSEC_INIT}
+    echo "VERSION=\"${VERSION}\"" >> ${INSTALLDIR}${OSSEC_INIT}
+    echo "DATE=\"`date`\"" >> ${INSTALLDIR}${OSSEC_INIT}
+    echo "TYPE=\"${INSTYPE}\"" >> ${INSTALLDIR}${OSSEC_INIT}
+    echo chmod 600 ${OSSEC_INIT}
+    echo cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT}
+    echo chmod 644 ${INSTALLDIR}${OSSEC_INIT}
+ 
+ 
+     # If update_rules is set, we need to tweak
+@@ -926,11 +926,6 @@
+         catError "0x1-location";
+     fi
+ 
+-    # Must be root
+-    if [ ! "X$ME" = "Xroot" ]; then
+-        catError "0x2-beroot";
+-    fi
+-
+     # Checking dependencies
+     checkDependencies
+ 
+diff -Naur ossec-hids-2.6-orig/src/InstallAgent.sh ossec-hids-2.6/src/InstallAgent.sh
+--- ossec-hids-2.6-orig/src/InstallAgent.sh	2011-07-11 15:36:58.000000000 -0400
+++ ossec-hids-2.6/src/InstallAgent.sh	2012-07-09 09:56:12.061870552 -0400
+@@ -80,7 +80,7 @@
+ else
+     grep "^${USER}" /etc/passwd > /dev/null 2>&1
+     if [ ! $? = 0 ]; then
+-	/usr/sbin/groupadd ${GROUP}
+	echo /usr/sbin/groupadd ${GROUP}
+ 
+     # We first check if /sbin/nologin is present. If it is not,
+     # we look for bin/false. If none of them is present, we
+@@ -93,7 +93,7 @@
+             OSMYSHELL="/bin/false"
+         fi
+     fi        
+-	/usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
+	echo /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
+     fi
+ fi
+ 
+@@ -105,31 +105,31 @@
+ done
+ 
+ # Default for all directories
+-chmod -R 550 ${DIR}
+-chown -R root:${GROUP} ${DIR}
+echo chmod -R 550 ${DIR}
+echo chown -R root:${GROUP} ${DIR}
+ 
+ # To the ossec queue (default for agentd to read)
+-chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
+-chmod -R 770 ${DIR}/queue/ossec
+echo chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
+echo chmod -R 770 ${DIR}/queue/ossec
+ 
+ # For the logging user
+-chown -R ${USER}:${GROUP} ${DIR}/logs
+-chmod -R 750 ${DIR}/logs
+-chmod -R 775 ${DIR}/queue/rids
+-touch ${DIR}/logs/ossec.log
+-chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
+-chmod 664 ${DIR}/logs/ossec.log
+-
+-chown -R ${USER}:${GROUP} ${DIR}/queue/diff
+-chmod -R 750 ${DIR}/queue/diff
+-chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
+echo chown -R ${USER}:${GROUP} ${DIR}/logs
+echo chmod -R 750 ${DIR}/logs
+echo chmod -R 775 ${DIR}/queue/rids
+echo touch ${DIR}/logs/ossec.log
+echo chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
+echo chmod 664 ${DIR}/logs/ossec.log
+
+echo chown -R ${USER}:${GROUP} ${DIR}/queue/diff
+echo chmod -R 750 ${DIR}/queue/diff
+echo chmod 740 ${DIR}/queue/diff/* "> /dev/null 2>&1"
+ 
+ 
+ 
+ 
+ # For the etc dir
+-chmod 550 ${DIR}/etc
+-chown -R root:${GROUP} ${DIR}/etc
+echo chmod 550 ${DIR}/etc
+echo chown -R root:${GROUP} ${DIR}/etc
+ 
+ ls /etc/localtime > /dev/null 2>&1
+ if [ $? = 0 ]; then
+@@ -167,25 +167,25 @@
+ cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
+ cp -pr agentlessd/scripts/* ${DIR}/agentless/
+ 
+-chown root:${GROUP} ${DIR}/etc/internal_options.conf
+-chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
+-chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
+-chown root:${GROUP} ${DIR}/agentless/*
+-chown ${USER}:${GROUP} ${DIR}/.ssh
+-chown -R root:${GROUP} ${DIR}/etc/shared
+-
+-chmod 550 ${DIR}/etc
+-chmod 440 ${DIR}/etc/internal_options.conf
+-chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
+-chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1
+-chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it
+-chmod 550 ${DIR}/agentless/*
+-chmod 700 ${DIR}/.ssh
+echo chown root:${GROUP} ${DIR}/etc/internal_options.conf
+echo chown root:${GROUP} ${DIR}/etc/local_internal_options.conf "> /dev/null 2>&1"
+echo chown root:${GROUP} ${DIR}/etc/client.keys "> /dev/null 2>&1"
+echo chown root:${GROUP} ${DIR}/agentless/*
+echo chown ${USER}:${GROUP} ${DIR}/.ssh
+echo chown -R root:${GROUP} ${DIR}/etc/shared
+
+echo chmod 550 ${DIR}/etc
+echo chmod 440 ${DIR}/etc/internal_options.conf
+echo chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
+echo chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1
+echo chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it
+echo chmod 550 ${DIR}/agentless/*
+echo chmod 700 ${DIR}/.ssh
+ 
+ 
+ # For the /var/run
+-chmod 770 ${DIR}/var/run
+-chown root:${GROUP} ${DIR}/var/run
+echo chmod 770 ${DIR}/var/run
+echo chown root:${GROUP} ${DIR}/var/run
+ 
+ 
+ # Moving the binary files
+@@ -201,11 +201,11 @@
+ sh ./init/fw-check.sh execute > /dev/null
+ cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
+ cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
+-chmod 755 ${DIR}/active-response/bin/*
+-chown root:${GROUP} ${DIR}/active-response/bin/*
+echo chmod 755 ${DIR}/active-response/bin/*
+echo chown root:${GROUP} ${DIR}/active-response/bin/*
+ 
+-chown root:${GROUP} ${DIR}/bin/*
+-chmod 550 ${DIR}/bin/*
+echo chown root:${GROUP} ${DIR}/bin/*
+echo chmod 550 ${DIR}/bin/*
+ 
+ 
+ # Moving the config file
+@@ -221,8 +221,8 @@
+ else    
+     cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf
+ fi
+-chown root:${GROUP} ${DIR}/etc/ossec.conf
+-chmod 440 ${DIR}/etc/ossec.conf
+echo chown root:${GROUP} ${DIR}/etc/ossec.conf
+echo chmod 440 ${DIR}/etc/ossec.conf
+ 
+ 
+ 
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -1198,6 +1198,8 @@ let

  optipng = callPackage ../tools/graphics/optipng { };

+  ossec = callPackage ../tools/security/ossec {};
+
  p7zip = callPackage ../tools/archivers/p7zip { };

  pal = callPackage ../tools/misc/pal { };