Add initial attempt at ossec

Note: This will almost certainly not work as-is, but at least it compiles. NixOS module to come.
2012-07-09 11:44:44 -04:00 · 2012-07-09 11:44:44 -04:00 · 45bbcb9638
commit 45bbcb9638
parent 57e1ad943e
3 changed files with 218 additions and 0 deletions
--- a/pkgs/tools/security/ossec/default.nix
+++ b/pkgs/tools/security/ossec/default.nix
@ -0,0 +1,40 @@
 { stdenv, fetchurl, which }:
 stdenv.mkDerivation {
  name = "ossec-client-2.6";
  src = fetchurl {
    url = http://www.ossec.net/files/ossec-hids-2.6.tar.gz;
    sha256 = "0k1b59wdv9h50gbyy88qw3cnpdm8hv0nrl0znm92h9a11i5b39ip";
  };
  buildInputs = [ which ];
  phases = [ "unpackPhase" "patchPhase" "buildPhase" ];
  patches = [ ./no-root.patch ];
  buildPhase = ''
    echo "en
 agent
 $out
 no
 127.0.0.1
 yes
 yes
 yes
 "   | ./install.sh
  '';
  meta = {
    description = "Open soruce host-based instrusion detection system";
    homepage = http://www.ossec.net;
    license = stdenv.lib.licenses.gpl2;
    maintainers = [ stdenv.lib.maintainers.shlevy ];
  };
 }
--- a/pkgs/tools/security/ossec/no-root.patch
+++ b/pkgs/tools/security/ossec/no-root.patch
@ -0,0 +1,176 @@
 diff -Naur ossec-hids-2.6-orig/install.sh ossec-hids-2.6/install.sh
 --- ossec-hids-2.6-orig/install.sh	2011-07-11 15:36:58.000000000 -0400
 +++ ossec-hids-2.6/install.sh	2012-07-09 09:58:57.970692818 -0400
@@ -119,14 +119,14 @@
     # Generate the /etc/ossec-init.conf
     VERSION_FILE="./src/VERSION"
     VERSION=`cat ${VERSION_FILE}`
 -    chmod 700 ${OSSEC_INIT} > /dev/null 2>&1
 -    echo "DIRECTORY=\"${INSTALLDIR}\"" > ${OSSEC_INIT}
 -    echo "VERSION=\"${VERSION}\"" >> ${OSSEC_INIT}
 -    echo "DATE=\"`date`\"" >> ${OSSEC_INIT}
 -    echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT}
 -    chmod 600 ${OSSEC_INIT}
 -    cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT}
 -    chmod 644 ${INSTALLDIR}${OSSEC_INIT}
 +    echo chmod 700 ${OSSEC_INIT} > /dev/null 2>&1
 +    echo "DIRECTORY=\"${INSTALLDIR}\"" > ${INSTALLDIR}${OSSEC_INIT}
 +    echo "VERSION=\"${VERSION}\"" >> ${INSTALLDIR}${OSSEC_INIT}
 +    echo "DATE=\"`date`\"" >> ${INSTALLDIR}${OSSEC_INIT}
 +    echo "TYPE=\"${INSTYPE}\"" >> ${INSTALLDIR}${OSSEC_INIT}
 +    echo chmod 600 ${OSSEC_INIT}
 +    echo cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT}
 +    echo chmod 644 ${INSTALLDIR}${OSSEC_INIT}
     # If update_rules is set, we need to tweak
@@ -926,11 +926,6 @@
         catError "0x1-location";
     fi
 -    # Must be root
 -    if [ ! "X$ME" = "Xroot" ]; then
 -        catError "0x2-beroot";
 -    fi
 -
     # Checking dependencies
     checkDependencies
 diff -Naur ossec-hids-2.6-orig/src/InstallAgent.sh ossec-hids-2.6/src/InstallAgent.sh
 --- ossec-hids-2.6-orig/src/InstallAgent.sh	2011-07-11 15:36:58.000000000 -0400
 +++ ossec-hids-2.6/src/InstallAgent.sh	2012-07-09 09:56:12.061870552 -0400
@@ -80,7 +80,7 @@
 else
     grep "^${USER}" /etc/passwd > /dev/null 2>&1
     if [ ! $? = 0 ]; then
 -	/usr/sbin/groupadd ${GROUP}
 +	echo /usr/sbin/groupadd ${GROUP}
     # We first check if /sbin/nologin is present. If it is not,
     # we look for bin/false. If none of them is present, we
@@ -93,7 +93,7 @@
             OSMYSHELL="/bin/false"
         fi
     fi        
 -	/usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
 +	echo /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
     fi
 fi
@@ -105,31 +105,31 @@
 done
 # Default for all directories
 -chmod -R 550 ${DIR}
 -chown -R root:${GROUP} ${DIR}
 +echo chmod -R 550 ${DIR}
 +echo chown -R root:${GROUP} ${DIR}
 # To the ossec queue (default for agentd to read)
 -chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
 -chmod -R 770 ${DIR}/queue/ossec
 +echo chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
 +echo chmod -R 770 ${DIR}/queue/ossec
 # For the logging user
 -chown -R ${USER}:${GROUP} ${DIR}/logs
 -chmod -R 750 ${DIR}/logs
 -chmod -R 775 ${DIR}/queue/rids
 -touch ${DIR}/logs/ossec.log
 -chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
 -chmod 664 ${DIR}/logs/ossec.log
 -
 -chown -R ${USER}:${GROUP} ${DIR}/queue/diff
 -chmod -R 750 ${DIR}/queue/diff
 -chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
 +echo chown -R ${USER}:${GROUP} ${DIR}/logs
 +echo chmod -R 750 ${DIR}/logs
 +echo chmod -R 775 ${DIR}/queue/rids
 +echo touch ${DIR}/logs/ossec.log
 +echo chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
 +echo chmod 664 ${DIR}/logs/ossec.log
 +
 +echo chown -R ${USER}:${GROUP} ${DIR}/queue/diff
 +echo chmod -R 750 ${DIR}/queue/diff
 +echo chmod 740 ${DIR}/queue/diff/* "> /dev/null 2>&1"
 # For the etc dir
 -chmod 550 ${DIR}/etc
 -chown -R root:${GROUP} ${DIR}/etc
 +echo chmod 550 ${DIR}/etc
 +echo chown -R root:${GROUP} ${DIR}/etc
 ls /etc/localtime > /dev/null 2>&1
 if [ $? = 0 ]; then
@@ -167,25 +167,25 @@
 cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
 cp -pr agentlessd/scripts/* ${DIR}/agentless/
 -chown root:${GROUP} ${DIR}/etc/internal_options.conf
 -chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
 -chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
 -chown root:${GROUP} ${DIR}/agentless/*
 -chown ${USER}:${GROUP} ${DIR}/.ssh
 -chown -R root:${GROUP} ${DIR}/etc/shared
 -
 -chmod 550 ${DIR}/etc
 -chmod 440 ${DIR}/etc/internal_options.conf
 -chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
 -chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1
 -chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it
 -chmod 550 ${DIR}/agentless/*
 -chmod 700 ${DIR}/.ssh
 +echo chown root:${GROUP} ${DIR}/etc/internal_options.conf
 +echo chown root:${GROUP} ${DIR}/etc/local_internal_options.conf "> /dev/null 2>&1"
 +echo chown root:${GROUP} ${DIR}/etc/client.keys "> /dev/null 2>&1"
 +echo chown root:${GROUP} ${DIR}/agentless/*
 +echo chown ${USER}:${GROUP} ${DIR}/.ssh
 +echo chown -R root:${GROUP} ${DIR}/etc/shared
 +
 +echo chmod 550 ${DIR}/etc
 +echo chmod 440 ${DIR}/etc/internal_options.conf
 +echo chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
 +echo chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1
 +echo chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it
 +echo chmod 550 ${DIR}/agentless/*
 +echo chmod 700 ${DIR}/.ssh
 # For the /var/run
 -chmod 770 ${DIR}/var/run
 -chown root:${GROUP} ${DIR}/var/run
 +echo chmod 770 ${DIR}/var/run
 +echo chown root:${GROUP} ${DIR}/var/run
 # Moving the binary files
@@ -201,11 +201,11 @@
 sh ./init/fw-check.sh execute > /dev/null
 cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
 cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
 -chmod 755 ${DIR}/active-response/bin/*
 -chown root:${GROUP} ${DIR}/active-response/bin/*
 +echo chmod 755 ${DIR}/active-response/bin/*
 +echo chown root:${GROUP} ${DIR}/active-response/bin/*
 -chown root:${GROUP} ${DIR}/bin/*
 -chmod 550 ${DIR}/bin/*
 +echo chown root:${GROUP} ${DIR}/bin/*
 +echo chmod 550 ${DIR}/bin/*
 # Moving the config file
@@ -221,8 +221,8 @@
 else    
     cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf
 fi
 -chown root:${GROUP} ${DIR}/etc/ossec.conf
 -chmod 440 ${DIR}/etc/ossec.conf
 +echo chown root:${GROUP} ${DIR}/etc/ossec.conf
 +echo chmod 440 ${DIR}/etc/ossec.conf
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -1198,6 +1198,8 @@ let
  optipng = callPackage ../tools/graphics/optipng { };
  ossec = callPackage ../tools/security/ossec {};
  p7zip = callPackage ../tools/archivers/p7zip { };
  pal = callPackage ../tools/misc/pal { };