Merge pull request #8 from obsrvbl/2.9.0beta5

2.9.0, synchronize with installer
obsrvbl-oss · May 2, 2017 · 758624e · 758624e
2 parents 7d250e9 + 1fd0bc4
commit 758624e
Show file tree

Hide file tree

Showing 7 changed files with 206 additions and 137 deletions.
diff --git a/.drone.yml b/.drone.yml
@@ -4,10 +4,10 @@ pipeline:
     environment:
       - PREFIX=/opt/obsrvbl/ossec
       - TARGET=local
-      - VERSION=2.8.3
     commands:
       - pip install -U awscli
       - make build
       - make deb
       - make rpm
       - aws s3 cp --region us-east-1 --recursive --acl public-read packages/ s3://onstatic/ossec-hids/${DRONE_BRANCH}/
+      - env
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,6 @@
+ossec-hids-local/active-response/
+ossec-hids-local/contrib/
+ossec-hids-local/etc/
+ossec-hids-local/src/
+ossec-hids-local/target_root/
+packages/
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 PREFIX = /opt/obsrvbl-ossec
 TARGET = local
-VERSION = 2.8.3
+VERSION = 2.9.0
 BUILD_DIR = ossec-hids-${TARGET}
 TARGET_ROOT = ${BUILD_DIR}/target_root
 
@@ -10,7 +10,7 @@ build:
 	cp -r ossec-hids/contrib/ ${BUILD_DIR}/
 	cp -r ossec-hids/active-response/ ${BUILD_DIR}/
 	make -C ${BUILD_DIR} all
-	make -C ${BUILD_DIR} install
+	make -C ${BUILD_DIR} install VERSION=${VERSION}
 
 deb:
 	mkdir -p packages/

diff --git a/ossec-hids b/ossec-hids
diff --git a/ossec-hids-local/Makefile b/ossec-hids-local/Makefile
@@ -1,9 +1,8 @@
 DESTDIR=/
 TARGET_ROOT=target_root
-DIR=${TARGET_ROOT}/opt/obsrvbl-ossec/
-OSSEC_INIT=${TARGET_ROOT}/etc/ossec-init.conf
+DIR=${TARGET_ROOT}/opt/obsrvbl-ossec
 TARGET ?= local
-VERSION ?= 2.8.3
+VERSION ?= 2.9
 PREFIX ?= /opt/obsrvbl-ossec
 
 all:
@@ -28,37 +27,106 @@ clean:
 	rm -f src/isbigendian
 
 install:
+	# Adaptation of the install-common target in src/Makefile
 	mkdir -p ${DIR}
-	mkdir -p ${DIR}/system
-	mkdir -p ${TARGET_ROOT}/etc/init
-	(cd ${DIR}; mkdir -p logs logs/archives logs/alerts logs/firewall bin stats rules queue queue/alerts queue/ossec queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless queue/rids tmp var var/run etc etc/shared active-response active-response/bin agentless .ssh)
-	cp -pr etc/rules/* ${DIR}/rules/
+	mkdir -p ${DIR}/logs
+	touch ${DIR}/logs/ossec.log
+
+	mkdir -p ${DIR}/bin
+	mkdir -p ${DIR}/lua
+	mkdir -p ${DIR}/lua/native
+	mkdir -p ${DIR}/lua/compiled
+	cp -p src/ossec-logcollector ${DIR}/bin/
+	cp -p src/ossec-syscheckd ${DIR}/bin/
+	cp -p src/ossec-execd ${DIR}/bin/
+	cp -p src/manage_agents ${DIR}/bin/
+	cp -p src/external/lua/src/ossec-lua ${DIR}/bin/
+	cp -p src/external/lua/src/ossec-luac ${DIR}/bin/
+	cp -p contrib/util.sh ${DIR}/bin/
+	cp -p src/init/ossec-local.sh ${DIR}/bin/ossec-control
+
+	mkdir -p ${DIR}/queue
+	mkdir -p ${DIR}/queue/alerts
+	mkdir -p ${DIR}/queue/ossec
+	mkdir -p ${DIR}/queue/syscheck
+	mkdir -p ${DIR}/queue/diff
+
+	mkdir -p ${DIR}/etc
 	cp -pL /etc/localtime ${DIR}/etc/ 2>/dev/null || /bin/true
-	cp -p /etc/TIMEZONE ${DIR}/etc/   2>/dev/null || /bin/true
-	cp -pr src/ossec* ${DIR}/bin/
-	cp -pr src/manage_agents ${DIR}/bin/
-	cp -pr src/syscheck_update ${DIR}/bin/
-	cp -pr src/verify-agent-conf ${DIR}/bin/
-	cp -pr src/clear_stats ${DIR}/bin/
-	cp -pr src/list_agents ${DIR}/bin/
-	cp -pr src/agent_control ${DIR}/bin/
-	cp -pr src/syscheck_control ${DIR}/bin/
-	cp -pr src/rootcheck_control ${DIR}/bin/
-	cp -pr contrib/util.sh ${DIR}/bin/
-	cp -pr src/init/ossec-local.sh ${DIR}/bin/ossec-control
-	cp -pr etc/decoder.xml ${DIR}/etc/
-	cp -pr etc/local_decoder.xml ${DIR}/etc/ > /dev/null 2>&1 || /bin/true
-	cp -pr etc/local_internal_options.conf ${DIR}/etc/ > /dev/null 2>&1 || /bin/true
-	cp -pr etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 ||/bin/true
+
+	mkdir -p ${DIR}/tmp
+
+	cp -p /etc/TIMEZONE ${DIR}/etc/ 2>/dev/null || /bin/true
+	cp -p etc/internal_options.conf ${DIR}/etc/
+	cp -p etc/local_internal_options.conf ${DIR}/etc/ > /dev/null 2>&1 || /bin/true
+	cp -p etc/client.keys ${DIR}/etc/ > /dev/null 2>&1 ||/bin/true
+	cp -p scripts/ossec-local.conf ${DIR}/etc/ossec.conf
+
+	mkdir -p ${DIR}/etc/shared
+	cp -p scripts/ossec-local.conf ${DIR}/etc/ossec.conf
+	cp -p src/rootcheck/db/*.txt ${DIR}/etc/shared/
+
+	mkdir -p ${DIR}/active-response
+	mkdir -p ${DIR}/active-response/bin
+	mkdir -p ${DIR}/agentless
 	cp -pr src/agentlessd/scripts/* ${DIR}/agentless/
-	cp -pr etc/internal_options.conf ${DIR}/etc/
-	cp -pr scripts/ossec-local.conf ${DIR}/etc/ossec.conf
-	cp -pr src/rootcheck/db/*.txt ${DIR}/etc/shared/
+
+	mkdir -p ${DIR}/.ssh
+
 	cp -p active-response/*.sh ${DIR}/active-response/bin/
 	cp -p active-response/firewalls/*.sh ${DIR}/active-response/bin/
+
+	mkdir -p ${DIR}/var
+	mkdir -p ${DIR}/var/run
+
+	# Adaptation of the install-server-generic target in src/Makefile
+	touch ${DIR}/logs/active-responses.log
+	mkdir -p ${DIR}/logs/archives
+	mkdir -p ${DIR}/logs/alerts
+	mkdir -p ${DIR}/logs/firewall
+
+	cp -p src/ossec-agentlessd ${DIR}/bin/
+	cp -p src/ossec-analysisd ${DIR}/bin/
+	cp -p src/ossec-monitord ${DIR}/bin/
+	cp -p src/ossec-reportd ${DIR}/bin/
+	cp -p src/ossec-maild ${DIR}/bin/
+	cp -p src/ossec-remoted ${DIR}/bin/
+	cp -p src/ossec-logtest ${DIR}/bin/
+	cp -p src/ossec-csyslogd ${DIR}/bin/
+	cp -p src/ossec-authd ${DIR}/bin/
+	cp -p src/ossec-dbd ${DIR}/bin/
+	cp -p src/ossec-makelists ${DIR}/bin/
+	cp -p src/verify-agent-conf ${DIR}/bin/
+	cp -p src/clear_stats ${DIR}/bin/
+	cp -p src/list_agents ${DIR}/bin/
+	cp -p src/ossec-regex ${DIR}/bin/
+	cp -p src/syscheck_update ${DIR}/bin/
+	cp -p src/agent_control ${DIR}/bin/
+	cp -p src/syscheck_control ${DIR}/bin/
+	cp -p src/rootcheck_control ${DIR}/bin/
+
+	mkdir -p ${DIR}/stats
+	mkdir -p ${DIR}/rules
+	cp -p etc/rules/*.xml ${DIR}/rules/
+
+	mkdir -p ${DIR}/queue/fts
+
+	mkdir -p ${DIR}/queue/rootcheck
+
+	mkdir -p ${DIR}/queue/agent-info
+	mkdir -p ${DIR}/queue/agentless
+
+	mkdir -p ${DIR}/queue/rids
+
+	cp -pr etc/decoder.xml ${DIR}/etc/
+
+	# Additional files
+	mkdir -p ${DIR}/system
 	cp -p scripts/ossec-hids-local.conf ${DIR}/system/ossec-hids-local.conf
 	cp -p scripts/ossec-hids-local.service ${DIR}/system/ossec-hids-local.service
-	echo "DIRECTORY=\"/opt/obsrvbl-ossec\"" > ${OSSEC_INIT}
-	echo "VERSION=\"v${VERSION}\"" >> ${OSSEC_INIT}
-	echo "DATE=\"`date`\"" >> ${OSSEC_INIT}
-	echo "TYPE=\"local\"" >> ${OSSEC_INIT}
+
+	mkdir -p ${DIR}/etc
+	echo "DIRECTORY=\"/opt/obsrvbl-ossec\"" > ${DIR}/etc/ossec-init.conf
+	echo "VERSION=\"v${VERSION}\"" >> ${DIR}/etc/ossec-init.conf
+	echo "DATE=\"`date`\"" >> ${DIR}/etc/ossec-init.conf
+	echo "TYPE=\"local\"" >> ${DIR}/etc/ossec-init.conf
+3 −3		.travis.yml
+10 −6		BUGS
+94 −0		CHANGELOG
+3 −3		CONFIG
+5 −5		CONTRIBUTORS
+2 −2		INSTALL
+1 −1		LICENSE
+6 −6		README.md
+45 −0		active-response/ossec-slack.sh
+8 −7		active-response/win/route-null.cmd
+4 −4		contrib/debian-packages/ossec-hids/debian/patches/02_ossec-server.conf.patch
+49 −0		contrib/ossec-testing/tests/opensmtpd.ini
+28 −0		contrib/ossec-testing/tests/sshd.ini
+8 −0		contrib/ossec-testing/tests/sudo.ini
+55 −0		contrib/ossec_rules_list.py
+92 −38		etc/decoder.xml
+3 −3		etc/internal_options.conf
+4 −1		etc/ossec-agent.conf
+8 −4		etc/ossec-local.conf
+9 −5		etc/ossec-server.conf
+9 −4		etc/ossec.conf
+68 −0		etc/rules/opensmtpd_rules.xml
+1 −1		etc/rules/ossec_rules.xml
+26 −0		etc/rules/sshd_rules.xml
+7 −0		etc/rules/syslog_rules.xml
+13 −2		etc/rules/systemd_rules.xml
+1 −0		etc/templates/config/rootcheck.template
+1 −0		etc/templates/config/rules.template
+1 −1		etc/templates/config/syscheck.template
+15 −23		install.sh
+7 −8		src/Makefile
+2 −2		src/addagent/b64.c
+13 −6		src/addagent/main.c
+28 −9		src/addagent/manage_agents.c
+3 −0		src/addagent/manage_agents.h
+26 −9		src/addagent/manage_keys.c
+1 −1		src/addagent/validate.c
+2 −1		src/agentlessd/main.c
+2 −1		src/analysisd/analysisd.c
+10 −8		src/analysisd/decoders/decode-xml.c
+108 −56		src/analysisd/decoders/plugins/ossecalert_decoder.c
+0 −1		src/analysisd/eventinfo.c
+1 −2		src/analysisd/lists_list.c
+1 −1		src/analysisd/rules.c
+3 −3		src/analysisd/stats.c
+24 −2		src/analysisd/testrule.c
+17 −5		src/config/global-config.c
+59 −44		src/config/localfile-config.c
+1 −0		src/config/mail-config.h
+4 −1		src/config/rules-config.c
+70 −0		src/config/syscheck-config.c
+3 −0		src/config/syscheck-config.h
+3 −3		src/error_messages/error_messages.h
+2 −1		src/headers/defs.h
+5 −1		src/init/adduser.sh
+1 −1		src/init/ossec-client.sh
+1 −1		src/init/ossec-local.sh
+1 −1		src/init/ossec-server.sh
+13 −9		src/logcollector/logcollector.c
+2 −1		src/monitord/main.c
+1 −2		src/os_crypto/md5/md5_op.c
+1 −2		src/os_crypto/md5_sha1/md5_sha1_op.c
+1 −2		src/os_crypto/sha1/sha1_op.c
+2 −0		src/os_csyslogd/alert.c
+2 −1		src/os_csyslogd/main.c
+32 −13		src/os_dbd/alert.c
+2 −1		src/os_dbd/main.c
+1 −1		src/os_dbd/mysql.schema
+8 −8		src/os_dbd/postgresql.schema
+1 −0		src/os_maild/config.c
+8 −5		src/os_maild/maild.c
+153 −98		src/os_maild/sendcustomemail.c
+364 −265		src/os_maild/sendmail.c
+2 −3		src/remoted/secure.c
+2 −1		src/reportd/report.c
+44 −44		src/rootcheck/db/cis_debian_linux_rcl.txt
+70 −70		src/rootcheck/db/cis_rhel5_linux_rcl.txt
+68 −68		src/rootcheck/db/cis_rhel6_linux_rcl.txt
+814 −0		src/rootcheck/db/cis_rhel7_linux_rcl.txt
+46 −46		src/rootcheck/db/cis_rhel_linux_rcl.txt
+13 −13		src/rootcheck/db/system_audit_rcl.txt
+15 −15		src/rootcheck/db/win_applications_rcl.txt
+9 −9		src/rootcheck/db/win_audit_rcl.txt
+11 −11		src/rootcheck/db/win_malware_rcl.txt
+0 −26		src/rootcheck/rootcheck-config.c
+0 −2		src/rootcheck/rootcheck.conf
+1 −1		src/shared/file-queue.c
+5 −2		src/shared/fs_op.c
+9 −1		src/shared/report_op.c
+1 −1		src/shared/store_op.c
+50 −12		src/shared/validate_op.c
+2 −0		src/syscheckd/config.c
+55 −16		src/syscheckd/seechanges.c
+21 −0		src/syscheckd/syscheck.c
+0 −1		src/tests/test_os_net.c
+1 −1		src/win32/help.txt
+1 −1		src/win32/ossec-installer.nsi