ossec-hids: several issues
There are several issues with the ossec-hids package:
-
Currently only the installation type ‘server’ is supported. In addition, the installation types ‘agent’ and ‘local’ should also be supported.
In the attached patch we added support for the agent type.
However, to get it working, the following parameter in APKBUILD needs to be changed:
export USER_INSTALL_TYPE=agent
It is suggested to create several separate (sub-)packages for the agent and server, such as ossec-server and ossec-agent (local is imho not needed) -
The source directory contains several old patch files which are not used anymore.
In the attached patch we removed these files -
The ossec users (ossec, ossecm, ossecr) are currently created with the default shell /bin/false. However, the common no-login shell in Alpine Linux seems to be /sbin/nologin
The attached patch contains this change -
Ossec is installed in a chroot under /var/ossec, the configuration files are stored in /var/ossec/etc. It seems that these configuration files in /var/ossec/etc are overwritten during the upgrade. They should be preserved and addressed with ‘update-conf’
-
The file /var/ossec/etc/ossec.conf contains wrong path definitions, such as
/var/buildserver/aports/testing/ossec-hids/pkg/ossec-hids/var/ossec/etc/shared/rootkit_files.txt
correct would be:
/var/ossec/etc/shared/rootkit_files.txt
(from redmine: issue id 10235, created on 2019-04-13, closed on 2019-07-11)
- Changesets:
- Revision 841a0b25 by Francesco Colista on 2019-07-09T07:11:42Z:
testing/ossec-hids: added agent, updated APKBUILD, fixes #10235