Keith,
you may be right.
During the install, OSSEC creates one or several users and one group. When
installing the client, user ossec and group ossec is created. When installing
a server
users ossec, ossecm and ossecr and group ossec are created. These users are
used to chroot the several ossec processes.
You can create all users yourself with homedir being the location where you'll
install OSSEC and a shell of /bin/false or something similar.
Run the install afterwards and those errors will be gone.
I'm not sure about the 'ar' socket not being created.
HTH,
Cheers,
W
On 05 Feb 2010, at 22:13, Keith Tyler wrote:
> Just wondering if anyone was able to get OSSEC working in rPath Linux. We
> have tried several ways and we run into problems such as the ‘ar’ socket not
> being created and file permissions screwed up. I am sure this is because of
> the install script.
>
> class Ossec(CPackageRecipe):
> name="ossec"
> version="2.2"
> buildRequires=[
>
> "info-ossec:user","which:runtime","net-tools:runtime","expect:runtime",
> 'bind-utils:runtime',
> "info-ossecr:user", 'glibc:config'
> ]
>
>
> default=('root', 'ossec', 0750)
> ossec=('ossec','ossec', 0750)
> gossec=('ossec','ossec', 0770)
> srvSubDirs={
> 'logs':ossec, 'logs/archives':default, 'logs/alerts':default,
> 'logs/firewall':default, 'bin':default, 'stats':ossec,
> 'rules':default, 'queue':default, 'queue/alerts':gossec,
> 'queue/ossec':gossec, 'queue/fts':ossec, 'queue/syscheck':ossec,
> 'queue/rootcheck':ossec, 'queue/diff':ossec,
> 'queue/agent-info':('ossecr','ossec',0755),
> 'queue/rids':('ossecr','ossec',0755),
> 'queue/agentless':('ossec','ossec',0755), 'tmp':default,
> 'var':default, 'var/run':('root','ossec',0770), 'etc':default,
> 'etc/shared':('root','ossec',0770), 'active-response':default,
> 'active-response/bin':default, 'agentless':default,
> '.ssh':('ossec','ossec',0700), 'var/start-script-lock':gossec
> }
> agtSubDirs={
> 'queue':default, 'queue/ossec':gossec, 'logs':ossec,
> 'queue/rids':gossec, 'etc':default, 'bin':default,
> 'queue/alerts':default, 'queue/syscheck':default, 'var':default,
> 'var/run':default, 'etc':default,
> 'etc/shared':default, 'active-response':default,
> 'active-response/bin':default, 'agentless':default,
> '.ssh':('ossec','ossec',0700), 'var/start-script-lock':gossec
> }
>
> def unpack(r):
> r.macros.answerSrv = 'server.answers'
> r.macros.answerAgt = 'agent.answers'
>
> r.addArchive("http://www.ossec.net/files/%(name)s-hids-%(version)s.tar.gz")
> r.addSource("%(answerSrv)s", macros=True)
> r.addSource("%(answerAgt)s", macros=True)
> r.addSource('ossec-server.init', dest='%(initdir)s/ossec-server',
> mode=0755)
> r.addSource('ossec-agent.init', dest='%(initdir)s/ossec-agent',
> mode=0755)
>
> def setup(r):
> r.unpack()
> r.build()
> r.policy()
>
> def build(r):
> #r.Replace('CEXTRA=.*-DDEFAULTDIR=.*$', '#', 'install.sh')
> r.Run('echo ME="root" >> src/init/functions.sh && printf
> "#!/bin/bash\nexit 0" > src/InstallServer.sh')
> r.Run('./install.sh < %(answerSrv)s')
> r.Create('%(servicedir)s/ossec-server/logs/ossec.log', mode=0664)
> r.installServer()
> r.Run('make clean', dir='src/')
> r.Run('printf "#!/bin/bash\nexit 0" > src/InstallAgent.sh')
> r.Run('./install.sh < %(answerAgt)s')
> r.Create('%(servicedir)s/ossec-server/logs/ossec.log', mode=0644)
> r.installAgent()
>
> def installServer(r):
> binaries = (
> 'ossec*', 'manage_agents', 'syscheck_update', 'clear_stats',
> 'list_agents', 'agent_control', 'syscheck_control',
> 'rootcheck_control'
> )
>
> for k,v in r.srvSubDirs.iteritems():
> r.MakeDirs('%(servicedir)s/ossec-server/' + k, mode=v[2])
>
> for bin in binaries:
> r.Install('bin/' + bin, '%(servicedir)s/ossec-server/bin/',
> mode=0750)
>
> r.Install('etc/rules/*', '%(servicedir)s/ossec-server/rules/',
> mode=0750)
> r.Install('etc/decoder.xml', '%(servicedir)s/ossec-server/etc/',
> mode=0640)
> r.Install('src/agentlessd/scripts/*',
> '%(servicedir)s/ossec-server/agentless/', mode=0750)
> r.Install('etc/internal_options.conf',
> '%(servicedir)s/ossec-server/etc/', mode=0640)
> r.Install('src/rootcheck/db/*.txt',
> '%(servicedir)s/ossec-server/etc/shared/', mode=0640)
> r.Install('active-response/*.sh',
> '%(servicedir)s/ossec-server/active-response/bin/', mode=0755)
> r.Install('active-response/firewalls/*.sh',
> '%(servicedir)s/ossec-server/active-response/bin/', mode=0755)
> r.Install('etc/ossec-server.conf',
> '%(servicedir)s/ossec-server/etc/ossec.conf', mode=0640)
> r.Install('src/init/ossec-server.sh',
> '%(servicedir)s/ossec-server/ossec-control', mode=0750)
>
> def installAgent(r):
> binaries = (
> 'ossec-agentd', 'ossec-logcollector', 'ossec-syscheckd',
> 'ossec-execd', 'manage_agents'
> )
> for k,v in r.agtSubDirs.iteritems():
> r.MakeDirs('%(servicedir)s/ossec-agent/' + k, mode=v[2])
>
> for bin in binaries:
> r.Install('bin/' + bin, '%(servicedir)s/ossec-agent/bin/',
> mode=0750)
>
> r.Symlink('/etc/localtime', '%(servicedir)s/ossec-agent/etc/')
> r.Install('src/init/ossec-client.sh',
> '%(servicedir)s/ossec-agent/bin/ossec-control', mode=0750)
> r.Install('src/rootcheck/db/*.txt',
> '%(servicedir)s/ossec-agent/etc/shared/', mode=0770)
> r.Install('src/agentlessd/scripts/*',
> '%(servicedir)s/ossec-agent/agentless/', mode=750)
> r.Install('active-response/*.sh',
> '%(servicedir)s/ossec-agent/active-response/bin/', mode=0755)
> r.Install('active-response/firewalls/*.sh',
> '%(servicedir)s/ossec-agent/active-response/bin/', mode=0755)
> r.Install('etc/ossec-agent.conf',
> '%(servicedir)s/ossec-agent/ossec.conf', mode=0640)
>
>
> def policy(r):
> for k,v in r.srvSubDirs.iteritems():
> r.Ownership(v[0], v[1], '%(servicedir)s/ossec-server/' + k)
> r.Ownership('root', 'ossec',
> '%(servicedir)s/ossec-server/etc/.*')
> r.Ownership('root', 'ossec', '%(servicedir)s/ossec-server/bin/.*')
> r.Ownership('root', 'ossec',
> '%(servicedir)s/ossec-server/agentless/.*')
> r.Ownership('root', 'ossec',
> '%(servicedir)s/ossec-server/etc/shared/.*')
> r.Ownership('root', 'ossec',
> '%(servicedir)s/ossec-server/active-response/bin/.*')
> r.Ownership('root', 'ossec',
> '%(servicedir)s/ossec-server/etc/ossec.conf')
> r.Ownership('root', 'ossec', '%(servicedir)s/ossec-server/rules/.*')
> r.Ownership('ossec', 'ossec',
> '%(servicedir)s/ossec-server/logs/ossec.log')
> for k,v in r.agtSubDirs.iteritems():
> r.Ownership(v[0], v[1], '%(servicedir)s/ossec-agent/' + k)
> r.Ownership('ossec', 'ossec',
> '%(servicedir)s/ossec-agent/logs/ossec.log')
> r.Ownership('root', 'ossec',
> '%(servicedir)s/ossec-agent/agentless/.*')
> r.Ownership('root', 'ossec', '%(servicedir)s/ossec-agent/bin/.*')
> r.Ownership('root', 'ossec',
> '%(servicedir)s/ossec-agent/active-response/.*')
> r.Ownership('root', 'ossec',
> '%(servicedir)s/ossec-agent/active-response/bin/.*')
> r.Ownership('root', 'ossec', '%(servicedir)s/ossec-agent/etc/.*')
>
> r.PackageSpec('ossec-server', '%(servicedir)s/ossec-server/.*')
> r.PackageSpec('ossec-server', '%(initdir)s/ossec-server')
> r.PackageSpec('ossec-agent', '%(servicedir)s/ossec-agent/.*')
> r.PackageSpec('ossec-agent', '%(initdir)s/ossec-agent')
>
>
> r.DanglingSymlinks(exceptions='%(servicedir)s/ossec-agent/etc/localtime')
>
> r.Config(exceptions='%(initdir)s/.*')
> r.TagSpec('initscript', '%(initdir)s/')
> r.ExcludeDirectories(exceptions='%(servicedir)s/ossec.*')
>
>
>
> Keith
