I created my own RPM for OSSEC. What I did, I downloaded the latest snapshot from mercurial, and run the install.sh on a test machine. Once installed, I created a tarball of the ossec directory and used it to create a RPM. In my case, the application has to be under /apps. Here is my spec file: %define name ossec %define release 2 %define version 26 %define prg ossec %define appsdir /apps
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot Summary: Ossec agent License: GPL Name: %{name} Version: %{version} Release: %{release} Source: %{name}-%{version}.tar.gz Prefix: / Autoreq: 0 Group: Development/Tools Vendor: http://www.ossec.net Packager: InfoSec Provides: ossec ExclusiveOS: linux %description OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response. %prep %setup -q %build %define debug_package %{nil} %define __strip /bin/true %install rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT cp -r * $RPM_BUILD_ROOT %pre if ! id -g %{prg} > /dev/null 2>&1; then groupadd -r %{prg} fi if ! id -u %{prg} > /dev/null 2>&1; then useradd -g %{prg} -G %{prg} \ -d %{appsdir}/%{prg} \ -r -s /sbin/nologin %{prg} fi %post # Generate the ossec-init.conf template echo "DIRECTORY=\"%{appsdir}/%{prg}\"" > %{appsdir}/%{prg}/etc/%{prg}-init.conf echo "VERSION=\"v2.6\"" >> %{appsdir}/%{prg}/etc/%{prg}-init.conf echo "DATE=\"`date`\"" >> %{appsdir}/%{prg}/etc/%{prg}-init.conf echo "TYPE=\"agent\"" >> %{appsdir}/%{prg}/etc/%{prg}-init.conf # Symlink ln -sf %{appsdir}/%{prg}/etc/%{prg}-init.conf %{_sysconfdir}/%{prg}-init.conf # Enable service chkconfig --add %{name} chkconfig %{name} off %files %defattr(-,root,root) /etc/rc.d/init.d/ossec %defattr(-,root,%{prg}) /apps/ossec/* %attr(550,root,%{prg}) %dir %{appsdir}/%{prg} %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/active-response %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/active-response/bin %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/bin %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/etc %attr(770,%{prg},%{prg}) %dir %{appsdir}/%{prg}/etc/shared %attr(750,%{prg},%{prg}) %dir %{appsdir}/%{prg}/logs %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/queue %attr(750,%{prg},%{prg}) %dir %{appsdir}/%{prg}/queue/syscheck %attr(770,%{prg},%{prg}) %dir %{appsdir}/%{prg}/queue/ossec %attr(755,%{prg},%{prg}) %dir %{appsdir}/%{prg}/queue/rids %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/var %attr(770,root,%{prg}) %dir %{appsdir}/%{prg}/var/run So far, it has been working very well for me. I can use this RPM to be deployed through our puppet infrastructure. And with 2.6, autoregistration is a very nice feature to have. I created RPM for x86_64 and i386 RHEL/CentOS 5 machines. I hope it helps. -Stephane On 1/4/12 5:02 PM, "Joe S" <js.li...@gmail.com> wrote: >I few people have mentioned that they were working on making RPMs for >OSSEC, given the issues with the Atomic RPMs linked on the OSSEC >download page. Have you had any success? Do you have a SPEC file you >can share? >