[ossec-list] Re: latest spec file - 2.6?

2011-10-14 Thread Kat 
Very glad I seemed to spark some interest in getthing the SPEC files
updated. It just makes for a much nicer/cleaner release for 2.6 since
the SPEC is very old there and missing compiles of a lot of the newer
features.

Thanks to all and if I can help, just let me know.

-K

RE: [ossec-list] Re: latest spec file - 2.6?

2011-10-13 Thread Swartz, Patrick H 
I would be glad to help with any testing for this. I have multiple flavors 
(SLES[9-11] & RHEL[3-6] - 32bit/64bit) and a wide variety of hardware to test 
with.  I can't be much help with the actual spec file, but willing to help with 
the testing.

Patrick Swartz

-Original Message-
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On 
Behalf Of treydock
Sent: Thursday, October 13, 2011 8:14 AM
To: ossec-list
Subject: [ossec-list] Re: latest spec file - 2.6?



On Oct 12, 2:01 pm, "dan (ddp)"  wrote:
> On Wed, Oct 12, 2011 at 2:55 PM, Jason 'XenoPhage' Frisvold
>
>  wrote:
> > On Oct 12, 2011, at 1:59 PM, dan (ddp) wrote:
> >> I'm the wrong Dan, but PLEASE do this. :)
>
> > Yup, meant the magical Mr. Cid.  :)
>
> >> I've tweaked the one in your srpm a bit, mostly to remove the patches.
> >> It seems to compile, but I haven't done any more testing than that.
>
> > Sure, I'd be happy to put something together..  Perhaps Trey and I should 
> > put our heads together..  Anyone else interested?
>
> I'm not a wiz with rpm, but keep me in the loop. :)
>
>
>
>
>
>
>
> > ---
> > Jason 'XenoPhage' Frisvold
> > xenoph...@godshell.com
> > ---
> > "Any sufficiently advanced magic is indistinguishable from technology."
> > - Niven's Inverse of Clarke's Third Law

I'd be fine getting together and building an official or un-official
RPM set for OSSEC.  I'm contemplating making all my RPMs available via
a yum repo.   Right now I run one internally at work, and would either
publish it's URL or replicate it to my personal web space.

The only changes I made was removing some of the patched code, that
isn't present when installing from source, and adding the option to
clear out ossec.conf and add agent.conf that can be managed by the
server.  I also touch the var/active-response.log file on clients as I
like to monitor that for changes.  The rest of the changes were to
file permissions.

I've tested mine pretty thoroughly, I had the CentOS 5 and 6 x86_64
recently pushed by Puppet to 4 systems.  Once it was installed all I
had to do was add the key from the server, start the daemon and it
worked.  The rest of my servers where upgraded to 2.6 via RPMs.

- Trey

-
The information in this message may be proprietary and/or
confidential, and protected from disclosure.  If the reader of this
message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify First Data
immediately by replying to this message and deleting it from your
computer.

[ossec-list] Re: latest spec file - 2.6?

2011-10-13 Thread treydock 


On Oct 12, 2:01 pm, "dan (ddp)"  wrote:
> On Wed, Oct 12, 2011 at 2:55 PM, Jason 'XenoPhage' Frisvold
>
>  wrote:
> > On Oct 12, 2011, at 1:59 PM, dan (ddp) wrote:
> >> I'm the wrong Dan, but PLEASE do this. :)
>
> > Yup, meant the magical Mr. Cid.  :)
>
> >> I've tweaked the one in your srpm a bit, mostly to remove the patches.
> >> It seems to compile, but I haven't done any more testing than that.
>
> > Sure, I'd be happy to put something together..  Perhaps Trey and I should 
> > put our heads together..  Anyone else interested?
>
> I'm not a wiz with rpm, but keep me in the loop. :)
>
>
>
>
>
>
>
> > ---
> > Jason 'XenoPhage' Frisvold
> > xenoph...@godshell.com
> > ---
> > "Any sufficiently advanced magic is indistinguishable from technology."
> > - Niven's Inverse of Clarke's Third Law

I'd be fine getting together and building an official or un-official
RPM set for OSSEC.  I'm contemplating making all my RPMs available via
a yum repo.   Right now I run one internally at work, and would either
publish it's URL or replicate it to my personal web space.

The only changes I made was removing some of the patched code, that
isn't present when installing from source, and adding the option to
clear out ossec.conf and add agent.conf that can be managed by the
server.  I also touch the var/active-response.log file on clients as I
like to monitor that for changes.  The rest of the changes were to
file permissions.

I've tested mine pretty thoroughly, I had the CentOS 5 and 6 x86_64
recently pushed by Puppet to 4 systems.  Once it was installed all I
had to do was add the key from the server, start the daemon and it
worked.  The rest of my servers where upgraded to 2.6 via RPMs.

- Trey

[ossec-list] Re: latest spec file - 2.6?

2011-10-11 Thread treydock 


On Oct 3, 8:35 am, Kat  wrote:
> Just curious if anyone has a current spec file for agent and server
> for 2.6? All the ones I am finding are very old. A lot of changes have
> occurred and i don't want to re-invent the wheel if someone else has
> already done the work.
>
> thanks
> ~k

I have RPMs for CentOS 5 and 6 here, 
http://itscblog.tamu.edu/ossec-2-6-rpms-for-centos/,
as well as the SRPMs to customize with.  Jason's SRPM was what made
mine possible, I only tweaked a few things.

- Trey