[Pkg-ossec-devel] [SCM] Git repository for pkg-ossec branch, master, updated. f89fb2c00b1a2606035e5cd0e35b4ebe99f049ac
Javier Fernandez-Sanguino
jfs at debian.org
Wed Aug 29 16:31:24 UTC 2012
The following commit has been merged in the master branch:
commit af353f6b104f3e1780647b51a762f049d3c69e45
Author: Javier Fernandez-Sanguino <jfs at debian.org>
Date: Sun Aug 26 13:04:47 2012 +0200
Describe changes that are introduced in the Debian package to
disable chroot by default.
diff --git a/debian/README.Debian b/debian/README.Debian
index dc55a1a..48624f4 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -1,6 +1,28 @@
-ossec-hids for Debian
+OSSEC for Debian
---------------------
-<possible notes regarding this package - if none, delete this file>
- -- Jose Antonio Quevedo Muñoz <joseantonio.quevedo at gmail.com> Sun, 13 Mar 2011 03:24:51 +0100
+ OSSEC for Debian has been changes to integrate it with the distribution.
+ The most significant change is the introduction of two new command line
+ options (-N and -C) to disable and to enable, respectively, chrooting
+ of the daemon.
+
+ Upstream installs all the binaries so that they run in a chroot environment
+ (/var/ossec). However, installing binaries in the chroot will not follow
+ the FFSTND and using a chroot will make it difficult to handle packages
+ upgrades (for bug fixes and new upstream releases) since this is not
+ handled by Debian's package management system. Consequently, this
+ behaviour is disabled by default.
+
+ The Debian maintainers acknowledge that this control enhances system's
+ security. The command line options introduced make it possible for users
+ to enable this behaviour. In order to run OSSEC in a chroot environment
+ the system administrator needs to first setup a chroot (manually or
+ using the 'makejail' program) for OSSEC and configure (in the ossec-init.conf
+ file) the location of the chroot directory.
+
+ To setup the chroot you can use /var/ossec as a basis, but remember to
+ change the symbolic links with the actual files/directories they point to.
+
+
+ -- Javier Fernández-Sanguino <jfs at debian.org> Sun, 26 Aug 2012 13:04:23 +0200
--
Git repository for pkg-ossec
More information about the Pkg-ossec-devel
mailing list