[Pkg-ossec-devel] [SCM] Git repository for pkg-ossec branch, master, updated. f89fb2c00b1a2606035e5cd0e35b4ebe99f049ac
Javier Fernandez-Sanguino
jfs at debian.org
Wed Aug 29 16:31:30 UTC 2012
The following commit has been merged in the master branch:
commit 6bc9eec614ea50f84733eee5ef21506aa38c9243
Author: Javier Fernandez-Sanguino <jfs at debian.org>
Date: Tue Aug 28 23:38:16 2012 +0200
- Standarise the location of the lock directory under /var/run for the
chroot for all the scripts that
- Also symlink this into the system's /var/run in debian/rules and
create the /var/ossec/var dir too
diff --git a/debian/ossec-hids-agent.dirs b/debian/ossec-hids-agent.dirs
index 9703588..3e0dd55 100644
--- a/debian/ossec-hids-agent.dirs
+++ b/debian/ossec-hids-agent.dirs
@@ -3,5 +3,4 @@ etc/ossec/shared
var/log/ossec
var/ossec/active-response/bin
var/ossec/agentless
-
-
+var/ossec/var/
diff --git a/debian/ossec-hids-local.dirs b/debian/ossec-hids-local.dirs
index 308be30..34d921a 100644
--- a/debian/ossec-hids-local.dirs
+++ b/debian/ossec-hids-local.dirs
@@ -16,3 +16,4 @@ var/ossec/queue/ossec
var/ossec/queue/rids
var/ossec/queue/rootcheck
var/ossec/queue/syscheck
+var/ossec/var/
diff --git a/debian/ossec-hids-server.dirs b/debian/ossec-hids-server.dirs
index 308be30..34d921a 100644
--- a/debian/ossec-hids-server.dirs
+++ b/debian/ossec-hids-server.dirs
@@ -16,3 +16,4 @@ var/ossec/queue/ossec
var/ossec/queue/rids
var/ossec/queue/rootcheck
var/ossec/queue/syscheck
+var/ossec/var/
diff --git a/debian/patches/05-standard-pidfile-location b/debian/patches/05-standard-pidfile-location
new file mode 100644
index 0000000..f2d9869
--- /dev/null
+++ b/debian/patches/05-standard-pidfile-location
@@ -0,0 +1,338 @@
+Index: pkg-ossec/active-response/host-deny.sh
+===================================================================
+--- pkg-ossec.orig/active-response/host-deny.sh 2012-08-28 23:23:04.000000000 +0200
++++ pkg-ossec/active-response/host-deny.sh 2012-08-28 23:27:14.000000000 +0200
+@@ -9,12 +9,14 @@
+ USER=$2
+ IP=$3
+
+-LOCAL=`dirname $0`;
+-cd $LOCAL
+-cd ../
+-PWD=`pwd`
+-LOCK="${PWD}/host-deny-lock"
+-LOCK_PID="${PWD}/host-deny-lock/pid"
++[ -e /etc/ossec-init.conf ] && . /etc/ossec-init.conf # Source the configuration file for DIRECTORY
++if [ -z "$DIRECTORY" ]; then
++ echo "ERROR: Cannot determine the value of the OSSEC directory"
++ [ ! -e "/etc/ossec-init.conf" ] && echo "ERROR: /etc/ossec-init.conf does not exist"
++ exit 1
++fi
++LOCK="${DIRECTORY}/var/run/ossec-hids/"
++LOCK_PID="${LOCK}/host-deny-lock.pid"
+ UNAME=`uname`
+
+
+Index: pkg-ossec/src/init/ossec-client.sh
+===================================================================
+--- pkg-ossec.orig/src/init/ossec-client.sh 2012-08-28 23:22:58.000000000 +0200
++++ pkg-ossec/src/init/ossec-client.sh 2012-08-28 23:31:10.000000000 +0200
+@@ -4,10 +4,14 @@
+ # Author: Daniel B. Cid <daniel.cid at gmail.com>
+
+
++[ -e /etc/ossec-init.conf ] && . /etc/ossec-init.conf # Source the configuration file for DIRECTORY
++if [ -z "$DIRECTORY" ]; then
++ echo "ERROR: Cannot determine the value of the OSSEC directory"
++ [ ! -e "/etc/ossec-init.conf" ] && echo "ERROR: /etc/ossec-init.conf does not exist"
++ exit 1
++fi
+ LOCAL=`dirname $0`;
+ cd ${LOCAL}
+-PWD=`pwd`
+-DIR=`dirname $PWD`;
+
+ ### Do not modify bellow here ###
+ NAME="OSSEC HIDS"
+@@ -17,8 +21,8 @@
+
+
+ ## Locking for the start/stop
+-LOCK="${DIR}/var/start-script-lock"
+-LOCK_PID="${LOCK}/pid"
++LOCK="${DIRECTORY}/var/run/ossec-hids/"
++LOCK_PID="${LOCK}/start-script-lock.pid"
+
+
+ # This number should be more than enough (even if it is
+@@ -32,11 +36,11 @@
+ checkpid()
+ {
+ for i in ${DAEMONS}; do
+- for j in `cat ${DIR}/var/run/${i}*.pid 2>/dev/null`; do
++ for j in `cat ${LOCK}/${i}*.pid 2>/dev/null`; do
+ ps -p $j |grep ossec >/dev/null 2>&1
+ if [ ! $? = 0 ]; then
+- echo "Deleting PID file '${DIR}/var/run/${i}-${j}.pid' not used..."
+- rm ${DIR}/var/run/${i}-${j}.pid
++ echo "Deleting PID file '${LOCK}/${i}-${j}.pid' not used..."
++ rm ${LOCK}/${i}-${j}.pid
+ fi
+ done
+ done
+@@ -123,7 +127,7 @@
+ {
+ # We first loop to check the config.
+ for i in ${SDAEMONS}; do
+- ${DIR}/bin/${i} -t;
++ ${DIRECTORY}/bin/${i} -t;
+ if [ $? != 0 ]; then
+ echo "${i}: Configuration error. Exiting"
+ unlock;
+@@ -146,7 +150,7 @@
+ for i in ${SDAEMONS}; do
+ pstatus ${i};
+ if [ $? = 0 ]; then
+- ${DIR}/bin/${i};
++ ${DIRECTORY}/bin/${i};
+ if [ $? != 0 ]; then
+ unlock;
+ exit 1;
+@@ -176,13 +180,13 @@
+ return 0;
+ fi
+
+- ls ${DIR}/var/run/${pfile}*.pid > /dev/null 2>&1
++ ls ${LOCK}/${pfile}*.pid > /dev/null 2>&1
+ if [ $? = 0 ]; then
+- for j in `cat ${DIR}/var/run/${pfile}*.pid 2>/dev/null`; do
++ for j in `cat ${LOCK}/${pfile}*.pid 2>/dev/null`; do
+ ps -p $j |grep ossec >/dev/null 2>&1
+ if [ ! $? = 0 ]; then
+ echo "${pfile}: Process $j not used by ossec, removing .."
+- rm -f ${DIR}/var/run/${pfile}-$j.pid
++ rm -f ${LOCK}/${pfile}-$j.pid
+ continue;
+ fi
+
+@@ -207,12 +211,12 @@
+ if [ $? = 1 ]; then
+ echo "Killing ${i} .. ";
+
+- kill `cat ${DIR}/var/run/${i}*.pid`;
++ kill `cat ${LOCK}/${i}*.pid`;
+ else
+ echo "${i} not running ..";
+ fi
+
+- rm -f ${DIR}/var/run/${i}*.pid
++ rm -f ${LOCK}/${i}*.pid
+
+ done
+
+Index: pkg-ossec/src/init/ossec-local.sh
+===================================================================
+--- pkg-ossec.orig/src/init/ossec-local.sh 2012-08-28 23:22:57.000000000 +0200
++++ pkg-ossec/src/init/ossec-local.sh 2012-08-28 23:32:36.000000000 +0200
+@@ -5,11 +5,13 @@
+
+
+ # Getting where we are installed
+-LOCAL=`dirname $0`;
+-cd ${LOCAL}
+-PWD=`pwd`
+-DIR=`dirname $PWD`;
+-PLIST=${DIR}/bin/.process_list;
++[ -e /etc/ossec-init.conf ] && . /etc/ossec-init.conf # Source the configuration file for DIRECTORY
++if [ -z "$DIRECTORY" ]; then
++ echo "ERROR: Cannot determine the value of the OSSEC directory"
++ [ ! -e "/etc/ossec-init.conf" ] && echo "ERROR: /etc/ossec-init.conf does not exist"
++ exit 1
++fi
++PLIST="${DIRECTORY}/bin/.process_list"
+
+
+ ### Do not modify bellow here ###
+@@ -28,8 +30,8 @@
+
+
+ ## Locking for the start/stop
+-LOCK="${DIR}/var/start-script-lock"
+-LOCK_PID="${LOCK}/pid"
++LOCK="${DIRECTORY}/var/run/ossec-hids/"
++LOCK_PID="${LOCK_DIR}/start-script-lock.pid"
+
+
+ # This number should be more than enough (even if it is
+@@ -43,11 +45,11 @@
+ checkpid()
+ {
+ for i in ${DAEMONS}; do
+- for j in `cat ${DIR}/var/run/${i}*.pid 2>/dev/null`; do
++ for j in `cat ${LOCK}/${i}*.pid 2>/dev/null`; do
+ ps -p $j |grep ossec >/dev/null 2>&1
+ if [ ! $? = 0 ]; then
+- echo "Deleting PID file '${DIR}/var/run/${i}-${j}.pid' not used..."
+- rm ${DIR}/var/run/${i}-${j}.pid
++ echo "Deleting PID file '${LOCK}/${i}-${j}.pid' not used..."
++ rm ${LOCK}/${i}-${j}.pid
+ fi
+ done
+ done
+@@ -200,7 +202,7 @@
+ {
+ # We first loop to check the config.
+ for i in ${SDAEMONS}; do
+- ${DIR}/bin/${i} -t ${DEBUG_CLI};
++ ${DIRECTORY}/bin/${i} -t ${DEBUG_CLI};
+ if [ $? != 0 ]; then
+ echo "${i}: Configuration error. Exiting"
+ unlock;
+@@ -216,7 +218,7 @@
+ SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-syscheckd ossec-monitord"
+
+ echo "Starting $NAME $VERSION (by $AUTHOR)..."
+- echo | ${DIR}/ossec-logtest > /dev/null 2>&1;
++ echo | ${DIRECTORY}/ossec-logtest > /dev/null 2>&1;
+ if [ ! $? = 0 ]; then
+ echo "ossec-analysisd: Configuration error. Exiting."
+ fi
+@@ -229,7 +231,7 @@
+ for i in ${SDAEMONS}; do
+ pstatus ${i};
+ if [ $? = 0 ]; then
+- ${DIR}/bin/${i} ${DEBUG_CLI};
++ ${DIRECTORY}/bin/${i} ${DEBUG_CLI};
+ if [ $? != 0 ]; then
+ unlock;
+ exit 1;
+@@ -259,13 +261,13 @@
+ return 0;
+ fi
+
+- ls ${DIR}/var/run/${pfile}*.pid > /dev/null 2>&1
++ ls ${LOCK}/${pfile}*.pid > /dev/null 2>&1
+ if [ $? = 0 ]; then
+- for j in `cat ${DIR}/var/run/${pfile}*.pid 2>/dev/null`; do
++ for j in `cat ${LOCK}/${pfile}*.pid 2>/dev/null`; do
+ ps -p $j |grep ossec >/dev/null 2>&1
+ if [ ! $? = 0 ]; then
+ echo "${pfile}: Process $j not used by ossec, removing .."
+- rm -f ${DIR}/var/run/${pfile}-$j.pid
++ rm -f ${LOCK}/${pfile}-$j.pid
+ continue;
+ fi
+
+@@ -290,12 +292,12 @@
+ if [ $? = 1 ]; then
+ echo "Killing ${i} .. ";
+
+- kill `cat ${DIR}/var/run/${i}*.pid`;
++ kill `cat ${LOCK}/${i}*.pid`;
+ else
+ echo "${i} not running ..";
+ fi
+
+- rm -f ${DIR}/var/run/${i}*.pid
++ rm -f ${LOCK}/${i}*.pid
+
+ done
+
+Index: pkg-ossec/src/init/ossec-server.sh
+===================================================================
+--- pkg-ossec.orig/src/init/ossec-server.sh 2012-08-28 23:22:55.000000000 +0200
++++ pkg-ossec/src/init/ossec-server.sh 2012-08-28 23:30:17.000000000 +0200
+@@ -5,11 +5,15 @@
+
+
+ # Getting where we are installed
++[ -e /etc/ossec-init.conf ] && . /etc/ossec-init.conf # Source the configuration file for DIRECTORY
++if [ -z "$DIRECTORY" ]; then
++ echo "ERROR: Cannot determine the value of the OSSEC directory"
++ [ ! -e "/etc/ossec-init.conf" ] && echo "ERROR: /etc/ossec-init.conf does not exist"
++ exit 1
++fi
+ LOCAL=`dirname $0`;
+ cd ${LOCAL}
+-PWD=`pwd`
+-DIR=`dirname $PWD`;
+-PLIST=${DIR}/bin/.process_list;
++PLIST="${DIRECTORY}/bin/.process_list"
+
+
+ ### Do not modify bellow here ###
+@@ -28,8 +32,8 @@
+
+
+ ## Locking for the start/stop
+-LOCK="${DIR}/var/start-script-lock"
+-LOCK_PID="${LOCK}/pid"
++LOCK="${DIRECTORY}/var/run/ossec-hids/"
++LOCK_PID="${LOCK_DIR}/start-script-lock.pid"
+
+
+ # This number should be more than enough (even if it is
+@@ -43,11 +47,11 @@
+ checkpid()
+ {
+ for i in ${DAEMONS}; do
+- for j in `cat ${DIR}/var/run/${i}*.pid 2>/dev/null`; do
++ for j in `cat ${LOCK}/${i}*.pid 2>/dev/null`; do
+ ps -p $j |grep ossec >/dev/null 2>&1
+ if [ ! $? = 0 ]; then
+- echo "Deleting PID file '${DIR}/var/run/${i}-${j}.pid' not used..."
+- rm ${DIR}/var/run/${i}-${j}.pid
++ echo "Deleting PID file '${LOCK}/${i}-${j}.pid' not used..."
++ rm ${LOCK}/${i}-${j}.pid
+ fi
+ done
+ done
+@@ -199,7 +203,7 @@
+ {
+ # We first loop to check the config.
+ for i in ${SDAEMONS}; do
+- ${DIR}/bin/${i} -t ${DEBUG_CLI};
++ ${DIRECTORY}/bin/${i} -t ${DEBUG_CLI};
+ if [ $? != 0 ]; then
+ echo "${i}: Configuration error. Exiting"
+ unlock;
+@@ -214,7 +218,7 @@
+ SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-remoted ossec-syscheckd ossec-monitord"
+
+ echo "Starting $NAME $VERSION (by $AUTHOR)..."
+- echo | ${DIR}/ossec-logtest > /dev/null 2>&1;
++ echo | ${DIRECTORY}/ossec-logtest > /dev/null 2>&1;
+ if [ ! $? = 0 ]; then
+ echo "OSSEC analysisd: Testing rules failed. Configuration error. Exiting."
+ fi
+@@ -226,7 +230,7 @@
+ for i in ${SDAEMONS}; do
+ pstatus ${i};
+ if [ $? = 0 ]; then
+- ${DIR}/bin/${i} ${DEBUG_CLI};
++ ${DIRECTORY}/bin/${i} ${DEBUG_CLI};
+ if [ $? != 0 ]; then
+ unlock;
+ exit 1;
+@@ -256,13 +260,13 @@
+ return 0;
+ fi
+
+- ls ${DIR}/var/run/${pfile}*.pid > /dev/null 2>&1
++ ls ${LOCK}/${pfile}*.pid > /dev/null 2>&1
+ if [ $? = 0 ]; then
+- for j in `cat ${DIR}/var/run/${pfile}*.pid 2>/dev/null`; do
++ for j in `cat ${LOCK}/${pfile}*.pid 2>/dev/null`; do
+ ps -p $j |grep ossec >/dev/null 2>&1
+ if [ ! $? = 0 ]; then
+ echo "${pfile}: Process $j not used by ossec, removing .."
+- rm -f ${DIR}/var/run/${pfile}-$j.pid
++ rm -f ${LOCK}/${pfile}-$j.pid
+ continue;
+ fi
+
+@@ -287,12 +291,12 @@
+ if [ $? = 1 ]; then
+ echo "Killing ${i} .. ";
+
+- kill `cat ${DIR}/var/run/${i}*.pid`;
++ kill `cat ${LOCK}/${i}*.pid`;
+ else
+ echo "${i} not running ..";
+ fi
+
+- rm -f ${DIR}/var/run/${i}*.pid
++ rm -f ${LOCK}/${i}*.pid
+
+ done
+
diff --git a/debian/patches/series b/debian/patches/series
index dc04e0b..6e366af 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,5 @@
01-avoid_internal_zlib.patch
02-add-chroot-option.patch
03-disable-chroot-default.patch
+04-control-lock-removal
+05-standard-pidfile-location
diff --git a/debian/rules b/debian/rules
index afd6289..7047649 100755
--- a/debian/rules
+++ b/debian/rules
@@ -103,6 +103,7 @@ install-local:
cd debian/ossec-hids-local/var/ossec && ln -s ../../etc/ossec/ etc
cd debian/ossec-hids-local/var/ossec && ln -s ../../var/log/ossec/ logs
cd debian/ossec-hids-local/var/ossec && ln -s ../../etc/ossec/rules/ rules
+ cd debian/ossec-hids-local/var/ossec/var && ln -s ../../../var/ run
chmod -R 550 debian/ossec-hids-local/var/ossec
chmod 770 debian/ossec-hids-local/var/ossec/queue/alerts
chmod 770 debian/ossec-hids-local/var/ossec/queue/ossec
@@ -147,6 +148,7 @@ install-server:
cd debian/ossec-hids-server/var/ossec && ln -s ../../etc/ossec/ etc
cd debian/ossec-hids-server/var/ossec && ln -s ../../var/log/ossec/ logs
cd debian/ossec-hids-server/var/ossec && ln -s ../../etc/ossec/rules/ rules
+ cd debian/ossec-hids-local/var/ossec/var && ln -s ../../../var/ run
chmod -R 550 debian/ossec-hids-server/var/ossec
chmod 770 debian/ossec-hids-server/var/ossec/queue/alerts
chmod 770 debian/ossec-hids-server/var/ossec/queue/ossec
@@ -190,7 +192,7 @@ install-agent:
cd debian/ossec-hids-agent/var/ossec && ln -s ../../usr/lib/ossec/ bin
cd debian/ossec-hids-agent/var/ossec && ln -s ../../etc/ossec/ etc
cd debian/ossec-hids-agent/var/ossec && ln -s ../../var/log/ossec/ logs
- chmod 750 debian/ossec-hids-agent/var/log/ossec
+ cd debian/ossec-hids-local/var/ossec/var && ln -s ../../../var/ run
# TODO: Missing configuration files, extract from src/InstallAgent.sh
chmod -R 550 debian/ossec-hids-agent/var/ossec
chmod 750 debian/ossec-hids-agent/var/log/ossec
--
Git repository for pkg-ossec
More information about the Pkg-ossec-devel
mailing list