mirrors/meta-security
1
0
Fork 0
mirror of https://git.yoctoproject.org/meta-security synced 2026-05-07 04:58:47 +00:00
Code Issues Projects Releases Wiki Activity

ossec-hids: Fix usermod

Browse Source 
Use built in USERMOD to set uid and gid properly.
convert to using OSSEC_DIR instead of DIR

Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Armin Kuster
2023-06-26 13:06:17 -04:00
parent 7840dd1b53
commit 3d2533f329
1 changed files with 57 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
recipes-ids/ossec/ossec-hids_3.7.0.bb
+57 -52
View File
@@ -17,11 +17,19 @@ inherit autotools-brokensep useradd
S = "${WORKDIR}/git" S = "${WORKDIR}/git"
OSSEC_DIR="/var/ossec"
OSSEC_UID ?= "ossec" OSSEC_UID ?= "ossec"
OSSEC_RUID ?= "ossecr" OSSEC_RUID ?= "ossecr"
OSSEC_GID ?= "ossec" OSSEC_GID ?= "ossec"
OSSEC_EMAIL ?= "ossecm" OSSEC_EMAIL ?= "ossecm"
USERADD_PACKAGES = "${PN}"
GROUPADD_PARAM:${PN} = "--system ${OSSEC_UID}"
USERADD_PARAM:${PN} = "--system -g ${OSSEC_GID} --home-dir \
${OSSEC_DIR} --no-create-home \
--shell /sbin/nologin ${BPN}"
do_configure[noexec] = "1" do_configure[noexec] = "1"
do_compile() { do_compile() {
@@ -45,78 +53,75 @@ do_install(){
} }
pkg_postinst_ontarget:${PN} () { pkg_postinst_ontarget:${PN} () {
DIR="/var/ossec"
usermod -g ossec -G ossec -a root
# Default for all directories # Default for all directories
chmod -R 550 ${DIR} chmod -R 550 ${OSSEC_DIR}
chown -R root:${OSSEC_GID} ${DIR} chown -R root:${OSSEC_GID} ${OSSEC_DIR}
# To the ossec queue (default for agentd to read) # To the ossec queue (default for agentd to read)
chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/ossec chown -R ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/queue/ossec
chmod -R 770 ${DIR}/queue/ossec chmod -R 770 ${OSSEC_DIR}/queue/ossec
# For the logging user # For the logging user
chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs chown -R ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/logs
chmod -R 750 ${DIR}/logs chmod -R 750 ${OSSEC_DIR}/logs
chmod -R 775 ${DIR}/queue/rids chmod -R 775 ${OSSEC_DIR}/queue/rids
touch ${DIR}/logs/ossec.log touch ${OSSEC_DIR}/logs/ossec.log
chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs/ossec.log chown ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/logs/ossec.log
chmod 664 ${DIR}/logs/ossec.log chmod 664 ${OSSEC_DIR}/logs/ossec.log
chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/diff chown -R ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/queue/diff
chmod -R 750 ${DIR}/queue/diff chmod -R 750 ${OSSEC_DIR}/queue/diff
chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true chmod 740 ${OSSEC_DIR}/queue/diff/* > /dev/null 2>&1 || true
# For the etc dir # For the etc dir
chmod 550 ${DIR}/etc chmod 550 ${OSSEC_DIR}/etc
chown -R root:${OSSEC_GID} ${DIR}/etc chown -R root:${OSSEC_GID} ${OSSEC_DIR}/etc
if [ -f /etc/localtime ]; then if [ -f /etc/localtime ]; then
cp -pL /etc/localtime ${DIR}/etc/; cp -pL /etc/localtime ${OSSEC_DIR}/etc/;
chmod 555 ${DIR}/etc/localtime chmod 555 ${OSSEC_DIR}/etc/localtime
chown root:${OSSEC_GID} ${DIR}/etc/localtime chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/localtime
fi fi
if [ -f /etc/TIMEZONE ]; then if [ -f /etc/TIMEZONE ]; then
cp -p /etc/TIMEZONE ${DIR}/etc/; cp -p /etc/TIMEZONE ${OSSEC_DIR}/etc/;
chmod 555 ${DIR}/etc/TIMEZONE chmod 555 ${OSSEC_DIR}/etc/TIMEZONE
fi fi
# More files # More files
chown root:${OSSEC_GID} ${DIR}/etc/internal_options.conf chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/internal_options.conf
chown root:${OSSEC_GID} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
chown root:${OSSEC_GID} ${DIR}/etc/client.keys >/dev/null 2>&1 || true chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/client.keys >/dev/null 2>&1 || true
chown root:${OSSEC_GID} ${DIR}/agentless/* chown root:${OSSEC_GID} ${OSSEC_DIR}/agentless/*
chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/.ssh chown ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/.ssh
chown root:${OSSEC_GID} ${DIR}/etc/shared/* chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/shared/*
chmod 550 ${DIR}/etc chmod 550 ${OSSEC_DIR}/etc
chmod 440 ${DIR}/etc/internal_options.conf chmod 440 ${OSSEC_DIR}/etc/internal_options.conf
chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true chmod 660 ${OSSEC_DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true chmod 440 ${OSSEC_DIR}/etc/client.keys >/dev/null 2>&1 || true
chmod 550 ${DIR}/agentless/* chmod 550 ${OSSEC_DIR}/agentless/*
chmod 700 ${DIR}/.ssh chmod 700 ${OSSEC_DIR}/.ssh
chmod 770 ${DIR}/etc/shared chmod 770 ${OSSEC_DIR}/etc/shared
chmod 660 ${DIR}/etc/shared/* chmod 660 ${OSSEC_DIR}/etc/shared/*
# For the /var/run # For the /var/run
chmod 770 ${DIR}/var/run chmod 770 ${OSSEC_DIR}/var/run
chown root:${OSSEC_GID} ${DIR}/var/run chown root:${OSSEC_GID} ${OSSEC_DIR}/var/run
# For util.sh # For util.sh
chown root:${OSSEC_GID} ${DIR}/bin/util.sh chown root:${OSSEC_GID} ${OSSEC_DIR}/bin/util.sh
chmod +x ${DIR}/bin/util.sh chmod +x ${OSSEC_DIR}/bin/util.sh
# For binaries and active response # For binaries and active response
chmod 755 ${DIR}/active-response/bin/* chmod 755 ${OSSEC_DIR}/active-response/bin/*
chown root:${OSSEC_GID} ${DIR}/active-response/bin/* chown root:${OSSEC_GID} ${OSSEC_DIR}/active-response/bin/*
chown root:${OSSEC_GID} ${DIR}/bin/* chown root:${OSSEC_GID} ${OSSEC_DIR}/bin/*
chmod 550 ${DIR}/bin/* chmod 550 ${OSSEC_DIR}/bin/*
# For ossec.conf # For ossec.conf
chown root:${OSSEC_GID} ${DIR}/etc/ossec.conf chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/ossec.conf
chmod 660 ${DIR}/etc/ossec.conf chmod 660 ${OSSEC_DIR}/etc/ossec.conf
# Debconf # Debconf
. /usr/share/debconf/confmodule . /usr/share/debconf/confmodule
@@ -126,23 +131,23 @@ pkg_postinst_ontarget:${PN} () {
db_get ossec-hids-agent/server-ip db_get ossec-hids-agent/server-ip
SERVER_IP=$RET SERVER_IP=$RET
sed -i "s/<server-ip>[^<]\+<\/server-ip>/<server-ip>${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf sed -i "s/<server-ip>[^<]\+<\/server-ip>/<server-ip>${SERVER_IP}<\/server-ip>/" ${OSSEC_DIR}/etc/ossec.conf
db_stop db_stop
# ossec-init.conf # ossec-init.conf
if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then if [ -e ${OSSEC_DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
if [ -e /etc/ossec-init.conf ]; then if [ -e /etc/ossec-init.conf ]; then
rm -f /etc/ossec-init.conf rm -f /etc/ossec-init.conf
fi fi
ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf ln -s ${OSSEC_DIR}/etc/ossec-init.conf /etc/ossec-init.conf
fi fi
# init.d/ossec file # init.d/ossec file
if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then if [ -x ${OSSEC_DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
if [ -e /etc/init.d/ossec ]; then if [ -e /etc/init.d/ossec ]; then
rm -f /etc/init.d/ossec rm -f /etc/init.d/ossec
fi fi
ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec ln -s ${OSSEC_DIR}/etc/init.d/ossec /etc/init.d/ossec
fi fi
# Service # Service