correction de bugs
This commit is contained in:
Vincent BENOIT
26
conf/template/pengwyn/bblayers.conf.sample
Normal file
26
conf/template/pengwyn/bblayers.conf.sample
Normal file
@@ -0,0 +1,26 @@
|
||||
# POKY_BBLAYERS_CONF_VERSION is increased each time build/conf/bblayers.conf
|
||||
# changes incompatibly
|
||||
POKY_BBLAYERS_CONF_VERSION = "2"
|
||||
|
||||
BBPATH = "${TOPDIR}"
|
||||
BSPPATH = "${TOPDIR}/.."
|
||||
BBFILES ?= ""
|
||||
|
||||
BBLAYERS ?= " \
|
||||
${BSPPATH}/meta-pengwyn \
|
||||
${BSPPATH}/poky/meta \
|
||||
${BSPPATH}/poky/meta-poky \
|
||||
${BSPPATH}/poky/meta-yocto-bsp \
|
||||
${BSPPATH}/meta-openembedded/meta-oe \
|
||||
${BSPPATH}/meta-openembedded/meta-python \
|
||||
${BSPPATH}/meta-openembedded/meta-networking \
|
||||
${BSPPATH}/meta-openembedded/meta-filesystems \
|
||||
${BSPPATH}/meta-openembedded/meta-perl \
|
||||
${BSPPATH}/meta-arm/meta-arm-toolchain \
|
||||
${BSPPATH}/meta-arm/meta-arm \
|
||||
${BSPPATH}/meta-ti/meta-ti-bsp \
|
||||
${BSPPATH}/meta-security \
|
||||
${BSPPATH}/meta-security/meta-security-compliance \
|
||||
${BSPPATH}/meta-cyber-scle \
|
||||
${BSPPATH}/meta-perso \
|
||||
"
|
||||
253
recipes-scanners/wazuh/wazuh-agent_4.4.0.bb
Normal file
253
recipes-scanners/wazuh/wazuh-agent_4.4.0.bb
Normal file
@@ -0,0 +1,253 @@
|
||||
# Copyright (C) 2023 Vincent BENOIT <vincent.benoit@scle.fr>
|
||||
# Release under the MIT license (see COPYING.MIT for the terms)
|
||||
HOMEPAGE = "https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent-package-linux.html"
|
||||
SUMMARY = "The agent runs on the host you want to monitor and communicates with the Wazuh server"
|
||||
MAINTAINER = "Vincent BENOIT <vincent.benoit@benserv.fr>"
|
||||
LIC_FILES_CHKSUM = "file://LICENSE;md5=i522ae3a9266aa0b86a5f314c85dbb560"
|
||||
LICENSE = "CLOSED"
|
||||
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
|
||||
|
||||
DEPENDS = "curl-native \
|
||||
audit-userspace \
|
||||
cjson \
|
||||
curl \
|
||||
libffi \
|
||||
procps \
|
||||
openssl \
|
||||
libyaml \
|
||||
libdbi \
|
||||
libffi \
|
||||
libyaml \
|
||||
openssl \
|
||||
procps \
|
||||
sqlite3 \
|
||||
zlib \
|
||||
bzip2 \
|
||||
nlohmann-json \
|
||||
googletest \
|
||||
libpcre2 \
|
||||
libplist \
|
||||
libarchive \
|
||||
popt \
|
||||
msgpack-c \
|
||||
rpm \
|
||||
cmake-native \
|
||||
wazuh-users \
|
||||
"
|
||||
|
||||
RDEPENDS:${PN} += "wazuh-users"
|
||||
|
||||
inherit systemd
|
||||
|
||||
SRC_URI = " \
|
||||
git://github.com/wazuh/wazuh.git;protocol=https;branch=master \
|
||||
file://ossec.conf \
|
||||
file://wazuh-agent.service \
|
||||
file://0001-Makefile.patch \
|
||||
file://0002-headers-correction.patch \
|
||||
file://0003-CMakeLists.patch \
|
||||
"
|
||||
|
||||
SRCREV = "c7fc9bac7ccfdda6edfa6befc77545533ded039b"
|
||||
PV = "4.4.0"
|
||||
S = "${WORKDIR}/git"
|
||||
|
||||
SYSTEMD_AUTO_ENABLE = "enable"
|
||||
SYSTEMD_SERVICE:${PN} = "wazuh-agent.service"
|
||||
|
||||
EXTRA_OEMAKE = ' \
|
||||
CC="${CC}" \
|
||||
CXX="${CXX}" \
|
||||
RANLIB="${RANLIB}" \
|
||||
AR="${AR}" \
|
||||
CFLAGS="${CFLAGS} -I${STAGING_INCDIR} -I${STAGING_INCDIR}/cjson -I${STAGING_INCDIR}/curl" \
|
||||
LDFLAGS="-Wl,--sysroot=${STAGING_DIR_TARGET} -L${STAGING_LIBDIR} -lm -lcjson -lssl -lcrypto -lpcre2-8 -lz -lsqlite3 -lyaml -lcurl -lmsgpackc -laudit -lprocps" \
|
||||
CMAKE_OPTS="-DSTAGING_DIR=${STAGING_DIR_TARGET}" \
|
||||
'
|
||||
do_compile() {
|
||||
(cd src && oe_runmake TARGET=agent INSTALLDIR="/var/ossec")
|
||||
}
|
||||
|
||||
do_install() {
|
||||
install -d ${D}${systemd_unitdir}/system/
|
||||
install -m 0644 ${WORKDIR}/wazuh-agent.service ${D}${systemd_unitdir}/system/
|
||||
|
||||
install -d -o root -g wazuh ${D}/var/ossec
|
||||
install -d ${D}/var/ossec/lib
|
||||
install -m 0750 -o root -g wazuh ${S}/src/libwazuhext.so ${D}/var/ossec/lib/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/libwazuhshared.so ${D}/var/ossec/lib/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/shared_modules/dbsync/build/lib/libdbsync.so ${D}/var/ossec/lib/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/shared_modules/rsync/build/lib/librsync.so ${D}/var/ossec/lib/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/syscheckd/build/lib/libfimdb.so ${D}/var/ossec/lib/
|
||||
|
||||
chrpath -d ${D}/var/ossec/lib/libfimdb.so
|
||||
chrpath -d ${D}/var/ossec/lib/librsync.so
|
||||
chrpath -d ${D}/var/ossec/lib/libdbsync.so
|
||||
|
||||
install -d ${D}/var/ossec/bin
|
||||
install -m 0750 ${S}/src/wazuh-agentd ${D}/var/ossec/bin/
|
||||
install -m 0750 ${S}/src/agent-auth ${D}/var/ossec/bin/
|
||||
install -m 0750 ${S}/src/wazuh-logcollector ${D}/var/ossec/bin/
|
||||
install -m 0750 ${S}/src/syscheckd/build/bin/wazuh-syscheckd ${D}/var/ossec/bin/
|
||||
install -m 0750 ${S}/src/wazuh-execd ${D}/var/ossec/bin/
|
||||
install -m 0750 ${S}/src/manage_agents ${D}/var/ossec/bin/
|
||||
install -m 0750 ${S}/src/wazuh-modulesd ${D}/var/ossec/bin/
|
||||
install -m 0750 ${S}/src/init/wazuh-client.sh ${D}/var/ossec/bin/wazuh-control
|
||||
|
||||
chrpath -d ${D}/var/ossec/bin/wazuh-syscheckd
|
||||
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/tmp
|
||||
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/queue
|
||||
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/rids
|
||||
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/alerts
|
||||
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/sockets
|
||||
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/diff
|
||||
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/fim
|
||||
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/fim/db
|
||||
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/syscollector
|
||||
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/syscollector/db
|
||||
install -m 0640 ${S}/src/wazuh_modules/syscollector/norm_config.json ${D}/var/ossec/queue/syscollector/
|
||||
chown root:wazuh ${D}/var/ossec/queue/syscollector/norm_config.json
|
||||
install -d -o wazuh -g wazuh ${D}${localstatedir}/ossec/queue/logcollector
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/incoming
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/generic
|
||||
install -m 0640 -o root -g wazuh ${S}/ruleset/sca/generic/*.yml ${D}/var/ossec/ruleset/sca/generic/
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/mongodb
|
||||
install -m 0640 -o root -g wazuh ${S}/ruleset/sca/mongodb/*.yml ${D}/var/ossec/ruleset/sca/mongodb/
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/applications
|
||||
install -m 0640 -o root -g wazuh ${S}/ruleset/sca/applications/*.yml ${D}/var/ossec/ruleset/sca/applications/
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/ruleset/sca/nginx
|
||||
install -m 0640 -o root -g wazuh ${S}/ruleset/sca/nginx/*.yml ${D}/var/ossec/ruleset/sca/nginx/
|
||||
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud/pubsub
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/gcloud/buckets
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/var/wodles
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/__init__.py ${D}/var/ossec/wodles/
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/utils.py ${D}/var/ossec/wodles/
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/aws
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/aws/aws_s3.py ${D}/var/ossec/wodles/aws/aws-s3
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/gcloud.py ${D}/var/ossec/wodles/gcloud/gcloud
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/integration.py ${D}/var/ossec/wodles/gcloud/
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/tools.py ${D}/var/ossec/wodles/gcloud/
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/exceptions.py ${D}/var/ossec/wodles/gcloud/
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/buckets/bucket.py ${D}/var/ossec/wodles/gcloud/buckets/
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/buckets/access_logs.py ${D}/var/ossec/wodles/gcloud/buckets/
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/gcloud/pubsub/subscriber.py ${D}/var/ossec/wodles/gcloud/pubsub/
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/docker
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/docker-listener/DockerListener.py ${D}/var/ossec/wodles/docker/DockerListener
|
||||
install -d -o root -g wazuh ${D}${localstatedir}/ossec/wodles/azure
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/azure/azure-logs.py ${D}/var/ossec/wodles/azure/azure-logs
|
||||
install -m 0750 -o root -g wazuh ${S}/wodles/azure/orm.py ${D}/var/ossec/wodles/azure/
|
||||
|
||||
install -d -o wazuh -g wazuh ${D}/var/ossec/etc
|
||||
install -d -o root -g wazuh ${D}/var/ossec/etc/shared
|
||||
install -m 0660 -o root -g wazuh ${WORKDIR}/ossec.conf ${D}/var/ossec/etc/
|
||||
install -m 0660 -o root -g wazuh ${S}/ruleset/rootcheck/db/*.txt ${D}/var/ossec/etc/shared/
|
||||
install -m 0640 -o root -g wazuh ${S}/etc/wpk_root.pem ${D}/var/ossec/etc/
|
||||
touch ${D}/var/ossec/etc/client.keys
|
||||
chown -R root:wazuh ${D}/var/ossec/etc/client.keys
|
||||
|
||||
install -m 0640 -o root -g wazuh ${S}/etc/internal_options.conf ${D}/var/ossec/etc/
|
||||
install -m 0640 -o root -g wazuh ${S}/etc/local_internal_options.conf ${D}/var/ossec/etc/
|
||||
|
||||
install -d -o root -g wazuh ${D}/var/ossec/active-response
|
||||
install -d -o root -g wazuh ${D}/var/ossec/active-response/bin
|
||||
install -m 0750 -o root -g wazuh ${S}/src/firewalld-drop ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/wazuh-slack ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/route-null ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/restart-wazuh ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/kaspersky ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/ip-customblock ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/pf ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/npf ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/ipfw ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/default-firewall-drop ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/disable-account ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/host-deny ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/active-response/kaspersky.py ${D}/var/ossec/active-response/bin/
|
||||
install -m 0750 -o root -g wazuh ${S}/src/active-response/restart.sh ${D}/var/ossec/active-response/bin/
|
||||
|
||||
install -d -o root -g wazuh ${D}/var/ossec/agentless
|
||||
install -m 0750 -o root -g wazuh ${S}/src/agentlessd/scripts/* ${D}/var/ossec/agentless/
|
||||
|
||||
install -d -o root -g wazuh ${D}/var/ossec/var
|
||||
install -d -o wazuh -g wazuh ${D}/var/ossec/var/run
|
||||
install -d -o root -g wazuh ${D}/var/ossec/var/upgrade
|
||||
install -d -o root -g wazuh ${D}/var/ossec/var/selinux
|
||||
install -d -o root -g wazuh ${D}/var/ossec/var/incoming
|
||||
install -d -o root -g wazuh ${D}/var/ossec/backup
|
||||
|
||||
install -d -o wazuh -g wazuh ${D}/var/ossec/logs
|
||||
touch ${D}/var/ossec/logs/ossec.log
|
||||
chown -R wazuh:wazuh ${D}/var/ossec/logs/ossec.log
|
||||
|
||||
touch ${D}/var/ossec/logs/ossec.json
|
||||
chown -R wazuh:wazuh ${D}/var/ossec/logs/ossec.json
|
||||
install -d -o wazuh -g wazuh ${D}/var/ossec/logs/wazuh
|
||||
}
|
||||
|
||||
FILES:${PN} += " \
|
||||
${systemd_unitdir}/system/wazuh-agent.service \
|
||||
/var/ossec/lib/libwazuhext.so \
|
||||
/var/ossec/lib/libwazuhshared.so \
|
||||
/var/ossec/lib/libdbsync.so \
|
||||
/var/ossec/lib/librsync.so \
|
||||
/var/ossec/lib/libfimdb.so \
|
||||
/var/ossec/bin/wazuh-agentd \
|
||||
/var/ossec/bin/agent-auth \
|
||||
/var/ossec/bin/wazuh-logcollector \
|
||||
/var/ossec/bin/wazuh-syscheckd \
|
||||
/var/ossec/bin/wazuh-execd \
|
||||
/var/ossec/bin/manage_agents \
|
||||
/var/ossec/bin/wazuh-modulesd \
|
||||
/var/ossec/bin/wazuh-control \
|
||||
/var/ossec/etc/ossec.conf \
|
||||
/var/ossec/etc/shared/*.txt \
|
||||
/var/ossec/etc/wpk_root.pem \
|
||||
/var/ossec/etc/client.keys \
|
||||
/var/ossec/etc/internal_options.conf \
|
||||
/var/ossec/etc/local_internal_options.conf \
|
||||
/var/ossec/active-response/bin/firewalld-drop \
|
||||
/var/ossec/active-response/bin/wazuh-slack \
|
||||
/var/ossec/active-response/bin/route-null \
|
||||
/var/ossec/active-response/bin/restart-wazuh \
|
||||
/var/ossec/active-response/bin/kaspersky \
|
||||
/var/ossec/active-response/bin/ip-customblock \
|
||||
/var/ossec/active-response/bin/pf \
|
||||
/var/ossec/active-response/bin/npf \
|
||||
/var/ossec/active-response/bin/ipfw \
|
||||
/var/ossec/active-response/bin/default-firewall-drop \
|
||||
/var/ossec/active-response/bin/disable-account \
|
||||
/var/ossec/active-response/bin/host-deny \
|
||||
/var/ossec/active-response/bin/kapersky.py \
|
||||
/var/ossec/active-response/bin/restart.sh \
|
||||
/var/ossec/ruleset/sca/generic/*.yml \
|
||||
/var/ossec/ruleset/sca/mongodb/*.yml \
|
||||
/var/ossec/ruleset/sca/applications/*.yml \
|
||||
/var/ossec/ruleset/sca/nginx/*.yml \
|
||||
/var/ossec/wodles/__init__.py \
|
||||
/var/ossec/wodles/utils.py \
|
||||
/var/ossec/wodles/aws/aws-s3 \
|
||||
/var/ossec/wodles/gcloud/gcloud \
|
||||
/var/ossec/wodles/gcloud/integration.py \
|
||||
/var/ossec/wodles/gcloud/tools.py \
|
||||
/var/ossec/wodles/gcloud/exceptions.py \
|
||||
/var/ossec/wodles/gcloud/buckets/bucket.py \
|
||||
/var/ossec/wodles/gcloud/buckets/access_logs.py \
|
||||
/var/ossec/wodles/gcloud/pubsub/subscriber.py \
|
||||
/var/ossec/wodles/docker/DockerListener \
|
||||
/var/ossec/wodles/azure/azure-logs \
|
||||
/var/ossec/wodles/azure/orm.py \
|
||||
/var/ossec/agentless/* \
|
||||
/var/ossec/logs/ossec.log \
|
||||
/var/ossec/logs/ossec.json \
|
||||
"
|
||||
|
||||
INSANE_SKIP:${PN} = "ldflags already-stripped"
|
||||
#For dev packages only
|
||||
INSANE_SKIP:${PN}-dev = "ldflags already-stripped"
|
||||
@@ -176,7 +176,7 @@ do_install() {
|
||||
install -m 0750 -o root -g wazuh ${S}/src/agentlessd/scripts/* ${D}/var/ossec/agentless/
|
||||
|
||||
install -d -o root -g wazuh ${D}/var/ossec/var
|
||||
install -d -o root -g wazuh ${D}/var/ossec/var/run
|
||||
install -d -o wazuh -g wazuh ${D}/var/ossec/var/run
|
||||
install -d -o root -g wazuh ${D}/var/ossec/var/upgrade
|
||||
install -d -o root -g wazuh ${D}/var/ossec/var/selinux
|
||||
install -d -o root -g wazuh ${D}/var/ossec/var/incoming
|
||||
@@ -31,11 +31,11 @@ then
|
||||
fi
|
||||
|
||||
if [ "a${DISTRO}" = "a" ]; then
|
||||
DISTRO="rpi-distro"
|
||||
DISTRO="pengwyn-distro"
|
||||
fi
|
||||
|
||||
if [ "a${MACHINE}" = "a" ]; then
|
||||
MACHINE="raspberrypi"
|
||||
MACHINE="pengwyn"
|
||||
fi
|
||||
|
||||
if [ "a${VERS}" = "a" ]; then
|
||||
|
||||
Reference in New Issue
Block a user