Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ebuild for OSSEC-HIDS required
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Corvinian
n00b
n00b


Joined: 07 Sep 2007
Posts: 42
Location: Europe

PostPosted: Wed Oct 31, 2007 9:19 am    Post subject: ebuild for OSSEC-HIDS required Reply with quote

Hello,

I require an ebuild for OSSEC - Host Intrusion Detection System.
http://www.ossec.net/

there was a thread about OSSEC-HIDS in Gentoo Forum:
https://forums.gentoo.org/viewtopic-t-487233-highlight-ossec.html

and also a Bugzilla-Entry:
https://bugs.gentoo.org/show_bug.cgi?id=143233

but there's currently no (official) ebuild.

AFAIK there has been an ebuild on Stuart Herbert's Overlay via
'layman -a stuart-server'. Problem is the overlay does not exist anymore.

'wget http://www.gentoo.org/proj/en/overlays/layman-global.txt'
Code:
<overlay
      type = "svn"
      src  = "http://overlays.gentoo.org/svn/dev/stuart/server"
      contact = "stuart@gentoo.org"
      status  = "official"
      name = "stuart-server">

    <link>
      http://overlays.gentoo.org/dev/stuart/server/
    </link>

    <description>
      Development overlay for miscellaneous server-related ebuilds that
      I plan to commit to the tree myself, or find another owner for.
    </description>
  </overlay>

AFAIK stuart@gentoo.org has retired as official Gentoo developer.
But there must be snapshots/backups for this ebuild.

Does anybody know how to get (to) it or has a copy?

so long ...
Corvinian
Back to top
View user's profile Send private message
Caiman
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jul 2007
Posts: 93

PostPosted: Tue Sep 12, 2017 1:15 am    Post subject: ebuild for OSSEC-HIDS required Reply with quote

https://ossec.github.io/downloads.html
Latest Stable Release (2.9.1)
So .. after ~10 years ...does it worth for ebuild ?
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20053

PostPosted: Tue Sep 12, 2017 4:21 am    Post subject: Reply with quote

The current bug opened in 2015 and last updated in 2016 is https://bugs.gentoo.org/545788

Based on that and its references along with the references in the 10 year old original post, it doesn't appear anyone as been able to create an ebuild. Efforts have seemed to start and go nowhere, so maybe no one who has tried has been able.

Do you know how to install it on Gentoo without an ebuild? Those details might help someone to create an ebuild.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
Caiman
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jul 2007
Posts: 93

PostPosted: Sat Sep 23, 2017 10:24 pm    Post subject: Reply with quote

wget http://www.ossec.net/files/ossec-hids-latest.tar.gz
tar -zxvf ossec-hids-*.tar.gz (or gunzip -d; tar -xvf)
cd ossec-hids-*
./install.sh

#review /edit
/var/ossec/etc/ossec.conf

rc-service ossec start

rc-service ossec status
* /etc/init.d/ossec uses runscript, please convert to openrc-run.
* Use of the opts variable is deprecated and will be
* removed in the future.
* Please use extra_commands, extra_started_commands or extra_stopped_commands.
ossec-monitord is running...
ossec-logcollector is running...
ossec-remoted is running...
ossec-syscheckd is running...
ossec-analysisd is running...
ossec-maild is running...
ossec-execd is running...
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 20053

PostPosted: Sun Sep 24, 2017 4:57 am    Post subject: Reply with quote

That install script appears to bypass any package management.

I've been curious about OSSEC in the past, so I started looking around. I've only built a few very simple ebuilds, so for me, the requirements needed to make an ebuild do not appear to be at all simple.

At a minimum, the items here need to be addressed, and there appear to be others as well. Apparently an install can be of 4 different types (server/agent/hybrid/local), so probably more than one ebuild is required. Documentation for installing from source is not as good as it could be (or certainly not as straight forward as I'd need to get it done any time soon).

Another possibility to consider would be using another packaged format. I know there is some capability for Portage to use RPMs, not sure about apt packages.

And I just came across a series of posts from 2015 by a forum moderator, admin and a Gentoo developer. You can read those comments in this thread. With that in mind, I'm calling this one beyond my time and current interest level to try creating.
_________________
Quis separabit? Quo animo?
Back to top
View user's profile Send private message
Caiman
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jul 2007
Posts: 93

PostPosted: Sat Aug 18, 2018 5:30 pm    Post subject: Reply with quote

https://github.com/ossec/ossec-hids/releases/tag/3.0.0
Back to top
View user's profile Send private message
Caiman
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jul 2007
Posts: 93

PostPosted: Sat Mar 02, 2019 7:52 pm    Post subject: Reply with quote

Latest Stable Release (3.2.0)
https://www.ossec.net/downloads.html
Back to top
View user's profile Send private message
Caiman
Tux's lil' helper
Tux's lil' helper


Joined: 01 Jul 2007
Posts: 93

PostPosted: Sat Mar 02, 2019 8:04 pm    Post subject: Reply with quote

https://packages.gentoo.org/packages/net-analyzer/ossec-hids <-- 3.1 here
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum