ossec-hids: Fix usermod

Use built in USERMOD to set uid and gid properly. convert to using OSSEC_DIR instead of DIR Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Armin Kuster <akuster808@gmail.com> 2023-06-26 13:06:17 -0400
committer: Armin Kuster <akuster808@gmail.com> 2023-07-31 06:18:52 -0400
commit: 3d2533f329b43f281d63b99d3251d0f361e0e5de (patch)
tree: 3cb470c08188f5004cd9dbf135bf45ec19363f59
parent: 7840dd1b53fd735d69a8aefe1c0e9c87fa896e72 (diff)
download: meta-security-3d2533f329b43f281d63b99d3251d0f361e0e5de.tar.gz
1 files changed, 58 insertions, 53 deletions
diff --git a/recipes-ids/ossec/ossec-hids_3.7.0.bb b/recipes-ids/ossec/ossec-hids_3.7.0.bb
index 55c10fa..829715b 100644
--- a/recipes-ids/ossec/ossec-hids_3.7.0.bb
+++ b/recipes-ids/ossec/ossec-hids_3.7.0.bb
@@ -17,11 +17,19 @@ inherit autotools-brokensep  useradd
 S = "${WORKDIR}/git"
+OSSEC_DIR="/var/ossec"
 OSSEC_UID ?= "ossec"
 OSSEC_RUID ?= "ossecr"
 OSSEC_GID ?= "ossec"
 OSSEC_EMAIL ?= "ossecm"
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM:${PN} = "--system ${OSSEC_UID}"
+USERADD_PARAM:${PN} = "--system -g ${OSSEC_GID} --home-dir  \
+                       ${OSSEC_DIR} --no-create-home  \
+                       --shell /sbin/nologin ${BPN}"
 do_configure[noexec] = "1"
 do_compile() {
@@ -45,78 +53,75 @@ do_install(){
 }
 pkg_postinst_ontarget:${PN} () {
-    DIR="/var/ossec"
-    usermod -g ossec -G ossec -a root
    # Default for all directories
-    chmod -R 550 ${DIR}
+    chmod -R 550 ${OSSEC_DIR}
-    chown -R root:${OSSEC_GID} ${DIR}
+    chown -R root:${OSSEC_GID} ${OSSEC_DIR}
    # To the ossec queue (default for agentd to read)
-    chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/ossec
+    chown -R ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/queue/ossec
-    chmod -R 770 ${DIR}/queue/ossec
+    chmod -R 770 ${OSSEC_DIR}/queue/ossec
    # For the logging user
-    chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs
+    chown -R ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/logs
-    chmod -R 750 ${DIR}/logs
+    chmod -R 750 ${OSSEC_DIR}/logs
-    chmod -R 775 ${DIR}/queue/rids
+    chmod -R 775 ${OSSEC_DIR}/queue/rids
-    touch ${DIR}/logs/ossec.log
+    touch ${OSSEC_DIR}/logs/ossec.log
-    chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs/ossec.log
+    chown ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/logs/ossec.log
-    chmod 664 ${DIR}/logs/ossec.log
+    chmod 664 ${OSSEC_DIR}/logs/ossec.log
-    chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/diff
+    chown -R ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/queue/diff
-    chmod -R 750 ${DIR}/queue/diff
+    chmod -R 750 ${OSSEC_DIR}/queue/diff
-        chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true
+    chmod 740 ${OSSEC_DIR}/queue/diff/* > /dev/null 2>&1 || true
        # For the etc dir
-        chmod 550 ${DIR}/etc
+        chmod 550 ${OSSEC_DIR}/etc
-        chown -R root:${OSSEC_GID} ${DIR}/etc
+        chown -R root:${OSSEC_GID} ${OSSEC_DIR}/etc
        if [ -f /etc/localtime ]; then
-            cp -pL /etc/localtime ${DIR}/etc/;
+            cp -pL /etc/localtime ${OSSEC_DIR}/etc/;
-            chmod 555 ${DIR}/etc/localtime
+            chmod 555 ${OSSEC_DIR}/etc/localtime
-            chown root:${OSSEC_GID} ${DIR}/etc/localtime
+            chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/localtime
        fi
        if [ -f /etc/TIMEZONE ]; then
-            cp -p /etc/TIMEZONE ${DIR}/etc/;
+            cp -p /etc/TIMEZONE ${OSSEC_DIR}/etc/;
-            chmod 555 ${DIR}/etc/TIMEZONE
+            chmod 555 ${OSSEC_DIR}/etc/TIMEZONE
        fi
        # More files
-        chown root:${OSSEC_GID} ${DIR}/etc/internal_options.conf
+        chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/internal_options.conf
-        chown root:${OSSEC_GID} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
+        chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
-        chown root:${OSSEC_GID} ${DIR}/etc/client.keys >/dev/null 2>&1 || true
+        chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/client.keys >/dev/null 2>&1 || true
-        chown root:${OSSEC_GID} ${DIR}/agentless/*
+        chown root:${OSSEC_GID} ${OSSEC_DIR}/agentless/*
-        chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/.ssh
+        chown ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/.ssh
-        chown root:${OSSEC_GID} ${DIR}/etc/shared/*
+        chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/shared/*
-        chmod 550 ${DIR}/etc
+        chmod 550 ${OSSEC_DIR}/etc
-        chmod 440 ${DIR}/etc/internal_options.conf
+        chmod 440 ${OSSEC_DIR}/etc/internal_options.conf
-        chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
+        chmod 660 ${OSSEC_DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
-        chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true
+        chmod 440 ${OSSEC_DIR}/etc/client.keys >/dev/null 2>&1 || true
-        chmod 550 ${DIR}/agentless/*
+        chmod 550 ${OSSEC_DIR}/agentless/*
-        chmod 700 ${DIR}/.ssh
+        chmod 700 ${OSSEC_DIR}/.ssh
-        chmod 770 ${DIR}/etc/shared
+        chmod 770 ${OSSEC_DIR}/etc/shared
-        chmod 660 ${DIR}/etc/shared/*
+        chmod 660 ${OSSEC_DIR}/etc/shared/*
        # For the /var/run
-        chmod 770 ${DIR}/var/run
+        chmod 770 ${OSSEC_DIR}/var/run
-        chown root:${OSSEC_GID} ${DIR}/var/run
+        chown root:${OSSEC_GID} ${OSSEC_DIR}/var/run
        # For util.sh 
-        chown root:${OSSEC_GID} ${DIR}/bin/util.sh
+        chown root:${OSSEC_GID} ${OSSEC_DIR}/bin/util.sh
-        chmod +x ${DIR}/bin/util.sh
+        chmod +x ${OSSEC_DIR}/bin/util.sh
        # For binaries and active response
-        chmod 755 ${DIR}/active-response/bin/*
+        chmod 755 ${OSSEC_DIR}/active-response/bin/*
-        chown root:${OSSEC_GID} ${DIR}/active-response/bin/*
+        chown root:${OSSEC_GID} ${OSSEC_DIR}/active-response/bin/*
-        chown root:${OSSEC_GID} ${DIR}/bin/*
+        chown root:${OSSEC_GID} ${OSSEC_DIR}/bin/*
-        chmod 550 ${DIR}/bin/*
+        chmod 550 ${OSSEC_DIR}/bin/*
        # For ossec.conf
-        chown root:${OSSEC_GID} ${DIR}/etc/ossec.conf
+        chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/ossec.conf
-        chmod 660 ${DIR}/etc/ossec.conf
+        chmod 660 ${OSSEC_DIR}/etc/ossec.conf
        # Debconf
        . /usr/share/debconf/confmodule
@@ -126,23 +131,23 @@ pkg_postinst_ontarget:${PN} () {
        db_get ossec-hids-agent/server-ip
        SERVER_IP=$RET
-        sed -i "s/<server-ip>[^<]\+<\/server-ip>/<server-ip>${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf
+        sed -i "s/<server-ip>[^<]\+<\/server-ip>/<server-ip>${SERVER_IP}<\/server-ip>/" ${OSSEC_DIR}/etc/ossec.conf
        db_stop
        # ossec-init.conf
-        if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
+        if [ -e ${OSSEC_DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
            if [ -e /etc/ossec-init.conf ]; then
                rm -f /etc/ossec-init.conf
            fi
-            ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf
+            ln -s ${OSSEC_DIR}/etc/ossec-init.conf /etc/ossec-init.conf
        fi
        # init.d/ossec file
-        if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
+        if [ -x ${OSSEC_DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
            if [ -e /etc/init.d/ossec ]; then
                rm -f /etc/init.d/ossec
            fi
-            ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec
+            ln -s ${OSSEC_DIR}/etc/init.d/ossec /etc/init.d/ossec
        fi
        # Service
author	Armin Kuster <akuster808@gmail.com>	2023-06-26 13:06:17 -0400
committer	Armin Kuster <akuster808@gmail.com>	2023-07-31 06:18:52 -0400
commit	3d2533f329b43f281d63b99d3251d0f361e0e5de (patch)
tree	3cb470c08188f5004cd9dbf135bf45ec19363f59
parent	7840dd1b53fd735d69a8aefe1c0e9c87fa896e72 (diff)
download	meta-security-3d2533f329b43f281d63b99d3251d0f361e0e5de.tar.gz

diff --git a/recipes-ids/ossec/ossec-hids_3.7.0.bb b/recipes-ids/ossec/ossec-hids_3.7.0.bb index 55c10fa..829715b 100644 --- a/recipes-ids/ossec/ossec-hids_3.7.0.bb +++ b/recipes-ids/ossec/ossec-hids_3.7.0.bb
@@ -17,11 +17,19 @@ inherit autotools-brokensep useradd
17		17
18	S = "${WORKDIR}/git"	18	S = "${WORKDIR}/git"
19		19
		20
		21	OSSEC_DIR="/var/ossec"
20	OSSEC_UID ?= "ossec"	22	OSSEC_UID ?= "ossec"
21	OSSEC_RUID ?= "ossecr"	23	OSSEC_RUID ?= "ossecr"
22	OSSEC_GID ?= "ossec"	24	OSSEC_GID ?= "ossec"
23	OSSEC_EMAIL ?= "ossecm"	25	OSSEC_EMAIL ?= "ossecm"
24		26
		27	USERADD_PACKAGES = "${PN}"
		28	GROUPADD_PARAM:${PN} = "--system ${OSSEC_UID}"
		29	USERADD_PARAM:${PN} = "--system -g ${OSSEC_GID} --home-dir \
		30	${OSSEC_DIR} --no-create-home \
		31	--shell /sbin/nologin ${BPN}"
		32
25	do_configure[noexec] = "1"	33	do_configure[noexec] = "1"
26		34
27	do_compile() {	35	do_compile() {
@@ -45,78 +53,75 @@ do_install(){
45	}	53	}
46		54
47	pkg_postinst_ontarget:${PN} () {	55	pkg_postinst_ontarget:${PN} () {
48	DIR="/var/ossec"
49
50	usermod -g ossec -G ossec -a root
51		56
52	# Default for all directories	57	# Default for all directories
53	chmod -R 550 ${DIR}	58	chmod -R 550 ${OSSEC_DIR}
54	chown -R root:${OSSEC_GID} ${DIR}	59	chown -R root:${OSSEC_GID} ${OSSEC_DIR}
55		60
56	# To the ossec queue (default for agentd to read)	61	# To the ossec queue (default for agentd to read)
57	chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/ossec	62	chown -R ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/queue/ossec
58	chmod -R 770 ${DIR}/queue/ossec	63	chmod -R 770 ${OSSEC_DIR}/queue/ossec
59		64
60	# For the logging user	65	# For the logging user
61	chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs	66	chown -R ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/logs
62	chmod -R 750 ${DIR}/logs	67	chmod -R 750 ${OSSEC_DIR}/logs
63	chmod -R 775 ${DIR}/queue/rids	68	chmod -R 775 ${OSSEC_DIR}/queue/rids
64	touch ${DIR}/logs/ossec.log	69	touch ${OSSEC_DIR}/logs/ossec.log
65	chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/logs/ossec.log	70	chown ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/logs/ossec.log
66	chmod 664 ${DIR}/logs/ossec.log	71	chmod 664 ${OSSEC_DIR}/logs/ossec.log
67		72
68	chown -R ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/queue/diff	73	chown -R ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/queue/diff
69	chmod -R 750 ${DIR}/queue/diff	74	chmod -R 750 ${OSSEC_DIR}/queue/diff
70	chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 \|\| true	75	chmod 740 ${OSSEC_DIR}/queue/diff/* > /dev/null 2>&1 \|\| true
71		76
72	# For the etc dir	77	# For the etc dir
73	chmod 550 ${DIR}/etc	78	chmod 550 ${OSSEC_DIR}/etc
74	chown -R root:${OSSEC_GID} ${DIR}/etc	79	chown -R root:${OSSEC_GID} ${OSSEC_DIR}/etc
75	if [ -f /etc/localtime ]; then	80	if [ -f /etc/localtime ]; then
76	cp -pL /etc/localtime ${DIR}/etc/;	81	cp -pL /etc/localtime ${OSSEC_DIR}/etc/;
77	chmod 555 ${DIR}/etc/localtime	82	chmod 555 ${OSSEC_DIR}/etc/localtime
78	chown root:${OSSEC_GID} ${DIR}/etc/localtime	83	chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/localtime
79	fi	84	fi
80		85
81	if [ -f /etc/TIMEZONE ]; then	86	if [ -f /etc/TIMEZONE ]; then
82	cp -p /etc/TIMEZONE ${DIR}/etc/;	87	cp -p /etc/TIMEZONE ${OSSEC_DIR}/etc/;
83	chmod 555 ${DIR}/etc/TIMEZONE	88	chmod 555 ${OSSEC_DIR}/etc/TIMEZONE
84	fi	89	fi
85		90
86	# More files	91	# More files
87	chown root:${OSSEC_GID} ${DIR}/etc/internal_options.conf	92	chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/internal_options.conf
88	chown root:${OSSEC_GID} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 \|\| true	93	chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/local_internal_options.conf >/dev/null 2>&1 \|\| true
89	chown root:${OSSEC_GID} ${DIR}/etc/client.keys >/dev/null 2>&1 \|\| true	94	chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/client.keys >/dev/null 2>&1 \|\| true
90	chown root:${OSSEC_GID} ${DIR}/agentless/*	95	chown root:${OSSEC_GID} ${OSSEC_DIR}/agentless/*
91	chown ${OSSEC_UUID}:${OSSEC_GID} ${DIR}/.ssh	96	chown ${OSSEC_UUID}:${OSSEC_GID} ${OSSEC_DIR}/.ssh
92	chown root:${OSSEC_GID} ${DIR}/etc/shared/*	97	chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/shared/*
93		98
94	chmod 550 ${DIR}/etc	99	chmod 550 ${OSSEC_DIR}/etc
95	chmod 440 ${DIR}/etc/internal_options.conf	100	chmod 440 ${OSSEC_DIR}/etc/internal_options.conf
96	chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 \|\| true	101	chmod 660 ${OSSEC_DIR}/etc/local_internal_options.conf >/dev/null 2>&1 \|\| true
97	chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 \|\| true	102	chmod 440 ${OSSEC_DIR}/etc/client.keys >/dev/null 2>&1 \|\| true
98	chmod 550 ${DIR}/agentless/*	103	chmod 550 ${OSSEC_DIR}/agentless/*
99	chmod 700 ${DIR}/.ssh	104	chmod 700 ${OSSEC_DIR}/.ssh
100	chmod 770 ${DIR}/etc/shared	105	chmod 770 ${OSSEC_DIR}/etc/shared
101	chmod 660 ${DIR}/etc/shared/*	106	chmod 660 ${OSSEC_DIR}/etc/shared/*
102		107
103	# For the /var/run	108	# For the /var/run
104	chmod 770 ${DIR}/var/run	109	chmod 770 ${OSSEC_DIR}/var/run
105	chown root:${OSSEC_GID} ${DIR}/var/run	110	chown root:${OSSEC_GID} ${OSSEC_DIR}/var/run
106		111
107	# For util.sh	112	# For util.sh
108	chown root:${OSSEC_GID} ${DIR}/bin/util.sh	113	chown root:${OSSEC_GID} ${OSSEC_DIR}/bin/util.sh
109	chmod +x ${DIR}/bin/util.sh	114	chmod +x ${OSSEC_DIR}/bin/util.sh
110		115
111	# For binaries and active response	116	# For binaries and active response
112	chmod 755 ${DIR}/active-response/bin/*	117	chmod 755 ${OSSEC_DIR}/active-response/bin/*
113	chown root:${OSSEC_GID} ${DIR}/active-response/bin/*	118	chown root:${OSSEC_GID} ${OSSEC_DIR}/active-response/bin/*
114	chown root:${OSSEC_GID} ${DIR}/bin/*	119	chown root:${OSSEC_GID} ${OSSEC_DIR}/bin/*
115	chmod 550 ${DIR}/bin/*	120	chmod 550 ${OSSEC_DIR}/bin/*
116		121
117	# For ossec.conf	122	# For ossec.conf
118	chown root:${OSSEC_GID} ${DIR}/etc/ossec.conf	123	chown root:${OSSEC_GID} ${OSSEC_DIR}/etc/ossec.conf
119	chmod 660 ${DIR}/etc/ossec.conf	124	chmod 660 ${OSSEC_DIR}/etc/ossec.conf
120		125
121	# Debconf	126	# Debconf
122	. /usr/share/debconf/confmodule	127	. /usr/share/debconf/confmodule
@@ -126,23 +131,23 @@ pkg_postinst_ontarget:${PN} () {
126	db_get ossec-hids-agent/server-ip	131	db_get ossec-hids-agent/server-ip
127	SERVER_IP=$RET	132	SERVER_IP=$RET
128		133
129	sed -i "s/<server-ip>[^<]\+<\/server-ip>/<server-ip>${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf	134	sed -i "s/<server-ip>[^<]\+<\/server-ip>/<server-ip>${SERVER_IP}<\/server-ip>/" ${OSSEC_DIR}/etc/ossec.conf
130	db_stop	135	db_stop
131		136
132	# ossec-init.conf	137	# ossec-init.conf
133	if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then	138	if [ -e ${OSSEC_DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
134	if [ -e /etc/ossec-init.conf ]; then	139	if [ -e /etc/ossec-init.conf ]; then
135	rm -f /etc/ossec-init.conf	140	rm -f /etc/ossec-init.conf
136	fi	141	fi
137	ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf	142	ln -s ${OSSEC_DIR}/etc/ossec-init.conf /etc/ossec-init.conf
138	fi	143	fi
139		144
140	# init.d/ossec file	145	# init.d/ossec file
141	if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then	146	if [ -x ${OSSEC_DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
142	if [ -e /etc/init.d/ossec ]; then	147	if [ -e /etc/init.d/ossec ]; then
143	rm -f /etc/init.d/ossec	148	rm -f /etc/init.d/ossec
144	fi	149	fi
145	ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec	150	ln -s ${OSSEC_DIR}/etc/init.d/ossec /etc/init.d/ossec
146	fi	151	fi
147		152
148	# Service	153	# Service