[ossec-list] Running ossec-hids under MacOS X 10.5 (Leopard)

Thu, 01 Nov 2007 09:02:52 -0800 

Greetings,
 
I noticed no problem with upgrading a MacOS X Tiger system that already
had OSSEC-HIDS installed to Leopard.
 
After a fresh Leopard install, however, I needed to create the group and
users that OSSEC needs before compiling and installing OSSEC.  This is
because Leopard no longer uses the NetInfo database and therefore no
longer has the niload, nireport, and niutil commands used by
darwin-addusers.pl.

I was able to get the following to work, YMMV:

Get a list of existing UIDs and GIDs this way:

sudo dscl localhost -list /Local/Default/Users UniqueID sudo dscl
localhost -list /Local/Default/Groups PrimaryGroupID

To create a group:

sudo dscl localhost -create /Local/Default/Groups/ossec sudo dscl
localhost -createprop /Local/Default/Groups/ossec PrimaryGroupID <unique
group ID #> sudo dscl localhost -createprop /Local/Default/Groups/ossec
RealName ossec sudo dscl localhost -createprop
/Local/Default/Groups/ossec RecordName ossec sudo dscl localhost
-createprop /Local/Default/Groups/ossec RecordType:
dsRecTypeStandard:Groups sudo dscl localhost -createprop
/Local/Default/Groups/ossec Password "*"

To create the users:

sudo dscl localhost -create /Local/Default/Users/ossec sudo dscl
localhost -createprop /Local/Default/Users/ossec RecordName ossec sudo
dscl localhost -createprop /Local/Default/Users/ossec RealName "ossec
acct"
sudo dscl localhost -createprop /Local/Default/Users/ossec
NFSHomeDirectory /var/ossec sudo dscl localhost -createprop
/Local/Default/Users/ossec UniqueID <unique user id #> sudo dscl
localhost -createprop /Local/Default/Users/ossec PrimaryGroupID <ossec
group id #> sudo dscl localhost -createprop /Local/Default/Users/ossec
Password "*"

sudo dscl localhost -create /Local/Default/Users/ossecm sudo dscl
localhost -createprop /Local/Default/Users/ossecm RecordName ossecm sudo
dscl localhost -createprop /Local/Default/Users/ossecm RealName "ossecm
acct"
sudo dscl localhost -createprop /Local/Default/Users/ossecm
NFSHomeDirectory /var/ossec sudo dscl localhost -createprop
/Local/Default/Users/ossecm UniqueID <unique user id #> sudo dscl
localhost -createprop /Local/Default/Users/ossecm PrimaryGroupID <ossec
group id #> sudo dscl localhost -createprop /Local/Default/Users/ossecm
Password "*"

sudo dscl localhost -create /Local/Default/Users/ossecr sudo dscl
localhost -createprop /Local/Default/Users/ossecr RecordName ossecr sudo
dscl localhost -createprop /Local/Default/Users/ossecr RealName "ossecr
acct"
sudo dscl localhost -createprop /Local/Default/Users/ossecr
NFSHomeDirectory /var/ossec sudo dscl localhost -createprop
/Local/Default/Users/ossecr UniqueID <unique user id #> sudo dscl
localhost -createprop /Local/Default/Users/ossecr PrimaryGroupID <ossec
group id #> sudo dscl localhost -createprop /Local/Default/Users/ossecr
Password "*"

It should be fairly easy to create a new script.  I may give it a shot
if I have time and someone else doesn't do it first.

Thanks,
Charlie

Reply via email to