That does help. I'm trying to do the same thing.
On Wed, Jan 4, 2012 at 5:37 PM, Stephane Rossan <[email protected]> wrote: > I created my own RPM for OSSEC. What I did, I downloaded the latest > snapshot from mercurial, and run the install.sh on a test machine. > Once installed, I created a tarball of the ossec directory and used it to > create a RPM. > In my case, the application has to be under /apps. > Here is my spec file: > %define name ossec > %define release 2 > %define version 26 > %define prg ossec > %define appsdir /apps > > BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot > Summary: Ossec agent > License: GPL > Name: %{name} > Version: %{version} > Release: %{release} > Source: %{name}-%{version}.tar.gz > Prefix: / > Autoreq: 0 > Group: Development/Tools > Vendor: http://www.ossec.net > Packager: InfoSec > Provides: ossec > ExclusiveOS: linux > > %description > OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It > performs log analysis, integrity checking, rootkit detection, time-based > alerting and active response. > > %prep > %setup -q > > %build > %define debug_package %{nil} > %define __strip /bin/true > > %install > rm -rf $RPM_BUILD_ROOT > mkdir -p $RPM_BUILD_ROOT > cp -r * $RPM_BUILD_ROOT > > %pre > if ! id -g %{prg} > /dev/null 2>&1; then > groupadd -r %{prg} > fi > if ! id -u %{prg} > /dev/null 2>&1; then > useradd -g %{prg} -G %{prg} \ > -d %{appsdir}/%{prg} \ > -r -s /sbin/nologin %{prg} > fi > > %post > # Generate the ossec-init.conf template > echo "DIRECTORY=\"%{appsdir}/%{prg}\"" > > %{appsdir}/%{prg}/etc/%{prg}-init.conf > echo "VERSION=\"v2.6\"" >> > %{appsdir}/%{prg}/etc/%{prg}-init.conf > echo "DATE=\"`date`\"" >> > %{appsdir}/%{prg}/etc/%{prg}-init.conf > echo "TYPE=\"agent\"" >> > %{appsdir}/%{prg}/etc/%{prg}-init.conf > > # Symlink > ln -sf %{appsdir}/%{prg}/etc/%{prg}-init.conf > %{_sysconfdir}/%{prg}-init.conf > > # Enable service > chkconfig --add %{name} > chkconfig %{name} off > > %files > %defattr(-,root,root) > /etc/rc.d/init.d/ossec > %defattr(-,root,%{prg}) > /apps/ossec/* > %attr(550,root,%{prg}) %dir %{appsdir}/%{prg} > %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/active-response > %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/active-response/bin > %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/bin > %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/etc > %attr(770,%{prg},%{prg}) %dir %{appsdir}/%{prg}/etc/shared > %attr(750,%{prg},%{prg}) %dir %{appsdir}/%{prg}/logs > %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/queue > %attr(750,%{prg},%{prg}) %dir %{appsdir}/%{prg}/queue/syscheck > %attr(770,%{prg},%{prg}) %dir %{appsdir}/%{prg}/queue/ossec > %attr(755,%{prg},%{prg}) %dir %{appsdir}/%{prg}/queue/rids > %attr(550,root,%{prg}) %dir %{appsdir}/%{prg}/var > %attr(770,root,%{prg}) %dir %{appsdir}/%{prg}/var/run > > So far, it has been working very well for me. I can use this RPM to be > deployed through our puppet infrastructure. > And with 2.6, autoregistration is a very nice feature to have. > > I created RPM for x86_64 and i386 RHEL/CentOS 5 machines. > > I hope it helps. > > -Stephane > > > > On 1/4/12 5:02 PM, "Joe S" <[email protected]> wrote: > >>I few people have mentioned that they were working on making RPMs for >>OSSEC, given the issues with the Atomic RPMs linked on the OSSEC >>download page. Have you had any success? Do you have a SPEC file you >>can share? >> >
