about summary refs log tree commit diff
path: root/pkgs/tools/security/ossec/agent.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/security/ossec/agent.nix')
-rw-r--r--pkgs/tools/security/ossec/agent.nix69
1 files changed, 69 insertions, 0 deletions
diff --git a/pkgs/tools/security/ossec/agent.nix b/pkgs/tools/security/ossec/agent.nix
new file mode 100644
index 000000000000..003d2141c567
--- /dev/null
+++ b/pkgs/tools/security/ossec/agent.nix
@@ -0,0 +1,69 @@
+{ lib, stdenv, fetchFromGitHub, which, pcre2, zlib, ncurses, openssl }:
+let
+  version = "unstable-2023-08-09";
+in
+stdenv.mkDerivation {
+  pname = "ossec-agent";
+  inherit version;
+
+  src = fetchFromGitHub {
+    owner = "ossec";
+    repo = "ossec-hids";
+    rev = "c8a36b0af3d4ee5252855b90236407cbfb996eb2";
+    sha256 = "sha256-AZ8iubyhNHXGR/l+hA61ifNDUoan7AQ42l/uRTt5GmE=";
+  };
+
+  # clear is used during the build process
+  nativeBuildInputs = [ ncurses ];
+
+  buildInputs = [ which pcre2 zlib openssl ];
+
+  # patch to remove root manipulation, install phase which tries to add users to the system, and init phase which tries to modify the system to launch files
+  patches = [ ./no-root.patch ];
+
+  # Workaround build failure on -fno-common toolchains like upstream
+  # gcc-10. Otherwise build fails as:
+  #   ld: src/common/mgmt/pint-worker-external.po:(.data.rel.local+0x0): multiple definition of
+  #     `PINT_worker_external_impl'; src/common/mgmt/pint-mgmt.po:(.bss+0x20): first defined here
+  env.NIX_CFLAGS_COMPILE = "-fcommon";
+
+  buildPhase = ''
+    mkdir $out
+    export USER_DIR="$out" # just to satisy the script
+    ./install.sh <<EOF
+en
+
+agent
+127.0.0.1
+yes
+yes
+yes
+EOF
+
+  '';
+
+  installPhase = ''
+      runHook preInstall
+
+      mkdir -p $out/share
+      mv $out/active-response/bin/* $out/bin
+      mv $out/etc $out/share
+      mv $out/queue $out/share
+      mv $out/var $out/share
+      mv $out/agentless $out/share
+      mv $out/.ssh $out/share
+      rm -r $out/active-response
+      rm -r $out/tmp
+
+      runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Open source host-based instrusion detection system";
+    homepage = "https://www.ossec.net";
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ happysalada ];
+    platforms = platforms.all;
+  };
+}
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-02 09:22:19 +0000