From 63fb43329e2f6ef417a3a83cd3f54eb6a5c011ca Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Tue, 3 May 2016 08:36:28 -0400 Subject: [PATCH 01/16] use Before and After to determine the order these should start in. --- src/systemd/agent/ossec-agentd.service | 2 ++ src/systemd/agent/ossec-execd.service | 1 + src/systemd/agent/ossec-logcollector.service | 2 ++ src/systemd/agent/ossec-syscheckd.service | 1 + 4 files changed, 6 insertions(+) diff --git a/src/systemd/agent/ossec-agentd.service b/src/systemd/agent/ossec-agentd.service index dd8bef8ee..f2c93c833 100644 --- a/src/systemd/agent/ossec-agentd.service +++ b/src/systemd/agent/ossec-agentd.service @@ -1,6 +1,8 @@ [Unit] Description=OSSEC Agent PartOf=ossec-agent.target +After=ossec-execd.service +Before=ossec-syscheckd.service ossec-logcollector.service [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/agent/ossec-execd.service b/src/systemd/agent/ossec-execd.service index d0389bd02..97ef60dde 100644 --- a/src/systemd/agent/ossec-execd.service +++ b/src/systemd/agent/ossec-execd.service @@ -1,6 +1,7 @@ [Unit] Description=OSSEC Execd PartOf=ossec-agent.target +Before=ossec-ossec-syscheckd.service ossec-agentd.service ossec-logcollector.service [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/agent/ossec-logcollector.service b/src/systemd/agent/ossec-logcollector.service index fd669a805..761929a37 100644 --- a/src/systemd/agent/ossec-logcollector.service +++ b/src/systemd/agent/ossec-logcollector.service @@ -1,6 +1,8 @@ [Unit] Description=OSSEC Logcollector PartOf=ossec-agent.target +After=ossec-execd.service ossec-agentd.service +Before=ossec-syscheckd.service [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/agent/ossec-syscheckd.service b/src/systemd/agent/ossec-syscheckd.service index 7519dfe3c..057f78d0b 100644 --- a/src/systemd/agent/ossec-syscheckd.service +++ b/src/systemd/agent/ossec-syscheckd.service @@ -1,6 +1,7 @@ [Unit] Description=OSSEC syscheckd PartOf=ossec-agent.target +After=ossec-execd.service ossec-agentd.service ossec-logcollector.service [Service] EnvironmentFile=/etc/ossec-init.conf From 56d40d3ed8171967b2863f57cd7efc0c116b26c1 Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Tue, 3 May 2016 08:47:31 -0400 Subject: [PATCH 02/16] Adjust the service files for the server install to preserve desired execution order. dbd, agentless, and csyslog only start after everything else, but I did not concern myself with the execution order of those 3. --- src/systemd/server/ossec-agentless.service | 3 ++- src/systemd/server/ossec-analysisd.service | 2 ++ src/systemd/server/ossec-csyslog.service | 3 ++- src/systemd/server/ossec-dbd.service | 1 + src/systemd/server/ossec-execd.service | 2 ++ src/systemd/server/ossec-logcollector.service | 2 ++ src/systemd/server/ossec-maild.service | 1 + src/systemd/server/ossec-monitord.service | 3 +++ src/systemd/server/ossec-remoted.service | 2 ++ src/systemd/server/ossec-syscheckd.service | 2 ++ 10 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/systemd/server/ossec-agentless.service b/src/systemd/server/ossec-agentless.service index db6f193ce..fb9cb350d 100644 --- a/src/systemd/server/ossec-agentless.service +++ b/src/systemd/server/ossec-agentless.service @@ -1,10 +1,11 @@ [Unit] Description=OSSEC Agentless PartOf=ossec-server.target +After=ossec-analysisd.service ossec-execd.service ossec-logcollector.service ossec-maild.service ossec-monitord.service ossec-remoted.service ossec-syscheckd.service [Service] EnvironmentFile=/etc/ossec-init.conf Environment=DIRECTORY=/var/ossec ExecStartPre=/usr/bin/env ${DIRECTORY}/bin/ossec-agentlessd -t -ExecStart=/usr/bin/env ${DIRECTORY}/bin/ossec-agentlessd -f \ No newline at end of file +ExecStart=/usr/bin/env ${DIRECTORY}/bin/ossec-agentlessd -f diff --git a/src/systemd/server/ossec-analysisd.service b/src/systemd/server/ossec-analysisd.service index 9c9613d12..99aac591b 100644 --- a/src/systemd/server/ossec-analysisd.service +++ b/src/systemd/server/ossec-analysisd.service @@ -1,6 +1,8 @@ [Unit] Description=OSSEC Analysisd PartOf=ossec-server.target +After=ossec-maild.service ossec-execd.service +Before=ossec-agentless.service ossec-csyslog.service ossec-dbd.service ossec-logcollector.service ossec-monitord.service ossec-remoted.service ossec-syscheckd.service [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/server/ossec-csyslog.service b/src/systemd/server/ossec-csyslog.service index cadb4bdb5..c47224c96 100644 --- a/src/systemd/server/ossec-csyslog.service +++ b/src/systemd/server/ossec-csyslog.service @@ -1,10 +1,11 @@ [Unit] Description=OSSEC Syslog client PartOf=ossec-server.target +After=ossec-analysisd.service ossec-dbd.service ossec-execd.service ossec-logcollector.service ossec-maild.service ossec-monitord.service ossec-remoted.service ossec-syscheckd.service [Service] EnvironmentFile=/etc/ossec-init.conf Environment=DIRECTORY=/var/ossec ExecStartPre=/usr/bin/env ${DIRECTORY}/bin/ossec-csyslogd -t -ExecStart=/usr/bin/env ${DIRECTORY}/bin/ossec-csyslogd -f \ No newline at end of file +ExecStart=/usr/bin/env ${DIRECTORY}/bin/ossec-csyslogd -f diff --git a/src/systemd/server/ossec-dbd.service b/src/systemd/server/ossec-dbd.service index e06b8ae12..4f2b9f4d5 100644 --- a/src/systemd/server/ossec-dbd.service +++ b/src/systemd/server/ossec-dbd.service @@ -1,6 +1,7 @@ [Unit] Description=The OSSEC DBD PartOf=ossec-server.target +After=ossec-analysisd.service ossec-execd.service ossec-logcollector.service ossec-maild.service ossec-monitord.service ossec-remoted.service ossec-syscheckd.service [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/server/ossec-execd.service b/src/systemd/server/ossec-execd.service index b90b82f1f..a75bfec5e 100644 --- a/src/systemd/server/ossec-execd.service +++ b/src/systemd/server/ossec-execd.service @@ -1,6 +1,8 @@ [Unit] Description=OSSEC Execd PartOf=ossec-server.target +After=ossec-maild.service +Before=ossec-agentless.service ossec-analysisd.service ossec-csyslog.service ossec-dbd.service ossec-logcollector.service ossec-monitord.service ossec-remoted.service ossec-syscheckd.service [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/server/ossec-logcollector.service b/src/systemd/server/ossec-logcollector.service index 2b12828c0..8e8d64fc5 100644 --- a/src/systemd/server/ossec-logcollector.service +++ b/src/systemd/server/ossec-logcollector.service @@ -1,6 +1,8 @@ [Unit] Description=OSSEC Logcollector PartOf=ossec-server.target +After=ossec-maild.service ossec-execd.service ossec-analysisd.service +Before=ossec-agentless.service ossec-csyslog.service ossec-dbd.service ossec-monitord.service ossec-remoted.service ossec-syscheckd.service [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/server/ossec-maild.service b/src/systemd/server/ossec-maild.service index 7932a83a4..58e0b3307 100644 --- a/src/systemd/server/ossec-maild.service +++ b/src/systemd/server/ossec-maild.service @@ -1,6 +1,7 @@ [Unit] Description=OSSEC Maild PartOf=ossec-server.target +Before=ossec-agentless.service ossec-analysisd.service ossec-csyslog.service ossec-dbd.service ossec-execd.service ossec-logcollector.service ossec-monitord.service ossec-remoted.service ossec-syscheckd.service [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/server/ossec-monitord.service b/src/systemd/server/ossec-monitord.service index 6950bc4b3..22b132d50 100644 --- a/src/systemd/server/ossec-monitord.service +++ b/src/systemd/server/ossec-monitord.service @@ -1,6 +1,9 @@ [Unit] Description=OSSEC monitord PartOf=ossec-server.target +After=ossec-maild.service ossec-execd.service ossec-analysisd.service ossec-logcollector.service ossec-remoted.service ossec-syscehckd.service +Before=ossec-agentless.service ossec-csyslog.service ossec-dbd.service + [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/server/ossec-remoted.service b/src/systemd/server/ossec-remoted.service index c39015121..de13e0f2e 100644 --- a/src/systemd/server/ossec-remoted.service +++ b/src/systemd/server/ossec-remoted.service @@ -1,6 +1,8 @@ [Unit] Description=OSSEC remoted PartOf=ossec-server.target +After=ossec-maild.service ossec-execd.service ossec-analysisd.service ossec-logcollector +Before=ossec-agentless.service ossec-csyslog.service ossec-dbd.service ossec-monitord.service ossec-syscheckd.service [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/server/ossec-syscheckd.service b/src/systemd/server/ossec-syscheckd.service index 014404261..67014b785 100644 --- a/src/systemd/server/ossec-syscheckd.service +++ b/src/systemd/server/ossec-syscheckd.service @@ -1,6 +1,8 @@ [Unit] Description=OSSEC syscheckd PartOf=ossec-server.target +After=ossec-maild.service ossec-execd.service ossec-analysisd.service ossec-remoted.service +Before=ossec-agentless.service ossec-csyslog.service ossec-dbd.service ossec-monitord.service ossec-remoted.service [Service] EnvironmentFile=/etc/ossec-init.conf From 42a7434e520f3335317d39cdcf332afe984f57d1 Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Tue, 3 May 2016 09:04:06 -0400 Subject: [PATCH 03/16] Stop the processes too, I guess. I have no doubts the logic can improve, but I want to get a PoC in place. --- src/init/ossec-server.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/init/ossec-server.sh b/src/init/ossec-server.sh index 7d1449e0e..9aa49d215 100755 --- a/src/init/ossec-server.sh +++ b/src/init/ossec-server.sh @@ -184,6 +184,7 @@ testconfig() # Start function start() { + SDAEMONS="${DB_DAEMON} ${CSYSLOG_DAEMON} ${AGENTLESS_DAEMON} ossec-maild ossec-execd ossec-analysisd ossec-logcollector ossec-remoted ossec-syscheckd ossec-monitord" echo "Starting $NAME $VERSION (by $AUTHOR)..." @@ -192,6 +193,16 @@ start() echo "OSSEC analysisd: Testing rules failed. Configuration error. Exiting." exit 1; fi + + ## If the system is Linux, look for systemctl. If that file exists, use it. + ## XXX - system paths and exact execution are probably wrong. + if [ X`uname` == "XLinux" ]; then + if [ -x /sbin/systemctl ]; then + /sbin/ssytemctl start ossec-server.service + fi + exit 0 + fi + lock; checkpid; @@ -251,6 +262,14 @@ pstatus() stopa() { lock; + + if [ X`uname` == "XLinux" ]; then + if [ -x /sbin/systemctl ]; then + /sbin/systemctl stop ossec-server.service + fi + exit 0 + if + checkpid; for i in ${DAEMONS}; do pstatus ${i}; From 58bafaa9df99b8b8b0fbf0899762103e1119b8a7 Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Tue, 3 May 2016 09:31:59 -0400 Subject: [PATCH 04/16] Add enable files for dbd, agentlessd, and csyslogd. This should help systemd know when to start these programs. --- src/init/ossec-server.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/init/ossec-server.sh b/src/init/ossec-server.sh index 9aa49d215..228b0f608 100755 --- a/src/init/ossec-server.sh +++ b/src/init/ossec-server.sh @@ -109,10 +109,13 @@ enable() if [ "X$2" = "Xdatabase" ]; then echo "DB_DAEMON=ossec-dbd" >> ${PLIST}; + touch ${DIR}/etc/.dbd elif [ "X$2" = "Xclient-syslog" ]; then echo "CSYSLOG_DAEMON=ossec-csyslogd" >> ${PLIST}; + touch ${DIR}/etc/.csyslogd elif [ "X$2" = "Xagentless" ]; then echo "AGENTLESS_DAEMON=ossec-agentlessd" >> ${PLIST}; + touch ${DIR}/etc/.agentlessd elif [ "X$2" = "Xdebug" ]; then echo "DEBUG_CLI=\"-d\"" >> ${PLIST}; else From b425d0a1bd66f57587271c899fe4ef43e188b298 Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Tue, 3 May 2016 09:34:47 -0400 Subject: [PATCH 05/16] Require the dot files created when enabling via ossec-control to actually start the daemons --- src/systemd/server/ossec-agentless.service | 1 + src/systemd/server/ossec-csyslog.service | 1 + src/systemd/server/ossec-dbd.service | 1 + 3 files changed, 3 insertions(+) diff --git a/src/systemd/server/ossec-agentless.service b/src/systemd/server/ossec-agentless.service index fb9cb350d..f4b74388a 100644 --- a/src/systemd/server/ossec-agentless.service +++ b/src/systemd/server/ossec-agentless.service @@ -2,6 +2,7 @@ Description=OSSEC Agentless PartOf=ossec-server.target After=ossec-analysisd.service ossec-execd.service ossec-logcollector.service ossec-maild.service ossec-monitord.service ossec-remoted.service ossec-syscheckd.service +ConditionPathExists=/var/ossec/etc/.agentlessd [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/server/ossec-csyslog.service b/src/systemd/server/ossec-csyslog.service index c47224c96..b31be89e9 100644 --- a/src/systemd/server/ossec-csyslog.service +++ b/src/systemd/server/ossec-csyslog.service @@ -2,6 +2,7 @@ Description=OSSEC Syslog client PartOf=ossec-server.target After=ossec-analysisd.service ossec-dbd.service ossec-execd.service ossec-logcollector.service ossec-maild.service ossec-monitord.service ossec-remoted.service ossec-syscheckd.service +ConditionPathExists=/var/ossec/etc/.csyslogd [Service] EnvironmentFile=/etc/ossec-init.conf diff --git a/src/systemd/server/ossec-dbd.service b/src/systemd/server/ossec-dbd.service index 4f2b9f4d5..21ceb01da 100644 --- a/src/systemd/server/ossec-dbd.service +++ b/src/systemd/server/ossec-dbd.service @@ -2,6 +2,7 @@ Description=The OSSEC DBD PartOf=ossec-server.target After=ossec-analysisd.service ossec-execd.service ossec-logcollector.service ossec-maild.service ossec-monitord.service ossec-remoted.service ossec-syscheckd.service +ConditionPathExists=/var/ossec/etc/.dbd [Service] EnvironmentFile=/etc/ossec-init.conf From 358811a65c778eaf535cb793d972930d70680abb Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Tue, 3 May 2016 09:40:13 -0400 Subject: [PATCH 06/16] Enable disable in systemd setups. --- src/init/ossec-server.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/init/ossec-server.sh b/src/init/ossec-server.sh index 228b0f608..30febcc0e 100755 --- a/src/init/ossec-server.sh +++ b/src/init/ossec-server.sh @@ -140,10 +140,13 @@ disable() if [ "X$2" = "Xdatabase" ]; then echo "DB_DAEMON=\"\"" >> ${PLIST}; + rm /var/ossec/etc/.dbd elif [ "X$2" = "Xclient-syslog" ]; then echo "CSYSLOG_DAEMON=\"\"" >> ${PLIST}; + rm /var/ossec/etc/.csyslogd elif [ "X$2" = "Xagentless" ]; then echo "AGENTLESS_DAEMON=\"\"" >> ${PLIST}; + rm /var/ossec/etc/.agentlessd elif [ "X$2" = "Xdebug" ]; then echo "DEBUG_CLI=\"\"" >> ${PLIST}; else From fccfb6baf2c3896455d25c7643f06ce0bbfce4e9 Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Wed, 24 Aug 2016 10:05:02 -0400 Subject: [PATCH 07/16] ssytemctl -> systemctl from @jrossi --- src/init/ossec-server.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/init/ossec-server.sh b/src/init/ossec-server.sh index 817f9e1fa..141797054 100755 --- a/src/init/ossec-server.sh +++ b/src/init/ossec-server.sh @@ -204,7 +204,7 @@ start() ## XXX - system paths and exact execution are probably wrong. if [ X`uname` == "XLinux" ]; then if [ -x /sbin/systemctl ]; then - /sbin/ssytemctl start ossec-server.service + /sbin/systemctl start ossec-server.service fi exit 0 fi From 2e2dccf1504e6d89ef570aebb0a8510cdec6526a Mon Sep 17 00:00:00 2001 From: ddp Date: Thu, 15 Sep 2016 07:50:49 -0400 Subject: [PATCH 08/16] I think ossec-server.service should be ossec-server.target. Add the same stuff for ossec-agent --- src/init/ossec-client.sh | 15 +++++++++++++++ src/init/ossec-server.sh | 4 ++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/init/ossec-client.sh b/src/init/ossec-client.sh index 35c030309..cada7540e 100755 --- a/src/init/ossec-client.sh +++ b/src/init/ossec-client.sh @@ -124,6 +124,13 @@ start() lock; checkpid; + if [ X`uname` == "XLinux" ]; then + if [ -x /sbin/systemctl ]; then + /sbin/systemctl start ossec-agent.target + fi + exit 0 + fi + # We actually start them now. for i in ${SDAEMONS}; do pstatus ${i}; @@ -180,6 +187,14 @@ pstatus() stopa() { lock; + + if [ X`uname` == "XLinux" ] then + if [ -X /sbin/systemctl ]; then + /sbin/systemctl stop ossec-agent.target + fi + exit 0 + fi + checkpid; for i in ${DAEMONS}; do pstatus ${i}; diff --git a/src/init/ossec-server.sh b/src/init/ossec-server.sh index 141797054..af7f84675 100755 --- a/src/init/ossec-server.sh +++ b/src/init/ossec-server.sh @@ -204,7 +204,7 @@ start() ## XXX - system paths and exact execution are probably wrong. if [ X`uname` == "XLinux" ]; then if [ -x /sbin/systemctl ]; then - /sbin/systemctl start ossec-server.service + /sbin/systemctl start ossec-server.target fi exit 0 fi @@ -271,7 +271,7 @@ stopa() if [ X`uname` == "XLinux" ]; then if [ -x /sbin/systemctl ]; then - /sbin/systemctl stop ossec-server.service + /sbin/systemctl stop ossec-server.target fi exit 0 if From 3da96bf01971ef80b789ef1eca913aa9aa63e302 Mon Sep 17 00:00:00 2001 From: ddp Date: Thu, 15 Sep 2016 08:06:45 -0400 Subject: [PATCH 09/16] UNTESTED: Try to install the systemd files --- src/Makefile | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/Makefile b/src/Makefile index 25c1afb2c..6602394d9 100644 --- a/src/Makefile +++ b/src/Makefile @@ -350,6 +350,10 @@ install-agent: install-common install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids +ifeq (${uname_S},Linux) + install -m 0444 systemd/system/ossec-agentd.service systemd/system/ossec-agent.target systemd/system/ossec-execd.service systemd/system/ossec-logcollector.service systemd/system/ossec-syscheckd.service /etc/systemd/system/ +endif + install-local: install-server-generic install-hybrid: install-server-generic @@ -477,6 +481,10 @@ endif install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/decoder.xml ${PREFIX}/etc/ +ifeq (${uname_S},Linux) + install -m 0444 -o root -g root systemd/system/ossec-agentsless.service systemd/system/ossec-analysisd.service systemd/system/ossec-csyslog.service systemd/system/ossec-dbd.service systemd/system/ossec-execd.service systemd/system/ossec-logcollector.service systemd/system/ossec-maild.service systemd/system/ossec-monitord.service systemd/system/ossec-remoted.service systemd/system/ossec-server.target systemd/system/ossec-syscheckd.service /etc/systemd/system/ +endif + rm -f ${PREFIX}/etc/shared/merged.mg From ea84264e56a0a1987072e218731c3d5c76bceea9 Mon Sep 17 00:00:00 2001 From: ddp Date: Thu, 15 Sep 2016 08:10:35 -0400 Subject: [PATCH 10/16] Silly typo. --- src/init/ossec-client.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/init/ossec-client.sh b/src/init/ossec-client.sh index cada7540e..868564a20 100755 --- a/src/init/ossec-client.sh +++ b/src/init/ossec-client.sh @@ -188,7 +188,7 @@ stopa() { lock; - if [ X`uname` == "XLinux" ] then + if [ X`uname` == "XLinux" ]; then if [ -X /sbin/systemctl ]; then /sbin/systemctl stop ossec-agent.target fi From 0c1817f046974fd54ffa2b27b7216f43d325dd25 Mon Sep 17 00:00:00 2001 From: ddp Date: Thu, 15 Sep 2016 09:11:56 -0400 Subject: [PATCH 11/16] ENEEDCOFFEE: Fix the paths. --- src/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Makefile b/src/Makefile index 6602394d9..f9d04990b 100644 --- a/src/Makefile +++ b/src/Makefile @@ -351,7 +351,7 @@ install-agent: install-common install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids ifeq (${uname_S},Linux) - install -m 0444 systemd/system/ossec-agentd.service systemd/system/ossec-agent.target systemd/system/ossec-execd.service systemd/system/ossec-logcollector.service systemd/system/ossec-syscheckd.service /etc/systemd/system/ + install -m 0444 systemd/agent/ossec-agentd.service systemd/agent/ossec-agent.target systemd/agent/ossec-execd.service systemd/agent/ossec-logcollector.service systemd/agent/ossec-syscheckd.service /etc/systemd/system/ endif install-local: install-server-generic @@ -482,7 +482,7 @@ endif install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/decoder.xml ${PREFIX}/etc/ ifeq (${uname_S},Linux) - install -m 0444 -o root -g root systemd/system/ossec-agentsless.service systemd/system/ossec-analysisd.service systemd/system/ossec-csyslog.service systemd/system/ossec-dbd.service systemd/system/ossec-execd.service systemd/system/ossec-logcollector.service systemd/system/ossec-maild.service systemd/system/ossec-monitord.service systemd/system/ossec-remoted.service systemd/system/ossec-server.target systemd/system/ossec-syscheckd.service /etc/systemd/system/ + install -m 0444 -o root -g root systemd/server/ossec-agentsless.service systemd/server/ossec-analysisd.service systemd/server/ossec-csyslog.service systemd/server/ossec-dbd.service systemd/server/ossec-execd.service systemd/server/ossec-logcollector.service systemd/server/ossec-maild.service systemd/server/ossec-monitord.service systemd/server/ossec-remoted.service systemd/server/ossec-server.target systemd/server/ossec-syscheckd.service /etc/systemd/system/ endif rm -f ${PREFIX}/etc/shared/merged.mg From 79fd4e128559d8ee510bae880cfb9cd2d3b68b29 Mon Sep 17 00:00:00 2001 From: ddp Date: Thu, 15 Sep 2016 09:12:38 -0400 Subject: [PATCH 12/16] I forgot /bin/sh is neutered on Ubuntu. --- src/init/ossec-client.sh | 4 ++-- src/init/ossec-server.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/init/ossec-client.sh b/src/init/ossec-client.sh index 868564a20..1b52aeca1 100755 --- a/src/init/ossec-client.sh +++ b/src/init/ossec-client.sh @@ -124,7 +124,7 @@ start() lock; checkpid; - if [ X`uname` == "XLinux" ]; then + if [ X`uname` = "XLinux" ]; then if [ -x /sbin/systemctl ]; then /sbin/systemctl start ossec-agent.target fi @@ -188,7 +188,7 @@ stopa() { lock; - if [ X`uname` == "XLinux" ]; then + if [ X`uname` = "XLinux" ]; then if [ -X /sbin/systemctl ]; then /sbin/systemctl stop ossec-agent.target fi diff --git a/src/init/ossec-server.sh b/src/init/ossec-server.sh index af7f84675..e0e943f41 100755 --- a/src/init/ossec-server.sh +++ b/src/init/ossec-server.sh @@ -202,7 +202,7 @@ start() ## If the system is Linux, look for systemctl. If that file exists, use it. ## XXX - system paths and exact execution are probably wrong. - if [ X`uname` == "XLinux" ]; then + if [ X`uname` = "XLinux" ]; then if [ -x /sbin/systemctl ]; then /sbin/systemctl start ossec-server.target fi @@ -269,7 +269,7 @@ stopa() { lock; - if [ X`uname` == "XLinux" ]; then + if [ X`uname` = "XLinux" ]; then if [ -x /sbin/systemctl ]; then /sbin/systemctl stop ossec-server.target fi From 2f4d8595d7a6b50f7e0068d31e13da1c3afbd3aa Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Thu, 15 Sep 2016 09:36:09 -0400 Subject: [PATCH 13/16] Try to appease systems without /etc/systemd/system --- src/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Makefile b/src/Makefile index f9d04990b..8a7a0b2e1 100644 --- a/src/Makefile +++ b/src/Makefile @@ -351,7 +351,7 @@ install-agent: install-common install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/rids ifeq (${uname_S},Linux) - install -m 0444 systemd/agent/ossec-agentd.service systemd/agent/ossec-agent.target systemd/agent/ossec-execd.service systemd/agent/ossec-logcollector.service systemd/agent/ossec-syscheckd.service /etc/systemd/system/ + if [ -d /etc/systemd/system ]; then install -m 0444 systemd/agent/ossec-agentd.service systemd/agent/ossec-agent.target systemd/agent/ossec-execd.service systemd/agent/ossec-logcollector.service systemd/agent/ossec-syscheckd.service /etc/systemd/system/; fi endif install-local: install-server-generic @@ -482,7 +482,7 @@ endif install -m 0640 -o root -g ${OSSEC_GROUP} ../etc/decoder.xml ${PREFIX}/etc/ ifeq (${uname_S},Linux) - install -m 0444 -o root -g root systemd/server/ossec-agentsless.service systemd/server/ossec-analysisd.service systemd/server/ossec-csyslog.service systemd/server/ossec-dbd.service systemd/server/ossec-execd.service systemd/server/ossec-logcollector.service systemd/server/ossec-maild.service systemd/server/ossec-monitord.service systemd/server/ossec-remoted.service systemd/server/ossec-server.target systemd/server/ossec-syscheckd.service /etc/systemd/system/ + if [ -d /etc/systemd/system ]; then install -m 0444 -o root -g root systemd/server/ossec-agentsless.service systemd/server/ossec-analysisd.service systemd/server/ossec-csyslog.service systemd/server/ossec-dbd.service systemd/server/ossec-execd.service systemd/server/ossec-logcollector.service systemd/server/ossec-maild.service systemd/server/ossec-monitord.service systemd/server/ossec-remoted.service systemd/server/ossec-server.target systemd/server/ossec-syscheckd.service /etc/systemd/system/; fi endif rm -f ${PREFIX}/etc/shared/merged.mg From e38707622a18e6ecc4a4a8c95094b87ca54cd304 Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Tue, 1 Nov 2016 06:43:29 -0400 Subject: [PATCH 14/16] X -> x --- src/init/ossec-client.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/init/ossec-client.sh b/src/init/ossec-client.sh index 1b52aeca1..fbb870772 100755 --- a/src/init/ossec-client.sh +++ b/src/init/ossec-client.sh @@ -189,7 +189,7 @@ stopa() lock; if [ X`uname` = "XLinux" ]; then - if [ -X /sbin/systemctl ]; then + if [ -x /sbin/systemctl ]; then /sbin/systemctl stop ossec-agent.target fi exit 0 From 0a092654d2dc15768d0975c84b7ab6264d10b738 Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Tue, 1 Nov 2016 06:51:19 -0400 Subject: [PATCH 15/16] I'm not sure why I thought systemctl was installed in /sbin, it's actually in /bin. Try to make it less location dependent. --- src/init/ossec-client.sh | 12 ++++++++---- src/init/ossec-server.sh | 14 ++++++++++---- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/src/init/ossec-client.sh b/src/init/ossec-client.sh index fbb870772..1b1fe4871 100755 --- a/src/init/ossec-client.sh +++ b/src/init/ossec-client.sh @@ -9,6 +9,10 @@ PWD=`pwd` DIR=`dirname $PWD`; +if [ X`uname` = "XLinux" ]; then + SYSTEMCTL=`which systemctl` +fi + ### Do not modify bellow here ### NAME="OSSEC HIDS" VERSION="v2.9.0" @@ -125,8 +129,8 @@ start() checkpid; if [ X`uname` = "XLinux" ]; then - if [ -x /sbin/systemctl ]; then - /sbin/systemctl start ossec-agent.target + if [ -x ${SYSTEMCTL} ]; then + ${SYSTEMCTL} start ossec-agent.target fi exit 0 fi @@ -189,8 +193,8 @@ stopa() lock; if [ X`uname` = "XLinux" ]; then - if [ -x /sbin/systemctl ]; then - /sbin/systemctl stop ossec-agent.target + if [ -x ${SYSTEMCTL} ]; then + ${SYSTEMCTL} stop ossec-agent.target fi exit 0 fi diff --git a/src/init/ossec-server.sh b/src/init/ossec-server.sh index e0e943f41..15d5cc41c 100755 --- a/src/init/ossec-server.sh +++ b/src/init/ossec-server.sh @@ -10,6 +10,12 @@ PWD=`pwd` DIR=`dirname $PWD`; PLIST=${DIR}/bin/.process_list; + +if [ X`uname` = "XLinux" ]; then + SYSTEMCTL=`which systemctl` +fi + + ### Do not modify bellow here ### # Getting additional processes @@ -203,8 +209,8 @@ start() ## If the system is Linux, look for systemctl. If that file exists, use it. ## XXX - system paths and exact execution are probably wrong. if [ X`uname` = "XLinux" ]; then - if [ -x /sbin/systemctl ]; then - /sbin/systemctl start ossec-server.target + if [ -x ${SYSTEMCTL} ]; then + ${SYSTEMCTL} start ossec-server.target fi exit 0 fi @@ -270,8 +276,8 @@ stopa() lock; if [ X`uname` = "XLinux" ]; then - if [ -x /sbin/systemctl ]; then - /sbin/systemctl stop ossec-server.target + if [ -x ${SYSTEMCTL} ]; then + ${SYSTEMCTL} stop ossec-server.target fi exit 0 if From 0bc9ad2c3f9acd16c04e3fd29f50640d2de0d38f Mon Sep 17 00:00:00 2001 From: ddpbsd Date: Wed, 22 Aug 2018 13:05:53 -0400 Subject: [PATCH 16/16] 2 silly mistakes spotted by phamvuong --- src/init/ossec-server.sh | 2 +- src/systemd/agent/ossec-execd.service | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/init/ossec-server.sh b/src/init/ossec-server.sh index b4c33250d..b8ce0ede6 100755 --- a/src/init/ossec-server.sh +++ b/src/init/ossec-server.sh @@ -297,7 +297,7 @@ stopa() ${SYSTEMCTL} stop ossec-server.target fi exit 0 - if + fi checkpid; for i in ${DAEMONS}; do diff --git a/src/systemd/agent/ossec-execd.service b/src/systemd/agent/ossec-execd.service index 97ef60dde..dbc841e90 100644 --- a/src/systemd/agent/ossec-execd.service +++ b/src/systemd/agent/ossec-execd.service @@ -1,7 +1,7 @@ [Unit] Description=OSSEC Execd PartOf=ossec-agent.target -Before=ossec-ossec-syscheckd.service ossec-agentd.service ossec-logcollector.service +Before=ossec-syscheckd.service ossec-agentd.service ossec-logcollector.service [Service] EnvironmentFile=/etc/ossec-init.conf