# ebuild for OSSEC-HIDS required

## Corvinian

Hello,

I require an ebuild for OSSEC - Host Intrusion Detection System.

http://www.ossec.net/

there was a thread about OSSEC-HIDS in Gentoo Forum:

https://forums.gentoo.org/viewtopic-t-487233-highlight-ossec.html

and also a Bugzilla-Entry: 

https://bugs.gentoo.org/show_bug.cgi?id=143233

but there's currently no (official) ebuild.

AFAIK there has been an ebuild on Stuart Herbert's Overlay via

'layman -a stuart-server'. Problem is the overlay does not exist anymore.

'wget http://www.gentoo.org/proj/en/overlays/layman-global.txt'

```
<overlay

      type = "svn"

      src  = "http://overlays.gentoo.org/svn/dev/stuart/server"

      contact = "stuart@gentoo.org"

      status  = "official"

      name = "stuart-server">

    <link>

      http://overlays.gentoo.org/dev/stuart/server/

    </link>

    <description>

      Development overlay for miscellaneous server-related ebuilds that

      I plan to commit to the tree myself, or find another owner for.

    </description>

  </overlay>

```

AFAIK stuart@gentoo.org has retired as official Gentoo developer.

But there must be snapshots/backups for this ebuild.

Does anybody know how to get (to) it or has a copy?

so long ...

Corvinian

----------

## Caiman

https://ossec.github.io/downloads.html

Latest Stable Release (2.9.1)

So .. after ~10 years ...does it worth for ebuild ?

----------

## pjp

The current bug opened in 2015 and last updated in 2016 is https://bugs.gentoo.org/545788

Based on that and its references along with the references in the 10 year old original post, it doesn't appear anyone as been able to create an ebuild. Efforts have seemed to start and go nowhere, so maybe no one who has tried has been able.

Do you know how to install it on Gentoo without an ebuild? Those details might help someone to create an ebuild.

----------

## Caiman

wget http://www.ossec.net/files/ossec-hids-latest.tar.gz

tar -zxvf ossec-hids-*.tar.gz (or gunzip -d; tar -xvf) 

cd ossec-hids-* 

./install.sh 

#review /edit 

/var/ossec/etc/ossec.conf

 rc-service ossec start

 rc-service ossec status

 * /etc/init.d/ossec uses runscript, please convert to openrc-run.

 * Use of the opts variable is deprecated and will be

 * removed in the future.

 * Please use extra_commands, extra_started_commands or extra_stopped_commands.

ossec-monitord is running...

ossec-logcollector is running...

ossec-remoted is running...

ossec-syscheckd is running...

ossec-analysisd is running...

ossec-maild is running...

ossec-execd is running...

----------

## pjp

That install script appears to bypass any package management. 

I've been curious about OSSEC in the past, so I started looking around. I've only built a few very simple ebuilds, so for me, the requirements needed to make an ebuild do not appear to be at all simple. 

At a minimum, the items here need to be addressed, and there appear to be others as well. Apparently an install can be of 4 different types (server/agent/hybrid/local), so probably more than one ebuild is required. Documentation for installing from source is not as good as it could be (or certainly not as straight forward as I'd need to get it done any time soon).

Another possibility to consider would be using another packaged format. I know there is some capability for Portage to use RPMs, not sure about apt packages.

And I just came across a series of posts from 2015 by a forum moderator, admin and a Gentoo developer. You can read those comments in this thread. With that in mind, I'm calling this one beyond my time and current interest level to try creating.

----------

## Caiman

https://github.com/ossec/ossec-hids/releases/tag/3.0.0

----------

## Caiman

Latest Stable Release (3.2.0)

https://www.ossec.net/downloads.html

----------

## Caiman

https://packages.gentoo.org/packages/net-analyzer/ossec-hids     <-- 3.1 here

----------

