New RPM spec file for issue #574

[dsvetlov]

Hello!

I have make new spec file from atomicorp's one. This files uses only vanila OSSEC code from github repo and default configs from it.

I test it briefly. Seems it works. RPM builds, server and client from it works.

Hope it will help resolve issues #574 and #575

[awiddersheim]

Restarted the build. Last one failed downloading packages or something.

[dsvetlov]

Hi! Is there any problems with mergin this? How can I help?

[awiddersheim]

Seems okay to me. @atomicturtle any objections?

[atomicturtle]

Since this is based off my WIP spec file for 2.9, I'll go over the other things left to finish up here.

1. On 2.9 we're only getting partial relro via full relro we had on 2.8
2. I hadnt finished verifying all the permissions were set correctly
3. The postgres module needs to be implemented
4. cosmetics, I was planning on renaming it from "ossec-hids-client" to "ossec-hids-agent"
5. conditional logic for the systemd service files
6. Letters in a version field (2.9.0b3). This is going to look "newer" than "2.9.0" on an upgrade event.
7. the authd certificate generation step isnt complete
8. the geoip or other conditionals are better used via "with_XXXX" instead of a binary 0/1 case. This is so it can be passed in as a build time argument with mock or rpmbuild
9. is there some reason you dropped the rules.d & decoders.d directories?

[dsvetlov]

1. On 2.9 we're only getting partial relro via full relro we had on 2.8
   Can you, please, explain? I don't understand. What is relro?

2. I hadnt finished verifying all the permissions were set correctly
   I'm too, but I install packages, and it runs well last weeks.

3. The postgres module needs to be implemented

4. cosmetics, I was planning on renaming it from "ossec-hids-client" to "ossec-hids-agent"
   Will do that.

5. conditional logic for the systemd service files.
   I was planed do this, when request Add systemd unit files for OSSEC Server and Agent #619 will be merged. Install.sh also need to be edited.

6. Letters in a version field (2.9.0b3). This is going to look "newer" than "2.9.0" on an upgrade event.

7. the authd certificate generation step isnt complete

8. the geoip or other conditionals are better used via "with_XXXX" instead of a binary 0/1 case. This is so it can be passed in as a build time argument with mock or rpmbuild
   Will fix that.

9. is there some reason you dropped the rules.d & decoders.d directories?
   Default config of ossec do not contain rules.d & decoders.d directories. So, rpm will create this dirs, but use default config, nothing will work. I'm plan add it in next pull requests simultaneously in ossec.conf, install.sh and specs.

[opoplawski]

This seems to have stalled. Any movement here?

[atomicturtle]

Yeah, its living here at the moment as part of the QA step I'm using to tag the RC builds: http://updates.atomicorp.com/channels/source/ossec-hids/ossec-hids.spec

[phamvuong]

I think we could use macro %{_sbindir} instead of hardcode /usr/sbin here