-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial import of OSSEC 3.8.0 for OpenArmor port
This commit marks the beginning of porting OSSEC (Open Source Host-based Intrusion Detection System) version 3.8.0 to OpenArmor. OSSEC is a comprehensive platform for system monitoring and control, integrating HIDS, log monitoring, and SIM/SIEM capabilities. Key components imported for adaptation: - Core OSSEC functionality - File Integrity Monitoring (FIM) - Log analysis engine - Rootkit detection - Real-time alerting and active response capabilities This initial import establishes the foundation for adapting OSSEC to the OpenArmor framework. Subsequent commits will focus on necessary modifications, optimizations, and integration work specific to OpenArmor. Original OSSEC source: https://www.ossec.net
- Loading branch information
0 parents
commit 7611331
Showing
1,778 changed files
with
285,391 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
name: "CodeQL" | ||
|
||
on: | ||
push: | ||
branches: [ 'master' ] | ||
pull_request: | ||
# The branches below must be a subset of the branches above | ||
branches: [ 'master' ] | ||
schedule: | ||
- cron: '2 14 * * 2' | ||
|
||
jobs: | ||
analyze: | ||
name: Analyze | ||
runs-on: ubuntu-latest | ||
permissions: | ||
actions: read | ||
contents: read | ||
security-events: write | ||
|
||
strategy: | ||
fail-fast: false | ||
matrix: | ||
language: [ 'cpp', 'python' ] | ||
include: | ||
- os: ubuntu-18.04 | ||
DB: none | ||
openarmor_TYPE: agent | ||
GEOIP: no | ||
PCRE2_SYSTEM: no | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v2 | ||
with: | ||
languages: ${{ matrix.language }} | ||
|
||
- run: | | ||
sudo apt-get update -qq | ||
sudo apt-get install -y libevent-dev libsystemd-dev | ||
wget https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz && tar xzf pcre2-10.32.tar.gz -C src/external | ||
if [[ "${GEOIP}" == "yes" ]]; then ( sudo apt-get install geoip-bin geoip-database libgeoip-dev libgeoip1 ); fi | ||
if [[ "${PRELUDE}" == "yes" ]]; then ( sudo apt-get install libprelude-dev ); fi | ||
if [[ "${ZEROMQ}" == "yes" ]]; then ( sudo apt-get install libzmq3-dev libtool autoconf libczmq-dev ); fi | ||
if [[ "${openarmor_TYPE}" == "winagent" ]]; then ( sudo apt-get install aptitude && sudo aptitude -y install mingw-w64 nsis ); fi | ||
if [[ "${openarmor_TYPE}" == "server" ]]; then ( sudo apt-get install libsqlite3-dev sqlite3 ); fi | ||
if [[ "${openarmor_TYPE}" == "test" ]]; then if [ `uname -m` = "aarch64"]; then (sudo apt-get install check libc6-dbg && wget -q http://ports.ubuntu.com/pool/main/v/valgrind/valgrind_3.15.0-1ubuntu9.1_arm64.deb && sudo dpkg -i valgrind_3.15.0-1ubuntu9.1_arm64.deb ) ; else ( sudo apt-get install check valgrind ); fi; fi | ||
COMMAND="V=1 TARGET=${openarmor_TYPE}" && if ! [[ "${DB}" = "none" ]]; then COMMAND="${COMMAND} DATABASE=${DB}"; fi && if [[ "${GEOIP}" = "yes" ]]; then COMMAND="${COMMAND} USE_GEOIP=1"; fi && if [[ "${PRELUDE}" = "yes" ]]; then COMMAND="${COMMAND} USE_PRELUDE=1"; fi && if [[ "${ZEROMQ}" = "yes" ]]; then COMMAND="${COMMAND} USE_ZEROMQ=1"; fi && if [[ "${openarmor_TYPE}" = "test" ]]; then COMMAND="${COMMAND} USE_PCRE2_JIT=0"; fi && if [[ "${ARCH}" = "arm64" ]]; then ./build.sh; fi && ( cd src/ && make --warn-undefined-variables ${COMMAND} settings && make --warn-undefined-variables ${COMMAND} external -j && make --warn-undefined-variables ${COMMAND} -j ) && if ! [[ "${openarmor_TYPE}" = "test" || "${openarmor_TYPE}" = "winagent" ]]; then ( cd src/ && sudo make --warn-undefined-variables ${COMMAND} install ) fi | ||
if [[ "${openarmor_TYPE}" == "test" ]]; then ( cd src/ && make --warn-undefined-variables test_valgrind ) fi | ||
if [[ "${RULES}" == "test" ]]; then ( cd src/ && sudo make V=1 TARGET=server test-rules ) fi | ||
env: | ||
DB: '${{ matrix.DB }}' | ||
openarmor_TYPE: '${{ matrix.openarmor_TYPE }}' | ||
GEOIP: '${{ matrix.GEOIP }}' | ||
PCRE2_SYSTEM: '${{ matrix.PCRE2_SYSTEM }}' | ||
RULES: '${{ matrix.RULES }}' | ||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v2 | ||
with: | ||
category: "/language:${{matrix.language}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
*.so | ||
*.o | ||
*.a | ||
*.dSYM | ||
.DS_Store | ||
*.dll | ||
*.exe | ||
|
||
# Auto generated build files | ||
src/LOCATION | ||
src/external/zlib-1.2.11/configure.log | ||
src/external/zlib-1.2.11/Makefile | ||
src/external/zlib-1.2.11/zconf.h | ||
src/external/zlib-1.2.11/zlib.pc | ||
src/external/zlib-1.2.11/zlib.3.pdf | ||
src/isbigendian.c | ||
src/analysisd/compiled_rules/compiled_rules.h | ||
etc/openarmor.mc | ||
src/Config.OS | ||
src/external/zlib-1.2.8/ztest* | ||
|
||
# Compiled programs | ||
src/agent-auth | ||
src/agent_control | ||
src/clear_stats | ||
src/external/lua-5.2.3/src/openarmor-lua | ||
src/external/lua-5.2.3/src/openarmor-luac | ||
src/isbigendian | ||
src/list_agents | ||
src/manage_agents | ||
src/openarmor-agentd | ||
src/openarmor-agentlessd | ||
src/openarmor-analysisd | ||
src/openarmor-authd | ||
src/openarmor-csyslogd | ||
src/openarmor-dbd | ||
src/openarmor-execd | ||
src/openarmor-logcollector | ||
src/openarmor-logtest | ||
src/openarmor-maild | ||
src/openarmor-makelists | ||
src/openarmor-monitord | ||
src/openarmor-regex | ||
src/openarmor-regex-convert | ||
src/openarmor-remoted | ||
src/openarmor-reportd | ||
src/openarmor-syscheckd | ||
src/rootcheck_control | ||
src/syscheck_control | ||
src/syscheck_update | ||
src/verify-agent-conf | ||
|
||
|
||
# Eclipse files | ||
.cproject | ||
.project | ||
.settings/ | ||
|
||
# temporary vim files | ||
*.swp | ||
*.swo | ||
|
||
# patch files | ||
*.rej | ||
*.orig | ||
|
||
# test and coverage files | ||
*.gcno | ||
*.gcda | ||
src/coverage-report/ | ||
src/openarmor.test | ||
src/test_os_crypto | ||
src/test_os_net | ||
src/test_os_regex | ||
src/test_os_xml | ||
src/test_os_zlib | ||
src/test_shared | ||
|
||
# Windows-specific build output: | ||
src/win32/LICENSE.txt | ||
src/win32/default-local_internal_options.conf | ||
src/win32/default-openarmor.conf | ||
src/win32/help_win.txt | ||
src/win32/internal_options.conf | ||
src/win32/restart-openarmor.cmd | ||
src/win32/route-null.cmd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
language: c | ||
dist: bionic | ||
|
||
notifications: | ||
irc: | ||
- "chat.freenode.net#openarmor" | ||
slack: | ||
secure: Cz1InEL5G+z2huuzilXe7BqfxlEjN4io5ylJa5jgPvGMlB5sIQZTQQ7PDrzcK0iwn+5xgDkXKwbNPV2k+NHNTtNFiuBrcnJbyeA8PjghtAw4hg/Vpl5+5ovySZT9pGSV7ySsA8nGD73hlcQFgWnYDhsugQ6UZyRXAN8vLLCLjPg= | ||
|
||
env: | ||
- DB=mysql openarmor_TYPE=server GEOIP=yes PCRE2_SYSTEM=no | ||
- DB=mysql openarmor_TYPE=server GEOIP=no PCRE2_SYSTEM=no | ||
- DB=pgsql openarmor_TYPE=server GEOIP=yes PCRE2_SYSTEM=no | ||
- DB=pgsql openarmor_TYPE=server GEOIP=no PCRE2_SYSTEM=no | ||
- DB=none openarmor_TYPE=server GEOIP=yes PCRE2_SYSTEM=no | ||
- DB=none openarmor_TYPE=server GEOIP=no PCRE2_SYSTEM=no | ||
- DB=none openarmor_TYPE=server PRELUDE=yes ZEROMQ=yes PCRE2_SYSTEM=no | ||
- DB=none openarmor_TYPE=server ZLIB_SYSTEM=yes LUA_ENABLE=no PCRE2_SYSTEM=no | ||
- DB=none openarmor_TYPE=local GEOIP=no PCRE2_SYSTEM=no | ||
- DB=none openarmor_TYPE=hybrid GEOIP=no PCRE2_SYSTEM=no | ||
- DB=none openarmor_TYPE=agent GEOIP=no PCRE2_SYSTEM=no | ||
- openarmor_TYPE=test PCRE2_SYSTEM=no | ||
- openarmor_TYPE=server RULES=test PCRE2_SYSTEM=no | ||
|
||
|
||
compiler: | ||
- gcc | ||
- clang | ||
|
||
|
||
arch: | ||
- amd64 | ||
- arm64 | ||
|
||
matrix: | ||
fast_finish: true | ||
exclude: | ||
- arch: arm64 | ||
env: DB=none openarmor_TYPE=winagent GEOIP=no PCRE2_SYSTEM=no | ||
- compiler: clang | ||
env: DB=none openarmor_TYPE=winagent GEOIP=no PCRE2_SYSTEM=no | ||
- compiler: clang | ||
env: openarmor_TYPE=server RULES=test PCRE2_SYSTEM=no | ||
|
||
jobs: | ||
include: | ||
- arch: arm64 | ||
compiler: gcc | ||
env: DB=none openarmor_TYPE=agent GEOIP=no PCRE2_SYSTEM=yes ARCH=arm64 | ||
env: openarmor_TYPE=server RULES=test | ||
|
||
before_script: | ||
- sudo apt-get update -qq | ||
- sudo apt-get install -y libevent-dev libsystemd-dev | ||
- ( wget https://ftp.pcre.org/pub/pcre/pcre2-10.32.tar.gz | ||
&& tar xzf pcre2-10.32.tar.gz -C src/external ) | ||
- if [[ "${GEOIP}" == "yes" ]]; then ( sudo apt-get install geoip-bin geoip-database libgeoip-dev libgeoip1 ); fi | ||
- if [[ "${PRELUDE}" == "yes" ]]; then ( sudo apt-get install libprelude-dev ); fi | ||
- if [[ "${ZEROMQ}" == "yes" ]]; then ( sudo apt-get install libzmq3-dev libtool autoconf libczmq-dev ); fi | ||
- if [[ "${openarmor_TYPE}" == "winagent" ]]; then ( sudo apt-get install aptitude && sudo aptitude -y install mingw-w64 nsis ); fi | ||
- if [[ "${openarmor_TYPE}" == "server" ]]; then ( sudo apt-get install libsqlite3-dev sqlite3 ); fi | ||
- if [[ "${openarmor_TYPE}" == "test" ]]; then if [ `uname -m` = "aarch64" ]; then (sudo apt-get install check libc6-dbg && wget -q http://ports.ubuntu.com/pool/main/v/valgrind/valgrind_3.15.0-1ubuntu9.1_arm64.deb && sudo dpkg -i valgrind_3.15.0-1ubuntu9.1_arm64.deb ) ; else ( sudo apt-get install check valgrind ); fi; fi | ||
|
||
|
||
script: | ||
- COMMAND="V=1 TARGET=${openarmor_TYPE}" | ||
&& if ! [[ "${DB}" = "none" ]]; then COMMAND="${COMMAND} DATABASE=${DB}"; fi | ||
&& if [[ "${GEOIP}" = "yes" ]]; then COMMAND="${COMMAND} USE_GEOIP=1"; fi | ||
&& if [[ "${PRELUDE}" = "yes" ]]; then COMMAND="${COMMAND} USE_PRELUDE=1"; fi | ||
&& if [[ "${ZEROMQ}" = "yes" ]]; then COMMAND="${COMMAND} USE_ZEROMQ=1"; fi | ||
&& if [[ "${openarmor_TYPE}" = "test" ]]; then COMMAND="${COMMAND} USE_PCRE2_JIT=0"; fi | ||
&& if [[ "${ARCH}" = "arm64" ]]; then ./build.sh; fi | ||
&& ( cd src/ | ||
&& make --warn-undefined-variables ${COMMAND} settings | ||
&& make --warn-undefined-variables ${COMMAND} external -j | ||
&& make --warn-undefined-variables ${COMMAND} -j ) | ||
&& if ! [[ "${openarmor_TYPE}" = "test" || "${openarmor_TYPE}" = "winagent" ]]; then ( cd src/ && sudo make --warn-undefined-variables ${COMMAND} install ) fi | ||
|
||
- if [[ "${openarmor_TYPE}" == "test" ]]; then ( cd src/ && make --warn-undefined-variables test_valgrind ) fi | ||
- if [[ "${RULES}" == "test" ]]; then ( cd src/ && sudo make V=1 TARGET=server test-rules ) fi | ||
|
||
|
||
deploy: | ||
provider: releases | ||
api_key: | ||
secure: "DiVPTCt1C8XCmFlzcpmFkqfRmxz85/RCE2euvU/c1EiABjfO20aZARCC9zsepAwAGWWsq3uGRLp0aVuJuh4LvTdGxIJDOqYR8z1pByfY4epgE7zmRCIWjx+nAwBpLlfYalMWFpt7vmPp9mKycFkUR2NFoiEfOgoO9wGN0ZgmwSM=" | ||
file: src/win-pkg/openarmor-win32-agent.exe | ||
skip_cleanup: true | ||
on: | ||
tags: true | ||
all_branches: true | ||
repo: openarmor/openarmor-hids | ||
condition: $openarmor_TYPE = winagent | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
openarmor v3.8.0 | ||
Copyright (C) 2019 Trend Micro Inc. | ||
|
||
** Reporting bugs ** | ||
|
||
Please, make sure to include the following information: | ||
|
||
-openarmor version number. | ||
-Content of /etc/openarmor-init.conf | ||
-Content of /var/openarmor/etc/openarmor.conf | ||
-Content of /var/openarmor/logs/openarmor.log | ||
-Operating system name/version (uname -a if Unix) | ||
-Any other relevant information. | ||
|
||
Github (Public Issue Reporting): | ||
https://github.com/openarmor/openarmor-hids/issues | ||
|
||
Email (Private Issue Reporting): | ||
If you prefer to contact us privately or if it is a security | ||
issue, send an e-mail to openarmor Project ( openarmor@theopenarmor.org ). |
Oops, something went wrong.