Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 143233

Summary: OSSEC HIDS ebuild request
Product: Gentoo Linux Reporter: Caleb Cushing <xenoterracide>
Component: New packagesAssignee: Default Assignee for New Packages <maintainer-wanted>
Status: RESOLVED WONTFIX    
Severity: enhancement CC: aslvrstn, GenKreton, gentuxx, ml8128, roy, skyleach, troworld, wschlich
Priority: High    
Version: unspecified   
Hardware: All   
OS: Other   
URL: http://www.ossec.net/
Whiteboard:
Package list:
Runtime testing required: ---

Description Caleb Cushing 2006-08-08 11:37:46 UTC 
OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, rootkit detection, time-based alerting and active response.

It should work on any POSIX compliant system( Linux, BSDs, etc) with an ANSI C compiler. We have tested it on the following systems:

    * OpenBSD 3.5, 3.6, 3.7, 3.8 and 3.9
    * Slackware 10.1 and 10.2
    * FreeBSD 5.2.1, 4.10-BETA, 5.4-RELEASE, 6.0-STABLE
    * RedHat 8.0 and 9.0
    * Ubuntu 5.04, 5.10 and 6.06
    * Debian 3.1 Sarge
    * Solaris 2.8, 2.9 (Sparc) and 10 (x86)
    * AIX 5.2 ML-07
    * MacOSX 10
    * Fedora Core 2,3,4 and 5
    * Suse ES 9
    * Windows XP/2000 (agent only)

what? all these and no gentoo package?
Comment 1 gentuxx 2006-08-25 16:15:42 UTC 
I am currently running ossec-hids on several gentoo (x86) and gentoo-sparc systems, quite successfully I might add.  Have been considering making an ebuild, so was checking bugzilla (according to the "Ebuild HOWTO" doc) and found this.  This bug is only 17 days old, but if no one is going to take it, I would be happy to do it.
Comment 2 Caleb Cushing 2006-09-01 14:18:45 UTC 
I'm no one officially gentoo but since no one has replied I'd say go ahead and make an ebuild and attach it to this bug.
Comment 3 gentuxx 2006-09-01 17:40:09 UTC 
(In reply to comment #2)
> I'm no one officially gentoo but since no one has replied I'd say go ahead and
> make an ebuild and attach it to this bug.
> 

I've already started working on it.  But since this is my first ebuild, it's taking a lot of research.  There are some challenges, the biggest of which is getting the time.
Comment 4 Caleb Cushing 2006-09-01 17:47:33 UTC 
I understand I've modified a few... but I don't want to write them yet.
Comment 5 Stuart Herbert (RETIRED) gentoo-dev 2006-10-13 16:28:11 UTC 
Hi,

I've added an ebuild for this package to my overlay.  You can install my overlay by installing layman, and then running 'layman -a stuart-server'.

The only reason this isn't in the Portage tree yet is that I don't yet know whether or not I want to maintain this package.  If another Gentoo dev wants to maintain this package, please feel free!

Best regards,
Stu
Comment 6 Matthew Gregory Sr. 2007-08-29 16:43:30 UTC 
I'm going to evaluate this product and I may get the existing ebuild and update it.

I'm working on several other things right now so it might take me a week to get back to this.
Comment 7 Jakub Moc (RETIRED) gentoo-dev 2007-09-14 11:24:58 UTC 
No progress for over 1 year, closing WONTFIX. Feel free to reopen with an ebuild.