tjh.dev
1{
2 lib,
3 stdenv,
4 fetchFromGitHub,
5 which,
6 pcre2,
7 zlib,
8 ncurses,
9 openssl,
10}:
11let
12 version = "unstable-2023-08-09";
13in
14stdenv.mkDerivation {
15 pname = "ossec-agent";
16 inherit version;
17
18 src = fetchFromGitHub {
19 owner = "ossec";
20 repo = "ossec-hids";
21 rev = "c8a36b0af3d4ee5252855b90236407cbfb996eb2";
22 sha256 = "sha256-AZ8iubyhNHXGR/l+hA61ifNDUoan7AQ42l/uRTt5GmE=";
23 };
24
25 # clear is used during the build process
26 nativeBuildInputs = [ ncurses ];
27
28 buildInputs = [
29 which
30 pcre2
31 zlib
32 openssl
33 ];
34
35 # patch to remove root manipulation, install phase which tries to add users to the system, and init phase which tries to modify the system to launch files
36 patches = [ ./no-root.patch ];
37
38 # Workaround build failure on -fno-common toolchains like upstream
39 # gcc-10. Otherwise build fails as:
40 # ld: src/common/mgmt/pint-worker-external.po:(.data.rel.local+0x0): multiple definition of
41 # `PINT_worker_external_impl'; src/common/mgmt/pint-mgmt.po:(.bss+0x20): first defined here
42 env.NIX_CFLAGS_COMPILE = "-fcommon";
43
44 buildPhase = ''
45 mkdir $out
46 export USER_DIR="$out" # just to satisy the script
47 ./install.sh <<EOF
48 en
49
50 agent
51 127.0.0.1
52 yes
53 yes
54 yes
55 EOF
56
57 '';
58
59 installPhase = ''
60 runHook preInstall
61
62 mkdir -p $out/share
63 mv $out/active-response/bin/* $out/bin
64 mv $out/etc $out/share
65 mv $out/queue $out/share
66 mv $out/var $out/share
67 mv $out/agentless $out/share
68 mv $out/.ssh $out/share
69 rm -r $out/active-response
70 rm -r $out/tmp
71
72 runHook postInstall
73 '';
74
75 meta = with lib; {
76 description = "Open source host-based instrusion detection system";
77 homepage = "https://www.ossec.net";
78 license = licenses.gpl2Only;
79 maintainers = with maintainers; [ happysalada ];
80 platforms = platforms.all;
81 };
82}