Bug 598937

Summary: Review Request:ossec-hids - An Open Source Host-based Intrusion Detection System
Product: [Fedora] Fedora Reporter: Udo Seidel <udoseidel>
Component: Package ReviewAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: drjohnson1, fedora-package-review, hdegoede, notting, pahan, rbinkhor, stjepan.gros
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-29 22:31:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 201449    

Description Udo Seidel 2010-06-02 11:22:48 UTC
Spec URL: http://home.arcor.de/ar0761471173/ossec-hids.spec
SRPM URL: http://home.arcor.de/ar0761471173/ossec-hids-2.4.1-4.fc12.src.rpm
Description: OSSEC HIDS is an Open Source Host-based Intrusion Detection
System. It performs log analysis, integrity checking, rootkit
detection, time-based alerting and active response.

This is my first package and I need a sponsor. I was told that Hans de Goede <hdegoede> will have have look at the package.

Comment 1 Stjepan Gros 2010-09-21 12:20:58 UTC
I'm not approved packager, so this is only informative.

You should run rpmlint on src.rpm and also on binary packages. There are lots of warnings you should remove or jusitfy why they shouldn't be corrected.

Comment 2 Jason Tibbitts 2010-11-22 18:49:51 UTC
I agree, there is a very large amount of rpmlint noise, not to mention that the pacakges don't install properly:
  Error: ossec-hids-server conflicts with ossec-hids-client

Also, it's been two months since the last comment without any response.  If you expected Hans to reply, you should probably make sure he sees the ticket.  I'll go ahead and mark this as stalled, and will close it soon if there's no further response.

Comment 3 Udo Seidel 2010-11-23 09:40:46 UTC
Hiya,
thanks for the response and I apologize for not getting back earlier. Comments from my side
1. Since Fedora moved since I have submitted this back in June, I will re-create the packages on F14
2. I did run rpmlint on the source rpm, which was my understanding of the process, and it did not throw warnings/errors there. I will re-run that and also run rpmlint against the binary rpm as suggested above.
3. Also, I will investigate on the installation conflict.

Comment 4 Udo Seidel 2010-11-23 14:06:42 UTC
Ok ... build system updated to F14 .. and can confirm the rpmlint errors on the src rpm . :-(

[useidel@fbuild ~]$ rpmlint /home/useidel/RPM/SRPMS/ossec-hids-2.4.1-4.fc14.src.rpm
ossec-hids.src: W: spelling-error %description -l en_US rootkit -> root kit, root-kit, rootlike
ossec-hids.src:92: W: macro-in-comment %setup
ossec-hids.src:92: W: macro-in-comment %{name}
ossec-hids.src:92: W: macro-in-comment %{cvs}
ossec-hids.src:95: W: macro-in-comment %patch1
ossec-hids.src:101: W: macro-in-comment %patch7
ossec-hids.src:102: W: macro-in-comment %patch8
ossec-hids.src:174: W: macro-in-comment %ghost
ossec-hids.src:354: W: macro-in-comment %config
ossec-hids.src:354: W: macro-in-comment %{_localstatedir}
ossec-hids.src:354: W: macro-in-comment %{prg}
ossec-hids.src:392: W: macro-in-comment %config
ossec-hids.src:392: W: macro-in-comment %{_localstatedir}
ossec-hids.src:392: W: macro-in-comment %{prg}
1 packages and 0 specfiles checked; 0 errors, 14 warnings.
[useidel@fbuild ~]$ 

... ok ... will work on this ...

Comment 5 Udo Seidel 2011-01-09 11:49:12 UTC
(In reply to comment #4)
> Ok ... build system updated to F14 .. and can confirm the rpmlint errors on the
> src rpm . :-(

Fixed the warnings on the src rpm ...

[useidel@fbuild ~]$ rpmlint RPM/SRPMS/ossec-hids-2.4.1-4.fc14.src.rpm 
1 packages and 0 specfiles checked; 0 errors, 0 warnings.
[useidel@fbuild ~]$ 

New files uploaded

http://home.arcor.de/ar0761471173/ossec-hids.spec
http://home.arcor.de/ar0761471173/ossec-hids-2.4.1-4.fc14.src.rpm

Deleted

http://home.arcor.de/ar0761471173/ossec-hids-2.4.1-4.fc12.src.rpm

Comment 6 Udo Seidel 2011-01-09 11:52:57 UTC
Now working on the errors and warnings thrown by rpmlint on the binary packages ...

Comment 7 Udo Seidel 2011-01-09 15:50:54 UTC
client and server package error-free ... updated version of SPEC file and SRC RPM uploaded

Comment 8 Udo Seidel 2011-01-09 15:51:57 UTC
(In reply to comment #7)
> client and server package error-free ... updated version of SPEC file and SRC
> RPM uploaded

[useidel@fbuild SPECS]$ rpmlint /home/useidel/RPM/RPMS/i386/ossec-hids-client-2.4.1-4.fc14.i386.rpm
ossec-hids-client.i386: W: non-standard-uid /var/ossec/queue/rids ossec
ossec-hids-client.i386: W: non-standard-gid /var/ossec/queue/rids ossec
ossec-hids-client.i386: W: non-standard-dir-in-var ossec
ossec-hids-client.i386: W: dangerous-command-in-%post chmod
ossec-hids-client.i386: W: dangerous-command-in-%preun rm
ossec-hids-client.i386: W: service-default-enabled /etc/rc.d/init.d/ossec-hids
ossec-hids-client.i386: W: incoherent-init-script-name ossec-hids ('ossec-hids-client', 'ossec-hids-clientd')
1 packages and 0 specfiles checked; 0 errors, 7 warnings.
[useidel@fbuild SPECS]$ 
[useidel@fbuild SPECS]$ rpmlint /home/useidel/RPM/RPMS/i386/ossec-hids-server-2.4.1-4.fc14.i386.rpm 
ossec-hids-server.i386: W: conffile-without-noreplace-flag /var/ossec/etc/decoder.xml
ossec-hids-server.i386: W: non-standard-gid /var/ossec/rules ossec
ossec-hids-server.i386: W: non-standard-uid /var/ossec/logs/alerts ossec
ossec-hids-server.i386: W: non-standard-gid /var/ossec/logs/alerts ossec
ossec-hids-server.i386: W: non-standard-uid /var/ossec/logs/archives ossec
ossec-hids-server.i386: W: non-standard-gid /var/ossec/logs/archives ossec
ossec-hids-server.i386: W: non-standard-uid /var/ossec/stats ossec
ossec-hids-server.i386: W: non-standard-gid /var/ossec/stats ossec
ossec-hids-server.i386: W: non-standard-gid /var/ossec/tmp ossec
ossec-hids-server.i386: W: non-standard-uid /var/ossec/logs/firewall ossec
ossec-hids-server.i386: W: non-standard-gid /var/ossec/logs/firewall ossec
ossec-hids-server.i386: W: non-standard-uid /var/ossec/queue/rootcheck ossec
ossec-hids-server.i386: W: non-standard-gid /var/ossec/queue/rootcheck ossec
ossec-hids-server.i386: W: non-standard-uid /var/ossec/queue/fts ossec
ossec-hids-server.i386: W: non-standard-gid /var/ossec/queue/fts ossec
ossec-hids-server.i386: W: non-standard-uid /var/ossec/queue/rids ossecr
ossec-hids-server.i386: W: non-standard-gid /var/ossec/queue/rids ossec
ossec-hids-server.i386: W: non-standard-uid /var/ossec/queue/agent-info ossecr
ossec-hids-server.i386: W: non-standard-gid /var/ossec/queue/agent-info ossec
ossec-hids-server.i386: W: non-standard-dir-in-var ossec
ossec-hids-server.i386: W: dangerous-command-in-%post chmod
ossec-hids-server.i386: W: dangerous-command-in-%preun rm
ossec-hids-server.i386: W: service-default-enabled /etc/rc.d/init.d/ossec-hids
ossec-hids-server.i386: W: incoherent-init-script-name ossec-hids ('ossec-hids-server', 'ossec-hids-serverd')
1 packages and 0 specfiles checked; 0 errors, 24 warnings.
[useidel@fbuild SPECS]$

Comment 9 Hans de Goede 2011-04-27 15:48:43 UTC
I'm afraid I completely dropped the ball on this, Udo, are you still interested in this ? And do you have time the coming weeks to do some serious work on getting this in shape ?