If we want Ossec to be distributed by Debian..
Jose Antonio Quevedo Muñoz
Hash: SHA256
Hi all,
I'm the owner of the Ossec's ITP bug in Debian [1].
If we want Debian distribute Ossec code we need a change in Ossec's license.
You can check out [2].
There are two ways:
1.- add an OpenSSL exception or to migrate the code to GnuTLS, or
2.- migrate Ossec's code from OpenSSL to GnuTLS.
The first way is the easiest, fastest and, at this moment, the
recommended way too.
Is it possible to complete the first way?
An example of OpenSSL exception can be founded here [3].
[1] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361954>
[2]
<http://www.mail-archive.com/debian...@lists.debian.org/msg40375.html>
[3]
<http://packages.debian.org/changelogs/pool/main/b/bacula/bacula_3.0.2-3/bacula.copyright>
Thanks for Ossec.
I'm waiting for your answer to continue packaging it.
Cheers,
Jose Antonio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJK+AOMAAoJEBwLEnROdHjasisQALA/V0UQM/W8+xrYau4cW3LT
TMWpc0RXUAeF7Wj/rYkBFuc6U7ZrxYHL41+2dPszUO2M9uHZ97fxWy91dW2nVJra
r1VqwIBvu0IX/hqWnMJvWBm7Njv3lqk52sNHt2HibgD17qLhiAXtEM0voU6FvF4l
G2V77J1j1iIKZW0auax/CG+TcsogC7H8nSUBdaSGwXHXlkqB8VSVCEbXvRHiKQWZ
i4YXKZHSfjSXtb/QS7Mt4pPuYL0ElXmzU7nYuvAP7M2EwoZ097VOtzEYzv6ebOed
+NUzDW3eoPr87ctSKvt+5rB9RWz9dshKPlY5rTdLQpmU8GHmwfeLSV90UWJjBO/p
UXteT8aTZk251UKzLKrX45NMfthNAkTdp9qlKDiE3XhGgoNFVyo4qJzM8LBsUYGK
YGZu9aPapN+2N3BHT26dUmjH/5xkM8JHhVuXekuldaP3VXyRx86JuMKCNvR5BUq0
Wgbap9iHWtHTkX/dITfrpdL9tozt3Q3/O5GDusItWWjBUo+HX/kXcm0izpG/ydEE
guyvoDQgniMS+6vh2SJWic6ePE6fqZ+eo/e5fmquUkadMa7gD+KjB5szEJijmn4J
5gd9nqogWmoAZ5bQhvyBlMYnm1uaozml5hpL7frunTcxtOgUxQYoivTXTnK6Fc+A
4RSv/RQHsNslu/yBChlq
=TQzt
-----END PGP SIGNATURE-----
Jose Antonio Quevedo Muñoz
Hash: SHA256
i'm sorry because of my last email.
This is a review, i hope that this time you'll be able to understand it.
I do this for me too, i was ungry with myself for having wrote so bad
this email.
Sorry again, and let's go:
I'm the owner of the Ossec's ITP bug in Debian [1].
need to be changed.
You can check out this thread [2].
There are two ways:
1.- add an OpenSSL exception, or
The first way is the easiest, fastest and, at this moment, the
recommended way too.
[1] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361954>
[2]
<http://www.mail-archive.com/debian...@lists.debian.org/msg40375.html>
[3]
<http://packages.debian.org/changelogs/pool/main/b/bacula/bacula_3.0.2-3/bacula.copyright>
Thanks for Ossec.
I'm waiting for your answer to continue packaging it.
Cheers,
Jose Antonio Quevedo Muñoz wrote:
> Hi all,
>
> I'm the owner of the Ossec's ITP bug in Debian [1].
>
> If we want Debian distribute Ossec code we need a change in Ossec's license.
>
> You can check out [2].
>
> There are two ways:
> 1.- add an OpenSSL exception or to migrate the code to GnuTLS, or
> 2.- migrate Ossec's code from OpenSSL to GnuTLS.
>
> The first way is the easiest, fastest and, at this moment, the
> recommended way too.
>
> Is it possible to complete the first way?
>
> An example of OpenSSL exception can be founded here [3].
>
>
> [1] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361954>
> [2]
> <http://www.mail-archive.com/debian...@lists.debian.org/msg40375.html>
> [3]
> <http://packages.debian.org/changelogs/pool/main/b/bacula/bacula_3.0.2-3/bacula.copyright>
>
>
> Thanks for Ossec.
> I'm waiting for your answer to continue packaging it.
>
>
> Cheers,
>
> Jose Antonio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
tVjeuykKQkS0Y4Xyy+k/Ckw976Kot1CTQPUUJ28u7Ca9GWGGGRDphV+1oSj2Ik47
Pai2LsfdjCL31Z8tU8QQ75xuWeh1QpXnA3VHSUaR+haKfL5+eUww5B3zF3IUl+P/
TJMoulj3jQV37ZSUF1H3+0ePN95Nyv/z1koCbLkOwXiPv5hJ4KcIUJdjUZaF8wbH
oIJDrEl2DhwKD3e9vJgcfVWyNW6j3yd7CUKyTL6wwx9unIl82hEN6IapTl+Uz8t1
H9MTQ76NxcJ4TUuXNFNlBm/I7VgycsskKKIFoLbaA2WviZlw7JwMP5g8XvJhtqJp
MrvlYL5817zfJsQWS0S2bnoxsPbvSeLiTxie0ajh538bMroFPhkhpXs5s6vsfzlb
bFhEwITcoTJYyMnO1E3WcL2Eywi5EzuTnzhwWdvbGwbmrJF+bYTq2ZzkyqhHfYWt
vDKfBuqX5B6ViKT1nq51Dce6w5nk1zyNPCmEgMLbQPamcyRTg6qtgaBSKNOEJv/Z
bZGreEe6QnRdDdJV3w2r3vBBdp51wGWwv4flY44lcWIkmpAxigHaMepkpBlrrD1K
NbwqOWqq4kTNZyqCLMKHW0auSm6veyTr033PL+oGUfzeGZTWkcI3G29tAYK0RR2F
vrBBroCt2KaycedinRxg
=tUjU
-----END PGP SIGNATURE-----
Daniel Cid
Thanks for the message and sorry for the delay getting back. All
google group moderation
messages to ossec-dev were coming to my spam folder, so they weren't
getting posted.
I think it will be easier to just add the exception for OpenSSL as you
described. I am sending
this to Trend Micro, but I don't think it will be a problem.
Thanks,
--
Daniel B. Cid
dcid ( at ) ossec.net
2009/11/9 Jose Antonio Quevedo Muñoz <joseanton...@gmail.com>:
Jose Antonio Quevedo Muñoz
Hash: SHA256
it's very nice to read this words from you.
I'll continue working on the package now.
I haven't read Ossec's code yet, but I've read the work done before me
by Matej Vela and I suspect that Ossec is not fitting in FHS, Filesystem
Hierarchy Standard.
If you think it would be a good thing to make Ossec's code to fit in
FHS, and you are not in a hurry about this, i can tell you which changes
are needed to be done in the code while i read it and study what is it
doing in each directory, this will be faster than if i have to make the
code and propose the alternative (maybe it's only about changing some
variables but for sure you know your code better than me now).
do you enjoy this way? in this case we can begin the adaptation now.
Cheers,
Jose Antonio Quevedo
Daniel Cid wrote:
> Hi Jose,
>
> Thanks for the message and sorry for the delay getting back. All
> google group moderation
> messages to ossec-dev were coming to my spam folder, so they weren't
> getting posted.
>
> I think it will be easier to just add the exception for OpenSSL as you
> described. I am sending
> this to Trend Micro, but I don't think it will be a problem.
>
> Thanks,
>
> --
> Daniel B. Cid
> dcid ( at ) ossec.net
>
wOCoDM2oHxC+uqtcZdE8PY7DdJ9E3KPvE/P63GPf6mItLkAviiXJCV4URhCRw92w
ScoLNIlO76afCLUMnZBVWrhxIndKWOPZiQ1MwmAnZ+cHVgnOroKHprdAueuKVGbk
DvoiDIyj2iOWEUECHRJJs6p52NYLqRfEHkvKfXXKIz7YXfO30HA1b/8gNDoPbbWI
1UJbC5435zCoA8B+V5yJPQKWoFFDuZLfw0bGBNi71AfV5dCGoaknmFxptb4wCpuj
ucBEXGSLxH5Vi8IWyZ1T4zTXlwJwgfc+4i0cMDILCRGy0vDHK1d4Z+23yHYTtUKm
l4O8SXF+7z5Em38munrO3N4VlSUh616kivFjpXw2uXaqtxgyC/tFVZn6kOXj1bfP
HQh2yDPh9myDTZeVuhk9wwN6fvtC47rQ8FP1qbRdWPR9Yo0yzGISZQdbDNjNs30D
rzI76JXhEJ6GgE61x+8LxdeX0jDRXjVXEUonnXDlkJibdngrotvcezJsM1lNt90d
O84KPG1QAEwySWlHWP5Qo7PLM6GaK8eJGMg0AjOIsHQ+K5rijZROtJ4WyFg64BuK
pIZXYuim9ewKXR9QO0ydPyadtxeaLDTVHgmwKFwS6Xb42lJfHo+e8YAfH/vXXc0m
7IFBEv30BE0R8UwRqBh/
=XvaI
-----END PGP SIGNATURE-----
Daniel Cid
That's a bit tricky to do.. OSSEC runs on chroot and we tried very
hard to keep everything
contained in one directory. The reason is that since OSSEC monitors
the system files, logs, etc
mixing it up could generate some issues.
What others have done is to install ossec inside /opt or inside
/usr/local. Would that be a valid
alternative? We can try maybe linking from the ossec directory to
/etc/ossec, /var/log/ossec, etc...
2009/11/15 Jose Antonio Quevedo Muñoz <joseanton...@gmail.com>: