Building packages for Debian/Red Hat based systems

[techsolo]

Hi,

Kudos for the nice tool. I have packaged it for Ubuntu en Red Hat and added it to my base install since I was looking for a way to track activity on a shared account based on IP/SSH fingerprint.

For Red Hat SetUID was not Ok and I added the config file. Ubuntu worked as expected but without config file (which you don't need perse)

Red Hat how to:

log-user-session.spec

Name:           log-user-session
Version:        0.7 
Release:        1%{?dist}
Summary:        log-user-session is a program to store the content of a shell session (e.g via ssh) e.g. for auditing purposes. The tool is intended to be started by the ssh server daemon. The log is tamper-proof for non-root users.

License:        MIT 
URL:            https://github.com/open-ch/log-user-session 
Source0:        log-user-session-%{version}.tar.gz

BuildRequires:  autoconf gcc make automake 

%description

%prep
%setup -q

%build
./autogen.sh
%configure
make %{?_smp_mflags}

%install
#make install
rm -rf $RPM_BUILD_ROOT
%make_install
chmod u+s %{buildroot}/usr/bin/log-user-session
mkdir %{buildroot}/etc/
cp /etc/log-user-session.conf %{buildroot}/etc/log-user-session.conf
chmod 600 %{buildroot}/etc/log-user-session.conf

%files
/usr/bin/log-user-session
/usr/share/man/man8/log-user-session.8.gz
/etc/log-user-session.conf
%doc

%changelog

To build

cd SOURCES/
wget https://github.com/open-ch/log-user-session/archive/develop.zip
unzip develop.zip
mv develop/log-user-session-develop/ log-user-session-0.7
tar -czf log-user-session-0.7.tar.gz log-user-session-0.7
echo "LogFile = /var/log/user-session/%h-%u-%y%m%d-%H%M%S-%c-%p.log
LogRemoteCommandData = 1
LogNonInteractiveData = 1" > /etc/log-user-session.conf
rpmbuild -bb ../SPECS/log-user-session.spec

Debian how to:

wget https://github.com/open-ch/log-user-session/archive/develop.zip
unzip develop.zip
mv develop/log-user-session-develop/ log-user-session-0.7
cd log-user-session-0.7/
./autogen.sh
./configure
make
checkinstall 

[markstos]

@techsolo Thanks for the reminder about checkinstall. I've been working on creating a package in the snap format, but the project uses Setuid, which I confirmed won't work.

I've also inquired if setuid is really needed and am waiting for a response.

Have you considered publishing the .deb package in a PPA for even easier installation? :)

[techsolo]

It is really necessary. I don't see (based on the code) how else you are going to prevent a user from ending its own log-user-session process.

[techsolo]

@markstos packages are available for download from my blog.

for Ubuntu 18.04 http://techsolo.be/log-user-session_0.7-1_amd64.deb for Red Hat 7 http://techsolo.be/log-user-session-0.7-1.el7.x86_64.rpm

[markstos]

@techsolo Since this is a security-related package, are the packages signed?

[kbucheli]

Thanks for creating the packets. Do you need anything from our side to support this? Do you want to have the spec file in the repo?

[techsolo]

No it's not that fancy and not signed. It was just a hint to have it in a local repo like I do.