Commits on Oct 2, 2018

1. Bump ossec version strings to 3.0.0 …

   Ossec 3.0.0 contains several bug and security fixes, as such we should
   upgrade securedrop ossec agents and servers to this release.

   

   emkll committed Oct 2, 2018
   Copy the full SHA

   2c79f0b View commit details

   Browse the repository at this point in the history

2. Use GPG to verify ossec tarballs …

   As of 2.9.3, ossec source tarballs are now signed with a GPG key,
   instead of providing checksums. The following should now verify source
   code tarballs when packages are built/

   

   emkll committed Oct 2, 2018
   Copy the full SHA

   7ef2613 View commit details

   Browse the repository at this point in the history

3. Update ossec registration logic for 3.0 …

   - Generate and use shared secret which is required for agent registration
   - agent-auth now returns 0 when registration failure occurs

   

   emkll committed Oct 2, 2018
   Copy the full SHA

   36a989a View commit details

   Browse the repository at this point in the history

4. Replace mon server alias and smtp_server with ip …

   Due to issues with ossec 2.8.2+ and disabling of the ipv6 stack, name
   lookups can't `getaddrinfo: Name or service not known`. Using ip
   addresses in lieu of aliases sidesteps the issue.
   
   - Since ossec.conf is not templated, securedrop-ossec agent and server will replace
   these values as part of the postinst.

   

   emkll committed Oct 2, 2018
   Copy the full SHA

   04468a5 View commit details

   Browse the repository at this point in the history

5. Remove client.keys …

   An empty client.keys was overwriting /var/ossec/etc/client.keys with an empty one, breaking the registration between client and server. Removing the empty client.keys prior to building will ensure the keys are preserved during an upgrade.

   

   emkll committed Oct 2, 2018
   Copy the full SHA

   bddc30d View commit details

   Browse the repository at this point in the history