blob: d49f01d1be96c1060bcc82951851e6a854835680 (
plain) (
tree)
|
|
#!/bin/sh
#
# PROVIDE: ossec_hids
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown
# ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%.
# Default: NO
# ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup.
# Default: NO
# ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup.
# Default: NO
# ossec_hids_fetch_connect_time (int): Time in seconds to wait for the download of the shared configuration to start.
# Used only by agent installation.
# Default: 20
# ossec_hids_fetch_read_time (int): Time in seconds to wait for subsequent download chunks of the shared configuration.
# Used only by agent installation.
# Default: 5
. /etc/rc.subr
name="ossec_hids"
rcvar=ossec_hids_enable
load_rc_config $name
: ${ossec_hids_enable="NO"}
: ${ossec_hids_clear_log="NO"}
: ${ossec_hids_clear_ar_log="NO"}
: ${ossec_hids_fetch_connect_time=20}
: ${ossec_hids_fetch_read_time=5}
ossec_type="%%OSSEC_TYPE%%"
ossec_home="%%OSSEC_HOME%%"
ossec_conf="${ossec_home}/etc/ossec.conf"
ossec_conf_dir="${ossec_home}/etc/ossec.conf.d"
ossec_conf_bin="${ossec_home}/bin/config/ossec-conf"
agent_conf="${ossec_home}/etc/shared/agent.conf"
agent_conf_dir="${ossec_home}/etc/agent.conf.d"
agent_conf_bin="${ossec_home}/bin/config/agent-conf"
ossec_client_keys="${ossec_home}/etc/client.keys"
ossec_ar_tmp="${ossec_home}/active-response"
ossec_log="${ossec_home}/logs/ossec.log"
ossec_ar_log="${ossec_home}/logs/active-responses.log"
ossec_merged="${ossec_home}/etc/shared/merged.mg"
ossec_local_time="/etc/localtime"
extra_commands="reload ossec_conf"
case ${ossec_type} in
server)
extra_commands="${extra_commands} agent_conf reset_counter"
;;
agent)
extra_commands="${extra_commands} fetch_config reset_counter"
;;
esac
if [ -x "${ossec_conf_bin}" ]; then
extra_commands="${extra_commands} merge_config"
fi
start_cmd="ossec_hids_command start"
stop_cmd="ossec_hids_command stop"
restart_cmd="ossec_hids_command restart"
status_cmd="ossec_hids_command status"
reload_cmd="ossec_hids_command reload"
reset_counter_cmd="ossec_hids_command start"
fetch_config_cmd="ossec_hids_command restart"
merge_config_cmd="ossec_hids_create_config force"
ossec_conf_cmd="ossec_hids_ossec_conf"
agent_conf_cmd="ossec_hids_agent_conf"
start_precmd="ossec_hids_prepare"
restart_precmd="ossec_hids_prepare"
reload_precmd="ossec_hids_prepare"
reset_counter_precmd="ossec_hids_prepare"
fetch_config_precmd="ossec_hids_prepare"
ossec_hids_create_file() {
local path=$1
local owner=$2
local mode=$3
if [ ! -e "${path}" ]; then
touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}"
fi
}
ossec_hids_check() {
case ${ossec_type} in
server)
if [ ! -s "${ossec_client_keys}" ]; then
echo "WARNING: There are no client keys created - remote connections will be disabled."
echo
fi
;;
agent)
if [ ! -s "${ossec_client_keys}" ]; then
echo "WARNING: There are is no client key imported - connection to server not possible."
echo
fi
;;
esac
return 0
}
ossec_hids_config_is_outdated() {
dst_file="$1"
src_dir="$2"
if [ ! -e "${dst_file}" ]; then
return 0
fi
for src_file in $(find "${src_dir}" -maxdepth 1 -type f -name "*.conf"); do
if [ "${src_file}" -nt "${dst_file}" ]; then
return 0
fi
done
return 1
}
ossec_hids_create_config() {
case ${ossec_type} in
server)
if [ -x "${agent_conf_bin}" ]; then
# Merge agent.conf.d files into agent.conf
if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${agent_conf}" "${agent_conf_dir}"; then
ossec_hids_create_file "${agent_conf}" %%USER%%:%%OSSEC_GROUP%% 0640
"${agent_conf_bin}" > "${agent_conf}"
fi
fi
;;
esac
if [ -x "${ossec_conf_bin}" ]; then
# Merge ossec.conf.d files into ossec.conf
if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${ossec_conf}" "${ossec_conf_dir}"; then
ossec_hids_create_file "${ossec_conf}" %%USER%%:%%OSSEC_GROUP%% 0640
"${ossec_conf_bin}" > "${ossec_conf}"
fi
fi
return 0
}
ossec_hids_create_env() {
# Copy required files from outside of home directory
if [ ! -e "${ossec_local_time}" ]; then
echo "ERROR: Missing \"${ossec_local_time}\". Run command \"tzsetup\"."
echo
return 1
fi
install -o %%USER%% -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}"
return 0
}
ossec_hids_clean() {
if [ "${ossec_type}" == "server" ]; then
rm -f "${ossec_merged}"
fi
if checkyesno ossec_hids_clear_log && [ -e "${ossec_log}" ]; then
echo -n > "${ossec_log}"
fi
if checkyesno ossec_hids_clear_ar_log && [ -e "${ossec_ar_log}" ]; then
echo -n > "${ossec_ar_log}"
fi
return 0
}
ossec_hids_reset_counter() {
case ${ossec_type} in
local)
echo "ERROR: Counters are only available for agent and server installations."
echo
return 1
;;
*)
ossec_hids_command status > /dev/null && ossec_hids_command stop && sleep 2 && echo
agent_ids=`${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*ID:[[:space:]]*([[:digit:]]+).*|\1|p'`
agent_counter=0
for agent_id in ${agent_ids}; do
rm -f "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1))
done
echo "Removed ${agent_counter} counter(s)."
echo
;;
esac
return 0
}
ossec_hids_fetch_config() {
case ${ossec_type} in
agent)
ossec_hids_command status > /dev/null && ossec_hids_command stop && sleep 2 && echo
rm -f "${ossec_merged}"
ossec_hids_command start || return 1
echo
echo "Waiting ${ossec_hids_fetch_connect_time} seconds for the shared configuration download to start."
sleep ${ossec_hids_fetch_connect_time}
if [ ! -s "${ossec_merged}" ]; then
echo "ERROR: Failed to download shared configuration from the OSSEC server."
echo
ossec_log_tail=$(tail "${ossec_log}")
echo "Portion of the \"${ossec_log}\":"
echo "${ossec_log_tail}"
echo
if echo "${ossec_log_tail}" | grep -q "ERROR: Unable to send message to"; then
echo "Check if your configuration contains the correct server address in \"server-ip\" option."
echo
fi
if echo "${ossec_log_tail}" | grep -q "ERROR: Incorrectly formatted message from"; then
echo "If you are certain the imported agent key is correct then execute command:"
echo "$(realpath $0) reset_counter"
echo "and fetch config again:"
echo "$(realpath $0) fetch_config"
echo
fi
return 1
else
# The download has started
while true; do
current_time=$(date +%s)
modification_time=$(stat -f %m "${ossec_merged}")
if [ $((current_time - modification_time)) -gt ${ossec_hids_fetch_read_time} ]; then
echo "Download finished."
echo
break;
else
echo "Download in progress..."
sleep 10
fi
done
fi
;;
*)
echo "ERROR: Shared configuration is only available for agent installations."
echo
return 1
;;
esac
return 0
}
ossec_hids_prepare() {
case ${rc_arg} in
start|restart)
ossec_hids_create_env && \
ossec_hids_create_config && \
ossec_hids_clean && \
ossec_hids_check || return 1
;;
reset_counter)
ossec_hids_create_env && \
ossec_hids_create_config && \
ossec_hids_clean && \
ossec_hids_reset_counter && \
ossec_hids_check || return 1
;;
fetch_config)
ossec_hids_create_env && \
ossec_hids_create_config && \
ossec_hids_clean && \
ossec_hids_fetch_config && \
ossec_hids_check || return 1
;;
reload)
ossec_hids_create_env && \
ossec_hids_create_config || return 1
;;
esac
return 0
}
ossec_hids_ossec_conf() {
if [ -x "${ossec_conf_bin}" ]; then
"${ossec_conf_bin}"
elif [ -f "${ossec_conf}" ]; then
cat "${ossec_conf}"
fi
}
ossec_hids_agent_conf() {
if [ -x "${agent_conf_bin}" ]; then
"${agent_conf_bin}"
elif [ -f "${agent_conf}" ]; then
cat "${agent_conf}"
fi
}
ossec_hids_command() {
"${ossec_home}/bin/ossec-control" "$1"
}
run_rc_command "$1"
|
