diff options
| author | Dominik Lisiak <dominik.lisiak@bemsoft.pl> | 2018-10-14 22:15:18 +0200 |
|---|---|---|
| committer | Dominik Lisiak <dominik.lisiak@bemsoft.pl> | 2018-10-14 22:15:18 +0200 |
| commit | 40fe374ce79a2a0df1ae63093ba689225cae6705 (patch) | |
| tree | 9e216aef7e7eff11b0d5af5ed2b7663d19ed53fc | |
| parent | Initial commit for version 3.0.0 (diff) | |
| download | ossec-40fe374ce79a2a0df1ae63093ba689225cae6705.tar.xz | |
Upgrade to 3.1.0.
21 files changed, 669 insertions, 651 deletions
diff --git a/security/ossec-hids-local-config/Makefile b/security/ossec-hids-local-config/Makefile index 15f3ffc..9ca25d4 100644 --- a/security/ossec-hids-local-config/Makefile +++ b/security/ossec-hids-local-config/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= ossec-hids -PORTVERSION= 3.0.0 +PORTVERSION= 3.1.0 PORTREVISION= CATEGORIES= security PKGNAMESUFFIX= -${OSSEC_TYPE}-config diff --git a/security/ossec-hids-local-config/distinfo b/security/ossec-hids-local-config/distinfo index 22bce30..38a6c3c 100644 --- a/security/ossec-hids-local-config/distinfo +++ b/security/ossec-hids-local-config/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1535297705 -SHA256 (ossec-ossec-hids-3.0.0_GH0.tar.gz) = a271d665ed502b3df4ff055a177159dfc0bc8a69dd44eab1f7c57fe8fff42a98 -SIZE (ossec-ossec-hids-3.0.0_GH0.tar.gz) = 1817324 +TIMESTAMP = 1539459620 +SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50 +SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469 diff --git a/security/ossec-hids-local-config/files/template-rules-default.xml.in b/security/ossec-hids-local-config/files/template-rules-default.xml.in index e7c18be..5f34a6a 100644 --- a/security/ossec-hids-local-config/files/template-rules-default.xml.in +++ b/security/ossec-hids-local-config/files/template-rules-default.xml.in @@ -47,6 +47,8 @@ <include>msauth_rules.xml</include> <include>mcafee_av_rules.xml</include> <include>ms-se_rules.xml</include> + <include>sysmon_rules.xml</include> + <include>ms_ipsec_rules.xml</include> <include>vmware_rules.xml</include> <include>ids_rules.xml</include> <include>apache_rules.xml</include> @@ -70,8 +72,11 @@ <include>owncloud_rules.xml</include> <include>proxmox-ve_rules.xml</include> <include>opensmtpd_rules.xml</include> + <include>dnsmasq_rules.xml</include> + <include>linux_usbdetect_rules.xml</include> + <include>ms1016_usbdetect_rules.xml</include> + <include>ms_firewall_rules.xml</include> <include>psad_rules.xml</include> - <include>sysmon_rules.xml</include> <include>unbound_rules.xml</include> <include>local_rules.xml</include> diff --git a/security/ossec-hids-local-config/files/template-sample-server.xml.in b/security/ossec-hids-local-config/files/template-sample-server.xml.in index d4efd19..901e26a 100644 --- a/security/ossec-hids-local-config/files/template-sample-server.xml.in +++ b/security/ossec-hids-local-config/files/template-sample-server.xml.in @@ -3,8 +3,8 @@ <remote> <connection>secure</connection> - <!-- Because of a bug, setting the address is mandatory for IPv4. --> - <local_ip>1.2.3.4</local_ip> + <!-- OSSEC server listens on all interfacees by default. --> + <!-- <local_ip>1.2.3.4</local_ip> --> </remote> <global> diff --git a/security/ossec-hids-local-config/pkg-plist-agent b/security/ossec-hids-local-config/pkg-plist-agent index b999785..bb8bf58 100644 --- a/security/ossec-hids-local-config/pkg-plist-agent +++ b/security/ossec-hids-local-config/pkg-plist-agent @@ -1,23 +1,23 @@ -@dir(,ossec,550) %%OSSEC_HOME%% -@dir(,ossec,550) %%OSSEC_HOME%%/active-response -@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh -@dir(,,550) %%OSSEC_HOME%%/bin -@dir(,,550) %%OSSEC_HOME%%/bin/command -@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh -@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh -@dir(,,550) %%OSSEC_HOME%%/bin/config -@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf -@dir(,ossec,550) %%OSSEC_HOME%%/etc -@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@dir(,,0550) %%OSSEC_HOME%%/bin/command +@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh +@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh +@dir(,,0550) %%OSSEC_HOME%%/bin/config +@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf diff --git a/security/ossec-hids-local-config/pkg-plist-local b/security/ossec-hids-local-config/pkg-plist-local index cf90641..24b4175 100644 --- a/security/ossec-hids-local-config/pkg-plist-local +++ b/security/ossec-hids-local-config/pkg-plist-local @@ -1,30 +1,30 @@ -@dir(,ossec,550) %%OSSEC_HOME%% -@dir(,ossec,550) %%OSSEC_HOME%%/active-response -@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh -@dir(,,550) %%OSSEC_HOME%%/bin -@dir(,,550) %%OSSEC_HOME%%/bin/command -@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh -@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh -@dir(,,550) %%OSSEC_HOME%%/bin/config -@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf -@dir(,ossec,550) %%OSSEC_HOME%%/etc -@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf -@dir(,ossec,550) %%OSSEC_HOME%%/rules -@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@dir(,,0550) %%OSSEC_HOME%%/bin/command +@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh +@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh +@dir(,,0550) %%OSSEC_HOME%%/bin/config +@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf +@dir(,ossec,0550) %%OSSEC_HOME%%/rules +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml diff --git a/security/ossec-hids-local-config/pkg-plist-server b/security/ossec-hids-local-config/pkg-plist-server index a398f4f..bc26aef 100644 --- a/security/ossec-hids-local-config/pkg-plist-server +++ b/security/ossec-hids-local-config/pkg-plist-server @@ -1,39 +1,39 @@ -@dir(,ossec,550) %%OSSEC_HOME%% -@dir(,ossec,550) %%OSSEC_HOME%%/active-response -@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh -@dir(,,550) %%OSSEC_HOME%%/bin -@dir(,,550) %%OSSEC_HOME%%/bin/command -@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh -@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh -@dir(,,550) %%OSSEC_HOME%%/bin/config -@(,,550) %%OSSEC_HOME%%/bin/config/agent-conf -@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf -@dir(,ossec,550) %%OSSEC_HOME%%/etc -@dir(,ossec,550) %%OSSEC_HOME%%/etc/agent.conf.d -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/120.rootcheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/130.syscheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/150.logs.conf -@dir(,ossec,550) %%OSSEC_HOME%%/etc/agent.conf.d/disabled -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/520.rootcheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/530.syscheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/550.logs.local.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf -@dir(,ossec,550) %%OSSEC_HOME%%/rules -@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@dir(,,0550) %%OSSEC_HOME%%/bin/command +@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh +@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh +@dir(,,0550) %%OSSEC_HOME%%/bin/config +@(,,0550) %%OSSEC_HOME%%/bin/config/agent-conf +@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/150.logs.conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/550.logs.local.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf +@dir(,ossec,0550) %%OSSEC_HOME%%/rules +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml diff --git a/security/ossec-hids-local-config/scripts/plist.sh b/security/ossec-hids-local-config/scripts/plist.sh index 8c7df63..6d61787 100755 --- a/security/ossec-hids-local-config/scripts/plist.sh +++ b/security/ossec-hids-local-config/scripts/plist.sh @@ -35,7 +35,7 @@ print_path() { if [ "${group}" == "${GROUP}" ]; then group="" fi - local mode=`stat -f "%p" "${full_path}" | tail -c 4` + local mode=`stat -f "%p" "${full_path}" | tail -c 5` echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" } diff --git a/security/ossec-hids-local/Makefile b/security/ossec-hids-local/Makefile index 2cc888e..e6553b2 100644 --- a/security/ossec-hids-local/Makefile +++ b/security/ossec-hids-local/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= ossec-hids -PORTVERSION= 3.0.0 +PORTVERSION= 3.1.0 PORTREVISION= CATEGORIES= security PKGNAMESUFFIX= -${OSSEC_TYPE} diff --git a/security/ossec-hids-local/distinfo b/security/ossec-hids-local/distinfo index bd846f2..1e8a6c3 100644 --- a/security/ossec-hids-local/distinfo +++ b/security/ossec-hids-local/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1532285963 -SHA256 (ossec-ossec-hids-3.0.0_GH0.tar.gz) = a271d665ed502b3df4ff055a177159dfc0bc8a69dd44eab1f7c57fe8fff42a98 -SIZE (ossec-ossec-hids-3.0.0_GH0.tar.gz) = 1817324 +TIMESTAMP = 1539457911 +SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50 +SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469 diff --git a/security/ossec-hids-local/files/ossec-hids.in b/security/ossec-hids-local/files/ossec-hids.in index 08efa1d..d49f01d 100644 --- a/security/ossec-hids-local/files/ossec-hids.in +++ b/security/ossec-hids-local/files/ossec-hids.in @@ -5,15 +5,18 @@ # BEFORE: LOGIN # KEYWORD: shutdown -# ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%. -# Default: NO -# ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup. -# Default: NO -# ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup. -# Default: NO -# ossec_hids_fetch_time (int): Time in seconds to wait for the shared configuration to be downloaded from the server. -# Used only by agent installation. -# Default: 60 +# ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%. +# Default: NO +# ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup. +# Default: NO +# ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup. +# Default: NO +# ossec_hids_fetch_connect_time (int): Time in seconds to wait for the download of the shared configuration to start. +# Used only by agent installation. +# Default: 20 +# ossec_hids_fetch_read_time (int): Time in seconds to wait for subsequent download chunks of the shared configuration. +# Used only by agent installation. +# Default: 5 . /etc/rc.subr @@ -25,7 +28,8 @@ load_rc_config $name : ${ossec_hids_enable="NO"} : ${ossec_hids_clear_log="NO"} : ${ossec_hids_clear_ar_log="NO"} -: ${ossec_hids_fetch_time=60} +: ${ossec_hids_fetch_connect_time=20} +: ${ossec_hids_fetch_read_time=5} ossec_type="%%OSSEC_TYPE%%" ossec_home="%%OSSEC_HOME%%" @@ -46,16 +50,13 @@ ossec_merged="${ossec_home}/etc/shared/merged.mg" ossec_local_time="/etc/localtime" -ossec_fts_queue="${ossec_home}/queue/fts/fts-queue" -ossec_ig_queue="${ossec_home}/queue/fts/ig-queue" - extra_commands="reload ossec_conf" case ${ossec_type} in server) - extra_commands="${extra_commands} agent_conf" + extra_commands="${extra_commands} agent_conf reset_counter" ;; agent) - extra_commands="${extra_commands} fetch_config" + extra_commands="${extra_commands} fetch_config reset_counter" ;; esac if [ -x "${ossec_conf_bin}" ]; then @@ -67,14 +68,16 @@ stop_cmd="ossec_hids_command stop" restart_cmd="ossec_hids_command restart" status_cmd="ossec_hids_command status" reload_cmd="ossec_hids_command reload" +reset_counter_cmd="ossec_hids_command start" fetch_config_cmd="ossec_hids_command restart" -merge_config_cmd="ossec_hids_create_configs force" +merge_config_cmd="ossec_hids_create_config force" ossec_conf_cmd="ossec_hids_ossec_conf" agent_conf_cmd="ossec_hids_agent_conf" start_precmd="ossec_hids_prepare" restart_precmd="ossec_hids_prepare" reload_precmd="ossec_hids_prepare" +reset_counter_precmd="ossec_hids_prepare" fetch_config_precmd="ossec_hids_prepare" ossec_hids_create_file() { @@ -91,12 +94,14 @@ ossec_hids_check() { case ${ossec_type} in server) if [ ! -s "${ossec_client_keys}" ]; then - echo "WARNING: There are no client keys created - remote connections will be disabled" + echo "WARNING: There are no client keys created - remote connections will be disabled." + echo fi ;; agent) if [ ! -s "${ossec_client_keys}" ]; then - echo "WARNING: There are is no client key imported - connection to server not possible" + echo "WARNING: There are is no client key imported - connection to server not possible." + echo fi ;; esac @@ -121,7 +126,7 @@ ossec_hids_config_is_outdated() { return 1 } -ossec_hids_create_configs() { +ossec_hids_create_config() { case ${ossec_type} in server) if [ -x "${agent_conf_bin}" ]; then @@ -132,10 +137,6 @@ ossec_hids_create_configs() { fi fi ;; - agent) - # Touch agent.conf so the agent daemons won't complain if it doesn't exist - ossec_hids_create_file "${agent_conf}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0644 - ;; esac if [ -x "${ossec_conf_bin}" ]; then @@ -149,30 +150,15 @@ ossec_hids_create_configs() { return 0 } -ossec_hids_create_logs() { - # Create required log files if they don't exist - ossec_hids_create_file "${ossec_log}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0660 - ossec_hids_create_file "${ossec_ar_log}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0660 - - return 0 -} - ossec_hids_create_env() { # Copy required files from outside of home directory if [ ! -e "${ossec_local_time}" ]; then - echo "Missing \"${ossec_local_time}\". Run command \"tzsetup\"." + echo "ERROR: Missing \"${ossec_local_time}\". Run command \"tzsetup\"." + echo return 1 fi install -o %%USER%% -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}" - # Install missing files - case ${ossec_type} in - server) - ossec_hids_create_file "${ossec_fts_queue}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0640 - ossec_hids_create_file "${ossec_ig_queue}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0640 - ;; - esac - return 0 } @@ -181,33 +167,86 @@ ossec_hids_clean() { rm -f "${ossec_merged}" fi - if checkyesno ossec_hids_clear_log; then + if checkyesno ossec_hids_clear_log && [ -e "${ossec_log}" ]; then echo -n > "${ossec_log}" fi - if checkyesno ossec_hids_clear_ar_log; then + if checkyesno ossec_hids_clear_ar_log && [ -e "${ossec_ar_log}" ]; then echo -n > "${ossec_ar_log}" fi return 0 } -ossec_hids_fetch_configs() { +ossec_hids_reset_counter() { + case ${ossec_type} in + local) + echo "ERROR: Counters are only available for agent and server installations." + echo + return 1 + ;; + *) + ossec_hids_command status > /dev/null && ossec_hids_command stop && sleep 2 && echo + agent_ids=`${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*ID:[[:space:]]*([[:digit:]]+).*|\1|p'` + agent_counter=0 + for agent_id in ${agent_ids}; do + rm -f "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1)) + done + echo "Removed ${agent_counter} counter(s)." + echo + ;; + esac + + return 0 +} + +ossec_hids_fetch_config() { case ${ossec_type} in agent) + ossec_hids_command status > /dev/null && ossec_hids_command stop && sleep 2 && echo rm -f "${ossec_merged}" - ossec_hids_command stop - sleep 1 - ossec_hids_command start - echo "Waiting ${ossec_hids_fetch_time} seconds for the shared configuration to be downloaded from the OSSEC server" - sleep ${ossec_hids_fetch_time} + ossec_hids_command start || return 1 + echo + echo "Waiting ${ossec_hids_fetch_connect_time} seconds for the shared configuration download to start." + sleep ${ossec_hids_fetch_connect_time} if [ ! -s "${ossec_merged}" ]; then - echo "Failed to download shared configuration from the OSSEC server" + echo "ERROR: Failed to download shared configuration from the OSSEC server." + echo + ossec_log_tail=$(tail "${ossec_log}") + echo "Portion of the \"${ossec_log}\":" + echo "${ossec_log_tail}" + echo + if echo "${ossec_log_tail}" | grep -q "ERROR: Unable to send message to"; then + echo "Check if your configuration contains the correct server address in \"server-ip\" option." + echo + fi + if echo "${ossec_log_tail}" | grep -q "ERROR: Incorrectly formatted message from"; then + echo "If you are certain the imported agent key is correct then execute command:" + echo "$(realpath $0) reset_counter" + echo "and fetch config again:" + echo "$(realpath $0) fetch_config" + echo + fi return 1 + else + # The download has started + while true; do + current_time=$(date +%s) + modification_time=$(stat -f %m "${ossec_merged}") + if [ $((current_time - modification_time)) -gt ${ossec_hids_fetch_read_time} ]; then + echo "Download finished." + echo + break; + else + echo "Download in progress..." + sleep 10 + fi + done fi ;; *) - echo "Shared configuration is only available for agent installations" + echo "ERROR: Shared configuration is only available for agent installations." + echo return 1 ;; esac @@ -218,23 +257,28 @@ ossec_hids_fetch_configs() { ossec_hids_prepare() { case ${rc_arg} in start|restart) - ossec_hids_create_logs && \ ossec_hids_create_env && \ - ossec_hids_create_configs && \ + ossec_hids_create_config && \ + ossec_hids_clean && \ + ossec_hids_check || return 1 + ;; + reset_counter) + ossec_hids_create_env && \ + ossec_hids_create_config && \ ossec_hids_clean && \ + ossec_hids_reset_counter && \ ossec_hids_check || return 1 ;; fetch_config) - ossec_hids_create_logs && \ ossec_hids_create_env && \ - ossec_hids_create_configs && \ + ossec_hids_create_config && \ ossec_hids_clean && \ - ossec_hids_fetch_configs && \ + ossec_hids_fetch_config && \ ossec_hids_check || return 1 ;; reload) ossec_hids_create_env && \ - ossec_hids_create_configs || return 1 + ossec_hids_create_config || return 1 ;; esac diff --git a/security/ossec-hids-local/files/patch-active-response_host-deny.sh b/security/ossec-hids-local/files/patch-active-response_host-deny.sh deleted file mode 100644 index aff6243..0000000 --- a/security/ossec-hids-local/files/patch-active-response_host-deny.sh +++ /dev/null @@ -1,15 +0,0 @@ ---- active-response/host-deny.sh.orig 2018-06-26 12:15:38 UTC -+++ active-response/host-deny.sh -@@ -126,10 +126,10 @@ if [ "x${ACTION}" = "xadd" ]; then - # Deleting from hosts.deny - elif [ "x${ACTION}" = "xdelete" ]; then - lock; -- TMP_FILE=`mktemp /var/ossec/ossec-hosts.XXXXXXXXXX` -+ TMP_FILE=`mktemp ${PWD}/ossec-hosts.XXXXXXXXXX` - if [ "X${TMP_FILE}" = "X" ]; then - # Cheap fake tmpfile, but should be harder then no random data -- TMP_FILE="/var/ossec/ossec-hosts.`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -1 `" -+ TMP_FILE="${PWD}/ossec-hosts.`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -1 `" - fi - echo "${IP}" | grep "\:" > /dev/null 2>&1 - if [ $? = 0 ]; then diff --git a/security/ossec-hids-local/files/patch-src_Makefile b/security/ossec-hids-local/files/patch-src_Makefile index 06cd53c..18a9290 100644 --- a/security/ossec-hids-local/files/patch-src_Makefile +++ b/security/ossec-hids-local/files/patch-src_Makefile @@ -1,6 +1,6 @@ ---- src/Makefile.orig 2018-06-26 12:15:38 UTC +--- src/Makefile.orig 2018-10-11 22:25:16 UTC +++ src/Makefile -@@ -397,7 +397,6 @@ endif +@@ -406,7 +406,6 @@ endif install -d -m 0750 -o ${OSSEC_USER} -g ${OSSEC_GROUP} ${PREFIX}/queue/diff install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc @@ -8,12 +8,3 @@ install -d -m 1550 -o root -g ${OSSEC_GROUP} ${PREFIX}/tmp -@@ -425,7 +424,7 @@ endif - endif - - install -d -m 0770 -o root -g ${OSSEC_GROUP} ${PREFIX}/etc/shared -- install -m 0640 -o ossec -g ${OSSEC_GROUP} rootcheck/db/*.txt ${PREFIX}/etc/shared/ -+ install -m 0640 -o ${OSSEC_USER} -g ${OSSEC_GROUP} rootcheck/db/*.txt ${PREFIX}/etc/shared/ - - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response - install -d -m 0550 -o root -g ${OSSEC_GROUP} ${PREFIX}/active-response/bin diff --git a/security/ossec-hids-local/files/patch-src_init_adduser.sh b/security/ossec-hids-local/files/patch-src_init_adduser.sh deleted file mode 100644 index 21c0d0b..0000000 --- a/security/ossec-hids-local/files/patch-src_init_adduser.sh +++ /dev/null @@ -1,11 +0,0 @@ ---- src/init/adduser.sh.orig 2018-06-26 12:15:38 UTC -+++ src/init/adduser.sh -@@ -69,7 +69,7 @@ else - fi - - if [ -x /usr/bin/getent ]; then -- if [ `getent group ossec | wc -l` -lt 1 ]; then -+ if [ `getent group "${GROUP}" | wc -l` -lt 1 ]; then - ${GROUPADD} "${GROUP}" - fi - elif ! grep "^${GROUP}" /etc/group > /dev/null 2>&1; then diff --git a/security/ossec-hids-local/files/patch-src_os__net_os__net.c b/security/ossec-hids-local/files/patch-src_os__net_os__net.c deleted file mode 100644 index fe99e5c..0000000 --- a/security/ossec-hids-local/files/patch-src_os__net_os__net.c +++ /dev/null @@ -1,24 +0,0 @@ ---- src/os_net/os_net.c.orig 2017-12-19 21:30:31 UTC -+++ src/os_net/os_net.c -@@ -48,16 +48,16 @@ int OS_Bindport(char *_port, unsigned in - - - memset(&hints, 0, sizeof(struct addrinfo)); --#ifdef AI_V4MAPPED -- hints.ai_family = AF_INET6; /* Allow IPv4 and IPv6 */ -- hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG | AI_V4MAPPED; --#else -+//#ifdef AI_V4MAPPED -+// hints.ai_family = AF_INET6; /* Allow IPv4 and IPv6 */ -+// hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG | AI_V4MAPPED; -+//#else - /* Certain *BSD OS (eg. OpenBSD) do not allow binding to a - single-socket for both IPv4 and IPv6 per RFC 3493. This will - allow one or the other based on _ip. */ - hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ - hints.ai_flags = AI_PASSIVE; --#endif -+//#endif - hints.ai_protocol = _proto; - if (_proto == IPPROTO_UDP) { - hints.ai_socktype = SOCK_DGRAM; diff --git a/security/ossec-hids-local/files/patch-src_rootcheck_db_system__audit__rcl.txt b/security/ossec-hids-local/files/patch-src_rootcheck_db_system__audit__rcl.txt deleted file mode 100644 index 424c10e..0000000 --- a/security/ossec-hids-local/files/patch-src_rootcheck_db_system__audit__rcl.txt +++ /dev/null @@ -1,11 +0,0 @@ ---- src/rootcheck/db/system_audit_rcl.txt.orig 2017-12-19 21:30:31 UTC -+++ src/rootcheck/db/system_audit_rcl.txt -@@ -25,7 +25,7 @@ - # Multiple patterns can be specified by using " && " between them. - # (All of them must match for it to return true). - --$php.ini=/etc/php.ini,/var/www/conf/php.ini,/etc/php5/apache2/php.ini; -+$php.ini=/etc/php.ini,/var/www/conf/php.ini,/etc/php5/apache2/php.ini,/usr/local/etc/php.ini; - $web_dirs=/var/www,/var/htdocs,/home/httpd,/usr/local/apache,/usr/local/apache2,/usr/local/www; - - # PHP checks diff --git a/security/ossec-hids-local/pkg-plist-agent b/security/ossec-hids-local/pkg-plist-agent index 01ddca8..6db6de1 100644 --- a/security/ossec-hids-local/pkg-plist-agent +++ b/security/ossec-hids-local/pkg-plist-agent @@ -1,66 +1,75 @@ -@dir(,ossec,550) %%OSSEC_HOME%% -@dir(,ossec,550) %%OSSEC_HOME%%/active-response -@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/npf.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/pf.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/route-null.sh -@dir(,,550) %%OSSEC_HOME%%/bin -@(,,550) %%OSSEC_HOME%%/bin/agent-auth -@(,,550) %%OSSEC_HOME%%/bin/manage_agents -@(,,550) %%OSSEC_HOME%%/bin/ossec-agentd -@(,,550) %%OSSEC_HOME%%/bin/ossec-control -@(,,550) %%OSSEC_HOME%%/bin/ossec-execd -@(,,550) %%OSSEC_HOME%%/bin/ossec-logcollector -@(,,550) %%OSSEC_HOME%%/bin/ossec-lua -@(,,550) %%OSSEC_HOME%%/bin/ossec-luac -@(,,550) %%OSSEC_HOME%%/bin/ossec-syscheckd -@(,,550) %%OSSEC_HOME%%/bin/util.sh -@dir(,ossec,550) %%OSSEC_HOME%%/etc -@(,ossec,640) %%OSSEC_HOME%%/etc/internal_options.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample -@dir(,ossec,770) %%OSSEC_HOME%%/etc/shared -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt -@(ossec,ossec,644) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt -@dir(ossec,ossec,750) %%OSSEC_HOME%%/logs -@dir(,ossec,550) %%OSSEC_HOME%%/queue -@dir(ossec,ossec,770) %%OSSEC_HOME%%/queue/alerts -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/diff -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/ossec -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/rids -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/syscheck -@dir(,ossec,550) %%OSSEC_HOME%%/tmp -@dir(,ossec,550) %%OSSEC_HOME%%/var -@dir(,ossec,770) %%OSSEC_HOME%%/var/run +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@(,,0550) %%OSSEC_HOME%%/bin/agent-auth +@(,,0550) %%OSSEC_HOME%%/bin/manage_agents +@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-control +@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector +@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac +@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd +@(,,0550) %%OSSEC_HOME%%/bin/util.sh +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample +@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt +@(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs +@dir(,ossec,0550) %%OSSEC_HOME%%/queue +@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rids +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck +@dir(,ossec,1550) %%OSSEC_HOME%%/tmp +@dir(,ossec,0550) %%OSSEC_HOME%%/var +@dir(,ossec,0770) %%OSSEC_HOME%%/var/run %%PORTDOCS%%%%DOCSDIR%%/BUGS %%PORTDOCS%%%%DOCSDIR%%/CHANGELOG %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS diff --git a/security/ossec-hids-local/pkg-plist-local b/security/ossec-hids-local/pkg-plist-local index 21e358e..4b33e07 100644 --- a/security/ossec-hids-local/pkg-plist-local +++ b/security/ossec-hids-local/pkg-plist-local @@ -1,179 +1,194 @@ -@dir(,ossec,550) %%OSSEC_HOME%% -@dir(,ossec,550) %%OSSEC_HOME%%/active-response -@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/npf.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/pf.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/route-null.sh -@dir(,ossec,550) %%OSSEC_HOME%%/agentless -@(,ossec,550) %%OSSEC_HOME%%/agentless/main.exp -@(,ossec,550) %%OSSEC_HOME%%/agentless/register_host.sh -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh.exp -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_generic_diff -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff -@(,ossec,550) %%OSSEC_HOME%%/agentless/sshlogin.exp -@(,ossec,550) %%OSSEC_HOME%%/agentless/su.exp -@dir(,,550) %%OSSEC_HOME%%/bin -@(,,550) %%OSSEC_HOME%%/bin/agent_control -@(,,550) %%OSSEC_HOME%%/bin/clear_stats -@(,,550) %%OSSEC_HOME%%/bin/list_agents -@(,,550) %%OSSEC_HOME%%/bin/manage_agents -@(,,550) %%OSSEC_HOME%%/bin/ossec-agentlessd -@(,,550) %%OSSEC_HOME%%/bin/ossec-analysisd -@(,,550) %%OSSEC_HOME%%/bin/ossec-authd -@(,,550) %%OSSEC_HOME%%/bin/ossec-control -@(,,550) %%OSSEC_HOME%%/bin/ossec-csyslogd -@(,,550) %%OSSEC_HOME%%/bin/ossec-dbd -@(,,550) %%OSSEC_HOME%%/bin/ossec-execd -@(,,550) %%OSSEC_HOME%%/bin/ossec-logcollector -@(,,550) %%OSSEC_HOME%%/bin/ossec-logtest -@(,,550) %%OSSEC_HOME%%/bin/ossec-lua -@(,,550) %%OSSEC_HOME%%/bin/ossec-luac -@(,,550) %%OSSEC_HOME%%/bin/ossec-maild -@(,,550) %%OSSEC_HOME%%/bin/ossec-makelists -@(,,550) %%OSSEC_HOME%%/bin/ossec-monitord -@(,,550) %%OSSEC_HOME%%/bin/ossec-regex -@(,,550) %%OSSEC_HOME%%/bin/ossec-remoted -@(,,550) %%OSSEC_HOME%%/bin/ossec-reportd -@(,,550) %%OSSEC_HOME%%/bin/ossec-syscheckd -@(,,550) %%OSSEC_HOME%%/bin/rootcheck_control -@(,,550) %%OSSEC_HOME%%/bin/syscheck_control -@(,,550) %%OSSEC_HOME%%/bin/syscheck_update -@(,,550) %%OSSEC_HOME%%/bin/util.sh -@(,,550) %%OSSEC_HOME%%/bin/verify-agent-conf -@dir(,ossec,550) %%OSSEC_HOME%%/etc -@(,ossec,640) %%OSSEC_HOME%%/etc/decoder.xml -@(,ossec,640) %%OSSEC_HOME%%/etc/internal_options.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample -@dir(,ossec,770) %%OSSEC_HOME%%/etc/shared -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt -@dir(ossec,ossec,750) %%OSSEC_HOME%%/logs -@dir(,ossec,550) %%OSSEC_HOME%%/rules -@(,ossec,640) %%OSSEC_HOME%%/rules/apache_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/apparmor_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/asterisk_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/attack_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/cimserver_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/clam_av_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/courier_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/dovecot_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/dropbear_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/exim_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/firewall_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/firewalld_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ftpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ids_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/imapd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/local_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ms-se_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/msauth_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/mysql_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/named_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/nginx_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/nsd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/openbsd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ossec_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/owncloud_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/pam_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/php_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/pix_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/policy_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/postfix_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/postgresql_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/proftpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/psad_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/racoon_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/roundcube_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/rules_config.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/sendmail_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/smbd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/spamd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/squid_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/sshd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/syslog_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/sysmon_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/systemd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/telnetd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/unbound_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/vmware_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/web_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/wordpress_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/zeus_rules.xml -@dir(ossec,ossec,750) %%OSSEC_HOME%%/logs/alerts -@dir(ossec,ossec,750) %%OSSEC_HOME%%/logs/archives -@dir(ossec,ossec,750) %%OSSEC_HOME%%/logs/firewall -@dir(,ossec,550) %%OSSEC_HOME%%/queue -@dir(ossecr,ossec,750) %%OSSEC_HOME%%/queue/agent-info -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/agentless -@dir(ossec,ossec,770) %%OSSEC_HOME%%/queue/alerts -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/diff -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/fts -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/ossec -@dir(ossecr,ossec,750) %%OSSEC_HOME%%/queue/rids -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/rootcheck -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/syscheck -@dir(ossec,ossec,750) %%OSSEC_HOME%%/stats -@dir(,ossec,550) %%OSSEC_HOME%%/tmp -@dir(,ossec,550) %%OSSEC_HOME%%/var -@dir(,ossec,770) %%OSSEC_HOME%%/var/run +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh +@dir(,ossec,0550) %%OSSEC_HOME%%/agentless +@(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp +@dir(,,0550) %%OSSEC_HOME%%/bin +@(,,0550) %%OSSEC_HOME%%/bin/agent_control +@(,,0550) %%OSSEC_HOME%%/bin/clear_stats +@(,,0550) %%OSSEC_HOME%%/bin/list_agents +@(,,0550) %%OSSEC_HOME%%/bin/manage_agents +@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-authd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-control +@(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector +@(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest +@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac +@(,,0550) %%OSSEC_HOME%%/bin/ossec-maild +@(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists +@(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord +@(,,0550) %%OSSEC_HOME%%/bin/ossec-regex +@(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted +@(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd +@(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control +@(,,0550) %%OSSEC_HOME%%/bin/syscheck_control +@(,,0550) %%OSSEC_HOME%%/bin/syscheck_update +@(,,0550) %%OSSEC_HOME%%/bin/util.sh +@(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml +@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample +@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs +@dir(,ossec,0550) %%OSSEC_HOME%%/rules +@(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml +@dir(,ossec,0700) %%OSSEC_HOME%%/.ssh +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall +@dir(,ossec,0550) %%OSSEC_HOME%%/queue +@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless +@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec +@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats +@dir(,ossec,1550) %%OSSEC_HOME%%/tmp +@dir(,ossec,0550) %%OSSEC_HOME%%/var +@dir(,ossec,0770) %%OSSEC_HOME%%/var/run %%PORTDOCS%%%%DOCSDIR%%/BUGS %%PORTDOCS%%%%DOCSDIR%%/CHANGELOG %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS diff --git a/security/ossec-hids-local/pkg-plist-server b/security/ossec-hids-local/pkg-plist-server index 21e358e..4b33e07 100644 --- a/security/ossec-hids-local/pkg-plist-server +++ b/security/ossec-hids-local/pkg-plist-server @@ -1,179 +1,194 @@ -@dir(,ossec,550) %%OSSEC_HOME%% -@dir(,ossec,550) %%OSSEC_HOME%%/active-response -@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/npf.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/pf.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/route-null.sh -@dir(,ossec,550) %%OSSEC_HOME%%/agentless -@(,ossec,550) %%OSSEC_HOME%%/agentless/main.exp -@(,ossec,550) %%OSSEC_HOME%%/agentless/register_host.sh -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh.exp -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_generic_diff -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp -@(,ossec,550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff -@(,ossec,550) %%OSSEC_HOME%%/agentless/sshlogin.exp -@(,ossec,550) %%OSSEC_HOME%%/agentless/su.exp -@dir(,,550) %%OSSEC_HOME%%/bin -@(,,550) %%OSSEC_HOME%%/bin/agent_control -@(,,550) %%OSSEC_HOME%%/bin/clear_stats -@(,,550) %%OSSEC_HOME%%/bin/list_agents -@(,,550) %%OSSEC_HOME%%/bin/manage_agents -@(,,550) %%OSSEC_HOME%%/bin/ossec-agentlessd -@(,,550) %%OSSEC_HOME%%/bin/ossec-analysisd -@(,,550) %%OSSEC_HOME%%/bin/ossec-authd -@(,,550) %%OSSEC_HOME%%/bin/ossec-control -@(,,550) %%OSSEC_HOME%%/bin/ossec-csyslogd -@(,,550) %%OSSEC_HOME%%/bin/ossec-dbd -@(,,550) %%OSSEC_HOME%%/bin/ossec-execd -@(,,550) %%OSSEC_HOME%%/bin/ossec-logcollector -@(,,550) %%OSSEC_HOME%%/bin/ossec-logtest -@(,,550) %%OSSEC_HOME%%/bin/ossec-lua -@(,,550) %%OSSEC_HOME%%/bin/ossec-luac -@(,,550) %%OSSEC_HOME%%/bin/ossec-maild -@(,,550) %%OSSEC_HOME%%/bin/ossec-makelists -@(,,550) %%OSSEC_HOME%%/bin/ossec-monitord -@(,,550) %%OSSEC_HOME%%/bin/ossec-regex -@(,,550) %%OSSEC_HOME%%/bin/ossec-remoted -@(,,550) %%OSSEC_HOME%%/bin/ossec-reportd -@(,,550) %%OSSEC_HOME%%/bin/ossec-syscheckd -@(,,550) %%OSSEC_HOME%%/bin/rootcheck_control -@(,,550) %%OSSEC_HOME%%/bin/syscheck_control -@(,,550) %%OSSEC_HOME%%/bin/syscheck_update -@(,,550) %%OSSEC_HOME%%/bin/util.sh -@(,,550) %%OSSEC_HOME%%/bin/verify-agent-conf -@dir(,ossec,550) %%OSSEC_HOME%%/etc -@(,ossec,640) %%OSSEC_HOME%%/etc/decoder.xml -@(,ossec,640) %%OSSEC_HOME%%/etc/internal_options.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample -@dir(,ossec,770) %%OSSEC_HOME%%/etc/shared -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt -@(ossec,ossec,640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt -@dir(ossec,ossec,750) %%OSSEC_HOME%%/logs -@dir(,ossec,550) %%OSSEC_HOME%%/rules -@(,ossec,640) %%OSSEC_HOME%%/rules/apache_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/apparmor_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/asterisk_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/attack_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/cimserver_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/clam_av_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/courier_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/dovecot_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/dropbear_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/exim_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/firewall_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/firewalld_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ftpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ids_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/imapd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/local_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ms-se_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/msauth_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/mysql_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/named_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/nginx_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/nsd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/openbsd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/ossec_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/owncloud_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/pam_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/php_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/pix_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/policy_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/postfix_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/postgresql_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/proftpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/psad_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/racoon_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/roundcube_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/rules_config.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/sendmail_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/smbd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/spamd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/squid_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/sshd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/syslog_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/sysmon_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/systemd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/telnetd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/unbound_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/vmware_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/web_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/wordpress_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/zeus_rules.xml -@dir(ossec,ossec,750) %%OSSEC_HOME%%/logs/alerts -@dir(ossec,ossec,750) %%OSSEC_HOME%%/logs/archives -@dir(ossec,ossec,750) %%OSSEC_HOME%%/logs/firewall -@dir(,ossec,550) %%OSSEC_HOME%%/queue -@dir(ossecr,ossec,750) %%OSSEC_HOME%%/queue/agent-info -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/agentless -@dir(ossec,ossec,770) %%OSSEC_HOME%%/queue/alerts -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/diff -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/fts -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/ossec -@dir(ossecr,ossec,750) %%OSSEC_HOME%%/queue/rids -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/rootcheck -@dir(ossec,ossec,750) %%OSSEC_HOME%%/queue/syscheck -@dir(ossec,ossec,750) %%OSSEC_HOME%%/stats -@dir(,ossec,550) %%OSSEC_HOME%%/tmp -@dir(,ossec,550) %%OSSEC_HOME%%/var -@dir(,ossec,770) %%OSSEC_HOME%%/var/run +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh +@dir(,ossec,0550) %%OSSEC_HOME%%/agentless +@(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff +@(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp +@(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp +@dir(,,0550) %%OSSEC_HOME%%/bin +@(,,0550) %%OSSEC_HOME%%/bin/agent_control +@(,,0550) %%OSSEC_HOME%%/bin/clear_stats +@(,,0550) %%OSSEC_HOME%%/bin/list_agents +@(,,0550) %%OSSEC_HOME%%/bin/manage_agents +@(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-authd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-control +@(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-execd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector +@(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest +@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua +@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac +@(,,0550) %%OSSEC_HOME%%/bin/ossec-maild +@(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists +@(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord +@(,,0550) %%OSSEC_HOME%%/bin/ossec-regex +@(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted +@(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd +@(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd +@(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control +@(,,0550) %%OSSEC_HOME%%/bin/syscheck_control +@(,,0550) %%OSSEC_HOME%%/bin/syscheck_update +@(,,0550) %%OSSEC_HOME%%/bin/util.sh +@(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml +@(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample +@dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt +@(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs +@dir(,ossec,0550) %%OSSEC_HOME%%/rules +@(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml +@dir(,ossec,0700) %%OSSEC_HOME%%/.ssh +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall +@dir(,ossec,0550) %%OSSEC_HOME%%/queue +@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless +@dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec +@dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck +@dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats +@dir(,ossec,1550) %%OSSEC_HOME%%/tmp +@dir(,ossec,0550) %%OSSEC_HOME%%/var +@dir(,ossec,0770) %%OSSEC_HOME%%/var/run %%PORTDOCS%%%%DOCSDIR%%/BUGS %%PORTDOCS%%%%DOCSDIR%%/CHANGELOG %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS diff --git a/security/ossec-hids-local/scripts/plist.sh b/security/ossec-hids-local/scripts/plist.sh index 8a3dfcd..c08c5e1 100755 --- a/security/ossec-hids-local/scripts/plist.sh +++ b/security/ossec-hids-local/scripts/plist.sh @@ -17,10 +17,10 @@ if [ "${OSSEC_TYPE}" != "agent" ]; then fixed_lines="${fixed_lines} %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema" fi skip_lines="%%PORTDOCS%%%%DOCSDIR%%/mysql.schema %%PORTDOCS%%%%DOCSDIR%%/postgresql.schema" -skip_paths="/etc/ossec.conf /etc/client.keys /logs/active-responses.log /logs/ossec.log /lua /.ssh" +skip_paths="/etc/ossec.conf /etc/client.keys /logs/active-responses.log /logs/ossec.log /lua" sample_paths="/etc/local_internal_options.conf.sample" if [ "${OSSEC_TYPE}" == "agent" ]; then - skip_paths="${skip_paths} /rules /agentless" + skip_paths="${skip_paths} /rules /agentless /.ssh" fi print_path() { @@ -41,7 +41,7 @@ print_path() { if [ "${group}" == "${GROUP}" ]; then group="" fi - local mode=`stat -f "%p" "${full_path}" | tail -c 4` + local mode=`stat -f "%p" "${full_path}" | tail -c 5` echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" } diff --git a/security/ossec-hids/Makefile b/security/ossec-hids/Makefile index b797b75..5d99201 100644 --- a/security/ossec-hids/Makefile +++ b/security/ossec-hids/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= ossec-hids -PORTVERSION= 3.0.0 +PORTVERSION= 3.1.0 PORTREVISION= CATEGORIES= security |