diff options
| author | Dominik Lisiak <dominik.lisiak@bemsoft.pl> | 2018-10-29 02:11:48 +0100 |
|---|---|---|
| committer | Dominik Lisiak <dominik.lisiak@bemsoft.pl> | 2018-10-29 02:11:48 +0100 |
| commit | 71caabd6446ab183ec74c2c55374e6342ea86f65 (patch) | |
| tree | 84411598f4667daeef3db4f881bf50fe74937cbd | |
| parent | Added help command. (diff) | |
| download | ossec-71caabd6446ab183ec74c2c55374e6342ea86f65.tar.xz | |
Added furthe help messages and comments.
| -rw-r--r-- | security/ossec-hids-local-config/Makefile | 6 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/opt-ar.mk | 2 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/opt-rootcheck.mk | 2 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/opt-syscheck.mk | 2 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/pkg-help-agent | 29 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/pkg-help-local | 31 | ||||
| -rw-r--r-- | security/ossec-hids-local-config/pkg-help-server | 46 | ||||
| -rw-r--r-- | security/ossec-hids-local/files/message-config.in | 3 | ||||
| -rw-r--r-- | security/ossec-hids-local/files/ossec-hids.in | 28 |
9 files changed, 145 insertions, 4 deletions
diff --git a/security/ossec-hids-local-config/Makefile b/security/ossec-hids-local-config/Makefile index c8e795c..df82b84 100644 --- a/security/ossec-hids-local-config/Makefile +++ b/security/ossec-hids-local-config/Makefile @@ -51,7 +51,7 @@ OPTIONS_SINGLE_FIREWALL= IPF IPFW PF OPTIONS_DEFAULT+= IPF -FIREWALL_DESC= Active response firewall +FIREWALL_DESC= Active Response Firewall PF_DESC= Packet Filter IPFW_DESC= ipfirewall IPF_DESC= ipfilter @@ -347,6 +347,7 @@ ossec-conf-managed: . for option in ${${conf_group}_INSTANCE_OPTIONS} . if ${${conf_group}_INSTANCE_OPTIONS_ENABLED:M${option}} . if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "<!-- Enabled ${${option}_OPTION} -->" >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} @${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} @${ECHO_CMD} >> ${OSSEC_CONF_DIR}/${${conf_group}_MANAGED_CONF} . endif @@ -364,6 +365,7 @@ ossec-conf-local: . for option in ${${conf_group}_INSTANCE_OPTIONS} . if ${${conf_group}_INSTANCE_OPTIONS_DISABLED:M${option}} . if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "<!-- Disabled ${${option}_OPTION} -->" >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} @${TEMPL_TO_OSSEC} ${WRKDIR}/${${option}_TEMPLATE} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} @${ECHO_CMD} >> ${OSSEC_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} . endif @@ -390,6 +392,7 @@ agent-conf-managed: . for option in ${${conf_group}_PUSHED_OPTIONS} . if ${${conf_group}_PUSHED_OPTIONS_ENABLED:M${option}} . if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "<!-- Enabled ${${option}_OPTION}_P -->" >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} @${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} @${ECHO_CMD} >> ${AGENT_CONF_DIR}/${${conf_group}_MANAGED_CONF} . endif @@ -407,6 +410,7 @@ agent-conf-local: . for option in ${${conf_group}_PUSHED_OPTIONS} . if ${${conf_group}_PUSHED_OPTIONS_DISABLED:M${option}} . if !empty(${option}_TEMPLATE) + @${ECHO_CMD} "<!-- Disabled ${${option}_OPTION}_P -->" >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} @${TEMPL_TO_AGENT} ${WRKDIR}/${${option}_TEMPLATE} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} @${ECHO_CMD} >> ${AGENT_LOCAL_CONF_DIR}/${${conf_group}_LOCAL_CONF} . endif diff --git a/security/ossec-hids-local-config/opt-ar.mk b/security/ossec-hids-local-config/opt-ar.mk index bfe9f19..d52f4bb 100644 --- a/security/ossec-hids-local-config/opt-ar.mk +++ b/security/ossec-hids-local-config/opt-ar.mk @@ -12,7 +12,7 @@ AR_OPTIONS+= AR_CMDS_DEFAULT # Config merge commands AR_CMDS_MERGE_OPTION= MERGE_C -AR_CMDS_MERGE_DESC= Command to merge configuration files +AR_CMDS_MERGE_DESC= Commands to merge configuration files AR_CMDS_MERGE_DEFINE= server local AR_CMDS_MERGE_DEFAULT= server local AR_OPTIONS+= AR_CMDS_MERGE diff --git a/security/ossec-hids-local-config/opt-rootcheck.mk b/security/ossec-hids-local-config/opt-rootcheck.mk index 1b41f20..f846cd3 100644 --- a/security/ossec-hids-local-config/opt-rootcheck.mk +++ b/security/ossec-hids-local-config/opt-rootcheck.mk @@ -1,7 +1,7 @@ ROOTCHECK_MANAGED_CONF= 120.rootcheck.conf ROOTCHECK_LOCAL_CONF= 520.rootcheck.local.conf -ROOTCHECK_DESC= System Audit and Rootkit Detection +ROOTCHECK_DESC= System Audit and Rootkit Detection (rootcheck) # Basic ROOTCHECK_BASIC_OPTION= BASIC_RC diff --git a/security/ossec-hids-local-config/opt-syscheck.mk b/security/ossec-hids-local-config/opt-syscheck.mk index 2023839..6f1f0eb 100644 --- a/security/ossec-hids-local-config/opt-syscheck.mk +++ b/security/ossec-hids-local-config/opt-syscheck.mk @@ -1,7 +1,7 @@ SYSCHECK_MANAGED_CONF= 130.syscheck.conf SYSCHECK_LOCAL_CONF= 530.syscheck.local.conf -SYSCHECK_DESC= File Integrity Checking +SYSCHECK_DESC= File Integrity Checking (syscheck) # Default direcotries SYSCHECK_BASIC_OPTION= BASIC_SC diff --git a/security/ossec-hids-local-config/pkg-help-agent b/security/ossec-hids-local-config/pkg-help-agent new file mode 100644 index 0000000..f16999a --- /dev/null +++ b/security/ossec-hids-local-config/pkg-help-agent @@ -0,0 +1,29 @@ +Unless stated otherwise, every option here corresponds to certain configuration +block which would be placed in one of the configuration files in "ossec.conf.d" +directory. Disabled options will do the same, but for "ossec.conf.d/disabled" +directory. All "*.conf" files from the "ossec.conf.d" directory will be merged +into "ossec.conf" in alphabetic order. If you are not satisfied with the +generated configuration, you can disable the corresponding option and use files +from "ossec.conf.d/disabled" directory as samples. + +Most of the options are disabled by default, because it is expected that the +server will push the agent configuration using "agent.conf". FreeBSD port of +OSSEC server extended with similar "config" port does this by default. If this +is the case, then the "ossec.conf" should only enable required profiles. + +Files generated by the port will be overwritten during port upgrades so any +additional configuration should be put in separate files. + +Command Output Monitoring: + + Adds additional commands, the output of which can be monitored. To actually + send alerts about the changing output, the proper rules need to be configured + on the server as well. For security reasons commands cannot be pushed by the + server and thus must be configured locally on every agent. + These commands can be tweaked in "command.conf". + +Active Response Firewall: + + Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC. + This option is only meaningful if this OSSEC instance will be the target of + "firewall-drop" active response (configured on the server). diff --git a/security/ossec-hids-local-config/pkg-help-local b/security/ossec-hids-local-config/pkg-help-local new file mode 100644 index 0000000..6962307 --- /dev/null +++ b/security/ossec-hids-local-config/pkg-help-local @@ -0,0 +1,31 @@ +Unless stated otherwise, every option here corresponds to certain configuration +block which would be placed in one of the configuration files in "ossec.conf.d" +directory. Disabled options will do the same, but for "ossec.conf.d/disabled" +directory. All "*.conf" files from the "ossec.conf.d" directory will be merged +into "ossec.conf" in alphabetic order. If you are not satisfied with the +generated configuration, you can disable the corresponding option and use files +from "ossec.conf.d/disabled" directory as samples. + +Files generated by the port will be overwritten during port upgrades so any +additional configuration should be put in separate files. + +File Integrity Checking: + + NOAUTO_SC: + OSSEC by default will ignore files that change too often (after the third + change). This option disables this feature. Files that change too often + as a result of correct system operation should better be added to ignore + list manually. + +Command Output Monitoring: + + Adds additional commands, the output of which can be monitored. To actually + send alerts about the changing output, the proper rules need to be configured + as well (see CMDOUT_R option). + These commands can be tweaked in "command.conf". + +Active Response Firewall: + + Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC. + This option is only meaningful if "firewall-drop" active response will be + enabled in the configuration. diff --git a/security/ossec-hids-local-config/pkg-help-server b/security/ossec-hids-local-config/pkg-help-server new file mode 100644 index 0000000..bbcdec1 --- /dev/null +++ b/security/ossec-hids-local-config/pkg-help-server @@ -0,0 +1,46 @@ +Unless stated otherwise, every option here corresponds to certain configuration +block which would be placed in one of the configuration files in "ossec.conf.d" +directory. Disabled options will do the same, but for "ossec.conf.d/disabled" +directory. All "*.conf" files from the "ossec.conf.d" directory will be merged +into "ossec.conf" in alphabetic order. If you are not satisfied with the +generated configuration, you can disable the corresponding option and use files +from "ossec.conf.d/disabled" directory as samples. + +The "pushed" sections (*_P options) relate to configuration pushed to agents +using "agent.conf". The generated configuration blocks will be placed in +"agent.conf.d" and "agent.conf.d/disabled" directories. +Note that the agent needs to enable proper profile to benefit from "agent.conf" +configuration pushed by the server. This also means that profiles not enabled +on the agent are ignored. This is why all "pushed" options are enabled by +default. The port currently contains configuration templates for the following +agent systems: + + - FreeBSD + - Debian Linux + +Consider contributing to the port by contacting the maintainer and providing +configuration templates for other operating systems runnig OSSEC agents. + +Files generated by the port will be overwritten during port upgrades so any +additional configuration should be put in separate files. + +File Integrity Checking: + + NOAUTO_SC: + OSSEC by default will ignore files that change too often (after the third + change). This option disables this feature. Files that change too often + as a result of correct system operation should better be added to ignore + list manually. + +Command Output Monitoring: + + Adds additional commands, the output of which can be monitored. To actually + send alerts about the changing output, the proper rules need to be configured + as well (see CMDOUT_R option). + These commands can be tweaked in "command.conf". + +Active Response Firewall: + + Creates "firewall-drop.sh" hardlink to one of the scripts shipped with OSSEC. + This option is only meaningful if this OSSEC instance will be the target of + "firewall-drop" active response. diff --git a/security/ossec-hids-local/files/message-config.in b/security/ossec-hids-local/files/message-config.in index f3a13b3..47a7c44 100644 --- a/security/ossec-hids-local/files/message-config.in +++ b/security/ossec-hids-local/files/message-config.in @@ -1,2 +1,5 @@ Consider installing "%%CATEGORY%%/%%PORTNAME%%-%%OSSEC_TYPE%%-config" to ease OSSEC configuration. + +For additional help execute: +# %%PREFIX%%/etc/rc.d/ossec-hids help diff --git a/security/ossec-hids-local/files/ossec-hids.in b/security/ossec-hids-local/files/ossec-hids.in index c044f24..31ccfb4 100644 --- a/security/ossec-hids-local/files/ossec-hids.in +++ b/security/ossec-hids-local/files/ossec-hids.in @@ -91,6 +91,10 @@ agent_names_cmd="${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*Name:[[:sp ossec_hids_help() { local indent=" " + + echo "Additional commands:" + echo + for command in ${extra_commands}; do case ${command} in ossec_conf) @@ -179,6 +183,30 @@ ossec_hids_help() { ;; esac done + + echo "To avoid problems with this script and the port in general, keep your XML-like" + echo "configuration pretty printed. Place element tags in single and separate lines." + echo "Comments can span on multiple but still separate lines." + echo "Do NOT use the following formatting:" + echo + echo "${indent}<elementA" + echo "${indent}${indent}attribute=\"value\"><!-- I am a long and" + echo "${indent}${indent}${indent}descriptive comment -->" + echo "${indent}${indent}<elementB>" + echo "${indent}${indent}${indent}Some content" + echo "${indent}${indent}</elementB><elementC>" + echo "${indent}${indent}${indent}Another content</elementC>" + echo "${indent}</elementA>" + echo + echo "Use instead:" + echo + echo "${indent}<elementA attribute=\"value\">" + echo "${indent}${indent}<!-- I am a long and" + echo "${indent}${indent}descriptive comment -->" + echo "${indent}${indent}<elementB>Some content</elementB>" + echo "${indent}${indent}<elementC>Another content</elementC>" + echo "${indent}</elementA>" + echo } ossec_hids_create_file() { |