diff options
| author | Dominik Lisiak <dominik.lisiak@bemsoft.pl> | 2018-10-14 22:15:18 +0200 |
|---|---|---|
| committer | Dominik Lisiak <dominik.lisiak@bemsoft.pl> | 2018-10-14 22:15:18 +0200 |
| commit | 40fe374ce79a2a0df1ae63093ba689225cae6705 (patch) | |
| tree | 9e216aef7e7eff11b0d5af5ed2b7663d19ed53fc /security/ossec-hids-local-config | |
| parent | Initial commit for version 3.0.0 (diff) | |
| download | ossec-40fe374ce79a2a0df1ae63093ba689225cae6705.tar.xz | |
Upgrade to 3.1.0.
Diffstat (limited to 'security/ossec-hids-local-config')
8 files changed, 105 insertions, 100 deletions
diff --git a/security/ossec-hids-local-config/Makefile b/security/ossec-hids-local-config/Makefile index 15f3ffc..9ca25d4 100644 --- a/security/ossec-hids-local-config/Makefile +++ b/security/ossec-hids-local-config/Makefile @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= ossec-hids -PORTVERSION= 3.0.0 +PORTVERSION= 3.1.0 PORTREVISION= CATEGORIES= security PKGNAMESUFFIX= -${OSSEC_TYPE}-config diff --git a/security/ossec-hids-local-config/distinfo b/security/ossec-hids-local-config/distinfo index 22bce30..38a6c3c 100644 --- a/security/ossec-hids-local-config/distinfo +++ b/security/ossec-hids-local-config/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1535297705 -SHA256 (ossec-ossec-hids-3.0.0_GH0.tar.gz) = a271d665ed502b3df4ff055a177159dfc0bc8a69dd44eab1f7c57fe8fff42a98 -SIZE (ossec-ossec-hids-3.0.0_GH0.tar.gz) = 1817324 +TIMESTAMP = 1539459620 +SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50 +SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469 diff --git a/security/ossec-hids-local-config/files/template-rules-default.xml.in b/security/ossec-hids-local-config/files/template-rules-default.xml.in index e7c18be..5f34a6a 100644 --- a/security/ossec-hids-local-config/files/template-rules-default.xml.in +++ b/security/ossec-hids-local-config/files/template-rules-default.xml.in @@ -47,6 +47,8 @@ <include>msauth_rules.xml</include> <include>mcafee_av_rules.xml</include> <include>ms-se_rules.xml</include> + <include>sysmon_rules.xml</include> + <include>ms_ipsec_rules.xml</include> <include>vmware_rules.xml</include> <include>ids_rules.xml</include> <include>apache_rules.xml</include> @@ -70,8 +72,11 @@ <include>owncloud_rules.xml</include> <include>proxmox-ve_rules.xml</include> <include>opensmtpd_rules.xml</include> + <include>dnsmasq_rules.xml</include> + <include>linux_usbdetect_rules.xml</include> + <include>ms1016_usbdetect_rules.xml</include> + <include>ms_firewall_rules.xml</include> <include>psad_rules.xml</include> - <include>sysmon_rules.xml</include> <include>unbound_rules.xml</include> <include>local_rules.xml</include> diff --git a/security/ossec-hids-local-config/files/template-sample-server.xml.in b/security/ossec-hids-local-config/files/template-sample-server.xml.in index d4efd19..901e26a 100644 --- a/security/ossec-hids-local-config/files/template-sample-server.xml.in +++ b/security/ossec-hids-local-config/files/template-sample-server.xml.in @@ -3,8 +3,8 @@ <remote> <connection>secure</connection> - <!-- Because of a bug, setting the address is mandatory for IPv4. --> - <local_ip>1.2.3.4</local_ip> + <!-- OSSEC server listens on all interfacees by default. --> + <!-- <local_ip>1.2.3.4</local_ip> --> </remote> <global> diff --git a/security/ossec-hids-local-config/pkg-plist-agent b/security/ossec-hids-local-config/pkg-plist-agent index b999785..bb8bf58 100644 --- a/security/ossec-hids-local-config/pkg-plist-agent +++ b/security/ossec-hids-local-config/pkg-plist-agent @@ -1,23 +1,23 @@ -@dir(,ossec,550) %%OSSEC_HOME%% -@dir(,ossec,550) %%OSSEC_HOME%%/active-response -@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh -@dir(,,550) %%OSSEC_HOME%%/bin -@dir(,,550) %%OSSEC_HOME%%/bin/command -@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh -@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh -@dir(,,550) %%OSSEC_HOME%%/bin/config -@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf -@dir(,ossec,550) %%OSSEC_HOME%%/etc -@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@dir(,,0550) %%OSSEC_HOME%%/bin/command +@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh +@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh +@dir(,,0550) %%OSSEC_HOME%%/bin/config +@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf diff --git a/security/ossec-hids-local-config/pkg-plist-local b/security/ossec-hids-local-config/pkg-plist-local index cf90641..24b4175 100644 --- a/security/ossec-hids-local-config/pkg-plist-local +++ b/security/ossec-hids-local-config/pkg-plist-local @@ -1,30 +1,30 @@ -@dir(,ossec,550) %%OSSEC_HOME%% -@dir(,ossec,550) %%OSSEC_HOME%%/active-response -@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh -@dir(,,550) %%OSSEC_HOME%%/bin -@dir(,,550) %%OSSEC_HOME%%/bin/command -@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh -@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh -@dir(,,550) %%OSSEC_HOME%%/bin/config -@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf -@dir(,ossec,550) %%OSSEC_HOME%%/etc -@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf -@dir(,ossec,550) %%OSSEC_HOME%%/rules -@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@dir(,,0550) %%OSSEC_HOME%%/bin/command +@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh +@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh +@dir(,,0550) %%OSSEC_HOME%%/bin/config +@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf +@dir(,ossec,0550) %%OSSEC_HOME%%/rules +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml diff --git a/security/ossec-hids-local-config/pkg-plist-server b/security/ossec-hids-local-config/pkg-plist-server index a398f4f..bc26aef 100644 --- a/security/ossec-hids-local-config/pkg-plist-server +++ b/security/ossec-hids-local-config/pkg-plist-server @@ -1,39 +1,39 @@ -@dir(,ossec,550) %%OSSEC_HOME%% -@dir(,ossec,550) %%OSSEC_HOME%%/active-response -@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin -@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh -@dir(,,550) %%OSSEC_HOME%%/bin -@dir(,,550) %%OSSEC_HOME%%/bin/command -@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh -@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh -@dir(,,550) %%OSSEC_HOME%%/bin/config -@(,,550) %%OSSEC_HOME%%/bin/config/agent-conf -@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf -@dir(,ossec,550) %%OSSEC_HOME%%/etc -@dir(,ossec,550) %%OSSEC_HOME%%/etc/agent.conf.d -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/120.rootcheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/130.syscheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/150.logs.conf -@dir(,ossec,550) %%OSSEC_HOME%%/etc/agent.conf.d/disabled -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/520.rootcheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/530.syscheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/550.logs.local.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf -@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample -@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf -@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf -@dir(,ossec,550) %%OSSEC_HOME%%/rules -@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml -@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml +@dir(,ossec,0550) %%OSSEC_HOME%% +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response +@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin +@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh +@dir(,,0550) %%OSSEC_HOME%%/bin +@dir(,,0550) %%OSSEC_HOME%%/bin/command +@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh +@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh +@dir(,,0550) %%OSSEC_HOME%%/bin/config +@(,,0550) %%OSSEC_HOME%%/bin/config/agent-conf +@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/150.logs.conf +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/550.logs.local.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf +@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample +@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf +@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf +@dir(,ossec,0550) %%OSSEC_HOME%%/rules +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml +@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml diff --git a/security/ossec-hids-local-config/scripts/plist.sh b/security/ossec-hids-local-config/scripts/plist.sh index 8c7df63..6d61787 100755 --- a/security/ossec-hids-local-config/scripts/plist.sh +++ b/security/ossec-hids-local-config/scripts/plist.sh @@ -35,7 +35,7 @@ print_path() { if [ "${group}" == "${GROUP}" ]; then group="" fi - local mode=`stat -f "%p" "${full_path}" | tail -c 4` + local mode=`stat -f "%p" "${full_path}" | tail -c 5` echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" } |