summaryrefslogtreecommitdiffstats
path: root/security/ossec-hids-local-config
diff options
context:
space:
mode:
authorDominik Lisiak <dominik.lisiak@bemsoft.pl>2018-10-26 18:45:19 +0200
committerDominik Lisiak <dominik.lisiak@bemsoft.pl>2018-10-26 18:45:19 +0200
commit5cde0e0520c72804b6eac8f08d976db777d7ba04 (patch)
tree9a7288c8b9d7b69790929a0121b264b8883f2f39 /security/ossec-hids-local-config
parentUpgrade to 3.1.0. (diff)
downloadossec-5cde0e0520c72804b6eac8f08d976db777d7ba04.tar.xz
Added CIS benchmarks. Improved profiles.
Diffstat (limited to 'security/ossec-hids-local-config')
-rw-r--r--security/ossec-hids-local-config/Makefile14
-rw-r--r--security/ossec-hids-local-config/files/template-logs-system.xml.in (renamed from security/ossec-hids-local-config/files/template-logs-default.xml.in)4
-rw-r--r--security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in (renamed from security/ossec-hids-local-config/files/template-rootcheck-default.xml.in)5
-rw-r--r--security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in9
-rw-r--r--security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in9
-rw-r--r--security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in9
-rw-r--r--security/ossec-hids-local-config/files/template-syscheck-basic.xml.in (renamed from security/ossec-hids-local-config/files/template-syscheck-default.xml.in)4
-rw-r--r--security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in4
-rw-r--r--security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in4
-rw-r--r--security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in4
-rw-r--r--security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in4
-rw-r--r--security/ossec-hids-local-config/opt-logs.mk24
-rw-r--r--security/ossec-hids-local-config/opt-rootcheck.mk38
-rw-r--r--security/ossec-hids-local-config/opt-rules.mk2
-rw-r--r--security/ossec-hids-local-config/opt-syscheck.mk15
15 files changed, 103 insertions, 46 deletions
diff --git a/security/ossec-hids-local-config/Makefile b/security/ossec-hids-local-config/Makefile
index 9ca25d4..c8e795c 100644
--- a/security/ossec-hids-local-config/Makefile
+++ b/security/ossec-hids-local-config/Makefile
@@ -157,9 +157,15 @@ ${conf_group}_PUSHED_OPTIONS=
. for option in ${${conf_group}_OPTIONS}
. if ${${option}_DEFINE:M${OSSEC_TYPE}}
${conf_group}_INSTANCE_OPTIONS+= ${option}
+${conf_group}_ALL_OPTIONS+= ${option}
. endif
-. if ${OSSEC_TYPE} == server && ${${option}_DEFINE:Mpushed}
+. if ${${option}_DEFINE:Mpushed}
+. if ${OSSEC_TYPE} == server
${conf_group}_PUSHED_OPTIONS+= ${option}
+. endif
+. if !${${conf_group}_ALL_OPTIONS:M${option}}
+${conf_group}_ALL_OPTIONS+= ${option}
+. endif
. endif
. endfor
.endfor
@@ -177,7 +183,7 @@ CLIENT_PROFILES:= ${CLIENT_PROFILES}, ${${conf_group}_PROFILE}
. endif
SUB_LIST+= ${conf_group}_PROFILE=${${conf_group}_PROFILE}
. endif
-. for option in ${${conf_group}_INSTANCE_OPTIONS}
+. for option in ${${conf_group}_ALL_OPTIONS}
. if !empty(${option}_PROFILE)
. if ${OSSEC_TYPE} == agent
. if empty(CLIENT_PROFILES)
@@ -196,11 +202,11 @@ SUB_LIST+= CLIENT_PROFILES="${CLIENT_PROFILES}"
############################################################
.for conf_group in ${CONF_GROUPS}
-. for option in ${${conf_group}_INSTANCE_OPTIONS}
+. for option in ${${conf_group}_ALL_OPTIONS}
. if !defined(${option}_TEMPLATE)
${option}_TEMPLATE= template-${option:tl:S/_/-/g}.xml
. endif
-. if !empty(${option}_TEMPLATE)
+. if !empty(${option}_TEMPLATE) && !${SUB_FILES:M${${option}_TEMPLATE}}
SUB_FILES+= ${${option}_TEMPLATE}
. endif
. endfor
diff --git a/security/ossec-hids-local-config/files/template-logs-default.xml.in b/security/ossec-hids-local-config/files/template-logs-system.xml.in
index 47b9a77..eee09aa 100644
--- a/security/ossec-hids-local-config/files/template-logs-default.xml.in
+++ b/security/ossec-hids-local-config/files/template-logs-system.xml.in
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<template_config os="FreeBSD" profile="%%LOGS_DEFAULT_PROFILE%%">
+<template_config os="FreeBSD" profile="%%LOGS_SYSTEM_PROFILE%%">
<localfile>
<log_format>syslog</log_format>
@@ -33,7 +33,7 @@
</template_config>
-<template_config os="Linux" profile="%%LOGS_DEFAULT_PROFILE%%">
+<template_config os="Linux" profile="%%LOGS_SYSTEM_PROFILE%%">
<localfile>
<log_format>syslog</log_format>
diff --git a/security/ossec-hids-local-config/files/template-rootcheck-default.xml.in b/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in
index 63e5f1e..37c2166 100644
--- a/security/ossec-hids-local-config/files/template-rootcheck-default.xml.in
+++ b/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<template_config os="FreeBSD" profile="%%ROOTCHECK_PROFILE%%">
+<template_config os="FreeBSD" profile="%%ROOTCHECK_BASIC_PROFILE%%">
<rootcheck>
<rootkit_files>%%OSSEC_HOME%%/etc/shared/rootkit_files.txt</rootkit_files>
@@ -10,14 +10,13 @@
</template_config>
-<template_config os="Linux" profile="%%ROOTCHECK_PROFILE%%">
+<template_config os="Linux" profile="%%ROOTCHECK_BASIC_PROFILE%%">
<rootcheck>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
- <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
</rootcheck>
</template_config>
diff --git a/security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in b/security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in
new file mode 100644
index 0000000..1b2f20c
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-rootcheck-cis-l1.xml.in
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<template_config os="Linux" profile="%%ROOTCHECK_CIS_L1_PROFILE%%">
+
+ <rootcheck>
+ <system_audit>/var/ossec/etc/shared/cis_debianlinux7-8_L1_rcl.txt</system_audit>
+ </rootcheck>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in b/security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in
new file mode 100644
index 0000000..d156887
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-rootcheck-cis-l2.xml.in
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<template_config os="Linux" profile="%%ROOTCHECK_CIS_L2_PROFILE%%">
+
+ <rootcheck>
+ <system_audit>/var/ossec/etc/shared/cis_debianlinux7-8_L2_rcl.txt</system_audit>
+ </rootcheck>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in b/security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in
new file mode 100644
index 0000000..0640be7
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-rootcheck-cis.xml.in
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<template_config os="Linux" profile="%%ROOTCHECK_CIS_PROFILE%%">
+
+ <rootcheck>
+ <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
+ </rootcheck>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-syscheck-default.xml.in b/security/ossec-hids-local-config/files/template-syscheck-basic.xml.in
index 78ae8f8..516b921 100644
--- a/security/ossec-hids-local-config/files/template-syscheck-default.xml.in
+++ b/security/ossec-hids-local-config/files/template-syscheck-basic.xml.in
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<template_config os="FreeBSD" profile="%%SYSCHECK_PROFILE%%">
+<template_config os="FreeBSD" profile="%%SYSCHECK_BASIC_PROFILE%%">
<syscheck>
<directories realtime="yes" check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin,%%PREFIX%%/bin,%%PREFIX%%/sbin</directories>
@@ -8,7 +8,7 @@
</template_config>
-<template_config os="Linux" profile="%%SYSCHECK_PROFILE%%">
+<template_config os="Linux" profile="%%SYSCHECK_BASIC_PROFILE%%">
<syscheck>
<directories realtime="yes" check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin,/usr/local/bin,/usr/local/sbin</directories>
diff --git a/security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in b/security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in
index f35f4d5..07f278d 100644
--- a/security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in
+++ b/security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<template_config os="FreeBSD" profile="%%SYSCHECK_PROFILE%%">
+<template_config os="FreeBSD">
<syscheck>
<ignore>/etc/hosts.allow</ignore>
@@ -7,7 +7,7 @@
</template_config>
-<template_config os="Linux" profile="%%SYSCHECK_PROFILE%%">
+<template_config os="Linux">
<syscheck>
<ignore>/etc/hosts.deny</ignore>
diff --git a/security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in b/security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in
index 7a303e5..eee5915 100644
--- a/security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in
+++ b/security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<template_config os="FreeBSD" profile="%%SYSCHECK_PROFILE%%">
+<template_config os="FreeBSD">
<syscheck>
<alert_new_files>yes</alert_new_files>
@@ -7,7 +7,7 @@
</template_config>
-<template_config os="Linux" profile="%%SYSCHECK_PROFILE%%">
+<template_config os="Linux">
<syscheck>
<alert_new_files>yes</alert_new_files>
diff --git a/security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in b/security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in
index 03f5943..b71e1ae 100644
--- a/security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in
+++ b/security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<template_config os="FreeBSD" profile="%%SYSCHECK_PROFILE%%">
+<template_config os="FreeBSD">
<syscheck>
<auto_ignore>no</auto_ignore>
@@ -7,7 +7,7 @@
</template_config>
-<template_config os="Linux" profile="%%SYSCHECK_PROFILE%%">
+<template_config os="Linux">
<syscheck>
<auto_ignore>no</auto_ignore>
diff --git a/security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in b/security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in
index 8342f63..42911ef 100644
--- a/security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in
+++ b/security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
-<template_config os="FreeBSD" profile="%%SYSCHECK_PROFILE%%">
+<template_config os="FreeBSD" profile="%%SYSCHECK_OSSEC_PROFILE%%">
<syscheck>
<directories realtime="yes" check_all="yes">%%OSSEC_SYSCHECK_BIN_DIRS%%</directories>
@@ -8,7 +8,7 @@
</template_config>
-<template_config os="Linux" profile="%%SYSCHECK_PROFILE%%">
+<template_config os="Linux" profile="%%SYSCHECK_OSSEC_PROFILE%%">
<syscheck>
<directories realtime="yes" check_all="yes">/var/ossec/bin,/var/ossec/active-response,/var/ossec/agentless</directories>
diff --git a/security/ossec-hids-local-config/opt-logs.mk b/security/ossec-hids-local-config/opt-logs.mk
index 8352b0b..cec8bd4 100644
--- a/security/ossec-hids-local-config/opt-logs.mk
+++ b/security/ossec-hids-local-config/opt-logs.mk
@@ -4,24 +4,24 @@ LOGS_LOCAL_CONF= 550.logs.local.conf
LOGS_DESC= Log Monitoring
# Default logs support
-LOGS_DEFAULT_OPTION= DEFAULT
-LOGS_DEFAULT_PROFILE= system-log
-LOGS_DEFAULT_DESC= Default system logs
-LOGS_DEFAULT_DEFINE= server local agent pushed
-LOGS_DEFAULT_DEFAULT= server local pushed
-LOGS_OPTIONS+= LOGS_DEFAULT
+LOGS_SYSTEM_OPTION= SYSTEM
+LOGS_SYSTEM_PROFILE= system-logs
+LOGS_SYSTEM_DESC= Default system logs
+LOGS_SYSTEM_DEFINE= server local agent pushed
+LOGS_SYSTEM_DEFAULT= server local pushed
+LOGS_OPTIONS+= LOGS_SYSTEM
# Active response log support
LOGS_RESPONSE_OPTION= RESPONSE
-LOGS_RESPONSE_PROFILE= active-response-log
-LOGS_RESPONSE_DESC= Active response log
+LOGS_RESPONSE_PROFILE= active-response-logs
+LOGS_RESPONSE_DESC= Active response logs
LOGS_RESPONSE_DEFINE= server local agent pushed
LOGS_RESPONSE_DEFAULT= server local pushed
LOGS_OPTIONS+= LOGS_RESPONSE
# Apache logs support
LOGS_APACHE_OPTION= APACHE
-LOGS_APACHE_PROFILE= apache-log
+LOGS_APACHE_PROFILE= apache-logs
LOGS_APACHE_DESC= Apache logs
LOGS_APACHE_DEFINE= server local agent pushed
LOGS_APACHE_DEFAULT= pushed
@@ -29,7 +29,7 @@ LOGS_OPTIONS+= LOGS_APACHE
# Nginx logs support
LOGS_NGINX_OPTION= NGINX
-LOGS_NGINX_PROFILE= nginx-log
+LOGS_NGINX_PROFILE= nginx-logs
LOGS_NGINX_DESC= Nginx logs
LOGS_NGINX_DEFINE= server local agent pushed
LOGS_NGINX_DEFAULT= pushed
@@ -37,7 +37,7 @@ LOGS_OPTIONS+= LOGS_NGINX
# Radius logs support
LOGS_RADIUS_OPTION= RADIUS
-LOGS_RADIUS_PROFILE= radius-log
+LOGS_RADIUS_PROFILE= radius-logs
LOGS_RADIUS_DESC= FreeRADIUS logs
LOGS_RADIUS_DEFINE= server local agent pushed
LOGS_RADIUS_DEFAULT= pushed
@@ -45,7 +45,7 @@ LOGS_OPTIONS+= LOGS_RADIUS
# Vsftpd logs support
LOGS_VSFTPD_OPTION= VSFTPD
-LOGS_VSFTPD_PROFILE= vsftpd-log
+LOGS_VSFTPD_PROFILE= vsftpd-logs
LOGS_VSFTPD_DESC= Vsftpd logs
LOGS_VSFTPD_DEFINE= server local agent pushed
LOGS_VSFTPD_DEFAULT= pushed
diff --git a/security/ossec-hids-local-config/opt-rootcheck.mk b/security/ossec-hids-local-config/opt-rootcheck.mk
index 3da90af..1b41f20 100644
--- a/security/ossec-hids-local-config/opt-rootcheck.mk
+++ b/security/ossec-hids-local-config/opt-rootcheck.mk
@@ -1,12 +1,36 @@
ROOTCHECK_MANAGED_CONF= 120.rootcheck.conf
ROOTCHECK_LOCAL_CONF= 520.rootcheck.local.conf
-ROOTCHECK_PROFILE= rootcheck
ROOTCHECK_DESC= System Audit and Rootkit Detection
-# Default
-ROOTCHECK_DEFAULT_OPTION= DEFAULT_RC
-ROOTCHECK_DEFAULT_DESC= System audit and rootkit detection provided by OSSEC
-ROOTCHECK_DEFAULT_DEFINE= server local agent pushed
-ROOTCHECK_DEFAULT_DEFAULT= server local pushed
-ROOTCHECK_OPTIONS+= ROOTCHECK_DEFAULT
+# Basic
+ROOTCHECK_BASIC_OPTION= BASIC_RC
+ROOTCHECK_BASIC_PROFILE= basic-rootcheck
+ROOTCHECK_BASIC_DESC= Basic audit and rootkits
+ROOTCHECK_BASIC_DEFINE= server local agent pushed
+ROOTCHECK_BASIC_DEFAULT= server local pushed
+ROOTCHECK_OPTIONS+= ROOTCHECK_BASIC
+
+# CIS default
+ROOTCHECK_CIS_OPTION= CIS_RC
+ROOTCHECK_CIS_PROFILE= cis-rootcheck
+ROOTCHECK_CIS_DESC= CIS benchmark - Legacy
+ROOTCHECK_CIS_DEFINE= pushed
+ROOTCHECK_CIS_DEFAULT= pushed
+ROOTCHECK_OPTIONS+= ROOTCHECK_CIS
+
+# CIS level 1
+ROOTCHECK_CIS_L1_OPTION= CIS_L1_RC
+ROOTCHECK_CIS_L1_PROFILE= cis-level1-rootcheck
+ROOTCHECK_CIS_L1_DESC= CIS benchmark - Level 1
+ROOTCHECK_CIS_L1_DEFINE= pushed
+ROOTCHECK_CIS_L1_DEFAULT= pushed
+ROOTCHECK_OPTIONS+= ROOTCHECK_CIS_L1
+
+# CIS level 2
+ROOTCHECK_CIS_L2_OPTION= CIS_L2_RC
+ROOTCHECK_CIS_L2_PROFILE= cis-level2-rootcheck
+ROOTCHECK_CIS_L2_DESC= CIS benchmark - Level 2
+ROOTCHECK_CIS_L2_DEFINE= pushed
+ROOTCHECK_CIS_L2_DEFAULT= pushed
+ROOTCHECK_OPTIONS+= ROOTCHECK_CIS_L2
diff --git a/security/ossec-hids-local-config/opt-rules.mk b/security/ossec-hids-local-config/opt-rules.mk
index c8db7a2..f3f7413 100644
--- a/security/ossec-hids-local-config/opt-rules.mk
+++ b/security/ossec-hids-local-config/opt-rules.mk
@@ -7,7 +7,7 @@ RULES_FILES= config cmdout
# Default rules
RULES_DEFAULT_OPTION= DEFAULT_R
-RULES_DEFAULT_DESC= Default rules provided by OSSEC
+RULES_DEFAULT_DESC= Rules provided by OSSEC
RULES_DEFAULT_DEFINE= server local
RULES_DEFAULT_DEFAULT= server local
RULES_OPTIONS+= RULES_DEFAULT
diff --git a/security/ossec-hids-local-config/opt-syscheck.mk b/security/ossec-hids-local-config/opt-syscheck.mk
index 2c1210d..2023839 100644
--- a/security/ossec-hids-local-config/opt-syscheck.mk
+++ b/security/ossec-hids-local-config/opt-syscheck.mk
@@ -1,19 +1,20 @@
SYSCHECK_MANAGED_CONF= 130.syscheck.conf
SYSCHECK_LOCAL_CONF= 530.syscheck.local.conf
-SYSCHECK_PROFILE= syscheck
SYSCHECK_DESC= File Integrity Checking
# Default direcotries
-SYSCHECK_DEFAULT_OPTION= DEFAULT_SC
-SYSCHECK_DEFAULT_DESC= Check "bin", "sbin" and "etc" directories
-SYSCHECK_DEFAULT_DEFINE= server local agent pushed
-SYSCHECK_DEFAULT_DEFAULT= server local pushed
-SYSCHECK_OPTIONS+= SYSCHECK_DEFAULT
+SYSCHECK_BASIC_OPTION= BASIC_SC
+SYSCHECK_BASIC_PROFILE= basic-syscheck
+SYSCHECK_BASIC_DESC= "bin", "sbin" and "etc"
+SYSCHECK_BASIC_DEFINE= server local agent pushed
+SYSCHECK_BASIC_DEFAULT= server local pushed
+SYSCHECK_OPTIONS+= SYSCHECK_BASIC
# OSSEC directories
SYSCHECK_OSSEC_OPTION= OSSEC_SC
-SYSCHECK_OSSEC_DESC= Check OSSEC directories
+SYSCHECK_OSSEC_PROFILE= ossec-syscheck
+SYSCHECK_OSSEC_DESC= OSSEC directories
SYSCHECK_OSSEC_DEFINE= server local agent pushed
SYSCHECK_OSSEC_DEFAULT= server local pushed
SYSCHECK_OPTIONS+= SYSCHECK_OSSEC
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-20 20:39:43 +0000