diff options
Diffstat (limited to 'security/ossec-hids-local-config/files')
4 files changed, 19 insertions, 1 deletions
diff --git a/security/ossec-hids-local-config/files/pkg-deinstall.in b/security/ossec-hids-local-config/files/pkg-deinstall.in index 0de19bf..f9f3e7e 100644 --- a/security/ossec-hids-local-config/files/pkg-deinstall.in +++ b/security/ossec-hids-local-config/files/pkg-deinstall.in @@ -1,10 +1,19 @@ #!/bin/sh ossec_home="%%OSSEC_HOME%%" +fw_drop="%%FW_DROP%%" + +ar_bin_dir="${ossec_home}/active-response/bin" ossec_conf="${ossec_home}/etc/ossec.conf" agent_conf="${ossec_home}/etc/shared/agent.conf" if [ "$2" == "DEINSTALL" ]; then rm -f "${ossec_conf}" rm -f "${agent_conf}" + + if [ -n "${fw_drop}" ]; then + if [ "${ar_bin_dir}/${fw_drop}" -ef "${ar_bin_dir}/firewall-drop.sh" ]; then + rm -f "${ar_bin_dir}/firewall-drop.sh" + fi + fi fi diff --git a/security/ossec-hids-local-config/files/pkg-install.in b/security/ossec-hids-local-config/files/pkg-install.in index f164b9c..b8af2c8 100644 --- a/security/ossec-hids-local-config/files/pkg-install.in +++ b/security/ossec-hids-local-config/files/pkg-install.in @@ -1,6 +1,8 @@ #!/bin/sh ossec_home="%%OSSEC_HOME%%" +fw_drop="%%FW_DROP%%" + ar_bin_dir="${ossec_home}/active-response/bin" ossec_conf="${ossec_home}/etc/ossec.conf" ossec_conf_bak="${ossec_conf}.bak" @@ -8,7 +10,9 @@ agent_conf="${ossec_home}/etc/shared/agent.conf" agent_conf_bak="${ossec_home}/etc/agent.conf.bak" if [ "$2" == "POST-INSTALL" ]; then - ln -f "${ar_bin_dir}/%%FW_DROP%%" "${ar_bin_dir}/firewall-drop.sh" + if [ -n "${fw_drop}" ]; then + ln -f "${ar_bin_dir}/${fw_drop}" "${ar_bin_dir}/firewall-drop.sh" + fi if [ -e "${ossec_conf}" ]; then mv -f "${ossec_conf}" "${ossec_conf_bak}" diff --git a/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in b/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in index 37c2166..6591f57 100644 --- a/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in +++ b/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in @@ -15,6 +15,7 @@ <rootcheck> <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files> <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans> + <system_audit>/var/ossec/etc/shared/system_audit_pw.txt</system_audit> <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit> <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit> </rootcheck> diff --git a/security/ossec-hids-local-config/files/template-rules-default.xml.in b/security/ossec-hids-local-config/files/template-rules-default.xml.in index 5f34a6a..511d551 100644 --- a/security/ossec-hids-local-config/files/template-rules-default.xml.in +++ b/security/ossec-hids-local-config/files/template-rules-default.xml.in @@ -51,6 +51,7 @@ <include>ms_ipsec_rules.xml</include> <include>vmware_rules.xml</include> <include>ids_rules.xml</include> + <include>ms_powershell_rules.xml</include> <include>apache_rules.xml</include> <include>web_rules.xml</include> <include>zeus_rules.xml</include> @@ -78,6 +79,9 @@ <include>ms_firewall_rules.xml</include> <include>psad_rules.xml</include> <include>unbound_rules.xml</include> + <include>kesl_rules.xml</include> + <include>mhn_dionaea_rules.xml</include> + <include>mhn_cowrie_rules.xml</include> <include>local_rules.xml</include> <!-- Files not included by default --> |