1 files changed, 46 insertions, 0 deletions

diff --git a/security/ossec-hids-local-config/opt-ar.mk b/security/ossec-hids-local-config/opt-ar.mk
new file mode 100644
index 0000000..bfe9f19
--- /dev/null
+++ b/security/ossec-hids-local-config/opt-ar.mk
@@ -0,0 +1,46 @@
+AR_MANAGED_CONF=	110.active-response.conf
+AR_LOCAL_CONF=		510.active-response.local.conf
+
+AR_DESC=		Active Response
+
+# Default commands
+AR_CMDS_DEFAULT_OPTION=	DEFAULT_C
+AR_CMDS_DEFAULT_DESC=	Commands provided by OSSEC
+AR_CMDS_DEFAULT_DEFINE=	server local
+AR_CMDS_DEFAULT_DEFAULT=server local
+AR_OPTIONS+=		AR_CMDS_DEFAULT
+
+# Config merge commands
+AR_CMDS_MERGE_OPTION=	MERGE_C
+AR_CMDS_MERGE_DESC=	Command to merge configuration files
+AR_CMDS_MERGE_DEFINE=	server local
+AR_CMDS_MERGE_DEFAULT=	server local
+AR_OPTIONS+=		AR_CMDS_MERGE
+
+# Config merge active response
+AR_MERGE_OPTION=	MERGE_AR
+AR_MERGE_DESC=		Merge configuration files when they change
+AR_MERGE_DEFINE=	server local
+AR_MERGE_DEFAULT=	server local
+AR_OPTIONS+=		AR_MERGE
+
+# OSSEC restart active response
+AR_RESTART_OPTION=	RESTART_AR
+AR_RESTART_DESC=	Restart OSSEC when main configuration files change
+AR_RESTART_DEFINE=	server local
+AR_RESTART_DEFAULT=	server local
+AR_OPTIONS+=		AR_RESTART
+
+# Host deny active response
+AR_HOSTDENY_OPTION=	HOSTDENY_AR
+AR_HOSTDENY_DESC=	Block the attacker's IP using access control files
+AR_HOSTDENY_DEFINE=	server local
+AR_HOSTDENY_DEFAULT=
+AR_OPTIONS+=		AR_HOSTDENY
+
+# Firewall drop active response
+AR_FWDROP_OPTION=	FWDROP_AR
+AR_FWDROP_DESC=		Block the attacker's IP on the firewall
+AR_FWDROP_DEFINE=	server local
+AR_FWDROP_DEFAULT=
+AR_OPTIONS+=		AR_FWDROP