diff options
Diffstat (limited to 'security/ossec-hids-local-config/scripts')
4 files changed, 280 insertions, 0 deletions
diff --git a/security/ossec-hids-local-config/scripts/plist.sh b/security/ossec-hids-local-config/scripts/plist.sh new file mode 100755 index 0000000..8c7df63 --- /dev/null +++ b/security/ossec-hids-local-config/scripts/plist.sh @@ -0,0 +1,113 @@ +#!/bin/sh + +# Script generates entries for pkg-plist. +# Do not use it directly. Use the following command instead: +# +# make MAINTAINER_MODE=yes clean plist + +OSSEC_TYPE=$1 +OSSEC_HOME=$2 +PLIST=$3 +WORKDIR=$4 +STAGEDIR=$5 + +staged_plist="${WORKDIR}/.staged-plist" +fixed_lines="" +skip_lines="" +skip_paths="" +sample_paths="/etc/command.conf.sample /etc/ossec.conf.d/900.local.conf.sample /etc/agent.conf.d/900.local.conf.sample" + +print_path() { + local path="$1" + local command="$2" + local full_path="${STAGEDIR}${OSSEC_HOME}${path}" + if [ -z "${command}" ]; then + command="@" + if [ -d "${full_path}" ]; then + command="@dir" + fi + fi + local user=`stat -f "%Su" "${full_path}"` + if [ "${user}" == "${USER}" ]; then + user="" + fi + local group=`stat -f "%Sg" "${full_path}"` + if [ "${group}" == "${GROUP}" ]; then + group="" + fi + local mode=`stat -f "%p" "${full_path}" | tail -c 4` + echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}" +} + +echo -n > "${PLIST}" + +print_path + +done_paths="" +while read line; do + skip_line="" + for e in ${skip_lines}; do + if [ "${e}" == "${line}" ]; then + skip_line="${e}" + break + fi + done + if [ -z "${skip_line}" ]; then + path="" + case $line in + "@dir %%OSSEC_HOME%%"*) + path=`echo "${line}" | sed -e "s|@dir %%OSSEC_HOME%%||g"` + ;; + "%%OSSEC_HOME%%"*) + path=`echo "${line}" | sed -e "s|%%OSSEC_HOME%%||g"` + ;; + "%%"*) + unchanged_lines="${unchanged_lines} ${line}" + ;; + esac + if [ -n "${path}" ]; then + segments=`echo "${path}" | tr "/" "\n"` + path="" + for segment in ${segments}; do + path="${path}/${segment}" + skip_path="" + for e in ${skip_paths}; do + if [ "${e}" == "${path}" ]; then + skip_path="${e}" + break + fi + done + if [ -n "${skip_path}" ]; then + break + fi + done_path="" + for e in ${done_paths}; do + if [ "${e}" == "${path}" ]; then + done_path="${e}" + break + fi + done + if [ -z "${done_path}" ]; then + done_paths="${done_paths} ${path}" + sample_path="" + for e in ${sample_paths}; do + if [ "${e}" == "${path}" ]; then + sample_path="${e}" + break + fi + done + if [ -n "${sample_path}" ]; then + print_path "${path}" @sample + else + print_path "${path}" + fi + fi + done + fi + fi +done < "${staged_plist}" + +unchanged_lines="${unchanged_lines} ${fixed_lines}" +for line in ${unchanged_lines}; do + echo "${line}" >> "${PLIST}" +done diff --git a/security/ossec-hids-local-config/scripts/rules.sh b/security/ossec-hids-local-config/scripts/rules.sh new file mode 100755 index 0000000..65e28e2 --- /dev/null +++ b/security/ossec-hids-local-config/scripts/rules.sh @@ -0,0 +1,89 @@ +#!/bin/sh + +# Script generates entries for template-rules-default.xml.in. +# Do not use it directly. Use the following command instead: +# +# make MAINTAINER_MODE=yes rules + +rules_template=$1 +src_dir=$2 + +skip_files="policy_rules.xml local_rules.xml" +append_files="local_rules.xml" + +rules="" +for file in `find "${src_dir}/etc/rules" -depth 1 -name "*.xml"`; do + file_name="${file##*/}" + skip_file="" + for e in ${skip_files}; do + if [ "${e}" == "${file_name}" ]; then + skip_file="${e}" + break + fi + done + if [ -z "${skip_file}" ]; then + rule_ids=`sed -Ene 's|^.*<rule[[:space:]]+id="([0-9]+)".*$|\1|p' "${file}"` + if [ -n "${rule_ids}" ]; then + min_rule_id=`echo "${rule_ids}" | sort -n | head -n 1` + ref_rule_ids=`sed -Ene 's|^.*<if_sid>([0-9,]+)</if_sid>.*$|\1|p' "${file}" | tr ',' '\n'` + for ref_rule_id in ${ref_rule_ids}; do + found_rule_id="" + for rule_id in ${rule_ids}; do + if [ "${ref_rule_id}" = "${rule_id}" ]; then + found_rule_id="${rule_id}" + break + fi + done + if [ -z "${found_rule_id}" ]; then + # The referenced rule id is not present in this file so it must come from another + if [ ${ref_rule_id} -gt ${min_rule_id} ]; then + # Ordering by referenced rule id doesn't need to give proper results, but let's hope it does + min_rule_id=$((ref_rule_id + 1)) + fi + fi + done + + rules="${rules}${min_rule_id} ${file_name} +" + fi + fi +done + +echo -n "${rules}" | sort -n + +if [ -n "${rules_template}" ]; then + rules=`echo -n "${rules}" | sort -n | cut -d' ' -f2` + for file_name in ${append_files}; do + rules="${rules} +${file_name}" + done + + echo '<?xml version="1.0" encoding="UTF-8"?> +<template_config> + + <rules>' > "${rules_template}" + + for rule in ${rules}; do + echo " <include>${rule}</include>" >> "${rules_template}" + done + + echo ' + <!-- Files not included by default -->' >> "${rules_template}" + + for skip_file in ${skip_files}; do + append_file="" + for e in ${append_files}; do + if [ "${e}" == "${skip_file}" ]; then + append_file="${e}" + break + fi + done + if [ -z "${append_file}" ]; then + echo " <!--<include>${skip_file}</include>-->" >> "${rules_template}" + fi + done + + echo ' </rules> + +</template_config>' >> "${rules_template}" +fi diff --git a/security/ossec-hids-local-config/scripts/template-to-agent.sh b/security/ossec-hids-local-config/scripts/template-to-agent.sh new file mode 100755 index 0000000..3034b1f --- /dev/null +++ b/security/ossec-hids-local-config/scripts/template-to-agent.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +if [ $# -lt 3 ]; then + echo "Too few arguments" + echo "Usage: `basename $0` <ossec_type> <ossec_prefix> <ossec_file>" + exit 1 +fi + +ossec_type="$1" +ossec_prefix="$2" +ossec_file="$3" + +if [ ! -f "${ossec_file}" ]; then + echo "File \"${ossec_file}\" does not exist" + exit 1 +fi + +ossec_syscheck_bin_dirs="${ossec_prefix}/bin,${ossec_prefix}/active-response" +ossec_syscheck_etc_dirs="${ossec_prefix}/etc" + +replace() { + sed -e 's|<template_config \(.*\)>|<agent_config \1>|' \ + -e 's|</template_config>|</agent_config>|' \ + -e "s|%%OSSEC_SYSCHECK_BIN_DIRS%%|${ossec_syscheck_bin_dirs}|" \ + -e "s|%%OSSEC_SYSCHECK_ETC_DIRS%%|${ossec_syscheck_etc_dirs}|" \ + "${ossec_file}" +} + +extract() { + sed -n '/^<agent_config .*>$/,/^<\/agent_config>$/p' +} + +replace | extract diff --git a/security/ossec-hids-local-config/scripts/template-to-ossec.sh b/security/ossec-hids-local-config/scripts/template-to-ossec.sh new file mode 100755 index 0000000..3933446 --- /dev/null +++ b/security/ossec-hids-local-config/scripts/template-to-ossec.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +if [ $# -lt 3 ]; then + echo "Too few arguments" + echo "Usage: `basename $0` <ossec_type> <ossec_prefix> <ossec_file>" + exit 1 +fi + +ossec_type="$1" +ossec_prefix="$2" +ossec_file="$3" + +if [ ! -f "${ossec_file}" ]; then + echo "File \"${ossec_file}\" does not exist" + exit 1 +fi + +ossec_syscheck_bin_dirs="${ossec_prefix}/bin,${ossec_prefix}/active-response" +ossec_syscheck_etc_dirs="${ossec_prefix}/etc" +if [ "${ossec_type}" != "agent" ]; then + ossec_syscheck_bin_dirs="${ossec_syscheck_bin_dirs},${ossec_prefix}/agentless" + ossec_syscheck_etc_dirs="${ossec_syscheck_etc_dirs},${ossec_prefix}/rules" +fi + +replace() { + if grep -q "<template_config>" "${ossec_file}"; then + sed -e 's|<template_config>|<ossec_config>|' \ + -e 's|</template_config>|</ossec_config>|' \ + -e "s|%%OSSEC_SYSCHECK_BIN_DIRS%%|${ossec_syscheck_bin_dirs}|" \ + -e "s|%%OSSEC_SYSCHECK_ETC_DIRS%%|${ossec_syscheck_etc_dirs}|" \ + "${ossec_file}" + else + sed -e 's|<template_config .*os="FreeBSD".*>|<ossec_config>|' \ + -e 's|</template_config>|</ossec_config>|' \ + -e "s|%%OSSEC_SYSCHECK_BIN_DIRS%%|${ossec_syscheck_bin_dirs}|" \ + -e "s|%%OSSEC_SYSCHECK_ETC_DIRS%%|${ossec_syscheck_etc_dirs}|" \ + "${ossec_file}" + fi +} + +extract() { + sed -n '/^<ossec_config.*>$/,/^<\/ossec_config>$/p' +} + +replace | extract |