summaryrefslogtreecommitdiffstats
path: root/security/ossec-hids-local-config
diff options
context:
space:
mode:
Diffstat (limited to 'security/ossec-hids-local-config')
-rw-r--r--security/ossec-hids-local-config/Makefile2
-rw-r--r--security/ossec-hids-local-config/distinfo6
-rw-r--r--security/ossec-hids-local-config/files/template-rules-default.xml.in7
-rw-r--r--security/ossec-hids-local-config/files/template-sample-server.xml.in4
-rw-r--r--security/ossec-hids-local-config/pkg-plist-agent46
-rw-r--r--security/ossec-hids-local-config/pkg-plist-local60
-rw-r--r--security/ossec-hids-local-config/pkg-plist-server78
-rwxr-xr-xsecurity/ossec-hids-local-config/scripts/plist.sh2
8 files changed, 105 insertions, 100 deletions
diff --git a/security/ossec-hids-local-config/Makefile b/security/ossec-hids-local-config/Makefile
index 15f3ffc..9ca25d4 100644
--- a/security/ossec-hids-local-config/Makefile
+++ b/security/ossec-hids-local-config/Makefile
@@ -1,7 +1,7 @@
# $FreeBSD$
PORTNAME= ossec-hids
-PORTVERSION= 3.0.0
+PORTVERSION= 3.1.0
PORTREVISION=
CATEGORIES= security
PKGNAMESUFFIX= -${OSSEC_TYPE}-config
diff --git a/security/ossec-hids-local-config/distinfo b/security/ossec-hids-local-config/distinfo
index 22bce30..38a6c3c 100644
--- a/security/ossec-hids-local-config/distinfo
+++ b/security/ossec-hids-local-config/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1535297705
-SHA256 (ossec-ossec-hids-3.0.0_GH0.tar.gz) = a271d665ed502b3df4ff055a177159dfc0bc8a69dd44eab1f7c57fe8fff42a98
-SIZE (ossec-ossec-hids-3.0.0_GH0.tar.gz) = 1817324
+TIMESTAMP = 1539459620
+SHA256 (ossec-ossec-hids-3.1.0_GH0.tar.gz) = e0e2987751badb95c2bf618531c7853b2289c910f796da85ff394c0faea43f50
+SIZE (ossec-ossec-hids-3.1.0_GH0.tar.gz) = 1886469
diff --git a/security/ossec-hids-local-config/files/template-rules-default.xml.in b/security/ossec-hids-local-config/files/template-rules-default.xml.in
index e7c18be..5f34a6a 100644
--- a/security/ossec-hids-local-config/files/template-rules-default.xml.in
+++ b/security/ossec-hids-local-config/files/template-rules-default.xml.in
@@ -47,6 +47,8 @@
<include>msauth_rules.xml</include>
<include>mcafee_av_rules.xml</include>
<include>ms-se_rules.xml</include>
+ <include>sysmon_rules.xml</include>
+ <include>ms_ipsec_rules.xml</include>
<include>vmware_rules.xml</include>
<include>ids_rules.xml</include>
<include>apache_rules.xml</include>
@@ -70,8 +72,11 @@
<include>owncloud_rules.xml</include>
<include>proxmox-ve_rules.xml</include>
<include>opensmtpd_rules.xml</include>
+ <include>dnsmasq_rules.xml</include>
+ <include>linux_usbdetect_rules.xml</include>
+ <include>ms1016_usbdetect_rules.xml</include>
+ <include>ms_firewall_rules.xml</include>
<include>psad_rules.xml</include>
- <include>sysmon_rules.xml</include>
<include>unbound_rules.xml</include>
<include>local_rules.xml</include>
diff --git a/security/ossec-hids-local-config/files/template-sample-server.xml.in b/security/ossec-hids-local-config/files/template-sample-server.xml.in
index d4efd19..901e26a 100644
--- a/security/ossec-hids-local-config/files/template-sample-server.xml.in
+++ b/security/ossec-hids-local-config/files/template-sample-server.xml.in
@@ -3,8 +3,8 @@
<remote>
<connection>secure</connection>
- <!-- Because of a bug, setting the address is mandatory for IPv4. -->
- <local_ip>1.2.3.4</local_ip>
+ <!-- OSSEC server listens on all interfacees by default. -->
+ <!-- <local_ip>1.2.3.4</local_ip> -->
</remote>
<global>
diff --git a/security/ossec-hids-local-config/pkg-plist-agent b/security/ossec-hids-local-config/pkg-plist-agent
index b999785..bb8bf58 100644
--- a/security/ossec-hids-local-config/pkg-plist-agent
+++ b/security/ossec-hids-local-config/pkg-plist-agent
@@ -1,23 +1,23 @@
-@dir(,ossec,550) %%OSSEC_HOME%%
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin
-@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
-@dir(,,550) %%OSSEC_HOME%%/bin
-@dir(,,550) %%OSSEC_HOME%%/bin/command
-@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh
-@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh
-@dir(,,550) %%OSSEC_HOME%%/bin/config
-@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf
-@dir(,ossec,550) %%OSSEC_HOME%%/etc
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
+@dir(,ossec,0550) %%OSSEC_HOME%%
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
+@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin
+@dir(,,0550) %%OSSEC_HOME%%/bin/command
+@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh
+@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin/config
+@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
diff --git a/security/ossec-hids-local-config/pkg-plist-local b/security/ossec-hids-local-config/pkg-plist-local
index cf90641..24b4175 100644
--- a/security/ossec-hids-local-config/pkg-plist-local
+++ b/security/ossec-hids-local-config/pkg-plist-local
@@ -1,30 +1,30 @@
-@dir(,ossec,550) %%OSSEC_HOME%%
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin
-@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
-@dir(,,550) %%OSSEC_HOME%%/bin
-@dir(,,550) %%OSSEC_HOME%%/bin/command
-@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh
-@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh
-@dir(,,550) %%OSSEC_HOME%%/bin/config
-@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf
-@dir(,ossec,550) %%OSSEC_HOME%%/etc
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
-@dir(,ossec,550) %%OSSEC_HOME%%/rules
-@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml
-@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml
+@dir(,ossec,0550) %%OSSEC_HOME%%
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
+@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin
+@dir(,,0550) %%OSSEC_HOME%%/bin/command
+@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh
+@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin/config
+@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/rules
+@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml
+@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml
diff --git a/security/ossec-hids-local-config/pkg-plist-server b/security/ossec-hids-local-config/pkg-plist-server
index a398f4f..bc26aef 100644
--- a/security/ossec-hids-local-config/pkg-plist-server
+++ b/security/ossec-hids-local-config/pkg-plist-server
@@ -1,39 +1,39 @@
-@dir(,ossec,550) %%OSSEC_HOME%%
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response
-@dir(,ossec,550) %%OSSEC_HOME%%/active-response/bin
-@(,ossec,550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
-@dir(,,550) %%OSSEC_HOME%%/bin
-@dir(,,550) %%OSSEC_HOME%%/bin/command
-@(,,550) %%OSSEC_HOME%%/bin/command/last-logins.sh
-@(,,550) %%OSSEC_HOME%%/bin/command/open-ports.sh
-@dir(,,550) %%OSSEC_HOME%%/bin/config
-@(,,550) %%OSSEC_HOME%%/bin/config/agent-conf
-@(,,550) %%OSSEC_HOME%%/bin/config/ossec-conf
-@dir(,ossec,550) %%OSSEC_HOME%%/etc
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/agent.conf.d
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/120.rootcheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/130.syscheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/150.logs.conf
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/agent.conf.d/disabled
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/520.rootcheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/530.syscheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/550.logs.local.conf
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/command.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
-@sample(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
-@dir(,ossec,550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
-@(,ossec,640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
-@dir(,ossec,550) %%OSSEC_HOME%%/rules
-@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml
-@(,ossec,640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml
+@dir(,ossec,0550) %%OSSEC_HOME%%
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response
+@dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin
+@(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/merge-config.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin
+@dir(,,0550) %%OSSEC_HOME%%/bin/command
+@(,,0550) %%OSSEC_HOME%%/bin/command/last-logins.sh
+@(,,0550) %%OSSEC_HOME%%/bin/command/open-ports.sh
+@dir(,,0550) %%OSSEC_HOME%%/bin/config
+@(,,0550) %%OSSEC_HOME%%/bin/config/agent-conf
+@(,,0550) %%OSSEC_HOME%%/bin/config/ossec-conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/120.rootcheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/130.syscheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/150.logs.conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/agent.conf.d/disabled
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/520.rootcheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/530.syscheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/agent.conf.d/disabled/550.logs.local.conf
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/command.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/100.rules.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/110.active-response.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/120.rootcheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/130.syscheck.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/140.command-output.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/150.logs.conf
+@sample(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/900.local.conf.sample
+@dir(,ossec,0550) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/500.rules.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/510.active-response.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/520.rootcheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/530.syscheck.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/540.command-output.local.conf
+@(,ossec,0640) %%OSSEC_HOME%%/etc/ossec.conf.d/disabled/550.logs.local.conf
+@dir(,ossec,0550) %%OSSEC_HOME%%/rules
+@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_cmdout_rules.xml
+@(,ossec,0640) %%OSSEC_HOME%%/rules/freebsd_config_rules.xml
diff --git a/security/ossec-hids-local-config/scripts/plist.sh b/security/ossec-hids-local-config/scripts/plist.sh
index 8c7df63..6d61787 100755
--- a/security/ossec-hids-local-config/scripts/plist.sh
+++ b/security/ossec-hids-local-config/scripts/plist.sh
@@ -35,7 +35,7 @@ print_path() {
if [ "${group}" == "${GROUP}" ]; then
group=""
fi
- local mode=`stat -f "%p" "${full_path}" | tail -c 4`
+ local mode=`stat -f "%p" "${full_path}" | tail -c 5`
echo -e "${command}(${user},${group},${mode}) %%OSSEC_HOME%%${path}" >> "${PLIST}"
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-20 20:43:44 +0000