diff options
Diffstat (limited to 'security/ossec-hids-local/files/ossec-hids.in')
| -rw-r--r-- | security/ossec-hids-local/files/ossec-hids.in | 156 |
1 files changed, 100 insertions, 56 deletions
diff --git a/security/ossec-hids-local/files/ossec-hids.in b/security/ossec-hids-local/files/ossec-hids.in index 08efa1d..d49f01d 100644 --- a/security/ossec-hids-local/files/ossec-hids.in +++ b/security/ossec-hids-local/files/ossec-hids.in @@ -5,15 +5,18 @@ # BEFORE: LOGIN # KEYWORD: shutdown -# ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%. -# Default: NO -# ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup. -# Default: NO -# ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup. -# Default: NO -# ossec_hids_fetch_time (int): Time in seconds to wait for the shared configuration to be downloaded from the server. -# Used only by agent installation. -# Default: 60 +# ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%. +# Default: NO +# ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup. +# Default: NO +# ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup. +# Default: NO +# ossec_hids_fetch_connect_time (int): Time in seconds to wait for the download of the shared configuration to start. +# Used only by agent installation. +# Default: 20 +# ossec_hids_fetch_read_time (int): Time in seconds to wait for subsequent download chunks of the shared configuration. +# Used only by agent installation. +# Default: 5 . /etc/rc.subr @@ -25,7 +28,8 @@ load_rc_config $name : ${ossec_hids_enable="NO"} : ${ossec_hids_clear_log="NO"} : ${ossec_hids_clear_ar_log="NO"} -: ${ossec_hids_fetch_time=60} +: ${ossec_hids_fetch_connect_time=20} +: ${ossec_hids_fetch_read_time=5} ossec_type="%%OSSEC_TYPE%%" ossec_home="%%OSSEC_HOME%%" @@ -46,16 +50,13 @@ ossec_merged="${ossec_home}/etc/shared/merged.mg" ossec_local_time="/etc/localtime" -ossec_fts_queue="${ossec_home}/queue/fts/fts-queue" -ossec_ig_queue="${ossec_home}/queue/fts/ig-queue" - extra_commands="reload ossec_conf" case ${ossec_type} in server) - extra_commands="${extra_commands} agent_conf" + extra_commands="${extra_commands} agent_conf reset_counter" ;; agent) - extra_commands="${extra_commands} fetch_config" + extra_commands="${extra_commands} fetch_config reset_counter" ;; esac if [ -x "${ossec_conf_bin}" ]; then @@ -67,14 +68,16 @@ stop_cmd="ossec_hids_command stop" restart_cmd="ossec_hids_command restart" status_cmd="ossec_hids_command status" reload_cmd="ossec_hids_command reload" +reset_counter_cmd="ossec_hids_command start" fetch_config_cmd="ossec_hids_command restart" -merge_config_cmd="ossec_hids_create_configs force" +merge_config_cmd="ossec_hids_create_config force" ossec_conf_cmd="ossec_hids_ossec_conf" agent_conf_cmd="ossec_hids_agent_conf" start_precmd="ossec_hids_prepare" restart_precmd="ossec_hids_prepare" reload_precmd="ossec_hids_prepare" +reset_counter_precmd="ossec_hids_prepare" fetch_config_precmd="ossec_hids_prepare" ossec_hids_create_file() { @@ -91,12 +94,14 @@ ossec_hids_check() { case ${ossec_type} in server) if [ ! -s "${ossec_client_keys}" ]; then - echo "WARNING: There are no client keys created - remote connections will be disabled" + echo "WARNING: There are no client keys created - remote connections will be disabled." + echo fi ;; agent) if [ ! -s "${ossec_client_keys}" ]; then - echo "WARNING: There are is no client key imported - connection to server not possible" + echo "WARNING: There are is no client key imported - connection to server not possible." + echo fi ;; esac @@ -121,7 +126,7 @@ ossec_hids_config_is_outdated() { return 1 } -ossec_hids_create_configs() { +ossec_hids_create_config() { case ${ossec_type} in server) if [ -x "${agent_conf_bin}" ]; then @@ -132,10 +137,6 @@ ossec_hids_create_configs() { fi fi ;; - agent) - # Touch agent.conf so the agent daemons won't complain if it doesn't exist - ossec_hids_create_file "${agent_conf}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0644 - ;; esac if [ -x "${ossec_conf_bin}" ]; then @@ -149,30 +150,15 @@ ossec_hids_create_configs() { return 0 } -ossec_hids_create_logs() { - # Create required log files if they don't exist - ossec_hids_create_file "${ossec_log}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0660 - ossec_hids_create_file "${ossec_ar_log}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0660 - - return 0 -} - ossec_hids_create_env() { # Copy required files from outside of home directory if [ ! -e "${ossec_local_time}" ]; then - echo "Missing \"${ossec_local_time}\". Run command \"tzsetup\"." + echo "ERROR: Missing \"${ossec_local_time}\". Run command \"tzsetup\"." + echo return 1 fi install -o %%USER%% -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}" - # Install missing files - case ${ossec_type} in - server) - ossec_hids_create_file "${ossec_fts_queue}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0640 - ossec_hids_create_file "${ossec_ig_queue}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0640 - ;; - esac - return 0 } @@ -181,33 +167,86 @@ ossec_hids_clean() { rm -f "${ossec_merged}" fi - if checkyesno ossec_hids_clear_log; then + if checkyesno ossec_hids_clear_log && [ -e "${ossec_log}" ]; then echo -n > "${ossec_log}" fi - if checkyesno ossec_hids_clear_ar_log; then + if checkyesno ossec_hids_clear_ar_log && [ -e "${ossec_ar_log}" ]; then echo -n > "${ossec_ar_log}" fi return 0 } -ossec_hids_fetch_configs() { +ossec_hids_reset_counter() { + case ${ossec_type} in + local) + echo "ERROR: Counters are only available for agent and server installations." + echo + return 1 + ;; + *) + ossec_hids_command status > /dev/null && ossec_hids_command stop && sleep 2 && echo + agent_ids=`${ossec_home}/bin/manage_agents -l | sed -En -e 's|.*ID:[[:space:]]*([[:digit:]]+).*|\1|p'` + agent_counter=0 + for agent_id in ${agent_ids}; do + rm -f "${ossec_home}/queue/rids/${agent_id}" && agent_counter=$((agent_counter + 1)) + done + echo "Removed ${agent_counter} counter(s)." + echo + ;; + esac + + return 0 +} + +ossec_hids_fetch_config() { case ${ossec_type} in agent) + ossec_hids_command status > /dev/null && ossec_hids_command stop && sleep 2 && echo rm -f "${ossec_merged}" - ossec_hids_command stop - sleep 1 - ossec_hids_command start - echo "Waiting ${ossec_hids_fetch_time} seconds for the shared configuration to be downloaded from the OSSEC server" - sleep ${ossec_hids_fetch_time} + ossec_hids_command start || return 1 + echo + echo "Waiting ${ossec_hids_fetch_connect_time} seconds for the shared configuration download to start." + sleep ${ossec_hids_fetch_connect_time} if [ ! -s "${ossec_merged}" ]; then - echo "Failed to download shared configuration from the OSSEC server" + echo "ERROR: Failed to download shared configuration from the OSSEC server." + echo + ossec_log_tail=$(tail "${ossec_log}") + echo "Portion of the \"${ossec_log}\":" + echo "${ossec_log_tail}" + echo + if echo "${ossec_log_tail}" | grep -q "ERROR: Unable to send message to"; then + echo "Check if your configuration contains the correct server address in \"server-ip\" option." + echo + fi + if echo "${ossec_log_tail}" | grep -q "ERROR: Incorrectly formatted message from"; then + echo "If you are certain the imported agent key is correct then execute command:" + echo "$(realpath $0) reset_counter" + echo "and fetch config again:" + echo "$(realpath $0) fetch_config" + echo + fi return 1 + else + # The download has started + while true; do + current_time=$(date +%s) + modification_time=$(stat -f %m "${ossec_merged}") + if [ $((current_time - modification_time)) -gt ${ossec_hids_fetch_read_time} ]; then + echo "Download finished." + echo + break; + else + echo "Download in progress..." + sleep 10 + fi + done fi ;; *) - echo "Shared configuration is only available for agent installations" + echo "ERROR: Shared configuration is only available for agent installations." + echo return 1 ;; esac @@ -218,23 +257,28 @@ ossec_hids_fetch_configs() { ossec_hids_prepare() { case ${rc_arg} in start|restart) - ossec_hids_create_logs && \ ossec_hids_create_env && \ - ossec_hids_create_configs && \ + ossec_hids_create_config && \ + ossec_hids_clean && \ + ossec_hids_check || return 1 + ;; + reset_counter) + ossec_hids_create_env && \ + ossec_hids_create_config && \ ossec_hids_clean && \ + ossec_hids_reset_counter && \ ossec_hids_check || return 1 ;; fetch_config) - ossec_hids_create_logs && \ ossec_hids_create_env && \ - ossec_hids_create_configs && \ + ossec_hids_create_config && \ ossec_hids_clean && \ - ossec_hids_fetch_configs && \ + ossec_hids_fetch_config && \ ossec_hids_check || return 1 ;; reload) ossec_hids_create_env && \ - ossec_hids_create_configs || return 1 + ossec_hids_create_config || return 1 ;; esac |