summaryrefslogtreecommitdiffstats
path: root/security/ossec-hids-local/files/ossec-hids.in
diff options
context:
space:
mode:
Diffstat (limited to 'security/ossec-hids-local/files/ossec-hids.in')
-rw-r--r--security/ossec-hids-local/files/ossec-hids.in264
1 files changed, 264 insertions, 0 deletions
diff --git a/security/ossec-hids-local/files/ossec-hids.in b/security/ossec-hids-local/files/ossec-hids.in
new file mode 100644
index 0000000..08efa1d
--- /dev/null
+++ b/security/ossec-hids-local/files/ossec-hids.in
@@ -0,0 +1,264 @@
+#!/bin/sh
+#
+# PROVIDE: ossec_hids
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%.
+# Default: NO
+# ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup.
+# Default: NO
+# ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup.
+# Default: NO
+# ossec_hids_fetch_time (int): Time in seconds to wait for the shared configuration to be downloaded from the server.
+# Used only by agent installation.
+# Default: 60
+
+. /etc/rc.subr
+
+name="ossec_hids"
+rcvar=ossec_hids_enable
+
+load_rc_config $name
+
+: ${ossec_hids_enable="NO"}
+: ${ossec_hids_clear_log="NO"}
+: ${ossec_hids_clear_ar_log="NO"}
+: ${ossec_hids_fetch_time=60}
+
+ossec_type="%%OSSEC_TYPE%%"
+ossec_home="%%OSSEC_HOME%%"
+
+ossec_conf="${ossec_home}/etc/ossec.conf"
+ossec_conf_dir="${ossec_home}/etc/ossec.conf.d"
+ossec_conf_bin="${ossec_home}/bin/config/ossec-conf"
+
+agent_conf="${ossec_home}/etc/shared/agent.conf"
+agent_conf_dir="${ossec_home}/etc/agent.conf.d"
+agent_conf_bin="${ossec_home}/bin/config/agent-conf"
+
+ossec_client_keys="${ossec_home}/etc/client.keys"
+ossec_ar_tmp="${ossec_home}/active-response"
+ossec_log="${ossec_home}/logs/ossec.log"
+ossec_ar_log="${ossec_home}/logs/active-responses.log"
+ossec_merged="${ossec_home}/etc/shared/merged.mg"
+
+ossec_local_time="/etc/localtime"
+
+ossec_fts_queue="${ossec_home}/queue/fts/fts-queue"
+ossec_ig_queue="${ossec_home}/queue/fts/ig-queue"
+
+extra_commands="reload ossec_conf"
+case ${ossec_type} in
+ server)
+ extra_commands="${extra_commands} agent_conf"
+ ;;
+ agent)
+ extra_commands="${extra_commands} fetch_config"
+ ;;
+esac
+if [ -x "${ossec_conf_bin}" ]; then
+ extra_commands="${extra_commands} merge_config"
+fi
+
+start_cmd="ossec_hids_command start"
+stop_cmd="ossec_hids_command stop"
+restart_cmd="ossec_hids_command restart"
+status_cmd="ossec_hids_command status"
+reload_cmd="ossec_hids_command reload"
+fetch_config_cmd="ossec_hids_command restart"
+merge_config_cmd="ossec_hids_create_configs force"
+ossec_conf_cmd="ossec_hids_ossec_conf"
+agent_conf_cmd="ossec_hids_agent_conf"
+
+start_precmd="ossec_hids_prepare"
+restart_precmd="ossec_hids_prepare"
+reload_precmd="ossec_hids_prepare"
+fetch_config_precmd="ossec_hids_prepare"
+
+ossec_hids_create_file() {
+ local path=$1
+ local owner=$2
+ local mode=$3
+
+ if [ ! -e "${path}" ]; then
+ touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}"
+ fi
+}
+
+ossec_hids_check() {
+ case ${ossec_type} in
+ server)
+ if [ ! -s "${ossec_client_keys}" ]; then
+ echo "WARNING: There are no client keys created - remote connections will be disabled"
+ fi
+ ;;
+ agent)
+ if [ ! -s "${ossec_client_keys}" ]; then
+ echo "WARNING: There are is no client key imported - connection to server not possible"
+ fi
+ ;;
+ esac
+
+ return 0
+}
+
+ossec_hids_config_is_outdated() {
+ dst_file="$1"
+ src_dir="$2"
+
+ if [ ! -e "${dst_file}" ]; then
+ return 0
+ fi
+
+ for src_file in $(find "${src_dir}" -maxdepth 1 -type f -name "*.conf"); do
+ if [ "${src_file}" -nt "${dst_file}" ]; then
+ return 0
+ fi
+ done
+
+ return 1
+}
+
+ossec_hids_create_configs() {
+ case ${ossec_type} in
+ server)
+ if [ -x "${agent_conf_bin}" ]; then
+ # Merge agent.conf.d files into agent.conf
+ if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${agent_conf}" "${agent_conf_dir}"; then
+ ossec_hids_create_file "${agent_conf}" %%USER%%:%%OSSEC_GROUP%% 0640
+ "${agent_conf_bin}" > "${agent_conf}"
+ fi
+ fi
+ ;;
+ agent)
+ # Touch agent.conf so the agent daemons won't complain if it doesn't exist
+ ossec_hids_create_file "${agent_conf}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0644
+ ;;
+ esac
+
+ if [ -x "${ossec_conf_bin}" ]; then
+ # Merge ossec.conf.d files into ossec.conf
+ if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${ossec_conf}" "${ossec_conf_dir}"; then
+ ossec_hids_create_file "${ossec_conf}" %%USER%%:%%OSSEC_GROUP%% 0640
+ "${ossec_conf_bin}" > "${ossec_conf}"
+ fi
+ fi
+
+ return 0
+}
+
+ossec_hids_create_logs() {
+ # Create required log files if they don't exist
+ ossec_hids_create_file "${ossec_log}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0660
+ ossec_hids_create_file "${ossec_ar_log}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0660
+
+ return 0
+}
+
+ossec_hids_create_env() {
+ # Copy required files from outside of home directory
+ if [ ! -e "${ossec_local_time}" ]; then
+ echo "Missing \"${ossec_local_time}\". Run command \"tzsetup\"."
+ return 1
+ fi
+ install -o %%USER%% -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}"
+
+ # Install missing files
+ case ${ossec_type} in
+ server)
+ ossec_hids_create_file "${ossec_fts_queue}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0640
+ ossec_hids_create_file "${ossec_ig_queue}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0640
+ ;;
+ esac
+
+ return 0
+}
+
+ossec_hids_clean() {
+ if [ "${ossec_type}" == "server" ]; then
+ rm -f "${ossec_merged}"
+ fi
+
+ if checkyesno ossec_hids_clear_log; then
+ echo -n > "${ossec_log}"
+ fi
+
+ if checkyesno ossec_hids_clear_ar_log; then
+ echo -n > "${ossec_ar_log}"
+ fi
+
+ return 0
+}
+
+ossec_hids_fetch_configs() {
+ case ${ossec_type} in
+ agent)
+ rm -f "${ossec_merged}"
+ ossec_hids_command stop
+ sleep 1
+ ossec_hids_command start
+ echo "Waiting ${ossec_hids_fetch_time} seconds for the shared configuration to be downloaded from the OSSEC server"
+ sleep ${ossec_hids_fetch_time}
+ if [ ! -s "${ossec_merged}" ]; then
+ echo "Failed to download shared configuration from the OSSEC server"
+ return 1
+ fi
+ ;;
+ *)
+ echo "Shared configuration is only available for agent installations"
+ return 1
+ ;;
+ esac
+
+ return 0
+}
+
+ossec_hids_prepare() {
+ case ${rc_arg} in
+ start|restart)
+ ossec_hids_create_logs && \
+ ossec_hids_create_env && \
+ ossec_hids_create_configs && \
+ ossec_hids_clean && \
+ ossec_hids_check || return 1
+ ;;
+ fetch_config)
+ ossec_hids_create_logs && \
+ ossec_hids_create_env && \
+ ossec_hids_create_configs && \
+ ossec_hids_clean && \
+ ossec_hids_fetch_configs && \
+ ossec_hids_check || return 1
+ ;;
+ reload)
+ ossec_hids_create_env && \
+ ossec_hids_create_configs || return 1
+ ;;
+ esac
+
+ return 0
+}
+
+ossec_hids_ossec_conf() {
+ if [ -x "${ossec_conf_bin}" ]; then
+ "${ossec_conf_bin}"
+ elif [ -f "${ossec_conf}" ]; then
+ cat "${ossec_conf}"
+ fi
+}
+
+ossec_hids_agent_conf() {
+ if [ -x "${agent_conf_bin}" ]; then
+ "${agent_conf_bin}"
+ elif [ -f "${agent_conf}" ]; then
+ cat "${agent_conf}"
+ fi
+}
+
+ossec_hids_command() {
+ "${ossec_home}/bin/ossec-control" "$1"
+}
+
+run_rc_command "$1"
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-19 01:46:50 +0000