From e5c91fca2a55a6a37273f474a32c0d82650680a1 Mon Sep 17 00:00:00 2001 From: Dominik Lisiak Date: Sun, 4 Nov 2018 18:23:22 +0100 Subject: Made profiles more coarse grained. --- security/ossec-hids-local-config/Makefile | 22 ++++--- .../files/template-logs-basic.xml.in | 68 ++++++++++++++++++++++ .../files/template-logs-ossec.xml.in | 18 ++++++ .../files/template-logs-response.xml.in | 18 ------ .../files/template-logs-system.xml.in | 68 ---------------------- .../files/template-sample-agent.xml.in | 2 +- security/ossec-hids-local-config/opt-logs.mk | 32 +++++----- security/ossec-hids-local-config/opt-rootcheck.mk | 8 +-- security/ossec-hids-local-config/opt-syscheck.mk | 4 +- 9 files changed, 122 insertions(+), 118 deletions(-) create mode 100644 security/ossec-hids-local-config/files/template-logs-basic.xml.in create mode 100644 security/ossec-hids-local-config/files/template-logs-ossec.xml.in delete mode 100644 security/ossec-hids-local-config/files/template-logs-response.xml.in delete mode 100644 security/ossec-hids-local-config/files/template-logs-system.xml.in diff --git a/security/ossec-hids-local-config/Makefile b/security/ossec-hids-local-config/Makefile index df82b84..01cf6c6 100644 --- a/security/ossec-hids-local-config/Makefile +++ b/security/ossec-hids-local-config/Makefile @@ -172,13 +172,12 @@ ${conf_group}_ALL_OPTIONS+= ${option} ############################################################ +CONFIG_PROFILES= .for conf_group in ${CONF_GROUPS} . if !empty(${conf_group}_PROFILE) . if ${OSSEC_TYPE} == agent -. if empty(CLIENT_PROFILES) -CLIENT_PROFILES:= ${${conf_group}_PROFILE} -. else -CLIENT_PROFILES:= ${CLIENT_PROFILES}, ${${conf_group}_PROFILE} +. if !${CONFIG_PROFILES:M${${conf_group}_PROFILE}} +CONFIG_PROFILES+= ${${conf_group}_PROFILE} . endif . endif SUB_LIST+= ${conf_group}_PROFILE=${${conf_group}_PROFILE} @@ -186,10 +185,8 @@ SUB_LIST+= ${conf_group}_PROFILE=${${conf_group}_PROFILE} . for option in ${${conf_group}_ALL_OPTIONS} . if !empty(${option}_PROFILE) . if ${OSSEC_TYPE} == agent -. if empty(CLIENT_PROFILES) -CLIENT_PROFILES:= ${${option}_PROFILE} -. else -CLIENT_PROFILES:= ${CLIENT_PROFILES}, ${${option}_PROFILE} +. if !${CONFIG_PROFILES:M${${option}_PROFILE}} +CONFIG_PROFILES+= ${${option}_PROFILE} . endif . endif SUB_LIST+= ${option}_PROFILE=${${option}_PROFILE} @@ -197,7 +194,14 @@ SUB_LIST+= ${option}_PROFILE=${${option}_PROFILE} . endfor .endfor -SUB_LIST+= CLIENT_PROFILES="${CLIENT_PROFILES}" +.for profile in ${CONFIG_PROFILES} +. if empty(CONFIG_PROFILE_VALUE) +CONFIG_PROFILE_VALUE:= ${profile} +. else +CONFIG_PROFILE_VALUE:= ${CONFIG_PROFILE_VALUE}, ${profile} +. endif +.endfor +SUB_LIST+= CONFIG_PROFILES="${CONFIG_PROFILE_VALUE}" ############################################################ diff --git a/security/ossec-hids-local-config/files/template-logs-basic.xml.in b/security/ossec-hids-local-config/files/template-logs-basic.xml.in new file mode 100644 index 0000000..bb0c10a --- /dev/null +++ b/security/ossec-hids-local-config/files/template-logs-basic.xml.in @@ -0,0 +1,68 @@ + + + + + syslog + /var/log/auth.log + + + + syslog + /var/log/maillog + + + + syslog + /var/log/messages + + + + syslog + /var/log/security + + + + syslog + /var/log/userlog + + + + syslog + /var/log/xferlog + + + + + + + + syslog + /var/log/auth.log + + + + syslog + /var/log/dpkg.log + + + + syslog + /var/log/kern.log + + + + syslog + /var/log/mail.log + + + + syslog + /var/log/messages + + + + syslog + /var/log/syslog + + + diff --git a/security/ossec-hids-local-config/files/template-logs-ossec.xml.in b/security/ossec-hids-local-config/files/template-logs-ossec.xml.in new file mode 100644 index 0000000..e284af8 --- /dev/null +++ b/security/ossec-hids-local-config/files/template-logs-ossec.xml.in @@ -0,0 +1,18 @@ + + + + + syslog + %%OSSEC_HOME%%/logs/active-responses.log + + + + + + + + syslog + /var/ossec/logs/active-responses.log + + + diff --git a/security/ossec-hids-local-config/files/template-logs-response.xml.in b/security/ossec-hids-local-config/files/template-logs-response.xml.in deleted file mode 100644 index 17828ea..0000000 --- a/security/ossec-hids-local-config/files/template-logs-response.xml.in +++ /dev/null @@ -1,18 +0,0 @@ - - - - - syslog - %%OSSEC_HOME%%/logs/active-responses.log - - - - - - - - syslog - /var/ossec/logs/active-responses.log - - - diff --git a/security/ossec-hids-local-config/files/template-logs-system.xml.in b/security/ossec-hids-local-config/files/template-logs-system.xml.in deleted file mode 100644 index eee09aa..0000000 --- a/security/ossec-hids-local-config/files/template-logs-system.xml.in +++ /dev/null @@ -1,68 +0,0 @@ - - - - - syslog - /var/log/auth.log - - - - syslog - /var/log/maillog - - - - syslog - /var/log/messages - - - - syslog - /var/log/security - - - - syslog - /var/log/userlog - - - - syslog - /var/log/xferlog - - - - - - - - syslog - /var/log/auth.log - - - - syslog - /var/log/dpkg.log - - - - syslog - /var/log/kern.log - - - - syslog - /var/log/mail.log - - - - syslog - /var/log/messages - - - - syslog - /var/log/syslog - - - diff --git a/security/ossec-hids-local-config/files/template-sample-agent.xml.in b/security/ossec-hids-local-config/files/template-sample-agent.xml.in index 8a2fa7b..099a6d3 100644 --- a/security/ossec-hids-local-config/files/template-sample-agent.xml.in +++ b/security/ossec-hids-local-config/files/template-sample-agent.xml.in @@ -8,7 +8,7 @@ - + diff --git a/security/ossec-hids-local-config/opt-logs.mk b/security/ossec-hids-local-config/opt-logs.mk index cec8bd4..b706eee 100644 --- a/security/ossec-hids-local-config/opt-logs.mk +++ b/security/ossec-hids-local-config/opt-logs.mk @@ -4,24 +4,24 @@ LOGS_LOCAL_CONF= 550.logs.local.conf LOGS_DESC= Log Monitoring # Default logs support -LOGS_SYSTEM_OPTION= SYSTEM -LOGS_SYSTEM_PROFILE= system-logs -LOGS_SYSTEM_DESC= Default system logs -LOGS_SYSTEM_DEFINE= server local agent pushed -LOGS_SYSTEM_DEFAULT= server local pushed -LOGS_OPTIONS+= LOGS_SYSTEM +LOGS_BASIC_OPTION= BASIC +LOGS_BASIC_PROFILE= basic +LOGS_BASIC_DESC= Default system logs +LOGS_BASIC_DEFINE= server local agent pushed +LOGS_BASIC_DEFAULT= server local pushed +LOGS_OPTIONS+= LOGS_BASIC # Active response log support -LOGS_RESPONSE_OPTION= RESPONSE -LOGS_RESPONSE_PROFILE= active-response-logs -LOGS_RESPONSE_DESC= Active response logs -LOGS_RESPONSE_DEFINE= server local agent pushed -LOGS_RESPONSE_DEFAULT= server local pushed -LOGS_OPTIONS+= LOGS_RESPONSE +LOGS_OSSEC_OPTION= OSSEC +LOGS_OSSEC_PROFILE= ossec +LOGS_OSSEC_DESC= Active response logs +LOGS_OSSEC_DEFINE= server local agent pushed +LOGS_OSSEC_DEFAULT= server local pushed +LOGS_OPTIONS+= LOGS_OSSEC # Apache logs support LOGS_APACHE_OPTION= APACHE -LOGS_APACHE_PROFILE= apache-logs +LOGS_APACHE_PROFILE= apache LOGS_APACHE_DESC= Apache logs LOGS_APACHE_DEFINE= server local agent pushed LOGS_APACHE_DEFAULT= pushed @@ -29,7 +29,7 @@ LOGS_OPTIONS+= LOGS_APACHE # Nginx logs support LOGS_NGINX_OPTION= NGINX -LOGS_NGINX_PROFILE= nginx-logs +LOGS_NGINX_PROFILE= nginx LOGS_NGINX_DESC= Nginx logs LOGS_NGINX_DEFINE= server local agent pushed LOGS_NGINX_DEFAULT= pushed @@ -37,7 +37,7 @@ LOGS_OPTIONS+= LOGS_NGINX # Radius logs support LOGS_RADIUS_OPTION= RADIUS -LOGS_RADIUS_PROFILE= radius-logs +LOGS_RADIUS_PROFILE= radius LOGS_RADIUS_DESC= FreeRADIUS logs LOGS_RADIUS_DEFINE= server local agent pushed LOGS_RADIUS_DEFAULT= pushed @@ -45,7 +45,7 @@ LOGS_OPTIONS+= LOGS_RADIUS # Vsftpd logs support LOGS_VSFTPD_OPTION= VSFTPD -LOGS_VSFTPD_PROFILE= vsftpd-logs +LOGS_VSFTPD_PROFILE= vsftpd LOGS_VSFTPD_DESC= Vsftpd logs LOGS_VSFTPD_DEFINE= server local agent pushed LOGS_VSFTPD_DEFAULT= pushed diff --git a/security/ossec-hids-local-config/opt-rootcheck.mk b/security/ossec-hids-local-config/opt-rootcheck.mk index f846cd3..3183216 100644 --- a/security/ossec-hids-local-config/opt-rootcheck.mk +++ b/security/ossec-hids-local-config/opt-rootcheck.mk @@ -5,7 +5,7 @@ ROOTCHECK_DESC= System Audit and Rootkit Detection (rootcheck) # Basic ROOTCHECK_BASIC_OPTION= BASIC_RC -ROOTCHECK_BASIC_PROFILE= basic-rootcheck +ROOTCHECK_BASIC_PROFILE= basic ROOTCHECK_BASIC_DESC= Basic audit and rootkits ROOTCHECK_BASIC_DEFINE= server local agent pushed ROOTCHECK_BASIC_DEFAULT= server local pushed @@ -13,7 +13,7 @@ ROOTCHECK_OPTIONS+= ROOTCHECK_BASIC # CIS default ROOTCHECK_CIS_OPTION= CIS_RC -ROOTCHECK_CIS_PROFILE= cis-rootcheck +ROOTCHECK_CIS_PROFILE= cis ROOTCHECK_CIS_DESC= CIS benchmark - Legacy ROOTCHECK_CIS_DEFINE= pushed ROOTCHECK_CIS_DEFAULT= pushed @@ -21,7 +21,7 @@ ROOTCHECK_OPTIONS+= ROOTCHECK_CIS # CIS level 1 ROOTCHECK_CIS_L1_OPTION= CIS_L1_RC -ROOTCHECK_CIS_L1_PROFILE= cis-level1-rootcheck +ROOTCHECK_CIS_L1_PROFILE= cis-level1 ROOTCHECK_CIS_L1_DESC= CIS benchmark - Level 1 ROOTCHECK_CIS_L1_DEFINE= pushed ROOTCHECK_CIS_L1_DEFAULT= pushed @@ -29,7 +29,7 @@ ROOTCHECK_OPTIONS+= ROOTCHECK_CIS_L1 # CIS level 2 ROOTCHECK_CIS_L2_OPTION= CIS_L2_RC -ROOTCHECK_CIS_L2_PROFILE= cis-level2-rootcheck +ROOTCHECK_CIS_L2_PROFILE= cis-level2 ROOTCHECK_CIS_L2_DESC= CIS benchmark - Level 2 ROOTCHECK_CIS_L2_DEFINE= pushed ROOTCHECK_CIS_L2_DEFAULT= pushed diff --git a/security/ossec-hids-local-config/opt-syscheck.mk b/security/ossec-hids-local-config/opt-syscheck.mk index 6f1f0eb..9b4e6ef 100644 --- a/security/ossec-hids-local-config/opt-syscheck.mk +++ b/security/ossec-hids-local-config/opt-syscheck.mk @@ -5,7 +5,7 @@ SYSCHECK_DESC= File Integrity Checking (syscheck) # Default direcotries SYSCHECK_BASIC_OPTION= BASIC_SC -SYSCHECK_BASIC_PROFILE= basic-syscheck +SYSCHECK_BASIC_PROFILE= basic SYSCHECK_BASIC_DESC= "bin", "sbin" and "etc" SYSCHECK_BASIC_DEFINE= server local agent pushed SYSCHECK_BASIC_DEFAULT= server local pushed @@ -13,7 +13,7 @@ SYSCHECK_OPTIONS+= SYSCHECK_BASIC # OSSEC directories SYSCHECK_OSSEC_OPTION= OSSEC_SC -SYSCHECK_OSSEC_PROFILE= ossec-syscheck +SYSCHECK_OSSEC_PROFILE= ossec SYSCHECK_OSSEC_DESC= OSSEC directories SYSCHECK_OSSEC_DEFINE= server local agent pushed SYSCHECK_OSSEC_DEFAULT= server local pushed -- cgit v1.2.3