From 2bb33cf8e7a25294536df30f4dd8dcb25e2e9b8e Mon Sep 17 00:00:00 2001 From: Dominik Lisiak Date: Wed, 27 Mar 2019 18:44:07 +0100 Subject: Upgrade to 3.2.0. Added LUA and NOFW options. Improved plist.sh scripts. --- security/ossec-hids-local-config/files/pkg-deinstall.in | 9 +++++++++ security/ossec-hids-local-config/files/pkg-install.in | 6 +++++- .../files/template-rootcheck-basic.xml.in | 1 + .../ossec-hids-local-config/files/template-rules-default.xml.in | 4 ++++ 4 files changed, 19 insertions(+), 1 deletion(-) (limited to 'security/ossec-hids-local-config/files') diff --git a/security/ossec-hids-local-config/files/pkg-deinstall.in b/security/ossec-hids-local-config/files/pkg-deinstall.in index 0de19bf..f9f3e7e 100644 --- a/security/ossec-hids-local-config/files/pkg-deinstall.in +++ b/security/ossec-hids-local-config/files/pkg-deinstall.in @@ -1,10 +1,19 @@ #!/bin/sh ossec_home="%%OSSEC_HOME%%" +fw_drop="%%FW_DROP%%" + +ar_bin_dir="${ossec_home}/active-response/bin" ossec_conf="${ossec_home}/etc/ossec.conf" agent_conf="${ossec_home}/etc/shared/agent.conf" if [ "$2" == "DEINSTALL" ]; then rm -f "${ossec_conf}" rm -f "${agent_conf}" + + if [ -n "${fw_drop}" ]; then + if [ "${ar_bin_dir}/${fw_drop}" -ef "${ar_bin_dir}/firewall-drop.sh" ]; then + rm -f "${ar_bin_dir}/firewall-drop.sh" + fi + fi fi diff --git a/security/ossec-hids-local-config/files/pkg-install.in b/security/ossec-hids-local-config/files/pkg-install.in index f164b9c..b8af2c8 100644 --- a/security/ossec-hids-local-config/files/pkg-install.in +++ b/security/ossec-hids-local-config/files/pkg-install.in @@ -1,6 +1,8 @@ #!/bin/sh ossec_home="%%OSSEC_HOME%%" +fw_drop="%%FW_DROP%%" + ar_bin_dir="${ossec_home}/active-response/bin" ossec_conf="${ossec_home}/etc/ossec.conf" ossec_conf_bak="${ossec_conf}.bak" @@ -8,7 +10,9 @@ agent_conf="${ossec_home}/etc/shared/agent.conf" agent_conf_bak="${ossec_home}/etc/agent.conf.bak" if [ "$2" == "POST-INSTALL" ]; then - ln -f "${ar_bin_dir}/%%FW_DROP%%" "${ar_bin_dir}/firewall-drop.sh" + if [ -n "${fw_drop}" ]; then + ln -f "${ar_bin_dir}/${fw_drop}" "${ar_bin_dir}/firewall-drop.sh" + fi if [ -e "${ossec_conf}" ]; then mv -f "${ossec_conf}" "${ossec_conf_bak}" diff --git a/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in b/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in index 37c2166..6591f57 100644 --- a/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in +++ b/security/ossec-hids-local-config/files/template-rootcheck-basic.xml.in @@ -15,6 +15,7 @@ /var/ossec/etc/shared/rootkit_files.txt /var/ossec/etc/shared/rootkit_trojans.txt + /var/ossec/etc/shared/system_audit_pw.txt /var/ossec/etc/shared/system_audit_rcl.txt /var/ossec/etc/shared/system_audit_ssh.txt diff --git a/security/ossec-hids-local-config/files/template-rules-default.xml.in b/security/ossec-hids-local-config/files/template-rules-default.xml.in index 5f34a6a..511d551 100644 --- a/security/ossec-hids-local-config/files/template-rules-default.xml.in +++ b/security/ossec-hids-local-config/files/template-rules-default.xml.in @@ -51,6 +51,7 @@ ms_ipsec_rules.xml vmware_rules.xml ids_rules.xml + ms_powershell_rules.xml apache_rules.xml web_rules.xml zeus_rules.xml @@ -78,6 +79,9 @@ ms_firewall_rules.xml psad_rules.xml unbound_rules.xml + kesl_rules.xml + mhn_dionaea_rules.xml + mhn_cowrie_rules.xml local_rules.xml -- cgit v1.2.3