From 495280d9dc4ff5efd555f50e65a120df1b780003 Mon Sep 17 00:00:00 2001
From: Dominik Lisiak <dominik.lisiak@bemsoft.pl>
Date: Sat, 13 Oct 2018 20:51:51 +0200
Subject: Initial commit for version 3.0.0

---
 .../ossec-hids-local-config/files/agent-conf.in    | 33 +++++++++
 .../files/command-last-logins.sh.in                |  8 +++
 .../files/command-open-ports.sh.in                 | 19 +++++
 .../ossec-hids-local-config/files/command.conf.in  |  6 ++
 .../files/merge-config.sh.in                       | 32 +++++++++
 .../files/message-agent-conf.in                    |  3 +
 .../files/message-ossec-conf.in                    |  3 +
 .../ossec-hids-local-config/files/message-pf.in    |  4 ++
 .../ossec-hids-local-config/files/ossec-conf.in    | 60 ++++++++++++++++
 .../ossec-hids-local-config/files/pkg-deinstall.in | 10 +++
 .../ossec-hids-local-config/files/pkg-install.in   | 32 +++++++++
 .../files/rules-cmdout.xml.in                      | 67 ++++++++++++++++++
 .../files/rules-config.xml.in                      | 52 ++++++++++++++
 .../files/template-ar-cmds-default.xml.in          | 38 ++++++++++
 .../files/template-ar-cmds-merge.xml.in            | 10 +++
 .../files/template-ar-fwdrop.xml.in                | 13 ++++
 .../files/template-ar-hostdeny.xml.in              | 12 ++++
 .../files/template-ar-merge.xml.in                 | 11 +++
 .../files/template-ar-restart.xml.in               | 11 +++
 .../files/template-cmdout-last-logins.xml.in       | 10 +++
 .../files/template-cmdout-open-ports-tcp.xml.in    | 28 ++++++++
 .../files/template-cmdout-open-ports-udp.xml.in    | 28 ++++++++
 .../files/template-header-disabled.xml.in          | 10 +++
 .../files/template-header-enabled.xml.in           |  4 ++
 .../files/template-header-sample.xml.in            |  1 +
 .../files/template-logs-apache.xml.in              | 28 ++++++++
 .../files/template-logs-default.xml.in             | 68 ++++++++++++++++++
 .../files/template-logs-nginx.xml.in               | 28 ++++++++
 .../files/template-logs-radius.xml.in              | 18 +++++
 .../files/template-logs-response.xml.in            | 18 +++++
 .../files/template-logs-vsftpd.xml.in              | 18 +++++
 .../files/template-rootcheck-default.xml.in        | 23 ++++++
 .../files/template-rules-cmdout.xml.in             |  8 +++
 .../files/template-rules-config.xml.in             |  8 +++
 .../files/template-rules-default.xml.in            | 82 ++++++++++++++++++++++
 .../files/template-sample-agent.xml.in             | 14 ++++
 .../files/template-sample-database.xml.in          | 12 ++++
 .../files/template-sample-local.xml.in             | 17 +++++
 .../files/template-sample-server.xml.in            | 23 ++++++
 .../files/template-syscheck-default.xml.in         | 18 +++++
 .../files/template-syscheck-hostdeny.xml.in        | 16 +++++
 .../files/template-syscheck-newfiles.xml.in        | 16 +++++
 .../files/template-syscheck-noauto.xml.in          | 16 +++++
 .../files/template-syscheck-ossec.xml.in           | 18 +++++
 44 files changed, 954 insertions(+)
 create mode 100644 security/ossec-hids-local-config/files/agent-conf.in
 create mode 100644 security/ossec-hids-local-config/files/command-last-logins.sh.in
 create mode 100644 security/ossec-hids-local-config/files/command-open-ports.sh.in
 create mode 100644 security/ossec-hids-local-config/files/command.conf.in
 create mode 100644 security/ossec-hids-local-config/files/merge-config.sh.in
 create mode 100644 security/ossec-hids-local-config/files/message-agent-conf.in
 create mode 100644 security/ossec-hids-local-config/files/message-ossec-conf.in
 create mode 100644 security/ossec-hids-local-config/files/message-pf.in
 create mode 100644 security/ossec-hids-local-config/files/ossec-conf.in
 create mode 100644 security/ossec-hids-local-config/files/pkg-deinstall.in
 create mode 100644 security/ossec-hids-local-config/files/pkg-install.in
 create mode 100644 security/ossec-hids-local-config/files/rules-cmdout.xml.in
 create mode 100644 security/ossec-hids-local-config/files/rules-config.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-ar-merge.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-ar-restart.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-header-disabled.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-header-enabled.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-header-sample.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-logs-apache.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-logs-default.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-logs-nginx.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-logs-radius.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-logs-response.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-rootcheck-default.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-rules-cmdout.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-rules-config.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-rules-default.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-sample-agent.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-sample-database.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-sample-local.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-sample-server.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-syscheck-default.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in
 create mode 100644 security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in

(limited to 'security/ossec-hids-local-config/files')

diff --git a/security/ossec-hids-local-config/files/agent-conf.in b/security/ossec-hids-local-config/files/agent-conf.in
new file mode 100644
index 0000000..673d0f6
--- /dev/null
+++ b/security/ossec-hids-local-config/files/agent-conf.in
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+ossec_type="%%OSSEC_TYPE%%"
+ossec_home="%%OSSEC_HOME%%"
+
+agent_conf_dir="${ossec_home}/etc/agent.conf.d"
+agent_conf_files="${agent_conf_dir}/*.conf"
+
+select_elements() {
+    local element="$1"
+    sed -n "/<${element}.*>/,/<\/${element}>/p"
+}
+
+remove_comments() {
+    # Comments must be on separate lines i.e. not next to uncommented code
+    awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}'
+}
+
+remove_empty_lines() {
+    sed '/^\s*$/d'
+}
+
+agent_conf() {
+
+    echo "<!-- OSSEC HIDS %%VERSION%% -->"
+    echo
+    echo "<!-- DO NOT EDIT - file generated automatically - edit \"agent.conf.d/900.local.conf\" instead -->"
+    echo
+
+    cat $@ | remove_comments | select_elements "agent_config" | remove_empty_lines
+}
+
+agent_conf "${agent_conf_files}"
diff --git a/security/ossec-hids-local-config/files/command-last-logins.sh.in b/security/ossec-hids-local-config/files/command-last-logins.sh.in
new file mode 100644
index 0000000..7bd8242
--- /dev/null
+++ b/security/ossec-hids-local-config/files/command-last-logins.sh.in
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# This script is part of FreeBSD port - report any issues to the port MAINTAINER
+
+ossec_home="%%OSSEC_HOME%%"
+. "${ossec_home}/etc/command.conf"
+
+last -n ${last_logins}
diff --git a/security/ossec-hids-local-config/files/command-open-ports.sh.in b/security/ossec-hids-local-config/files/command-open-ports.sh.in
new file mode 100644
index 0000000..d5ba047
--- /dev/null
+++ b/security/ossec-hids-local-config/files/command-open-ports.sh.in
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# This script is part of FreeBSD port - report any issues to the port MAINTAINER
+
+family=$1
+protocol=$2
+ports=$3
+
+if [ -z "${ports}" ]; then
+    privileged_ports="1-$((`sysctl -n net.inet.ip.portrange.first` - 1))"
+
+    ossec_home="%%OSSEC_HOME%%"
+    . "${ossec_home}/etc/command.conf"
+
+    ports="privileged_${protocol}_ports"
+    eval ports=\$${ports}
+fi
+
+sockstat -l -${family} -P ${protocol} -p ${ports} | grep -Eo '[^[:space:]]+:[0-9]+' | sort -u
diff --git a/security/ossec-hids-local-config/files/command.conf.in b/security/ossec-hids-local-config/files/command.conf.in
new file mode 100644
index 0000000..b6ef2ad
--- /dev/null
+++ b/security/ossec-hids-local-config/files/command.conf.in
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+last_logins=5
+
+privileged_tcp_ports=${privileged_ports},10050-10051
+privileged_udp_ports=${privileged_ports}
diff --git a/security/ossec-hids-local-config/files/merge-config.sh.in b/security/ossec-hids-local-config/files/merge-config.sh.in
new file mode 100644
index 0000000..a7939f7
--- /dev/null
+++ b/security/ossec-hids-local-config/files/merge-config.sh.in
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# This script is part of FreeBSD port - report any issues to the port MAINTAINER
+
+ossec_type="%%OSSEC_TYPE%%"
+ossec_home="%%OSSEC_HOME%%"
+ossec_rc="%%OSSEC_RC%%"
+
+ACTION=$1
+USER=$2
+IP=$3
+
+LOCAL=`dirname $0`;
+cd $LOCAL
+cd ../../tmp
+
+# Logging the call
+echo "`date` $0 $1 $2 $3 $4 $5" >> "${ossec_home}/logs/active-responses.log"
+
+case ${ACTION} in
+    add)
+        "${ossec_rc}" merge_config
+        exit 0
+        ;;
+    delete)
+        exit 0
+        ;;
+    *)
+        echo "$0: invalid action: ${ACTION}"
+        exit 1
+        ;;
+esac
diff --git a/security/ossec-hids-local-config/files/message-agent-conf.in b/security/ossec-hids-local-config/files/message-agent-conf.in
new file mode 100644
index 0000000..8d61c0d
--- /dev/null
+++ b/security/ossec-hids-local-config/files/message-agent-conf.in
@@ -0,0 +1,3 @@
+The "agent.conf" must no longer be used for configuration. It will be
+overwritten by merged "*.conf" files from the configuration directory:
+%%OSSEC_HOME%%/etc/agent.conf.d
diff --git a/security/ossec-hids-local-config/files/message-ossec-conf.in b/security/ossec-hids-local-config/files/message-ossec-conf.in
new file mode 100644
index 0000000..d6170ca
--- /dev/null
+++ b/security/ossec-hids-local-config/files/message-ossec-conf.in
@@ -0,0 +1,3 @@
+The "ossec.conf" must no longer be used for configuration. It will be
+overwritten by merged "*.conf" files from the configuration directory:
+%%OSSEC_HOME%%/etc/ossec.conf.d
diff --git a/security/ossec-hids-local-config/files/message-pf.in b/security/ossec-hids-local-config/files/message-pf.in
new file mode 100644
index 0000000..707e44b
--- /dev/null
+++ b/security/ossec-hids-local-config/files/message-pf.in
@@ -0,0 +1,4 @@
+Add the ossec_fwtable to /etc/pf.conf if using "firewall-drop" active response:
+  table <ossec_fwtable> persist
+  block in quick from <ossec_fwtable> to any
+  block out quick from any to <ossec_fwtable>
diff --git a/security/ossec-hids-local-config/files/ossec-conf.in b/security/ossec-hids-local-config/files/ossec-conf.in
new file mode 100644
index 0000000..d28d238
--- /dev/null
+++ b/security/ossec-hids-local-config/files/ossec-conf.in
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+ossec_type="%%OSSEC_TYPE%%"
+ossec_home="%%OSSEC_HOME%%"
+
+ossec_conf_dir="${ossec_home}/etc/ossec.conf.d"
+ossec_conf_files="${ossec_conf_dir}/*.conf"
+
+select_elements_content() {
+    local element="$1"
+    sed -n "/<${element}>/,/<\/${element}>/{ /<${element}>/d; /<\/${element}>/d; p; }"
+}
+
+remove_elements() {
+    local element="$1"
+    sed -e "/<${element}>/,/<\/${element}>/d"
+}
+
+remove_comments() {
+    # Comments must be on separate lines i.e. not next to uncommented code
+    awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}'
+}
+
+remove_empty_lines() {
+    sed '/^\s*$/d'
+}
+
+ossec_conf() {
+    echo "<!-- OSSEC HIDS %%VERSION%% -->"
+    echo
+    echo "<!-- DO NOT EDIT - file generated automatically - edit \"ossec.conf.d/900.local.conf\" instead -->"
+    echo
+    echo "<ossec_config>"
+
+    if [ "${ossec_type}" != "agent"  ]; then
+        if cat $@ | remove_comments | grep -q "<rules>"; then
+            echo "  <rules>"
+            cat $@ | remove_comments | select_elements_content "rules" | remove_empty_lines
+            echo "  </rules>"
+        fi
+    fi
+
+    if cat $@ | remove_comments | grep -q "<rootcheck>"; then
+        echo "  <rootcheck>"
+        cat $@ | remove_comments | select_elements_content "rootcheck" | remove_empty_lines
+        echo "  </rootcheck>"
+    fi
+
+    if cat $@ | remove_comments | grep -q "<syscheck>"; then
+        echo "  <syscheck>"
+        cat $@ | remove_comments | select_elements_content "syscheck" | remove_empty_lines
+        echo "  </syscheck>"
+    fi
+
+    cat $@ | remove_comments | select_elements_content "ossec_config" | remove_elements "rules" | remove_elements "rootcheck" |  remove_elements "syscheck" | remove_empty_lines
+
+    echo "</ossec_config>"
+}
+
+ossec_conf "${ossec_conf_files}"
diff --git a/security/ossec-hids-local-config/files/pkg-deinstall.in b/security/ossec-hids-local-config/files/pkg-deinstall.in
new file mode 100644
index 0000000..0de19bf
--- /dev/null
+++ b/security/ossec-hids-local-config/files/pkg-deinstall.in
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+ossec_home="%%OSSEC_HOME%%"
+ossec_conf="${ossec_home}/etc/ossec.conf"
+agent_conf="${ossec_home}/etc/shared/agent.conf"
+
+if [ "$2" == "DEINSTALL"  ]; then
+    rm -f "${ossec_conf}"
+    rm -f "${agent_conf}"
+fi
diff --git a/security/ossec-hids-local-config/files/pkg-install.in b/security/ossec-hids-local-config/files/pkg-install.in
new file mode 100644
index 0000000..f164b9c
--- /dev/null
+++ b/security/ossec-hids-local-config/files/pkg-install.in
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+ossec_home="%%OSSEC_HOME%%"
+ar_bin_dir="${ossec_home}/active-response/bin"
+ossec_conf="${ossec_home}/etc/ossec.conf"
+ossec_conf_bak="${ossec_conf}.bak"
+agent_conf="${ossec_home}/etc/shared/agent.conf"
+agent_conf_bak="${ossec_home}/etc/agent.conf.bak"
+
+if [ "$2" == "POST-INSTALL"  ]; then
+    ln -f "${ar_bin_dir}/%%FW_DROP%%" "${ar_bin_dir}/firewall-drop.sh"
+
+    if [ -e "${ossec_conf}" ]; then
+        mv -f "${ossec_conf}" "${ossec_conf_bak}"
+        echo
+        echo "WARNING:"
+        echo "  Existing \"${ossec_conf}\" has been saved to \"${ossec_conf_bak}\"."
+        echo
+    fi
+
+    case "$1" in
+        ossec-hids-server*)
+            if [ -e "${agent_conf}" ]; then
+                mv -f "${agent_conf}" "${agent_conf_bak}"
+                echo
+                echo "WARNING:"
+                echo "  Existing \"${agent_conf}\" has been saved to \"${agent_conf_bak}\"."
+                echo
+            fi
+            ;;
+    esac
+fi
diff --git a/security/ossec-hids-local-config/files/rules-cmdout.xml.in b/security/ossec-hids-local-config/files/rules-cmdout.xml.in
new file mode 100644
index 0000000..59e3f4b
--- /dev/null
+++ b/security/ossec-hids-local-config/files/rules-cmdout.xml.in
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<group name="ossec,">
+
+  <rule id="56041" level="1">
+    <if_sid>530</if_sid>
+    <match>ossec: output: 'freebsd-last-logins'</match>
+    <check_diff />
+    <description>List of the last logged in users.</description> 
+  </rule>
+
+  <rule id="56042" level="1">
+    <if_sid>530</if_sid>
+    <match>ossec: output: 'freebsd-open-ports-tcp4-all'</match>
+    <check_diff />
+    <description>Listening IPv4 TCP port opened or closed.</description>
+  </rule>
+
+  <rule id="56043" level="7">
+    <if_sid>530</if_sid>
+    <match>ossec: output: 'freebsd-open-ports-tcp4'</match>
+    <check_diff />
+    <description>Listening IPv4 TCP port opened or closed.</description>
+  </rule>
+
+  <rule id="56044" level="1">
+    <if_sid>530</if_sid>
+    <match>ossec: output: 'freebsd-open-ports-tcp6-all'</match>
+    <check_diff />
+    <description>Listening IPv6 TCP port opened or closed.</description>
+  </rule>
+
+  <rule id="56045" level="7">
+    <if_sid>530</if_sid>
+    <match>ossec: output: 'freebsd-open-ports-tcp6'</match>
+    <check_diff />
+    <description>Listening IPv6 TCP port opened or closed.</description>
+  </rule>
+
+  <rule id="56046" level="1">
+    <if_sid>530</if_sid>
+    <match>ossec: output: 'freebsd-open-ports-udp4-all'</match>
+    <check_diff />
+    <description>Listening IPv4 UDP port opened or closed.</description>
+  </rule>
+
+  <rule id="56047" level="7">
+    <if_sid>530</if_sid>
+    <match>ossec: output: 'freebsd-open-ports-udp4'</match>
+    <check_diff />
+    <description>Listening IPv4 UDP port opened or closed.</description>
+  </rule>
+
+  <rule id="56048" level="1">
+    <if_sid>530</if_sid>
+    <match>ossec: output: 'freebsd-open-ports-udp6-all'</match>
+    <check_diff />
+    <description>Listening IPv6 UDP port opened or closed.</description>
+  </rule>
+
+  <rule id="56049" level="7">
+    <if_sid>530</if_sid>
+    <match>ossec: output: 'freebsd-open-ports-udp6'</match>
+    <check_diff />
+    <description>Listening IPv6 UDP port opened or closed.</description>
+  </rule>
+
+</group>
diff --git a/security/ossec-hids-local-config/files/rules-config.xml.in b/security/ossec-hids-local-config/files/rules-config.xml.in
new file mode 100644
index 0000000..2853c4a
--- /dev/null
+++ b/security/ossec-hids-local-config/files/rules-config.xml.in
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<group name="ossec,">
+
+  <rule id="56001" level="10" ignore="10">
+    <if_group>syscheck</if_group>
+    <match>%%OSSEC_HOME%%/etc/ossec.conf.d</match>
+    <description>ossec.conf.d has been modified</description>
+  </rule>
+
+  <rule id="56002" level="10" ignore="10">
+    <if_group>syscheck</if_group>
+    <match>%%OSSEC_HOME%%/etc/ossec.conf</match>
+    <description>ossec.conf has been modified</description>
+  </rule>
+
+  <rule id="56003" level="10" ignore="10">
+    <if_group>syscheck</if_group>
+    <match>/var/ossec/etc/ossec.conf.d</match>
+    <description>ossec.conf.d has been modified</description>
+  </rule>
+
+  <rule id="56004" level="10" ignore="10">
+    <if_group>syscheck</if_group>
+    <match>/var/ossec/etc/ossec.conf</match>
+    <description>ossec.conf has been modified</description>
+  </rule>
+
+  <rule id="56021" level="10" ignore="10">
+    <if_group>syscheck</if_group>
+    <match>%%OSSEC_HOME%%/etc/agent.conf.d</match>
+    <description>agent.conf.d has been modified</description>
+  </rule>
+
+  <rule id="56022" level="10" ignore="10">
+    <if_group>syscheck</if_group>
+    <match>%%OSSEC_HOME%%/etc/shared/agent.conf</match>
+    <description>agent.conf has been modified</description>
+  </rule>
+
+  <rule id="56023" level="10" ignore="10">
+    <if_group>syscheck</if_group>
+    <match>/var/ossec/etc/agent.conf.d</match>
+    <description>agent.conf.d has been modified</description>
+  </rule>
+
+  <rule id="56024" level="10" ignore="10">
+    <if_group>syscheck</if_group>
+    <match>/var/ossec/etc/shared/agent.conf</match>
+    <description>agent.conf has been modified</description>
+  </rule>
+
+</group>
diff --git a/security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in b/security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in
new file mode 100644
index 0000000..1e2dfaa
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-ar-cmds-default.xml.in
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account.sh</executable>
+    <expect>user</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-ossec</name>
+    <executable>restart-ossec.sh</executable>
+    <expect></expect>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in b/security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in
new file mode 100644
index 0000000..ec2ec7e
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-ar-cmds-merge.xml.in
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <command>
+    <name>merge-config</name>
+    <executable>merge-config.sh</executable>
+    <expect></expect>
+  </command>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in b/security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in
new file mode 100644
index 0000000..415de6c
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-ar-fwdrop.xml.in
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <active-response>
+    <!-- Block the IP on the firewall. -->
+    <!-- See: http://www.ossec.net/docs/syntax/head_ossec_config.active-response.html#active-response-options -->
+    <command>firewall-drop</command>
+    <location>local</location>
+    <level>6</level>
+    <timeout>600</timeout>
+  </active-response>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in b/security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in
new file mode 100644
index 0000000..59b3488
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-ar-hostdeny.xml.in
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <active-response>
+    <!-- Deny the IP in "/etc/hosts.allow" or "/etc/hosts.deny". -->
+    <command>host-deny</command>
+    <location>local</location>
+    <level>6</level>
+    <timeout>600</timeout>
+  </active-response>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-ar-merge.xml.in b/security/ossec-hids-local-config/files/template-ar-merge.xml.in
new file mode 100644
index 0000000..f38d226
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-ar-merge.xml.in
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <active-response>
+    <!-- Create "ossec.conf" and "agent.conf" if "ossec.conf.d/*" or "agent.conf.d/*" files change. -->
+    <command>merge-config</command>
+    <location>local</location>
+    <rules_id>56001,56003,56021,56023</rules_id>
+  </active-response>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-ar-restart.xml.in b/security/ossec-hids-local-config/files/template-ar-restart.xml.in
new file mode 100644
index 0000000..064167e
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-ar-restart.xml.in
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <active-response>
+    <!-- Restart OSSEC if "ossec.conf" or "agent.conf" changes. -->
+    <command>restart-ossec</command>
+    <location>local</location>
+    <rules_id>56002,56004,56022,56024</rules_id>
+  </active-response>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in b/security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in
new file mode 100644
index 0000000..88975ca
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-cmdout-last-logins.xml.in
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>%%OSSEC_HOME%%/bin/command/last-logins.sh</command>
+    <alias>freebsd-last-logins</alias>
+  </localfile>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in b/security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in
new file mode 100644
index 0000000..c602821
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-cmdout-open-ports-tcp.xml.in
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 4 tcp 1-65535</command>
+    <alias>freebsd-open-ports-tcp4-all</alias>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 4 tcp</command>
+    <alias>freebsd-open-ports-tcp4</alias>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 6 tcp 1-65535</command>
+    <alias>freebsd-open-ports-tcp6-all</alias>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 6 tcp</command>
+    <alias>freebsd-open-ports-tcp6</alias>
+  </localfile>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in b/security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in
new file mode 100644
index 0000000..d5c3fc8
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-cmdout-open-ports-udp.xml.in
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 4 udp 1-65535</command>
+    <alias>freebsd-open-ports-udp4-all</alias>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 4 udp</command>
+    <alias>freebsd-open-ports-udp4</alias>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 6 udp 1-65535</command>
+    <alias>freebsd-open-ports-udp6-all</alias>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>%%OSSEC_HOME%%/bin/command/open-ports.sh 6 udp</command>
+    <alias>freebsd-open-ports-udp6</alias>
+  </localfile>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-header-disabled.xml.in b/security/ossec-hids-local-config/files/template-header-disabled.xml.in
new file mode 100644
index 0000000..627fa27
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-header-disabled.xml.in
@@ -0,0 +1,10 @@
+<!-- OSSEC HIDS %%VERSION%% -->
+
+<!-- DO NOT EDIT - file generated automatically using disabled port options -->
+
+<!--
+    You can indirectly edit this file by copying it to the parent directory.
+    The copied file will not be deleted or modified during port removal or
+    upgrades.
+-->
+
diff --git a/security/ossec-hids-local-config/files/template-header-enabled.xml.in b/security/ossec-hids-local-config/files/template-header-enabled.xml.in
new file mode 100644
index 0000000..224916b
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-header-enabled.xml.in
@@ -0,0 +1,4 @@
+<!-- OSSEC HIDS %%VERSION%% -->
+
+<!-- DO NOT EDIT - file generated automatically using enabled port options -->
+
diff --git a/security/ossec-hids-local-config/files/template-header-sample.xml.in b/security/ossec-hids-local-config/files/template-header-sample.xml.in
new file mode 100644
index 0000000..e0772c3
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-header-sample.xml.in
@@ -0,0 +1 @@
+<!-- Place customized configuration here - it will not be overwritten during upgrades. -->
diff --git a/security/ossec-hids-local-config/files/template-logs-apache.xml.in b/security/ossec-hids-local-config/files/template-logs-apache.xml.in
new file mode 100644
index 0000000..b88ed1a
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-logs-apache.xml.in
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%LOGS_APACHE_PROFILE%%">
+
+  <localfile>
+    <log_format>apache</log_format>
+    <location>/var/log/httpd-error.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>apache</log_format>
+    <location>/var/log/httpd-access.log</location>
+  </localfile>
+
+</template_config>
+
+<template_config os="Linux" profile="%%LOGS_APACHE_PROFILE%%">
+
+  <localfile>
+    <log_format>apache</log_format>
+    <location>/var/log/apache2/error.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>apache</log_format>
+    <location>/var/log/apache2/access.log</location>
+  </localfile>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-logs-default.xml.in b/security/ossec-hids-local-config/files/template-logs-default.xml.in
new file mode 100644
index 0000000..47b9a77
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-logs-default.xml.in
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%LOGS_DEFAULT_PROFILE%%">
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/auth.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/maillog</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/messages</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/security</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/userlog</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/xferlog</location>
+  </localfile>
+
+</template_config>
+
+<template_config os="Linux" profile="%%LOGS_DEFAULT_PROFILE%%">
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/auth.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/kern.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/mail.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/messages</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/syslog</location>
+  </localfile>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-logs-nginx.xml.in b/security/ossec-hids-local-config/files/template-logs-nginx.xml.in
new file mode 100644
index 0000000..7d25cf8
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-logs-nginx.xml.in
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%LOGS_NGINX_PROFILE%%">
+
+  <localfile>
+    <log_format>apache</log_format>
+    <location>/var/log/nginx/error.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>apache</log_format>
+    <location>/var/log/nginx/access.log</location>
+  </localfile>
+
+</template_config>
+
+<template_config os="Linux" profile="%%LOGS_NGINX_PROFILE%%">
+
+  <localfile>
+    <log_format>apache</log_format>
+    <location>/var/log/nginx/error.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>apache</log_format>
+    <location>/var/log/nginx/access.log</location>
+  </localfile>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-logs-radius.xml.in b/security/ossec-hids-local-config/files/template-logs-radius.xml.in
new file mode 100644
index 0000000..0b10c4b
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-logs-radius.xml.in
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%LOGS_RADIUS_PROFILE%%">
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/radius.log</location>
+  </localfile>
+
+</template_config>
+
+<template_config os="Linux" profile="%%LOGS_RADIUS_PROFILE%%">
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/freeradius/radius.log</location>
+  </localfile>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-logs-response.xml.in b/security/ossec-hids-local-config/files/template-logs-response.xml.in
new file mode 100644
index 0000000..17828ea
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-logs-response.xml.in
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%LOGS_RESPONSE_PROFILE%%">
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>%%OSSEC_HOME%%/logs/active-responses.log</location>
+  </localfile>
+
+</template_config>
+
+<template_config os="Linux" profile="%%LOGS_RESPONSE_PROFILE%%">
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in b/security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in
new file mode 100644
index 0000000..9f63a21
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-logs-vsftpd.xml.in
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%LOGS_VSFTPD_PROFILE%%">
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/vsftpd.log</location>
+  </localfile>
+
+</template_config>
+
+<template_config os="Linux" profile="%%LOGS_VSFTPD_PROFILE%%">
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/vsftpd.log</location>
+  </localfile>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-rootcheck-default.xml.in b/security/ossec-hids-local-config/files/template-rootcheck-default.xml.in
new file mode 100644
index 0000000..63e5f1e
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-rootcheck-default.xml.in
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%ROOTCHECK_PROFILE%%">
+
+  <rootcheck>
+    <rootkit_files>%%OSSEC_HOME%%/etc/shared/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>%%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt</rootkit_trojans>
+    <system_audit>%%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt</system_audit>
+    <system_audit>%%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt</system_audit>
+  </rootcheck>
+
+</template_config>
+
+<template_config os="Linux" profile="%%ROOTCHECK_PROFILE%%">
+
+  <rootcheck>
+    <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
+    <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
+    <system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
+    <system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
+  </rootcheck>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-rules-cmdout.xml.in b/security/ossec-hids-local-config/files/template-rules-cmdout.xml.in
new file mode 100644
index 0000000..482efd6
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-rules-cmdout.xml.in
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <rules>
+    <include>freebsd_cmdout_rules.xml</include>
+  </rules>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-rules-config.xml.in b/security/ossec-hids-local-config/files/template-rules-config.xml.in
new file mode 100644
index 0000000..2e9102f
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-rules-config.xml.in
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <rules>
+    <include>freebsd_config_rules.xml</include>
+  </rules>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-rules-default.xml.in b/security/ossec-hids-local-config/files/template-rules-default.xml.in
new file mode 100644
index 0000000..e7c18be
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-rules-default.xml.in
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <rules>
+    <include>rules_config.xml</include>
+    <include>ossec_rules.xml</include>
+    <include>syslog_rules.xml</include>
+    <include>sendmail_rules.xml</include>
+    <include>postfix_rules.xml</include>
+    <include>spamd_rules.xml</include>
+    <include>imapd_rules.xml</include>
+    <include>mailscanner_rules.xml</include>
+    <include>ms-exchange_rules.xml</include>
+    <include>courier_rules.xml</include>
+    <include>firewall_rules.xml</include>
+    <include>pix_rules.xml</include>
+    <include>netscreenfw_rules.xml</include>
+    <include>cisco-ios_rules.xml</include>
+    <include>sonicwall_rules.xml</include>
+    <include>pam_rules.xml</include>
+    <include>telnetd_rules.xml</include>
+    <include>sshd_rules.xml</include>
+    <include>solaris_bsm_rules.xml</include>
+    <include>asterisk_rules.xml</include>
+    <include>ms_dhcp_rules.xml</include>
+    <include>arpwatch_rules.xml</include>
+    <include>symantec-av_rules.xml</include>
+    <include>symantec-ws_rules.xml</include>
+    <include>trend-osce_rules.xml</include>
+    <include>hordeimp_rules.xml</include>
+    <include>roundcube_rules.xml</include>
+    <include>wordpress_rules.xml</include>
+    <include>cimserver_rules.xml</include>
+    <include>dovecot_rules.xml</include>
+    <include>vmpop3d_rules.xml</include>
+    <include>vpopmail_rules.xml</include>
+    <include>ftpd_rules.xml</include>
+    <include>proftpd_rules.xml</include>
+    <include>pure-ftpd_rules.xml</include>
+    <include>vsftpd_rules.xml</include>
+    <include>ms_ftpd_rules.xml</include>
+    <include>named_rules.xml</include>
+    <include>exim_rules.xml</include>
+    <include>smbd_rules.xml</include>
+    <include>racoon_rules.xml</include>
+    <include>vpn_concentrator_rules.xml</include>
+    <include>msauth_rules.xml</include>
+    <include>mcafee_av_rules.xml</include>
+    <include>ms-se_rules.xml</include>
+    <include>vmware_rules.xml</include>
+    <include>ids_rules.xml</include>
+    <include>apache_rules.xml</include>
+    <include>web_rules.xml</include>
+    <include>zeus_rules.xml</include>
+    <include>nginx_rules.xml</include>
+    <include>php_rules.xml</include>
+    <include>web_appsec_rules.xml</include>
+    <include>squid_rules.xml</include>
+    <include>attack_rules.xml</include>
+    <include>systemd_rules.xml</include>
+    <include>firewalld_rules.xml</include>
+    <include>mysql_rules.xml</include>
+    <include>postgresql_rules.xml</include>
+    <include>dropbear_rules.xml</include>
+    <include>openbsd_rules.xml</include>
+    <include>apparmor_rules.xml</include>
+    <include>clam_av_rules.xml</include>
+    <include>openbsd-dhcpd_rules.xml</include>
+    <include>nsd_rules.xml</include>
+    <include>owncloud_rules.xml</include>
+    <include>proxmox-ve_rules.xml</include>
+    <include>opensmtpd_rules.xml</include>
+    <include>psad_rules.xml</include>
+    <include>sysmon_rules.xml</include>
+    <include>unbound_rules.xml</include>
+    <include>local_rules.xml</include>
+
+    <!-- Files not included by default -->
+    <!--<include>policy_rules.xml</include>-->
+  </rules>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-sample-agent.xml.in b/security/ossec-hids-local-config/files/template-sample-agent.xml.in
new file mode 100644
index 0000000..8a2fa7b
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-sample-agent.xml.in
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <client>
+    <!-- Specify the IP address of the %%PORTNAME%% server. -->
+    <server-ip>1.2.3.4</server-ip>
+    <!-- Alternatively, specify the hostname of the %%PORTNAME%% server. -->
+    <!-- <server-hostname>example.com</server-hostname> -->
+
+    <!-- Specifies the agent.conf profiles to be used by the agent. Multiple profiles can be included, separated by a comma and a space. -->
+    <!-- <config-profile>%%CLIENT_PROFILES%%</config-profile> -->
+  </client>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-sample-database.xml.in b/security/ossec-hids-local-config/files/template-sample-database.xml.in
new file mode 100644
index 0000000..80f156f
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-sample-database.xml.in
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+  <!-- Run "%%OSSEC_HOME%%/bin/ossec-control enable database" to enable ossec-dbd. -->
+  <database_output>
+    <hostname>localhost</hostname>
+    <username>ossec</username>
+    <password>secret</password>
+    <database>ossec</database>
+    <type>%%DB_TYPE%%</type>
+  </database_output>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-sample-local.xml.in b/security/ossec-hids-local-config/files/template-sample-local.xml.in
new file mode 100644
index 0000000..bf1ec5c
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-sample-local.xml.in
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <global>
+    <!-- Uncomment to enable email notifications. -->
+    <!--
+    <email_notification>yes</email_notification>
+    <email_to>example@example.com</email_to>
+    <smtp_server>smtp.example.com</smtp_server>
+    <email_from>ossecm@example.com</email_from>
+    -->
+
+    <!-- List of IP addresses that should never be blocked by the active response (one per element). -->
+    <white_list>127.0.0.1</white_list>
+  </global>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-sample-server.xml.in b/security/ossec-hids-local-config/files/template-sample-server.xml.in
new file mode 100644
index 0000000..d4efd19
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-sample-server.xml.in
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config>
+
+  <remote>
+    <connection>secure</connection>
+    <!-- Because of a bug, setting the address is mandatory for IPv4. -->
+    <local_ip>1.2.3.4</local_ip>
+  </remote>
+
+  <global>
+    <!-- Uncomment to enable email notifications. -->
+    <!--
+    <email_notification>yes</email_notification>
+    <email_to>example@example.com</email_to>
+    <smtp_server>smtp.example.com</smtp_server>
+    <email_from>ossecm@example.com</email_from>
+    -->
+
+    <!-- List of IP addresses that should never be blocked by the active response (one per element). -->
+    <white_list>127.0.0.1</white_list>
+  </global>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-syscheck-default.xml.in b/security/ossec-hids-local-config/files/template-syscheck-default.xml.in
new file mode 100644
index 0000000..78ae8f8
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-syscheck-default.xml.in
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%SYSCHECK_PROFILE%%">
+
+  <syscheck>
+    <directories realtime="yes" check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin,%%PREFIX%%/bin,%%PREFIX%%/sbin</directories>
+    <directories realtime="yes" check_all="yes">/etc,%%PREFIX%%/etc</directories>
+  </syscheck>
+
+</template_config>
+
+<template_config os="Linux" profile="%%SYSCHECK_PROFILE%%">
+
+  <syscheck>
+    <directories realtime="yes" check_all="yes">/bin,/sbin,/usr/bin,/usr/sbin,/usr/local/bin,/usr/local/sbin</directories>
+    <directories realtime="yes" check_all="yes">/etc,/usr/local/etc</directories>
+  </syscheck>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in b/security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in
new file mode 100644
index 0000000..f35f4d5
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-syscheck-hostdeny.xml.in
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%SYSCHECK_PROFILE%%">
+
+  <syscheck>
+    <ignore>/etc/hosts.allow</ignore>
+  </syscheck>
+
+</template_config>
+
+<template_config os="Linux" profile="%%SYSCHECK_PROFILE%%">
+
+  <syscheck>
+    <ignore>/etc/hosts.deny</ignore>
+  </syscheck>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in b/security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in
new file mode 100644
index 0000000..7a303e5
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-syscheck-newfiles.xml.in
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%SYSCHECK_PROFILE%%">
+
+  <syscheck>
+    <alert_new_files>yes</alert_new_files>
+  </syscheck>
+
+</template_config>
+
+<template_config os="Linux" profile="%%SYSCHECK_PROFILE%%">
+
+  <syscheck>
+    <alert_new_files>yes</alert_new_files>
+  </syscheck>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in b/security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in
new file mode 100644
index 0000000..03f5943
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-syscheck-noauto.xml.in
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%SYSCHECK_PROFILE%%">
+
+  <syscheck>
+    <auto_ignore>no</auto_ignore>
+  </syscheck>
+
+</template_config>
+
+<template_config os="Linux" profile="%%SYSCHECK_PROFILE%%">
+
+  <syscheck>
+    <auto_ignore>no</auto_ignore>
+  </syscheck>
+
+</template_config>
diff --git a/security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in b/security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in
new file mode 100644
index 0000000..8342f63
--- /dev/null
+++ b/security/ossec-hids-local-config/files/template-syscheck-ossec.xml.in
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<template_config os="FreeBSD" profile="%%SYSCHECK_PROFILE%%">
+
+  <syscheck>
+    <directories realtime="yes" check_all="yes">%%OSSEC_SYSCHECK_BIN_DIRS%%</directories>
+    <directories realtime="yes" check_all="yes">%%OSSEC_SYSCHECK_ETC_DIRS%%</directories>
+  </syscheck>
+
+</template_config>
+
+<template_config os="Linux" profile="%%SYSCHECK_PROFILE%%">
+
+  <syscheck>
+    <directories realtime="yes" check_all="yes">/var/ossec/bin,/var/ossec/active-response,/var/ossec/agentless</directories>
+    <directories realtime="yes" check_all="yes">/var/ossec/etc,/var/ossec/rules</directories>
+  </syscheck>
+
+</template_config>
-- 
cgit v1.2.3