#!/bin/sh # # PROVIDE: ossec_hids # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: shutdown # ossec_hids_enable (bool): Set it to YES to enable %%PORTNAME%%. # Default: NO # ossec_hids_clear_log (bool): Set it to YES to clear ossec.log before %%PORTNAME%% startup. # Default: NO # ossec_hids_clear_ar_log (bool): Set it to YES to clear active-responses.log before %%PORTNAME%% startup. # Default: NO # ossec_hids_fetch_time (int): Time in seconds to wait for the shared configuration to be downloaded from the server. # Used only by agent installation. # Default: 60 . /etc/rc.subr name="ossec_hids" rcvar=ossec_hids_enable load_rc_config $name : ${ossec_hids_enable="NO"} : ${ossec_hids_clear_log="NO"} : ${ossec_hids_clear_ar_log="NO"} : ${ossec_hids_fetch_time=60} ossec_type="%%OSSEC_TYPE%%" ossec_home="%%OSSEC_HOME%%" ossec_conf="${ossec_home}/etc/ossec.conf" ossec_conf_dir="${ossec_home}/etc/ossec.conf.d" ossec_conf_bin="${ossec_home}/bin/config/ossec-conf" agent_conf="${ossec_home}/etc/shared/agent.conf" agent_conf_dir="${ossec_home}/etc/agent.conf.d" agent_conf_bin="${ossec_home}/bin/config/agent-conf" ossec_client_keys="${ossec_home}/etc/client.keys" ossec_ar_tmp="${ossec_home}/active-response" ossec_log="${ossec_home}/logs/ossec.log" ossec_ar_log="${ossec_home}/logs/active-responses.log" ossec_merged="${ossec_home}/etc/shared/merged.mg" ossec_local_time="/etc/localtime" ossec_fts_queue="${ossec_home}/queue/fts/fts-queue" ossec_ig_queue="${ossec_home}/queue/fts/ig-queue" extra_commands="reload ossec_conf" case ${ossec_type} in server) extra_commands="${extra_commands} agent_conf" ;; agent) extra_commands="${extra_commands} fetch_config" ;; esac if [ -x "${ossec_conf_bin}" ]; then extra_commands="${extra_commands} merge_config" fi start_cmd="ossec_hids_command start" stop_cmd="ossec_hids_command stop" restart_cmd="ossec_hids_command restart" status_cmd="ossec_hids_command status" reload_cmd="ossec_hids_command reload" fetch_config_cmd="ossec_hids_command restart" merge_config_cmd="ossec_hids_create_configs force" ossec_conf_cmd="ossec_hids_ossec_conf" agent_conf_cmd="ossec_hids_agent_conf" start_precmd="ossec_hids_prepare" restart_precmd="ossec_hids_prepare" reload_precmd="ossec_hids_prepare" fetch_config_precmd="ossec_hids_prepare" ossec_hids_create_file() { local path=$1 local owner=$2 local mode=$3 if [ ! -e "${path}" ]; then touch "${path}" && chown ${owner} "${path}" && chmod ${mode} "${path}" fi } ossec_hids_check() { case ${ossec_type} in server) if [ ! -s "${ossec_client_keys}" ]; then echo "WARNING: There are no client keys created - remote connections will be disabled" fi ;; agent) if [ ! -s "${ossec_client_keys}" ]; then echo "WARNING: There are is no client key imported - connection to server not possible" fi ;; esac return 0 } ossec_hids_config_is_outdated() { dst_file="$1" src_dir="$2" if [ ! -e "${dst_file}" ]; then return 0 fi for src_file in $(find "${src_dir}" -maxdepth 1 -type f -name "*.conf"); do if [ "${src_file}" -nt "${dst_file}" ]; then return 0 fi done return 1 } ossec_hids_create_configs() { case ${ossec_type} in server) if [ -x "${agent_conf_bin}" ]; then # Merge agent.conf.d files into agent.conf if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${agent_conf}" "${agent_conf_dir}"; then ossec_hids_create_file "${agent_conf}" %%USER%%:%%OSSEC_GROUP%% 0640 "${agent_conf_bin}" > "${agent_conf}" fi fi ;; agent) # Touch agent.conf so the agent daemons won't complain if it doesn't exist ossec_hids_create_file "${agent_conf}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0644 ;; esac if [ -x "${ossec_conf_bin}" ]; then # Merge ossec.conf.d files into ossec.conf if [ "$1" == "force" ] || ossec_hids_config_is_outdated "${ossec_conf}" "${ossec_conf_dir}"; then ossec_hids_create_file "${ossec_conf}" %%USER%%:%%OSSEC_GROUP%% 0640 "${ossec_conf_bin}" > "${ossec_conf}" fi fi return 0 } ossec_hids_create_logs() { # Create required log files if they don't exist ossec_hids_create_file "${ossec_log}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0660 ossec_hids_create_file "${ossec_ar_log}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0660 return 0 } ossec_hids_create_env() { # Copy required files from outside of home directory if [ ! -e "${ossec_local_time}" ]; then echo "Missing \"${ossec_local_time}\". Run command \"tzsetup\"." return 1 fi install -o %%USER%% -g %%OSSEC_GROUP%% -m 0440 "${ossec_local_time}" "${ossec_home}${ossec_local_time}" # Install missing files case ${ossec_type} in server) ossec_hids_create_file "${ossec_fts_queue}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0640 ossec_hids_create_file "${ossec_ig_queue}" %%OSSEC_USER%%:%%OSSEC_GROUP%% 0640 ;; esac return 0 } ossec_hids_clean() { if [ "${ossec_type}" == "server" ]; then rm -f "${ossec_merged}" fi if checkyesno ossec_hids_clear_log; then echo -n > "${ossec_log}" fi if checkyesno ossec_hids_clear_ar_log; then echo -n > "${ossec_ar_log}" fi return 0 } ossec_hids_fetch_configs() { case ${ossec_type} in agent) rm -f "${ossec_merged}" ossec_hids_command stop sleep 1 ossec_hids_command start echo "Waiting ${ossec_hids_fetch_time} seconds for the shared configuration to be downloaded from the OSSEC server" sleep ${ossec_hids_fetch_time} if [ ! -s "${ossec_merged}" ]; then echo "Failed to download shared configuration from the OSSEC server" return 1 fi ;; *) echo "Shared configuration is only available for agent installations" return 1 ;; esac return 0 } ossec_hids_prepare() { case ${rc_arg} in start|restart) ossec_hids_create_logs && \ ossec_hids_create_env && \ ossec_hids_create_configs && \ ossec_hids_clean && \ ossec_hids_check || return 1 ;; fetch_config) ossec_hids_create_logs && \ ossec_hids_create_env && \ ossec_hids_create_configs && \ ossec_hids_clean && \ ossec_hids_fetch_configs && \ ossec_hids_check || return 1 ;; reload) ossec_hids_create_env && \ ossec_hids_create_configs || return 1 ;; esac return 0 } ossec_hids_ossec_conf() { if [ -x "${ossec_conf_bin}" ]; then "${ossec_conf_bin}" elif [ -f "${ossec_conf}" ]; then cat "${ossec_conf}" fi } ossec_hids_agent_conf() { if [ -x "${agent_conf_bin}" ]; then "${agent_conf_bin}" elif [ -f "${agent_conf}" ]; then cat "${agent_conf}" fi } ossec_hids_command() { "${ossec_home}/bin/ossec-control" "$1" } run_rc_command "$1"