blob: 1afdb54667740f4be3d1532e3fc80c594569b11b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
#!/bin/sh
ossec_type="%%OSSEC_TYPE%%"
ossec_home="%%OSSEC_HOME%%"
ossec_conf_dir="${ossec_home}/etc/ossec.conf.d"
ossec_conf_files="${ossec_conf_dir}/*.conf"
select_elements_content() {
local element="$1"
sed -En "/<${element}>/,/<\/${element}>/{ /<${element}>/d; /<\/${element}>/d; p; }"
}
remove_elements() {
local element="$1"
sed -E "/<${element}>/,/<\/${element}>/d"
}
remove_comments() {
# Comments must be on separate lines i.e. not next to uncommented code
awk '/<!--/ {off=1} /-->/ {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}'
}
remove_empty_lines() {
sed -E '/^[[:space:]]*$/d'
}
ossec_conf() {
echo "<!-- OSSEC HIDS %%VERSION%% -->"
echo
echo "<!-- DO NOT EDIT - file generated automatically - edit \"ossec.conf.d/900.local.conf\" instead -->"
echo
echo "<ossec_config>"
if [ "${ossec_type}" != "agent" ]; then
if cat $@ | remove_comments | grep -q "<rules>"; then
echo " <rules>"
cat $@ | remove_comments | select_elements_content "rules" | remove_empty_lines
echo " </rules>"
fi
fi
if cat $@ | remove_comments | grep -q "<rootcheck>"; then
echo " <rootcheck>"
cat $@ | remove_comments | select_elements_content "rootcheck" | remove_empty_lines
echo " </rootcheck>"
fi
if cat $@ | remove_comments | grep -q "<syscheck>"; then
echo " <syscheck>"
cat $@ | remove_comments | select_elements_content "syscheck" | remove_empty_lines
echo " </syscheck>"
fi
cat $@ | remove_comments | select_elements_content "ossec_config" | remove_elements "rules" | remove_elements "rootcheck" | remove_elements "syscheck" | remove_empty_lines
echo "</ossec_config>"
}
ossec_conf "${ossec_conf_files}"
|
