--- /dev/null
+ossec-hids-cn
+~~~~~~~~~~~~~
+
+Ovaj paket donosi neka dodatna pravila i iznimke za CARNet pakete, odnosno
+OSSEC detekciju problema vezanih uz CARNet pakete.
+
+ -- Dinko Korunic <kreator@carnet.hr> Sun, 21 Oct 2007 17:32:00 +0200
--- /dev/null
+changelog.Debian
\ No newline at end of file
--- /dev/null
+ossec-hids-cn (1.3-1) stable; urgency=low
+
+ * inicijalna verzija paketa
+
+ -- Dinko Korunic <kreator@carnet.hr> Sun, 21 Oct 2007 17:50:14 +0200
--- /dev/null
+Source: ossec-hids-cn
+Section: net
+Priority: optional
+Maintainer: Dinko Korunic <kreator@carnet.hr>
+Build-Depends: debhelper (>= 4)
+Standards-Version: 3.7.2
+
+Package: ossec-hids-cn
+Architecture: all
+Depends: ossec-hids (>= 1.3-1), carnet-tools-cn (>= 2.1.8)
+Description: OSSEC HIDS CARNetization
+ OSSEC is a scalable, multi-platform, open source Host-based Intrusion
+ Detection System (HIDS). It has a powerful correlation and analysis
+ engine, integrating log analysis, file integrity checking, Windows
+ registry monitoring, centralized policy enforcement, rootkit detection,
+ real-time alerting and active response.
+ .
+ It runs on most operating systems, including Linux, OpenBSD, FreeBSD,
+ MacOS, Solaris and Windows.
+ .
+ More information on OSSEC is available at: http://www.ossec.net/ .
+ .
+ This package brings CARNet-related configuration for OSSEC.
--- /dev/null
+changelog.CARNet
+README.CARNet
--- /dev/null
+#!/bin/sh
+# postinst script for bind9-cn
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+ configure|reconfigure)
+ # continue below
+ ;;
+
+ *)
+ exit 0
+ ;;
+esac
+
+# import CN-functions
+. /usr/share/carnet-tools/functions.sh
+
+# get installation directory
+. /etc/ossec-init.conf
+if [ "X${DIRECTORY}" = "X" ]; then
+ DIRECTORY="/var/ossec"
+fi
+
+# sanity check
+if [ ! -d "$DIRECTORY/rules" ]; then
+ echo "CN: There is no "$DIRECTORY/rules" directory, exiting..."
+ echo "CN: Please reinstall ossec-hids package"
+ exit 1
+fi
+
+# find first available sid
+local_rules="$DIRECTORY/rules/local_rules.xml"
+script='
+BEGIN {
+ FS = "\""
+}
+/^[ \t]*<rule id="[[:digit:]]+" .*>/ {
+ if (max < $2)
+ max = $2
+}
+END {
+ print max
+};
+'
+sid=100000
+if [ -e "$local_rules" ]; then
+ sid=$(awk "$script" "$local_rules")
+fi
+
+# update local rules with our policy
+if [ -e "$local_rules" ]; then
+ cp "$local_rules" "$local_rules.$$"
+else
+ touch "$local_rules.$$"
+fi
+
+cp-update --comment '<!--' --comment-end '-->' \
+ ossec-hids-cn "$local_rules.$$" <<EOF
+<group name="syslog,errors,local">
+ <rule id="$(expr "$sid" + 1)" level="0">
+ <if_sid>1002</if_sid>
+ <match>rsync</match>
+ <description>Events ignored</description>
+ </rule>
+
+ <rule id="$(expr "$sid" + 1)" level="0">
+ <if_sid>1002</if_sid>
+ <program_name>^sophie|^smartd</program_name>
+ <description>Events ignored</description>
+ </rule>
+</group>
+
+<group name="syslog,postfix,local">
+ <rule id="$(expr "$sid" + 1)" level="0">
+ <if_sid>3303</if_sid>
+ <description>Events ignored</description>
+ </rule>
+
+ <rule id="$(expr "$sid" + 1)" level="0">
+ <if_sid>3356</if_sid>
+ <description>Ignore blacklisted mail...</description>
+ </rule>
+</group>
+EOF
+cp_mv "$local_rules.$$" "$local_rules"
+
+# and restart the service
+if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d ossec-hids restart
+else
+ /etc/init.d/ossec-hids restart
+fi
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/bin/sh
+# postrm script for bind9-cn
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postrm> `remove'
+# * <postrm> `purge'
+# * <old-postrm> `upgrade' <new-version>
+# * <new-postrm> `failed-upgrade' <old-version>
+# * <new-postrm> `abort-install'
+# * <new-postrm> `abort-install' <old-version>
+# * <new-postrm> `abort-upgrade' <old-version>
+# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+ purge)
+ # continue below
+ ;;
+
+ *)
+ exit 0
+ ;;
+esac
+
+# import CN-functions
+. /usr/share/carnet-tools/functions.sh
+
+# get installation directory
+. /etc/ossec-init.conf
+if [ "X${DIRECTORY}" = "X" ]; then
+ DIRECTORY="/var/ossec"
+fi
+
+# remove our block
+local_rules="$DIRECTORY/rules/local_rules.xml"
+if [ -e "$local_rules" ]; then
+ cp-update --comment '<!--' --comment-end '-->' \
+ -r ossec-hids-cn "$local_rules"
+fi
+
+# and start the service
+if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d ossec-hids restart
+else
+ /etc/init.d/ossec-hids restart
+fi
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- /dev/null
+#!/usr/bin/make -f
+# Sample debian/rules that uses debhelper.
+# This file is public domain software, originally written by Joey Hess.
+#
+# This version is for packages that are architecture independent.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+build: build-stamp
+build-stamp:
+ dh_testdir
+
+ # Add here commands to compile the package.
+ #$(MAKE)
+
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp
+
+ # Add here commands to clean up after the build process.
+ #-$(MAKE) clean
+ #-$(MAKE) distclean
+
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ # Add here commands to install the package into debian/<packagename>.
+ #$(MAKE) prefix=`pwd`/debian/`dh_listpackages`/usr install
+
+# Build architecture-independent files here.
+binary-indep: build install
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+# dh_installexamples
+# dh_installmenu
+# dh_installdebconf
+# dh_installlogrotate
+# dh_installemacsen
+# dh_installcatalogs
+# dh_installpam
+# dh_installmime
+# dh_installinit
+# dh_installcron
+# dh_installinfo
+# dh_undocumented
+ dh_installman
+ dh_link
+ dh_compress
+ dh_fixperms
+# dh_perl
+# dh_python
+ dh_installdeb
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+# Build architecture-dependent files here.
+binary-arch: build install
+# We have nothing to do by default.
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
projects / ossec-hids-cn.git / commitdiff