#!/bin/sh
# postinst script for bind9-cn
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#

case "$1" in
    configure|reconfigure)
      # continue below
    ;;

    *)
        exit 0
    ;;
esac

# import CN-functions
. /usr/share/carnet-tools/functions.sh

# get installation directory
if [ -e /etc/ossec-init.conf ]; then
  . /etc/ossec-init.conf
fi
if [ "X${DIRECTORY}" = "X" ]; then
    DIRECTORY="/var/ossec"
fi

# sanity check
if [ ! -d "$DIRECTORY/rules" ]; then
    echo "CN: There is no "$DIRECTORY/rules" directory, exiting..."
    echo "CN: Please reinstall ossec-hids package"
    exit 1
fi

# find first available sid
local_rules="$DIRECTORY/rules/local_rules.xml"
script='
BEGIN {
    FS = "\""
}
/<rule id="[0-9]*".*>/ {
    if (max < $2)
        max = $2
}
END {
    print max
};
'
if [ -e "$local_rules" ]; then
    sid=$(awk "$script" "$local_rules")
fi
if [ -z "$sid" ]; then
    sid=100000
fi

# update local rules with our policy
if [ -e "$local_rules" ]; then
    cp "$local_rules" "$local_rules.$$"
else
    touch "$local_rules.$$"
fi

cp-update --comment '<!--' --comment-end '-->' \
    ossec-hids-cn "$local_rules.$$" <<EOF
<group name="local">
 <rule id="$(expr "$sid" + 1)" level="0">
   <if_sid>1002</if_sid>
   <match>rsync</match>
   <description>Events ignored</description>
 </rule>

 <rule id="$(expr "$sid" + 2)" level="0">
   <if_sid>1002</if_sid>
   <program_name>^sophie|^smartd</program_name>
   <description>Ignore Sophie/SMARTd</description>
 </rule>

 <rule id="$(expr "$sid" + 3)" level="0">
   <if_sid>3303</if_sid>
   <description>Events ignored</description>
 </rule>

 <rule id="$(expr "$sid" + 4)" level="0">
   <if_sid>3356</if_sid>
   <description>Ignore blacklisted mail</description>
 </rule>

 <rule id="$(expr "$sid" + 5)" level="0">
   <if_sid>1002</if_sid>
   <match>cache</match>
   <program_name>^named</program_name>
   <description>Ignore BIND cache warnings</description>
 </rule> 

 <rule id="$(expr "$sid" + 6)" level="0">
   <if_sid>2933</if_sid>
   <match>Updated timestamp for job</match>
   <program_name>^anacron</program_name>
   <description>Ignore Anacron warnings</description>
 </rule> 
</group>
EOF
cp_mv "$local_rules.$$" "$local_rules"

# and restart the service
service ossec-hids restart || true

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0