. /usr/share/carnet-tools/functions.sh
# get installation directory
-. /etc/ossec-init.conf
+if [ -e /etc/ossec-init.conf ]; then
+ . /etc/ossec-init.conf
+fi
if [ "X${DIRECTORY}" = "X" ]; then
DIRECTORY="/var/ossec"
fi
BEGIN {
FS = "\""
}
-/^[[:space:]]*<rule id="[[:digit:]]*".*>/ {
+/<rule id="[0-9]*".*>/ {
if (max < $2)
max = $2
}
cp-update --comment '<!--' --comment-end '-->' \
ossec-hids-cn "$local_rules.$$" <<EOF
-<group name="syslog,errors,local">
+<group name="local">
<rule id="$(expr "$sid" + 1)" level="0">
<if_sid>1002</if_sid>
<match>rsync</match>
<rule id="$(expr "$sid" + 2)" level="0">
<if_sid>1002</if_sid>
<program_name>^sophie|^smartd</program_name>
- <description>Events ignored</description>
+ <description>Ignore Sophie/SMARTd</description>
</rule>
-</group>
-<group name="syslog,postfix,local">
<rule id="$(expr "$sid" + 3)" level="0">
<if_sid>3303</if_sid>
<description>Events ignored</description>
</rule>
<rule id="$(expr "$sid" + 4)" level="0">
- <if_sid>3356</if_sid>
- <description>Ignore blacklisted mail</description>
+ <if_sid>3356</if_sid>
+ <description>Ignore blacklisted mail</description>
</rule>
+
+ <rule id="$(expr "$sid" + 5)" level="0">
+ <if_sid>1002</if_sid>
+ <match>cache</match>
+ <program_name>^named</program_name>
+ <description>Ignore BIND cache warnings</description>
+ </rule>
+
+ <rule id="$(expr "$sid" + 6)" level="0">
+ <if_sid>2933</if_sid>
+ <match>Updated timestamp for job</match>
+ <program_name>^anacron</program_name>
+ <description>Ignore Anacron warnings</description>
+ </rule>
</group>
EOF
cp_mv "$local_rules.$$" "$local_rules"
# and restart the service
-if [ -x /usr/sbin/invoke-rc.d ]; then
- invoke-rc.d ossec-hids restart
-else
- /etc/init.d/ossec-hids restart
-fi
+service ossec-hids restart || true
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
projects / ossec-hids-cn.git / blobdiff