r2: - fix SID parse

[ossec-hids-cn.git] / debian / postinst

diff --git a/debian/postinst b/debian/postinst
index eb8c4f2..fda11a0 100755 (executable)
--- a/debian/postinst
+++ b/debian/postinst
@@ -49,7 +49,7 @@ script='
 BEGIN {
     FS = "\""
 }
-/^[ \t]*<rule id="[[:digit:]]+" .*>/ {
+/^[[:space:]]*<rule id="[[:digit:]]*".*>/ {
     if (max < $2)
         max = $2
 }
@@ -57,10 +57,12 @@ END {
     print max
 };
 '
-sid=100000
 if [ -e "$local_rules" ]; then
     sid=$(awk "$script" "$local_rules")
 fi
+if [ -z "$sid" ]; then
+    sid=100000
+fi
 
 # update local rules with our policy
 if [ -e "$local_rules" ]; then
@@ -78,7 +80,7 @@ cp-update --comment '<!--' --comment-end '-->' \
    <description>Events ignored</description>
  </rule>
 
- <rule id="$(expr "$sid" + 1)" level="0">
+ <rule id="$(expr "$sid" + 2)" level="0">
    <if_sid>1002</if_sid>
    <program_name>^sophie|^smartd</program_name>
    <description>Events ignored</description>
@@ -86,14 +88,14 @@ cp-update --comment '<!--' --comment-end '-->' \
 </group>
 
 <group name="syslog,postfix,local">
- <rule id="$(expr "$sid" + 1)" level="0">
+ <rule id="$(expr "$sid" + 3)" level="0">
    <if_sid>3303</if_sid>
    <description>Events ignored</description>
  </rule>
 
- <rule id="$(expr "$sid" + 1)" level="0">
+ <rule id="$(expr "$sid" + 4)" level="0">
   <if_sid>3356</if_sid>
-  <description>Ignore blacklisted mail...</description>
+  <description>Ignore blacklisted mail</description>
  </rule>
 </group>
 EOF