r2: - fix SID parse

- fix SID generate in local rules

diff --git a/debian/changelog b/debian/changelog
index c730abc..73771ad 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ossec-hids-cn (1.3-2) stable; urgency=low
+
+  * ispravna detekcija/generiranje SID-ova
+
+ -- Dinko Korunic <kreator@carnet.hr>  Wed, 31 Oct 2007 14:32:32 +0100
+
 ossec-hids-cn (1.3-1) stable; urgency=low
 
   * inicijalna verzija paketa

diff --git a/debian/postinst b/debian/postinst
index eb8c4f2..fda11a0 100755 (executable)
--- a/debian/postinst
+++ b/debian/postinst
@@ -49,7 +49,7 @@ script='
 BEGIN {
     FS = "\""
 }
-/^[ \t]*<rule id="[[:digit:]]+" .*>/ {
+/^[[:space:]]*<rule id="[[:digit:]]*".*>/ {
     if (max < $2)
         max = $2
 }
@@ -57,10 +57,12 @@ END {
     print max
 };
 '
-sid=100000
 if [ -e "$local_rules" ]; then
     sid=$(awk "$script" "$local_rules")
 fi
+if [ -z "$sid" ]; then
+    sid=100000
+fi
 
 # update local rules with our policy
 if [ -e "$local_rules" ]; then
@@ -78,7 +80,7 @@ cp-update --comment '<!--' --comment-end '-->' \
    <description>Events ignored</description>
  </rule>
 
- <rule id="$(expr "$sid" + 1)" level="0">
+ <rule id="$(expr "$sid" + 2)" level="0">
    <if_sid>1002</if_sid>
    <program_name>^sophie|^smartd</program_name>
    <description>Events ignored</description>
@@ -86,14 +88,14 @@ cp-update --comment '<!--' --comment-end '-->' \
 </group>
 
 <group name="syslog,postfix,local">
- <rule id="$(expr "$sid" + 1)" level="0">
+ <rule id="$(expr "$sid" + 3)" level="0">
    <if_sid>3303</if_sid>
    <description>Events ignored</description>
  </rule>
 
- <rule id="$(expr "$sid" + 1)" level="0">
+ <rule id="$(expr "$sid" + 4)" level="0">
   <if_sid>3356</if_sid>
-  <description>Ignore blacklisted mail...</description>
+  <description>Ignore blacklisted mail</description>
  </rule>
 </group>
 EOF