+#!/bin/sh
+# postinst script for bind9-cn
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+#
+
+case "$1" in
+ configure|reconfigure)
+ # continue below
+ ;;
+
+ *)
+ exit 0
+ ;;
+esac
+
+# import CN-functions
+. /usr/share/carnet-tools/functions.sh
+
+# get installation directory
+. /etc/ossec-init.conf
+if [ "X${DIRECTORY}" = "X" ]; then
+ DIRECTORY="/var/ossec"
+fi
+
+# sanity check
+if [ ! -d "$DIRECTORY/rules" ]; then
+ echo "CN: There is no "$DIRECTORY/rules" directory, exiting..."
+ echo "CN: Please reinstall ossec-hids package"
+ exit 1
+fi
+
+# find first available sid
+local_rules="$DIRECTORY/rules/local_rules.xml"
+script='
+BEGIN {
+ FS = "\""
+}
+/^[ \t]*<rule id="[[:digit:]]+" .*>/ {
+ if (max < $2)
+ max = $2
+}
+END {
+ print max
+};
+'
+sid=100000
+if [ -e "$local_rules" ]; then
+ sid=$(awk "$script" "$local_rules")
+fi
+
+# update local rules with our policy
+if [ -e "$local_rules" ]; then
+ cp "$local_rules" "$local_rules.$$"
+else
+ touch "$local_rules.$$"
+fi
+
+cp-update --comment '<!--' --comment-end '-->' \
+ ossec-hids-cn "$local_rules.$$" <<EOF
+<group name="syslog,errors,local">
+ <rule id="$(expr "$sid" + 1)" level="0">
+ <if_sid>1002</if_sid>
+ <match>rsync</match>
+ <description>Events ignored</description>
+ </rule>
+
+ <rule id="$(expr "$sid" + 1)" level="0">
+ <if_sid>1002</if_sid>
+ <program_name>^sophie|^smartd</program_name>
+ <description>Events ignored</description>
+ </rule>
+</group>
+
+<group name="syslog,postfix,local">
+ <rule id="$(expr "$sid" + 1)" level="0">
+ <if_sid>3303</if_sid>
+ <description>Events ignored</description>
+ </rule>
+
+ <rule id="$(expr "$sid" + 1)" level="0">
+ <if_sid>3356</if_sid>
+ <description>Ignore blacklisted mail...</description>
+ </rule>
+</group>
+EOF
+cp_mv "$local_rules.$$" "$local_rules"
+
+# and restart the service
+if [ -x /usr/sbin/invoke-rc.d ]; then
+ invoke-rc.d ossec-hids restart
+else
+ /etc/init.d/ossec-hids restart
+fi
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0