From ba71c21c0b010548024806de5caaddb422c8e684 Mon Sep 17 00:00:00 2001 From: Dinko Korunic Date: Sat, 6 Mar 2010 16:11:02 +0100 Subject: [PATCH] - fixevi za ispravne grupe/dozvole - normalan OSSEC HIDS template umjesto neispravnog upstreamovog --- debian/postinst | 36 ++++++++---- debian/rules | 4 +- ossec-debian.conf | 158 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 186 insertions(+), 12 deletions(-) create mode 100644 ossec-debian.conf diff --git a/debian/postinst b/debian/postinst index 001da51..7af45b2 100755 --- a/debian/postinst +++ b/debian/postinst @@ -30,23 +30,39 @@ if [ "X${DIRECTORY}" = "X" ]; then DIRECTORY="/var/ossec" fi -# create users +# create group +if ! getent group $OSSEC_GROUP >/dev/null; then + addgroup --system $OSSEC_GROUP +fi + +# create/modify users if ! getent passwd $OSSEC_USER >/dev/null; then - adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER +else + usermod -g $OSSEC_GROUP -s /bin/false -d $DIRECTORY $OSSEC_USER fi if ! getent passwd $OSSEC_USER_MAIL >/dev/null; then - adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_MAIL + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER_MAIL +else + usermod -g $OSSEC_GROUP -s /bin/false -d $DIRECTORY $OSSEC_USER_MAIL fi if ! getent passwd $OSSEC_USER_EXEC >/dev/null; then - adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_EXEC + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER_EXEC +else + usermod -g $OSSEC_GROUP -s /bin/false -d $DIRECTORY $OSSEC_USER_EXEC fi if ! getent passwd $OSSEC_USER_REM >/dev/null; then - adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_REM -fi - -# create group -if ! getent group $OSSEC_GROUP >/dev/null; then - addgroup --system $OSSEC_GROUP + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER_REM +else + usermod -g $OSSEC_GROUP -s /bin/false -d $DIRECTORY $OSSEC_USER_REM fi # fix ownership diff --git a/debian/rules b/debian/rules index f1b0e62..c7650ee 100755 --- a/debian/rules +++ b/debian/rules @@ -55,8 +55,8 @@ install: build install -m 644 etc/internal_options.conf $(DESTDIR)/etc install -m 644 etc/decoder.xml $(DESTDIR)/etc install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared - if [ -e etc/ossec.mc ]; then \ - install -m 440 etc/ossec.mc $(DESTDIR)/etc/ossec.conf; \ + if [ -e ossec-debian.conf ]; then \ + install -m 440 ossec-debian.conf $(DESTDIR)/etc/ossec.conf; \ else \ install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \ fi diff --git a/ossec-debian.conf b/ossec-debian.conf new file mode 100644 index 0000000..76ff99a --- /dev/null +++ b/ossec-debian.conf @@ -0,0 +1,158 @@ + + + yes + root@localhost + 127.0.0.1 + ossecm@localhost + + + + rules_config.xml + pam_rules.xml + sshd_rules.xml + telnetd_rules.xml + syslog_rules.xml + arpwatch_rules.xml + symantec-av_rules.xml + symantec-ws_rules.xml + pix_rules.xml + named_rules.xml + smbd_rules.xml + vsftpd_rules.xml + pure-ftpd_rules.xml + proftpd_rules.xml + ms_ftpd_rules.xml + ftpd_rules.xml + hordeimp_rules.xml + roundcube_rules.xml + wordpress_rules.xml + vpopmail_rules.xml + vmpop3d_rules.xml + courier_rules.xml + web_rules.xml + apache_rules.xml + nginx_rules.xml + php_rules.xml + mysql_rules.xml + postgresql_rules.xml + ids_rules.xml + squid_rules.xml + firewall_rules.xml + cisco-ios_rules.xml + netscreenfw_rules.xml + sonicwall_rules.xml + postfix_rules.xml + sendmail_rules.xml + imapd_rules.xml + mailscanner_rules.xml + dovecot_rules.xml + ms-exchange_rules.xml + racoon_rules.xml + vpn_concentrator_rules.xml + spamd_rules.xml + msauth_rules.xml + mcafee_av_rules.xml + trend-osce_rules.xml + + zeus_rules.xml + solaris_bsm_rules.xml + vmware_rules.xml + ms_dhcp_rules.xml + asterisk_rules.xml + ossec_rules.xml + attack_rules.xml + local_rules.xml + + + + + 79200 + + + /etc,/usr/bin,/usr/sbin + /bin,/sbin + + + /etc/mtab + /etc/mnttab + /etc/hosts.deny + /etc/mail/statistics + /etc/random-seed + /etc/adjtime + /etc/httpd/logs + /etc/utmpx + /etc/wtmpx + /etc/cups/certs + /etc/dumpdates + /etc/svc/volatile + + + + /var/ossec/etc/shared/rootkit_files.txt + /var/ossec/etc/shared/rootkit_trojans.txt + /var/ossec/etc/shared/system_audit_rcl.txt + /var/ossec/etc/shared/cis_debian_linux_rcl.txt + /var/ossec/etc/shared/cis_rhel_linux_rcl.txt + /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt + + + + yes + + + + 1 + 7 + + + + + syslog + /var/log/messages + + + + syslog + /var/log/auth.log + + + + syslog + /var/log/syslog + + + + syslog + /var/log/xferlog + + + + syslog + /var/log/vsftpd.log + + + + syslog + /var/log/mail.info + + + + syslog + /var/log/maillog + + + + syslog + /var/log/dpkg.log + + + + apache + /var/log/apache2/error.log + + + + apache + /var/log/apache2/access.log + + -- 1.7.10.4