4 # Add a new remote host to be monitored via lynx
5 # Add a new remote host to be monitored (DNS)
6 # Add a new command to be monitored
7 # by Daniel B. Cid - dcid ( at ) ossec.net
13 if ! [ -e /etc/ossec-init.conf ]; then
14 echo OSSEC Manager not found. Exiting...
18 . /etc/ossec-init.conf
20 if [ "X$FILE" = "X" ]; then
21 echo "$0: addfile <filename> [<format>]"
22 echo "$0: addsite <domain>"
23 echo "$0: adddns <domain>"
24 #echo "$0: addcommand <command>"
26 #echo "Example: $0 addcommand 'netstat -tan |grep LISTEN| grep -v 127.0.0.1'"
27 echo "Example: $0 adddns ossec.net"
28 echo "Example: $0 addsite dcid.me"
32 if [ "X$FORMAT" = "X" ]; then
37 if [ $ACTION = "addfile" ]; then
38 # Checking if file is already configured
39 grep "$FILE" ${DIRECTORY}/etc/ossec.conf > /dev/null 2>&1
41 echo "$0: File $FILE already configured at ossec."
45 # Checking if file exist
46 ls -la $FILE > /dev/null 2>&1
48 echo "$0: File $FILE does not exist."
55 <log_format>$FORMAT</log_format>
56 <location>$FILE</location>
59 " >> ${DIRECTORY}/etc/ossec.conf
61 echo "$0: File $FILE added.";
66 # Adding a new DNS check
67 if [ $ACTION = "adddns" ]; then
68 COMMAND="host -W 5 -t NS $FILE; host -W 5 -t A $FILE | sort"
69 echo $FILE | grep -E '^[a-z0-9A-Z.-]+$' >/dev/null 2>&1
71 echo "$0: Invalid domain: $FILE"
75 grep "host -W 5 -t NS $FILE" ${DIRECTORY}/etc/ossec.conf >/dev/null 2>&1
77 echo "$0: Already configured for $FILE"
85 <log_format>full_command</log_format>
86 <command>$COMMAND</command>
89 " >> ${DIRECTORY}/etc/ossec.conf || MYERR=1;
91 if [ $MYERR = 1 ]; then
92 echo "$0: Unable to modify the configuration file.";
98 grep "\"$FIRSTRULE\"" ${DIRECTORY}/rules/local_rules.xml > /dev/null 2>&1
100 FIRSTRULE=`expr $FIRSTRULE + 1`
108 <group name=\"local,dnschanges,\">
109 <rule id=\"$FIRSTRULE\" level=\"0\">
112 <match>^ossec: output: 'host -W 5 -t NS $FILE</match>
113 <description>DNS Changed for $FILE</description>
116 " >> ${DIRECTORY}/rules/local_rules.xml || MYERR=1;
118 if [ $MYERR = 1 ]; then
119 echo "$0: Unable to modify the local rules file.";
123 echo "Domain $FILE added to be monitored."
128 # Adding a new lynx check
129 if [ $ACTION = "addsite" ]; then
130 COMMAND="lynx --connect_timeout 10 --dump $FILE | head -n 10"
131 echo $FILE | grep -E '^[a-z0-9A-Z.-]+$' >/dev/null 2>&1
133 echo "$0: Invalid domain: $FILE"
137 grep "lynx --connect_timeout 10 --dump $FILE" ${DIRECTORY}/etc/ossec.conf >/dev/null 2>&1
139 echo "$0: Already configured for $FILE"
147 <log_format>full_command</log_format>
148 <command>$COMMAND</command>
151 " >> ${DIRECTORY}/etc/ossec.conf || MYERR=1;
153 if [ $MYERR = 1 ]; then
154 echo "$0: Unable to modify the configuration file.";
160 grep "\"$FIRSTRULE\"" ${DIRECTORY}/rules/local_rules.xml > /dev/null 2>&1
162 FIRSTRULE=`expr $FIRSTRULE + 1`
170 <group name=\"local,sitechange,\">
171 <rule id=\"$FIRSTRULE\" level=\"0\">
174 <match>^ossec: output: 'lynx --connect_timeout 10 --dump $FILE</match>
175 <description>DNS Changed for $FILE</description>
178 " >> ${DIRECTORY}/rules/local_rules.xml || MYERR=1;
180 if [ $MYERR = 1 ]; then
181 echo "$0: Unable to modify the local rules file.";
185 echo "Domain $FILE added to be monitored."