4 # Add a new remote host to be monitored via lynx
5 # Add a new remote host to be monitored (DNS)
6 # Add a new command to be monitored
7 # by Daniel B. Cid - dcid ( at ) ossec.net
13 if [ "X$FILE" = "X" ]; then
14 echo "$0: addfile <filename> [<format>]"
15 echo "$0: addsite <domain>"
16 echo "$0: adddns <domain>"
17 #echo "$0: addcommand <command>"
19 #echo "Example: $0 addcommand 'netstat -tan |grep LISTEN| grep -v 127.0.0.1'"
20 echo "Example: $0 adddns ossec.net"
21 echo "Example: $0 addsite dcid.me"
25 if [ "X$FORMAT" = "X" ]; then
30 if [ $ACTION = "addfile" ]; then
31 # Checking if file is already configured
32 grep "$FILE" /var/ossec/etc/ossec.conf > /dev/null 2>&1
34 echo "$0: File $FILE already configured at ossec."
38 # Checking if file exist
39 ls -la $FILE > /dev/null 2>&1
41 echo "$0: File $FILE does not exist."
48 <log_format>$FORMAT</log_format>
49 <location>$FILE</location>
52 " >> /var/ossec/etc/ossec.conf
54 echo "$0: File $FILE added.";
59 # Adding a new DNS check
60 if [ $ACTION = "adddns" ]; then
61 COMMAND="host -W 5 -t NS $FILE; host -W 5 -t A $FILE | sort"
62 echo $FILE | grep -E '^[a-z0-9A-Z.-]+$' >/dev/null 2>&1
64 echo "$0: Invalid domain: $FILE"
68 grep "host -W 5 -t NS $FILE" /var/ossec/etc/ossec.conf >/dev/null 2>&1
70 echo "$0: Already configured for $FILE"
78 <log_format>full_command</log_format>
79 <command>$COMMAND</command>
82 " >> /var/ossec/etc/ossec.conf || MYERR=1;
84 if [ $MYERR = 1 ]; then
85 echo "$0: Unable to modify the configuration file.";
91 grep "\"$FIRSTRULE\"" /var/ossec/rules/local_rules.xml > /dev/null 2>&1
93 FIRSTRULE=`expr $FIRSTRULE + 1`
101 <group name=\"local,dnschanges,\">
102 <rule id=\"$FIRSTRULE\" level=\"0\">
105 <match>^ossec: output: 'host -W 5 -t NS $FILE</match>
106 <description>DNS Changed for $FILE</description>
109 " >> /var/ossec/rules/local_rules.xml || MYERR=1;
111 if [ $MYERR = 1 ]; then
112 echo "$0: Unable to modify the local rules file.";
116 echo "Domain $FILE added to be monitored."
121 # Adding a new lynx check
122 if [ $ACTION = "addsite" ]; then
123 COMMAND="lynx --connect_timeout 10 --dump $FILE | head -n 10"
124 echo $FILE | grep -E '^[a-z0-9A-Z.-]+$' >/dev/null 2>&1
126 echo "$0: Invalid domain: $FILE"
130 grep "lynx --connect_timeout 10 --dump $FILE" /var/ossec/etc/ossec.conf >/dev/null 2>&1
132 echo "$0: Already configured for $FILE"
140 <log_format>full_command</log_format>
141 <command>$COMMAND</command>
144 " >> /var/ossec/etc/ossec.conf || MYERR=1;
146 if [ $MYERR = 1 ]; then
147 echo "$0: Unable to modify the configuration file.";
153 grep "\"$FIRSTRULE\"" /var/ossec/rules/local_rules.xml > /dev/null 2>&1
155 FIRSTRULE=`expr $FIRSTRULE + 1`
163 <group name=\"local,sitechange,\">
164 <rule id=\"$FIRSTRULE\" level=\"0\">
167 <match>^ossec: output: 'lynx --connect_timeout 10 --dump $FILE</match>
168 <description>DNS Changed for $FILE</description>
171 " >> /var/ossec/rules/local_rules.xml || MYERR=1;
173 if [ $MYERR = 1 ]; then
174 echo "$0: Unable to modify the local rules file.";
178 echo "Domain $FILE added to be monitored."