From: Dinko Korunic <Dinko.Korunic@CARNet.hr>
Date: Wed, 31 Oct 2007 16:13:48 +0000 (+0000)
Subject: r2: - fix SID parse
X-Git-Tag: v2.5.1-1~5
X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=commitdiff_plain;h=00b7e03072be97390b39838cd7a9f55aaac7d63d;p=ossec-hids-cn.git

r2: - fix SID parse
- fix SID generate in local rules
---

diff --git a/debian/changelog b/debian/changelog
index c730abc..73771ad 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ossec-hids-cn (1.3-2) stable; urgency=low
+
+  * ispravna detekcija/generiranje SID-ova
+
+ -- Dinko Korunic <kreator@carnet.hr>  Wed, 31 Oct 2007 14:32:32 +0100
+
 ossec-hids-cn (1.3-1) stable; urgency=low
 
   * inicijalna verzija paketa
diff --git a/debian/postinst b/debian/postinst
index eb8c4f2..fda11a0 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -49,7 +49,7 @@ script='
 BEGIN {
     FS = "\""
 }
-/^[ \t]*<rule id="[[:digit:]]+" .*>/ {
+/^[[:space:]]*<rule id="[[:digit:]]*".*>/ {
     if (max < $2)
         max = $2
 }
@@ -57,10 +57,12 @@ END {
     print max
 };
 '
-sid=100000
 if [ -e "$local_rules" ]; then
     sid=$(awk "$script" "$local_rules")
 fi
+if [ -z "$sid" ]; then
+    sid=100000
+fi
 
 # update local rules with our policy
 if [ -e "$local_rules" ]; then
@@ -78,7 +80,7 @@ cp-update --comment '<!--' --comment-end '-->' \
    <description>Events ignored</description>
  </rule>
 
- <rule id="$(expr "$sid" + 1)" level="0">
+ <rule id="$(expr "$sid" + 2)" level="0">
    <if_sid>1002</if_sid>
    <program_name>^sophie|^smartd</program_name>
    <description>Events ignored</description>
@@ -86,14 +88,14 @@ cp-update --comment '<!--' --comment-end '-->' \
 </group>
 
 <group name="syslog,postfix,local">
- <rule id="$(expr "$sid" + 1)" level="0">
+ <rule id="$(expr "$sid" + 3)" level="0">
    <if_sid>3303</if_sid>
    <description>Events ignored</description>
  </rule>
 
- <rule id="$(expr "$sid" + 1)" level="0">
+ <rule id="$(expr "$sid" + 4)" level="0">
   <if_sid>3356</if_sid>
-  <description>Ignore blacklisted mail...</description>
+  <description>Ignore blacklisted mail</description>
  </rule>
 </group>
 EOF