From: Dinko Korunic Date: Thu, 24 Feb 2011 19:08:56 +0000 (+0100) Subject: Merge commit 'v2.5.1' X-Git-Tag: v2.5.1-1~2 X-Git-Url: http://ftp.carnet.hr/pub/carnet-debian/scm?a=commitdiff_plain;h=a62b46c229549212d536867b7e5e24d7576ebe8b;hp=301048b51990573e58a30dc4a5bb4ec285cad554;p=ossec-hids.git Merge commit 'v2.5.1' --- diff --git a/README.Debian b/README.Debian new file mode 100644 index 0000000..109bffb --- /dev/null +++ b/README.Debian @@ -0,0 +1,13 @@ + + NOTES FOR DEBIAN USERS + ====================== + +Package is local-only at this moment, but brings other binaries relevant +to agent and server installations too so it is possible to switch from +local to agent/server with manipulation of ossec-control symlink. + +OSSEC expects to be installed in "/var/ossec". To make it FHS-compliant +would require certain code changes, and a complete removal of its chroot +functionality. + + -- Dinko Korunic Tue, 23 Feb 2010 14:58:23 +0100 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..be1ca71 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,33 @@ +ossec-hids (2.3-1) stable; urgency=low + + * new upstream release (2.3) + * add README.Debian + * revert to pure upstream version + * #10233: amd64 buildanje + * #10232: lintian provjera + * #10234: debian/rules clean + * #10324: instalacija + * #10413: brisanje paketa + * #10434: brisanje korisnika + + -- Dinko Korunic Thu, 11 Mar 2010 19:26:33 +0100 + +ossec-hids (2.0-1) stable; urgency=low + + * new upstream release (2.0) + + -- Dinko Korunic Sun, 24 May 2009 15:15:42 +0200 + +ossec-hids (1.5-1) stable; urgency=low + + * new upstream release (1.5) + * patch source to do HELO localhost instead of bogus notify.ossec.net + * patch source to use static pidfile names instead of appending PID to name + + -- Dinko Korunic Wed, 18 Jun 2008 17:13:52 +0200 + +ossec-hids (1.3-1) stable; urgency=low + + * initial Debian package + + -- Dinko Korunic Wed, 19 Sep 2007 22:06:15 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b8626c4 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +4 diff --git a/debian/conffiles b/debian/conffiles new file mode 100644 index 0000000..41eff52 --- /dev/null +++ b/debian/conffiles @@ -0,0 +1,3 @@ +/var/ossec/rules/local_rules.xml +/var/ossec/etc/ossec.conf +/var/ossec/etc/internal_options.conf diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..a04e4bd --- /dev/null +++ b/debian/control @@ -0,0 +1,23 @@ +Source: ossec-hids +Section: admin +Priority: extra +Maintainer: Dinko Korunic +Build-Depends: debhelper (>= 4) +Standards-Version: 3.8.0 + +Package: ossec-hids +Architecture: any +Depends: postfix | mail-transport-agent, expect (>= 5.43.0-17), adduser (>= 3.110), libc6 (>= 2.7-18lenny2) +Priority: extra +Section: admin +Description: OSSEC HIDS + OSSEC is a scalable, multi-platform, open source Host-based Intrusion + Detection System (HIDS). It has a powerful correlation and analysis + engine, integrating log analysis, file integrity checking, Windows + registry monitoring, centralized policy enforcement, rootkit detection, + real-time alerting and active response. + . + It runs on most operating systems, including Linux, OpenBSD, FreeBSD, + MacOS, Solaris and Windows. + . + More information on OSSEC is available at: http://www.ossec.net/ . diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..fcea5a5 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,47 @@ +This package was debianized by Dinko Korunic on +Mon, 01 Mar 2010 17:37:28 +0100. + +It was downloaded from http://www.ossec.net/ + +Upstream Authors: Daniel B. Cid + +Copyright: + + Copyright (C) 2009 Trend Micro Inc. All rights reserved. + + OSSEC HIDS is a free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License (version 3) as + published by the FSF - Free Software Foundation. + + Note that this license applies to the source code, as well as + decoders, rules and any other data file included with OSSEC (unless + otherwise specified). + + For the purpose of this license, we consider an application to constitute a + "derivative work" or a work based on this program if it does any of the + following (list not exclusive): + + * Integrates source code/data files from OSSEC. + * Includes OSSEC copyrighted material. + * Includes/integrates OSSEC into a proprietary executable installer. + * Links to a library or executes a program that does any of the above. + + This list is not exclusive, but just a clarification of our interpretation + of derived works. These restrictions only apply if you actually redistribute + OSSEC (or parts of it). + + We don't consider these to be added restrictions on top of the GPL, + but just a clarification of how we interpret "derived works" as it + applies to OSSEC. This is similar to the way Linus Torvalds has + announced his interpretation of how "derived works" applies to Linux kernel + modules. Our interpretation refers only to OSSEC - we don't speak + for any other GPL products. + + OSSEC HIDS is distributed in the hope that it will be useful, but WITHOUT + ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + FITNESS FOR A PARTICULAR PURPOSE. + See the GNU General Public License Version 3 below for more details. + +On Debian systems, a copy of the GNU General Public License Version 3 may be +found in /usr/share/common-licenses/GPL-3. + diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..fc1c3c5 --- /dev/null +++ b/debian/docs @@ -0,0 +1,14 @@ +BUGS +CONTRIB +CONFIG +README +doc/README.config +doc/nmap.txt +doc/rule_ids.txt +doc/active-response-internal.txt +doc/logs.txt +doc/rules.txt +doc/active-response.txt +doc/manager.txt +doc/rootcheck.txt +contrib diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..51a3d12 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,151 @@ +#!/bin/sh + +set -e + +case "$1" in + configure) + # continue below + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# users and group names +OSSEC_USER="ossec" +OSSEC_USER_MAIL="ossecm" +OSSEC_USER_EXEC="ossece" +OSSEC_USER_REM="ossecr" +OSSEC_GROUP="ossec" + +# get installation directory +. /etc/ossec-init.conf +if [ "X${DIRECTORY}" = "X" ]; then + DIRECTORY="/var/ossec" +fi + +# create group +if ! getent group $OSSEC_GROUP >/dev/null; then + addgroup --system $OSSEC_GROUP +fi + +# create/modify users +if ! getent passwd $OSSEC_USER >/dev/null; then + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER +else + usermod -g $OSSEC_GROUP -s /bin/false \ + -d $DIRECTORY $OSSEC_USER >/dev/null 2>&1 +fi +if ! getent passwd $OSSEC_USER_MAIL >/dev/null; then + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER_MAIL +else + usermod -g $OSSEC_GROUP -s /bin/false \ + -d $DIRECTORY $OSSEC_USER_MAIL >/dev/null 2>&1 +fi +if ! getent passwd $OSSEC_USER_EXEC >/dev/null; then + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER_EXEC +else + usermod -g $OSSEC_GROUP -s /bin/false \ + -d $DIRECTORY $OSSEC_USER_EXEC >/dev/null 2>&1 +fi +if ! getent passwd $OSSEC_USER_REM >/dev/null; then + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER_REM +else + usermod -g $OSSEC_GROUP -s /bin/false \ + -d $DIRECTORY $OSSEC_USER_REM >/dev/null 2>&1 +fi + +# fix ownership +chown -R root:$OSSEC_GROUP $DIRECTORY +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/alerts +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/ossec +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/fts +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/syscheck +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/rootcheck +chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/agent-info +chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs +chown -R root:$OSSEC_GROUP $DIRECTORY/etc +touch $DIRECTORY/logs/ossec.log +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh +chown -R root:$OSSEC_GROUP $DIRECTORY/rules +chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml +chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf +chown root:$OSSEC_GROUP $DIRECTORY/etc/client.keys >/dev/null 2>&1 || true +chown root:$OSSEC_GROUP $DIRECTORY/agentless/* +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh +chown -R root:$OSSEC_GROUP $DIRECTORY/etc/shared +chown root:$OSSEC_GROUP $DIRECTORY/var/run +chown root:$OSSEC_GROUP $DIRECTORY/active-response/bin/* +chown root:$OSSEC_GROUP $DIRECTORY/bin/* +chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf + +# fix perms +chmod -R 550 $DIRECTORY +chmod -R 770 $DIRECTORY/queue/alerts +chmod -R 770 $DIRECTORY/queue/ossec +chmod -R 750 $DIRECTORY/queue/fts +chmod -R 750 $DIRECTORY/queue/syscheck +chmod -R 750 $DIRECTORY/queue/rootcheck +chmod -R 750 $DIRECTORY/queue/diff +chmod -R 755 $DIRECTORY/queue/agent-info +chmod -R 755 $DIRECTORY/queue/rids +chmod -R 755 $DIRECTORY/queue/agentless +chmod -R 750 $DIRECTORY/stats +chmod -R 750 $DIRECTORY/logs +chmod -R 550 $DIRECTORY/rules +chmod 770 $DIRECTORY/var/run +chmod 550 $DIRECTORY/etc +chmod 440 $DIRECTORY/etc/internal_options.conf +chmod -R 770 $DIRECTORY/etc/shared +chmod 700 $DIRECTORY/.ssh +chmod 755 $DIRECTORY/active-response/bin/* +chmod 550 $DIRECTORY/bin/* +chmod 440 $DIRECTORY/etc/ossec.conf + +# fixups: no need for execute bits on files there +find $DIRECTORY/rules -type f -exec chmod ugo-x '{}' ';' +find $DIRECTORY/etc -type f -exec chmod ugo-x '{}' ';' + +# copy timezone and localtime +if [ -e /etc/timezone ]; then + cmp -s /etc/timezone $DIRECTORY/etc/timezone || \ + cp -a /etc/timezone $DIRECTORY/etc/timezone +fi +if [ -e /etc/localtime ]; then + cmp -s /etc/localtime $DIRECTORY/etc/localtime || \ + cp -a /etc/localtime $DIRECTORY/etc/localtime +fi + +# update system v init links +update-rc.d ossec-hids defaults >/dev/null + +# and start the service +if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d ossec-hids restart +else + /etc/init.d/ossec-hids restart +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/postrm b/debian/postrm new file mode 100644 index 0000000..cc661bc --- /dev/null +++ b/debian/postrm @@ -0,0 +1,58 @@ +#! /bin/sh + +set -e + +case "$1" in + purge) + # continue below + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + exit 0 + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# cleanup leftovers +rm -rf /var/ossec/etc /var/ossec/queue /var/ossec/stats + +# chown ossec mail directory back to root +chown -Rh root:root /var/ossec + +# users and group names +OSSEC_USER="ossec" +OSSEC_USER_MAIL="ossecm" +OSSEC_USER_EXEC="ossece" +OSSEC_USER_REM="ossecr" +OSSEC_GROUP="ossec" + +# delete users/groups +if getent passwd $OSSEC_USER >/dev/null; then + deluser $OSSEC_USER +fi +if getent passwd $OSSEC_USER_MAIL >/dev/null; then + deluser $OSSEC_USER_MAIL +fi +if getent passwd $OSSEC_USER_EXEC >/dev/null; then + deluser $OSSEC_USER_EXEC +fi +if getent passwd $OSSEC_USER_REM >/dev/null; then + deluser $OSSEC_USER_REM +fi +if getent group $OSSEC_GROUP >/dev/null; then + delgroup --quiet $OSSEC_GROUP +fi + +# update system v init links +update-rc.d -f ossec-hids remove + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/prerm b/debian/prerm new file mode 100644 index 0000000..5bcb011 --- /dev/null +++ b/debian/prerm @@ -0,0 +1,27 @@ +#!/bin/sh + +set -e + +case "$1" in + purge|remove) + # continue below + ;; + + *) + exit 0 + ;; +esac + +# stop the service +if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d ossec-hids stop +else + /etc/init.d/ossec-hids stop +fi + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..13a2f2b --- /dev/null +++ b/debian/rules @@ -0,0 +1,150 @@ +#!/usr/bin/make -f + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# Directories +SRCDIR = $(CURDIR)/src +PKGDIR = $(CURDIR)/debian/ossec-hids +DESTDIR = $(PKGDIR)/var/ossec + +# OSSEC INSTALL SUBDIRS +SUBDIRS = .ssh active-response active-response/bin agentless bin etc etc/shared logs logs/alerts logs/archives logs/firewall queue queue/agent-info queue/agentless queue/alerts queue/diff queue/fts queue/ossec queue/rids queue/rootcheck queue/syscheck rules stats tmp var var/run + +###################### main ###################### + +build: build-stamp +build-stamp: + dh_testdir + dh_clean + + $(MAKE) -C $(SRCDIR) setlocal all build + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp + + # Add here commands to clean up after the build process. + $(MAKE) -C $(SRCDIR) clean + + # additional clean + rm -f $(SRCDIR)/Config.OS \ + $(SRCDIR)/analysisd/compiled_rules/compiled_rules.h \ + $(SRCDIR)/analysisd/ossec-logtest \ + $(SRCDIR)/isbigendian \ + $(SRCDIR)/isbigendian.c \ + rm -rf $(CURDIR)/bin + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # ugly directory creation + for i in $(SUBDIRS); do \ + mkdir -p -m 700 $(DESTDIR)/$$i; \ + done + + # various files installation + install -m 644 etc/internal_options.conf $(DESTDIR)/etc + install -m 644 etc/decoder.xml $(DESTDIR)/etc + install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared + if [ -e ossec-debian.conf ]; then \ + install -m 440 ossec-debian.conf $(DESTDIR)/etc/ossec.conf; \ + else \ + install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \ + fi + install -m 440 etc/ossec-*.conf $(DESTDIR)/etc + cp -r etc/rules/* $(DESTDIR)/rules + install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless + install -s -m 755 bin/* $(DESTDIR)/bin + install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin + ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control + install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin + install -m 755 active-response/firewalls/*.sh \ + $(DESTDIR)/active-response/bin + + # attrs + chmod -R 550 $(DESTDIR) + chmod -R 770 $(DESTDIR)/queue/alerts + chmod -R 770 $(DESTDIR)/queue/ossec + chmod -R 750 $(DESTDIR)/queue/fts + chmod -R 750 $(DESTDIR)/queue/syscheck + chmod -R 750 $(DESTDIR)/queue/rootcheck + chmod -R 750 $(DESTDIR)/queue/diff + chmod -R 755 $(DESTDIR)/queue/agent-info + chmod -R 755 $(DESTDIR)/queue/rids + chmod -R 755 $(DESTDIR)/queue/agentless + chmod -R 750 $(DESTDIR)/stats + chmod -R 750 $(DESTDIR)/logs + chmod -R 550 $(DESTDIR)/rules + chmod 770 $(DESTDIR)/var/run + chmod 550 $(DESTDIR)/etc + chmod 440 $(DESTDIR)/etc/internal_options.conf + chmod -R 770 $(DESTDIR)/etc/shared + chmod 700 $(DESTDIR)/.ssh + chmod 755 $(DESTDIR)/active-response/bin/* + chmod 550 $(DESTDIR)/bin/* + chmod 440 $(DESTDIR)/etc/ossec.conf + + # fixups: no need for execute bits on files there + find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';' + find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';' + + # system init script + mkdir -p $(PKGDIR)/etc/init.d + if [ -e ossec-hids-debian.init ]; then \ + install -m 755 ossec-hids-debian.init \ + $(PKGDIR)/etc/init.d/ossec-hids; \ + else \ + install -m 755 src/init/ossec-hids.init \ + $(PKGDIR)/etc/init.d/ossec-hids; \ + fi + + # system ossec-init + echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf + echo "VERSION=\"`cat src/VERSION`\"" >> $(PKGDIR)/etc/ossec-init.conf + echo "DATE=\"$(shell date --utc -d "$(shell dpkg-parsechangelog | sed -ne 's/Date: //p')")\"" >> $(PKGDIR)/etc/ossec-init.conf + echo "TYPE=\"local\"" >> $(PKGDIR)/etc/ossec-init.conf + +# Build architecture-independent files here. +binary-indep: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs +# dh_installexamples +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installcatalogs +# dh_installpam +# dh_installmime +# dh_installinit +# dh_installcron +# dh_installinfo +# dh_undocumented + dh_installman + dh_link + dh_compress + dh_fixperms +# dh_perl +# dh_python + dh_installdeb + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +binary-arch: build install +# We have nothing to do by default. + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install diff --git a/ossec-debian.conf b/ossec-debian.conf new file mode 100644 index 0000000..76ff99a --- /dev/null +++ b/ossec-debian.conf @@ -0,0 +1,158 @@ + + + yes + root@localhost + 127.0.0.1 + ossecm@localhost + + + + rules_config.xml + pam_rules.xml + sshd_rules.xml + telnetd_rules.xml + syslog_rules.xml + arpwatch_rules.xml + symantec-av_rules.xml + symantec-ws_rules.xml + pix_rules.xml + named_rules.xml + smbd_rules.xml + vsftpd_rules.xml + pure-ftpd_rules.xml + proftpd_rules.xml + ms_ftpd_rules.xml + ftpd_rules.xml + hordeimp_rules.xml + roundcube_rules.xml + wordpress_rules.xml + vpopmail_rules.xml + vmpop3d_rules.xml + courier_rules.xml + web_rules.xml + apache_rules.xml + nginx_rules.xml + php_rules.xml + mysql_rules.xml + postgresql_rules.xml + ids_rules.xml + squid_rules.xml + firewall_rules.xml + cisco-ios_rules.xml + netscreenfw_rules.xml + sonicwall_rules.xml + postfix_rules.xml + sendmail_rules.xml + imapd_rules.xml + mailscanner_rules.xml + dovecot_rules.xml + ms-exchange_rules.xml + racoon_rules.xml + vpn_concentrator_rules.xml + spamd_rules.xml + msauth_rules.xml + mcafee_av_rules.xml + trend-osce_rules.xml + + zeus_rules.xml + solaris_bsm_rules.xml + vmware_rules.xml + ms_dhcp_rules.xml + asterisk_rules.xml + ossec_rules.xml + attack_rules.xml + local_rules.xml + + + + + 79200 + + + /etc,/usr/bin,/usr/sbin + /bin,/sbin + + + /etc/mtab + /etc/mnttab + /etc/hosts.deny + /etc/mail/statistics + /etc/random-seed + /etc/adjtime + /etc/httpd/logs + /etc/utmpx + /etc/wtmpx + /etc/cups/certs + /etc/dumpdates + /etc/svc/volatile + + + + /var/ossec/etc/shared/rootkit_files.txt + /var/ossec/etc/shared/rootkit_trojans.txt + /var/ossec/etc/shared/system_audit_rcl.txt + /var/ossec/etc/shared/cis_debian_linux_rcl.txt + /var/ossec/etc/shared/cis_rhel_linux_rcl.txt + /var/ossec/etc/shared/cis_rhel5_linux_rcl.txt + + + + yes + + + + 1 + 7 + + + + + syslog + /var/log/messages + + + + syslog + /var/log/auth.log + + + + syslog + /var/log/syslog + + + + syslog + /var/log/xferlog + + + + syslog + /var/log/vsftpd.log + + + + syslog + /var/log/mail.info + + + + syslog + /var/log/maillog + + + + syslog + /var/log/dpkg.log + + + + apache + /var/log/apache2/error.log + + + + apache + /var/log/apache2/access.log + + diff --git a/ossec-hids-debian.init b/ossec-hids-debian.init new file mode 100644 index 0000000..0842549 --- /dev/null +++ b/ossec-hids-debian.init @@ -0,0 +1,64 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: ossec-hids +# Required-Start: $local_fs $remote_fs $syslog +# Required-Stop: $local_fs $remote_fs $syslog +# Should-Start: $all +# Should-Stop: $all +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: OSSEC HIDS init script +# Description: Init script for OSSEC HIDS services +### END INIT INFO + +# OSSEC Controls OSSEC HIDS +# Author: Daniel B. Cid +# Modified for slackware by Jack S. Lai +# Modified for Debian package by Dinko Korunic + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +. /etc/ossec-init.conf +if [ "X${DIRECTORY}" = "X" ]; then + DIRECTORY="/var/ossec" +fi + + +start() { + ${DIRECTORY}/bin/ossec-control start +} + +stop() { + ${DIRECTORY}/bin/ossec-control stop +} + +status() { + ${DIRECTORY}/bin/ossec-control status +} + + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + force-reload) + stop + start + ;; + status) + status + ;; + *) + echo "*** Usage: $0 {start|stop|restart|status}" + exit 1 +esac + +exit 0