Mise à jour automatique de local rules.xml : Différence entre versions
De wikiGite
| Ligne 1 : | Ligne 1 : | ||
| − | Créer le script /opt/systools/ossec-local-rules.sh par [[Mise_%C3%A0_jour_automatique_des_scripts]]. | + | Créer le script le script suivant (/opt/systools/ossec-local-rules.sh) par [[Mise_%C3%A0_jour_automatique_des_scripts]]. |
| + | #!/bin/bash | ||
| + | OSSEC_DIR=/opt/ossec | ||
| + | UPDATE_SERVER=http://www.systea.net/public/MaJ | ||
| + | CHANGED=0 | ||
| + | REPORT_EMAIL=fsoyer@systea.net | ||
| + | # Verify if standard directory exist | ||
| + | if [ -d $OSSEC_DIR ] | ||
| + | then | ||
| + | # Get files | ||
| + | cd $OSSEC_DIR/rules | ||
| + | wget -q $UPDATE_SERVER/local_rules.xml.custom > /dev/null 2>&1 | ||
| + | # If download is ok | ||
| + | if [ $? -eq 0 ] | ||
| + | then | ||
| + | cmp local_rules.xml.custom local_rules.xml > /dev/null 2>&1 | ||
| + | # If downloaded file differs from local file, install it | ||
| + | if [ $? -gt 0 ] | ||
| + | then | ||
| + | # If there is no backup copy of xml files | ||
| + | if [ ! -f local_rules.xml.dist ] | ||
| + | then | ||
| + | cp local_rules.xml local_rules.xml.dist | ||
| + | fi | ||
| + | mv local_rules.xml.custom local_rules.xml | ||
| + | logger -t ossec "local_rules.xml has changed. Restart needed." | ||
| + | CHANGED=1 | ||
| + | else | ||
| + | rm -f local_rules.xml.custom* | ||
| + | logger -t ossec "local_rules.xml not changed. No restart needed." | ||
| + | fi | ||
| + | fi | ||
| + | cd $OSSEC_DIR/etc | ||
| + | wget -q $UPDATE_SERVER/decoder.xml.custom > /dev/null 2>&1 | ||
| + | # If download is ok | ||
| + | if [ $? -eq 0 ] | ||
| + | then | ||
| + | cmp decoder.xml.custom decoder.xml > /dev/null 2>&1 | ||
| + | # If downloaded file differs from local file, install it | ||
| + | if [ $? -gt 0 ] | ||
| + | then | ||
| + | # If there is no backup copy of xml files | ||
| + | if [ ! -f decoder.xml.dist ] | ||
| + | then | ||
| + | cp decoder.xml decoder.xml.dist | ||
| + | fi | ||
| + | mv decoder.xml.custom decoder.xml | ||
| + | logger -t ossec "decoder.xml has changed. Restart needed." | ||
| + | CHANGED=1 | ||
| + | else | ||
| + | rm -f decoder.xml.custom* | ||
| + | logger -t ossec "decoder.xml not changed. No restart needed." | ||
| + | fi | ||
| + | fi | ||
| + | if [ $CHANGED -eq 1 ] | ||
| + | then | ||
| + | /etc/init.d/ossec restart > /dev/null 2>&1 | ||
| + | ( | ||
| + | echo "Subject: [ossec_update] Daily run : ossec restarted" | ||
| + | echo "" | ||
| + | echo "Status of processes (must return 6 processes running) :" | ||
| + | /etc/init.d/ossec status | ||
| + | ) | /usr/sbin/sendmail $REPORT_EMAIL | ||
| + | fi | ||
| + | fi | ||
Si ce n'est pas déjà fait, planifier le script | Si ce n'est pas déjà fait, planifier le script | ||
Version du 25 mars 2010 à 09:25
Créer le script le script suivant (/opt/systools/ossec-local-rules.sh) par Mise_à_jour_automatique_des_scripts.
#!/bin/bash OSSEC_DIR=/opt/ossec UPDATE_SERVER=http://www.systea.net/public/MaJ CHANGED=0 REPORT_EMAIL=fsoyer@systea.net # Verify if standard directory exist if [ -d $OSSEC_DIR ] then # Get files cd $OSSEC_DIR/rules wget -q $UPDATE_SERVER/local_rules.xml.custom > /dev/null 2>&1 # If download is ok if [ $? -eq 0 ] then cmp local_rules.xml.custom local_rules.xml > /dev/null 2>&1 # If downloaded file differs from local file, install it if [ $? -gt 0 ] then # If there is no backup copy of xml files if [ ! -f local_rules.xml.dist ] then cp local_rules.xml local_rules.xml.dist fi mv local_rules.xml.custom local_rules.xml logger -t ossec "local_rules.xml has changed. Restart needed." CHANGED=1 else rm -f local_rules.xml.custom* logger -t ossec "local_rules.xml not changed. No restart needed." fi fi cd $OSSEC_DIR/etc wget -q $UPDATE_SERVER/decoder.xml.custom > /dev/null 2>&1 # If download is ok if [ $? -eq 0 ] then cmp decoder.xml.custom decoder.xml > /dev/null 2>&1 # If downloaded file differs from local file, install it if [ $? -gt 0 ] then # If there is no backup copy of xml files if [ ! -f decoder.xml.dist ] then cp decoder.xml decoder.xml.dist fi mv decoder.xml.custom decoder.xml logger -t ossec "decoder.xml has changed. Restart needed." CHANGED=1 else rm -f decoder.xml.custom* logger -t ossec "decoder.xml not changed. No restart needed." fi fi if [ $CHANGED -eq 1 ] then /etc/init.d/ossec restart > /dev/null 2>&1 ( echo "Subject: [ossec_update] Daily run : ossec restarted" echo "" echo "Status of processes (must return 6 processes running) :" /etc/init.d/ossec status ) | /usr/sbin/sendmail $REPORT_EMAIL fi fi
Si ce n'est pas déjà fait, planifier le script
cd /etc/cron.daily ln -s /opt/systools/ossec-local-rules.sh
Et le lancer une première fois manuellement dès qu'il a été mis à jour par maj_scripts.sh
./ossec-local-rules.sh ls -l /opt/ossec/rules/local*
