diff --git a/README.md b/README.md
index ab1237c..b5b86d3 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,7 @@ Default attributes from the ossec-server role:
'ossec@example.net',
],
"email_from" => 'ossec-server@example.net',
+ "email_idsname" => 'ossec',
"smtp_server" => 'localhost',
"white_list" => [
'127.0.0.1',
@@ -97,6 +98,7 @@ Default attributes from the ossec-server role:
'/etc/mcollective/facts.yaml' => {},
'/etc/blkid.tab' => {},
'/etc/mtab' => {},
+ '/etc/hosts.deny' => {},
'/etc/mail/statistics => {}',
'/etc/random-seed' => {},
'/etc/adjtime' => {},
diff --git a/attributes/ossec.rb b/attributes/ossec.rb
index ad91c1d..cf35584 100644
--- a/attributes/ossec.rb
+++ b/attributes/ossec.rb
@@ -6,6 +6,7 @@ default["ossec"]["receiver_port"] = "1514"
default["ossec"]["log_alert_level"] = "1"
default["ossec"]["email_alert_level"] = "7"
default["ossec"]["email_maxperhour"] = "9999"
+default["ossec"]["email_idsname"] = "ossec"
default["ossec"]["memory_size"] = "100000"
default["ossec"]["remote"]["connection"] = "secure"
default["ossec"]["agents"] = {}
@@ -125,6 +126,7 @@ default["ossec"]["syscheck"]["ignore"]['/etc/openvpn/openvpn-status.log'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/motd'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/blkid.tab'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/mtab'] = {}
+default["ossec"]["syscheck"]["ignore"]['/etc/hosts.deny'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/mail/statistics'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/random-seed'] = {}
default["ossec"]["syscheck"]["ignore"]['/etc/adjtime'] = {}
diff --git a/libraries/core.rb b/libraries/core.rb
index c3b6865..39885f9 100644
--- a/libraries/core.rb
+++ b/libraries/core.rb
@@ -32,7 +32,7 @@ module OssecCore
def ossec_event_location_search()
# resolve the location search of an email_alert block to a hostname
- node["ossec"]["email_alerts"].each do|recipient,params|
+ node["ossec"]["email_alerts"].each do |recipient, params|
if params.has_key?('event_location_search')
if Chef::Config[:solo]
Chef::Log.warn('This recipe uses search. Chef Solo does not support search.')
diff --git a/metadata.rb b/metadata.rb
index f9c6d09..acdc301 100644
--- a/metadata.rb
+++ b/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email "psi-jack@linux-help.org"
license "GPLv2"
description "Installs/Configures ossec"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version "1.2.1"
+version "1.2.2"
issues_url "http://git.linux-help.org/Linux-Help/ossec-ng/issues"
source_url "http://git.linux-help.org/Linux-Help/ossec-ng"
diff --git a/templates/default/ossec-server.conf.erb b/templates/default/ossec-server.conf.erb
index ff5c1f9..c49981e 100644
--- a/templates/default/ossec-server.conf.erb
+++ b/templates/default/ossec-server.conf.erb
@@ -6,14 +6,62 @@
<%= recipient %>
<% end -%>
<%= node["ossec"]["smtp_server"] %>
- <%= node["ossec"]["email_from"]%>
- <%=node["ossec"]["email_maxperhour"]%>
+ <%= node["ossec"]["email_from"] %>
+ <%= node["ossec"]["email_maxperhour"] %>
+ <%= node["ossec"]["email_idsname"] %>
<%=node["ossec"]["memory_size"]%>
<% node["ossec"]["white_list"].sort_by {|k| k}.each do |ip| -%>
<%= ip %>
<% end -%>
+<% node["ossec"]["email_alerts"].sort_by {|k,v| k}.each do |recipient,params|
+ locations = []
+ if params.has_key?('event_location_tag')
+ locations = @ossec_agents.select{
+ |n| n[:tags].include?(
+ params[:event_location_tag]
+ )
+ }.map {|n2| n2.network.lanip || '172.172.172.172'}
+ elsif params.has_key?('resolved_search')
+ locations = params[:resolved_search]
+ end
+ if locations.count > 0
+ locations.sort_by {|k| k}.each do |location| -%>
+
+ <%= recipient %>
+ <%= location %>
+<% params.sort_by {|k,v| k}.each do |key, value|
+ unless key =~ /event_location_tag|event_location_search|resolved_search/
+ if key.eql?('tags')
+ value.sort_by {|k| k}.each do |tag| -%>
+ <<%= tag %> />
+<% end
+ else -%>
+ <<%= key %>><%= value %>>
+<% end
+ end
+ end -%>
+
+<% end
+ else -%>
+
+ <%= recipient %>
+<% params.sort_by {|k,v| k}.each do |key, value|
+ unless key =~ /event_location_tag|event_location_search|resolved_search/
+ if key.eql?('tags')
+ value.sort_by {|k| k}.each do |tag| -%>
+ <<%= tag %> />
+<% end
+ else -%>
+ <<%= key %>><%= value %>>
+<% end
+ end
+ end -%>
+
+<% end
+ end -%>
+
<% node["ossec"]["load_rules"].each_pair do |name, value|
if value -%>
@@ -82,36 +130,6 @@
<% end -%>
-<% node["ossec"]["email_alerts"].sort_by {|k,v| k}.each do |recipient,params|
- locations = []
- if params.has_key?('event_location_tag')
- locations = @ossec_agents.select{
- |n| n[:tags].include?(
- params[:event_location_tag]
- )
- }.map {|n2| n2.network.lanip || '172.172.172.172'}
- elsif params.has_key?('resolved_search')
- locations = params[:resolved_search]
- end
- locations.sort_by {|k| k}.each do |location| -%>
-
- <%= recipient %>
- <%= location %>
-<% params.sort_by {|k,v| k}.each do |key, value|
- unless key =~ /event_location_tag|event_location_search|resolved_search/
- if key.eql?('tags')
- value.sort_by {|k| k}.each do |tag| -%>
- <<%= tag %> />
-<% end
- else -%>
- <<%= key %>><%= value %>>
-<% end
- end
- end -%>
-
-<% end
- end -%>
-
<%= node["ossec"]["syscheck"]["frequency"] %>