Merge branch 'develop' of Linux-Help/cookbook-ossec-ng into master

README.md

@@ -39,6 +39,7 @@ Default attributes from the ossec-server role:
         'ossec@example.net',
       ],
       "email_from" => 'ossec-server@example.net',
+      "email_idsname" => 'ossec',
       "smtp_server" => 'localhost',
       "white_list" => [
         '127.0.0.1',
@@ -97,6 +98,7 @@ Default attributes from the ossec-server role:
           '/etc/mcollective/facts.yaml' => {},
           '/etc/blkid.tab' => {},
           '/etc/mtab' => {},
+          '/etc/hosts.deny' => {},
           '/etc/mail/statistics => {}',
           '/etc/random-seed' => {},
           '/etc/adjtime' => {},

attributes/ossec.rb

@@ -6,6 +6,7 @@ default["ossec"]["receiver_port"] = "1514"
 default["ossec"]["log_alert_level"] = "1"
 default["ossec"]["email_alert_level"] = "7"
 default["ossec"]["email_maxperhour"] = "9999"
+default["ossec"]["email_idsname"] = "ossec"
 default["ossec"]["memory_size"] = "100000"
 default["ossec"]["remote"]["connection"] = "secure"
 default["ossec"]["agents"] = {}
@@ -125,6 +126,7 @@ default["ossec"]["syscheck"]["ignore"]['/etc/openvpn/openvpn-status.log'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/motd'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/blkid.tab'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/mtab'] = {}
+default["ossec"]["syscheck"]["ignore"]['/etc/hosts.deny'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/mail/statistics'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/random-seed'] = {}
 default["ossec"]["syscheck"]["ignore"]['/etc/adjtime'] = {}

libraries/core.rb

@@ -32,7 +32,7 @@ module OssecCore
 
   def ossec_event_location_search()
     # resolve the location search of an email_alert block to a hostname
-    node["ossec"]["email_alerts"].each do|recipient,params|
+    node["ossec"]["email_alerts"].each do |recipient, params|
       if params.has_key?('event_location_search')
         if Chef::Config[:solo]
           Chef::Log.warn('This recipe uses search. Chef Solo does not support search.')

metadata.rb

@@ -4,7 +4,7 @@ maintainer_email "psi-jack@linux-help.org"
 license          "GPLv2"
 description      "Installs/Configures ossec"
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          "1.2.1"
+version          "1.2.2"
 issues_url       "http://git.linux-help.org/Linux-Help/ossec-ng/issues"
 source_url       "http://git.linux-help.org/Linux-Help/ossec-ng"
 

templates/default/ossec-server.conf.erb

@@ -6,14 +6,62 @@
     <email_to><%= recipient %></email_to>
     <% end -%>
     <smtp_server><%= node["ossec"]["smtp_server"] %></smtp_server>
-    <email_from><%= node["ossec"]["email_from"]%></email_from>
+    <email_from><%= node["ossec"]["email_from"] %></email_from>
-    <email_maxperhour><%=node["ossec"]["email_maxperhour"]%></email_maxperhour>
+    <email_maxperhour><%= node["ossec"]["email_maxperhour"] %></email_maxperhour>
+    <email_idsname><%= node["ossec"]["email_idsname"] %></email_idsname>
     <memory_size><%=node["ossec"]["memory_size"]%></memory_size>
     <% node["ossec"]["white_list"].sort_by {|k| k}.each do |ip| -%>
     <white_list><%= ip %></white_list>
     <% end -%>
   </global>
 
+<% node["ossec"]["email_alerts"].sort_by {|k,v| k}.each do |recipient,params|
+     locations = []
+     if params.has_key?('event_location_tag')
+       locations = @ossec_agents.select{
+                     |n| n[:tags].include?(
+                       params[:event_location_tag]
+                     )
+                   }.map {|n2| n2.network.lanip || '172.172.172.172'}
+     elsif params.has_key?('resolved_search')
+       locations = params[:resolved_search]
+     end
+     if locations.count > 0
+       locations.sort_by {|k| k}.each do |location| -%>
+  <email_alerts>
+    <email_to><%= recipient %></email_to>
+    <event_location><%= location %></event_location>
+<%       params.sort_by {|k,v| k}.each do |key, value|
+           unless key =~ /event_location_tag|event_location_search|resolved_search/
+             if key.eql?('tags')
+               value.sort_by {|k| k}.each do |tag| -%>
+    <<%= tag %> />
+<%             end
+             else -%>
+    <<%= key %>><%= value %></<%= key %>>
+<%           end
+           end
+         end -%>
+  </email_alerts>
+<%     end
+     else -%>
+  <email_alerts>
+    <email_to><%= recipient %></email_to>
+<%     params.sort_by {|k,v| k}.each do |key, value|
+         unless key =~ /event_location_tag|event_location_search|resolved_search/
+           if key.eql?('tags')
+             value.sort_by {|k| k}.each do |tag| -%>
+    <<%= tag %> />
+<%           end
+           else -%>
+    <<%= key %>><%= value %></<%= key %>>
+<%         end
+         end
+       end -%>
+  </email_alerts>
+<%   end
+   end -%>
+
   <rules>
 <% node["ossec"]["load_rules"].each_pair do |name, value|
      if value -%>
@@ -82,36 +130,6 @@
     <% end -%>
   </reports>
 
-<% node["ossec"]["email_alerts"].sort_by {|k,v| k}.each do |recipient,params|
-     locations = []
-     if params.has_key?('event_location_tag')
-       locations = @ossec_agents.select{
-                     |n| n[:tags].include?(
-                       params[:event_location_tag]
-                     )
-                   }.map {|n2| n2.network.lanip || '172.172.172.172'}
-     elsif params.has_key?('resolved_search')
-       locations = params[:resolved_search]
-     end
-     locations.sort_by {|k| k}.each do |location| -%>
-  <email_alerts>
-    <email_to><%= recipient %></email_to>
-    <event_location><%= location %></event_location>
-<%     params.sort_by {|k,v| k}.each do |key, value|
-         unless key =~ /event_location_tag|event_location_search|resolved_search/
-           if key.eql?('tags')
-             value.sort_by {|k| k}.each do |tag| -%>
-    <<%= tag %> />
-<%           end
-           else -%>
-    <<%= key %>><%= value %></<%= key %>>
-<%         end
-         end
-       end -%>
-  </email_alerts>
-<%   end
-   end -%>
-
   <syscheck>
     <!-- Frequency that syscheck is executed -- default every 2 hours -->
     <frequency><%= node["ossec"]["syscheck"]["frequency"] %></frequency>