From c35f2a4de5c596128911b23de7a9101b4dfe9c67 Mon Sep 17 00:00:00 2001 From: Eric Renfro Date: Sun, 24 Jul 2016 18:12:09 -0400 Subject: [PATCH] Added email_idsname, fixed email_alerts to not require location --- README.md | 1 + attributes/ossec.rb | 1 + libraries/core.rb | 2 +- metadata.rb | 2 +- templates/default/ossec-server.conf.erb | 24 +++++++++++++++++++++--- 5 files changed, 25 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index ab1237c..eec2b2e 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ Default attributes from the ossec-server role: 'ossec@example.net', ], "email_from" => 'ossec-server@example.net', + "email_idsname" => 'ossec', "smtp_server" => 'localhost', "white_list" => [ '127.0.0.1', diff --git a/attributes/ossec.rb b/attributes/ossec.rb index ad91c1d..a034036 100644 --- a/attributes/ossec.rb +++ b/attributes/ossec.rb @@ -6,6 +6,7 @@ default["ossec"]["receiver_port"] = "1514" default["ossec"]["log_alert_level"] = "1" default["ossec"]["email_alert_level"] = "7" default["ossec"]["email_maxperhour"] = "9999" +default["ossec"]["email_idsname"] = "ossec" default["ossec"]["memory_size"] = "100000" default["ossec"]["remote"]["connection"] = "secure" default["ossec"]["agents"] = {} diff --git a/libraries/core.rb b/libraries/core.rb index c3b6865..39885f9 100644 --- a/libraries/core.rb +++ b/libraries/core.rb @@ -32,7 +32,7 @@ module OssecCore def ossec_event_location_search() # resolve the location search of an email_alert block to a hostname - node["ossec"]["email_alerts"].each do|recipient,params| + node["ossec"]["email_alerts"].each do |recipient, params| if params.has_key?('event_location_search') if Chef::Config[:solo] Chef::Log.warn('This recipe uses search. Chef Solo does not support search.') diff --git a/metadata.rb b/metadata.rb index f9c6d09..acdc301 100644 --- a/metadata.rb +++ b/metadata.rb @@ -4,7 +4,7 @@ maintainer_email "psi-jack@linux-help.org" license "GPLv2" description "Installs/Configures ossec" long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) -version "1.2.1" +version "1.2.2" issues_url "http://git.linux-help.org/Linux-Help/ossec-ng/issues" source_url "http://git.linux-help.org/Linux-Help/ossec-ng" diff --git a/templates/default/ossec-server.conf.erb b/templates/default/ossec-server.conf.erb index ff5c1f9..ee78c8a 100644 --- a/templates/default/ossec-server.conf.erb +++ b/templates/default/ossec-server.conf.erb @@ -6,8 +6,9 @@ <%= recipient %> <% end -%> <%= node["ossec"]["smtp_server"] %> - <%= node["ossec"]["email_from"]%> - <%=node["ossec"]["email_maxperhour"]%> + <%= node["ossec"]["email_from"] %> + <%= node["ossec"]["email_maxperhour"] %> + <%= node["ossec"]["email_idsname"] %> <%=node["ossec"]["memory_size"]%> <% node["ossec"]["white_list"].sort_by {|k| k}.each do |ip| -%> <%= ip %> @@ -93,10 +94,27 @@ elsif params.has_key?('resolved_search') locations = params[:resolved_search] end - locations.sort_by {|k| k}.each do |location| -%> + if locations.count > 0 + locations.sort_by {|k| k}.each do |location| -%> <%= recipient %> <%= location %> +<% params.sort_by {|k,v| k}.each do |key, value| + unless key =~ /event_location_tag|event_location_search|resolved_search/ + if key.eql?('tags') + value.sort_by {|k| k}.each do |tag| -%> + <<%= tag %> /> +<% end + else -%> + <<%= key %>><%= value %>> +<% end + end + end -%> + +<% end + else -%> + + <%= recipient %> <% params.sort_by {|k,v| k}.each do |key, value| unless key =~ /event_location_tag|event_location_search|resolved_search/ if key.eql?('tags')