Linux-Help/cookbook-ossec-ng
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Added email_idsname, fixed email_alerts to not require location

Browse source
This commit is contained in:
Eric Renfro 2016-07-24 18:12:09 -04:00
parent 6b18d206ed
commit c35f2a4de5
5 changed files with 25 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -39,6 +39,7 @@ Default attributes from the ossec-server role:
'ossec@example.net', 'ossec@example.net',
], ],
"email_from" => 'ossec-server@example.net', "email_from" => 'ossec-server@example.net',
"email_idsname" => 'ossec',
"smtp_server" => 'localhost', "smtp_server" => 'localhost',
"white_list" => [ "white_list" => [
'127.0.0.1', '127.0.0.1',

1
attributes/ossec.rb
View file

@ -6,6 +6,7 @@ default["ossec"]["receiver_port"] = "1514"
default["ossec"]["log_alert_level"] = "1" default["ossec"]["log_alert_level"] = "1"
default["ossec"]["email_alert_level"] = "7" default["ossec"]["email_alert_level"] = "7"
default["ossec"]["email_maxperhour"] = "9999" default["ossec"]["email_maxperhour"] = "9999"
default["ossec"]["email_idsname"] = "ossec"
default["ossec"]["memory_size"] = "100000" default["ossec"]["memory_size"] = "100000"
default["ossec"]["remote"]["connection"] = "secure" default["ossec"]["remote"]["connection"] = "secure"
default["ossec"]["agents"] = {} default["ossec"]["agents"] = {}

2
metadata.rb
View file

@ -4,7 +4,7 @@ maintainer_email "psi-jack@linux-help.org"
license "GPLv2" license "GPLv2"
description "Installs/Configures ossec" description "Installs/Configures ossec"
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version "1.2.1" version "1.2.2"
issues_url "http://git.linux-help.org/Linux-Help/ossec-ng/issues" issues_url "http://git.linux-help.org/Linux-Help/ossec-ng/issues"
source_url "http://git.linux-help.org/Linux-Help/ossec-ng" source_url "http://git.linux-help.org/Linux-Help/ossec-ng"

18
templates/default/ossec-server.conf.erb
View file

@ -8,6 +8,7 @@
<smtp_server><%= node["ossec"]["smtp_server"] %></smtp_server> <smtp_server><%= node["ossec"]["smtp_server"] %></smtp_server>
<email_from><%= node["ossec"]["email_from"] %></email_from> <email_from><%= node["ossec"]["email_from"] %></email_from>
<email_maxperhour><%= node["ossec"]["email_maxperhour"] %></email_maxperhour> <email_maxperhour><%= node["ossec"]["email_maxperhour"] %></email_maxperhour>
<email_idsname><%= node["ossec"]["email_idsname"] %></email_idsname>
<memory_size><%=node["ossec"]["memory_size"]%></memory_size> <memory_size><%=node["ossec"]["memory_size"]%></memory_size>
<% node["ossec"]["white_list"].sort_by {|k| k}.each do |ip| -%> <% node["ossec"]["white_list"].sort_by {|k| k}.each do |ip| -%>
<white_list><%= ip %></white_list> <white_list><%= ip %></white_list>
@ -93,6 +94,7 @@
elsif params.has_key?('resolved_search') elsif params.has_key?('resolved_search')
locations = params[:resolved_search] locations = params[:resolved_search]
end end
if locations.count > 0
locations.sort_by {|k| k}.each do |location| -%> locations.sort_by {|k| k}.each do |location| -%>
<email_alerts> <email_alerts>
<email_to><%= recipient %></email_to> <email_to><%= recipient %></email_to>
@ -109,6 +111,22 @@
end end
end -%> end -%>
</email_alerts> </email_alerts>
<% end
else -%>
<email_alerts>
<email_to><%= recipient %></email_to>
<% params.sort_by {|k,v| k}.each do |key, value|
unless key =~ /event_location_tag|event_location_search|resolved_search/
if key.eql?('tags')
value.sort_by {|k| k}.each do |tag| -%>
<<%= tag %> />
<% end
else -%>
<<%= key %>><%= value %></<%= key %>>
<% end
end
end -%>
</email_alerts>
<% end <% end
end -%> end -%>