Index: head/security/ossec-hids/version.mk =================================================================== --- head/security/ossec-hids/version.mk (revision 528053) +++ head/security/ossec-hids/version.mk (revision 528054) @@ -1,9 +1,9 @@ PORTNAME= ossec-hids -PORTVERSION= 3.5.0 +PORTVERSION= 3.6.0 PORTREVISION?= 0 CATEGORIES= security MAINTAINER= dominik.lisiak@bemsoft.pl COMMENT?= Security tool to monitor and check logs and intrusions LICENSE= GPLv2 Index: head/security/ossec-hids-local/Makefile =================================================================== --- head/security/ossec-hids-local/Makefile (revision 528053) +++ head/security/ossec-hids-local/Makefile (revision 528054) @@ -1,263 +1,263 @@ # $FreeBSD$ PKGNAMESUFFIX?= -${OSSEC_TYPE} COMMENT?= Security tool to monitor and check logs and intrusions - local (standalone) installation OSSEC_TYPE?= local .include "${.CURDIR}/../ossec-hids/version.mk" LICENSE_FILE= ${WRKSRC}/LICENSE USES= compiler gmake ssl .if ${OSSEC_TYPE} == local CONFLICTS_INSTALL= ossec-hids-client-* \ ossec-hids-agent-* \ ossec-hids-server-* .elif ${OSSEC_TYPE} == agent CONFLICTS_INSTALL= ossec-hids-client-* \ ossec-hids-local-* \ ossec-hids-server-* .elif ${OSSEC_TYPE} == server CONFLICTS_INSTALL= ossec-hids-client-* \ ossec-hids-agent-* \ ossec-hids-local-* .endif LIB_DEPENDS= libpcre2-8.so:devel/pcre2 libevent.so:devel/libevent .if ${OSSEC_TYPE} != agent RUN_DEPENDS= expect:lang/expect .endif INOTIFY_LIB_DEPENDS= libinotify.so:devel/libinotify PRELUDE_LIB_DEPENDS= libprelude.so:security/libprelude ZEROMQ_LIB_DEPENDS= libczmq.so:net/czmq INOTIFY_USES= pkgconfig LUA_USES= readline MYSQL_USE= mysql PGSQL_USES= pgsql USE_GITHUB= yes GH_ACCOUNT= ossec USE_RC_SUBR= ossec-hids USES+= shebangfix SHEBANG_FILES= active-response/ossec-pagerduty.sh .if ${OSSEC_TYPE} != agent SHEBANG_LANG= expect expect_OLD_CMD= "/usr/bin/env expect" expect_CMD= ${LOCALBASE}/bin/expect SHEBANG_FILES+= src/agentlessd/scripts/main.exp \ src/agentlessd/scripts/ssh.exp \ src/agentlessd/scripts/ssh_asa-fwsmconfig_diff \ src/agentlessd/scripts/ssh_foundry_diff \ src/agentlessd/scripts/ssh_generic_diff \ src/agentlessd/scripts/ssh_integrity_check_bsd \ src/agentlessd/scripts/ssh_integrity_check_linux \ src/agentlessd/scripts/ssh_nopass.exp \ src/agentlessd/scripts/ssh_pixconfig_diff \ src/agentlessd/scripts/sshlogin.exp \ src/agentlessd/scripts/su.exp .endif OPTIONS_SUB= yes OPTIONS_DEFINE= DOCS INOTIFY LUA .if ${OSSEC_TYPE} != agent OPTIONS_DEFINE+= PRELUDE ZEROMQ OPTIONS_RADIO= DATABASE OPTIONS_RADIO_DATABASE= MYSQL PGSQL .endif OPTIONS_DEFAULT= INOTIFY INOTIFY_DESC= Kevent based real time monitoring PRELUDE_DESC= Sensor support from Prelude SIEM ZEROMQ_DESC= ZeroMQ support (experimental) DATABASE_DESC= Database output INOTIFY_VARS= OSSEC_ARGS+=USE_INOTIFY=yes LUA_VARS= OSSEC_ARGS+=LUA_ENABLE=yes STRIP_FILES+=ossec-lua STRIP_FILES+=ossec-luac PRELUDE_VARS= OSSEC_ARGS+=USE_PRELUDE=yes ZEROMQ_VARS= OSSEC_ARGS+=USE_ZEROMQ=yes MYSQL_VARS= OSSEC_ARGS+=DATABASE=mysql PKGMSG_FILES+=message-database DB_TYPE=mysql DB_SCHEMA=mysql.schema PGSQL_VARS= OSSEC_ARGS+=DATABASE=pgsql PKGMSG_FILES+=message-database DB_TYPE=postgresql DB_SCHEMA=postgresql.schema .if ${OSSEC_TYPE} == agent STRIP_FILES= agent-auth \ manage_agents \ ossec-agentd \ ossec-execd \ ossec-logcollector \ ossec-syscheckd .else STRIP_FILES= agent_control \ clear_stats \ list_agents \ manage_agents \ ossec-agentlessd \ ossec-analysisd \ ossec-authd \ ossec-csyslogd \ ossec-dbd \ ossec-execd \ ossec-logcollector \ ossec-logtest \ ossec-maild \ ossec-makelists \ ossec-monitord \ ossec-regex \ ossec-remoted \ ossec-reportd \ ossec-syscheckd \ rootcheck_control \ syscheck_control \ syscheck_update \ verify-agent-conf .endif .if defined(MAINTAINER_MODE) OSSEC_HOME= ${PREFIX}/${PORTNAME} .else OSSEC_HOME?= ${PREFIX}/${PORTNAME} .endif OSSEC_RC= ${PREFIX}/etc/rc.d/ossec-hids FIREWALL_DROP_BIN= ${OSSEC_HOME}/active-response/bin/firewall-drop.sh IPFILTER_BIN= ${OSSEC_HOME}/active-response/bin/ipfilter.sh RESTART_OSSEC_BIN= ${OSSEC_HOME}/active-response/bin/restart-ossec.sh SHARED_DIR= ${OSSEC_HOME}/etc/shared SAMPLE_FILES= ${OSSEC_HOME}/etc/local_internal_options.conf \ ${OSSEC_HOME}/active-response/bin/cloudflare-ban.sh \ ${OSSEC_HOME}/active-response/bin/ossec-pagerduty.sh \ ${OSSEC_HOME}/active-response/bin/ossec-slack.sh \ ${OSSEC_HOME}/active-response/bin/ossec-tweeter.sh .if empty(USER) USER=$$(${ID} -un) .endif .if empty(GROUP) GROUP=$$(${ID} -gn) .endif .if !defined(MAINTAINER_MODE) USER_ARGS+= OSSEC_GROUP=${GROUP} \ OSSEC_USER=${USER} \ OSSEC_USER_MAIL=${USER} \ OSSEC_USER_REM=${USER} .endif OSSEC_USER= ossec OSSEC_GROUP= ossec USERS= ${OSSEC_USER} ossecm ossecr GROUPS= ${OSSEC_GROUP} SUB_LIST+= PORTNAME=${PORTNAME} \ CATEGORY=${CATEGORIES:[1]} \ OSSEC_TYPE=${OSSEC_TYPE} \ OSSEC_HOME=${OSSEC_HOME} \ VERSION=${PORTVERSION} \ DB_TYPE=${DB_TYPE} \ DB_SCHEMA=${DOCSDIR}/${DB_SCHEMA} \ OSSEC_USER=${OSSEC_USER} \ OSSEC_GROUP=${OSSEC_GROUP} \ OSSEC_RC=${OSSEC_RC} SUB_FILES= pkg-install \ pkg-deinstall \ ${PKGMSG_FILES} \ restart-ossec.sh .if defined(MAINTAINER_MODE) PLIST_SUB= OSSEC_HOME=${PORTNAME} .else PLIST_SUB= OSSEC_HOME=${OSSEC_HOME} .endif PLIST= ${PKGDIR}/pkg-plist-${OSSEC_TYPE} -DOCSFILES= BUGS CHANGELOG CONTRIBUTORS LICENSE README.md SUPPORT.md +DOCSFILES= BUGS CHANGELOG.md CONTRIBUTORS LICENSE README.md SUPPORT.md PKGHELP= ${PKGDIR}/pkg-help-${OSSEC_TYPE} PKGMESSAGE= ${WRKDIR}/pkg-message PKGMSG_FILES= message-header PKG_CONFIG= ${CONFIGURE_ENV:MPKG_CONFIG=*:S/PKG_CONFIG=//} CFLAGS+= -I${LOCALBASE}/include INOTIFY_CFLAGS= $$(${PKG_CONFIG} --cflags libinotify) INOTIFY_LDFLAGS=$$(${PKG_CONFIG} --libs libinotify) OSSEC_ARGS+= TARGET=${OSSEC_TYPE} PCRE2_SYSTEM=yes INSTALL_LOCALTIME=no INSTALL_RESOLVCONF=no .if defined(OSSEC_MAX_AGENTS) OSSEC_ARGS+= MAXAGENTS=${OSSEC_MAX_AGENTS} .endif .if !defined(MAINTAINER_MODE) OSSEC_ARGS+= INSTALL_CMD=install .endif BUILD_ARGS+= ${MAKE_ARGS} ${OSSEC_ARGS} PREFIX=${OSSEC_HOME} INSTALL_ARGS+= ${USER_ARGS} ${OSSEC_ARGS} PREFIX=${STAGEDIR}${OSSEC_HOME} .include PKGMSG_FILES+= message-firewall message-config post-patch: @${REINPLACE_CMD} -e 's|-DLUA_USE_LINUX|& ${CPPFLAGS}|' \ -e 's|-lreadline|& ${LDFLAGS}|' \ ${WRKSRC}/src/external/lua/src/Makefile .if ${CHOSEN_COMPILER_TYPE} == gcc @${REINPLACE_CMD} -e 's|-Wno-implicit-fallthrough||g' ${WRKSRC}/src/Makefile .endif do-build: @cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${BUILD_ARGS} build do-install: @cd ${WRKSRC}/src; ${SETENV} ${MAKE_ENV} ${MAKE_CMD} ${INSTALL_ARGS} install post-install: .for file_path in ${SAMPLE_FILES} @${MV} -f ${STAGEDIR}${file_path} ${STAGEDIR}${file_path}.sample .endfor @${MV} -f ${STAGEDIR}${FIREWALL_DROP_BIN} ${STAGEDIR}${IPFILTER_BIN} @${CP} ${WRKDIR}/restart-ossec.sh ${STAGEDIR}${RESTART_OSSEC_BIN} @${CHMOD} 550 ${STAGEDIR}${RESTART_OSSEC_BIN} .if defined(MAINTAINER_MODE) @${CHOWN} ${USER}:${OSSEC_GROUP} ${STAGEDIR}${RESTART_OSSEC_BIN} .else @${SH} ${SCRIPTDIR}/sanitize-stage.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${STAGEDIR} .endif .if ${OSSEC_TYPE} == agent . if defined(MAINTAINER_MODE) @for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; ${CHOWN} ${OSSEC_USER}:${OSSEC_GROUP} $${file_name}; done . else @for file_name in $$(find "${STAGEDIR}${SHARED_DIR}" -type f); do ${CHMOD} 0644 $${file_name}; done . endif .endif @${ECHO_CMD} -n > ${PKGMESSAGE} .for file_name in ${PKGMSG_FILES} @${CAT} ${WRKDIR}/${file_name} >> ${PKGMESSAGE} @${ECHO_CMD} >> ${PKGMESSAGE} .endfor .for file_name in ${STRIP_FILES} @${STRIP_CMD} ${STAGEDIR}${OSSEC_HOME}/bin/${file_name} .endfor .if defined(MAINTAINER_MODE) plist: makeplist @${SH} ${SCRIPTDIR}/plist.sh ${OSSEC_TYPE} ${OSSEC_HOME} ${PLIST} ${WRKDIR} ${STAGEDIR} .endif post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} @cd ${WRKSRC} && ${INSTALL_DATA} ${DOCSFILES} ${STAGEDIR}${DOCSDIR} @cd ${WRKSRC} && ${INSTALL_DATA} etc/ossec-${OSSEC_TYPE}.conf ${STAGEDIR}${DOCSDIR}/ossec.conf.sample post-install-MYSQL-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR} post-install-PGSQL-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} @cd ${WRKSRC} && ${INSTALL_DATA} src/os_dbd/${DB_SCHEMA} ${STAGEDIR}${DOCSDIR} .include Index: head/security/ossec-hids-local/distinfo =================================================================== --- head/security/ossec-hids-local/distinfo (revision 528053) +++ head/security/ossec-hids-local/distinfo (revision 528054) @@ -1,3 +1,3 @@ -TIMESTAMP = 1574094213 -SHA256 (ossec-ossec-hids-3.5.0_GH0.tar.gz) = 720458e7da9fb1437efab3030a3bd42ca84dc652dd1931dedce745456d40e1ad -SIZE (ossec-ossec-hids-3.5.0_GH0.tar.gz) = 1920232 +TIMESTAMP = 1581720780 +SHA256 (ossec-ossec-hids-3.6.0_GH0.tar.gz) = 653828a19137b8a7e98af65e873318f7bb48137fe1e61b80577e13c316e04708 +SIZE (ossec-ossec-hids-3.6.0_GH0.tar.gz) = 1921753 Index: head/security/ossec-hids-local/pkg-plist-agent =================================================================== --- head/security/ossec-hids-local/pkg-plist-agent (revision 528053) +++ head/security/ossec-hids-local/pkg-plist-agent (revision 528054) @@ -1,82 +1,82 @@ @dir(,ossec,0550) %%OSSEC_HOME%% @dir(,ossec,0550) %%OSSEC_HOME%%/active-response @dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/cloudflare-ban.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh.sample @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh.sample @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh @dir(,,0550) %%OSSEC_HOME%%/bin @(,,0550) %%OSSEC_HOME%%/bin/agent-auth @(,,0550) %%OSSEC_HOME%%/bin/manage_agents @(,,0550) %%OSSEC_HOME%%/bin/ossec-agentd @(,,0550) %%OSSEC_HOME%%/bin/ossec-control @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd @(,,0550) %%OSSEC_HOME%%/bin/util.sh @dir(,ossec,0550) %%OSSEC_HOME%%/etc @(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf @sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample @dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt @(ossec,ossec,0644) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs @dir(,ossec,0550) %%OSSEC_HOME%%/queue @dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rids @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck @dir(,ossec,1550) %%OSSEC_HOME%%/tmp @dir(,ossec,0550) %%OSSEC_HOME%%/var @dir(,ossec,0770) %%OSSEC_HOME%%/var/run %%PORTDOCS%%%%DOCSDIR%%/BUGS -%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG +%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG.md %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS %%PORTDOCS%%%%DOCSDIR%%/LICENSE %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac Index: head/security/ossec-hids-local/pkg-plist-local =================================================================== --- head/security/ossec-hids-local/pkg-plist-local (revision 528053) +++ head/security/ossec-hids-local/pkg-plist-local (revision 528054) @@ -1,209 +1,209 @@ @dir(,ossec,0550) %%OSSEC_HOME%% @dir(,ossec,0550) %%OSSEC_HOME%%/active-response @dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/cloudflare-ban.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh.sample @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh.sample @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh @dir(,ossec,0550) %%OSSEC_HOME%%/agentless @(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp @dir(,,0550) %%OSSEC_HOME%%/bin @(,,0550) %%OSSEC_HOME%%/bin/agent_control @(,,0550) %%OSSEC_HOME%%/bin/clear_stats @(,,0550) %%OSSEC_HOME%%/bin/list_agents @(,,0550) %%OSSEC_HOME%%/bin/manage_agents @(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd @(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd @(,,0550) %%OSSEC_HOME%%/bin/ossec-authd @(,,0550) %%OSSEC_HOME%%/bin/ossec-control @(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd @(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector @(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest @(,,0550) %%OSSEC_HOME%%/bin/ossec-maild @(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists @(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord @(,,0550) %%OSSEC_HOME%%/bin/ossec-regex @(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted @(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd @(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control @(,,0550) %%OSSEC_HOME%%/bin/syscheck_control @(,,0550) %%OSSEC_HOME%%/bin/syscheck_update @(,,0550) %%OSSEC_HOME%%/bin/util.sh @(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf @dir(,ossec,0550) %%OSSEC_HOME%%/etc @(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml @(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf @sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample @dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs @dir(,ossec,0550) %%OSSEC_HOME%%/rules @(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/topleveldomain_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml @dir(,ossec,0700) %%OSSEC_HOME%%/.ssh @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall @dir(,ossec,0550) %%OSSEC_HOME%%/queue @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless @dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck @dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats @dir(,ossec,1550) %%OSSEC_HOME%%/tmp @dir(,ossec,0550) %%OSSEC_HOME%%/var @dir(,ossec,0770) %%OSSEC_HOME%%/var/run %%PORTDOCS%%%%DOCSDIR%%/BUGS -%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG +%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG.md %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS %%PORTDOCS%%%%DOCSDIR%%/LICENSE %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema Index: head/security/ossec-hids-local/pkg-plist-server =================================================================== --- head/security/ossec-hids-local/pkg-plist-server (revision 528053) +++ head/security/ossec-hids-local/pkg-plist-server (revision 528054) @@ -1,209 +1,209 @@ @dir(,ossec,0550) %%OSSEC_HOME%% @dir(,ossec,0550) %%OSSEC_HOME%%/active-response @dir(,ossec,0550) %%OSSEC_HOME%%/active-response/bin @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/cloudflare-ban.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/disable-account.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/firewalld-drop.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/host-deny.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ip-customblock.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfilter.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ipfw_mac.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/npf.sh @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-pagerduty.sh.sample @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-slack.sh.sample @sample(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/ossec-tweeter.sh.sample @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/pf.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/restart-ossec.sh @(,ossec,0550) %%OSSEC_HOME%%/active-response/bin/route-null.sh @dir(,ossec,0550) %%OSSEC_HOME%%/agentless @(,ossec,0550) %%OSSEC_HOME%%/agentless/main.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/register_host.sh @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_asa-fwsmconfig_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_foundry_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_generic_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_bsd @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_integrity_check_linux @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_nopass.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/ssh_pixconfig_diff @(,ossec,0550) %%OSSEC_HOME%%/agentless/sshlogin.exp @(,ossec,0550) %%OSSEC_HOME%%/agentless/su.exp @dir(,,0550) %%OSSEC_HOME%%/bin @(,,0550) %%OSSEC_HOME%%/bin/agent_control @(,,0550) %%OSSEC_HOME%%/bin/clear_stats @(,,0550) %%OSSEC_HOME%%/bin/list_agents @(,,0550) %%OSSEC_HOME%%/bin/manage_agents @(,,0550) %%OSSEC_HOME%%/bin/ossec-agentlessd @(,,0550) %%OSSEC_HOME%%/bin/ossec-analysisd @(,,0550) %%OSSEC_HOME%%/bin/ossec-authd @(,,0550) %%OSSEC_HOME%%/bin/ossec-control @(,,0550) %%OSSEC_HOME%%/bin/ossec-csyslogd @(,,0550) %%OSSEC_HOME%%/bin/ossec-dbd @(,,0550) %%OSSEC_HOME%%/bin/ossec-execd @(,,0550) %%OSSEC_HOME%%/bin/ossec-logcollector @(,,0550) %%OSSEC_HOME%%/bin/ossec-logtest @(,,0550) %%OSSEC_HOME%%/bin/ossec-maild @(,,0550) %%OSSEC_HOME%%/bin/ossec-makelists @(,,0550) %%OSSEC_HOME%%/bin/ossec-monitord @(,,0550) %%OSSEC_HOME%%/bin/ossec-regex @(,,0550) %%OSSEC_HOME%%/bin/ossec-remoted @(,,0550) %%OSSEC_HOME%%/bin/ossec-reportd @(,,0550) %%OSSEC_HOME%%/bin/ossec-syscheckd @(,,0550) %%OSSEC_HOME%%/bin/rootcheck_control @(,,0550) %%OSSEC_HOME%%/bin/syscheck_control @(,,0550) %%OSSEC_HOME%%/bin/syscheck_update @(,,0550) %%OSSEC_HOME%%/bin/util.sh @(,,0550) %%OSSEC_HOME%%/bin/verify-agent-conf @dir(,ossec,0550) %%OSSEC_HOME%%/etc @(,ossec,0640) %%OSSEC_HOME%%/etc/decoder.xml @(,ossec,0640) %%OSSEC_HOME%%/etc/internal_options.conf @sample(,ossec,0640) %%OSSEC_HOME%%/etc/local_internal_options.conf.sample @dir(,ossec,0770) %%OSSEC_HOME%%/etc/shared @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/acsc_office2016_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_apache2224_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debian_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_debianlinux7-8_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_community_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_mysql5-6_enterprise_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel5_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel6_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel7_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_rhel_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles11_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_sles12_linux_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_solaris11_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win10_enterprise_L2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_domainL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2012r2_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_domainL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL1_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/cis_win2016_memberL2_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_files.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/rootkit_trojans.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_pw.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/system_audit_ssh.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_applications_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_audit_rcl.txt @(ossec,ossec,0640) %%OSSEC_HOME%%/etc/shared/win_malware_rcl.txt @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs @dir(,ossec,0550) %%OSSEC_HOME%%/rules @(,ossec,0640) %%OSSEC_HOME%%/rules/apache_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/apparmor_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/arpwatch_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/asterisk_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/attack_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/cimserver_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/cisco-ios_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/clam_av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/courier_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dnsmasq_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dovecot_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/dropbear_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/exim_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/firewalld_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/hordeimp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ids_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/imapd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/kesl_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_dionaea_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-exchange_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms-se_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms1016_usbdetect_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_dhcp_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_firewall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_ipsec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ms_powershell_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/msauth_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/mysql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/named_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/netscreenfw_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/nginx_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/nsd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd-dhcpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/openbsd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/opensmtpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/ossec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/owncloud_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pam_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/php_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pix_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/policy_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/postfix_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/postgresql_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/proftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/proxmox-ve_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/psad_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/pure-ftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/racoon_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/roundcube_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/rules_config.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sendmail_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/smbd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/solaris_bsm_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sonicwall_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/spamd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/squid_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sshd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-av_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/symantec-ws_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/syslog_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/sysmon_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/systemd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/telnetd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/topleveldomain_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/trend-osce_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/unbound_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vmpop3d_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vmware_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vpn_concentrator_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vpopmail_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/vsftpd_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/web_appsec_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/web_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/wordpress_rules.xml @(,ossec,0640) %%OSSEC_HOME%%/rules/zeus_rules.xml @dir(,ossec,0700) %%OSSEC_HOME%%/.ssh @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/alerts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/archives @dir(ossec,ossec,0750) %%OSSEC_HOME%%/logs/firewall @dir(,ossec,0550) %%OSSEC_HOME%%/queue @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/agent-info @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/agentless @dir(ossec,ossec,0770) %%OSSEC_HOME%%/queue/alerts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/diff @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/fts @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/ossec @dir(ossecr,ossec,0750) %%OSSEC_HOME%%/queue/rids @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/rootcheck @dir(ossec,ossec,0750) %%OSSEC_HOME%%/queue/syscheck @dir(ossec,ossec,0750) %%OSSEC_HOME%%/stats @dir(,ossec,1550) %%OSSEC_HOME%%/tmp @dir(,ossec,0550) %%OSSEC_HOME%%/var @dir(,ossec,0770) %%OSSEC_HOME%%/var/run %%PORTDOCS%%%%DOCSDIR%%/BUGS -%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG +%%PORTDOCS%%%%DOCSDIR%%/CHANGELOG.md %%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS %%PORTDOCS%%%%DOCSDIR%%/LICENSE %%PORTDOCS%%%%DOCSDIR%%/README.md %%PORTDOCS%%%%DOCSDIR%%/SUPPORT.md %%PORTDOCS%%%%DOCSDIR%%/ossec.conf.sample %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-lua %%LUA%%@(,,0550) %%OSSEC_HOME%%/bin/ossec-luac %%MYSQL%%%%DOCSDIR%%/mysql.schema %%PGSQL%%%%DOCSDIR%%/postgresql.schema