Hello. ossec-hids script fails to generate ossec.conf and agent.conf files with default (right after installation) setup. Diagnostic steps: Install security/ossec-hids-server and security/ossec-hids-server-config ports. Generation of configuration files fails right after installation (in default configuration): # /usr/local/etc/rc.d/ossec-hids ossec_conf <!-- OSSEC HIDS 3.6.0 --> <!-- DO NOT EDIT - file generated automatically - edit "ossec.conf.d/900.local.conf" instead --> <ossec_config> <rules> sed: 1: "/^\s*$/d": RE error: trailing backslash (\) </rules> <rootcheck> sed: 1: "/^\s*$/d": RE error: trailing backslash (\) </rootcheck> <syscheck> sed: 1: "/^\s*$/d": RE error: trailing backslash (\) </syscheck> sed: 1: "/^\s*$/d": RE error: trailing backslash (\) </ossec_config> # sudo /usr/local/etc/rc.d/ossec-hids agent_conf <!-- OSSEC HIDS 3.6.0 --> <!-- DO NOT EDIT - file generated automatically - edit "agent.conf.d/900.local.conf" instead --> sed: 1: "/^\s*$/d": RE error: trailing backslash (\) ------------- Build options for security/ossec-hids-server security/ossec-hids-server-config ~ % cd /usr/ports/security/ossec-hids-server && make showconfig ===> The following configuration options are available for ossec-hids-server-3.6.0_1: DOCS=on: Build and/or install documentation INOTIFY=on: Kevent based real time monitoring LUA=off: Lua scripting language support PRELUDE=off: Sensor support from Prelude SIEM ZEROMQ=off: ZeroMQ support (experimental) ====> Database output: you can only select none or one of them MYSQL=off: MySQL database support PGSQL=off: PostgreSQL database support ===> Use 'make config' to modify these settings % cd /usr/ports/security/ossec-hids-server-config && make showconfig ===> The following configuration options are available for ossec-hids-server-config-3.6.0_1: ====> Alerting Rules DEFAULT_R=on: Rules provided by OSSEC CONFIG_R=on: Alert changes of the OSSEC main configuration files CMDOUT_R=on: Alert changes of output of the monitored commands ====> Active Response DEFAULT_C=on: Commands provided by OSSEC MERGE_C=on: Commands to merge configuration files MERGE_AR=on: Merge configuration files when they change RESTART_AR=on: Restart OSSEC when main configuration files change HOSTDENY_AR=off: Block the attacker's IP using access control files FWDROP_AR=off: Block the attacker's IP on the firewall ====> System Audit and Rootkit Detection (rootcheck) BASIC_RC=on: Basic audit and rootkits ====> File Integrity Checking (syscheck) NEWFILES_SC=on: Alert on new files created NOAUTO_SC=on: Disable auto_ignore feature BASIC_SC=on: "bin", "sbin" and "etc" directories OSSEC_SC=on: OSSEC directories PGSQL_SC=on: PostgreSQL configuration files ====> Command Output Monitoring LOGINS=on: Last logins PORTS_TCP=on: Open TCP ports PORTS_UDP=off: Open UDP ports ====> Log Monitoring BASIC=on: Basic system logs OSSEC=on: OSSEC active response logs APACHE=on: Apache logs NGINX=off: Nginx logs RADIUS=off: FreeRADIUS logs VSFTPD=off: Vsftpd logs ====> Pushed System Audit and Rootkit Detection (rootcheck) BASIC_RC_P=on: Basic audit and rootkits (profile: basic) CIS_RC_P=on: CIS benchmark - Legacy (profile: cis) CIS_L1_RC_P=on: CIS benchmark - Level 1 (profile: cis-level1) CIS_L2_RC_P=on: CIS benchmark - Level 2 (profile: cis-level2) ====> Pushed File Integrity Checking (syscheck) BASIC_SC_P=on: "bin", "sbin" and "etc" directories (profile: basic) OSSEC_SC_P=on: OSSEC directories (profile: ossec) PGSQL_SC_P=on: PostgreSQL configuration files (profile: postgresql) ====> Pushed Log Monitoring BASIC_P=on: Basic system logs (profile: basic) OSSEC_P=on: OSSEC active response logs (profile: ossec) APACHE_P=on: Apache logs (profile: apache) NGINX_P=on: Nginx logs (profile: nginx) RADIUS_P=off: FreeRADIUS logs (profile: radius) VSFTPD_P=off: Vsftpd logs (profile: vsftpd) ====> Active Response Firewall: you have to select exactly one of them NOFW=off: Custom or no firewall IPF=off: ipfilter IPFW=off: ipfirewall PF=on: Packet Filter
Solved file /usr/local/ossec-hids/bin/config/ossec-conf function remove_empty_lines() Need to change "sed '/^\s*$/d'" to "sed '/^[[:space:]]*$/d'"
(In reply to Alexander from comment #0) (In reply to Vitaliy Evsukov from comment #1) Can you confirm this is for FreeBSD 13.0? It seems the 'sed' has been changed there.
*** Bug 256650 has been marked as a duplicate of this bug. ***
(In reply to Dominik Lisiak from comment #2) Yes. Last update.
(In reply to Dominik Lisiak from comment #2) I confirm. This issue affects FreeBSD 13.
Created attachment 226082 [details] ossec-hids-3.6.0_2.diff Attached patch to fix the described bug in FreeBSD 13.0 and still be compatible with FreeBSD 12.2. - No binary changes - Replaced all 'sed' invocations with 'sed -E' and adjusted regexes accordingly - ossec-hids-local-config, ossec-hids-agent-config, ossec-hids-server-config updated to 3.6.0_2 - ossec-hids, ossec-hids-local, ossec-hids-agent, ossec-hids-server stay at 3.6.0_1 Tested with 'poudriere' and in live environments on FreeBSD 13.0 and 12.2.
If you can't wait for the patch to be committed you can use public repo: https://bemsoft.pl/git/freebsd-ports/ossec with portshaker.
*** Bug 257617 has been marked as a duplicate of this bug. ***
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=329f3e8d8b5441522a078c74e594a14651a00075 commit 329f3e8d8b5441522a078c74e594a14651a00075 Author: Palle Girgensohn <girgen@FreeBSD.org> AuthorDate: 2022-06-17 08:07:25 +0000 Commit: Palle Girgensohn <girgen@FreeBSD.org> CommitDate: 2022-06-17 08:28:22 +0000 security/ossec-hids-*: fix broken config scripts - No binary changes - Replaced all 'sed' invocations with 'sed -E' and adjusted regexes accordingly PR: 256545 Submitted by: Dominik Lisiak (maintainer) security/ossec-hids-local-config/Makefile | 1 + security/ossec-hids-local-config/files/agent-conf.in | 4 ++-- security/ossec-hids-local-config/files/ossec-conf.in | 6 +++--- security/ossec-hids-local-config/scripts/plist.sh | 4 ++-- security/ossec-hids-local-config/scripts/template-to-agent.sh | 5 +++-- security/ossec-hids-local-config/scripts/template-to-ossec.sh | 8 +++++--- security/ossec-hids-local/files/ossec-hids.in | 2 +- security/ossec-hids-local/scripts/plist.sh | 4 ++-- 8 files changed, 19 insertions(+), 15 deletions(-)
Committed. Thanks!