Bug 256545 - security/ossec-hids-server 3.6.0_1 rc script fails to generate ossec.conf agent.conf
Summary: security/ossec-hids-server 3.6.0_1 rc script fails to generate ossec.conf age...
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-11 07:17 UTC by Alexander
Modified: 2021-06-11 12:44 UTC (History)
2 users (show)

See Also:
linimon: maintainer-feedback? (dominik.lisiak)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander 2021-06-11 07:17:00 UTC
Hello.

ossec-hids script fails to generate ossec.conf and agent.conf files with default (right after installation) setup.

Diagnostic steps:
Install security/ossec-hids-server and security/ossec-hids-server-config ports.
Generation of configuration files fails right after installation (in default configuration):
# /usr/local/etc/rc.d/ossec-hids ossec_conf
<!-- OSSEC HIDS 3.6.0 -->

<!-- DO NOT EDIT - file generated automatically - edit "ossec.conf.d/900.local.conf" instead -->

<ossec_config>
  <rules>
sed: 1: "/^\s*$/d": RE error: trailing backslash (\)
  </rules>
  <rootcheck>
sed: 1: "/^\s*$/d": RE error: trailing backslash (\)
  </rootcheck>
  <syscheck>
sed: 1: "/^\s*$/d": RE error: trailing backslash (\)
  </syscheck>
sed: 1: "/^\s*$/d": RE error: trailing backslash (\)
</ossec_config>
# sudo /usr/local/etc/rc.d/ossec-hids agent_conf

<!-- OSSEC HIDS 3.6.0 -->

<!-- DO NOT EDIT - file generated automatically - edit "agent.conf.d/900.local.conf" instead -->

sed: 1: "/^\s*$/d": RE error: trailing backslash (\)

-------------
Build options for security/ossec-hids-server security/ossec-hids-server-config
~ % cd /usr/ports/security/ossec-hids-server && make showconfig
===> The following configuration options are available for ossec-hids-server-3.6.0_1:
     DOCS=on: Build and/or install documentation
     INOTIFY=on: Kevent based real time monitoring
     LUA=off: Lua scripting language support
     PRELUDE=off: Sensor support from Prelude SIEM
     ZEROMQ=off: ZeroMQ support (experimental)
====> Database output: you can only select none or one of them
     MYSQL=off: MySQL database support
     PGSQL=off: PostgreSQL database support
===> Use 'make config' to modify these settings
 % cd /usr/ports/security/ossec-hids-server-config && make showconfig
===> The following configuration options are available for ossec-hids-server-config-3.6.0_1:
====> Alerting Rules
     DEFAULT_R=on: Rules provided by OSSEC
     CONFIG_R=on: Alert changes of the OSSEC main configuration files
     CMDOUT_R=on: Alert changes of output of the monitored commands
====> Active Response
     DEFAULT_C=on: Commands provided by OSSEC
     MERGE_C=on: Commands to merge configuration files
     MERGE_AR=on: Merge configuration files when they change
     RESTART_AR=on: Restart OSSEC when main configuration files change
     HOSTDENY_AR=off: Block the attacker's IP using access control files
     FWDROP_AR=off: Block the attacker's IP on the firewall
====> System Audit and Rootkit Detection (rootcheck)
     BASIC_RC=on: Basic audit and rootkits
====> File Integrity Checking (syscheck)
     NEWFILES_SC=on: Alert on new files created
     NOAUTO_SC=on: Disable auto_ignore feature
     BASIC_SC=on: "bin", "sbin" and "etc" directories
     OSSEC_SC=on: OSSEC directories
     PGSQL_SC=on: PostgreSQL configuration files
====> Command Output Monitoring
     LOGINS=on: Last logins
     PORTS_TCP=on: Open TCP ports
     PORTS_UDP=off: Open UDP ports
====> Log Monitoring
     BASIC=on: Basic system logs
     OSSEC=on: OSSEC active response logs
     APACHE=on: Apache logs
     NGINX=off: Nginx logs
     RADIUS=off: FreeRADIUS logs
     VSFTPD=off: Vsftpd logs
====> Pushed System Audit and Rootkit Detection (rootcheck)
     BASIC_RC_P=on: Basic audit and rootkits (profile: basic)
     CIS_RC_P=on: CIS benchmark - Legacy (profile: cis)
     CIS_L1_RC_P=on: CIS benchmark - Level 1 (profile: cis-level1)
     CIS_L2_RC_P=on: CIS benchmark - Level 2 (profile: cis-level2)
====> Pushed File Integrity Checking (syscheck)
     BASIC_SC_P=on: "bin", "sbin" and "etc" directories (profile: basic)
     OSSEC_SC_P=on: OSSEC directories (profile: ossec)
     PGSQL_SC_P=on: PostgreSQL configuration files (profile: postgresql)
====> Pushed Log Monitoring
     BASIC_P=on: Basic system logs (profile: basic)
     OSSEC_P=on: OSSEC active response logs (profile: ossec)
     APACHE_P=on: Apache logs (profile: apache)
     NGINX_P=on: Nginx logs (profile: nginx)
     RADIUS_P=off: FreeRADIUS logs (profile: radius)
     VSFTPD_P=off: Vsftpd logs (profile: vsftpd)
====> Active Response Firewall: you have to select exactly one of them
     NOFW=off: Custom or no firewall
     IPF=off: ipfilter
     IPFW=off: ipfirewall
     PF=on: Packet Filter
Comment 1 Vitaliy Evsukov 2021-06-11 12:44:19 UTC
Solved

file /usr/local/ossec-hids/bin/config/ossec-conf

function remove_empty_lines()

Need to change "sed '/^\s*$/d'" to "sed '/^[[:space:]]*$/d'"