adds daily OSSEC check/alert for v2 onion service config

install_files/securedrop-ossec-agent/var/ossec/etc/ossec.conf

@@ -144,6 +144,13 @@
     <frequency>90000</frequency>
   </localfile>
 
+  <localfile>
+    <log_format>command</log_format>
+    <command>grep "HiddenServiceVersion 2" /etc/tor/torrc | head -1</command>
+    <alias>v2_service_check</alias>
+    <frequency>86400</frequency>
+  </localfile>
+
   <localfile>
     <log_format>syslog</log_format>
     <location>/var/log/kern.log</location>

install_files/securedrop-ossec-server/var/ossec/etc/ossec.conf

@@ -104,6 +104,13 @@
     <frequency>90000</frequency>
   </localfile>
 
+  <localfile>
+    <log_format>command</log_format>
+    <command>grep "HiddenServiceVersion 2" /etc/tor/torrc | head -1</command>
+    <alias>v2_service_check</alias>
+    <frequency>86400</frequency>
+  </localfile>
+
   <reports>
     <group>authentication_success</group>
     <user type="relation">srcip</user>
@@ -160,6 +167,14 @@
     <do_not_group />
   </email_alerts>
 
+  <email_alerts>
+    <email_to>root@localhost</email_to>
+    <group>system_configuration</group>
+    <rule_id>400901</rule_id>
+    <do_not_delay />
+    <do_not_group />
+  </email_alerts>
+
   <!-- rules global entry -->
   <rules>
     <include>rules_config.xml</include>

install_files/securedrop-ossec-server/var/ossec/rules/local_rules.xml

@@ -233,4 +233,11 @@
     <regex>System configuration error:</regex>
     <description>Indicates a problem with the configuration of the SecureDrop servers.</description>
   </rule>
+  <rule id="400901" level="12" >
+    <if_sid>530</if_sid>
+    <options>alert_by_email</options> <!-- force email to be sent -->
+    <match>ossec: output: 'v2_service_check'</match>
+    <regex>HiddenServiceVersion 2</regex>
+    <description>Indicates that legacy v2 onion services are still configured and should be disabled in favour of v3 services.</description>
+  </rule>
 </group>