rule-update needs to copy OSSEC local_rules.xml from master to sensor #349

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
If running on master:
cp /var/ossec/rules/local_rules.xml /tmp/local_rules.xml
chmod 644 /tmp/local_rules.xml

If running on sensor:
if [ ! -f /var/ossec/rules/local_rules.xml.orig ]; then
cp /var/ossec/rules/local_rules.xml /var/ossec/rules/local_rules.xml.orig
fi
cp /var/ossec/rules/local_rules.xml /var/ossec/rules/local_rules.xml.prev
scp $USER@$MASTER:/tmp/local_rules.xml /var/ossec/rules/local_rules.xml
chown root:ossec /var/ossec/rules/local_rules.xml

Original issue reported on code.google.com by doug.bu...@gmail.com on 19 Jun 2013 at 8:34

Original comment by doug.bu...@gmail.com on 19 Jun 2013 at 8:35

  • Changed title: rule-update needs to copy OSSEC local_rules.xml from master to sensor
  • Added labels: ****
  • Removed labels: ****
User needs to be able to opt-out by setting LOCAL_HIDS_RULE_TUNING=true in 
/etc/nsm/securityonion.conf

Original comment by doug.bu...@gmail.com on 19 Jun 2013 at 8:46

  • Added labels: ****
  • Removed labels: ****
Tested by:
David Zawdie
Heine Lysemose

Published:
http://securityonion.blogspot.com/2013/06/new-securityonion-rule-update-package_
25.html

Original comment by doug.bu...@gmail.com on 25 Jun 2013 at 12:09

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment