Changes for master branch

wazuh · Jan 8, 2016 · 636701c · 636701c
1 parent 3618ffa
commit 636701c
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,7 +20,7 @@ All notable changes to this project will be documented in this file.
 - Auditd Decoders
 - Minor changes in some decoders and rules.
 - Netscaler updated
-- Script fixes
+- *ossec_ruleset.py* fixes
 
 ## [v1.02] - 2015-12-09
 ### Added

diff --git a/README.md b/README.md
@@ -26,6 +26,8 @@ The ruleset includes compliance mapping with PCI DSS v3.1, CIS and additional de
     |     ├── new_software_rules.xml  
     |     ├── new_software_instructions.md  
     |
+    │ ├── tools
+    |
     │ ├── README.md
     │ ├── VERSION
     │ ├── ossec_ruleset.py   # Ruleset installer/updater

diff --git a/ossec_ruleset.py b/ossec_ruleset.py
@@ -1124,8 +1124,8 @@ def usage():
 if __name__ == "__main__":
     # Config
     MAX_BACKUPS = 50
-    # url_ruleset = "http://ossec.wazuh.com/ruleset/ruleset.zip"
-    url_ruleset = "http://ossec.wazuh.com/ruleset/ruleset_development.zip"
+    url_ruleset = "http://ossec.wazuh.com/ruleset/ruleset.zip"
+    # url_ruleset = "http://ossec.wazuh.com/ruleset/ruleset_development.zip"
 
     # Vars
     ossec_path = "/var/ossec"

diff --git a/rules-decoders/puppet/puppet_instructions.md b/rules-decoders/puppet/puppet_instructions.md
@@ -5,20 +5,6 @@ Run `ossec_ruleset.py -r` to install Puppet rules. More information about automa
 
 If you prefer to install the rules manually follow the instructions listed [here](http://documentation.wazuh.com/en/latest/ossec_ruleset.html#manual-installation).
 
-### Last step
-Some rules need to read the output of a command. **To complete the installation you must perform the following step**:
 
-Copy the code below to */var/ossec/etc/shared/agent.conf* in your **OSSEC Manager** to allow OSSEC execute this command and read its output:
-```xml
-<agent_config>
-	<localfile>
-	    <log_format>full_command</log_format>
-	    <command>timestamp_puppet=`cat /var/lib/puppet/state/last_run_summary.yaml | grep last_run | cut -d: -f 2 | tr -d '[[:space:]]'`;timestamp_current_date=$(date +"%s");diff_min=$((($timestamp_current_date-$timestamp_puppet)/60));if [ "$diff_min" -le "30" ];then echo "Puppet: OK. It runs in the last 30 minutes";else puppet_date=`date -d @"$timestamp_puppet"`;echo "Puppet: KO. Last run: $puppet_date";fi</command>
-	    <frequency>2100</frequency>
-	</localfile>
-</agent_config>
-```
- Also you must configure in **every agent** the logcollector option to accept remote commands from the manager. To do this, add the following lines to */var/ossec/etc/internal_options.conf*:
+After manual or automatic installation follow the last step [here](http://wazuh-documentation.readthedocs.org/en/latest/ossec_ruleset.html#puppet).
 
-    # Logcollector - If it should accept remote commands from the manager
-    logcollector.remote_commands=1