From b6f3f869de88bc2b0856daee5018190a5422ce0b Mon Sep 17 00:00:00 2001 From: Artur Molchanov Date: Fri, 14 Feb 2020 11:40:08 +0300 Subject: [PATCH] Add a parameter ossec_rootcheck_ignore_list Add parameters: - wazuh::manager::ossec_rootcheck_ignore_list - wazuh::agent::ossec_rootcheck_ignore_list --- manifests/agent.pp | 1 + manifests/manager.pp | 1 + manifests/params_agent.pp | 1 + manifests/params_manager.pp | 1 + templates/fragments/_rootcheck.erb | 7 ++++++- 5 files changed, 10 insertions(+), 1 deletion(-) diff --git a/manifests/agent.pp b/manifests/agent.pp index 4e0a70f2..f2581a93 100644 --- a/manifests/agent.pp +++ b/manifests/agent.pp @@ -79,6 +79,7 @@ $ossec_rootcheck_check_ports = $wazuh::params_agent::ossec_rootcheck_check_ports, $ossec_rootcheck_check_if = $wazuh::params_agent::ossec_rootcheck_check_if, $ossec_rootcheck_frequency = $wazuh::params_agent::ossec_rootcheck_frequency, + $ossec_rootcheck_ignore_list = $wazuh::params_agent::ossec_rootcheck_ignore_list, $ossec_rootcheck_rootkit_files = $wazuh::params_agent::ossec_rootcheck_rootkit_files, $ossec_rootcheck_rootkit_trojans = $wazuh::params_agent::ossec_rootcheck_rootkit_trojans, $ossec_rootcheck_skip_nfs = $wazuh::params_agent::ossec_rootcheck_skip_nfs, diff --git a/manifests/manager.pp b/manifests/manager.pp index 9a7fbf46..0650d52e 100644 --- a/manifests/manager.pp +++ b/manifests/manager.pp @@ -73,6 +73,7 @@ $ossec_rootcheck_check_ports = $wazuh::params_manager::ossec_rootcheck_check_ports, $ossec_rootcheck_check_if = $wazuh::params_manager::ossec_rootcheck_check_if, $ossec_rootcheck_frequency = $wazuh::params_manager::ossec_rootcheck_frequency, + $ossec_rootcheck_ignore_list = $wazuh::params_manager::ossec_rootcheck_ignore_list, $ossec_rootcheck_rootkit_files = $wazuh::params_manager::ossec_rootcheck_rootkit_files, $ossec_rootcheck_rootkit_trojans = $wazuh::params_manager::ossec_rootcheck_rootkit_trojans, $ossec_rootcheck_skip_nfs = $wazuh::params_manager::ossec_rootcheck_skip_nfs, diff --git a/manifests/params_agent.pp b/manifests/params_agent.pp index b2c3d002..f75c291e 100644 --- a/manifests/params_agent.pp +++ b/manifests/params_agent.pp @@ -113,6 +113,7 @@ $ossec_rootcheck_check_ports = 'yes' $ossec_rootcheck_check_if = 'yes' $ossec_rootcheck_frequency = 43200 + $ossec_rootcheck_ignore_list = [] $ossec_rootcheck_rootkit_files = '/var/ossec/etc/shared/rootkit_files.txt' $ossec_rootcheck_rootkit_trojans = '/var/ossec/etc/shared/rootkit_trojans.txt' $ossec_rootcheck_skip_nfs = 'yes' diff --git a/manifests/params_manager.pp b/manifests/params_manager.pp index 6c2b0717..412059cc 100644 --- a/manifests/params_manager.pp +++ b/manifests/params_manager.pp @@ -74,6 +74,7 @@ $ossec_rootcheck_check_ports = 'yes' $ossec_rootcheck_check_if = 'yes' $ossec_rootcheck_frequency = 43200 + $ossec_rootcheck_ignore_list = [] $ossec_rootcheck_rootkit_files = '/var/ossec/etc/rootcheck/rootkit_files.txt' $ossec_rootcheck_rootkit_trojans = '/var/ossec/etc/rootcheck/rootkit_trojans.txt' $ossec_rootcheck_skip_nfs = 'yes' diff --git a/templates/fragments/_rootcheck.erb b/templates/fragments/_rootcheck.erb index 94fd4fd9..865149dd 100644 --- a/templates/fragments/_rootcheck.erb +++ b/templates/fragments/_rootcheck.erb @@ -29,6 +29,11 @@ <% if @ossec_rootcheck_frequency-%> <%= @ossec_rootcheck_frequency %> <%- end -%> + <%- if @ossec_rootcheck_ignore_list -%> + <%- @ossec_rootcheck_ignore_list.each do |ignore_element| -%> + <%= ignore_element %> + <%- end -%> + <%- end -%> <% if @ossec_rootcheck_rootkit_files-%> <%= @ossec_rootcheck_rootkit_files %> <%- end -%> @@ -37,7 +42,7 @@ <%- end -%> <% if @ossec_rootcheck_skip_nfs-%> <%= @ossec_rootcheck_skip_nfs%> - <%- end -%> + <%- end -%> <%- else -%>