update the ossec plugin

- harmonize the coding style of the three scripts - harmonize the label names and file names with other popular plugins - fix active_response script to use correct date format
2025-07-21 18:41:03 +00:00 · 2015-02-04 17:24:37 +01:00 · 2015-02-04 17:24:37 +01:00 · c098ee86fa
commit c098ee86fa
parent 375621b4ba
6 changed files with 126 additions and 156 deletions
--- a/plugins/ossec/ossec-active-response
+++ b/plugins/ossec/ossec-active-response
@ -1,79 +0,0 @@
 # /bin/ sh
 #
 if [ "$1" = "autoconf" ] ; then
 echo "yes"
 #
 exit 0 
 #
 fi
 #
 #
 logdir="/var/ossec/logs/"
 if [ "$1" = "config" ] ; then
 #
 echo "graph_title Active Response" 
 #
 echo "graph_args --base 1000 -l 0 " 
 #
 echo "graph_vlabel Number of active response" 
 #
 echo "graph_category Ossec" 
 #
 echo "graph_scale no" 
 #
 echo "c_add_actions.label Number of Rules added" 
 #
 echo "c_add_actions.draw LINE2" 
 #
 echo 'c_add_actions.min 0' 
 #
 echo "c_del_actions.label Number of Rules deleted" 
 #
 echo "c_del_actions.draw LINE2" 
 #
 echo 'c_del_actions.min 0' 
 #
 exit 0 
 #
 fi
 #
 #
 ####Deleting the temporary logs files ##########
 rm -fr /tmp/ossecactive* 
 ###For Loop for grepping the last 5 mins logs and moving it to the /tmp
 month="$(date "+%b")"; time="$(date "+%d")";year="$(date "+%Y")";
 if [ "$time" -le "9" ]; then
 search1="$month  $time"
 else
 search1="$month $time"
 fi
 #search1="$month  $time"
 #echo "$search1"
 for (( i = 5; i>=0; i-- )) ; do grep $(date "+%R" -d "-$i min") /var/ossec/logs/active-responses.log | grep "$search1" | grep "$year" >> /tmp/ossecactive.log;done	
 #############Fore Loop Ends##########
 ####Grepping the Hosts Blocked in last 5 mins###########
 NB_ADD=`cat /tmp/ossecactive.log| grep add | wc -l` 
 ###########Grepping the Hosts Removed from the blocked list in last 5 mins############
 NB_DEL=`cat /tmp/ossecactive.log | grep del | wc -l`
 #
 #
 ############Displaying the VALUES#############
 echo "c_add_actions.value ${NB_ADD}" 
 #
 echo "c_del_actions.value ${NB_DEL}" #
 #
 exit 0 
--- a/plugins/ossec/ossec-agents
+++ b/plugins/ossec/ossec-agents
@ -1,31 +0,0 @@
 #!/bin/bash
 if [ "$1" = "autoconf" ]; then
 echo "yes"
 exit 0
 fi
 if [ "$1" = "config" ]; then
 echo "graph_title Ossec Agents Status"
 echo "graph_args --base 1000 -l 0"
 echo "graph_vlabel Number of Ossec Agents"
 echo "graph_category Ossec"
 echo "graph_scale no"
 echo "active.label ACTIVE"
 echo "active.draw LINE2"
 echo 'active.min 0'
 echo "inactive.label INACTIVE"
 echo "inactive.draw LINE2"
 echo 'inactive.min 0'
 exit 0
 fi
 ACTIVE=`/var/ossec/bin/list_agents -c | grep -wv "** No agent available" | wc -l`
 INACTIVE=`/var/ossec/bin/list_agents -n | grep -wv "** No agent available" | wc -l`
 echo "active.value ${ACTIVE}"
 echo "inactive.value ${INACTIVE}"
 exit 0
--- a/plugins/ossec/ossec-alerts
+++ b/plugins/ossec/ossec-alerts
@ -1,46 +0,0 @@
 #!/bin/bash
 if [ "$1" = "autoconf" ]; then
 echo "yes"
 exit 0
 fi
 if [ "$1" = "config" ]; then
 echo "graph_title Ossec Alerts per service"
 echo "graph_args --base 1000 -l 0"
 echo "graph_vlabel Number of Alerts per service"
 echo "graph_category Ossec"
 echo "graph_scale no"
 echo "apache.label APACHE"
 echo "apache.draw LINE2"
 echo 'apache.min 0'
 echo "ssh.label SSH"
 echo "ssh.draw LINE2"
 echo 'ssh.min 0'
 echo "sudo.label SUDO"
 echo "sudo.draw LINE2"
 echo 'sudo.min 0'
 echo "total.label TOTAL"
 echo "total.draw LINE2"
 echo 'total.min 0'
 exit 0
 fi
 rm -fr /tmp/ossecalerts*
 logdir="/var/ossec/logs/alerts"
 ###For Loop for grepping the last 5 mins logs 
 for (( i = 5; i >=0; i-- )) ; do
     grep $(date +%R -d "-$i  min") $logdir/alerts.log >> /tmp/ossecalerts.log
 done
 APACHE=`cat /tmp/ossecalerts.log | grep -i 'apache\|http' | wc -l`
 SSH=`cat /tmp/ossecalerts.log | grep ssh | wc -l`
 SUDO=`cat /tmp/ossecalerts.log | grep sudo | wc -l`
 TOTAL=`cat /tmp/ossecalerts.log | grep -v ">"| wc -l`
 echo "apache.value ${APACHE}"
 echo "ssh.value ${SSH}"
 echo "sudo.value ${SUDO}"
 echo "total.value ${TOTAL}"
 exit 0
--- a/plugins/ossec/ossec_active_response
+++ b/plugins/ossec/ossec_active_response
@ -0,0 +1,45 @@
 #!/bin/bash
 if [ "$1" = "autoconf" ]; then
 	echo "yes"
 	exit 0
 fi
 if [ "$1" = "config" ]; then
 	echo "graph_title OSSEC Active Response"
 	echo "graph_args --base 1000 -l 0"
 	echo "graph_vlabel Number of responses"
 	echo "graph_category ossec"
 	echo "graph_scale no"
 	echo "c_add_actions.label rules added"
 	echo "c_add_actions.draw LINE2"
 	echo 'c_add_actions.min 0'
 	echo "c_del_actions.label rules deleted"
 	echo "c_del_actions.draw LINE2"
 	echo 'c_del_actions.min 0'
 	exit 0
 fi
 ### Deleting temporary log files from last run
 rm -f /tmp/ossecactive.log
 logdir="/var/ossec/logs"
 ### day of moth needs to be space padded
 month="$(date "+%b")"; day="$(date "+%e")";year="$(date "+%Y")";
 search1="$month $day"
 ### for loop for grepping the last 5 min of logs and copy it to /tmp
 for (( i = 5; i >=0; i-- )) ; do
 	grep $(date "+%R" -d "-$i  min") $logdir/active-responses.log | grep "$search1" | grep "$year" >> /tmp/ossecactive.log
 done
 ### End for loop
 ### count the lines for each action in the temporary log file
 NB_ADD=`cat /tmp/ossecactive.log | grep add | wc -l`
 NB_DEL=`cat /tmp/ossecactive.log | grep del | wc -l`
 echo "c_add_actions.value ${NB_ADD}"
 echo "c_del_actions.value ${NB_DEL}"
 exit 0
--- a/plugins/ossec/ossec_agents
+++ b/plugins/ossec/ossec_agents
@ -0,0 +1,32 @@
 #!/bin/bash
 if [ "$1" = "autoconf" ]; then
 	echo "yes"
 	exit 0
 fi
 if [ "$1" = "config" ]; then
 	echo "graph_title Ossec agents status"
 	echo "graph_args --base 1000 -l 0"
 	echo "graph_vlabel Number of ossec agents"
 	echo "graph_category ossec"
 	echo "graph_scale no"
 	echo "active.label active"
 	echo "active.draw LINE2"
 	echo 'active.min 0'
 	echo "inactive.label inactive"
 	echo "inactive.draw LINE2"
 	echo 'inactive.min 0'
 	exit 0
 fi
 ### where to find the ossec tools
 ossecdir="/var/ossec/bin"
 ### count the lines from the output of the list_agents tool
 ACTIVE=`$ossecdir/list_agents -c | grep -wv "** No agent available" | wc -l`
 INACTIVE=`$ossecdir/list_agents -n | grep -wv "** No agent available" | wc -l`
 echo "active.value ${ACTIVE}"
 echo "inactive.value ${INACTIVE}"
 exit 0
--- a/plugins/ossec/ossec_alerts
+++ b/plugins/ossec/ossec_alerts
@ -0,0 +1,49 @@
 #!/bin/bash
 if [ "$1" = "autoconf" ]; then
 	echo "yes"
 	exit 0
 fi
 if [ "$1" = "config" ]; then
 	echo "graph_title Ossec alerts per service"
 	echo "graph_args --base 1000 -l 0"
 	echo "graph_vlabel Number of alerts per service"
 	echo "graph_category ossec"
 	echo "graph_scale no"
 	echo "apache.label httpd"
 	echo "apache.draw LINE2"
 	echo 'apache.min 0'
 	echo "ssh.label ssh"
 	echo "ssh.draw LINE2"
 	echo 'ssh.min 0'
 	echo "sudo.label sudo"
 	echo "sudo.draw LINE2"
 	echo 'sudo.min 0'
 	echo "total.label total"
 	echo "total.draw LINE2"
 	echo 'total.min 0'
 	exit 0
 fi
 ### Deleting temporary log files from last run
 rm -f /tmp/ossecalerts.log
 logdir="/var/ossec/logs/alerts"
 ###For Loop for grepping the last 5 mins logs
 for (( i = 5; i >=0; i-- )) ; do
 	grep $(date +%R -d "-$i  min") $logdir/alerts.log >> /tmp/ossecalerts.log
 done
 ### End for loop
 ### count the lines for each service in the temporary log file
 APACHE=`cat /tmp/ossecalerts.log | grep -i 'apache\|http' | wc -l`
 SSH=`cat /tmp/ossecalerts.log | grep ssh | wc -l`
 SUDO=`cat /tmp/ossecalerts.log | grep sudo | wc -l`
 TOTAL=`cat /tmp/ossecalerts.log | grep -v ">"| wc -l`
 echo "apache.value ${APACHE}"
 echo "ssh.value ${SSH}"
 echo "sudo.value ${SUDO}"
 echo "total.value ${TOTAL}"
 exit 0