From 68d6aa009c87714f94855e5dc9a5d60992209b84 Mon Sep 17 00:00:00 2001
From: Dominik Lisiak <dominik.lisiak@bemsoft.pl>
Date: Thu, 27 Oct 2022 09:56:38 +0200
Subject: [PATCH] security/ossec-hids*: local_rules.xml replaced with sample
 file

PR:		266176
Reported by:	dominik.lisiak@bemsoft.pl (maintainer)
---
 security/ossec-hids-agent/Makefile           | 1 +
 security/ossec-hids-local/Makefile           | 5 +++++
 security/ossec-hids-local/pkg-plist-local    | 2 +-
 security/ossec-hids-local/pkg-plist-server   | 2 +-
 security/ossec-hids-local/scripts/plist.conf | 4 ++++
 5 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/security/ossec-hids-agent/Makefile b/security/ossec-hids-agent/Makefile
index 52eae5c0eb24..c0f5736fbc23 100644
--- a/security/ossec-hids-agent/Makefile
+++ b/security/ossec-hids-agent/Makefile
@@ -1,3 +1,4 @@
+PORTREVISION=	0
 COMMENT=	Security tool to monitor and check logs and intrusions - agent installation
 OSSEC_TYPE=	agent
 
diff --git a/security/ossec-hids-local/Makefile b/security/ossec-hids-local/Makefile
index 820bed6b7b88..de07d873f3d4 100644
--- a/security/ossec-hids-local/Makefile
+++ b/security/ossec-hids-local/Makefile
@@ -1,3 +1,4 @@
+PORTREVISION?=	1
 PKGNAMESUFFIX?=	-${OSSEC_TYPE}
 COMMENT?=	Security tool to monitor and check logs and intrusions - local (standalone) installation
 WWW=		https://ossec.github.io
@@ -139,6 +140,10 @@ SAMPLE_FILES=		${OSSEC_HOME}/etc/local_internal_options.conf \
 			${OSSEC_HOME}/active-response/bin/ossec-slack.sh \
 			${OSSEC_HOME}/active-response/bin/ossec-tweeter.sh
 
+.if ${OSSEC_TYPE} != agent
+SAMPLE_FILES+=		${OSSEC_HOME}/rules/local_rules.xml
+.endif
+
 .if empty(USER)
 USER=$$(${ID} -un)
 .endif
diff --git a/security/ossec-hids-local/pkg-plist-local b/security/ossec-hids-local/pkg-plist-local
index 630a2d4aaa57..55fa77b05b9d 100644
--- a/security/ossec-hids-local/pkg-plist-local
+++ b/security/ossec-hids-local/pkg-plist-local
@@ -119,7 +119,7 @@
 @(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/lighttpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml
-@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml
+@sample(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml.sample
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml
diff --git a/security/ossec-hids-local/pkg-plist-server b/security/ossec-hids-local/pkg-plist-server
index 630a2d4aaa57..55fa77b05b9d 100644
--- a/security/ossec-hids-local/pkg-plist-server
+++ b/security/ossec-hids-local/pkg-plist-server
@@ -119,7 +119,7 @@
 @(,ossec,0640) %%OSSEC_HOME%%/rules/last_rootlogin_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/lighttpd_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/linux_usbdetect_rules.xml
-@(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml
+@sample(,ossec,0640) %%OSSEC_HOME%%/rules/local_rules.xml.sample
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mailscanner_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mcafee_av_rules.xml
 @(,ossec,0640) %%OSSEC_HOME%%/rules/mhn_cowrie_rules.xml
diff --git a/security/ossec-hids-local/scripts/plist.conf b/security/ossec-hids-local/scripts/plist.conf
index 7095978eedcd..756b49f80c3d 100644
--- a/security/ossec-hids-local/scripts/plist.conf
+++ b/security/ossec-hids-local/scripts/plist.conf
@@ -33,3 +33,7 @@ sample_paths="
 /active-response/bin/ossec-pagerduty.sh.sample
 /active-response/bin/ossec-slack.sh.sample
 /active-response/bin/ossec-tweeter.sh.sample"
+if [ "${OSSEC_TYPE}" != "agent" ]; then
+    sample_paths="${sample_paths}
+/rules/local_rules.xml.sample"
+fi