[ossec-cvs] ossec-hids: getattr.pl (NEW) remove_ossec (NEW) [dcid]

[OSSEC CVS <cvs-commit@xxxxxxxxx>]

Module name:	ossec-hids
Changes by:	dcid	07/09/07 18:42:18

Added files:
	getattr.pl remove_ossec

Log message:
Bug:
Description: Adding ossec specs (by Michael Williams (maverick at maverick.org))

--- NEW FILE: getattr.pl ---
#!/usr/bin/perl -w

#
# find /var/ossec/ -exec ./getattr.pl {} \;
#

use File::stat;

my %UID;
my %GUID;

$filename = shift || die "\nsyntax: $0 <file|directory>\n\n";

get_uid();
get_gid();

$sb = stat($filename);

die "\nUID $sb->uid doesn't exist?! ($filename)\n\n" if (! exists($UID[$sb->uid]));
die "\nGID $sb->uid doesn't exist?! ($filename)\n\n" if (! exists($GID[$sb->gid]));

if ( -d $filename ) {  ### directory
  print '%dir ' . $filename . "\n";
} elsif ( -f $filename ) { ### file
  print $filename . "\n";
} else {
  die("\nI can't handle: $filename\n\n");
}

# %attr(550, root, ossec) /var/ossec/etc

printf "%%attr(%03o, %s, %s) %s\n",
    $sb->mode & 07777,
    $UID[$sb->uid], $GID[$sb->gid], $filename;

#printf "%s: perm %04o, owner: %s, group: %s \n",
#    $filename, $sb->mode & 07777,
#    $UID[$sb->uid], $GID[$sb->gid];

sub get_uid
{
   open(FP,'</etc/passwd') || die "\nCan't open /etc/passwd\n\n";

   while ($line = <FP>) {
     ($name,$id) = (split(/:/,$line,))[0,2];
     $UID[$id] = $name;
   }
   close(FP);
}

sub get_gid
{
   open(FP,'</etc/group') || die "\nCan't open /etc/group\n\n";

   while ($line = <FP>) {
     ($name,$id) = (split(/:/,$line,))[0,2];
     $GID[$id] = $name;
   }
   close(FP);
}  


--- NEW FILE: remove_ossec ---
#!/bin/bash

rpm -e ossec-hids-server-FC7
rpm -e ossec-hids-local-FC7
rpm -e ossec-hids-agent-FC7

rm -fr /var/ossec/ 

for A in ossec ossecm ossece ossecr ; do /usr/sbin/userdel -r $A ; done 

/usr/sbin/groupdel ossec

/sbin/chkconfig ossec off
/sbin/chkconfig --del ossec

# Remove init.d file
[ -f /etc/init.d/ossec ] && rm /etc/init.d/ossec