#!/bin/sh ossec_type="%%OSSEC_TYPE%%" ossec_home="%%OSSEC_HOME%%" ossec_conf_dir="${ossec_home}/etc/ossec.conf.d" ossec_conf_files="${ossec_conf_dir}/*.conf" select_elements_content() { local element="$1" sed -n "/<${element}>/,/<\/${element}>/{ /<${element}>/d; /<\/${element}>/d; p; }" } remove_elements() { local element="$1" sed -e "/<${element}>/,/<\/${element}>/d" } remove_comments() { # Comments must be on separate lines i.e. not next to uncommented code awk '// {off=2} /([\s\S]*)/ {if (off==0) print; if (off==2) off=0}' } remove_empty_lines() { sed '/^\s*$/d' } ossec_conf() { echo "" echo echo "" echo echo "" if [ "${ossec_type}" != "agent" ]; then if cat $@ | remove_comments | grep -q ""; then echo " " cat $@ | remove_comments | select_elements_content "rules" | remove_empty_lines echo " " fi fi if cat $@ | remove_comments | grep -q ""; then echo " " cat $@ | remove_comments | select_elements_content "rootcheck" | remove_empty_lines echo " " fi if cat $@ | remove_comments | grep -q ""; then echo " " cat $@ | remove_comments | select_elements_content "syscheck" | remove_empty_lines echo " " fi cat $@ | remove_comments | select_elements_content "ossec_config" | remove_elements "rules" | remove_elements "rootcheck" | remove_elements "syscheck" | remove_empty_lines echo "" } ossec_conf "${ossec_conf_files}"