Replace mon server alias and smtp_server with ip

Due to issues with ossec 2.8.2+ and disabling of the ipv6 stack, name lookups can't `getaddrinfo: Name or service not known`. Using ip addresses in lieu of aliases sidesteps the issue. - Since ossec.conf is not templated, securedrop-ossec agent and server will replace these values as part of the postinst.
freedomofpress · Sep 28, 2018 · f531d03 · f531d03
1 parent 51ba778
commit f531d03
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/install_files/securedrop-ossec-agent/DEBIAN/postinst b/install_files/securedrop-ossec-agent/DEBIAN/postinst
@@ -18,7 +18,11 @@ set -e
 
 case "$1" in
     configure)
-        service ossec restart
+	    # Replace monitor server domain name by ip address due to
+	    #  https://github.com/ossec/ossec-hids/issues/1145
+	    mon_ip=$(grep -oP "^\\d+\.\\d+\.\\d+\.\\d+(?=.*securedrop-monitor-server-alias)" /etc/hosts)
+	    sed -i -e "s/<server-hostname>securedrop-monitor-server-alias<\/server-hostname>/<server-ip>$mon_ip<\/server-ip>/g" /var/ossec/etc/ossec.conf
+	    service ossec restart
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)
@@ -28,6 +32,7 @@ case "$1" in
         echo "postinst called with unknown argument \`$1'" >&2
         exit 1
     ;;
+
 esac
 
 # dh_installdeb will replace this with shell code automatically

diff --git a/install_files/securedrop-ossec-server/DEBIAN/postinst b/install_files/securedrop-ossec-server/DEBIAN/postinst
@@ -29,6 +29,10 @@ case "$1" in
         chown root:${GROUP} ${OSSEC_HOME}/rules/local_rules.xml
         chmod 440 ${OSSEC_HOME}/rules/local_rules.xml
 
+        # Replace localhost with 127.0.0.1 for smtp_server due to
+        #  https://github.com/ossec/ossec-hids/issues/1145
+        sed -i -e "s/<smtp_server>localhost<\/smtp_server>/<smtp_server>127.0.0.1<\/smtp_server>/g" /var/ossec/etc/ossec.conf
+
         # Restart OSSEC to load the new configs.
         service ossec restart
     ;;