search

ossec / ossec-hids

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
http://www.ossec.net
Other
4.33k stars 1.02k forks source link

/var/ossec/etc/ossec.conf and Ansible community.general.xml #2102

Open fcorneli opened 7 months ago

fcorneli commented 7 months ago

When provisioning OSSEC via Ansible using the community.general.xml module, this module adds

<?xml version="1.0" encoding="utf-8"?>

on top of the -what should be- XML configuration file. However, the OSSEC XML parser fails on this.

Right now I have to apply the following rather painful work-around (CentOS 7):

- name: Install required tools
  ansible.builtin.package:
    name: "{{ item }}"
    state: present
  with_items:
    - libxml2
    - epel-release
    - moreutils
- name: Sanitize ossec.conf
  ansible.builtin.shell: set -o pipefail && /usr/bin/xmllint -c14n /var/ossec/etc/ossec-server.conf | /usr/bin/sponge /var/ossec/etc/ossec-server.conf

Could the OSSEC XML config parser be fixed to simply ignore such XML declarations?