---
name: ossec-hids-server
version: 2.7
origin: security/ossec-hids-server
comment: A security tool to monitor and check logs and intrusions
arch: freebsd:9:x86:64
www: http://www.ossec.net/
maintainer: glarkin@FreeBSD.org
prefix: /usr/local
licenselogic: single
flatsize: 11951932
desc: |
  OSSEC is an Open Source Host-based Intrusion Detection System.
  It performs log analysis, integrity checking, Windows registry
  monitoring, rootkit detection, time-based alerting and active
  response.

  WWW: http://www.ossec.net/
categories: [security]
users: [ossecr, ossecm, ossec]
groups: [ossec]
options: {DOCS: on, MYSQL: off, PGSQL: off}
files:
  /usr/local/etc/rc.d/ossec-hids: b9a9cbe210e5031eede03c7f736bb3fbcc9d032c87e55d2767fa245998416357
  /usr/local/ossec-hids/active-response/bin/disable-account.sh: f9a813e4e53823fc8d43a8ec1a91df67524308156eabdf63c8440086f2394260
  /usr/local/ossec-hids/active-response/bin/firewall-drop.sh: 5c48ccea0bedb4854aee80f5c371e3a00f9f7b3e5aa097a3e76d77fc4c682eb9
  /usr/local/ossec-hids/active-response/bin/host-deny.sh: a92731e8b8ef0e0e6ac663e2ab01d92b5809a94f46858f4cbcf7dc01aa92aec1
  /usr/local/ossec-hids/active-response/bin/ipfw.sh: 1ca8c12b62b03c3eaa2e2adc6cfe2398055180b17d382a801d220f35f01efa9a
  /usr/local/ossec-hids/active-response/bin/ipfw_mac.sh: c5d73ba9fb994f7f4c13746a0a2a2d3a9bf0600fb9e39338021e39844df61204
  /usr/local/ossec-hids/active-response/bin/ossec-tweeter.sh: 5781e4c355eee177f8789ce242a75dde4b27f1f313e6eb4b1641227ab2767848
  /usr/local/ossec-hids/active-response/bin/pf.sh: b36ffcb208c441f9c7547170888634eb1c237bdc9a6fa7b207a91aff171f2f0e
  /usr/local/ossec-hids/active-response/bin/restart-ossec.sh: e736dde6929e32461fe51db100d4bff0d80ac2d316e7011aa4ac8294bb94a0a9
  /usr/local/ossec-hids/active-response/bin/route-null.sh: 7b180716a51e2910f2e2595675e087bb173ba962aa61c0835990f186818704c2
  /usr/local/ossec-hids/agentless/main.exp: 5714dd884065a61ba76e2ea64b5e34cd772b05f1236cca1b1560453859c51b7a
  /usr/local/ossec-hids/agentless/register_host.sh: 17259074c474eeb4ce681de22d537df841878e16afe18ebc5395136952fd4409
  /usr/local/ossec-hids/agentless/ssh.exp: 5c7c776bd51ea5278df7c61683c07043d6ff8ae275fa4ae491605e7e7efa374b
  /usr/local/ossec-hids/agentless/ssh_asa-fwsmconfig_diff: 8db328d8b0d2983b2a15ca437de8cdba77c3fd9baf5a7cf3de7ef964d4cc12d8
  /usr/local/ossec-hids/agentless/ssh_foundry_diff: 5a71febacae4f138f9ec10024a12cf575cc1e8d1c0acd75bba23d8a4b1ae7c97
  /usr/local/ossec-hids/agentless/ssh_generic_diff: 6f34bc106944b14f45afcb983ecff32260e65d767b7d0ddf04b55dd62d31f99d
  /usr/local/ossec-hids/agentless/ssh_integrity_check_bsd: 7add0c3b7abe86dfb0a2e29b01a6c6d90c4753232187961cd433ebd03a826755
  /usr/local/ossec-hids/agentless/ssh_integrity_check_linux: 1662ad5b46a0a66592c4d8b035d890340867ab25eb5a0f508c51edbac2bbc24a
  /usr/local/ossec-hids/agentless/ssh_nopass.exp: 1e93338483db73bb9571fbc05565b81f9695937709698510d40ad78a9e2c1973
  /usr/local/ossec-hids/agentless/ssh_pixconfig_diff: 41ae7d35f1ee0240c58808f3138c21322c577495dfe2de13219e4274c55722a9
  /usr/local/ossec-hids/agentless/sshlogin.exp: 00f8187f0435b42ce4b9b07fbf1df73502a5dd22329c6b5070786e137d5a3f97
  /usr/local/ossec-hids/agentless/su.exp: 38e0d5d61620a94b3fc552a822e40d27bd6add5cb354dab8779b2c180e5f692e
  /usr/local/ossec-hids/bin/agent_control: 72f4321a628af07320bf57ef73b4f1065653a2caa51eaee8dc88a87d41a72d18
  /usr/local/ossec-hids/bin/clear_stats: 2c41c27982ef6883b844c39c6d7913b59a308e05565ca7dd29b5cd2f17804445
  /usr/local/ossec-hids/bin/list_agents: 741f6018368dcbf2f79bc69715b2b6ca33cdb681eb79eb013d45adb9f05231df
  /usr/local/ossec-hids/bin/manage_agents: fd1427d6aaff52355adf0f37462af02f7a281ce3294adcd5ab52fdf20b8a8b7c
  /usr/local/ossec-hids/bin/ossec-agentd: 1aa5e48b0d4085a9390f04644a97773b999b1a62d3a7b44d996498708fad0ea2
  /usr/local/ossec-hids/bin/ossec-agentlessd: af0415940ef53120bdf5be138e8254a2c69a5e31d62971cbff33d2b1a278dfeb
  /usr/local/ossec-hids/bin/ossec-analysisd: 0b84b5311cfb5c4dd514b99dd090f0ce6f854f5f8662596302b5a5b5b6545532
  /usr/local/ossec-hids/bin/ossec-authd: 026d37389744abdd4ee2f69521fcfdffffdd4960133eecd5d49325c7361fa7cf
  /usr/local/ossec-hids/bin/ossec-control: d62b62bbc8a6e8e913e3417cc2a2d20fa2d00ae833319ca868d80ed31b819761
  /usr/local/ossec-hids/bin/ossec-csyslogd: d6d3a00278143f5f296205ee28d01a391616602d11ed77c7e5f53722adea9827
  /usr/local/ossec-hids/bin/ossec-dbd: db7ec16cbc5aed890f8d239f5b1fa1c6191f7e962a4742e4ed68d2e59cf52ee0
  /usr/local/ossec-hids/bin/ossec-execd: 873913b1bf6d10159e98d6d8b4a4a2409d3774688580896e5c91f9ccd96006cc
  /usr/local/ossec-hids/bin/ossec-logcollector: a18bae436459ed7cdcca110d52b811049b07ffa85f5df1ef26b9032c24f576eb
  /usr/local/ossec-hids/bin/ossec-logtest: 9bb81cabd885c063c0140a5d4dc343cc1ef6133aed650a5278101f4b991043df
  /usr/local/ossec-hids/bin/ossec-maild: 6654294c615837a14886e9ca8c5c54f026eb3d4aa1324eb439d593a7e6c48b1c
  /usr/local/ossec-hids/bin/ossec-makelists: 57768ecd272217976f4a5fe48858c08cbeec137605524b62f32c923f4a2105c0
  /usr/local/ossec-hids/bin/ossec-monitord: 290e8bb68f565fd0aa79219d645403af3374839005f8a6b7046984baedb310c5
  /usr/local/ossec-hids/bin/ossec-regex: ec98533063937b57303678e394300be34e30d0f5a60b8f219914a3318f5c0117
  /usr/local/ossec-hids/bin/ossec-remoted: 6e0ccfdad4a23ad5e18d01df4a54fa81c870427528f3ed4d2a28771c60d42590
  /usr/local/ossec-hids/bin/ossec-reportd: 556311b140b3f8c07dcfddb13e34e2c2b361df3f40d9b09c20681f542e12dfff
  /usr/local/ossec-hids/bin/ossec-syscheckd: 4aba5550ae545b37c1366898534b71d2fcfa6d1bd9e0be44cbfdfd123c9a4dfc
  /usr/local/ossec-hids/bin/rootcheck_control: e5c69c17218acf69cde0905208560923d3b505a5ed9b731a5bb44dcf75942a78
  /usr/local/ossec-hids/bin/syscheck_control: d1e72b0df419006482d7700e9f0e3551d3477ccc1294afe0ab0c0d59225ca112
  /usr/local/ossec-hids/bin/syscheck_update: aaf072be6db8e1063c8c587ca5206e89de010ecc6e62e0a42bb5ba70405610e5
  /usr/local/ossec-hids/bin/util.sh: 7191c4dac4228a3e38f28a3a14e2fedc526db716726608983041659d2fb70c26
  /usr/local/ossec-hids/bin/verify-agent-conf: b5f3bfc9f276c36578d54dd83db238d67e3ab77f60d9b1d0b2311956f34dd78d
  /usr/local/ossec-hids/etc/decoder.xml: ea149981d5ec5b706ce83d97d85235d4ddac73d92f9e162aa9ffbd583596188d
  /usr/local/ossec-hids/etc/internal_options.conf: 7643987780244a943c24e1a11cf4be80dae7644018a3ca87d16ea8b9bb1c6add
  /usr/local/ossec-hids/etc/ossec.conf.sample: 487a0fed2a0ae738b4d3c8b3fdd39cd48e383d016a804bd3c26923a43692487a
  /usr/local/ossec-hids/etc/shared/cis_debian_linux_rcl.txt: b67d748ffd8f0d93addd22a34a49382cf06f1482f1c5dd4d0c2cec3d8b0934b9
  /usr/local/ossec-hids/etc/shared/cis_rhel5_linux_rcl.txt: 1a650e582b4fa5e76783c322e5a2f2509525e8a2651b7720657da1cfdc103e08
  /usr/local/ossec-hids/etc/shared/cis_rhel_linux_rcl.txt: 127017cfbd3fc0068cf4f93f5d35c778ce953c0316de44395a4b79fe74363ee4
  /usr/local/ossec-hids/etc/shared/rootkit_files.txt: 33c55ffc061bd78691ca6917955e915ce51a44fadf2183f6e73d53ac48ecee81
  /usr/local/ossec-hids/etc/shared/rootkit_trojans.txt: 1c06480dc4e1705eb4a5c0ad27bfe9daff660c553d4f68de5f68903c246e5bd7
  /usr/local/ossec-hids/etc/shared/system_audit_rcl.txt: 523a014c4029f0587d6061af5e3129af41e118b7eba467c3c6b6aedc3ea9db5e
  /usr/local/ossec-hids/etc/shared/win_applications_rcl.txt: a3fc0771cfc7b2827d0d920acc01b6d16a74c70742364dbb32479e2215eeec73
  /usr/local/ossec-hids/etc/shared/win_audit_rcl.txt: fde2b7d83bf42b14a14bcac75f62dd5588b3eef67cc51981c3c2425be47fcb2a
  /usr/local/ossec-hids/etc/shared/win_malware_rcl.txt: 86a1a5b304db8c05715b5f8b018703b5a1be4dd82ac187aa349cf03cfd650423
  /usr/local/ossec-hids/rules/apache_rules.xml: dcd7578af24dbb342d4dac9fcbf2d8452a89af76b1bfca37f408a60269de9bc2
  /usr/local/ossec-hids/rules/arpwatch_rules.xml: e6272d0032cf0edff6c621d3b5897bd4cddc12b873055335677a8de41d07b493
  /usr/local/ossec-hids/rules/asterisk_rules.xml: 9a6627ac67c3c821607b0817830c4e7f3e860f672924e6abf26493de03230b0e
  /usr/local/ossec-hids/rules/attack_rules.xml: 71b1294d230b8afc3e82310bcd5163519bb5d7d9c0d9f452ddb3e39dc87f52a0
  /usr/local/ossec-hids/rules/bro-ids_rules.xml: f487f3ee6b07c9c5b242b4aac534ab6aa66b015a832e945e17b5d81625056a0c
  /usr/local/ossec-hids/rules/cimserver_rules.xml: d1990a7a4b396c3ac7c026a5c9ae40ab59b96eb9a175f95783a040c234fd7dda
  /usr/local/ossec-hids/rules/cisco-ios_rules.xml: d24321b206dd120bc4f64a7618b42e46ad13d8ad0ad6a35d7e8b300c5821ad3c
  /usr/local/ossec-hids/rules/clam_av_rules.xml: 42f4d1b70cb21f3fb7ce1f5809d9f676c865f8453100864dae793074e5080e48
  /usr/local/ossec-hids/rules/courier_rules.xml: dc87b3f4f3f2f3dce309f3f10ff36b79257746fb4182afa6ddf522fca6d8711c
  /usr/local/ossec-hids/rules/dovecot_rules.xml: 23da51472a126e2f35c0c24cb2590ace80a629d407b210a4b8eb1fbb03430e0d
  /usr/local/ossec-hids/rules/dropbear_rules.xml: 14e3e8eeed424df3b2a62a4c8320b4214dc2fd80c92278c0914da4c88f9550d8
  /usr/local/ossec-hids/rules/firewall_rules.xml: 34d184f5890aa8be18d85dba0139343ac773fcc04a137d93cf800ef61349277b
  /usr/local/ossec-hids/rules/ftpd_rules.xml: 73bec44b6c26c91da101e1cd2001d63d90687b0ed4f344f4b94ed32611e93bdd
  /usr/local/ossec-hids/rules/hordeimp_rules.xml: 8d221839739981e1204030d43f71336080b3746dc7d252db68a0e36c908c671d
  /usr/local/ossec-hids/rules/ids_rules.xml: 62720cd089d925c748308703f0768dc3af11086bbbee67e27fc701b3eb02f3cd
  /usr/local/ossec-hids/rules/imapd_rules.xml: df916deb5e65fba81992407113de8d9516e581def9dd777d72f5653bbff2bd8e
  /usr/local/ossec-hids/rules/local_rules.xml: 39b2008cb86a5f61646a7e868b531cd4d3c567a46922d9b966c293259bbc233b
  /usr/local/ossec-hids/rules/mailscanner_rules.xml: 14c4c6b5dc106a51a3fda7c50adc09d3cadb20c14bf8127207a50eb4c07a3660
  /usr/local/ossec-hids/rules/mcafee_av_rules.xml: 0641c91800713c62466033aec031c479a0fd20cf9a1bd48dc774f95a9870a326
  /usr/local/ossec-hids/rules/ms-exchange_rules.xml: 5968db1bcdbe70c3e19da656736dcd9fc0b71a8bee0ad5edb387482f0ffb3e54
  /usr/local/ossec-hids/rules/ms-se_rules.xml: 1035c85a9168c125a7abadbe64a5335a2204ed073ab10c5556b9d0f5c830e14a
  /usr/local/ossec-hids/rules/ms_dhcp_rules.xml: 58e8ef0fab1ae6ac2d905c59c6a1b4f036e732d5fdb9d1bd87b7294ceb44c2d5
  /usr/local/ossec-hids/rules/ms_ftpd_rules.xml: 0b9d4d5486af93d273af565c632a0ab7df9580db9805c6af61c46038fa9fe305
  /usr/local/ossec-hids/rules/msauth_rules.xml: c09c2c74954891cba9d1d7ae9b96d0f6905794d1e49c5e1deba65318a6109698
  /usr/local/ossec-hids/rules/mysql_rules.xml: 4ce1ff2c91f297f9ca266285d1a25da7c3d44d688c8220c59f446ef9fc5f2623
  /usr/local/ossec-hids/rules/named_rules.xml: deb37a7d532c5f97fd8b0e5b66139fa9d61811841a02e5b3b580b5104a9fd05a
  /usr/local/ossec-hids/rules/netscreenfw_rules.xml: de6e8bff65979eb08be161d42e2346a0bec232b89b074cd6102352484eec8c95
  /usr/local/ossec-hids/rules/nginx_rules.xml: ac55a01a83ae2227f21a6002f239f38b2f35c6f547354230c4c2f82745589490
  /usr/local/ossec-hids/rules/openbsd_rules.xml: c774cd5399bb22c7bd54c032767da31e395fd622ef7746c6834a8c435f61184d
  /usr/local/ossec-hids/rules/ossec_rules.xml: d5a8afad336a0ad2f496f87c399da79285f747adf26f2f3501bf7b0720e266fc
  /usr/local/ossec-hids/rules/pam_rules.xml: ee73100d878a1f01a4d703a634d820e9a44b4041adb73032b2037b6831312dcb
  /usr/local/ossec-hids/rules/php_rules.xml: 1b9f3c03db1608a619f9c05f8cb5d56b49be65c608fb1b059193b15f3ecedc0f
  /usr/local/ossec-hids/rules/pix_rules.xml: 9b26d43aa4cf8885933d8c5a078cb8ef122038f3bea6fb64e5c1be72ad181c3d
  /usr/local/ossec-hids/rules/policy_rules.xml: 3a316eee83cb1c822f14d668df6d72152025813fb8e0a8f12504f212877950e8
  /usr/local/ossec-hids/rules/postfix_rules.xml: 679b2a2c5cb7136867d5a76221387459eb9aff3fbec572086bee4c367b9c8a65
  /usr/local/ossec-hids/rules/postgresql_rules.xml: d2e1cbc7c1df2a8b763134fcfd48aec82b54da3fba22a04cde0a663705f68098
  /usr/local/ossec-hids/rules/proftpd_rules.xml: 841d4967f35ed7bfbfb372f6ef2a020117e27eeaa8addc226a4bec15ac3e15af
  /usr/local/ossec-hids/rules/pure-ftpd_rules.xml: cc047aedd9662a1000a9edb01616bd8401e5ad96f974400f92be50913a71537c
  /usr/local/ossec-hids/rules/racoon_rules.xml: 95f079cb53bd80f881118ef1b211f72875ffe3b5893660b258fef02619d4691e
  /usr/local/ossec-hids/rules/roundcube_rules.xml: 42d29e45511e94ce8cc98c5806686b90a3554468339eedf238a1f2c90be785e1
  /usr/local/ossec-hids/rules/rules_config.xml: 4b8e00c8ec2c4fe42fc88c158287b890bf63417fb474f14c9965b38b4491a3c4
  /usr/local/ossec-hids/rules/sendmail_rules.xml: b0ccf98dd21d6a6e14077eedfeb663cc936b38e23cfde8c6b234cee2e972b87e
  /usr/local/ossec-hids/rules/smbd_rules.xml: aa84544249420c627b677f989aeb8f8c39da48121c1020c1e5d46745038816e1
  /usr/local/ossec-hids/rules/solaris_bsm_rules.xml: bf834ce71f6548d4d0acb1cd64d57edde6228177ce168c9c3e2b57d6a323e975
  /usr/local/ossec-hids/rules/sonicwall_rules.xml: 36f8cac4c4681a29680ae786e48121fe9a9bac575ff3d71abeda08df752f17a0
  /usr/local/ossec-hids/rules/spamd_rules.xml: c60afecd66a2fa825d4c581194d89556530f2bfca60e8975f5397b38bd3dc312
  /usr/local/ossec-hids/rules/squid_rules.xml: 0d0f9d25ce9cec9b415fe0bdaa12f156605648eed8d8db8963dbc4e35d926361
  /usr/local/ossec-hids/rules/sshd_rules.xml: 6744bb9ba178a14cf28b09bb617e38675e1c02a52345bb610db7dbfd20d0025b
  /usr/local/ossec-hids/rules/symantec-av_rules.xml: 85bdb31e3832a1e8ae8a0984f23cf42e5a7bca1db259aa712bfef58bf1e7aae6
  /usr/local/ossec-hids/rules/symantec-ws_rules.xml: f5dfabc24322d4f4a6a19bd5635fdcd65b9f4744b2ae8e968e201e05c6dab57a
  /usr/local/ossec-hids/rules/syslog_rules.xml: 049e66184f7fc5fae36dce92221b8a9b944951f17aa6b598a96b7cf75096376b
  /usr/local/ossec-hids/rules/telnetd_rules.xml: 1438c8bb496f684a61074c89129d0a24a5cb6757afc0f6c48ef891a3f59e034e
  /usr/local/ossec-hids/rules/trend-osce_rules.xml: e671bbab4216fb32ebdb6a54954fd4e678662958e0fcd783306aaa7f26e7473e
  /usr/local/ossec-hids/rules/vmpop3d_rules.xml: 2159e219b65b7961c3845c56fdf0ba9cb5f4a75bff64dcbd2f115655a3b99b57
  /usr/local/ossec-hids/rules/vmware_rules.xml: a3131d2ad84d3d42ae41de49979bf706587314fd051fb38fe9d45549f2b4897b
  /usr/local/ossec-hids/rules/vpn_concentrator_rules.xml: f2e2824f4f85b2e454802e31b2f4bd79181db6fdcca654da0ff7e0fdcf68965f
  /usr/local/ossec-hids/rules/vpopmail_rules.xml: 8a0b06a7e3f5bbb2dd780149b44323bd37187e6078d8aec0307de1db25113923
  /usr/local/ossec-hids/rules/vsftpd_rules.xml: 1d5737786d8b0df4c17ae406a9b0332ab767a81a1388770e5f6a355308cd6927
  /usr/local/ossec-hids/rules/web_appsec_rules.xml: 1eedec1a2d5af6f2819945f9911bc538862155bec9c10e5f32b0a064d389ed62
  /usr/local/ossec-hids/rules/web_rules.xml: 5064a003fa7155222752c3cfaacf5a99498ac8a60bf5eb209743c719fa642e35
  /usr/local/ossec-hids/rules/wordpress_rules.xml: 9302dd4244f2e816851bbf813e5c45083771962f658c1e91c5cdf8503941e1ef
  /usr/local/ossec-hids/rules/zeus_rules.xml: 3852d6473e612f18ee82c7d682f9a042300f588404684bcb31870887ad8fb3a0
  /usr/local/share/doc/ossec-hids/BUGS: 5724e1febc0e096bd10f7b60e053d35cdcff1081d79641aa8c2e224b4d25564b
  /usr/local/share/doc/ossec-hids/CONFIG: ab992180ccba57356947dafa66fee78705d3193cb5a0aeb06746e29c171fece3
  /usr/local/share/doc/ossec-hids/CONTRIBUTORS: 4d813636fe6d469380c7e30cf8d485e5dfdf67c5d4fad5673b9deaa02e8e8048
  /usr/local/share/doc/ossec-hids/INSTALL: 5ba0d1e9c28d5fbac69da4d4c5aa661d3b36043f91db79d0d24e065f64eaf5d9
  /usr/local/share/doc/ossec-hids/LICENSE: f9bc4e2e4fe3ee1bd4ba6d665781376d81af193ed29d652b8ce9ef65102e9947
  /usr/local/share/doc/ossec-hids/README: 873997ee9e481e8ec70717ccb9cfd4586bfc206de7bfcf4d9e4ee2362b51984d
directories:
  /usr/local/share/doc/ossec-hids/: n
  /usr/local/ossec-hids/var/run/: y
  /usr/local/ossec-hids/var/: y
  /usr/local/ossec-hids/tmp/: y
  /usr/local/ossec-hids/stats/: y
  /usr/local/ossec-hids/rules/: y
  /usr/local/ossec-hids/queue/syscheck/: y
  /usr/local/ossec-hids/queue/rootcheck/: y
  /usr/local/ossec-hids/queue/rids/: y
  /usr/local/ossec-hids/queue/ossec/: y
  /usr/local/ossec-hids/queue/fts/: y
  /usr/local/ossec-hids/queue/diff/: y
  /usr/local/ossec-hids/queue/alerts/: y
  /usr/local/ossec-hids/queue/agentless/: y
  /usr/local/ossec-hids/queue/agent-info/: y
  /usr/local/ossec-hids/queue/: y
  /usr/local/ossec-hids/logs/firewall/: y
  /usr/local/ossec-hids/logs/archives/: y
  /usr/local/ossec-hids/logs/alerts/: y
  /usr/local/ossec-hids/logs/: y
  /usr/local/ossec-hids/etc/shared/: y
  /usr/local/ossec-hids/etc/: y
  /usr/local/ossec-hids/bin/: y
  /usr/local/ossec-hids/agentless/: y
  /usr/local/ossec-hids/active-response/bin/: y
  /usr/local/ossec-hids/active-response/: y
  /usr/local/ossec-hids/.ssh/: y
  /usr/local/ossec-hids/: y
scripts:
  post-install: |
    echo "===> Creating users and/or groups."
    if ! /usr/sbin/pw groupshow ossec >/dev/null 2>&1; then  echo "Creating group 'ossec' with gid '966'.";  /usr/sbin/pw groupadd ossec -g 966; else echo "Using existing group 'ossec'."; fi
    if ! /usr/sbin/pw usershow ossec >/dev/null 2>&1; then  echo "Creating user 'ossec' with uid '966'.";  /usr/sbin/pw useradd ossec -u 966 -g 966  -c "OSSEC user" -d /usr/local/ossec-hids -s /usr/sbin/nologin;  else echo "Using existing user 'ossec'."; fi
    install -d -g 966 -o 966 /usr/local/ossec-hids
    if ! /usr/sbin/pw usershow ossecm >/dev/null 2>&1; then  echo "Creating user 'ossecm' with uid '967'.";  /usr/sbin/pw useradd ossecm -u 967 -g 966  -c "OSSEC mail user" -d /usr/local/ossec-hids -s /usr/sbin/nologin;  else echo "Using existing user 'ossecm'."; fi
    install -d -g 966 -o 967 /usr/local/ossec-hids
    if ! /usr/sbin/pw usershow ossecr >/dev/null 2>&1; then  echo "Creating user 'ossecr' with uid '968'.";  /usr/sbin/pw useradd ossecr -u 968 -g 966  -c "OSSEC rem user" -d /usr/local/ossec-hids -s /usr/sbin/nologin;  else echo "Using existing user 'ossecr'."; fi
    install -d -g 966 -o 968 /usr/local/ossec-hids
    cd /usr/local
  pre-deinstall: |
    if cmp -s /usr/local/ossec-hids/etc/ossec.conf /usr/local/ossec-hids/etc/ossec.conf.sample; then rm -f /usr/local/ossec-hids/etc/ossec.conf; fi
    if test ! -s /usr/local/ossec-hids/logs/ossec.log; then rm -f /usr/local/ossec-hids/logs/ossec.log; fi
    if test ! -s /usr/local/ossec-hids/logs/active-responses.log; then rm -f /usr/local/ossec-hids/logs/active-responses.log; fi
    if /usr/sbin/pw usershow ossec >/dev/null 2>&1; then  echo "==> You should manually remove the \"ossec\" user. "; fi
    if /usr/sbin/pw usershow ossecm >/dev/null 2>&1; then  echo "==> You should manually remove the \"ossecm\" user. "; fi
    if /usr/sbin/pw usershow ossecr >/dev/null 2>&1; then  echo "==> You should manually remove the \"ossecr\" user. "; fi
    cd /usr/local
  post-deinstall: |
    cd /usr/local
message: |
  After installation, you need to edit the ossec.conf file to reflect
  the correct settings for your environment.  All the files related
  to ossec-hids have been installed in /usr/local/ossec-hids and
  its subdirectories.

  For information on proper configuration, see http://www.ossec.net/.

  To enable the startup script, add ossechids_enable="YES" to
  /etc/rc.conf.  To enable database output, execute:

  /usr/local/ossec-hids/bin/ossec-control enable database

  Then check this documentation:

  http://www.ossec.net/doc/manual/output/database-output.html

  When you deinstall this port after starting the daemons once, many
  directories that are created by the daemons will remain.  To fully
  remove the port you need to delete those directories manually.  To
  further enhance the security on your system, you may also enable
  some checks in PAM for a fast reaction against intrusions.
