Initial commit — SETEC LABS Manager (Setec_CDM)

Flask-based VPS management panel with SSH remote command execution.
Includes E2E encrypted SSH tunnel (AES-256-GCM + Go agent), setup wizard,
security hardening tools, DNS management, firewall configs, monitoring,
backup, and .sec patch update system.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

setec-web/ossec.py

@@ -0,0 +1,113 @@
+"""
+Command-builder module for managing OSSEC HIDS on a Linux VPS.
+Each function returns a bash command string. OSSEC installs to /var/ossec.
+"""
+
+
+def status_cmd():
+    return (
+        "echo '=== OSSEC Status ===' && "
+        "/var/ossec/bin/ossec-control status && "
+        "echo && echo '=== OSSEC Version ===' && "
+        "/var/ossec/bin/ossec-control info 2>/dev/null || "
+        "cat /var/ossec/etc/ossec-init.conf 2>/dev/null || echo 'Version unknown' && "
+        "echo && echo '=== Active Processes ===' && "
+        "ps aux | grep '[o]ssec'"
+    )
+
+
+def install_cmd():
+    return (
+        "apt-get update && "
+        "apt-get install -y build-essential make gcc libevent-dev libpcre2-dev libz-dev libssl-dev && "
+        "cd /tmp && "
+        "wget -O ossec-hids-3.7.0.tar.gz https://github.com/ossec/ossec-hids/archive/refs/tags/3.7.0.tar.gz && "
+        "tar xzf ossec-hids-3.7.0.tar.gz && "
+        "cd ossec-hids-3.7.0 && "
+        "OSSEC_LANGUAGE=en OSSEC_TYPE=local OSSEC_NOTIFY=n OSSEC_SYSCHECK=y "
+        "OSSEC_ROOTCHECK=y OSSEC_ACTIVE_RESPONSE=y ./install.sh && "
+        "/var/ossec/bin/ossec-control start && "
+        "echo 'OSSEC 3.7.0 installed and started.'"
+    )
+
+
+def start_cmd():
+    return "/var/ossec/bin/ossec-control start"
+
+
+def stop_cmd():
+    return "/var/ossec/bin/ossec-control stop"
+
+
+def restart_cmd():
+    return "/var/ossec/bin/ossec-control restart"
+
+
+def alerts_cmd(lines=50):
+    return f"tail -n {lines} /var/ossec/logs/alerts/alerts.log"
+
+
+def alerts_today_cmd():
+    return (
+        "grep \"$(date +'%Y %b %d')\" /var/ossec/logs/alerts/alerts.log || "
+        "echo 'No alerts for today.'"
+    )
+
+
+def log_cmd(lines=50):
+    return f"tail -n {lines} /var/ossec/logs/ossec.log"
+
+
+def syscheck_cmd():
+    return (
+        "echo '=== Syscheck Results ===' && "
+        "ls -la /var/ossec/queue/syscheck/ && "
+        "echo && echo '=== Recent Integrity Changes ===' && "
+        "for f in /var/ossec/queue/syscheck/*; do "
+        "echo \"--- $f ---\" && tail -20 \"$f\" 2>/dev/null; done"
+    )
+
+
+def config_cmd():
+    return "cat /var/ossec/etc/ossec.conf"
+
+
+def config_save_cmd(content):
+    escaped = content.replace("'", "'\\''")
+    return (
+        "cp /var/ossec/etc/ossec.conf /var/ossec/etc/ossec.conf.bak.$(date +%Y%m%d%H%M%S) && "
+        f"echo '{escaped}' > /var/ossec/etc/ossec.conf && "
+        "/var/ossec/bin/ossec-control restart && "
+        "echo 'Config saved and OSSEC restarted.'"
+    )
+
+
+def rules_cmd():
+    return "ls -la /var/ossec/rules/*.xml"
+
+
+def active_response_cmd():
+    return (
+        "echo '=== Active Response Config ===' && "
+        "grep -A5 '<active-response>' /var/ossec/etc/ossec.conf && "
+        "echo && echo '=== Recent Blocks ===' && "
+        "cat /var/ossec/logs/active-responses.log 2>/dev/null | tail -30 || "
+        "echo 'No active response log found.'"
+    )
+
+
+def agent_list_cmd():
+    return "/var/ossec/bin/agent_control -l"
+
+
+def uninstall_cmd():
+    return (
+        "/var/ossec/bin/ossec-control stop 2>/dev/null; "
+        "rm -rf /var/ossec && "
+        "userdel ossec 2>/dev/null; "
+        "userdel ossecm 2>/dev/null; "
+        "userdel ossecr 2>/dev/null; "
+        "userdel ossece 2>/dev/null; "
+        "groupdel ossec 2>/dev/null; "
+        "echo 'OSSEC uninstalled.'"
+    )