2 # postinst script for ossec-hids
3 # Santiago Bassett <santiago.bassett@gmail.com>
14 OSSEC_HIDS_TMP_DIR="/tmp/ossec-hids"
16 OSMYSHELL="/sbin/nologin"
17 if [ ! -f ${OSMYSHELL} ]; then
18 if [ -f "/bin/false" ]; then
19 OSMYSHELL="/bin/false"
23 if ! getent group | grep -q "^ossec"
25 addgroup --system ossec
27 if ! getent passwd | grep -q "^ossec"
29 adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER} > /dev/null 2>&1
32 # Default for all directories
34 chown -R root:${GROUP} ${DIR}
36 # To the ossec queue (default for agentd to read)
37 chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
38 chmod -R 770 ${DIR}/queue/ossec
40 # For the logging user
41 chown -R ${USER}:${GROUP} ${DIR}/logs
42 chmod -R 750 ${DIR}/logs
43 chmod -R 775 ${DIR}/queue/rids
44 touch ${DIR}/logs/ossec.log
45 chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
46 chmod 664 ${DIR}/logs/ossec.log
48 chown -R ${USER}:${GROUP} ${DIR}/queue/diff
49 chmod -R 750 ${DIR}/queue/diff
50 chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true
54 chown -R root:${GROUP} ${DIR}/etc
55 if [ -f /etc/localtime ]; then
56 cp -pL /etc/localtime ${DIR}/etc/;
57 chmod 555 ${DIR}/etc/localtime
58 chown root:${GROUP} ${DIR}/etc/localtime
61 if [ -f /etc/TIMEZONE ]; then
62 cp -p /etc/TIMEZONE ${DIR}/etc/;
63 chmod 555 ${DIR}/etc/TIMEZONE
67 chown root:${GROUP} ${DIR}/etc/internal_options.conf
68 chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
69 chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1 || true
70 chown root:${GROUP} ${DIR}/agentless/*
71 chown ${USER}:${GROUP} ${DIR}/.ssh
72 chown root:${GROUP} ${DIR}/etc/shared/*
75 chmod 440 ${DIR}/etc/internal_options.conf
76 chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
77 chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true
78 chmod 550 ${DIR}/agentless/*
80 chmod 770 ${DIR}/etc/shared
81 chmod 660 ${DIR}/etc/shared/*
84 chmod 770 ${DIR}/var/run
85 chown root:${GROUP} ${DIR}/var/run
88 chown root:${GROUP} ${DIR}/bin/util.sh
89 chmod +x ${DIR}/bin/util.sh
91 # For binaries and active response
92 chmod 755 ${DIR}/active-response/bin/*
93 chown root:${GROUP} ${DIR}/active-response/bin/*
94 chown root:${GROUP} ${DIR}/bin/*
95 chmod 550 ${DIR}/bin/*
98 chown root:${GROUP} ${DIR}/etc/ossec.conf
99 chmod 660 ${DIR}/etc/ossec.conf
102 . /usr/share/debconf/confmodule
103 db_input high ossec-hids-agent/server-ip || true
106 db_get ossec-hids-agent/server-ip
109 sed -i "s/<server-ip>[^<]\+<\/server-ip>/<server-ip>${SERVER_IP}<\/server-ip>/" ${DIR}/etc/ossec.conf
113 if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
114 if [ -e /etc/ossec-init.conf ]; then
115 rm -f /etc/ossec-init.conf
117 ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf
121 if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
122 if [ -e /etc/init.d/ossec ]; then
123 rm -f /etc/init.d/ossec
125 ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec
129 if [ -x /etc/init.d/ossec ]; then
130 update-rc.d -f ossec defaults
133 # Delete tmp directory
134 if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then
135 rm -r ${OSSEC_HIDS_TMP_DIR}
141 abort-upgrade|abort-remove|abort-deconfigure)
147 echo "postinst called with unknown argument \`$1'" >22