10 abort-upgrade|abort-remove|abort-deconfigure)
15 echo "postinst called with unknown argument \`$1'" >&2
20 # users and group names
22 OSSEC_USER_MAIL="ossecm"
23 OSSEC_USER_EXEC="ossece"
24 OSSEC_USER_REM="ossecr"
27 # get installation directory
28 . /etc/ossec-init.conf
29 if [ "X${DIRECTORY}" = "X" ]; then
30 DIRECTORY="/var/ossec"
34 if ! getent passwd $OSSEC_USER >/dev/null; then
35 adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER
37 if ! getent passwd $OSSEC_USER_MAIL >/dev/null; then
38 adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_MAIL
40 if ! getent passwd $OSSEC_USER_EXEC >/dev/null; then
41 adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_EXEC
43 if ! getent passwd $OSSEC_USER_REM >/dev/null; then
44 adduser --quiet --system --no-create-home --home $DIRECTORY --shell /bin/false $OSSEC_USER_REM
48 if ! getent group $OSSEC_GROUP >/dev/null; then
49 addgroup --system $OSSEC_GROUP
53 chown -R root:$OSSEC_GROUP $DIRECTORY
54 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/alerts
55 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/ossec
56 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/fts
57 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/syscheck
58 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/rootcheck
59 chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/agent-info
60 chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids
61 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats
62 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs
63 chown -R root:$OSSEC_GROUP $DIRECTORY/etc
64 touch $DIRECTORY/logs/ossec.log
65 chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log
66 chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh
67 chown -R root:$OSSEC_GROUP $DIRECTORY/rules
68 chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml
69 chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf
70 chown root:$OSSEC_GROUP $DIRECTORY/etc/client.keys >/dev/null 2>&1 || true
71 chown root:$OSSEC_GROUP $DIRECTORY/agentless/*
72 chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh
73 chown -R root:$OSSEC_GROUP $DIRECTORY/etc/shared
74 chown root:$OSSEC_GROUP $DIRECTORY/var/run
75 chown root:$OSSEC_GROUP $DIRECTORY/active-response/bin/*
76 chown root:$OSSEC_GROUP $DIRECTORY/bin/*
77 chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf
80 chmod -R 550 $DIRECTORY
81 chmod -R 770 $DIRECTORY/queue/alerts
82 chmod -R 770 $DIRECTORY/queue/ossec
83 chmod -R 750 $DIRECTORY/queue/fts
84 chmod -R 750 $DIRECTORY/queue/syscheck
85 chmod -R 750 $DIRECTORY/queue/rootcheck
86 chmod -R 750 $DIRECTORY/queue/diff
87 chmod -R 755 $DIRECTORY/queue/agent-info
88 chmod -R 755 $DIRECTORY/queue/rids
89 chmod -R 755 $DIRECTORY/queue/agentless
90 chmod -R 750 $DIRECTORY/stats
91 chmod -R 750 $DIRECTORY/logs
92 chmod -R 550 $DIRECTORY/rules
93 chmod 770 $DIRECTORY/var/run
94 chmod 550 $DIRECTORY/etc
95 chmod 440 $DIRECTORY/etc/internal_options.conf
96 chmod -R 770 $DIRECTORY/etc/shared
97 chmod 700 $DIRECTORY/.ssh
98 chmod 755 $DIRECTORY/active-response/bin/*
99 chmod 550 $DIRECTORY/bin/*
100 chmod 440 $DIRECTORY/etc/ossec.conf
102 # fixups: no need for execute bits on files there
103 find $DIRECTORY/rules -type f -exec chmod ugo-x '{}' ';'
104 find $DIRECTORY/etc -type f -exec chmod ugo-x '{}' ';'
106 # copy timezone and localtime
107 if [ -e /etc/timezone ]; then
108 cmp -s /etc/timezone $DIRECTORY/etc/timezone || \
109 cp -a /etc/timezone $DIRECTORY/etc/timezone
111 if [ -e /etc/localtime ]; then
112 cmp -s /etc/localtime $DIRECTORY/etc/localtime || \
113 cp -a /etc/localtime $DIRECTORY/etc/localtime
116 # update system v init links
117 update-rc.d ossec-hids defaults >/dev/null
119 # and start the service
120 if [ -x /usr/sbin/invoke-rc.d ]; then
121 invoke-rc.d ossec-hids restart
123 /etc/init.d/ossec-hids restart
126 # dh_installdeb will replace this with shell code automatically
127 # generated by other debhelper scripts.