--- /dev/null
+#!/bin/sh
+# postinst script for ossec-hids
+
+set -e
+
+case "$1" in
+ configure)
+
+ DIR="/var/ossec/"
+ USER="ossec"
+ USER_MAIL="ossecm"
+ USER_REM="ossecr"
+ GROUP="ossec"
+ OSSEC_HIDS_TMP_DIR="/tmp/ossec-hids"
+
+ OSMYSHELL="/sbin/nologin"
+ if [ ! -f ${OSMYSHELL} ]; then
+ if [ -f "/bin/false" ]; then
+ OSMYSHELL="/bin/false"
+ fi
+ fi
+
+ if ! getent group | grep -q "^ossec"
+ then
+ addgroup --system ossec
+ fi
+ if ! getent passwd | grep -q "^ossec"
+ then
+ adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER} > /dev/null 2>&1
+ fi
+ if ! getent passwd | grep -q "^ossecm"
+ then
+ adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER_MAIL} > /dev/null 2>&1
+ fi
+ if ! getent passwd | grep -q "^ossecr"
+ then
+ adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER_REM} > /dev/null 2>&1
+ fi
+
+ # Default for all directories
+ chmod -R 550 ${DIR}
+ chown -R root:${GROUP} ${DIR}
+
+ # AnalysisD needs to write to alerts: log, mail and cmds
+ chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
+ chmod -R 770 ${DIR}/queue/alerts
+
+ # To the ossec queue (default for analysisd to read)
+ chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
+ chmod -R 770 ${DIR}/queue/ossec
+
+ # To the ossec fts queue
+ chown -R ${USER}:${GROUP} ${DIR}/queue/fts
+ chmod -R 750 ${DIR}/queue/fts
+ chmod 740 ${DIR}/queue/fts/* > /dev/null 2>&1 || true
+
+ # To the ossec syscheck/rootcheck queue
+ chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
+ chmod -R 750 ${DIR}/queue/syscheck
+ chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1 || true
+
+ chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
+ chmod -R 750 ${DIR}/queue/rootcheck
+ chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1 || true
+
+ chown -R ${USER}:${GROUP} ${DIR}/queue/diff
+ chmod -R 750 ${DIR}/queue/diff
+ chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true
+
+ chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
+ chmod -R 755 ${DIR}/queue/agent-info
+ chmod 744 ${DIR}/queue/agent-info/* > /dev/null 2>&1 || true
+ chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
+ chmod -R 755 ${DIR}/queue/rids
+ chmod 744 ${DIR}/queue/rids/* > /dev/null 2>&1 || true
+
+ chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
+ chmod -R 755 ${DIR}/queue/agentless
+ chmod 744 ${DIR}/queue/agentless/* > /dev/null 2>&1 || true
+
+ # For the stats directory
+ chown -R ${USER}:${GROUP} ${DIR}/stats
+ chmod -R 750 ${DIR}/stats
+
+ # For the logging user
+ chown -R ${USER}:${GROUP} ${DIR}/logs
+ chmod -R 750 ${DIR}/logs
+ touch ${DIR}/logs/ossec.log
+ chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
+ chmod 664 ${DIR}/logs/ossec.log
+
+ # Backup previous rules
+ if [ -d ${DIR}/rules/ ]; then
+ mkdir ${DIR}/rules/backup-rules.$$
+ cp -pr ${DIR}/rules/*.xml ${DIR}/rules/backup-rules.$$/
+ fi
+
+ # Restore the local rules
+ if [ -f ${OSSEC_HIDS_TMP_DIR}/local_rules.xml ]; then
+ mv ${OSSEC_HIDS_TMP_DIR}/local_rules.xml ${DIR}/rules/local_rules.xml
+ fi
+
+ chown -R root:${GROUP} ${DIR}/rules
+ chmod -R 550 ${DIR}/rules
+
+
+ # For the etc dir
+ chmod 550 ${DIR}/etc
+ chown -R root:${GROUP} ${DIR}/etc
+ if [ -f /etc/localtime ]; then
+ cp -pL /etc/localtime ${DIR}/etc/;
+ chmod 555 ${DIR}/etc/localtime
+ chown root:${GROUP} ${DIR}/etc/localtime
+ fi
+
+ if [ -f /etc/TIMEZONE ]; then
+ cp -p /etc/TIMEZONE ${DIR}/etc/;
+ chmod 555 ${DIR}/etc/TIMEZONE
+ fi
+
+ # For the /var/run
+ chmod 770 ${DIR}/var/run
+ chown root:${GROUP} ${DIR}/var/run
+
+ # More files
+ chown root:${GROUP} ${DIR}/etc/decoder.xml
+ chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 || true
+ chown root:${GROUP} ${DIR}/etc/internal_options.conf
+ chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
+ chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1 || true
+ chown root:${GROUP} ${DIR}/etc/shared/*
+ chown root:${GROUP} ${DIR}/agentless/*
+ chown ${USER}:${GROUP} ${DIR}/.ssh
+ chmod 440 ${DIR}/etc/decoder.xml
+ chmod 660 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 || true
+ chmod 440 ${DIR}/etc/internal_options.conf
+ chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
+ chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true
+ chmod 550 ${DIR}/etc
+ chmod 770 ${DIR}/etc/shared
+ chmod 660 ${DIR}/etc/shared/*
+ chmod 550 ${DIR}/agentless/*
+ chmod 700 ${DIR}/.ssh
+
+ rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1 || true
+ chmod 755 ${DIR}/active-response/bin/*
+ chown root:${GROUP} ${DIR}/active-response/bin/*
+ chown root:${GROUP} ${DIR}/bin/*
+ chmod 550 ${DIR}/bin/*
+ chown root:${GROUP} ${DIR}/etc/ossec.conf
+ chmod 660 ${DIR}/etc/ossec.conf
+
+ # Sticky bit for /var/ossec/tmp
+ chmod +t ${DIR}/tmp
+
+ # Debconf
+ . /usr/share/debconf/confmodule
+ db_input high ossec-hids/email_notification || true
+ db_go
+
+ db_get ossec-hids/email_notification
+ EMAIL_NOTIFICATION=$RET
+
+ if [ ${EMAIL_NOTIFICATION} = "yes" ]; then
+ sed -i 's/<email_notification>[^<]\+<\/email_notification>/<email_notification>yes<\/email_notification>/' ${DIR}/etc/ossec.conf
+ db_input high ossec-hids/email_to || true
+ db_go
+ db_input high ossec-hids/email_from || true
+ db_go
+ db_input high ossec-hids/smtp_server || true
+ db_go
+
+ db_get ossec-hids/email_to
+ EMAIL_TO=$RET
+ db_get ossec-hids/email_from
+ EMAIL_FROM=$RET
+ db_get ossec-hids/smtp_server
+ SMTP_SERVER=$RET
+
+ sed -i "s/<email_to>[^<]\+<\/email_to>/<email_to>${EMAIL_TO}<\/email_to>/" ${DIR}/etc/ossec.conf
+ sed -i "s/<email_from>[^<]\+<\/email_from>/<email_from>${EMAIL_FROM}<\/email_from>/" ${DIR}/etc/ossec.conf
+ sed -i "s/<smtp_server>[^<]\+<\/smtp_server>/<smtp_server>${SMTP_SERVER}<\/smtp_server>/" ${DIR}/etc/ossec.conf
+
+ else
+ sed -i 's/<email_notification>[^<]\+<\/email_notification>/<email_notification>no<\/email_notification>/' ${DIR}/etc/ossec.conf
+ fi
+
+ db_stop
+
+ # ossec-init.conf
+ if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
+ if [ -e /etc/ossec-init.conf ]; then
+ rm -f /etc/ossec-init.conf
+ fi
+ ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf
+ fi
+
+ # init.d/ossec file
+ if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
+ if [ -e /etc/init.d/ossec ]; then
+ rm -f /etc/init.d/ossec
+ fi
+ ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec
+ fi
+
+ # Service
+ if [ -x /etc/init.d/ossec ]; then
+ update-rc.d -f ossec defaults
+ service ossec restart
+ fi
+
+ # Delete tmp directory
+ if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then
+ rm -r ${OSSEC_HIDS_TMP_DIR}
+ fi
+
+ ;;
+
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+
+ ;;
+
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >22
+ exit 1
+ ;;
+
+esac
+
+exit 0