X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;ds=sidebyside;f=debian%2Fossec-hids%2FDEBIAN%2Fpostinst;fp=debian%2Fossec-hids%2FDEBIAN%2Fpostinst;h=3c66719f1fea3b76e7817833b56fff350ceec91a;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hp=0000000000000000000000000000000000000000;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b;p=ossec-hids.git diff --git a/debian/ossec-hids/DEBIAN/postinst b/debian/ossec-hids/DEBIAN/postinst new file mode 100755 index 0000000..3c66719 --- /dev/null +++ b/debian/ossec-hids/DEBIAN/postinst @@ -0,0 +1,147 @@ +#!/bin/sh + +set -e + +case "$1" in + configure) + # continue below + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# users and group names +OSSEC_USER="ossec" +OSSEC_USER_MAIL="ossecm" +OSSEC_USER_EXEC="ossece" +OSSEC_USER_REM="ossecr" +OSSEC_GROUP="ossec" + +# get installation directory +. /etc/ossec-init.conf +if [ "X${DIRECTORY}" = "X" ]; then + DIRECTORY="/var/ossec" +fi + +# create group +if ! getent group $OSSEC_GROUP >/dev/null; then + addgroup --system $OSSEC_GROUP +fi + +# create/modify users +if ! getent passwd $OSSEC_USER >/dev/null; then + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER +else + usermod -g $OSSEC_GROUP -s /bin/false \ + -d $DIRECTORY $OSSEC_USER >/dev/null 2>&1 +fi +if ! getent passwd $OSSEC_USER_MAIL >/dev/null; then + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER_MAIL +else + usermod -g $OSSEC_GROUP -s /bin/false \ + -d $DIRECTORY $OSSEC_USER_MAIL >/dev/null 2>&1 +fi +if ! getent passwd $OSSEC_USER_EXEC >/dev/null; then + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER_EXEC +else + usermod -g $OSSEC_GROUP -s /bin/false \ + -d $DIRECTORY $OSSEC_USER_EXEC >/dev/null 2>&1 +fi +if ! getent passwd $OSSEC_USER_REM >/dev/null; then + adduser --quiet --system --no-create-home \ + --ingroup $OSSEC_GROUP \ + --home $DIRECTORY --shell /bin/false $OSSEC_USER_REM +else + usermod -g $OSSEC_GROUP -s /bin/false \ + -d $DIRECTORY $OSSEC_USER_REM >/dev/null 2>&1 +fi + +# fix ownership +chown -R root:$OSSEC_GROUP $DIRECTORY +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/alerts +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/ossec +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/fts +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/syscheck +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/rootcheck +chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/agent-info +chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats +chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs +chown -R root:$OSSEC_GROUP $DIRECTORY/etc +touch $DIRECTORY/logs/ossec.log +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh +chown -R root:$OSSEC_GROUP $DIRECTORY/rules +chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml +chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf +chown root:$OSSEC_GROUP $DIRECTORY/etc/client.keys >/dev/null 2>&1 || true +chown root:$OSSEC_GROUP $DIRECTORY/agentless/* +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh +chown -R root:$OSSEC_GROUP $DIRECTORY/etc/shared +chown root:$OSSEC_GROUP $DIRECTORY/var/run +chown root:$OSSEC_GROUP $DIRECTORY/active-response/bin/* +chown root:$OSSEC_GROUP $DIRECTORY/bin/* +chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf + +# fix perms +chmod -R 550 $DIRECTORY +chmod -R 770 $DIRECTORY/queue/alerts +chmod -R 770 $DIRECTORY/queue/ossec +chmod -R 750 $DIRECTORY/queue/fts +chmod -R 750 $DIRECTORY/queue/syscheck +chmod -R 750 $DIRECTORY/queue/rootcheck +chmod -R 750 $DIRECTORY/queue/diff +chmod -R 755 $DIRECTORY/queue/agent-info +chmod -R 755 $DIRECTORY/queue/rids +chmod -R 755 $DIRECTORY/queue/agentless +chmod -R 750 $DIRECTORY/stats +chmod -R 750 $DIRECTORY/logs +chmod -R 550 $DIRECTORY/rules +chmod 770 $DIRECTORY/var/run +chmod 550 $DIRECTORY/etc +chmod 440 $DIRECTORY/etc/internal_options.conf +chmod -R 770 $DIRECTORY/etc/shared +chmod 700 $DIRECTORY/.ssh +chmod 755 $DIRECTORY/active-response/bin/* +chmod 550 $DIRECTORY/bin/* +chmod 440 $DIRECTORY/etc/ossec.conf + +# fixups: no need for execute bits on files there +find $DIRECTORY/rules -type f -exec chmod ugo-x '{}' ';' +find $DIRECTORY/etc -type f -exec chmod ugo-x '{}' ';' + +# copy timezone and localtime +if [ -e /etc/timezone ]; then + cmp -s /etc/timezone $DIRECTORY/etc/timezone || \ + cp -a /etc/timezone $DIRECTORY/etc/timezone +fi +if [ -e /etc/localtime ]; then + cmp -s /etc/localtime $DIRECTORY/etc/localtime || \ + cp -a /etc/localtime $DIRECTORY/etc/localtime +fi + +# update system v init links +update-rc.d ossec-hids defaults >/dev/null + +# and start the service +service ossec-hids restart + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + + + +exit 0