X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=debian%2Fpostinst;fp=debian%2Fpostinst;h=001da5176bb204f7d8224e680a09978aef4e91f0;hb=60a2e5ba49290aeb71d745f194e63160781ca78c;hp=7afafdf0286889a8c9f014f53fbd453eed1a942f;hpb=0105f1709981e786d9e6e111548defaf944e8ef9;p=ossec-hids.git diff --git a/debian/postinst b/debian/postinst index 7afafdf..001da51 100755 --- a/debian/postinst +++ b/debian/postinst @@ -60,13 +60,20 @@ chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/agent-info chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs +chown -R root:$OSSEC_GROUP $DIRECTORY/etc touch $DIRECTORY/logs/ossec.log chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh chown -R root:$OSSEC_GROUP $DIRECTORY/rules -chown root:$OSSEC_GROUP $DIRECTORY/var/run chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf -chown root:$OSSEC_GROUP $DIRECTORY/etc/shared/* +chown root:$OSSEC_GROUP $DIRECTORY/etc/client.keys >/dev/null 2>&1 || true +chown root:$OSSEC_GROUP $DIRECTORY/agentless/* +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh +chown -R root:$OSSEC_GROUP $DIRECTORY/etc/shared +chown root:$OSSEC_GROUP $DIRECTORY/var/run +chown root:$OSSEC_GROUP $DIRECTORY/active-response/bin/* +chown root:$OSSEC_GROUP $DIRECTORY/bin/* chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf # fix perms @@ -85,8 +92,16 @@ chmod -R 750 $DIRECTORY/logs chmod -R 550 $DIRECTORY/rules chmod 770 $DIRECTORY/var/run chmod 550 $DIRECTORY/etc -chmod 770 $DIRECTORY/etc/shared +chmod 440 $DIRECTORY/etc/internal_options.conf +chmod -R 770 $DIRECTORY/etc/shared chmod 700 $DIRECTORY/.ssh +chmod 755 $DIRECTORY/active-response/bin/* +chmod 550 $DIRECTORY/bin/* +chmod 440 $DIRECTORY/etc/ossec.conf + +# fixups: no need for execute bits on files there +find $DIRECTORY/rules -type f -exec chmod ugo-x '{}' ';' +find $DIRECTORY/etc -type f -exec chmod ugo-x '{}' ';' # copy timezone and localtime if [ -e /etc/timezone ]; then