X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2FInstallServer.sh;h=e619d99bc16b17560c3ba3e6a101ea30bfb48e69;hb=9e444312c6c406b55a022554a1946145d002c926;hp=c9f15ff4f4425849afd8c91de455abf2e32c5e49;hpb=301048b51990573e58a30dc4a5bb4ec285cad554;p=ossec-hids.git diff --git a/src/InstallServer.sh b/src/InstallServer.sh index c9f15ff..e619d99 100755 --- a/src/InstallServer.sh +++ b/src/InstallServer.sh @@ -81,14 +81,14 @@ elif [ "$UNAME" = "Darwin" ]; then id -u ${USER} > /dev/null 2>&1 if [ ! $? = 0 ]; then - # Creating for 10.5 and 10.6 - /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.5.|10.6" > /dev/null 2>&1 + # Creating for <= 10.4 + /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.2.|10.3|10.4" > /dev/null 2>&1 if [ $? = 0 ]; then - chmod +x ./init/osx105-addusers.sh - ./init/osx105-addusers.sh - else chmod +x ./init/darwin-addusers.pl ./init/darwin-addusers.pl + else + chmod +x ./init/osx105-addusers.sh + ./init/osx105-addusers.sh fi fi else @@ -121,8 +121,10 @@ for i in ${subdirs}; do done # Default for all directories -chmod -R 550 ${DIR} -chown -R root:${GROUP} ${DIR} +chmod 550 ${DIR} +chmod 550 ${DIR}/* +chown root:${GROUP} ${DIR} +chown root:${GROUP} ${DIR}/* # AnalysisD needs to write to alerts: log, mail and cmds chown -R ${USER}:${GROUP} ${DIR}/queue/alerts @@ -135,7 +137,7 @@ chmod -R 770 ${DIR}/queue/ossec # To the ossec fts queue chown -R ${USER}:${GROUP} ${DIR}/queue/fts chmod -R 750 ${DIR}/queue/fts -chmod 740 ${DIR}/queue/fts/* > /dev/null 2>&1 +chmod 750 ${DIR}/queue/fts/* > /dev/null 2>&1 # To the ossec syscheck/rootcheck queue chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck @@ -146,20 +148,24 @@ chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck chmod -R 750 ${DIR}/queue/rootcheck chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1 -chown -R ${USER}:${GROUP} ${DIR}/queue/diff -chmod -R 750 ${DIR}/queue/diff +chown ${USER}:${GROUP} ${DIR}/queue/diff +chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1 +chmod 750 ${DIR}/queue/diff chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info -chmod -R 755 ${DIR}/queue/agent-info -chmod 744 ${DIR}/queue/agent-info/* > /dev/null 2>&1 +chmod -R 750 ${DIR}/queue/agent-info +chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids -chmod -R 755 ${DIR}/queue/rids -chmod 744 ${DIR}/queue/rids/* > /dev/null 2>&1 +chmod -R 750 ${DIR}/queue/rids +chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1 chown -R ${USER}:${GROUP} ${DIR}/queue/agentless -chmod -R 755 ${DIR}/queue/agentless -chmod 744 ${DIR}/queue/agentless/* > /dev/null 2>&1 +chmod -R 750 ${DIR}/queue/agentless +chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1 + +chown -R root:${GROUP} ${DIR}/tmp +chmod 1550 ${DIR}/tmp # For the stats directory @@ -171,7 +177,11 @@ chown -R ${USER}:${GROUP} ${DIR}/logs chmod -R 750 ${DIR}/logs touch ${DIR}/logs/ossec.log chown ${USER}:${GROUP} ${DIR}/logs/ossec.log -chmod 664 ${DIR}/logs/ossec.log +chmod 660 ${DIR}/logs/ossec.log + +touch ${DIR}/logs/active-responses.log +chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log +chmod 660 ${DIR}/logs/active-responses.log # For the rules directory ls ${DIR}/rules/*.xml > /dev/null 2>&1 @@ -189,6 +199,7 @@ if [ $? = 0 ]; then fi cp -pr ../etc/rules/* ${DIR}/rules/ +find ${DIR}/rules/ -type f -exec chmod 440 {} \; # If the local_rules is saved, moved it back ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1 @@ -206,21 +217,21 @@ chown -R root:${GROUP} ${DIR}/etc ls /etc/localtime > /dev/null 2>&1 if [ $? = 0 ]; then cp -pL /etc/localtime ${DIR}/etc/; - chmod 555 ${DIR}/etc/localtime + chmod 440 ${DIR}/etc/localtime chown root:${GROUP} ${DIR}/etc/localtime fi # Solaris Needs some extra files if [ "$UNAME" = "SunOS" ]; then mkdir -p ${DIR}/usr/share/lib/zoneinfo/ - chmod -R 555 ${DIR}/usr/ + chmod -R 550 ${DIR}/usr/ cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/ fi ls /etc/TIMEZONE > /dev/null 2>&1 if [ $? = 0 ]; then cp -p /etc/TIMEZONE ${DIR}/etc/; - chmod 555 ${DIR}/etc/TIMEZONE + chmod 550 ${DIR}/etc/TIMEZONE fi @@ -229,15 +240,28 @@ chmod 770 ${DIR}/var/run chown root:${GROUP} ${DIR}/var/run # Moving the binary files -cp -pr ../bin/ossec* ${DIR}/bin/ -cp -pr ../bin/manage_agents ${DIR}/bin/ -cp -pr ../bin/syscheck_update ${DIR}/bin/ -cp -pr ../bin/verify-agent-conf ${DIR}/bin/ -cp -pr ../bin/clear_stats ${DIR}/bin/ -cp -pr ../bin/list_agents ${DIR}/bin/ -cp -pr ../bin/agent_control ${DIR}/bin/ -cp -pr ../bin/syscheck_control ${DIR}/bin/ -cp -pr ../bin/rootcheck_control ${DIR}/bin/ +cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \ + analysisd/ossec-analysisd logcollector/ossec-logcollector \ + monitord/ossec-monitord monitord/ossec-reportd \ + os_execd/ossec-execd os_maild/ossec-maild \ + remoted/ossec-remoted syscheckd/ossec-syscheckd \ + analysisd/ossec-logtest os_csyslogd/ossec-csyslogd \ + os_auth/ossec-authd os_dbd/ossec-dbd analysisd/ossec-makelists \ + ${DIR}/bin/ + +cp -pr util/verify-agent-conf ${DIR}/bin/ +cp -pr util/clear_stats ${DIR}/bin/ +cp -pr util/list_agents ${DIR}/bin/ +cp -pr util/ossec-regex ${DIR}/bin/ +cp -pr util/syscheck_update ${DIR}/bin/ +cp -pr util/agent_control ${DIR}/bin/ +cp -pr util/syscheck_control ${DIR}/bin/ +cp -pr util/rootcheck_control ${DIR}/bin/ +cp -pr external/lua/src/ossec-lua ${DIR}/bin/ +cp -pr external/lua/src/ossec-luac ${DIR}/bin/ +cp -pr ../contrib/util.sh ${DIR}/bin/ +chown root:${GROUP} ${DIR}/bin/util.sh +chmod +x ${DIR}/bin/util.sh # Local install chosen if [ "X$LOCAL" = "Xlocal" ]; then @@ -292,7 +316,7 @@ sh ./init/fw-check.sh execute > /dev/null cp -p ../active-response/*.sh ${DIR}/active-response/bin/ cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ -chmod 755 ${DIR}/active-response/bin/* +chmod 550 ${DIR}/active-response/bin/* chown root:${GROUP} ${DIR}/active-response/bin/* chown root:${GROUP} ${DIR}/bin/*