chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids
chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats
chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs
+chown -R root:$OSSEC_GROUP $DIRECTORY/etc
touch $DIRECTORY/logs/ossec.log
chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log
+chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh
chown -R root:$OSSEC_GROUP $DIRECTORY/rules
-chown root:$OSSEC_GROUP $DIRECTORY/var/run
chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml
chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf
-chown root:$OSSEC_GROUP $DIRECTORY/etc/shared/*
+chown root:$OSSEC_GROUP $DIRECTORY/etc/client.keys >/dev/null 2>&1 || true
+chown root:$OSSEC_GROUP $DIRECTORY/agentless/*
+chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh
+chown -R root:$OSSEC_GROUP $DIRECTORY/etc/shared
+chown root:$OSSEC_GROUP $DIRECTORY/var/run
+chown root:$OSSEC_GROUP $DIRECTORY/active-response/bin/*
+chown root:$OSSEC_GROUP $DIRECTORY/bin/*
chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf
# fix perms
chmod -R 550 $DIRECTORY/rules
chmod 770 $DIRECTORY/var/run
chmod 550 $DIRECTORY/etc
-chmod 770 $DIRECTORY/etc/shared
+chmod 440 $DIRECTORY/etc/internal_options.conf
+chmod -R 770 $DIRECTORY/etc/shared
chmod 700 $DIRECTORY/.ssh
+chmod 755 $DIRECTORY/active-response/bin/*
+chmod 550 $DIRECTORY/bin/*
+chmod 440 $DIRECTORY/etc/ossec.conf
+
+# fixups: no need for execute bits on files there
+find $DIRECTORY/rules -type f -exec chmod ugo-x '{}' ';'
+find $DIRECTORY/etc -type f -exec chmod ugo-x '{}' ';'
# copy timezone and localtime
if [ -e /etc/timezone ]; then
mkdir -p -m 700 $(DESTDIR)/$$i; \
done
+ # various files installation
+ install -m 644 etc/internal_options.conf $(DESTDIR)/etc
+ install -m 644 etc/decoder.xml $(DESTDIR)/etc
+ install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared
+ if [ -e etc/ossec.mc ]; then \
+ install -m 440 etc/ossec.mc $(DESTDIR)/etc/ossec.conf; \
+ else \
+ install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \
+ fi
+ install -m 440 etc/ossec-*.conf $(DESTDIR)/etc
+ cp -r etc/rules/* $(DESTDIR)/rules
+ install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless
+ install -s -m 755 bin/* $(DESTDIR)/bin
+ install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin
+ ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control
+ install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin
+ install -m 755 active-response/firewalls/*.sh \
+ $(DESTDIR)/active-response/bin
+
# attrs
chmod -R 550 $(DESTDIR)
chmod -R 770 $(DESTDIR)/queue/alerts
chmod -R 550 $(DESTDIR)/rules
chmod 770 $(DESTDIR)/var/run
chmod 550 $(DESTDIR)/etc
- chmod 770 $(DESTDIR)/etc/shared
+ chmod 440 $(DESTDIR)/etc/internal_options.conf
+ chmod -R 770 $(DESTDIR)/etc/shared
chmod 700 $(DESTDIR)/.ssh
+ chmod 755 $(DESTDIR)/active-response/bin/*
+ chmod 550 $(DESTDIR)/bin/*
+ chmod 440 $(DESTDIR)/etc/ossec.conf
- # various files installation
- install -m 644 etc/internal_options.conf $(DESTDIR)/etc
- install -m 644 etc/decoder.xml $(DESTDIR)/etc
- install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared
- if [ -e etc/ossec.mc ]; then \
- install -m 440 etc/ossec.mc $(DESTDIR)/etc/ossec.conf; \
- else \
- install -m 440 etc/ossec-agent.conf $(DESTDIR)/etc/ossec.conf; \
- fi
- install -m 440 etc/ossec-*.conf $(DESTDIR)/etc
- cp -r etc/rules/* $(DESTDIR)/rules
- find $(DESTDIR)/rules -type f -exec chmod 640 '{}' ';'
- install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless
- install -s -m 755 bin/* $(DESTDIR)/bin
- install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin
- ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control
- install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin
- install -m 755 active-response/firewalls/*.sh \
- $(DESTDIR)/active-response/bin
+ # fixups: no need for execute bits on files there
+ find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';'
+ find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';'
# system init script
mkdir -p $(PKGDIR)/etc/init.d
- install -m 755 src/init/ossec-hids.init $(PKGDIR)/etc/init.d/ossec-hids
+ if [ -e ossec-hids-debian.init ]; then \
+ install -m 755 ossec-hids-debian.init \
+ $(PKGDIR)/etc/init.d/ossec-hids; \
+ else \
+ install -m 755 src/init/ossec-hids.init \
+ $(PKGDIR)/etc/init.d/ossec-hids; \
+ fi
# system ossec-init
echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf
--- /dev/null
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: ossec-hids
+# Required-Start: $local_fs $remote_fs $syslog
+# Required-Stop: $local_fs $remote_fs $syslog
+# Should-Start: $all
+# Should-Stop: $all
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: OSSEC HIDS init script
+# Description: Init script for OSSEC HIDS services
+### END INIT INFO
+
+# OSSEC Controls OSSEC HIDS
+# Author: Daniel B. Cid <dcid@ossec.net>
+# Modified for slackware by Jack S. Lai
+# Modified for Debian package by Dinko Korunic <kreator@carnet.hr>
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+. /etc/ossec-init.conf
+if [ "X${DIRECTORY}" = "X" ]; then
+ DIRECTORY="/var/ossec"
+fi
+
+
+start() {
+ ${DIRECTORY}/bin/ossec-control start
+}
+
+stop() {
+ ${DIRECTORY}/bin/ossec-control stop
+}
+
+status() {
+ ${DIRECTORY}/bin/ossec-control status
+}
+
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ force-reload)
+ stop
+ start
+ ;;
+ status)
+ status
+ ;;
+ *)
+ echo "*** Usage: $0 {start|stop|restart|status}"
+ exit 1
+esac
+
+exit 0
projects / ossec-hids.git / commitdiff