new upstream release (3.3.0); modify package compatibility for Stretch

[ossec-hids.git] / contrib / debian-packages / ossec-hids / debian / postinst

#!/bin/sh
# postinst script for ossec-hids

set -e

case "$1" in
    configure)

        DIR="/var/ossec/"
        USER="ossec"
        USER_MAIL="ossecm"
        USER_REM="ossecr"
        GROUP="ossec"
        OSSEC_HIDS_TMP_DIR="/tmp/ossec-hids"

        OSMYSHELL="/sbin/nologin"
        if [ ! -f ${OSMYSHELL} ]; then 
            if [ -f "/bin/false" ]; then
                OSMYSHELL="/bin/false"
            fi
        fi

        if ! getent group | grep -q "^ossec"
        then
            addgroup --system ossec
        fi
        if ! getent passwd | grep -q "^ossec"
        then
            adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER} > /dev/null 2>&1
        fi
        if ! getent passwd | grep -q "^ossecm"
        then
            adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER_MAIL} > /dev/null 2>&1
        fi
        if ! getent passwd | grep -q "^ossecr"
        then
            adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER_REM} > /dev/null 2>&1
        fi

        # Default for all directories
        chmod -R 550 ${DIR}
        chown -R root:${GROUP} ${DIR}

        # AnalysisD needs to write to alerts: log, mail and cmds
        chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
        chmod -R 770 ${DIR}/queue/alerts

        # To the ossec queue (default for analysisd to read)
        chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
        chmod -R 770 ${DIR}/queue/ossec

        # To the ossec fts queue
        chown -R ${USER}:${GROUP} ${DIR}/queue/fts
        chmod -R 750 ${DIR}/queue/fts
        chmod 740 ${DIR}/queue/fts/* > /dev/null 2>&1 || true

        # To the ossec syscheck/rootcheck queue
        chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
        chmod -R 750 ${DIR}/queue/syscheck
        chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1 || true

        chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
        chmod -R 750 ${DIR}/queue/rootcheck
        chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1 || true

        chown -R ${USER}:${GROUP} ${DIR}/queue/diff
        chmod -R 750 ${DIR}/queue/diff
        chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true

        chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
        chmod -R 755 ${DIR}/queue/agent-info
        chmod 744 ${DIR}/queue/agent-info/* > /dev/null 2>&1 || true
        chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
        chmod -R 755 ${DIR}/queue/rids
        chmod 744 ${DIR}/queue/rids/* > /dev/null 2>&1 || true

        chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
        chmod -R 755 ${DIR}/queue/agentless
        chmod 744 ${DIR}/queue/agentless/* > /dev/null 2>&1 || true

        # For the stats directory
        chown -R ${USER}:${GROUP} ${DIR}/stats
        chmod -R 750 ${DIR}/stats

        # For the logging user
        chown -R ${USER}:${GROUP} ${DIR}/logs
        chmod -R 750 ${DIR}/logs
        touch ${DIR}/logs/ossec.log
        chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
        chmod 664 ${DIR}/logs/ossec.log

        # Backup previous rules
        if [ -d ${DIR}/rules/ ]; then
            mkdir ${DIR}/rules/backup-rules.$$
            cp -pr ${DIR}/rules/*.xml ${DIR}/rules/backup-rules.$$/
        fi

        # Restore the local rules
        if [ -f ${OSSEC_HIDS_TMP_DIR}/local_rules.xml ]; then
            mv ${OSSEC_HIDS_TMP_DIR}/local_rules.xml ${DIR}/rules/local_rules.xml
        fi

        chown -R root:${GROUP} ${DIR}/rules
        chmod -R 550 ${DIR}/rules


        # For the etc dir
        chmod 550 ${DIR}/etc
        chown -R root:${GROUP} ${DIR}/etc
        if [ -f /etc/localtime ]; then
            cp -pL /etc/localtime ${DIR}/etc/;
            chmod 555 ${DIR}/etc/localtime
            chown root:${GROUP} ${DIR}/etc/localtime
        fi

        if [ -f /etc/TIMEZONE ]; then
            cp -p /etc/TIMEZONE ${DIR}/etc/;
            chmod 555 ${DIR}/etc/TIMEZONE
        fi

        # For the /var/run
        chmod 770 ${DIR}/var/run
        chown root:${GROUP} ${DIR}/var/run

        # More files
        chown root:${GROUP} ${DIR}/etc/decoder.xml
        chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 || true
        chown root:${GROUP} ${DIR}/etc/internal_options.conf
        chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
        chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1 || true
        chown root:${GROUP} ${DIR}/etc/shared/*
        chown root:${GROUP} ${DIR}/agentless/*
        chown ${USER}:${GROUP} ${DIR}/.ssh
        chmod 440 ${DIR}/etc/decoder.xml
        chmod 660 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 || true
        chmod 440 ${DIR}/etc/internal_options.conf
        chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
        chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true
        chmod 550 ${DIR}/etc
        chmod 770 ${DIR}/etc/shared
        chmod 660 ${DIR}/etc/shared/*
        chmod 550 ${DIR}/agentless/*
        chmod 700 ${DIR}/.ssh

        rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1 || true
        chmod 755 ${DIR}/active-response/bin/*
        chown root:${GROUP} ${DIR}/active-response/bin/*
        chown root:${GROUP} ${DIR}/bin/*
        chmod 550 ${DIR}/bin/*
        chown root:${GROUP} ${DIR}/etc/ossec.conf
        chmod 660 ${DIR}/etc/ossec.conf

        # Sticky bit for /var/ossec/tmp
        chmod +t ${DIR}/tmp     

        # Debconf
        . /usr/share/debconf/confmodule
        db_input high ossec-hids/email_notification || true
        db_go

        db_get ossec-hids/email_notification
        EMAIL_NOTIFICATION=$RET

        if [ ${EMAIL_NOTIFICATION} = "yes" ]; then
            sed -i 's/<email_notification>[^<]\+<\/email_notification>/<email_notification>yes<\/email_notification>/' ${DIR}/etc/ossec.conf 
            db_input high ossec-hids/email_to || true
            db_go
            db_input high ossec-hids/email_from || true
            db_go
            db_input high ossec-hids/smtp_server || true
            db_go

            db_get ossec-hids/email_to
            EMAIL_TO=$RET
            db_get ossec-hids/email_from
            EMAIL_FROM=$RET
            db_get ossec-hids/smtp_server
            SMTP_SERVER=$RET

            sed -i "s/<email_to>[^<]\+<\/email_to>/<email_to>${EMAIL_TO}<\/email_to>/" ${DIR}/etc/ossec.conf 
            sed -i "s/<email_from>[^<]\+<\/email_from>/<email_from>${EMAIL_FROM}<\/email_from>/" ${DIR}/etc/ossec.conf 
            sed -i "s/<smtp_server>[^<]\+<\/smtp_server>/<smtp_server>${SMTP_SERVER}<\/smtp_server>/" ${DIR}/etc/ossec.conf 
        
        else
            sed -i 's/<email_notification>[^<]\+<\/email_notification>/<email_notification>no<\/email_notification>/' ${DIR}/etc/ossec.conf
        fi

        db_stop

        # ossec-init.conf
        if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
            if [ -e /etc/ossec-init.conf ]; then
                rm -f /etc/ossec-init.conf
            fi
            ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf
        fi

        # init.d/ossec file
        if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
            if [ -e /etc/init.d/ossec ]; then
                rm -f /etc/init.d/ossec
            fi
            ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec
        fi

        # Service
        if [ -x /etc/init.d/ossec ]; then
            update-rc.d -f ossec defaults
            service ossec restart
        fi

        # Delete tmp directory
        if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then
            rm -r ${OSSEC_HIDS_TMP_DIR}
        fi
  
    ;;


    abort-upgrade|abort-remove|abort-deconfigure)

    ;;


    *)
        echo "postinst called with unknown argument \`$1'" >22
        exit 1
    ;;

esac

exit 0