projects / ossec-hids.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- quiet usermod..
[ossec-hids.git] / debian / postinst
1 #!/bin/sh
2
3 set -e
4
5 case "$1" in
6     configure)
7         # continue below
8     ;;
9
10     abort-upgrade|abort-remove|abort-deconfigure)
11         exit 0
12     ;;
13
14     *)
15         echo "postinst called with unknown argument \`$1'" >&2
16         exit 0
17     ;;
18 esac
19
20 # users and group names
21 OSSEC_USER="ossec"
22 OSSEC_USER_MAIL="ossecm"
23 OSSEC_USER_EXEC="ossece"
24 OSSEC_USER_REM="ossecr"
25 OSSEC_GROUP="ossec"
26
27 # get installation directory
28 . /etc/ossec-init.conf
29 if [ "X${DIRECTORY}" = "X" ]; then
30     DIRECTORY="/var/ossec"
31 fi
32
33 # create group
34 if ! getent group $OSSEC_GROUP >/dev/null; then
35     addgroup --system $OSSEC_GROUP
36 fi
37
38 # create/modify users
39 if ! getent passwd $OSSEC_USER >/dev/null; then
40     adduser --quiet --system --no-create-home \
41         --ingroup $OSSEC_GROUP \
42         --home $DIRECTORY --shell /bin/false $OSSEC_USER
43 else
44     usermod -g $OSSEC_GROUP -s /bin/false \
45         -d $DIRECTORY $OSSEC_USER >/dev/null 2>&1
46 fi
47 if ! getent passwd $OSSEC_USER_MAIL >/dev/null; then
48     adduser --quiet --system --no-create-home \
49         --ingroup $OSSEC_GROUP \
50         --home $DIRECTORY --shell /bin/false $OSSEC_USER_MAIL
51 else
52     usermod -g $OSSEC_GROUP -s /bin/false \
53         -d $DIRECTORY $OSSEC_USER_MAIL >/dev/null 2>&1
54 fi
55 if ! getent passwd $OSSEC_USER_EXEC >/dev/null; then
56     adduser --quiet --system --no-create-home \
57         --ingroup $OSSEC_GROUP \
58         --home $DIRECTORY --shell /bin/false $OSSEC_USER_EXEC
59 else
60     usermod -g $OSSEC_GROUP -s /bin/false \
61         -d $DIRECTORY $OSSEC_USER_EXEC >/dev/null 2>&1
62 fi
63 if ! getent passwd $OSSEC_USER_REM >/dev/null; then
64     adduser --quiet --system --no-create-home \
65         --ingroup $OSSEC_GROUP \
66         --home $DIRECTORY --shell /bin/false $OSSEC_USER_REM
67 else
68     usermod -g $OSSEC_GROUP -s /bin/false \
69         -d $DIRECTORY $OSSEC_USER_REM >/dev/null 2>&1
70 fi
71
72 # fix ownership
73 chown -R root:$OSSEC_GROUP $DIRECTORY
74 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/alerts
75 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/ossec
76 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/fts
77 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/syscheck
78 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/rootcheck
79 chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/agent-info
80 chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids
81 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats
82 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs
83 chown -R root:$OSSEC_GROUP $DIRECTORY/etc
84 touch $DIRECTORY/logs/ossec.log
85 chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log
86 chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh
87 chown -R root:$OSSEC_GROUP $DIRECTORY/rules
88 chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml
89 chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf
90 chown root:$OSSEC_GROUP $DIRECTORY/etc/client.keys >/dev/null 2>&1 || true
91 chown root:$OSSEC_GROUP $DIRECTORY/agentless/*
92 chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh
93 chown -R root:$OSSEC_GROUP $DIRECTORY/etc/shared
94 chown root:$OSSEC_GROUP $DIRECTORY/var/run
95 chown root:$OSSEC_GROUP $DIRECTORY/active-response/bin/*
96 chown root:$OSSEC_GROUP $DIRECTORY/bin/*
97 chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf
98
99 # fix perms
100 chmod -R 550 $DIRECTORY
101 chmod -R 770 $DIRECTORY/queue/alerts
102 chmod -R 770 $DIRECTORY/queue/ossec
103 chmod -R 750 $DIRECTORY/queue/fts
104 chmod -R 750 $DIRECTORY/queue/syscheck
105 chmod -R 750 $DIRECTORY/queue/rootcheck
106 chmod -R 750 $DIRECTORY/queue/diff
107 chmod -R 755 $DIRECTORY/queue/agent-info
108 chmod -R 755 $DIRECTORY/queue/rids
109 chmod -R 755 $DIRECTORY/queue/agentless
110 chmod -R 750 $DIRECTORY/stats
111 chmod -R 750 $DIRECTORY/logs
112 chmod -R 550 $DIRECTORY/rules
113 chmod 770 $DIRECTORY/var/run
114 chmod 550 $DIRECTORY/etc
115 chmod 440 $DIRECTORY/etc/internal_options.conf
116 chmod -R 770 $DIRECTORY/etc/shared
117 chmod 700 $DIRECTORY/.ssh
118 chmod 755 $DIRECTORY/active-response/bin/*
119 chmod 550 $DIRECTORY/bin/*
120 chmod 440 $DIRECTORY/etc/ossec.conf
121
122 # fixups: no need for execute bits on files there
123 find $DIRECTORY/rules -type f -exec chmod ugo-x '{}' ';'
124 find $DIRECTORY/etc -type f -exec chmod ugo-x '{}' ';'
125
126 # copy timezone and localtime
127 if [ -e /etc/timezone ]; then
128     cmp -s /etc/timezone $DIRECTORY/etc/timezone || \
129         cp -a /etc/timezone $DIRECTORY/etc/timezone
130 fi
131 if [ -e /etc/localtime ]; then
132     cmp -s /etc/localtime $DIRECTORY/etc/localtime || \
133         cp -a /etc/localtime $DIRECTORY/etc/localtime
134 fi
135
136 # update system v init links
137 update-rc.d ossec-hids defaults >/dev/null
138
139 # and start the service
140 if [ -x /usr/sbin/invoke-rc.d ]; then
141     invoke-rc.d ossec-hids restart
142 else
143     /etc/init.d/ossec-hids restart
144 fi
145
146 # dh_installdeb will replace this with shell code automatically
147 # generated by other debhelper scripts.
148
149 #DEBHELPER#
150
151 exit 0
ossec-hids