Imported Upstream version 2.7

[ossec-hids.git] / src / win32 / ossec-installer.nsi

;--------------------------------
;Include Modern UI

!include "MUI.nsh"

;--------------------------------
;General

!define MUI_ICON favicon.ico
!define MUI_UNICON ossec-uninstall.ico
!define VERSION "2.7"
!define NAME "OSSEC HIDS"
!define /date CDATE "%b %d %Y at %H:%M:%S"

Name "${NAME} Windows Agent v${VERSION}"
BrandingText "Copyright (C) 2012 Trend Micro Inc."
OutFile "ossec-win32-agent.exe"

InstallDir "$PROGRAMFILES\ossec-agent"
InstallDirRegKey HKLM Software\OSSEC ""

;--------------------------------
;Interface Settings

!define MUI_ABORTWARNING

;--------------------------------
;Pages
  !define MUI_WELCOMEPAGE_TITLE_3LINES
  !define MUI_WELCOMEPAGE_TEXT "This wizard will guide you through the install of ${Name}.\r\n\r\nClick next to continue."
  !define MUI_FINISHPAGE_TITLE_3LINES
  !define MUI_FINISHPAGE_RUN "$INSTDIR\win32ui.exe"
  !define  MUI_FINISHPAGE_RUN_TEXT "Run OSSEC Agent Manager"
  
  ; Page for choosing components.
  !define MUI_COMPONENTSPAGE_TEXT_TOP "Select the options you want to be executed. Click next to continue."
  !define MUI_COMPONENTSPAGE_NODESC 

  !insertmacro MUI_PAGE_WELCOME
  !insertmacro MUI_PAGE_LICENSE "LICENSE.txt"
  !insertmacro MUI_PAGE_COMPONENTS
  !insertmacro MUI_PAGE_DIRECTORY
  !insertmacro MUI_PAGE_INSTFILES
  !insertmacro MUI_PAGE_FINISH

  ; These have to be defined again to work with the uninstall pages
  !define MUI_WELCOMEPAGE_TITLE_3LINES
  !define MUI_FINISHPAGE_TITLE_3LINES
  !insertmacro MUI_UNPAGE_WELCOME
  !insertmacro MUI_UNPAGE_CONFIRM
  !insertmacro MUI_UNPAGE_INSTFILES
  !insertmacro MUI_UNPAGE_FINISH

;--------------------------------
;Languages

  !insertmacro MUI_LANGUAGE "English"

;--------------------------------
; Function to stop OSSEC service if running

Function .onInit
    IfFileExists $INSTDIR\ossec.conf 0 +3
    MessageBox MB_OKCANCEL "${NAME} is already installed. It will be stopped before continuing." /SD IDOK IDOK NoAbort
    Abort
    NoAbort:
    
   ;; Stopping ossec service.
   nsExec::ExecToStack '"net" "stop" "OssecSvc"'
FunctionEnd
            
;--------------------------------
;Main install section

Section "OSSEC Agent (required)" MainSec

SectionIn RO
SetOutPath $INSTDIR

ClearErrors

File \
ossec-agent.exe \
default-ossec.conf \
manage_agents.exe \
os_win32ui.exe \
ossec-rootcheck.exe \
internal_options.conf \
setup-windows.exe \
setup-syscheck.exe \
setup-iis.exe \
service-start.exe \
service-stop.exe \
doc.html \
rootkit_trojans.txt \
rootkit_files.txt \
add-localfile.exe \
LICENSE.txt \
rootcheck\rootcheck.conf \
rootcheck\db\win_applications_rcl.txt \
rootcheck\db\win_malware_rcl.txt \
rootcheck\db\win_audit_rcl.txt \
help.txt \
vista_sec.csv \
route-null.cmd \
restart-ossec.cmd

WriteRegStr HKLM SOFTWARE\ossec "Install_Dir" "$INSTDIR"
WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC" "DisplayName" "${NAME} ${VERSION}"
WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC" "DisplayVersion" "${VERSION}"
WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC" "DisplayIcon" "${MUI_ICON}"
WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC" "HelpLink" "http://www.ossec.net/main/support/"
WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC" "URLInfoAbout" "http://www.ossec.net"
WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "UninstallString" '"$INSTDIR\uninstall.exe"'
WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "NoModify" 1
WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "NoRepair" 1
WriteUninstaller "uninstall.exe"

; Writing version and install information
FileOpen $0 $INSTDIR\VERSION.txt w
IfErrors done
FileWrite $0 "${NAME} v${VERSION} - "
FileWrite $0 "Installed on ${CDATE}"
FileClose $0
done:

CreateDirectory "$INSTDIR\rids"
CreateDirectory "$INSTDIR\syscheck"
CreateDirectory "$INSTDIR\shared"
CreateDirectory "$INSTDIR\active-response"
CreateDirectory "$INSTDIR\active-response\bin"
Delete "$INSTDIR\active-response\bin\route-null.cmd"
Delete "$INSTDIR\active-response\bin\restart-ossec.cmd"
Rename "$INSTDIR\rootkit_trojans.txt" "$INSTDIR\shared\rootkit_trojans.txt"
Rename "$INSTDIR\rootkit_files.txt" "$INSTDIR\shared\rootkit_files.txt"
Rename "$INSTDIR\win_malware_rcl.txt" "$INSTDIR\shared\win_malware_rcl.txt"
Rename "$INSTDIR\win_audit_rcl.txt" "$INSTDIR\shared\win_audit_rcl.txt"
Rename "$INSTDIR\win_applications_rcl.txt" "$INSTDIR\shared\win_applications_rcl.txt"
Rename "$INSTDIR\route-null.cmd" "$INSTDIR\active-response\bin\route-null.cmd"
Rename "$INSTDIR\restart-ossec.cmd" "$INSTDIR\active-response\bin\restart-ossec.cmd"
Rename "$INSTDIR\os_win32ui.exe" "$INSTDIR\win32ui.exe"
Delete "$SMPROGRAMS\OSSEC\Edit.lnk"
Delete "$SMPROGRAMS\OSSEC\Uninstall.lnk"
Delete "$SMPROGRAMS\OSSEC\Documentation.lnk"
Delete "$SMPROGRAMS\OSSEC\Edit Config.lnk"
Delete "$SMPROGRAMS\OSSEC\*.*"

; Remove start menu entry. 
RMDir "$SMPROGRAMS\OSSEC"

; Creating start menu directory
CreateDirectory "$SMPROGRAMS\OSSEC"
CreateShortCut "$SMPROGRAMS\OSSEC\Manage Agent.lnk" "$INSTDIR\win32ui.exe" "" "$INSTDIR\win32ui.exe" 0
CreateShortCut "$SMPROGRAMS\OSSEC\Documentation.lnk" "$INSTDIR\doc.html" "" "$INSTDIR\doc.html" 0
CreateShortCut "$SMPROGRAMS\OSSEC\Edit Config.lnk" "$INSTDIR\ossec.conf" "" "$INSTDIR\ossec.conf" 0
CreateShortCut "$SMPROGRAMS\OSSEC\Uninstall.lnk" "$INSTDIR\uninstall.exe" "" "$INSTDIR\uninstall.exe" 0

; Install in the services  (perhaps it would be better to use a plug-in here?)
;nsExec::ExecToStack '"$INSTDIR\ossec-agent.exe" install-service'
ExecWait '"$INSTDIR\ossec-agent.exe" install-service'
;nsExec::ExecToStack '"$INSTDIR\setup-windows.exe" "$INSTDIR"'
ExecWait '"$INSTDIR\setup-windows.exe" "$INSTDIR"'

SectionEnd

Section "Scan and monitor IIS logs (recommended)" IISLogs

nsExec::ExecToStack '"$INSTDIR\setup-iis.exe" "$INSTDIR"'

SectionEnd

Section "Enable integrity checking (recommended)" IntChecking

nsExec::ExecToStack '"$INSTDIR\setup-syscheck.exe" "$INSTDIR" "enable"'

SectionEnd

;--------------------------------
;Uninstall section
Section "Uninstall"
  
  ;Need a step to check for a running agent manager, otherwise it and the INSTDIR directory will not be removed.
  
  ; Stop ossec. Perhaps we should look for an exit status here. Also, may be a good place to use a plug-in.
  nsExec::ExecToStack '"net" "stop" "OssecSvc"'
  
  ; Uninstall from the services. Again, maybe use a plugin here.
  nsExec::ExecToStack '"$INSTDIR\ossec-agent.exe" uninstall-service'

  ; Remove registry keys
  DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC"
  DeleteRegKey HKLM SOFTWARE\OSSEC

  ; Remove files and uninstaller. There have been instances where the ossec-agent directory and executable is left. Why?
  Delete "$INSTDIR\ossec-agent.exe"
  Delete "$INSTDIR\manage_agents.exe"
  Delete "$INSTDIR\ossec.conf"
  Delete "$INSTDIR\uninstall.exe"
  Delete "$INSTDIR\*"
  Delete "$INSTDIR\rids\*"
  Delete "$INSTDIR\syscheck\*"
  Delete "$INSTDIR\shared\*"
  Delete "$INSTDIR\active-response\bin\*"
  Delete "$INSTDIR\active-response\*"
  Delete "$INSTDIR"

  ; Remove shortcuts, if any
  Delete "$SMPROGRAMS\OSSEC\*.*"
  Delete "$SMPROGRAMS\OSSEC\*"

  ; Remove directories used
  RMDir "$SMPROGRAMS\OSSEC"
  RMDir "$INSTDIR\shared"
  RMDir "$INSTDIR\syscheck"
  RMDir "$INSTDIR\rids"
  RMDir "$INSTDIR\active-response\bin"
  RMDir "$INSTDIR\active-response"
  RMDir "$INSTDIR"

SectionEnd