#!/bin/sh set -e case "$1" in configure) # continue below ;; abort-upgrade|abort-remove|abort-deconfigure) exit 0 ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 0 ;; esac # users and group names OSSEC_USER="ossec" OSSEC_USER_MAIL="ossecm" OSSEC_USER_EXEC="ossece" OSSEC_USER_REM="ossecr" OSSEC_GROUP="ossec" # get installation directory . /etc/ossec-init.conf if [ "X${DIRECTORY}" = "X" ]; then DIRECTORY="/var/ossec" fi # create group if ! getent group $OSSEC_GROUP >/dev/null; then addgroup --system $OSSEC_GROUP fi # create/modify users if ! getent passwd $OSSEC_USER >/dev/null; then adduser --quiet --system --no-create-home \ --ingroup $OSSEC_GROUP \ --home $DIRECTORY --shell /bin/false $OSSEC_USER else usermod -g $OSSEC_GROUP -s /bin/false \ -d $DIRECTORY $OSSEC_USER >/dev/null 2>&1 fi if ! getent passwd $OSSEC_USER_MAIL >/dev/null; then adduser --quiet --system --no-create-home \ --ingroup $OSSEC_GROUP \ --home $DIRECTORY --shell /bin/false $OSSEC_USER_MAIL else usermod -g $OSSEC_GROUP -s /bin/false \ -d $DIRECTORY $OSSEC_USER_MAIL >/dev/null 2>&1 fi if ! getent passwd $OSSEC_USER_EXEC >/dev/null; then adduser --quiet --system --no-create-home \ --ingroup $OSSEC_GROUP \ --home $DIRECTORY --shell /bin/false $OSSEC_USER_EXEC else usermod -g $OSSEC_GROUP -s /bin/false \ -d $DIRECTORY $OSSEC_USER_EXEC >/dev/null 2>&1 fi if ! getent passwd $OSSEC_USER_REM >/dev/null; then adduser --quiet --system --no-create-home \ --ingroup $OSSEC_GROUP \ --home $DIRECTORY --shell /bin/false $OSSEC_USER_REM else usermod -g $OSSEC_GROUP -s /bin/false \ -d $DIRECTORY $OSSEC_USER_REM >/dev/null 2>&1 fi # fix ownership chown -R root:$OSSEC_GROUP $DIRECTORY chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/alerts chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/ossec chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/fts chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/syscheck chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/rootcheck chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/agent-info chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs chown -R root:$OSSEC_GROUP $DIRECTORY/etc touch $DIRECTORY/logs/ossec.log chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh chown -R root:$OSSEC_GROUP $DIRECTORY/rules chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf chown root:$OSSEC_GROUP $DIRECTORY/etc/client.keys >/dev/null 2>&1 || true chown root:$OSSEC_GROUP $DIRECTORY/agentless/* chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh chown -R root:$OSSEC_GROUP $DIRECTORY/etc/shared chown root:$OSSEC_GROUP $DIRECTORY/var/run chown root:$OSSEC_GROUP $DIRECTORY/active-response/bin/* chown root:$OSSEC_GROUP $DIRECTORY/bin/* chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf # fix perms chmod -R 550 $DIRECTORY chmod -R 770 $DIRECTORY/queue/alerts chmod -R 770 $DIRECTORY/queue/ossec chmod -R 750 $DIRECTORY/queue/fts chmod -R 750 $DIRECTORY/queue/syscheck chmod -R 750 $DIRECTORY/queue/rootcheck chmod -R 750 $DIRECTORY/queue/diff chmod -R 755 $DIRECTORY/queue/agent-info chmod -R 755 $DIRECTORY/queue/rids chmod -R 755 $DIRECTORY/queue/agentless chmod -R 750 $DIRECTORY/stats chmod -R 750 $DIRECTORY/logs chmod -R 550 $DIRECTORY/rules chmod 770 $DIRECTORY/var/run chmod 550 $DIRECTORY/etc chmod 440 $DIRECTORY/etc/internal_options.conf chmod -R 770 $DIRECTORY/etc/shared chmod 700 $DIRECTORY/.ssh chmod 755 $DIRECTORY/active-response/bin/* chmod 550 $DIRECTORY/bin/* chmod 440 $DIRECTORY/etc/ossec.conf # fixups: no need for execute bits on files there find $DIRECTORY/rules -type f -exec chmod ugo-x '{}' ';' find $DIRECTORY/etc -type f -exec chmod ugo-x '{}' ';' # copy timezone and localtime if [ -e /etc/timezone ]; then cmp -s /etc/timezone $DIRECTORY/etc/timezone || \ cp -a /etc/timezone $DIRECTORY/etc/timezone fi if [ -e /etc/localtime ]; then cmp -s /etc/localtime $DIRECTORY/etc/localtime || \ cp -a /etc/localtime $DIRECTORY/etc/localtime fi # update system v init links update-rc.d ossec-hids defaults >/dev/null # and start the service service ossec-hids restart # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0