addgroup --system $OSSEC_GROUP
fi
-# fix the permissions
+# fix ownership
chown -R root:$OSSEC_GROUP $DIRECTORY
chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/alerts
chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/ossec
chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids
chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats
chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs
+chown -R root:$OSSEC_GROUP $DIRECTORY/etc
touch $DIRECTORY/logs/ossec.log
chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log
+chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh
chown -R root:$OSSEC_GROUP $DIRECTORY/rules
-chown root:$OSSEC_GROUP $DIRECTORY/var/run
chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml
chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf
-chown root:$OSSEC_GROUP $DIRECTORY/etc/shared/*
+chown root:$OSSEC_GROUP $DIRECTORY/etc/client.keys >/dev/null 2>&1 || true
+chown root:$OSSEC_GROUP $DIRECTORY/agentless/*
+chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh
+chown -R root:$OSSEC_GROUP $DIRECTORY/etc/shared
+chown root:$OSSEC_GROUP $DIRECTORY/var/run
+chown root:$OSSEC_GROUP $DIRECTORY/active-response/bin/*
+chown root:$OSSEC_GROUP $DIRECTORY/bin/*
chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf
+# fix perms
+chmod -R 550 $DIRECTORY
+chmod -R 770 $DIRECTORY/queue/alerts
+chmod -R 770 $DIRECTORY/queue/ossec
+chmod -R 750 $DIRECTORY/queue/fts
+chmod -R 750 $DIRECTORY/queue/syscheck
+chmod -R 750 $DIRECTORY/queue/rootcheck
+chmod -R 750 $DIRECTORY/queue/diff
+chmod -R 755 $DIRECTORY/queue/agent-info
+chmod -R 755 $DIRECTORY/queue/rids
+chmod -R 755 $DIRECTORY/queue/agentless
+chmod -R 750 $DIRECTORY/stats
+chmod -R 750 $DIRECTORY/logs
+chmod -R 550 $DIRECTORY/rules
+chmod 770 $DIRECTORY/var/run
+chmod 550 $DIRECTORY/etc
+chmod 440 $DIRECTORY/etc/internal_options.conf
+chmod -R 770 $DIRECTORY/etc/shared
+chmod 700 $DIRECTORY/.ssh
+chmod 755 $DIRECTORY/active-response/bin/*
+chmod 550 $DIRECTORY/bin/*
+chmod 440 $DIRECTORY/etc/ossec.conf
+
+# fixups: no need for execute bits on files there
+find $DIRECTORY/rules -type f -exec chmod ugo-x '{}' ';'
+find $DIRECTORY/etc -type f -exec chmod ugo-x '{}' ';'
+
# copy timezone and localtime
if [ -e /etc/timezone ]; then
cmp -s /etc/timezone $DIRECTORY/etc/timezone || \
/etc/init.d/ossec-hids restart
fi
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
exit 0