projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- niz izmjena zbog #10324 problema (problematicna post-instalacija zbog
[ossec-hids.git] / debian / postinst
diff --git a/debian/postinst b/debian/postinst
index b481091..001da51 100755 (executable)
--- a/debian/postinst
+++ b/debian/postinst
@@ -49,7 +49,7 @@ if ! getent group $OSSEC_GROUP >/dev/null; then
     addgroup --system $OSSEC_GROUP
 fi
 
-# fix the permissions
+# fix ownership
 chown -R root:$OSSEC_GROUP $DIRECTORY
 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/alerts
 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/queue/ossec
@@ -60,15 +60,49 @@ chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/agent-info
 chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids
 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats
 chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs
+chown -R root:$OSSEC_GROUP $DIRECTORY/etc
 touch $DIRECTORY/logs/ossec.log
 chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log
+chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh
 chown -R root:$OSSEC_GROUP $DIRECTORY/rules
-chown root:$OSSEC_GROUP $DIRECTORY/var/run
 chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml
 chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf
-chown root:$OSSEC_GROUP $DIRECTORY/etc/shared/*
+chown root:$OSSEC_GROUP $DIRECTORY/etc/client.keys >/dev/null 2>&1 || true
+chown root:$OSSEC_GROUP $DIRECTORY/agentless/*
+chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh
+chown -R root:$OSSEC_GROUP $DIRECTORY/etc/shared
+chown root:$OSSEC_GROUP $DIRECTORY/var/run
+chown root:$OSSEC_GROUP $DIRECTORY/active-response/bin/*
+chown root:$OSSEC_GROUP $DIRECTORY/bin/*
 chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf
 
+# fix perms
+chmod -R 550 $DIRECTORY
+chmod -R 770 $DIRECTORY/queue/alerts
+chmod -R 770 $DIRECTORY/queue/ossec
+chmod -R 750 $DIRECTORY/queue/fts
+chmod -R 750 $DIRECTORY/queue/syscheck
+chmod -R 750 $DIRECTORY/queue/rootcheck
+chmod -R 750 $DIRECTORY/queue/diff
+chmod -R 755 $DIRECTORY/queue/agent-info
+chmod -R 755 $DIRECTORY/queue/rids
+chmod -R 755 $DIRECTORY/queue/agentless
+chmod -R 750 $DIRECTORY/stats
+chmod -R 750 $DIRECTORY/logs
+chmod -R 550 $DIRECTORY/rules
+chmod 770 $DIRECTORY/var/run
+chmod 550 $DIRECTORY/etc
+chmod 440 $DIRECTORY/etc/internal_options.conf
+chmod -R 770 $DIRECTORY/etc/shared
+chmod 700 $DIRECTORY/.ssh
+chmod 755 $DIRECTORY/active-response/bin/*
+chmod 550 $DIRECTORY/bin/*
+chmod 440 $DIRECTORY/etc/ossec.conf
+
+# fixups: no need for execute bits on files there
+find $DIRECTORY/rules -type f -exec chmod ugo-x '{}' ';'
+find $DIRECTORY/etc -type f -exec chmod ugo-x '{}' ';'
+
 # copy timezone and localtime
 if [ -e /etc/timezone ]; then
     cmp -s /etc/timezone $DIRECTORY/etc/timezone || \
@@ -89,4 +123,9 @@ else
     /etc/init.d/ossec-hids restart
 fi
 
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
 exit 0
ossec-hids