#!/bin/sh
# Installation script for the OSSEC
# Author: Daniel B. Cid <daniel.cid@gmail.com>
-# Last modification: Mar 02, 2006
+# Last modification: Aug 30, 2012
# Changelog 19/03/2006 - Rafael M. Capovilla <under@underlinux.com.br>
-# New function AddWhite to allow users to add more Ips in the white_list
+# New function AddWhite to allow users to add more Ips in the allow_list
# Minor *echos* modifications to better look
# Bug fix - When email address is blank
# Bug fix - delete INSTALLDIR - Default is yes but if the user just press enter the script wasn't deleting it as it should
# Changelog 15/07/2006 - Rafael M. Capovilla <under@underlinux.com.br>
# New function AddTable to add support for OpenBSD pf rules in firewall-drop active response
+# Changelog 29 March 2012 - Adding hybrid mode (standalone + agent)
+# added fix for use of USER_AGENT_CONFIG_PROFILE in preloaded-vars
+
### Looking up for the execution directory
ECHO="echo -n"
hs=`echo -n "a"`
if [ ! "X$hs" = "Xa" ]; then
- ls "/usr/ucb/echo" > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -x /usr/ucb/echo ]; then
ECHO="/usr/ucb/echo -n"
else
ECHO=echo
# For solaris
echo "xxxx" | grep -E "xxx" > /dev/null 2>&1
if [ ! $? = 0 ]; then
- ls "/usr/xpg4/bin/grep" > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -x /usr/xpg4/bin/grep ]; then
PATH=/usr/xpg4/bin:$PATH
fi
fi
echo "$0 debug"
echo "$0 binary-install"
exit 1;
- fi
+ fi
done
-
+
##########
##########
Install()
{
- echo ""
- echo "5- ${installing}"
-
- echo "DIR=\"${INSTALLDIR}\"" > ${LOCATION}
- echo "CC=${CC}" >> ${LOCATION}
-
+ echo ""
+ echo "5- ${installing}"
+
+ echo "DIR=\"${INSTALLDIR}\"" > ${LOCATION}
+
# Changing Config.OS with the new C flags
# Checking if debug is enabled
if [ "X${SET_DEBUG}" = "Xdebug" ]; then
CEXTRA="${CEXTRA} -DDEBUGAD"
fi
-
+
echo "CEXTRA=${CEXTRA}" >> ./src/Config.OS
-
+
+ MAKEBIN=make
+ ## Find make/gmake
+ if [ "X$NUNAME" = "XOpenBSD" ]; then
+ MAKEBIN=gmake
+ fi
+ if [ "X$NUNAME" = "XFreeBSD" ]; then
+ MAKEBIN=gmake
+ fi
+ if [ "X$NUNAME" = "XNetBSD" ]; then
+ MAKEBIN=gmake
+ fi
+ if [ "X$NUNAME" = "XDragonflyBSD" ]; then
+ MAKEBIN=gmake
+ fi
+ if [ "X%NUNAME" = "XBitrig" ]; then
+ MAKEBIN=gmake
+ fi
+
+
# Makefile
- echo " - ${runningmake}"
+ echo " - ${runningmake}"
cd ./src
# Binary install will use the previous generated code.
if [ "X${USER_BINARYINSTALL}" = "X" ]; then
- make all
+ # Add DATABASE=pgsql or DATABASE=mysql to add support for database
+ # alert entry
+ ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} build
if [ $? != 0 ]; then
cd ../
catError "0x5-build"
fi
-
- # Building everything
- make build
- if [ $? != 0 ]; then
- cd ../
- catError "0x5-build"
- fi
fi
-
+
# If update, stop ossec
if [ "X${update_only}" = "Xyes" ]; then
UpdateStopOSSEC
- fi
-
- # Making the right installation type
- if [ "X$INSTYPE" = "Xserver" ]; then
- ./InstallServer.sh
-
- elif [ "X$INSTYPE" = "Xagent" ]; then
- ./InstallAgent.sh
+ fi
- elif [ "X$INSTYPE" = "Xlocal" ]; then
- ./InstallServer.sh local
- fi
+ ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} install
cd ../
-
-
+
+
# Generate the /etc/ossec-init.conf
VERSION_FILE="./src/VERSION"
VERSION=`cat ${VERSION_FILE}`
echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT}
chmod 600 ${OSSEC_INIT}
cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT}
- chmod 644 ${INSTALLDIR}${OSSEC_INIT}
-
+ chmod 640 ${INSTALLDIR}${OSSEC_INIT}
+
- # If update_rules is set, we need to tweak
+ # If update_rules is set, we need to tweak
# ossec.conf to read the new signatures.
if [ "X${update_rules}" = "Xyes" ]; then
UpdateOSSECRules
- fi
+ fi
# If update, start OSSEC
if [ "X${update_only}" = "Xyes" ]; then
- UpdateStartOSSEC
- fi
-
+ UpdateStartOSSEC
+ fi
+
# Calling the init script to start ossec hids during boot
if [ "X${update_only}" = "X" ]; then
runInit
if [ $? = 1 ]; then
notmodified="yes"
- fi
- fi
-
+ fi
+ fi
+
}
read AS
else
AS=${USER_ENABLE_SYSCHECK}
- fi
+ fi
echo ""
case $AS in
$nomatch)
SYSCHECK="yes"
echo " - ${yessyscheck}."
;;
- esac
+ esac
# Adding to the config file
if [ "X$SYSCHECK" = "Xyes" ]; then
UseRootcheck()
{
- # Rootkit detection configuration
+ # Rootkit detection configuration
echo ""
$ECHO " 3.3- ${runrootcheck} ($yes/$no) [$yes]: "
-
+
if [ "X${USER_ENABLE_ROOTCHECK}" = "X" ]; then
read ES
else
ES=${USER_ENABLE_ROOTCHECK}
- fi
-
+ fi
+
echo ""
case $ES in
$nomatch)
echo " <system_audit>$INSTALLDIR/etc/shared/cis_rhel_linux_rcl.txt</system_audit>" >> $NEWCONFIG
echo " <system_audit>$INSTALLDIR/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>" >> $NEWCONFIG
echo " </rootcheck>" >> $NEWCONFIG
+ # Patch for systems that use s-nail instead of GNU Mailutils (such as Arch Linux).
+ if [ -r /usr/bin/mail ] && strings /usr/bin/mail | grep "x-shsh bash" 1> /dev/null; then
+ sed -i 's/mail !bash|/mail !/' ./src/rootcheck/db/rootkit_trojans.txt
+ fi
else
echo "" >> $NEWCONFIG
echo " <rootcheck>" >> $NEWCONFIG
echo " <disabled>yes</disabled>" >> $NEWCONFIG
echo " </rootcheck>" >> $NEWCONFIG
- fi
+ fi
}
##########
SetupLogs()
{
+ if [ "x${USER_CLEANINSTALL}" = "xy" ]; then
+ OPENDIR=`dirname $INSTALLDIR`
+ echo "" >> $NEWCONFIG
+ echo " <localfile>" >> $NEWCONFIG
+ echo " <log_format>ossecalert</log_format>" >> $NEWCONFIG
+ echo " <location>$OPENDIR/logs/alerts/alerts.log</location>" >>$NEWCONFIG
+ echo " </localfile>" >> $NEWCONFIG
+ echo "" >> $NEWCONFIG
+ return;
+ fi
NB=$1
echo ""
echo " <!-- Files to monitor (localfiles) -->" >> $NEWCONFIG
LOG_FILES=`cat ${SYSLOG_TEMPLATE}`
for i in ${LOG_FILES}; do
- # If log file present, add it
- ls $i > /dev/null 2>&1
- if [ $? = 0 ]; then
+ # If log file present, add it
+ if [ -f "$i" ]; then
echo " -- $i"
- echo "" >> $NEWCONFIG
- echo " <localfile>" >> $NEWCONFIG
- echo " <log_format>syslog</log_format>" >> $NEWCONFIG
- echo " <location>$i</location>" >>$NEWCONFIG
- echo " </localfile>" >> $NEWCONFIG
+ echo "" >> $NEWCONFIG
+ echo " <localfile>" >> $NEWCONFIG
+ echo " <log_format>syslog</log_format>" >> $NEWCONFIG
+ echo " <location>$i</location>" >>$NEWCONFIG
+ echo " </localfile>" >> $NEWCONFIG
fi
- done
+ done
+
# Getting snort files
SNORT_FILES=`cat ${SNORT_TEMPLATE}`
for i in ${SNORT_FILES}; do
- ls $i > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -f "$i" ]; then
echo "" >> $NEWCONFIG
echo " <localfile>" >> $NEWCONFIG
-
+
head -n 1 $i|grep "\[**\] "|grep -v "Classification:" > /dev/null
if [ $? = 0 ]; then
echo " <log_format>snort-full</log_format>" >> $NEWCONFIG
echo " -- $i (snort-fast file)"
fi
echo " <location>$i</location>" >>$NEWCONFIG
- echo " </localfile>" >> $NEWCONFIG
+ echo " </localfile>" >> $NEWCONFIG
fi
- done
-
+ done
+
# Getting apache logs
APACHE_FILES=`cat ${APACHE_TEMPLATE}`
for i in ${APACHE_FILES}; do
- ls $i > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -f "$i" ]; then
echo "" >> $NEWCONFIG
echo " <localfile>" >> $NEWCONFIG
echo " <log_format>apache</log_format>" >> $NEWCONFIG
echo " <location>$i</location>" >>$NEWCONFIG
echo " </localfile>" >> $NEWCONFIG
-
+
echo " -- $i (apache log)"
fi
done
# Getting postgresql logs
PGSQL_FILES=`cat ${PGSQL_TEMPLATE}`
for i in ${PGSQL_FILES}; do
- ls $i > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -f "$i" ]; then
echo "" >> $NEWCONFIG
echo " <localfile>" >> $NEWCONFIG
echo " <log_format>postgresql_log</log_format>" >> $NEWCONFIG
echo " <location>$i</location>" >>$NEWCONFIG
echo " </localfile>" >> $NEWCONFIG
-
+
echo " -- $i (postgresql log)"
fi
done
-
-
- echo ""
+
+ if [ "X$NUNAME" = "XLinux" ]; then
+ echo "" >> $NEWCONFIG
+ echo " <localfile>" >> $NEWCONFIG
+ echo " <log_format>command</log_format>" >> $NEWCONFIG
+ echo " <command>df -P</command>" >> $NEWCONFIG
+ echo " </localfile>" >> $NEWCONFIG
+ echo "" >> $NEWCONFIG
+ echo " <localfile>" >> $NEWCONFIG
+ echo " <log_format>full_command</log_format>" >> $NEWCONFIG
+ echo " <command>netstat -tan |grep LISTEN |egrep -v '(127.0.0.1| ::1)' | sort</command>" >> $NEWCONFIG
+ echo " </localfile>" >> $NEWCONFIG
+ echo "" >> $NEWCONFIG
+ echo " <localfile>" >> $NEWCONFIG
+ echo " <log_format>full_command</log_format>" >> $NEWCONFIG
+ echo " <command>last -n 5</command>" >> $NEWCONFIG
+ echo " </localfile>" >> $NEWCONFIG
+ fi
+
+
+
+
+ echo ""
catMsg "0x106-logs"
+# install.sh
##########
# ConfigureClient()
##########
ConfigureClient()
{
- echo ""
- echo "3- ${configuring} $NAME."
- echo ""
-
- if [ "X${USER_AGENT_SERVER_IP}" = "X" ]; then
- # Looping and asking for server ip
+ echo ""
+ echo "3- ${configuring} $NAME."
+ echo ""
+
+ if [ "X${USER_AGENT_SERVER_IP}" = "X" -a "X${USER_AGENT_SERVER_NAME}" = "X" ]; then
+ # Looping and asking for server ip or hostname
while [ 1 ]; do
- $ECHO " 3.1- ${serverip}: "
- read IPANSWER
- echo $IPANSWER | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" > /dev/null 2>&1
+ $ECHO " 3.1- ${serveraddr}: "
+ read ADDRANSWER
+ # Is it an IP?
+ echo $ADDRANSWER | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" > /dev/null 2>&1
if [ $? = 0 ]; then
- echo ""
- IP=$IPANSWER
- echo " - ${addingip} $IP"
+ echo ""
+ IP=$ADDRANSWER
+ echo " - ${addingip} $IP"
+ break;
+ # Must be a name
+ elif [ $? != 0 ]; then
+ echo ""
+ HNAME=$ADDRANSWER
+ echo " - ${addingname} $HNAME"
break;
fi
done
else
IP=${USER_AGENT_SERVER_IP}
- fi
+ HNAME=${USER_AGENT_SERVER_NAME}
+ fi
- echo "<ossec_config>" > $NEWCONFIG
+ echo "<ossec_config>" > $NEWCONFIG
echo " <client>" >> $NEWCONFIG
- echo " <server-ip>$IP</server-ip>" >> $NEWCONFIG
- echo " </client>" >> $NEWCONFIG
+ if [ "X${IP}" != "X" ]; then
+ echo " <server-ip>$IP</server-ip>" >> $NEWCONFIG
+ elif [ "X${HNAME}" != "X" ]; then
+ echo " <server-hostname>$HNAME</server-hostname>" >> $NEWCONFIG
+ fi
+ if [ "$X{USER_AGENT_CONFIG_PROFILE}" != "X" ]; then
+ PROFILE=${USER_AGENT_CONFIG_PROFILE}
+ echo " <config-profile>$PROFILE</config-profile>" >> $NEWCONFIG
+ fi
+ echo " </client>" >> $NEWCONFIG
echo "" >> $NEWCONFIG
# Syscheck?
read ANY
else
ANY=${USER_ENABLE_ACTIVE_RESPONSE}
- fi
-
+ fi
+
case $ANY in
$nomatch)
echo ""
##########
ConfigureServer()
{
- echo ""
- echo "3- ${configuring} $NAME."
-
-
+ echo ""
+ echo "3- ${configuring} $NAME."
+
+
# Configuring e-mail notification
- echo ""
- $ECHO " 3.1- ${mailnotify} ($yes/$no) [$yes]: "
-
+ echo ""
+ $ECHO " 3.1- ${mailnotify} ($yes/$no) [$yes]: "
+
if [ "X${USER_ENABLE_EMAIL}" = "X" ]; then
- read ANSWER
+ read ANSWER
else
ANSWER=${USER_ENABLE_EMAIL}
fi
-
- case $ANSWER in
- $nomatch)
+
+ case $ANSWER in
+ $nomatch)
echo ""
- echo " --- ${nomail}."
- EMAILNOTIFY="no"
- ;;
- *)
- EMAILNOTIFY="yes"
- $ECHO " - ${whatsemail} "
+ echo " --- ${nomail}."
+ EMAILNOTIFY="no"
+ ;;
+ *)
+ EMAILNOTIFY="yes"
+ $ECHO " - ${whatsemail} "
if [ "X${USER_EMAIL_ADDRESS}" = "X" ]; then
-
+
read EMAIL
- echo "${EMAIL}" | grep -E "^[a-zA-Z0-9_.-]{1,36}@[a-zA-Z0-9_.-]{1,54}$" > /dev/null 2>&1 ;RVAL=$?;
+ echo "${EMAIL}" | grep -E "^[a-zA-Z0-9_.+-]{1,36}@[a-zA-Z0-9_.-]{1,54}$" > /dev/null 2>&1 ;RVAL=$?;
# Ugly e-mail validation
- while [ "$EMAIL" = "" -o ! ${RVAL} = 0 ] ; do
- $ECHO " - ${whatsemail} "
- read EMAIL
- echo "${EMAIL}" | grep -E "^[a-zA-Z0-9_.-]{1,36}@[a-zA-Z0-9_.-]{1,54}$" > /dev/null 2>&1 ;RVAL=$?;
- done
+ while [ "$EMAIL" = "" -o ! ${RVAL} = 0 ] ; do
+ $ECHO " - ${whatsemail} "
+ read EMAIL
+ echo "${EMAIL}" | grep -E "^[a-zA-Z0-9_.+-]{1,36}@[a-zA-Z0-9_.-]{1,54}$" > /dev/null 2>&1 ;RVAL=$?;
+ done
else
EMAIL=${USER_EMAIL_ADDRESS}
fi
-
- ls ${HOST_CMD} > /dev/null 2>&1
- if [ $? = 0 ]; then
- HOSTTMP=`${HOST_CMD} -W 5 -t mx devmail.ossec.net 2>/dev/null`
+
+ if [ -x "$HOST_CMD" ]; then
+ HOSTTMP=`${HOST_CMD} -W 5 -t mx ossec.net 2>/dev/null`
if [ $? = 1 ]; then
- # Trying without the -W
- HOSTTMP=`${HOST_CMD} -t mx devmail.ossec.net 2>/dev/null`
- fi
- if [ "X$HOSTTMP" = "X${OSSECMX}" -o "X$HOSTTMP" = "X${OSSECMX2}" -o "X$HOSTTMP" = "X${OSSECMX3}" ];then
+ # Trying without the -W
+ HOSTTMP=`${HOST_CMD} -t mx ossec.net 2>/dev/null`
+ fi
+ echo "x$HOSTTMP" | grep "ossec.net mail is handled" > /dev/null 2>&1
+ if [ $? = 0 ]; then
# Breaking down the user e-mail
EMAILHOST=`echo ${EMAIL} | cut -d "@" -f 2`
if [ "X${EMAILHOST}" = "Xlocalhost" ]; then
SMTPHOST="127.0.0.1"
- else
+ else
HOSTTMP=`${HOST_CMD} -W 5 -t mx ${EMAILHOST}`
SMTPHOST=`echo ${HOSTTMP} | cut -d " " -f 7`
- fi
- fi
+ fi
+ fi
fi
if [ "X${USER_EMAIL_SMTP}" = "X" ]; then
*)
SMTP=${SMTPHOST}
echo ""
- echo " --- ${usingsmtp} ${SMTP}"
+ echo " --- ${usingsmtp} ${SMTP}"
;;
esac
fi
if [ "X${SMTP}" = "X" ]; then
- $ECHO " - ${whatsmtp} "
+ $ECHO " - ${whatsmtp} "
read SMTP
- fi
+ fi
else
SMTP=${USER_EMAIL_SMTP}
- fi
+ fi
;;
- esac
-
-
- # Writting global parameters
- echo "<ossec_config>" > $NEWCONFIG
- echo " <global>" >> $NEWCONFIG
- if [ "$EMAILNOTIFY" = "yes" ]; then
- echo " <email_notification>yes</email_notification>" >> $NEWCONFIG
- echo " <email_to>$EMAIL</email_to>" >> $NEWCONFIG
- echo " <smtp_server>$SMTP</smtp_server>" >> $NEWCONFIG
- echo " <email_from>ossecm@${HOST}</email_from>" >> $NEWCONFIG
- else
- echo " <email_notification>no</email_notification>" >> $NEWCONFIG
- fi
-
- echo " </global>" >> $NEWCONFIG
- echo "" >> $NEWCONFIG
-
- # Writting rules configuration
+ esac
+
+
+ # Writting global parameters
+ echo "<ossec_config>" > $NEWCONFIG
+ echo " <global>" >> $NEWCONFIG
+ if [ "$EMAILNOTIFY" = "yes" ]; then
+ echo " <email_notification>yes</email_notification>" >> $NEWCONFIG
+ echo " <email_to>$EMAIL</email_to>" >> $NEWCONFIG
+ echo " <smtp_server>$SMTP</smtp_server>" >> $NEWCONFIG
+ echo " <email_from>ossecm@${HOST}</email_from>" >> $NEWCONFIG
+ else
+ echo " <email_notification>no</email_notification>" >> $NEWCONFIG
+ fi
+
+ echo " </global>" >> $NEWCONFIG
+ echo "" >> $NEWCONFIG
+
+ # Writting rules configuration
cat ${RULES_TEMPLATE} >> $NEWCONFIG
- echo "" >> $NEWCONFIG
+ echo "" >> $NEWCONFIG
# Checking if syscheck should run
UseSyscheck
-
+
# Checking if rootcheck should run
UseRootcheck
# Active response
catMsg "0x107-ar"
$ECHO " - ${enable_ar} ($yes/$no) [$yes]: "
-
+
if [ "X${USER_ENABLE_ACTIVE_RESPONSE}" = "X" ]; then
read AR
else
AR=${USER_ENABLE_ACTIVE_RESPONSE}
fi
-
+
case $AR in
$nomatch)
echo ""
ACTIVERESPONSE="yes"
echo ""
catMsg "0x108-ar-enabled"
-
+
echo ""
$ECHO " - ${firewallar} ($yes/$no) [$yes]: "
-
+
if [ "X${USER_ENABLE_FIREWALL_RESPONSE}" = "X" ]; then
read HD2
else
HD2=${USER_ENABLE_FIREWALL_RESPONSE}
fi
-
+
echo ""
case $HD2 in
$nomatch)
echo " - ${yesfirewall}"
FIREWALLDROP="yes"
;;
- esac
+ esac
echo "" >> $NEWCONFIG
echo " <global>" >> $NEWCONFIG
- echo " <white_list>127.0.0.1</white_list>" >> $NEWCONFIG
- echo " <white_list>^localhost.localdomain$</white_list>">>$NEWCONFIG
+ echo " <allow_list>127.0.0.1</allow_list>" >> $NEWCONFIG
+ echo " <allow_list>::1</allow_list>" >> $NEWCONFIG
+ echo " <allow_list>localhost.localdomain</allow_list>">>$NEWCONFIG
echo ""
- echo " - ${defaultwhitelist}"
+ echo " - ${defaultallowlist}"
for ip in ${NAMESERVERS} ${NAMESERVERS2};
do
if [ ! "X${ip}" = "X" ]; then
echo " - ${ip}"
- echo " <white_list>${ip}</white_list>" >>$NEWCONFIG
+ echo " <allow_list>${ip}</allow_list>" >>$NEWCONFIG
fi
done
AddWhite
# if [ "X${USER_ENABLE_PF}" = "X" ]; then
# read PFENABLE
# else
- # PFENABLE=${USER_ENABLE_PF}
+ # PFENABLE=${USER_ENABLE_PF}
# fi
- #
+ #
# echo ""
# case $PFENABLE in
# $nomatch)
# AddPFTable
# ;;
# esac
- #fi
+ #fi
echo " </global>" >> $NEWCONFIG
;;
- esac
-
-
+ esac
+
+
if [ "X$INSTYPE" = "Xserver" ]; then
- # Configuring remote syslog
- echo ""
- $ECHO " 3.5- ${syslog} ($yes/$no) [$yes]: "
-
+ # Configuring remote syslog
+ echo ""
+ $ECHO " 3.5- ${syslog} ($yes/$no) [$yes]: "
+
if [ "X${USER_ENABLE_SYSLOG}" = "X" ]; then
- read ANSWER
+ read ANSWER
else
ANSWER=${USER_ENABLE_SYSLOG}
fi
-
+
echo ""
case $ANSWER in
- $nomatch)
- echo " --- ${nosyslog}."
- ;;
- *)
- echo " - ${yessyslog}."
- RLOG="yes"
- ;;
- esac
-
- # Configuring remote connections
+ $nomatch)
+ echo " --- ${nosyslog}."
+ ;;
+ *)
+ echo " - ${yessyslog}."
+ RLOG="yes"
+ ;;
+ esac
+
+ # Configuring remote connections
SLOG="yes"
- fi
-
-
-
- if [ "X$RLOG" = "Xyes" ]; then
- echo "" >> $NEWCONFIG
- echo " <remote>" >> $NEWCONFIG
- echo " <connection>syslog</connection>" >> $NEWCONFIG
- echo " </remote>" >> $NEWCONFIG
- fi
+ fi
- if [ "X$SLOG" = "Xyes" ]; then
- echo "" >> $NEWCONFIG
- echo " <remote>" >> $NEWCONFIG
- echo " <connection>secure</connection>" >> $NEWCONFIG
- echo " </remote>" >> $NEWCONFIG
- fi
- # Email/log alerts
- echo "" >> $NEWCONFIG
- echo " <alerts>" >> $NEWCONFIG
+ if [ "X$RLOG" = "Xyes" ]; then
+ echo "" >> $NEWCONFIG
+ echo " <remote>" >> $NEWCONFIG
+ echo " <connection>syslog</connection>" >> $NEWCONFIG
+ echo " </remote>" >> $NEWCONFIG
+ fi
+
+ if [ "X$SLOG" = "Xyes" ]; then
+ echo "" >> $NEWCONFIG
+ echo " <remote>" >> $NEWCONFIG
+ echo " <connection>secure</connection>" >> $NEWCONFIG
+ echo " </remote>" >> $NEWCONFIG
+ fi
+
+
+ # Email/log alerts
+ echo "" >> $NEWCONFIG
+ echo " <alerts>" >> $NEWCONFIG
echo " <log_alert_level>1</log_alert_level>" >> $NEWCONFIG
if [ "$EMAILNOTIFY" = "yes" ]; then
echo " <email_alert_level>7</email_alert_level>">> $NEWCONFIG
- fi
- echo " </alerts>" >> $NEWCONFIG
+ fi
+ echo " </alerts>" >> $NEWCONFIG
if [ "X$ACTIVERESPONSE" = "Xyes" ]; then
echo "" >> $NEWCONFIG
cat ${ACTIVE_RESPONSE_TEMPLATE} >> $NEWCONFIG
echo "" >> $NEWCONFIG
- fi
+ fi
fi
-
+
# Setting up the logs
SetupLogs "3.6"
- echo "</ossec_config>" >> $NEWCONFIG
+ echo "</ossec_config>" >> $NEWCONFIG
}
if [ $? = 0 ]; then
INSTALLDIR=$ANSWER;
break;
- fi
+ fi
else
- break;
- fi
+ break;
+ fi
done
else
INSTALLDIR=${USER_DIR}
- fi
+ fi
+
-
CEXTRA="$CEXTRA -DDEFAULTDIR=\\\"${INSTALLDIR}\\\""
-
+
echo ""
echo " - ${installat} ${INSTALLDIR} ."
-
+
if [ "X$INSTYPE" = "Xagent" ]; then
CEXTRA="$CEXTRA -DCLIENT"
elif [ "X$INSTYPE" = "Xlocal" ]; then
- CEXTRA="$CEXTRA -DLOCAL"
- fi
+ CEXTRA="$CEXTRA -DLOCAL"
+ fi
- ls $INSTALLDIR >/dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -d "$INSTALLDIR" ]; then
if [ "X${USER_DELETE_DIR}" = "X" ]; then
echo ""
$ECHO " - ${deletedir} ($yes/$no) [$yes]: "
else
ANSWER=${USER_DELETE_DIR}
fi
-
+
case $ANSWER in
$yesmatch)
rm -rf $INSTALLDIR
if [ ! $? = 0 ]; then
exit 2;
- fi
+ fi
;;
esac
fi
export PATH
fi
- ls "`which gcc`" > /dev/null 2>&1
- if [ ! $? = 0 ]; then
- ls "`which cc`" > /dev/null 2>&1
- if [ ! $? = 0 ]; then
- if [ "X${USER_BINARYINSTALL}" = "X" ]; then
- catError "0x3-dependencies"
- fi
- fi
- CC="cc"
- else
- CC="gcc"
- fi
-
PATH=$OLDOPATH
export PATH
}
##########
AddWhite()
{
- while [ 1 ]
- do
+ while [ 1 ]
+ do
echo ""
- $ECHO " - ${addwhite} ($yes/$no)? [$no]: "
+ $ECHO " - ${addwhite} ($yes/$no)? [$no]: "
- # If white list is set, we don't need to ask it here.
+ # If allow list is set, we don't need to ask it here.
if [ "X${USER_WHITE_LIST}" = "X" ]; then
- read ANSWER
+ read ANSWER
else
ANSWER=$yes
fi
-
- if [ "X${ANSWER}" = "X" ] ; then
- ANSWER=$no
- fi
-
- case $ANSWER in
- $no)
- break;
- ;;
- *)
- $ECHO " - ${ipswhite}"
+
+ if [ "X${ANSWER}" = "X" ] ; then
+ ANSWER=$no
+ fi
+
+ case $ANSWER in
+ $no)
+ break;
+ ;;
+ *)
+ $ECHO " - ${ipswhite}"
if [ "X${USER_WHITE_LIST}" = "X" ]; then
- read IPS
- else
+ read IPS
+ else
IPS=${USER_WHITE_LIST}
fi
-
- for ip in ${IPS};
- do
- if [ ! "X${ip}" = "X" ]; then
- echo $ip | grep -E "^[0-9./]{5,20}$" > /dev/null 2>&1
+
+ for ip in ${IPS};
+ do
+ if [ ! "X${ip}" = "X" ]; then
+ echo $ip | grep -Ei "^[0-9a-f.:/]{5,20}$" > /dev/null 2>&1
if [ $? = 0 ]; then
- echo " <white_list>${ip}</white_list>" >>$NEWCONFIG
+ echo " <allow_list>${ip}</allow_list>" >>$NEWCONFIG
fi
- fi
- done
-
- break;
- ;;
- esac
- done
+ fi
+ done
+
+ break;
+ ;;
+ esac
+ done
}
echo " - ${pfmessage}:"
echo " ${moreinfo}"
echo " http://www.ossec.net/en/manual.html#active-response-tools"
-
+
echo ""
echo ""
echo " table <${TABLE}> persist #$TABLE "
if [ ! `isFile ${PREDEF_FILE}` = "${FALSE}" ]; then
. ${PREDEF_FILE}
fi
-
+
# If user language is not set
-
+
if [ "X${USER_LANGUAGE}" = "X" ]; then
-
+
# Choosing the language.
while [ 1 ]; do
echo ""
- for i in `ls ${TEMPLATE}`; do
+ for i in `ls ${TEMPLATE}`; do
# ignore CVS (should not be there anyways and config)
if [ "$i" = "CVS" -o "$i" = "config" ]; then continue; fi
cat "${TEMPLATE}/$i/language.txt"
if [ ! "$i" = "en" ]; then
LG="${LG}/$i"
- fi
+ fi
done
$ECHO " (${LG}) [en]: "
read USER_LG;
if [ "X${USER_LG}" = "X" ]; then
USER_LG="en"
- fi
-
- ls "${TEMPLATE}/${USER_LG}" > /dev/null 2>&1
- if [ $? = 0 ]; then
+ fi
+
+ if [ -d "${TEMPLATE}/${USER_LG}" ]; then
break;
fi
- done;
+ done;
LANGUAGE=${USER_LG}
-
+
else
-
+
# If provided language is not valid, default to english
- ls "${TEMPLATE}/${USER_LANGUAGE}" > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -d "${TEMPLATE}/${USER_LANGUAGE}" ]; then
LANGUAGE=${USER_LANGUAGE}
else
LANGUAGE="en"
- fi
+ fi
fi # for USER_LANGUAGE
-
-
+
+
. ./src/init/shared.sh
. ./src/init/language.sh
. ./src/init/functions.sh
. ./src/init/init.sh
. ${TEMPLATE}/${LANGUAGE}/messages.txt
-
-
+
+
# Must be executed as ./install.sh
if [ `isFile ${VERSION_FILE}` = "${FALSE}" ]; then
catError "0x1-location";
# Must be root
if [ ! "X$ME" = "Xroot" ]; then
catError "0x2-beroot";
- fi
+ fi
# Checking dependencies
checkDependencies
clear
-
+
# Initial message
echo " $NAME $VERSION ${installscript} - http://www.ossec.net"
-
+
catMsg "0x101-initial"
echo " - $system: $UNAME"
. ./src/init/update.sh
# Is this an update?
- if [ "`isUpdate`" = "${TRUE}" ]; then
+ if [ "`isUpdate`" = "${TRUE}" -a "x${USER_CLEANINSTALL}" = "x" ]; then
echo ""
ct="1"
while [ $ct = "1" ]; do
read ANY
else
ANY=$yes
- fi
+ fi
case $ANY in
$yes)
;;
*)
ct="1"
- ;;
+ ;;
esac
done
-
+
# Do some of the update steps.
if [ "X${update_only}" = "Xyes" ]; then
USER_INSTALL_TYPE=`getPreinstalled`
USER_DIR=`getPreinstalledDir`
USER_DELETE_DIR="$nomatch"
- fi
+ fi
ct="1"
-
+
# We dont need to update the rules on agent installs
if [ "X${USER_INSTALL_TYPE}" = "Xagent" ]; then
ct="0"
fi
-
+
while [ $ct = "1" ]; do
- ct="0"
+ ct="0"
$ECHO " - ${updaterules} ($yes/$no): "
if [ "X${USER_UPDATE_RULES}" = "X" ]; then
read ANY
- else
+ else
ANY=$yes
fi
-
+
case $ANY in
$yes)
update_rules="yes"
break;
;;
- $no)
+ $no)
break;
;;
*)
ct="1"
;;
- esac
+ esac
done
- fi
+ fi
echo ""
- fi
-
+ fi
+
+ hybrid="hybrid"
+ HYBID=""
+ hybridm=`echo ${hybrid} | cut -b 1`
serverm=`echo ${server} | cut -b 1`
localm=`echo ${local} | cut -b 1`
agentm=`echo ${agent} | cut -b 1`
read ANSWER
case $ANSWER in
-
+
${helpm}|${help})
- catMsg "0x102-installhelp"
- ;;
-
+ catMsg "0x102-installhelp"
+ ;;
+
${server}|${serverm})
- echo ""
- echo " - ${serverchose}."
- INSTYPE="server"
- break;
- ;;
-
+ echo ""
+ echo " - ${serverchose}."
+ INSTYPE="server"
+ break;
+ ;;
+
${agent}|${agentm})
- echo ""
- echo " - ${clientchose}."
- INSTYPE="agent"
- break;
- ;;
-
+ echo ""
+ echo " - ${clientchose}."
+ INSTYPE="agent"
+ break;
+ ;;
+
+ ${hybrid}|${hybridm})
+ echo ""
+ echo " - ${serverchose} (hybrid)."
+ INSTYPE="server"
+ HYBID="go"
+ break;
+ ;;
${local}|${localm})
- echo ""
- echo " - ${localchose}."
- INSTYPE="local"
- break;
+ echo ""
+ echo " - ${localchose}."
+ INSTYPE="local"
+ break;
;;
esac
done
# Setting up the environment
setEnv
-
+
# Configuring the system (based on the installation type)
- if [ "X${update_only}" = "X" ]; then
- if [ "X$INSTYPE" = "Xserver" ]; then
+ if [ "X${update_only}" = "X" ]; then
+ if [ "X$INSTYPE" = "Xserver" ]; then
ConfigureServer
elif [ "X$INSTYPE" = "Xagent" ]; then
ConfigureClient
elif [ "X$INSTYPE" = "Xlocal" ]; then
- ConfigureServer
+ ConfigureServer
else
catError "0x4-installtype"
fi
- fi
+ fi
- # Installing (calls the respective script
+ # Installing (calls the respective script
# -- InstallAgent.sh or InstallServer.sh
Install
echo " - ${configurationdone}."
echo ""
echo " - ${tostart}:"
- echo " $INSTALLDIR/bin/ossec-control start"
+ echo " $INSTALLDIR/bin/ossec-control start"
echo ""
echo " - ${tostop}:"
- echo " $INSTALLDIR/bin/ossec-control stop"
+ echo " $INSTALLDIR/bin/ossec-control stop"
echo ""
echo " - ${configat} $INSTALLDIR/etc/ossec.conf"
echo ""
catMsg "0x103-thanksforusing"
-
+
if [ "X${update_only}" = "Xyes" ]; then
# Message for the update
if [ "X`sh ./src/init/fw-check.sh`" = "XPF" -a "X${ACTIVERESPONSE}" = "Xyes" ]; then
if [ "X$USER_NO_STOP" = "X" ]; then
read ANY
- fi
+ fi
AddPFTable
- fi
+ fi
echo ""
echo " - ${updatecompleted}"
echo ""
exit 0;
- fi
+ fi
+
-
if [ "X$USER_NO_STOP" = "X" ]; then
read ANY
fi
# PF firewall message
if [ "X`sh ./src/init/fw-check.sh`" = "XPF" -a "X${ACTIVERESPONSE}" = "Xyes" ]; then
AddPFTable
- fi
+ fi
if [ "X$INSTYPE" = "Xserver" ]; then
- echo ""
+ echo ""
echo " - ${addserveragent}"
echo " ${runma}:"
echo ""
echo " ${moreinfo}"
echo " http://www.ossec.net/en/manual.html#ma"
echo ""
-
+
elif [ "X$INSTYPE" = "Xagent" ]; then
- catMsg "0x104-client"
+ catMsg "0x104-client"
echo " $INSTALLDIR/bin/manage_agents"
echo ""
echo " ${moreinfo}"
if [ "X$notmodified" = "Xyes" ]; then
catMsg "0x105-noboot"
- echo " $INSTALLDIR/bin/ossec-control start"
+ echo " $INSTALLDIR/bin/ossec-control start"
echo ""
fi
}
+_f_cfg="./install.cfg.sh"
-
+if [ -f $_f_cfg ]; then
+ . $_f_cfg
+fi
### Calling main function where everything happens
main
-exit 0
+if [ "x$HYBID" = "xgo" ]; then
+ echo " --------------------------------------------"
+ echo " Finishing Hybrid setup (agent configuration)"
+ echo " --------------------------------------------"
+ echo 'USER_LANGUAGE="en"' > ./etc/preloaded-vars.conf
+ echo "" >> ./etc/preloaded-vars.conf
+ echo 'USER_NO_STOP="y"' >> ./etc/preloaded-vars.conf
+ echo "" >> ./etc/preloaded-vars.conf
+ echo 'USER_INSTALL_TYPE="agent"' >> ./etc/preloaded-vars.conf
+ echo "" >> ./etc/preloaded-vars.conf
+ echo "USER_DIR=\"$INSTALLDIR/ossec-agent\"" >> ./etc/preloaded-vars.conf
+ echo "" >> ./etc/preloaded-vars.conf
+ echo 'USER_ENABLE_ROOTCHECK="n"' >> ./etc/preloaded-vars.conf
+ echo "" >> ./etc/preloaded-vars.conf
+ echo 'USER_ENABLE_SYSCHECK="n"' >> ./etc/preloaded-vars.conf
+ echo "" >> ./etc/preloaded-vars.conf
+ echo 'USER_ENABLE_ACTIVE_RESPONSE="n"' >> ./etc/preloaded-vars.conf
+ echo "" >> ./etc/preloaded-vars.conf
+ echo 'USER_UPDATE="n"' >> ./etc/preloaded-vars.conf
+ echo "" >> ./etc/preloaded-vars.conf
+ echo 'USER_UPDATE_RULES="n"' >> ./etc/preloaded-vars.conf
+ echo "" >> ./etc/preloaded-vars.conf
+ echo 'USER_CLEANINSTALL="y"' >> ./etc/preloaded-vars.conf
+ echo "" >> ./etc/preloaded-vars.conf
+
+ cd src && ${MAKEBIN} clean && cd ..
+ ./install.sh
+ rm etc/preloaded-vars.conf
+fi
+
+exit 0
-## EOF ##
+#### exit ? ###
projects / ossec-hids.git / blobdiff