projects
/
ossec-hids.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Imported Upstream version 2.7
[ossec-hids.git]
/
src
/
InstallServer.sh
diff --git
a/src/InstallServer.sh
b/src/InstallServer.sh
index
c9f15ff
..
3c9dd49
100755
(executable)
--- a/
src/InstallServer.sh
+++ b/
src/InstallServer.sh
@@
-121,8
+121,10
@@
for i in ${subdirs}; do
done
# Default for all directories
done
# Default for all directories
-chmod -R 550 ${DIR}
-chown -R root:${GROUP} ${DIR}
+chmod 550 ${DIR}
+chmod 550 ${DIR}/*
+chown root:${GROUP} ${DIR}
+chown root:${GROUP} ${DIR}/*
# AnalysisD needs to write to alerts: log, mail and cmds
chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
# AnalysisD needs to write to alerts: log, mail and cmds
chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
@@
-135,7
+137,7
@@
chmod -R 770 ${DIR}/queue/ossec
# To the ossec fts queue
chown -R ${USER}:${GROUP} ${DIR}/queue/fts
chmod -R 750 ${DIR}/queue/fts
# To the ossec fts queue
chown -R ${USER}:${GROUP} ${DIR}/queue/fts
chmod -R 750 ${DIR}/queue/fts
-chmod 740 ${DIR}/queue/fts/* > /dev/null 2>&1
+chmod 750 ${DIR}/queue/fts/* > /dev/null 2>&1
# To the ossec syscheck/rootcheck queue
chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
# To the ossec syscheck/rootcheck queue
chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
@@
-146,20
+148,21
@@
chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
chmod -R 750 ${DIR}/queue/rootcheck
chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1
chmod -R 750 ${DIR}/queue/rootcheck
chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1
-chown -R ${USER}:${GROUP} ${DIR}/queue/diff
-chmod -R 750 ${DIR}/queue/diff
+chown ${USER}:${GROUP} ${DIR}/queue/diff
+chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1
+chmod 750 ${DIR}/queue/diff
chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
-chmod -R 755 ${DIR}/queue/agent-info
-chmod 744 ${DIR}/queue/agent-info/* > /dev/null 2>&1
+chmod -R 750 ${DIR}/queue/agent-info
+chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1
chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
-chmod -R 755 ${DIR}/queue/rids
-chmod 744 ${DIR}/queue/rids/* > /dev/null 2>&1
+chmod -R 750 ${DIR}/queue/rids
+chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1
chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
-chmod -R 755 ${DIR}/queue/agentless
-chmod 744 ${DIR}/queue/agentless/* > /dev/null 2>&1
+chmod -R 750 ${DIR}/queue/agentless
+chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1
# For the stats directory
# For the stats directory
@@
-171,7
+174,11
@@
chown -R ${USER}:${GROUP} ${DIR}/logs
chmod -R 750 ${DIR}/logs
touch ${DIR}/logs/ossec.log
chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
chmod -R 750 ${DIR}/logs
touch ${DIR}/logs/ossec.log
chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
-chmod 664 ${DIR}/logs/ossec.log
+chmod 660 ${DIR}/logs/ossec.log
+
+touch ${DIR}/logs/active-responses.log
+chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log
+chmod 660 ${DIR}/logs/active-responses.log
# For the rules directory
ls ${DIR}/rules/*.xml > /dev/null 2>&1
# For the rules directory
ls ${DIR}/rules/*.xml > /dev/null 2>&1
@@
-189,6
+196,7
@@
if [ $? = 0 ]; then
fi
cp -pr ../etc/rules/* ${DIR}/rules/
fi
cp -pr ../etc/rules/* ${DIR}/rules/
+find ${DIR}/rules/ -type f -exec chmod 440 {} \;
# If the local_rules is saved, moved it back
ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
# If the local_rules is saved, moved it back
ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
@@
-206,21
+214,21
@@
chown -R root:${GROUP} ${DIR}/etc
ls /etc/localtime > /dev/null 2>&1
if [ $? = 0 ]; then
cp -pL /etc/localtime ${DIR}/etc/;
ls /etc/localtime > /dev/null 2>&1
if [ $? = 0 ]; then
cp -pL /etc/localtime ${DIR}/etc/;
- chmod 555 ${DIR}/etc/localtime
+ chmod 440 ${DIR}/etc/localtime
chown root:${GROUP} ${DIR}/etc/localtime
fi
# Solaris Needs some extra files
if [ "$UNAME" = "SunOS" ]; then
mkdir -p ${DIR}/usr/share/lib/zoneinfo/
chown root:${GROUP} ${DIR}/etc/localtime
fi
# Solaris Needs some extra files
if [ "$UNAME" = "SunOS" ]; then
mkdir -p ${DIR}/usr/share/lib/zoneinfo/
- chmod -R 555 ${DIR}/usr/
+ chmod -R 550 ${DIR}/usr/
cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
fi
ls /etc/TIMEZONE > /dev/null 2>&1
if [ $? = 0 ]; then
cp -p /etc/TIMEZONE ${DIR}/etc/;
cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
fi
ls /etc/TIMEZONE > /dev/null 2>&1
if [ $? = 0 ]; then
cp -p /etc/TIMEZONE ${DIR}/etc/;
- chmod 555 ${DIR}/etc/TIMEZONE
+ chmod 550 ${DIR}/etc/TIMEZONE
fi
fi
@@
-238,6
+246,9
@@
cp -pr ../bin/list_agents ${DIR}/bin/
cp -pr ../bin/agent_control ${DIR}/bin/
cp -pr ../bin/syscheck_control ${DIR}/bin/
cp -pr ../bin/rootcheck_control ${DIR}/bin/
cp -pr ../bin/agent_control ${DIR}/bin/
cp -pr ../bin/syscheck_control ${DIR}/bin/
cp -pr ../bin/rootcheck_control ${DIR}/bin/
+cp -pr ../contrib/util.sh ${DIR}/bin/
+chown root:${GROUP} ${DIR}/bin/util.sh
+chmod +x ${DIR}/bin/util.sh
# Local install chosen
if [ "X$LOCAL" = "Xlocal" ]; then
# Local install chosen
if [ "X$LOCAL" = "Xlocal" ]; then
@@
-292,7
+303,7
@@
sh ./init/fw-check.sh execute > /dev/null
cp -p ../active-response/*.sh ${DIR}/active-response/bin/
cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
cp -p ../active-response/*.sh ${DIR}/active-response/bin/
cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
-chmod 755 ${DIR}/active-response/bin/*
+chmod 550 ${DIR}/active-response/bin/*
chown root:${GROUP} ${DIR}/active-response/bin/*
chown root:${GROUP} ${DIR}/bin/*
chown root:${GROUP} ${DIR}/active-response/bin/*
chown root:${GROUP} ${DIR}/bin/*