X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2FInstallServer.sh;h=3c9dd49f50bc9f454954da965048ab16b13aea08;hp=c9f15ff4f4425849afd8c91de455abf2e32c5e49;hb=6ef2f786c6c8ead94841b5f93baf9f43421f08c8;hpb=301048b51990573e58a30dc4a5bb4ec285cad554 diff --git a/src/InstallServer.sh b/src/InstallServer.sh index c9f15ff..3c9dd49 100755 --- a/src/InstallServer.sh +++ b/src/InstallServer.sh @@ -121,8 +121,10 @@ for i in ${subdirs}; do done # Default for all directories -chmod -R 550 ${DIR} -chown -R root:${GROUP} ${DIR} +chmod 550 ${DIR} +chmod 550 ${DIR}/* +chown root:${GROUP} ${DIR} +chown root:${GROUP} ${DIR}/* # AnalysisD needs to write to alerts: log, mail and cmds chown -R ${USER}:${GROUP} ${DIR}/queue/alerts @@ -135,7 +137,7 @@ chmod -R 770 ${DIR}/queue/ossec # To the ossec fts queue chown -R ${USER}:${GROUP} ${DIR}/queue/fts chmod -R 750 ${DIR}/queue/fts -chmod 740 ${DIR}/queue/fts/* > /dev/null 2>&1 +chmod 750 ${DIR}/queue/fts/* > /dev/null 2>&1 # To the ossec syscheck/rootcheck queue chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck @@ -146,20 +148,21 @@ chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck chmod -R 750 ${DIR}/queue/rootcheck chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1 -chown -R ${USER}:${GROUP} ${DIR}/queue/diff -chmod -R 750 ${DIR}/queue/diff +chown ${USER}:${GROUP} ${DIR}/queue/diff +chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1 +chmod 750 ${DIR}/queue/diff chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info -chmod -R 755 ${DIR}/queue/agent-info -chmod 744 ${DIR}/queue/agent-info/* > /dev/null 2>&1 +chmod -R 750 ${DIR}/queue/agent-info +chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids -chmod -R 755 ${DIR}/queue/rids -chmod 744 ${DIR}/queue/rids/* > /dev/null 2>&1 +chmod -R 750 ${DIR}/queue/rids +chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1 chown -R ${USER}:${GROUP} ${DIR}/queue/agentless -chmod -R 755 ${DIR}/queue/agentless -chmod 744 ${DIR}/queue/agentless/* > /dev/null 2>&1 +chmod -R 750 ${DIR}/queue/agentless +chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1 # For the stats directory @@ -171,7 +174,11 @@ chown -R ${USER}:${GROUP} ${DIR}/logs chmod -R 750 ${DIR}/logs touch ${DIR}/logs/ossec.log chown ${USER}:${GROUP} ${DIR}/logs/ossec.log -chmod 664 ${DIR}/logs/ossec.log +chmod 660 ${DIR}/logs/ossec.log + +touch ${DIR}/logs/active-responses.log +chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log +chmod 660 ${DIR}/logs/active-responses.log # For the rules directory ls ${DIR}/rules/*.xml > /dev/null 2>&1 @@ -189,6 +196,7 @@ if [ $? = 0 ]; then fi cp -pr ../etc/rules/* ${DIR}/rules/ +find ${DIR}/rules/ -type f -exec chmod 440 {} \; # If the local_rules is saved, moved it back ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1 @@ -206,21 +214,21 @@ chown -R root:${GROUP} ${DIR}/etc ls /etc/localtime > /dev/null 2>&1 if [ $? = 0 ]; then cp -pL /etc/localtime ${DIR}/etc/; - chmod 555 ${DIR}/etc/localtime + chmod 440 ${DIR}/etc/localtime chown root:${GROUP} ${DIR}/etc/localtime fi # Solaris Needs some extra files if [ "$UNAME" = "SunOS" ]; then mkdir -p ${DIR}/usr/share/lib/zoneinfo/ - chmod -R 555 ${DIR}/usr/ + chmod -R 550 ${DIR}/usr/ cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/ fi ls /etc/TIMEZONE > /dev/null 2>&1 if [ $? = 0 ]; then cp -p /etc/TIMEZONE ${DIR}/etc/; - chmod 555 ${DIR}/etc/TIMEZONE + chmod 550 ${DIR}/etc/TIMEZONE fi @@ -238,6 +246,9 @@ cp -pr ../bin/list_agents ${DIR}/bin/ cp -pr ../bin/agent_control ${DIR}/bin/ cp -pr ../bin/syscheck_control ${DIR}/bin/ cp -pr ../bin/rootcheck_control ${DIR}/bin/ +cp -pr ../contrib/util.sh ${DIR}/bin/ +chown root:${GROUP} ${DIR}/bin/util.sh +chmod +x ${DIR}/bin/util.sh # Local install chosen if [ "X$LOCAL" = "Xlocal" ]; then @@ -292,7 +303,7 @@ sh ./init/fw-check.sh execute > /dev/null cp -p ../active-response/*.sh ${DIR}/active-response/bin/ cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/ -chmod 755 ${DIR}/active-response/bin/* +chmod 550 ${DIR}/active-response/bin/* chown root:${GROUP} ${DIR}/active-response/bin/* chown root:${GROUP} ${DIR}/bin/*