From 60a2e5ba49290aeb71d745f194e63160781ca78c Mon Sep 17 00:00:00 2001 From: Dinko Korunic Date: Sat, 6 Mar 2010 15:39:47 +0100 Subject: [PATCH] - niz izmjena zbog #10324 problema (problematicna post-instalacija zbog dozvola, direktorija, itd) --- debian/postinst | 21 +++++++++++++--- debian/rules | 55 +++++++++++++++++++++++++---------------- ossec-hids-debian.init | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 116 insertions(+), 24 deletions(-) create mode 100755 ossec-hids-debian.init diff --git a/debian/postinst b/debian/postinst index 7afafdf..001da51 100755 --- a/debian/postinst +++ b/debian/postinst @@ -60,13 +60,20 @@ chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/agent-info chown -R $OSSEC_USER_REM:$OSSEC_GROUP $DIRECTORY/queue/rids chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/stats chown -R $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs +chown -R root:$OSSEC_GROUP $DIRECTORY/etc touch $DIRECTORY/logs/ossec.log chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/logs/ossec.log +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh chown -R root:$OSSEC_GROUP $DIRECTORY/rules -chown root:$OSSEC_GROUP $DIRECTORY/var/run chown root:$OSSEC_GROUP $DIRECTORY/etc/decoder.xml chown root:$OSSEC_GROUP $DIRECTORY/etc/internal_options.conf -chown root:$OSSEC_GROUP $DIRECTORY/etc/shared/* +chown root:$OSSEC_GROUP $DIRECTORY/etc/client.keys >/dev/null 2>&1 || true +chown root:$OSSEC_GROUP $DIRECTORY/agentless/* +chown $OSSEC_USER:$OSSEC_GROUP $DIRECTORY/.ssh +chown -R root:$OSSEC_GROUP $DIRECTORY/etc/shared +chown root:$OSSEC_GROUP $DIRECTORY/var/run +chown root:$OSSEC_GROUP $DIRECTORY/active-response/bin/* +chown root:$OSSEC_GROUP $DIRECTORY/bin/* chown root:$OSSEC_GROUP $DIRECTORY/etc/ossec.conf # fix perms @@ -85,8 +92,16 @@ chmod -R 750 $DIRECTORY/logs chmod -R 550 $DIRECTORY/rules chmod 770 $DIRECTORY/var/run chmod 550 $DIRECTORY/etc -chmod 770 $DIRECTORY/etc/shared +chmod 440 $DIRECTORY/etc/internal_options.conf +chmod -R 770 $DIRECTORY/etc/shared chmod 700 $DIRECTORY/.ssh +chmod 755 $DIRECTORY/active-response/bin/* +chmod 550 $DIRECTORY/bin/* +chmod 440 $DIRECTORY/etc/ossec.conf + +# fixups: no need for execute bits on files there +find $DIRECTORY/rules -type f -exec chmod ugo-x '{}' ';' +find $DIRECTORY/etc -type f -exec chmod ugo-x '{}' ';' # copy timezone and localtime if [ -e /etc/timezone ]; then diff --git a/debian/rules b/debian/rules index 12c3c72..f1b0e62 100755 --- a/debian/rules +++ b/debian/rules @@ -51,6 +51,25 @@ install: build mkdir -p -m 700 $(DESTDIR)/$$i; \ done + # various files installation + install -m 644 etc/internal_options.conf $(DESTDIR)/etc + install -m 644 etc/decoder.xml $(DESTDIR)/etc + install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared + if [ -e etc/ossec.mc ]; then \ + install -m 440 etc/ossec.mc $(DESTDIR)/etc/ossec.conf; \ + else \ + install -m 440 etc/ossec-local.conf $(DESTDIR)/etc/ossec.conf; \ + fi + install -m 440 etc/ossec-*.conf $(DESTDIR)/etc + cp -r etc/rules/* $(DESTDIR)/rules + install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless + install -s -m 755 bin/* $(DESTDIR)/bin + install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin + ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control + install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin + install -m 755 active-response/firewalls/*.sh \ + $(DESTDIR)/active-response/bin + # attrs chmod -R 550 $(DESTDIR) chmod -R 770 $(DESTDIR)/queue/alerts @@ -67,32 +86,26 @@ install: build chmod -R 550 $(DESTDIR)/rules chmod 770 $(DESTDIR)/var/run chmod 550 $(DESTDIR)/etc - chmod 770 $(DESTDIR)/etc/shared + chmod 440 $(DESTDIR)/etc/internal_options.conf + chmod -R 770 $(DESTDIR)/etc/shared chmod 700 $(DESTDIR)/.ssh + chmod 755 $(DESTDIR)/active-response/bin/* + chmod 550 $(DESTDIR)/bin/* + chmod 440 $(DESTDIR)/etc/ossec.conf - # various files installation - install -m 644 etc/internal_options.conf $(DESTDIR)/etc - install -m 644 etc/decoder.xml $(DESTDIR)/etc - install -m 644 src/rootcheck/db/*.txt $(DESTDIR)/etc/shared - if [ -e etc/ossec.mc ]; then \ - install -m 440 etc/ossec.mc $(DESTDIR)/etc/ossec.conf; \ - else \ - install -m 440 etc/ossec-agent.conf $(DESTDIR)/etc/ossec.conf; \ - fi - install -m 440 etc/ossec-*.conf $(DESTDIR)/etc - cp -r etc/rules/* $(DESTDIR)/rules - find $(DESTDIR)/rules -type f -exec chmod 640 '{}' ';' - install -m 750 src/agentlessd/scripts/* $(DESTDIR)/agentless - install -s -m 755 bin/* $(DESTDIR)/bin - install -m 755 src/init/ossec-*.sh $(DESTDIR)/bin - ln -s ossec-local.sh $(DESTDIR)/bin/ossec-control - install -m 755 active-response/*.sh $(DESTDIR)/active-response/bin - install -m 755 active-response/firewalls/*.sh \ - $(DESTDIR)/active-response/bin + # fixups: no need for execute bits on files there + find $(DESTDIR)/rules -type f -exec chmod ugo-x '{}' ';' + find $(DESTDIR)/etc -type f -exec chmod ugo-x '{}' ';' # system init script mkdir -p $(PKGDIR)/etc/init.d - install -m 755 src/init/ossec-hids.init $(PKGDIR)/etc/init.d/ossec-hids + if [ -e ossec-hids-debian.init ]; then \ + install -m 755 ossec-hids-debian.init \ + $(PKGDIR)/etc/init.d/ossec-hids; \ + else \ + install -m 755 src/init/ossec-hids.init \ + $(PKGDIR)/etc/init.d/ossec-hids; \ + fi # system ossec-init echo "DIRECTORY=\"/var/ossec\"" > $(PKGDIR)/etc/ossec-init.conf diff --git a/ossec-hids-debian.init b/ossec-hids-debian.init new file mode 100755 index 0000000..0842549 --- /dev/null +++ b/ossec-hids-debian.init @@ -0,0 +1,64 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: ossec-hids +# Required-Start: $local_fs $remote_fs $syslog +# Required-Stop: $local_fs $remote_fs $syslog +# Should-Start: $all +# Should-Stop: $all +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: OSSEC HIDS init script +# Description: Init script for OSSEC HIDS services +### END INIT INFO + +# OSSEC Controls OSSEC HIDS +# Author: Daniel B. Cid +# Modified for slackware by Jack S. Lai +# Modified for Debian package by Dinko Korunic + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +. /etc/ossec-init.conf +if [ "X${DIRECTORY}" = "X" ]; then + DIRECTORY="/var/ossec" +fi + + +start() { + ${DIRECTORY}/bin/ossec-control start +} + +stop() { + ${DIRECTORY}/bin/ossec-control stop +} + +status() { + ${DIRECTORY}/bin/ossec-control status +} + + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + stop + start + ;; + force-reload) + stop + start + ;; + status) + status + ;; + *) + echo "*** Usage: $0 {start|stop|restart|status}" + exit 1 +esac + +exit 0 -- 1.7.10.4