2 # postinst script for ossec-hids
14 OSSEC_HIDS_TMP_DIR="/tmp/ossec-hids"
16 OSMYSHELL="/sbin/nologin"
17 if [ ! -f ${OSMYSHELL} ]; then
18 if [ -f "/bin/false" ]; then
19 OSMYSHELL="/bin/false"
23 if ! getent group | grep -q "^ossec"
25 addgroup --system ossec
27 if ! getent passwd | grep -q "^ossec"
29 adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER} > /dev/null 2>&1
31 if ! getent passwd | grep -q "^ossecm"
33 adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER_MAIL} > /dev/null 2>&1
35 if ! getent passwd | grep -q "^ossecr"
37 adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER_REM} > /dev/null 2>&1
40 # Default for all directories
42 chown -R root:${GROUP} ${DIR}
44 # AnalysisD needs to write to alerts: log, mail and cmds
45 chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
46 chmod -R 770 ${DIR}/queue/alerts
48 # To the ossec queue (default for analysisd to read)
49 chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
50 chmod -R 770 ${DIR}/queue/ossec
52 # To the ossec fts queue
53 chown -R ${USER}:${GROUP} ${DIR}/queue/fts
54 chmod -R 750 ${DIR}/queue/fts
55 chmod 740 ${DIR}/queue/fts/* > /dev/null 2>&1 || true
57 # To the ossec syscheck/rootcheck queue
58 chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
59 chmod -R 750 ${DIR}/queue/syscheck
60 chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1 || true
62 chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
63 chmod -R 750 ${DIR}/queue/rootcheck
64 chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1 || true
66 chown -R ${USER}:${GROUP} ${DIR}/queue/diff
67 chmod -R 750 ${DIR}/queue/diff
68 chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true
70 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
71 chmod -R 755 ${DIR}/queue/agent-info
72 chmod 744 ${DIR}/queue/agent-info/* > /dev/null 2>&1 || true
73 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
74 chmod -R 755 ${DIR}/queue/rids
75 chmod 744 ${DIR}/queue/rids/* > /dev/null 2>&1 || true
77 chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
78 chmod -R 755 ${DIR}/queue/agentless
79 chmod 744 ${DIR}/queue/agentless/* > /dev/null 2>&1 || true
81 # For the stats directory
82 chown -R ${USER}:${GROUP} ${DIR}/stats
83 chmod -R 750 ${DIR}/stats
85 # For the logging user
86 chown -R ${USER}:${GROUP} ${DIR}/logs
87 chmod -R 750 ${DIR}/logs
88 touch ${DIR}/logs/ossec.log
89 chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
90 chmod 664 ${DIR}/logs/ossec.log
92 # Backup previous rules
93 if [ -d ${DIR}/rules/ ]; then
94 mkdir ${DIR}/rules/backup-rules.$$
95 cp -pr ${DIR}/rules/*.xml ${DIR}/rules/backup-rules.$$/
98 # Restore the local rules
99 if [ -f ${OSSEC_HIDS_TMP_DIR}/local_rules.xml ]; then
100 mv ${OSSEC_HIDS_TMP_DIR}/local_rules.xml ${DIR}/rules/local_rules.xml
103 chown -R root:${GROUP} ${DIR}/rules
104 chmod -R 550 ${DIR}/rules
109 chown -R root:${GROUP} ${DIR}/etc
110 if [ -f /etc/localtime ]; then
111 cp -pL /etc/localtime ${DIR}/etc/;
112 chmod 555 ${DIR}/etc/localtime
113 chown root:${GROUP} ${DIR}/etc/localtime
116 if [ -f /etc/TIMEZONE ]; then
117 cp -p /etc/TIMEZONE ${DIR}/etc/;
118 chmod 555 ${DIR}/etc/TIMEZONE
122 chmod 770 ${DIR}/var/run
123 chown root:${GROUP} ${DIR}/var/run
126 chown root:${GROUP} ${DIR}/etc/decoder.xml
127 chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 || true
128 chown root:${GROUP} ${DIR}/etc/internal_options.conf
129 chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
130 chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1 || true
131 chown root:${GROUP} ${DIR}/etc/shared/*
132 chown root:${GROUP} ${DIR}/agentless/*
133 chown ${USER}:${GROUP} ${DIR}/.ssh
134 chmod 440 ${DIR}/etc/decoder.xml
135 chmod 660 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 || true
136 chmod 440 ${DIR}/etc/internal_options.conf
137 chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
138 chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true
140 chmod 770 ${DIR}/etc/shared
141 chmod 660 ${DIR}/etc/shared/*
142 chmod 550 ${DIR}/agentless/*
143 chmod 700 ${DIR}/.ssh
145 rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1 || true
146 chmod 755 ${DIR}/active-response/bin/*
147 chown root:${GROUP} ${DIR}/active-response/bin/*
148 chown root:${GROUP} ${DIR}/bin/*
149 chmod 550 ${DIR}/bin/*
150 chown root:${GROUP} ${DIR}/etc/ossec.conf
151 chmod 660 ${DIR}/etc/ossec.conf
153 # Sticky bit for /var/ossec/tmp
157 . /usr/share/debconf/confmodule
158 db_input high ossec-hids/email_notification || true
161 db_get ossec-hids/email_notification
162 EMAIL_NOTIFICATION=$RET
164 if [ ${EMAIL_NOTIFICATION} = "yes" ]; then
165 sed -i 's/<email_notification>[^<]\+<\/email_notification>/<email_notification>yes<\/email_notification>/' ${DIR}/etc/ossec.conf
166 db_input high ossec-hids/email_to || true
168 db_input high ossec-hids/email_from || true
170 db_input high ossec-hids/smtp_server || true
173 db_get ossec-hids/email_to
175 db_get ossec-hids/email_from
177 db_get ossec-hids/smtp_server
180 sed -i "s/<email_to>[^<]\+<\/email_to>/<email_to>${EMAIL_TO}<\/email_to>/" ${DIR}/etc/ossec.conf
181 sed -i "s/<email_from>[^<]\+<\/email_from>/<email_from>${EMAIL_FROM}<\/email_from>/" ${DIR}/etc/ossec.conf
182 sed -i "s/<smtp_server>[^<]\+<\/smtp_server>/<smtp_server>${SMTP_SERVER}<\/smtp_server>/" ${DIR}/etc/ossec.conf
185 sed -i 's/<email_notification>[^<]\+<\/email_notification>/<email_notification>no<\/email_notification>/' ${DIR}/etc/ossec.conf
191 if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
192 if [ -e /etc/ossec-init.conf ]; then
193 rm -f /etc/ossec-init.conf
195 ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf
199 if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
200 if [ -e /etc/init.d/ossec ]; then
201 rm -f /etc/init.d/ossec
203 ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec
207 if [ -x /etc/init.d/ossec ]; then
208 update-rc.d -f ossec defaults
209 service ossec restart
212 # Delete tmp directory
213 if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then
214 rm -r ${OSSEC_HIDS_TMP_DIR}
220 abort-upgrade|abort-remove|abort-deconfigure)
226 echo "postinst called with unknown argument \`$1'" >22