4 ; standard NSIS includes
5 !include "LogicLib.nsh"
9 !addincludedir "nsProcess"
10 !addplugindir "nsProcess"
11 !include "nsProcess.nsh"
14 !addplugindir "SimpleSC"
18 !define OutFile "ossec-win32-agent.exe"
22 !define MUI_ICON favicon.ico
23 !define MUI_UNICON ossec-uninstall.ico
24 !define VERSION "2.8.3"
25 !define NAME "OSSEC HIDS"
26 !define /date CDATE "%b %d %Y at %H:%M:%S"
27 !define SERVICE "OssecSvc"
29 Name "${NAME} Windows Agent v${VERSION}"
30 BrandingText "Copyright (C) 2003 - 2014 Trend Micro Inc."
33 InstallDir "$PROGRAMFILES\ossec-agent"
34 InstallDirRegKey HKLM Software\OSSEC ""
36 ; show (un)installation details
38 ShowUninstDetails show
40 ; do not close details pages immediately
41 !define MUI_FINISHPAGE_NOAUTOCLOSE
42 !define MUI_UNFINISHPAGE_NOAUTOCLOSE
45 !define MUI_ABORTWARNING
48 !define MUI_WELCOMEPAGE_TITLE_3LINES
49 !define MUI_WELCOMEPAGE_TEXT "This wizard will guide you through the install of ${Name}.\r\n\r\nClick next to continue."
50 !define MUI_FINISHPAGE_TITLE_3LINES
51 !define MUI_FINISHPAGE_RUN "$INSTDIR\win32ui.exe"
52 !define MUI_FINISHPAGE_RUN_TEXT "Run OSSEC Agent Manager"
54 ; page for choosing components
55 !define MUI_COMPONENTSPAGE_TEXT_TOP "Select the options you want to be executed. Click next to continue."
56 !define MUI_COMPONENTSPAGE_NODESC
58 ; pages to display to user
59 !insertmacro MUI_PAGE_WELCOME
60 !insertmacro MUI_PAGE_LICENSE "LICENSE.txt"
61 !insertmacro MUI_PAGE_COMPONENTS
62 !insertmacro MUI_PAGE_DIRECTORY
63 !insertmacro MUI_PAGE_INSTFILES
64 !insertmacro MUI_PAGE_FINISH
66 ; these have to be defined again to work with the uninstall pages
67 !define MUI_WELCOMEPAGE_TITLE_3LINES
68 !define MUI_FINISHPAGE_TITLE_3LINES
69 !insertmacro MUI_UNPAGE_WELCOME
70 !insertmacro MUI_UNPAGE_CONFIRM
71 !insertmacro MUI_UNPAGE_INSTFILES
72 !insertmacro MUI_UNPAGE_FINISH
75 !insertmacro MUI_LANGUAGE "English"
77 ; function to stop OSSEC service if running
80 SimpleSC::ExistsService "${SERVICE}"
83 SimpleSC::ServiceIsStopped "${SERVICE}"
88 MessageBox MB_OKCANCEL "${NAME} is already installed and the ${SERVICE} service is running. \
89 It will be stopped before continuing." /SD IDOK IDOK ServiceStop
94 SimpleSC::StopService "${SERVICE}" 1 30
97 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
98 Failure stopping the ${SERVICE} service ($0).$\r$\n$\r$\n\
99 Click Abort to stop the installation,$\r$\n\
100 Retry to try again, or$\r$\n\
101 Ignore to skip this file." /SD IDABORT IDIGNORE ServiceStopped IDRETRY ServiceStop
108 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
109 Failure checking status of the ${SERVICE} service ($0).$\r$\n$\r$\n\
110 Click Abort to stop the installation,$\r$\n\
111 Retry to try again, or$\r$\n\
112 Ignore to skip this file." /SD IDABORT IDIGNORE ServiceStopped IDRETRY ServiceStop
121 ; main install section
122 Section "OSSEC Agent (required)" MainSec
123 ; set install type and cwd
130 ; use real date modified times
133 ; overwrite existing files
136 ; create necessary directories
137 CreateDirectory "$INSTDIR\bookmarks"
138 CreateDirectory "$INSTDIR\rids"
139 CreateDirectory "$INSTDIR\syscheck"
140 CreateDirectory "$INSTDIR\shared"
141 CreateDirectory "$INSTDIR\active-response"
142 CreateDirectory "$INSTDIR\active-response\bin"
143 CreateDirectory "$INSTDIR\tmp"
149 File ossec-agent-eventchannel.exe
150 File default-ossec.conf
151 File manage_agents.exe
152 File /oname=win32ui.exe os_win32ui.exe
153 File ossec-rootcheck.exe
154 File internal_options.conf
155 File default-local_internal_options.conf
156 File setup-windows.exe
157 File setup-syscheck.exe
160 File /oname=shared\rootkit_trojans.txt rootkit_trojans.txt
161 File /oname=shared\rootkit_files.txt rootkit_files.txt
162 File add-localfile.exe
164 File /oname=shared\win_applications_rcl.txt rootcheck\db\win_applications_rcl.txt
165 File /oname=shared\win_malware_rcl.txt rootcheck\db\win_malware_rcl.txt
166 File /oname=shared\win_audit_rcl.txt rootcheck\db\win_audit_rcl.txt
169 File /oname=active-response\bin\route-null.cmd route-null.cmd
170 File /oname=active-response\bin\restart-ossec.cmd restart-ossec.cmd
172 ; use appropriate version of "ossec-agent.exe"
173 ${If} ${AtLeastWinVista}
174 Delete "$INSTDIR\ossec-agent.exe"
175 Rename "$INSTDIR\ossec-agent-eventchannel.exe" "$INSTDIR\ossec-agent.exe"
177 Delete "$INSTDIR\ossec-agent-eventchannel.exe"
180 ; write registry keys
181 WriteRegStr HKLM SOFTWARE\ossec "Install_Dir" "$INSTDIR"
182 WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC" "DisplayName" "${NAME} ${VERSION}"
183 WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC" "DisplayVersion" "${VERSION}"
184 WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC" "DisplayIcon" "${MUI_ICON}"
185 WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC" "HelpLink" "http://www.ossec.net/main/support/"
186 WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC" "URLInfoAbout" "http://www.ossec.net"
187 WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "UninstallString" '"$INSTDIR\uninstall.exe"'
188 WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "NoModify" 1
189 WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "NoRepair" 1
190 WriteUninstaller "uninstall.exe"
192 ; write version and install information
194 FileOpen $0 "$INSTDIR\VERSION.txt" w
195 FileWrite $0 "${NAME} v${VERSION} - Installed on ${CDATE}"
197 IfErrors VersionError VersionComplete
199 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
200 Failure saving version to file.$\r$\n$\r$\n\
201 File:$\r$\n$\r$\n$INSTDIR\VERSION.txt$\r$\n$\r$\n\
202 Click Abort to stop the installation,$\r$\n\
203 Retry to try again, or$\r$\n\
204 Ignore to skip this file." /SD IDABORT IDIGNORE VersionComplete IDRETRY VersionInstall
214 IfFileExists "$INSTDIR\ossec.log" LogComplete
215 FileOpen $0 "$INSTDIR\ossec.log" w
217 IfErrors LogError LogComplete
219 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
220 Failure creating the ossec.log file.$\r$\n$\r$\n\
221 File:$\r$\n$\r$\n$INSTDIR\ossec.log$\r$\n$\r$\n\
222 Click Abort to stop the installation,$\r$\n\
223 Retry to try again, or$\r$\n\
224 Ignore to skip this file." /SD IDABORT IDIGNORE LogComplete IDRETRY LogInstall
231 ; rename local_internal_options.conf if it does not already exist
234 IfFileExists "$INSTDIR\local_internal_options.conf" ConfPresentInternal
235 Rename "$INSTDIR\default-local_internal_options.conf" "$INSTDIR\local_internal_options.conf"
236 IfErrors ConfErrorInternal ConfPresentInternal
238 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
239 Failure renaming configuration file.$\r$\n$\r$\n\
241 $INSTDIR\default-local_internal_options.conf$\r$\n$\r$\n\
243 $INSTDIR\local_internal_options.conf$\r$\n$\r$\n\
244 Click Abort to stop the installation,$\r$\n\
245 Retry to try again, or$\r$\n\
246 Ignore to skip this file." /SD IDABORT IDIGNORE ConfPresentInternal IDRETRY ConfInstallInternal
253 ; rename ossec.conf if it does not already exist
256 IfFileExists "$INSTDIR\ossec.conf" ConfPresentOSSEC
257 Rename "$INSTDIR\default-ossec.conf" "$INSTDIR\ossec.conf"
258 IfErrors ConfErrorOSSEC ConfPresentOSSEC
260 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
261 Failure renaming configuration file.$\r$\n$\r$\n\
263 $INSTDIR\default-ossec.conf$\r$\n$\r$\n\
265 $INSTDIR\ossec.conf$\r$\n$\r$\n\
266 Click Abort to stop the installation,$\r$\n\
267 Retry to try again, or$\r$\n\
268 Ignore to skip this file." /SD IDABORT IDIGNORE ConfPresentOSSEC IDRETRY ConfInstallOSSEC
276 ; http://nsis.sourceforge.net/Shortcuts_removal_fails_on_Windows_Vista
277 SetShellVarContext all
280 Delete "$SMPROGRAMS\OSSEC\Edit.lnk"
281 Delete "$SMPROGRAMS\OSSEC\Uninstall.lnk"
282 Delete "$SMPROGRAMS\OSSEC\Documentation.lnk"
283 Delete "$SMPROGRAMS\OSSEC\Edit Config.lnk"
284 Delete "$SMPROGRAMS\OSSEC\*.*"
285 RMDir "$SMPROGRAMS\OSSEC"
288 CreateDirectory "$SMPROGRAMS\OSSEC"
289 CreateShortCut "$SMPROGRAMS\OSSEC\Manage Agent.lnk" "$INSTDIR\win32ui.exe" "" "$INSTDIR\win32ui.exe" 0
290 CreateShortCut "$SMPROGRAMS\OSSEC\Documentation.lnk" "$INSTDIR\doc.html" "" "$INSTDIR\doc.html" 0
291 CreateShortCut "$SMPROGRAMS\OSSEC\Edit Config.lnk" "$INSTDIR\ossec.conf" "" "$INSTDIR\ossec.conf" 0
292 CreateShortCut "$SMPROGRAMS\OSSEC\Uninstall.lnk" "$INSTDIR\uninstall.exe" "" "$INSTDIR\uninstall.exe" 0
294 ; install OSSEC service
296 nsExec::ExecToLog '"$INSTDIR\ossec-agent.exe" install-service'
299 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
300 Failure setting up the ${SERVICE} service.$\r$\n$\r$\n\
301 Check the details for information about the error.$\r$\n$\r$\n\
302 Click Abort to stop the installation,$\r$\n\
303 Retry to try again, or$\r$\n\
304 Ignore to skip this file." /SD IDABORT IDIGNORE ServiceInstallComplete IDRETRY ServiceInstall
309 ServiceInstallComplete:
313 nsExec::ExecToLog '"$INSTDIR\setup-windows.exe" "$INSTDIR"'
316 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
317 Failure running setup-windows.exe.$\r$\n$\r$\n\
318 Check the details for information about the error.$\r$\n$\r$\n\
319 Click Abort to stop the installation,$\r$\n\
320 Retry to try again, or$\r$\n\
321 Ignore to skip this file." /SD IDABORT IDIGNORE SetupComplete IDRETRY Setup
330 Section "Scan and monitor IIS logs (recommended)" IISLogs
331 nsExec::ExecToLog '"$INSTDIR\setup-iis.exe" "$INSTDIR"'
334 ; add integrity checking
335 Section "Enable integrity checking (recommended)" IntChecking
336 nsExec::ExecToLog '"$INSTDIR\setup-syscheck.exe" "$INSTDIR" "enable"'
341 ; uninstall the services
342 ; this also stops the service as well so it should be done early
344 nsExec::ExecToLog '"$INSTDIR\ossec-agent.exe" uninstall-service'
347 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
348 Failure uninstalling the ${SERVICE} service.$\r$\n$\r$\n\
349 Check the details for information about the error.$\r$\n$\r$\n\
350 Click Abort to stop the installation,$\r$\n\
351 Retry to try again, or$\r$\n\
352 Ignore to skip this file." /SD IDABORT IDIGNORE ServiceUninstallComplete IDRETRY ServiceUninstall
357 ServiceUninstallComplete:
359 ; make sure manage_agents.exe is not running
361 ${nsProcess::FindProcess} "manage_agents.exe" $0
363 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
364 Found manage_agents.exe is still running.$\r$\n$\r$\n\
365 Please close it before continuing.$\r$\n$\r$\n\
366 Click Abort to stop the installation,$\r$\n\
367 Retry to try again, or$\r$\n\
368 Ignore to skip this file." /SD IDABORT IDIGNORE ManageAgentsClosed IDRETRY ManageAgents
376 ; make sure win32ui.exe is not running
378 ${nsProcess::FindProcess} "win32ui.exe" $0
380 MessageBox MB_ABORTRETRYIGNORE|MB_ICONSTOP "$\r$\n\
381 Found win32ui.exe is still running.$\r$\n$\r$\n\
382 Please close it before continuing.$\r$\n$\r$\n\
383 Click Abort to stop the installation,$\r$\n\
384 Retry to try again, or$\r$\n\
385 Ignore to skip this file." /SD IDABORT IDIGNORE win32uiClosed IDRETRY win32ui
396 ; remove registry keys
397 DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\OSSEC"
398 DeleteRegKey HKLM SOFTWARE\OSSEC
400 ; remove files and uninstaller
401 Delete "$INSTDIR\ossec-agent.exe"
402 Delete "$INSTDIR\ossec-lua.exe"
403 Delete "$INSTDIR\ossec-luac.exe"
404 Delete "$INSTDIR\manage_agents.exe"
405 Delete "$INSTDIR\ossec.conf"
406 Delete "$INSTDIR\uninstall.exe"
408 Delete "$INSTDIR\bookmarks\*"
409 Delete "$INSTDIR\rids\*"
410 Delete "$INSTDIR\syscheck\*"
411 Delete "$INSTDIR\shared\*"
412 Delete "$INSTDIR\active-response\bin\*"
413 Delete "$INSTDIR\active-response\*"
414 Delete "$INSTDIR\tmp\*"
418 SetShellVarContext all
419 Delete "$SMPROGRAMS\OSSEC\*.*"
420 Delete "$SMPROGRAMS\OSSEC\*"
421 RMDir "$SMPROGRAMS\OSSEC"
423 ; remove directories used
424 RMDir "$INSTDIR\shared"
425 RMDir "$INSTDIR\syscheck"
426 RMDir "$INSTDIR\bookmarks"
427 RMDir "$INSTDIR\rids"
428 RMDir "$INSTDIR\active-response\bin"
429 RMDir "$INSTDIR\active-response"