4 # Checking if it is executed from the right place
7 ls ${LOCATION} > /dev/null 2>&1
9 echo "Cannot execute. Wrong directory"
14 # Getting default variables
15 DIR=`grep DIR ${LOCATION} | cut -f2 -d\"`
18 subdirs="logs bin queue queue/ossec queue/alerts queue/syscheck queue/rids queue/diff tmp var var/run etc etc/shared active-response active-response/bin agentless .ssh"
22 if [ "X${DIR}" = "X" ]; then
23 echo "Error building OSSEC HIDS."
28 # Creating root directory
29 ls ${DIR} > /dev/null 2>&1
30 if [ $? != 0 ]; then mkdir -m 700 -p ${DIR}; fi
31 ls ${DIR} > /dev/null 2>&1
33 echo "You do not have permissions to create ${DIR}. Exiting..."
38 # Creating groups/users
39 if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
40 grep "^${USER}" /etc/passwd > /dev/null 2>&1
42 /usr/sbin/pw groupadd ${GROUP}
43 /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
46 elif [ "$UNAME" = "SunOS" ]; then
47 grep "^${USER}" /etc/passwd > /dev/null 2>&1
49 /usr/sbin/groupadd ${GROUP}
50 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER}
53 elif [ "$UNAME" = "AIX" ]; then
55 ls -la /bin/false > /dev/null 2>&1
59 grep "^${USER}" /etc/passwd > /dev/null 2>&1
61 /usr/bin/mkgroup ${GROUP}
62 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER}
65 # Thanks Chuck L. for the mac addusers
66 elif [ "$UNAME" = "Darwin" ]; then
67 id -u ${USER} > /dev/null 2>&1
70 # Creating for <= 10.4
71 /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.2.|10.3|10.4" > /dev/null 2>&1
74 chmod +x ./init/darwin-addusers.pl
75 ./init/darwin-addusers.pl
77 chmod +x ./init/osx105-addusers.sh
78 ./init/osx105-addusers.sh
82 grep "^${USER}" /etc/passwd > /dev/null 2>&1
84 /usr/sbin/groupadd ${GROUP}
86 # We first check if /sbin/nologin is present. If it is not,
87 # we look for bin/false. If none of them is present, we
88 # just stick with nologin (no need to fail the install for that).
89 OSMYSHELL="/sbin/nologin"
90 ls -la ${OSMYSHELL} > /dev/null 2>&1
92 ls -la /bin/false > /dev/null 2>&1
94 OSMYSHELL="/bin/false"
97 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
103 for i in ${subdirs}; do
104 ls ${DIR}/${i} > /dev/null 2>&1
105 if [ $? != 0 ]; then mkdir -m 700 ${DIR}/${i}; fi
108 # Default for all directories
110 chown -R root:${GROUP} ${DIR}
112 # To the ossec queue (default for agentd to read)
113 chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
114 chmod -R 770 ${DIR}/queue/ossec
116 # For the logging user
117 chown -R ${USER}:${GROUP} ${DIR}/logs
118 chmod -R 750 ${DIR}/logs
119 chmod -R 775 ${DIR}/queue/rids
120 touch ${DIR}/logs/ossec.log
121 chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
122 chmod 664 ${DIR}/logs/ossec.log
124 chown -R ${USER}:${GROUP} ${DIR}/queue/diff
125 chmod -R 750 ${DIR}/queue/diff
126 chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
128 chown -R root:${GROUP} ${DIR}/tmp
129 chmod 1550 ${DIR}/tmp
135 chown -R root:${GROUP} ${DIR}/etc
137 ls /etc/localtime > /dev/null 2>&1
139 cp -p /etc/localtime ${DIR}/etc/;
142 # Solaris Needs some extra files
143 if [ "$UNAME" = "SunOS" ]; then
144 mkdir -p ${DIR}/usr/share/lib/zoneinfo/
145 chmod -R 555 ${DIR}/usr/
146 cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
147 chown -R root:${GROUP} ${DIR}/usr/
150 ls /etc/TIMEZONE > /dev/null 2>&1
152 cp -p /etc/TIMEZONE ${DIR}/etc/;
153 chown root:${GROUP} ${DIR}/etc/TIMEZONE
154 chmod 555 ${DIR}/etc/TIMEZONE
159 # For the /etc/shared
160 cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/
162 # Backup currently internal_options file.
163 ls ${DIR}/etc/internal_options.conf > /dev/null 2>&1
165 cp -pr ${DIR}/etc/internal_options.conf ${DIR}/etc/backup-internal_options.$$
168 cp -pr ../etc/internal_options.conf ${DIR}/etc/
169 cp -pr ../etc/local_internal_options.conf ${DIR}/etc/ > /dev/null 2>&1
170 cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
171 cp -pr agentlessd/scripts/* ${DIR}/agentless/
173 chown root:${GROUP} ${DIR}/etc/internal_options.conf
174 chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
175 chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
176 chown root:${GROUP} ${DIR}/agentless/*
177 chown ${USER}:${GROUP} ${DIR}/.ssh
178 chown -R root:${GROUP} ${DIR}/etc/shared
181 chmod 440 ${DIR}/etc/internal_options.conf
182 chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
183 chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1
184 chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it
185 chmod 550 ${DIR}/agentless/*
186 chmod 700 ${DIR}/.ssh
190 chmod 770 ${DIR}/var/run
191 chown root:${GROUP} ${DIR}/var/run
194 # Moving the binary files
195 cp -pr client-agent/ossec-agentd ${DIR}/bin/
196 cp -pr os_auth/agent-auth ${DIR}/bin/
197 cp -pr logcollector/ossec-logcollector ${DIR}/bin/
198 cp -pr syscheckd/ossec-syscheckd ${DIR}/bin/
199 cp -pr os_execd/ossec-execd ${DIR}/bin/
200 cp -pr ./init/ossec-client.sh ${DIR}/bin/ossec-control
201 cp -pr addagent/manage_agents ${DIR}/bin/
202 cp -pr ../contrib/util.sh ${DIR}/bin/
203 cp -pr external/lua/src/ossec-lua ${DIR}/bin/
204 cp -pr external/lua/src/ossec-luac ${DIR}/bin/
205 chown root:${GROUP} ${DIR}/bin/util.sh
206 chmod +x ${DIR}/bin/util.sh
208 # Copying active response modules
209 sh ./init/fw-check.sh execute > /dev/null
210 cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
211 cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
212 chmod 755 ${DIR}/active-response/bin/*
213 chown root:${GROUP} ${DIR}/active-response/bin/*
215 chown root:${GROUP} ${DIR}/bin/*
216 chmod 550 ${DIR}/bin/*
219 # Moving the config file
220 ls ${DIR}/etc/ossec.conf > /dev/null 2>&1
226 ls ../etc/ossec.mc > /dev/null 2>&1
228 cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf
230 cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf
232 chown root:${GROUP} ${DIR}/etc/ossec.conf
233 chmod 440 ${DIR}/etc/ossec.conf