4 # Checking if it is executed from the right place
7 ls ${LOCATION} > /dev/null 2>&1
9 echo "Cannot execute. Wrong directory"
14 # Getting default variables
15 DIR=`grep DIR ${LOCATION} | cut -f2 -d\"`
18 subdirs="logs bin queue queue/ossec queue/alerts queue/syscheck queue/rids var var/run etc etc/shared active-response active-response/bin agentless .ssh"
22 if [ "X${DIR}" = "X" ]; then
23 echo "Error building OSSEC HIDS."
28 # Creating root directory
29 ls ${DIR} > /dev/null 2>&1
30 if [ $? != 0 ]; then mkdir -m 700 -p ${DIR}; fi
31 ls ${DIR} > /dev/null 2>&1
33 echo "You do not have permissions to create ${DIR}. Exiting..."
38 # Creating groups/users
39 if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
40 grep "^${USER}" /etc/passwd > /dev/null 2>&1
42 /usr/sbin/pw groupadd ${GROUP}
43 /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
46 elif [ "$UNAME" = "SunOS" ]; then
47 grep "^${USER}" /etc/passwd > /dev/null 2>&1
49 /usr/sbin/groupadd ${GROUP}
50 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER}
53 elif [ "$UNAME" = "AIX" ]; then
55 ls -la /bin/false > /dev/null 2>&1
59 grep "^${USER}" /etc/passwd > /dev/null 2>&1
61 /usr/bin/mkgroup ${GROUP}
62 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER}
65 # Thanks Chuck L. for the mac addusers
66 elif [ "$UNAME" = "Darwin" ]; then
67 id -u ${USER} > /dev/null 2>&1
71 /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.5.|10.6" > /dev/null 2>&1
73 chmod +x ./init/osx105-addusers.sh
74 ./init/osx105-addusers.sh
76 chmod +x ./init/darwin-addusers.pl
77 ./init/darwin-addusers.pl
81 grep "^${USER}" /etc/passwd > /dev/null 2>&1
83 /usr/sbin/groupadd ${GROUP}
85 # We first check if /sbin/nologin is present. If it is not,
86 # we look for bin/false. If none of them is present, we
87 # just stick with nologin (no need to fail the install for that).
88 OSMYSHELL="/sbin/nologin"
89 ls -la ${OSMYSHELL} > /dev/null 2>&1
91 ls -la /bin/false > /dev/null 2>&1
93 OSMYSHELL="/bin/false"
96 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
102 for i in ${subdirs}; do
103 ls ${DIR}/${i} > /dev/null 2>&1
104 if [ $? != 0 ]; then mkdir -m 700 ${DIR}/${i}; fi
107 # Default for all directories
109 chown -R root:${GROUP} ${DIR}
111 # To the ossec queue (default for agentd to read)
112 chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
113 chmod -R 770 ${DIR}/queue/ossec
115 # For the logging user
116 chown -R ${USER}:${GROUP} ${DIR}/logs
117 chmod -R 750 ${DIR}/logs
118 chmod -R 775 ${DIR}/queue/rids
119 touch ${DIR}/logs/ossec.log
120 chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
121 chmod 664 ${DIR}/logs/ossec.log
127 chown -R root:${GROUP} ${DIR}/etc
129 ls /etc/localtime > /dev/null 2>&1
131 cp -p /etc/localtime ${DIR}/etc/;
134 # Solaris Needs some extra files
135 if [ "$UNAME" = "SunOS" ]; then
136 mkdir -p ${DIR}/usr/share/lib/zoneinfo/
137 chmod -R 555 ${DIR}/usr/
138 cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
139 chown -R root:${GROUP} ${DIR}/usr/
142 ls /etc/TIMEZONE > /dev/null 2>&1
144 cp -p /etc/TIMEZONE ${DIR}/etc/;
145 chown root:${GROUP} ${DIR}/etc/TIMEZONE
146 chmod 555 ${DIR}/etc/TIMEZONE
151 # For the /etc/shared
152 cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/
154 # Backup currently internal_options file.
155 ls ${DIR}/etc/internal_options.conf > /dev/null 2>&1
157 cp -pr ${DIR}/etc/internal_options.conf ${DIR}/etc/backup-internal_options.$$
160 cp -pr ../etc/internal_options.conf ${DIR}/etc/
161 cp -pr ../etc/local_internal_options.conf ${DIR}/etc/ > /dev/null 2>&1
162 cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
163 cp -pr agentlessd/scripts/* ${DIR}/agentless/
165 chown root:${GROUP} ${DIR}/etc/internal_options.conf
166 chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
167 chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
168 chown root:${GROUP} ${DIR}/agentless/*
169 chown ${USER}:${GROUP} ${DIR}/.ssh
170 chown -R root:${GROUP} ${DIR}/etc/shared
173 chmod 440 ${DIR}/etc/internal_options.conf
174 chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
175 chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1
176 chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it
177 chmod 550 ${DIR}/agentless/*
178 chmod 700 ${DIR}/.ssh
182 chmod 770 ${DIR}/var/run
183 chown root:${GROUP} ${DIR}/var/run
186 # Moving the binary files
187 cp -pr ../bin/ossec-agentd ${DIR}/bin/
188 cp -pr ../bin/ossec-logcollector ${DIR}/bin/
189 cp -pr ../bin/ossec-syscheckd ${DIR}/bin/
190 cp -pr ../bin/ossec-execd ${DIR}/bin/
191 cp -pr ./init/ossec-client.sh ${DIR}/bin/ossec-control
192 cp -pr ../bin/manage_agents ${DIR}/bin/
194 # Copying active response modules
195 sh ./init/fw-check.sh execute > /dev/null
196 cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
197 cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
198 chmod 755 ${DIR}/active-response/bin/*
199 chown root:${GROUP} ${DIR}/active-response/bin/*
201 chown root:${GROUP} ${DIR}/bin/*
202 chmod 550 ${DIR}/bin/*
205 # Moving the config file
206 ls ${DIR}/etc/ossec.conf > /dev/null 2>&1
212 ls ../etc/ossec.mc > /dev/null 2>&1
214 cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf
216 cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf
218 chown root:${GROUP} ${DIR}/etc/ossec.conf
219 chmod 440 ${DIR}/etc/ossec.conf