4 # Checking if it is executed from the right place
7 ls ${LOCATION} > /dev/null 2>&1
9 echo "Cannot execute. Wrong directory"
14 # Getting default variables
15 DIR=`grep DIR ${LOCATION} | cut -f2 -d\"`
18 subdirs="logs bin queue queue/ossec queue/alerts queue/syscheck queue/rids queue/diff var var/run etc etc/shared active-response active-response/bin agentless .ssh"
22 if [ "X${DIR}" = "X" ]; then
23 echo "Error building OSSEC HIDS."
28 # Creating root directory
29 ls ${DIR} > /dev/null 2>&1
30 if [ $? != 0 ]; then mkdir -m 700 -p ${DIR}; fi
31 ls ${DIR} > /dev/null 2>&1
33 echo "You do not have permissions to create ${DIR}. Exiting..."
38 # Creating groups/users
39 if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
40 grep "^${USER}" /etc/passwd > /dev/null 2>&1
42 /usr/sbin/pw groupadd ${GROUP}
43 /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
46 elif [ "$UNAME" = "SunOS" ]; then
47 grep "^${USER}" /etc/passwd > /dev/null 2>&1
49 /usr/sbin/groupadd ${GROUP}
50 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER}
53 elif [ "$UNAME" = "AIX" ]; then
55 ls -la /bin/false > /dev/null 2>&1
59 grep "^${USER}" /etc/passwd > /dev/null 2>&1
61 /usr/bin/mkgroup ${GROUP}
62 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER}
65 # Thanks Chuck L. for the mac addusers
66 elif [ "$UNAME" = "Darwin" ]; then
67 id -u ${USER} > /dev/null 2>&1
71 /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.5.|10.6" > /dev/null 2>&1
73 chmod +x ./init/osx105-addusers.sh
74 ./init/osx105-addusers.sh
76 chmod +x ./init/darwin-addusers.pl
77 ./init/darwin-addusers.pl
81 grep "^${USER}" /etc/passwd > /dev/null 2>&1
83 /usr/sbin/groupadd ${GROUP}
85 # We first check if /sbin/nologin is present. If it is not,
86 # we look for bin/false. If none of them is present, we
87 # just stick with nologin (no need to fail the install for that).
88 OSMYSHELL="/sbin/nologin"
89 ls -la ${OSMYSHELL} > /dev/null 2>&1
91 ls -la /bin/false > /dev/null 2>&1
93 OSMYSHELL="/bin/false"
96 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
102 for i in ${subdirs}; do
103 ls ${DIR}/${i} > /dev/null 2>&1
104 if [ $? != 0 ]; then mkdir -m 700 ${DIR}/${i}; fi
107 # Default for all directories
109 chown -R root:${GROUP} ${DIR}
111 # To the ossec queue (default for agentd to read)
112 chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
113 chmod -R 770 ${DIR}/queue/ossec
115 # For the logging user
116 chown -R ${USER}:${GROUP} ${DIR}/logs
117 chmod -R 750 ${DIR}/logs
118 chmod -R 775 ${DIR}/queue/rids
119 touch ${DIR}/logs/ossec.log
120 chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
121 chmod 664 ${DIR}/logs/ossec.log
123 chown -R ${USER}:${GROUP} ${DIR}/queue/diff
124 chmod -R 750 ${DIR}/queue/diff
125 chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
132 chown -R root:${GROUP} ${DIR}/etc
134 ls /etc/localtime > /dev/null 2>&1
136 cp -p /etc/localtime ${DIR}/etc/;
139 # Solaris Needs some extra files
140 if [ "$UNAME" = "SunOS" ]; then
141 mkdir -p ${DIR}/usr/share/lib/zoneinfo/
142 chmod -R 555 ${DIR}/usr/
143 cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
144 chown -R root:${GROUP} ${DIR}/usr/
147 ls /etc/TIMEZONE > /dev/null 2>&1
149 cp -p /etc/TIMEZONE ${DIR}/etc/;
150 chown root:${GROUP} ${DIR}/etc/TIMEZONE
151 chmod 555 ${DIR}/etc/TIMEZONE
156 # For the /etc/shared
157 cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/
159 # Backup currently internal_options file.
160 ls ${DIR}/etc/internal_options.conf > /dev/null 2>&1
162 cp -pr ${DIR}/etc/internal_options.conf ${DIR}/etc/backup-internal_options.$$
165 cp -pr ../etc/internal_options.conf ${DIR}/etc/
166 cp -pr ../etc/local_internal_options.conf ${DIR}/etc/ > /dev/null 2>&1
167 cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
168 cp -pr agentlessd/scripts/* ${DIR}/agentless/
170 chown root:${GROUP} ${DIR}/etc/internal_options.conf
171 chown root:${GROUP} ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
172 chown root:${GROUP} ${DIR}/etc/client.keys > /dev/null 2>&1
173 chown root:${GROUP} ${DIR}/agentless/*
174 chown ${USER}:${GROUP} ${DIR}/.ssh
175 chown -R root:${GROUP} ${DIR}/etc/shared
178 chmod 440 ${DIR}/etc/internal_options.conf
179 chmod 440 ${DIR}/etc/local_internal_options.conf > /dev/null 2>&1
180 chmod 440 ${DIR}/etc/client.keys > /dev/null 2>&1
181 chmod -R 770 ${DIR}/etc/shared # ossec must be able to write to it
182 chmod 550 ${DIR}/agentless/*
183 chmod 700 ${DIR}/.ssh
187 chmod 770 ${DIR}/var/run
188 chown root:${GROUP} ${DIR}/var/run
191 # Moving the binary files
192 cp -pr ../bin/ossec-agentd ${DIR}/bin/
193 cp -pr ../bin/agent-auth ${DIR}/bin/
194 cp -pr ../bin/ossec-logcollector ${DIR}/bin/
195 cp -pr ../bin/ossec-syscheckd ${DIR}/bin/
196 cp -pr ../bin/ossec-execd ${DIR}/bin/
197 cp -pr ./init/ossec-client.sh ${DIR}/bin/ossec-control
198 cp -pr ../bin/manage_agents ${DIR}/bin/
199 cp -pr ../contrib/util.sh ${DIR}/bin/
200 chown root:${GROUP} ${DIR}/bin/util.sh
201 chmod +x ${DIR}/bin/util.sh
203 # Copying active response modules
204 sh ./init/fw-check.sh execute > /dev/null
205 cp -pr ../active-response/*.sh ${DIR}/active-response/bin/
206 cp -pr ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
207 chmod 755 ${DIR}/active-response/bin/*
208 chown root:${GROUP} ${DIR}/active-response/bin/*
210 chown root:${GROUP} ${DIR}/bin/*
211 chmod 550 ${DIR}/bin/*
214 # Moving the config file
215 ls ${DIR}/etc/ossec.conf > /dev/null 2>&1
221 ls ../etc/ossec.mc > /dev/null 2>&1
223 cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf
225 cp -pr ../etc/ossec-agent.conf ${DIR}/etc/ossec.conf
227 chown root:${GROUP} ${DIR}/etc/ossec.conf
228 chmod 440 ${DIR}/etc/ossec.conf