4 # Checking if it is executed from the right place
6 ls ${LOCATION} > /dev/null 2>&1
8 echo "Cannot execute. Wrong directory"
12 # Getting any argument
13 if [ "X$1" = "Xlocal" ]; then
14 # Setting local install
20 # Getting default variables
21 DIR=`grep DIR ${LOCATION} | cut -f2 -d\"`
26 subdirs="logs logs/archives logs/alerts logs/firewall bin stats rules queue queue/alerts queue/ossec queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless queue/rids tmp var var/run etc etc/shared active-response active-response/bin agentless .ssh"
29 if [ "X${DIR}" = "X" ]; then
30 echo "Error building OSSEC HIDS."
35 # Creating root directory
36 ls ${DIR} > /dev/null 2>&1
37 if [ $? != 0 ]; then mkdir -m 700 -p ${DIR}; fi
38 ls ${DIR} > /dev/null 2>&1
40 echo "You do not have permissions to create ${DIR}. Exiting..."
45 # Creating groups/users
46 if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
47 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
49 /usr/sbin/pw groupadd ${GROUP}
50 /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
51 /usr/sbin/pw useradd ${USER_MAIL} -d ${DIR} -s /sbin/nologin -g ${GROUP}
52 /usr/sbin/pw useradd ${USER_REM} -d ${DIR} -s /sbin/nologin -g ${GROUP}
55 elif [ "$UNAME" = "SunOS" ]; then
56 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
58 /usr/sbin/groupadd ${GROUP}
59 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER}
60 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER_MAIL}
61 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER_REM}
64 elif [ "$UNAME" = "AIX" ]; then
66 ls -la /bin/false > /dev/null 2>&1
71 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
73 /usr/bin/mkgroup ${GROUP}
74 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER}
75 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER_MAIL}
76 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER_REM}
79 # Thanks Chuck L. for the mac addusers
80 elif [ "$UNAME" = "Darwin" ]; then
81 id -u ${USER} > /dev/null 2>&1
84 # Creating for 10.5 and 10.6
85 /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.5.|10.6" > /dev/null 2>&1
87 chmod +x ./init/osx105-addusers.sh
88 ./init/osx105-addusers.sh
90 chmod +x ./init/darwin-addusers.pl
91 ./init/darwin-addusers.pl
95 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
97 /usr/sbin/groupadd ${GROUP}
99 # We first check if /sbin/nologin is present. If it is not,
100 # we look for bin/false. If none of them is present, we
101 # just stick with nologin (no need to fail the install for that).
102 OSMYSHELL="/sbin/nologin"
103 ls -la ${OSMYSHELL} > /dev/null 2>&1
104 if [ ! $? = 0 ]; then
105 ls -la /bin/false > /dev/null 2>&1
107 OSMYSHELL="/bin/false"
110 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
111 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER_MAIL}
112 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER_REM}
117 # Creating sub directories
118 for i in ${subdirs}; do
119 ls ${DIR}/${i} > /dev/null 2>&1
120 if [ $? != 0 ]; then mkdir -m 700 ${DIR}/${i}; fi
123 # Default for all directories
125 chown -R root:${GROUP} ${DIR}
127 # AnalysisD needs to write to alerts: log, mail and cmds
128 chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
129 chmod -R 770 ${DIR}/queue/alerts
131 # To the ossec queue (default for analysisd to read)
132 chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
133 chmod -R 770 ${DIR}/queue/ossec
135 # To the ossec fts queue
136 chown -R ${USER}:${GROUP} ${DIR}/queue/fts
137 chmod -R 750 ${DIR}/queue/fts
138 chmod 740 ${DIR}/queue/fts/* > /dev/null 2>&1
140 # To the ossec syscheck/rootcheck queue
141 chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
142 chmod -R 750 ${DIR}/queue/syscheck
143 chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1
145 chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
146 chmod -R 750 ${DIR}/queue/rootcheck
147 chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1
149 chown -R ${USER}:${GROUP} ${DIR}/queue/diff
150 chmod -R 750 ${DIR}/queue/diff
151 chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
153 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
154 chmod -R 755 ${DIR}/queue/agent-info
155 chmod 744 ${DIR}/queue/agent-info/* > /dev/null 2>&1
156 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
157 chmod -R 755 ${DIR}/queue/rids
158 chmod 744 ${DIR}/queue/rids/* > /dev/null 2>&1
160 chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
161 chmod -R 755 ${DIR}/queue/agentless
162 chmod 744 ${DIR}/queue/agentless/* > /dev/null 2>&1
165 # For the stats directory
166 chown -R ${USER}:${GROUP} ${DIR}/stats
167 chmod -R 750 ${DIR}/stats
169 # For the logging user
170 chown -R ${USER}:${GROUP} ${DIR}/logs
171 chmod -R 750 ${DIR}/logs
172 touch ${DIR}/logs/ossec.log
173 chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
174 chmod 664 ${DIR}/logs/ossec.log
176 # For the rules directory
177 ls ${DIR}/rules/*.xml > /dev/null 2>&1
179 # Backup previous rules
181 mkdir ${DIR}/rules/backup-rules.$$
182 cp -pr ${DIR}/rules/*.xml ${DIR}/rules/backup-rules.$$/
184 # Checking for the local rules
185 ls ${DIR}/rules/local_rules.xml > /dev/null 2>&1
187 cp -pr ${DIR}/rules/local_rules.xml ${DIR}/rules/saved_local_rules.xml.$$
191 cp -pr ../etc/rules/* ${DIR}/rules/
193 # If the local_rules is saved, moved it back
194 ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
196 mv ${DIR}/rules/saved_local_rules.xml.$$ ${DIR}/rules/local_rules.xml
199 chown -R root:${GROUP} ${DIR}/rules
200 chmod -R 550 ${DIR}/rules
205 chown -R root:${GROUP} ${DIR}/etc
206 ls /etc/localtime > /dev/null 2>&1
208 cp -pL /etc/localtime ${DIR}/etc/;
209 chmod 555 ${DIR}/etc/localtime
210 chown root:${GROUP} ${DIR}/etc/localtime
213 # Solaris Needs some extra files
214 if [ "$UNAME" = "SunOS" ]; then
215 mkdir -p ${DIR}/usr/share/lib/zoneinfo/
216 chmod -R 555 ${DIR}/usr/
217 cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
220 ls /etc/TIMEZONE > /dev/null 2>&1
222 cp -p /etc/TIMEZONE ${DIR}/etc/;
223 chmod 555 ${DIR}/etc/TIMEZONE
228 chmod 770 ${DIR}/var/run
229 chown root:${GROUP} ${DIR}/var/run
231 # Moving the binary files
232 cp -pr ../bin/ossec* ${DIR}/bin/
233 cp -pr ../bin/manage_agents ${DIR}/bin/
234 cp -pr ../bin/syscheck_update ${DIR}/bin/
235 cp -pr ../bin/clear_stats ${DIR}/bin/
236 cp -pr ../bin/list_agents ${DIR}/bin/
237 cp -pr ../bin/agent_control ${DIR}/bin/
238 cp -pr ../bin/syscheck_control ${DIR}/bin/
239 cp -pr ../bin/rootcheck_control ${DIR}/bin/
241 # Local install chosen
242 if [ "X$LOCAL" = "Xlocal" ]; then
243 cp -pr ./init/ossec-local.sh ${DIR}/bin/ossec-control
245 cp -pr ./init/ossec-server.sh ${DIR}/bin/ossec-control
248 # Moving the decoders/internal_conf file.
249 cp -pr ../etc/decoder.xml ${DIR}/etc/
251 # Copying local files.
252 cp -pr ../etc/local_decoder.xml ${DIR}/etc/ > /dev/null 2>&1
253 cp -pr ../etc/local_internal_options.conf ${DIR}/etc/ > /dev/null 2>&1
254 cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
256 # Copying agentless files.
257 cp -pr agentlessd/scripts/* ${DIR}/agentless/
260 # Backup currently internal_options file.
261 ls ${DIR}/etc/internal_options.conf > /dev/null 2>&1
263 cp -pr ${DIR}/etc/internal_options.conf ${DIR}/etc/backup-internal_options.$$
266 cp -pr ../etc/internal_options.conf ${DIR}/etc/
267 cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/
268 chown root:${GROUP} ${DIR}/etc/decoder.xml
269 chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1
270 chown root:${GROUP} ${DIR}/etc/internal_options.conf
271 chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1
272 chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1
273 chown root:${GROUP} ${DIR}/etc/shared/*
274 chown root:${GROUP} ${DIR}/agentless/*
275 chown ${USER}:${GROUP} ${DIR}/.ssh
276 chmod 440 ${DIR}/etc/decoder.xml
277 chmod 440 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1
278 chmod 440 ${DIR}/etc/internal_options.conf
279 chmod 440 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1
280 chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1
282 chmod 770 ${DIR}/etc/shared
283 chmod 440 ${DIR}/etc/shared/*
284 chmod 550 ${DIR}/agentless/*
285 rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1
286 chmod 700 ${DIR}/.ssh
289 # Copying active response modules
290 sh ./init/fw-check.sh execute > /dev/null
291 cp -p ../active-response/*.sh ${DIR}/active-response/bin/
292 cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
294 chmod 755 ${DIR}/active-response/bin/*
295 chown root:${GROUP} ${DIR}/active-response/bin/*
297 chown root:${GROUP} ${DIR}/bin/*
298 chmod 550 ${DIR}/bin/*
301 # Moving the config file
302 ls ${DIR}/etc/ossec.conf > /dev/null 2>&1
307 ls ../etc/ossec.mc > /dev/null 2>&1
309 cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf
311 cp -pr ../etc/ossec-server.conf ${DIR}/etc/ossec.conf
313 chown root:${GROUP} ${DIR}/etc/ossec.conf
314 chmod 440 ${DIR}/etc/ossec.conf