4 # Checking if it is executed from the right place
6 ls ${LOCATION} > /dev/null 2>&1
8 echo "Cannot execute. Wrong directory"
12 # Getting any argument
13 if [ "X$1" = "Xlocal" ]; then
14 # Setting local install
20 # Getting default variables
21 DIR=`grep DIR ${LOCATION} | cut -f2 -d\"`
26 subdirs="logs logs/archives logs/alerts logs/firewall bin stats rules queue queue/alerts queue/ossec queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless queue/rids tmp var var/run etc etc/shared active-response active-response/bin agentless .ssh"
29 if [ "X${DIR}" = "X" ]; then
30 echo "Error building OSSEC HIDS."
35 # Creating root directory
36 ls ${DIR} > /dev/null 2>&1
37 if [ $? != 0 ]; then mkdir -m 700 -p ${DIR}; fi
38 ls ${DIR} > /dev/null 2>&1
40 echo "You do not have permissions to create ${DIR}. Exiting..."
45 # Creating groups/users
46 if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
47 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
49 /usr/sbin/pw groupadd ${GROUP}
50 /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
51 /usr/sbin/pw useradd ${USER_MAIL} -d ${DIR} -s /sbin/nologin -g ${GROUP}
52 /usr/sbin/pw useradd ${USER_REM} -d ${DIR} -s /sbin/nologin -g ${GROUP}
55 elif [ "$UNAME" = "SunOS" ]; then
56 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
58 /usr/sbin/groupadd ${GROUP}
59 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER}
60 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER_MAIL}
61 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER_REM}
64 elif [ "$UNAME" = "AIX" ]; then
66 ls -la /bin/false > /dev/null 2>&1
71 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
73 /usr/bin/mkgroup ${GROUP}
74 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER}
75 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER_MAIL}
76 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER_REM}
79 # Thanks Chuck L. for the mac addusers
80 elif [ "$UNAME" = "Darwin" ]; then
81 id -u ${USER} > /dev/null 2>&1
84 # Creating for 10.5 and 10.6
85 /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.5.|10.6" > /dev/null 2>&1
87 chmod +x ./init/osx105-addusers.sh
88 ./init/osx105-addusers.sh
90 chmod +x ./init/darwin-addusers.pl
91 ./init/darwin-addusers.pl
95 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
97 /usr/sbin/groupadd ${GROUP}
99 # We first check if /sbin/nologin is present. If it is not,
100 # we look for bin/false. If none of them is present, we
101 # just stick with nologin (no need to fail the install for that).
102 OSMYSHELL="/sbin/nologin"
103 ls -la ${OSMYSHELL} > /dev/null 2>&1
104 if [ ! $? = 0 ]; then
105 ls -la /bin/false > /dev/null 2>&1
107 OSMYSHELL="/bin/false"
110 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
111 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER_MAIL}
112 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER_REM}
117 # Creating sub directories
118 for i in ${subdirs}; do
119 ls ${DIR}/${i} > /dev/null 2>&1
120 if [ $? != 0 ]; then mkdir -m 700 ${DIR}/${i}; fi
123 # Default for all directories
126 chown root:${GROUP} ${DIR}
127 chown root:${GROUP} ${DIR}/*
129 # AnalysisD needs to write to alerts: log, mail and cmds
130 chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
131 chmod -R 770 ${DIR}/queue/alerts
133 # To the ossec queue (default for analysisd to read)
134 chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
135 chmod -R 770 ${DIR}/queue/ossec
137 # To the ossec fts queue
138 chown -R ${USER}:${GROUP} ${DIR}/queue/fts
139 chmod -R 750 ${DIR}/queue/fts
140 chmod 750 ${DIR}/queue/fts/* > /dev/null 2>&1
142 # To the ossec syscheck/rootcheck queue
143 chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
144 chmod -R 750 ${DIR}/queue/syscheck
145 chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1
147 chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
148 chmod -R 750 ${DIR}/queue/rootcheck
149 chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1
151 chown ${USER}:${GROUP} ${DIR}/queue/diff
152 chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1
153 chmod 750 ${DIR}/queue/diff
154 chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
156 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
157 chmod -R 750 ${DIR}/queue/agent-info
158 chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1
159 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
160 chmod -R 750 ${DIR}/queue/rids
161 chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1
163 chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
164 chmod -R 750 ${DIR}/queue/agentless
165 chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1
168 # For the stats directory
169 chown -R ${USER}:${GROUP} ${DIR}/stats
170 chmod -R 750 ${DIR}/stats
172 # For the logging user
173 chown -R ${USER}:${GROUP} ${DIR}/logs
174 chmod -R 750 ${DIR}/logs
175 touch ${DIR}/logs/ossec.log
176 chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
177 chmod 660 ${DIR}/logs/ossec.log
179 touch ${DIR}/logs/active-responses.log
180 chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log
181 chmod 660 ${DIR}/logs/active-responses.log
183 # For the rules directory
184 ls ${DIR}/rules/*.xml > /dev/null 2>&1
186 # Backup previous rules
188 mkdir ${DIR}/rules/backup-rules.$$
189 cp -pr ${DIR}/rules/*.xml ${DIR}/rules/backup-rules.$$/
191 # Checking for the local rules
192 ls ${DIR}/rules/local_rules.xml > /dev/null 2>&1
194 cp -pr ${DIR}/rules/local_rules.xml ${DIR}/rules/saved_local_rules.xml.$$
198 cp -pr ../etc/rules/* ${DIR}/rules/
199 find ${DIR}/rules/ -type f -exec chmod 440 {} \;
201 # If the local_rules is saved, moved it back
202 ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
204 mv ${DIR}/rules/saved_local_rules.xml.$$ ${DIR}/rules/local_rules.xml
207 chown -R root:${GROUP} ${DIR}/rules
208 chmod -R 550 ${DIR}/rules
213 chown -R root:${GROUP} ${DIR}/etc
214 ls /etc/localtime > /dev/null 2>&1
216 cp -pL /etc/localtime ${DIR}/etc/;
217 chmod 440 ${DIR}/etc/localtime
218 chown root:${GROUP} ${DIR}/etc/localtime
221 # Solaris Needs some extra files
222 if [ "$UNAME" = "SunOS" ]; then
223 mkdir -p ${DIR}/usr/share/lib/zoneinfo/
224 chmod -R 550 ${DIR}/usr/
225 cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
228 ls /etc/TIMEZONE > /dev/null 2>&1
230 cp -p /etc/TIMEZONE ${DIR}/etc/;
231 chmod 550 ${DIR}/etc/TIMEZONE
236 chmod 770 ${DIR}/var/run
237 chown root:${GROUP} ${DIR}/var/run
239 # Moving the binary files
240 cp -pr ../bin/ossec* ${DIR}/bin/
241 cp -pr ../bin/manage_agents ${DIR}/bin/
242 cp -pr ../bin/syscheck_update ${DIR}/bin/
243 cp -pr ../bin/verify-agent-conf ${DIR}/bin/
244 cp -pr ../bin/clear_stats ${DIR}/bin/
245 cp -pr ../bin/list_agents ${DIR}/bin/
246 cp -pr ../bin/agent_control ${DIR}/bin/
247 cp -pr ../bin/syscheck_control ${DIR}/bin/
248 cp -pr ../bin/rootcheck_control ${DIR}/bin/
249 cp -pr ../contrib/util.sh ${DIR}/bin/
250 chown root:${GROUP} ${DIR}/bin/util.sh
251 chmod +x ${DIR}/bin/util.sh
253 # Local install chosen
254 if [ "X$LOCAL" = "Xlocal" ]; then
255 cp -pr ./init/ossec-local.sh ${DIR}/bin/ossec-control
257 cp -pr ./init/ossec-server.sh ${DIR}/bin/ossec-control
260 # Moving the decoders/internal_conf file.
261 cp -pr ../etc/decoder.xml ${DIR}/etc/
263 # Copying local files.
264 cp -pr ../etc/local_decoder.xml ${DIR}/etc/ > /dev/null 2>&1
265 cp -pr ../etc/local_internal_options.conf ${DIR}/etc/ > /dev/null 2>&1
266 cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
268 # Copying agentless files.
269 cp -pr agentlessd/scripts/* ${DIR}/agentless/
272 # Backup currently internal_options file.
273 ls ${DIR}/etc/internal_options.conf > /dev/null 2>&1
275 cp -pr ${DIR}/etc/internal_options.conf ${DIR}/etc/backup-internal_options.$$
278 cp -pr ../etc/internal_options.conf ${DIR}/etc/
279 cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/
280 chown root:${GROUP} ${DIR}/etc/decoder.xml
281 chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1
282 chown root:${GROUP} ${DIR}/etc/internal_options.conf
283 chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1
284 chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1
285 chown root:${GROUP} ${DIR}/etc/shared/*
286 chown root:${GROUP} ${DIR}/agentless/*
287 chown ${USER}:${GROUP} ${DIR}/.ssh
288 chmod 440 ${DIR}/etc/decoder.xml
289 chmod 440 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1
290 chmod 440 ${DIR}/etc/internal_options.conf
291 chmod 440 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1
292 chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1
294 chmod 770 ${DIR}/etc/shared
295 chmod 440 ${DIR}/etc/shared/*
296 chmod 550 ${DIR}/agentless/*
297 rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1
298 chmod 700 ${DIR}/.ssh
301 # Copying active response modules
302 sh ./init/fw-check.sh execute > /dev/null
303 cp -p ../active-response/*.sh ${DIR}/active-response/bin/
304 cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
306 chmod 550 ${DIR}/active-response/bin/*
307 chown root:${GROUP} ${DIR}/active-response/bin/*
309 chown root:${GROUP} ${DIR}/bin/*
310 chmod 550 ${DIR}/bin/*
313 # Moving the config file
314 ls ${DIR}/etc/ossec.conf > /dev/null 2>&1
319 ls ../etc/ossec.mc > /dev/null 2>&1
321 cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf
323 cp -pr ../etc/ossec-server.conf ${DIR}/etc/ossec.conf
325 chown root:${GROUP} ${DIR}/etc/ossec.conf
326 chmod 440 ${DIR}/etc/ossec.conf