4 # Checking if it is executed from the right place
6 ls ${LOCATION} > /dev/null 2>&1
8 echo "Cannot execute. Wrong directory"
12 # Getting any argument
13 if [ "X$1" = "Xlocal" ]; then
14 # Setting local install
20 # Getting default variables
21 DIR=`grep DIR ${LOCATION} | cut -f2 -d\"`
26 subdirs="logs logs/archives logs/alerts logs/firewall bin stats rules queue queue/alerts queue/ossec queue/fts queue/syscheck queue/rootcheck queue/diff queue/agent-info queue/agentless queue/rids tmp var var/run etc etc/shared active-response active-response/bin agentless .ssh"
29 if [ "X${DIR}" = "X" ]; then
30 echo "Error building OSSEC HIDS."
35 # Creating root directory
36 ls ${DIR} > /dev/null 2>&1
37 if [ $? != 0 ]; then mkdir -m 700 -p ${DIR}; fi
38 ls ${DIR} > /dev/null 2>&1
40 echo "You do not have permissions to create ${DIR}. Exiting..."
45 # Creating groups/users
46 if [ "$UNAME" = "FreeBSD" -o "$UNAME" = "DragonFly" ]; then
47 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
49 /usr/sbin/pw groupadd ${GROUP}
50 /usr/sbin/pw useradd ${USER} -d ${DIR} -s /sbin/nologin -g ${GROUP}
51 /usr/sbin/pw useradd ${USER_MAIL} -d ${DIR} -s /sbin/nologin -g ${GROUP}
52 /usr/sbin/pw useradd ${USER_REM} -d ${DIR} -s /sbin/nologin -g ${GROUP}
55 elif [ "$UNAME" = "SunOS" ]; then
56 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
58 /usr/sbin/groupadd ${GROUP}
59 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER}
60 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER_MAIL}
61 /usr/sbin/useradd -d ${DIR} -s /bin/false -g ${GROUP} ${USER_REM}
64 elif [ "$UNAME" = "AIX" ]; then
66 ls -la /bin/false > /dev/null 2>&1
71 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
73 /usr/bin/mkgroup ${GROUP}
74 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER}
75 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER_MAIL}
76 /usr/sbin/useradd -d ${DIR} ${AIXSH} -g ${GROUP} ${USER_REM}
79 # Thanks Chuck L. for the mac addusers
80 elif [ "$UNAME" = "Darwin" ]; then
81 id -u ${USER} > /dev/null 2>&1
84 # Creating for <= 10.4
85 /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.2.|10.3|10.4" > /dev/null 2>&1
87 chmod +x ./init/darwin-addusers.pl
88 ./init/darwin-addusers.pl
90 chmod +x ./init/osx105-addusers.sh
91 ./init/osx105-addusers.sh
95 grep "^${USER_REM}" /etc/passwd > /dev/null 2>&1
97 /usr/sbin/groupadd ${GROUP}
99 # We first check if /sbin/nologin is present. If it is not,
100 # we look for bin/false. If none of them is present, we
101 # just stick with nologin (no need to fail the install for that).
102 OSMYSHELL="/sbin/nologin"
103 ls -la ${OSMYSHELL} > /dev/null 2>&1
104 if [ ! $? = 0 ]; then
105 ls -la /bin/false > /dev/null 2>&1
107 OSMYSHELL="/bin/false"
110 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER}
111 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER_MAIL}
112 /usr/sbin/useradd -d ${DIR} -s ${OSMYSHELL} -g ${GROUP} ${USER_REM}
117 # Creating sub directories
118 for i in ${subdirs}; do
119 ls ${DIR}/${i} > /dev/null 2>&1
120 if [ $? != 0 ]; then mkdir -m 700 ${DIR}/${i}; fi
123 # Default for all directories
126 chown root:${GROUP} ${DIR}
127 chown root:${GROUP} ${DIR}/*
129 # AnalysisD needs to write to alerts: log, mail and cmds
130 chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
131 chmod -R 770 ${DIR}/queue/alerts
133 # To the ossec queue (default for analysisd to read)
134 chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
135 chmod -R 770 ${DIR}/queue/ossec
137 # To the ossec fts queue
138 chown -R ${USER}:${GROUP} ${DIR}/queue/fts
139 chmod -R 750 ${DIR}/queue/fts
140 chmod 750 ${DIR}/queue/fts/* > /dev/null 2>&1
142 # To the ossec syscheck/rootcheck queue
143 chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
144 chmod -R 750 ${DIR}/queue/syscheck
145 chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1
147 chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
148 chmod -R 750 ${DIR}/queue/rootcheck
149 chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1
151 chown ${USER}:${GROUP} ${DIR}/queue/diff
152 chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1
153 chmod 750 ${DIR}/queue/diff
154 chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
156 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
157 chmod -R 750 ${DIR}/queue/agent-info
158 chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1
159 chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
160 chmod -R 750 ${DIR}/queue/rids
161 chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1
163 chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
164 chmod -R 750 ${DIR}/queue/agentless
165 chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1
167 chown -R root:${GROUP} ${DIR}/tmp
168 chmod 1550 ${DIR}/tmp
171 # For the stats directory
172 chown -R ${USER}:${GROUP} ${DIR}/stats
173 chmod -R 750 ${DIR}/stats
175 # For the logging user
176 chown -R ${USER}:${GROUP} ${DIR}/logs
177 chmod -R 750 ${DIR}/logs
178 touch ${DIR}/logs/ossec.log
179 chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
180 chmod 660 ${DIR}/logs/ossec.log
182 touch ${DIR}/logs/active-responses.log
183 chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log
184 chmod 660 ${DIR}/logs/active-responses.log
186 # For the rules directory
187 ls ${DIR}/rules/*.xml > /dev/null 2>&1
189 # Backup previous rules
191 mkdir ${DIR}/rules/backup-rules.$$
192 cp -pr ${DIR}/rules/*.xml ${DIR}/rules/backup-rules.$$/
194 # Checking for the local rules
195 ls ${DIR}/rules/local_rules.xml > /dev/null 2>&1
197 cp -pr ${DIR}/rules/local_rules.xml ${DIR}/rules/saved_local_rules.xml.$$
201 cp -pr ../etc/rules/* ${DIR}/rules/
202 find ${DIR}/rules/ -type f -exec chmod 440 {} \;
204 # If the local_rules is saved, moved it back
205 ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
207 mv ${DIR}/rules/saved_local_rules.xml.$$ ${DIR}/rules/local_rules.xml
210 chown -R root:${GROUP} ${DIR}/rules
211 chmod -R 550 ${DIR}/rules
216 chown -R root:${GROUP} ${DIR}/etc
217 ls /etc/localtime > /dev/null 2>&1
219 cp -pL /etc/localtime ${DIR}/etc/;
220 chmod 440 ${DIR}/etc/localtime
221 chown root:${GROUP} ${DIR}/etc/localtime
224 # Solaris Needs some extra files
225 if [ "$UNAME" = "SunOS" ]; then
226 mkdir -p ${DIR}/usr/share/lib/zoneinfo/
227 chmod -R 550 ${DIR}/usr/
228 cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
231 ls /etc/TIMEZONE > /dev/null 2>&1
233 cp -p /etc/TIMEZONE ${DIR}/etc/;
234 chmod 550 ${DIR}/etc/TIMEZONE
239 chmod 770 ${DIR}/var/run
240 chown root:${GROUP} ${DIR}/var/run
242 # Moving the binary files
243 cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \
244 analysisd/ossec-analysisd logcollector/ossec-logcollector \
245 monitord/ossec-monitord monitord/ossec-reportd \
246 os_execd/ossec-execd os_maild/ossec-maild \
247 remoted/ossec-remoted syscheckd/ossec-syscheckd \
248 analysisd/ossec-logtest os_csyslogd/ossec-csyslogd \
249 os_auth/ossec-authd os_dbd/ossec-dbd analysisd/ossec-makelists \
252 cp -pr util/verify-agent-conf ${DIR}/bin/
253 cp -pr util/clear_stats ${DIR}/bin/
254 cp -pr util/list_agents ${DIR}/bin/
255 cp -pr util/ossec-regex ${DIR}/bin/
256 cp -pr util/syscheck_update ${DIR}/bin/
257 cp -pr util/agent_control ${DIR}/bin/
258 cp -pr util/syscheck_control ${DIR}/bin/
259 cp -pr util/rootcheck_control ${DIR}/bin/
260 cp -pr external/lua/src/ossec-lua ${DIR}/bin/
261 cp -pr external/lua/src/ossec-luac ${DIR}/bin/
262 cp -pr ../contrib/util.sh ${DIR}/bin/
263 chown root:${GROUP} ${DIR}/bin/util.sh
264 chmod +x ${DIR}/bin/util.sh
266 # Local install chosen
267 if [ "X$LOCAL" = "Xlocal" ]; then
268 cp -pr ./init/ossec-local.sh ${DIR}/bin/ossec-control
270 cp -pr ./init/ossec-server.sh ${DIR}/bin/ossec-control
273 # Moving the decoders/internal_conf file.
274 cp -pr ../etc/decoder.xml ${DIR}/etc/
276 # Copying local files.
277 cp -pr ../etc/local_decoder.xml ${DIR}/etc/ > /dev/null 2>&1
278 cp -pr ../etc/local_internal_options.conf ${DIR}/etc/ > /dev/null 2>&1
279 cp -pr ../etc/client.keys ${DIR}/etc/ > /dev/null 2>&1
281 # Copying agentless files.
282 cp -pr agentlessd/scripts/* ${DIR}/agentless/
285 # Backup currently internal_options file.
286 ls ${DIR}/etc/internal_options.conf > /dev/null 2>&1
288 cp -pr ${DIR}/etc/internal_options.conf ${DIR}/etc/backup-internal_options.$$
291 cp -pr ../etc/internal_options.conf ${DIR}/etc/
292 cp -pr rootcheck/db/*.txt ${DIR}/etc/shared/
293 chown root:${GROUP} ${DIR}/etc/decoder.xml
294 chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1
295 chown root:${GROUP} ${DIR}/etc/internal_options.conf
296 chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1
297 chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1
298 chown root:${GROUP} ${DIR}/etc/shared/*
299 chown root:${GROUP} ${DIR}/agentless/*
300 chown ${USER}:${GROUP} ${DIR}/.ssh
301 chmod 440 ${DIR}/etc/decoder.xml
302 chmod 440 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1
303 chmod 440 ${DIR}/etc/internal_options.conf
304 chmod 440 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1
305 chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1
307 chmod 770 ${DIR}/etc/shared
308 chmod 440 ${DIR}/etc/shared/*
309 chmod 550 ${DIR}/agentless/*
310 rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1
311 chmod 700 ${DIR}/.ssh
314 # Copying active response modules
315 sh ./init/fw-check.sh execute > /dev/null
316 cp -p ../active-response/*.sh ${DIR}/active-response/bin/
317 cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
319 chmod 550 ${DIR}/active-response/bin/*
320 chown root:${GROUP} ${DIR}/active-response/bin/*
322 chown root:${GROUP} ${DIR}/bin/*
323 chmod 550 ${DIR}/bin/*
326 # Moving the config file
327 ls ${DIR}/etc/ossec.conf > /dev/null 2>&1
332 ls ../etc/ossec.mc > /dev/null 2>&1
334 cp -pr ../etc/ossec.mc ${DIR}/etc/ossec.conf
336 cp -pr ../etc/ossec-server.conf ${DIR}/etc/ossec.conf
338 chown root:${GROUP} ${DIR}/etc/ossec.conf
339 chmod 440 ${DIR}/etc/ossec.conf