1 ;--------------------------------
6 ;--------------------------------
10 !define NAME "Ossec HIDS"
11 !define /date CDATE "%b %d %Y at %H:%M:%S"
14 Name "${NAME} Windows Agent v${VERSION}"
15 BrandingText "Copyright (C) 2009 Trend Micro Inc."
16 OutFile "ossec-win32-agent.exe"
19 InstallDir $PROGRAMFILES\ossec-agent
20 InstallDirRegKey HKLM "ossec" "Install_Dir"
23 ;--------------------------------
26 !define MUI_ABORTWARNING
28 ;--------------------------------
30 !define MUI_ICON favicon.ico
31 !define MUI_UNICON ossec-uninstall.ico
32 !define MUI_WELCOMEPAGE_TEXT "This wizard will guide you through the install of ${Name}.\r\n\r\nClick next to continue."
34 ; Page for choosing components.
35 !define MUI_COMPONENTSPAGE_TEXT_TOP "Select the options you want to be executed. Click next to continue."
37 ;!define MUI_COMPONENTSPAGE_TEXT_COMPLIST "text complist"
39 ;!define MUI_COMPONENTSPAGE_TEXT_INSTTYPE "Select components to install:"
41 ;!define MUI_COMPONENTSPAGE_TEXT_DESCRIPTION_TITLE "text abac"
43 ;!define MUI_COMPONENTSPAGE_TEXT_DESCRIPTION_INFO "text info oi"
45 !define MUI_COMPONENTSPAGE_NODESC
47 !insertmacro MUI_PAGE_WELCOME
48 !insertmacro MUI_PAGE_LICENSE "LICENSE.txt"
49 !insertmacro MUI_PAGE_COMPONENTS
50 !insertmacro MUI_PAGE_DIRECTORY
51 !insertmacro MUI_PAGE_INSTFILES
52 !insertmacro MUI_PAGE_FINISH
54 !insertmacro MUI_UNPAGE_WELCOME
55 !insertmacro MUI_UNPAGE_CONFIRM
56 !insertmacro MUI_UNPAGE_INSTFILES
57 !insertmacro MUI_UNPAGE_FINISH
59 ;--------------------------------
62 !insertmacro MUI_LANGUAGE "English"
64 ;--------------------------------
68 IfFileExists $INSTDIR\ossec.conf 0 +3
69 MessageBox MB_OKCANCEL "${NAME} is already installed. We will stop it before continuing." IDOK NoAbort
73 ;; Stopping ossec service.
74 ExecWait '"net" "stop" "OssecSvc"'
78 Section "OSSEC Agent (required)" MainSec
86 File ossec-agent.exe default-ossec.conf manage_agents.exe os_win32ui.exe win32ui.exe ossec-rootcheck.exe internal_options.conf setup-windows.exe setup-syscheck.exe setup-iis.exe service-start.exe service-stop.exe doc.html rootkit_trojans.txt rootkit_files.txt add-localfile.exe LICENSE.txt rootcheck\rootcheck.conf rootcheck\db\win_applications_rcl.txt rootcheck\db\win_malware_rcl.txt rootcheck\db\win_audit_rcl.txt help.txt vista_sec.csv route-null.cmd restart-ossec.cmd
87 WriteRegStr HKLM SOFTWARE\ossec "Install_Dir" "$INSTDIR"
89 WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "DisplayName" "OSSEC Hids Agent"
90 WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "UninstallString" '"$INSTDIR\uninstall.exe"'
91 WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "NoModify" 1
92 WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec" "NoRepair" 1
93 WriteUninstaller "uninstall.exe"
96 ; Writing version and install information
97 FileOpen $0 $INSTDIR\VERSION.txt w
99 FileWrite $0 "${NAME} v${VERSION} - "
100 FileWrite $0 "Installed on ${CDATE}"
105 CreateDirectory "$INSTDIR\rids"
106 CreateDirectory "$INSTDIR\syscheck"
107 CreateDirectory "$INSTDIR\shared"
108 CreateDirectory "$INSTDIR\active-response"
109 CreateDirectory "$INSTDIR\active-response\bin"
110 Delete "$INSTDIR\active-response\bin\route-null.cmd"
111 Delete "$INSTDIR\active-response\bin\restart-ossec.cmd"
112 Rename "$INSTDIR\rootkit_trojans.txt" "$INSTDIR\shared\rootkit_trojans.txt"
113 Rename "$INSTDIR\rootkit_files.txt" "$INSTDIR\shared\rootkit_files.txt"
114 Rename "$INSTDIR\win_malware_rcl.txt" "$INSTDIR\shared\win_malware_rcl.txt"
115 Rename "$INSTDIR\win_audit_rcl.txt" "$INSTDIR\shared\win_audit_rcl.txt"
116 Rename "$INSTDIR\win_applications_rcl.txt" "$INSTDIR\shared\win_applications_rcl.txt"
117 Rename "$INSTDIR\route-null.cmd" "$INSTDIR\active-response\bin\route-null.cmd"
118 Rename "$INSTDIR\restart-ossec.cmd" "$INSTDIR\active-response\bin\restart-ossec.cmd"
119 Delete "$SMPROGRAMS\ossec\Edit.lnk"
120 Delete "$SMPROGRAMS\ossec\Uninstall.lnk"
121 Delete "$SMPROGRAMS\ossec\Documentation.lnk"
122 Delete "$SMPROGRAMS\ossec\Edit Config.lnk"
123 Delete "$SMPROGRAMS\ossec\*.*"
125 ; Remove directories used
126 RMDir "$SMPROGRAMS\ossec"
128 ; Creating SMS directory
129 CreateDirectory "$SMPROGRAMS\ossec"
131 CreateShortCut "$SMPROGRAMS\ossec\Manage Agent.lnk" "$INSTDIR\win32ui.exe" "" "$INSTDIR\win32ui.exe" 0
132 CreateShortCut "$SMPROGRAMS\ossec\Documentation.lnk" "$INSTDIR\doc.html" "" "$INSTDIR\doc.html" 0
133 CreateShortCut "$SMPROGRAMS\ossec\Edit Config.lnk" "$INSTDIR\ossec.conf" "" "$INSTDIR\ossec.conf" 0
134 CreateShortCut "$SMPROGRAMS\ossec\Uninstall.lnk" "$INSTDIR\uninstall.exe" "" "$INSTDIR\uninstall.exe" 0
137 ; Install in the services
138 ExecWait '"$INSTDIR\ossec-agent.exe" install-service'
139 ExecWait '"$INSTDIR\setup-windows.exe" "$INSTDIR"'
140 Exec '"$INSTDIR\os_win32ui.exe" "$INSTDIR"'
144 Section "Scan and monitor IIS logs (recommended)" IISLogs
146 ExecWait '"$INSTDIR\setup-iis.exe" "$INSTDIR"'
150 Section "Enable integrity checking (recommended)" IntChecking
152 ExecWait '"$INSTDIR\setup-syscheck.exe" "$INSTDIR" "enable"'
161 ExecWait '"net" "stop" "OssecSvc"'
163 ; Uninstall from the services
164 Exec '"$INSTDIR\ossec-agent.exe" uninstall-service'
166 ; Remove registry keys
167 DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\ossec"
168 DeleteRegKey HKLM SOFTWARE\ossec
170 ; Remove files and uninstaller
171 Delete "$INSTDIR\ossec-agent.exe"
172 Delete "$INSTDIR\manage_agents.exe"
173 Delete "$INSTDIR\ossec.conf"
174 Delete "$INSTDIR\uninstall.exe"
176 Delete "$INSTDIR\rids\*"
177 Delete "$INSTDIR\syscheck\*"
178 Delete "$INSTDIR\shared\*"
179 Delete "$INSTDIR\active-response\bin\*"
180 Delete "$INSTDIR\active-response\*"
183 ; Remove shortcuts, if any
184 Delete "$SMPROGRAMS\ossec\*.*"
185 Delete "$SMPROGRAMS\ossec\*"
187 ; Remove directories used
188 RMDir "$SMPROGRAMS\ossec"
189 RMDir "$INSTDIR\shared"
190 RMDir "$INSTDIR\syscheck"
191 RMDir "$INSTDIR\rids"
192 RMDir "$INSTDIR\active-response\bin"
193 RMDir "$INSTDIR\active-response"