# Last modification: Aug 30, 2012
# Changelog 19/03/2006 - Rafael M. Capovilla <under@underlinux.com.br>
-# New function AddWhite to allow users to add more Ips in the white_list
+# New function AddWhite to allow users to add more Ips in the allow_list
# Minor *echos* modifications to better look
# Bug fix - When email address is blank
# Bug fix - delete INSTALLDIR - Default is yes but if the user just press enter the script wasn't deleting it as it should
# New function AddTable to add support for OpenBSD pf rules in firewall-drop active response
# Changelog 29 March 2012 - Adding hybrid mode (standalone + agent)
+# added fix for use of USER_AGENT_CONFIG_PROFILE in preloaded-vars
ECHO="echo -n"
hs=`echo -n "a"`
if [ ! "X$hs" = "Xa" ]; then
- ls "/usr/ucb/echo" > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -x /usr/ucb/echo ]; then
ECHO="/usr/ucb/echo -n"
else
ECHO=echo
# For solaris
echo "xxxx" | grep -E "xxx" > /dev/null 2>&1
if [ ! $? = 0 ]; then
- ls "/usr/xpg4/bin/grep" > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -x /usr/xpg4/bin/grep ]; then
PATH=/usr/xpg4/bin:$PATH
fi
fi
##########
Install()
{
- echo ""
- echo "5- ${installing}"
+ echo ""
+ echo "5- ${installing}"
- echo "DIR=\"${INSTALLDIR}\"" > ${LOCATION}
+ echo "DIR=\"${INSTALLDIR}\"" > ${LOCATION}
# Changing Config.OS with the new C flags
# Checking if debug is enabled
echo "CEXTRA=${CEXTRA}" >> ./src/Config.OS
+ MAKEBIN=make
+ ## Find make/gmake
+ if [ "X$NUNAME" = "XOpenBSD" ]; then
+ MAKEBIN=gmake
+ fi
+ if [ "X$NUNAME" = "XFreeBSD" ]; then
+ MAKEBIN=gmake
+ fi
+ if [ "X$NUNAME" = "XNetBSD" ]; then
+ MAKEBIN=gmake
+ fi
+ if [ "X$NUNAME" = "XDragonflyBSD" ]; then
+ MAKEBIN=gmake
+ fi
+ if [ "X%NUNAME" = "XBitrig" ]; then
+ MAKEBIN=gmake
+ fi
+
+
# Makefile
- echo " - ${runningmake}"
+ echo " - ${runningmake}"
cd ./src
# Binary install will use the previous generated code.
if [ "X${USER_BINARYINSTALL}" = "X" ]; then
- make all
- if [ $? != 0 ]; then
- cd ../
- catError "0x5-build"
- fi
-
- # Building everything
- make build
+ # Add DATABASE=pgsql or DATABASE=mysql to add support for database
+ # alert entry
+ ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} build
if [ $? != 0 ]; then
cd ../
catError "0x5-build"
UpdateStopOSSEC
fi
- # Making the right installation type
- if [ "X$INSTYPE" = "Xserver" ]; then
- ./InstallServer.sh
-
- elif [ "X$INSTYPE" = "Xagent" ]; then
- ./InstallAgent.sh
-
- elif [ "X$INSTYPE" = "Xlocal" ]; then
- ./InstallServer.sh local
- fi
+ ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} install
cd ../
echo " <system_audit>$INSTALLDIR/etc/shared/cis_rhel_linux_rcl.txt</system_audit>" >> $NEWCONFIG
echo " <system_audit>$INSTALLDIR/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>" >> $NEWCONFIG
echo " </rootcheck>" >> $NEWCONFIG
+ # Patch for systems that use s-nail instead of GNU Mailutils (such as Arch Linux).
+ if [ -r /usr/bin/mail ] && strings /usr/bin/mail | grep "x-shsh bash" 1> /dev/null; then
+ sed -i 's/mail !bash|/mail !/' ./src/rootcheck/db/rootkit_trojans.txt
+ fi
else
echo "" >> $NEWCONFIG
echo " <rootcheck>" >> $NEWCONFIG
LOG_FILES=`cat ${SYSLOG_TEMPLATE}`
for i in ${LOG_FILES}; do
# If log file present, add it
- ls $i > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -f "$i" ]; then
echo " -- $i"
- echo "" >> $NEWCONFIG
- echo " <localfile>" >> $NEWCONFIG
- echo " <log_format>syslog</log_format>" >> $NEWCONFIG
- echo " <location>$i</location>" >>$NEWCONFIG
- echo " </localfile>" >> $NEWCONFIG
+ echo "" >> $NEWCONFIG
+ echo " <localfile>" >> $NEWCONFIG
+ echo " <log_format>syslog</log_format>" >> $NEWCONFIG
+ echo " <location>$i</location>" >>$NEWCONFIG
+ echo " </localfile>" >> $NEWCONFIG
fi
done
# Getting snort files
SNORT_FILES=`cat ${SNORT_TEMPLATE}`
for i in ${SNORT_FILES}; do
- ls $i > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -f "$i" ]; then
echo "" >> $NEWCONFIG
echo " <localfile>" >> $NEWCONFIG
# Getting apache logs
APACHE_FILES=`cat ${APACHE_TEMPLATE}`
for i in ${APACHE_FILES}; do
- ls $i > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -f "$i" ]; then
echo "" >> $NEWCONFIG
echo " <localfile>" >> $NEWCONFIG
echo " <log_format>apache</log_format>" >> $NEWCONFIG
# Getting postgresql logs
PGSQL_FILES=`cat ${PGSQL_TEMPLATE}`
for i in ${PGSQL_FILES}; do
- ls $i > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -f "$i" ]; then
echo "" >> $NEWCONFIG
echo " <localfile>" >> $NEWCONFIG
echo " <log_format>postgresql_log</log_format>" >> $NEWCONFIG
echo "" >> $NEWCONFIG
echo " <localfile>" >> $NEWCONFIG
echo " <log_format>command</log_format>" >> $NEWCONFIG
- echo " <command>df -h</command>" >> $NEWCONFIG
+ echo " <command>df -P</command>" >> $NEWCONFIG
echo " </localfile>" >> $NEWCONFIG
echo "" >> $NEWCONFIG
echo " <localfile>" >> $NEWCONFIG
echo " <log_format>full_command</log_format>" >> $NEWCONFIG
- echo " <command>netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort</command>" >> $NEWCONFIG
+ echo " <command>netstat -tan |grep LISTEN |egrep -v '(127.0.0.1| ::1)' | sort</command>" >> $NEWCONFIG
echo " </localfile>" >> $NEWCONFIG
echo "" >> $NEWCONFIG
echo " <localfile>" >> $NEWCONFIG
elif [ "X${HNAME}" != "X" ]; then
echo " <server-hostname>$HNAME</server-hostname>" >> $NEWCONFIG
fi
+ if [ "$X{USER_AGENT_CONFIG_PROFILE}" != "X" ]; then
+ PROFILE=${USER_AGENT_CONFIG_PROFILE}
+ echo " <config-profile>$PROFILE</config-profile>" >> $NEWCONFIG
+ fi
echo " </client>" >> $NEWCONFIG
echo "" >> $NEWCONFIG
##########
ConfigureServer()
{
- echo ""
- echo "3- ${configuring} $NAME."
+ echo ""
+ echo "3- ${configuring} $NAME."
# Configuring e-mail notification
- echo ""
- $ECHO " 3.1- ${mailnotify} ($yes/$no) [$yes]: "
+ echo ""
+ $ECHO " 3.1- ${mailnotify} ($yes/$no) [$yes]: "
if [ "X${USER_ENABLE_EMAIL}" = "X" ]; then
- read ANSWER
+ read ANSWER
else
ANSWER=${USER_ENABLE_EMAIL}
fi
- case $ANSWER in
- $nomatch)
+ case $ANSWER in
+ $nomatch)
echo ""
- echo " --- ${nomail}."
- EMAILNOTIFY="no"
- ;;
- *)
- EMAILNOTIFY="yes"
- $ECHO " - ${whatsemail} "
+ echo " --- ${nomail}."
+ EMAILNOTIFY="no"
+ ;;
+ *)
+ EMAILNOTIFY="yes"
+ $ECHO " - ${whatsemail} "
if [ "X${USER_EMAIL_ADDRESS}" = "X" ]; then
read EMAIL
- echo "${EMAIL}" | grep -E "^[a-zA-Z0-9_.-]{1,36}@[a-zA-Z0-9_.-]{1,54}$" > /dev/null 2>&1 ;RVAL=$?;
+ echo "${EMAIL}" | grep -E "^[a-zA-Z0-9_.+-]{1,36}@[a-zA-Z0-9_.-]{1,54}$" > /dev/null 2>&1 ;RVAL=$?;
# Ugly e-mail validation
- while [ "$EMAIL" = "" -o ! ${RVAL} = 0 ] ; do
- $ECHO " - ${whatsemail} "
- read EMAIL
- echo "${EMAIL}" | grep -E "^[a-zA-Z0-9_.-]{1,36}@[a-zA-Z0-9_.-]{1,54}$" > /dev/null 2>&1 ;RVAL=$?;
- done
+ while [ "$EMAIL" = "" -o ! ${RVAL} = 0 ] ; do
+ $ECHO " - ${whatsemail} "
+ read EMAIL
+ echo "${EMAIL}" | grep -E "^[a-zA-Z0-9_.+-]{1,36}@[a-zA-Z0-9_.-]{1,54}$" > /dev/null 2>&1 ;RVAL=$?;
+ done
else
EMAIL=${USER_EMAIL_ADDRESS}
fi
- ls ${HOST_CMD} > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -x "$HOST_CMD" ]; then
HOSTTMP=`${HOST_CMD} -W 5 -t mx ossec.net 2>/dev/null`
if [ $? = 1 ]; then
# Trying without the -W
fi
if [ "X${SMTP}" = "X" ]; then
- $ECHO " - ${whatsmtp} "
+ $ECHO " - ${whatsmtp} "
read SMTP
fi
else
SMTP=${USER_EMAIL_SMTP}
fi
;;
- esac
+ esac
- # Writting global parameters
+ # Writting global parameters
echo "<ossec_config>" > $NEWCONFIG
- echo " <global>" >> $NEWCONFIG
- if [ "$EMAILNOTIFY" = "yes" ]; then
- echo " <email_notification>yes</email_notification>" >> $NEWCONFIG
- echo " <email_to>$EMAIL</email_to>" >> $NEWCONFIG
- echo " <smtp_server>$SMTP</smtp_server>" >> $NEWCONFIG
- echo " <email_from>ossecm@${HOST}</email_from>" >> $NEWCONFIG
- else
- echo " <email_notification>no</email_notification>" >> $NEWCONFIG
- fi
+ echo " <global>" >> $NEWCONFIG
+ if [ "$EMAILNOTIFY" = "yes" ]; then
+ echo " <email_notification>yes</email_notification>" >> $NEWCONFIG
+ echo " <email_to>$EMAIL</email_to>" >> $NEWCONFIG
+ echo " <smtp_server>$SMTP</smtp_server>" >> $NEWCONFIG
+ echo " <email_from>ossecm@${HOST}</email_from>" >> $NEWCONFIG
+ else
+ echo " <email_notification>no</email_notification>" >> $NEWCONFIG
+ fi
echo " </global>" >> $NEWCONFIG
- echo "" >> $NEWCONFIG
+ echo "" >> $NEWCONFIG
- # Writting rules configuration
+ # Writting rules configuration
cat ${RULES_TEMPLATE} >> $NEWCONFIG
- echo "" >> $NEWCONFIG
+ echo "" >> $NEWCONFIG
# Checking if syscheck should run
esac
echo "" >> $NEWCONFIG
echo " <global>" >> $NEWCONFIG
- echo " <white_list>127.0.0.1</white_list>" >> $NEWCONFIG
- echo " <white_list>^localhost.localdomain$</white_list>">>$NEWCONFIG
+ echo " <allow_list>127.0.0.1</allow_list>" >> $NEWCONFIG
+ echo " <allow_list>::1</allow_list>" >> $NEWCONFIG
+ echo " <allow_list>localhost.localdomain</allow_list>">>$NEWCONFIG
echo ""
- echo " - ${defaultwhitelist}"
+ echo " - ${defaultallowlist}"
for ip in ${NAMESERVERS} ${NAMESERVERS2};
do
if [ ! "X${ip}" = "X" ]; then
echo " - ${ip}"
- echo " <white_list>${ip}</white_list>" >>$NEWCONFIG
+ echo " <allow_list>${ip}</allow_list>" >>$NEWCONFIG
fi
done
AddWhite
if [ "X$INSTYPE" = "Xserver" ]; then
# Configuring remote syslog
- echo ""
- $ECHO " 3.5- ${syslog} ($yes/$no) [$yes]: "
+ echo ""
+ $ECHO " 3.5- ${syslog} ($yes/$no) [$yes]: "
if [ "X${USER_ENABLE_SYSLOG}" = "X" ]; then
- read ANSWER
+ read ANSWER
else
ANSWER=${USER_ENABLE_SYSLOG}
fi
echo ""
case $ANSWER in
- $nomatch)
- echo " --- ${nosyslog}."
- ;;
- *)
- echo " - ${yessyslog}."
- RLOG="yes"
- ;;
- esac
-
- # Configuring remote connections
+ $nomatch)
+ echo " --- ${nosyslog}."
+ ;;
+ *)
+ echo " - ${yessyslog}."
+ RLOG="yes"
+ ;;
+ esac
+
+ # Configuring remote connections
SLOG="yes"
- fi
+ fi
- if [ "X$RLOG" = "Xyes" ]; then
- echo "" >> $NEWCONFIG
- echo " <remote>" >> $NEWCONFIG
- echo " <connection>syslog</connection>" >> $NEWCONFIG
- echo " </remote>" >> $NEWCONFIG
- fi
+ if [ "X$RLOG" = "Xyes" ]; then
+ echo "" >> $NEWCONFIG
+ echo " <remote>" >> $NEWCONFIG
+ echo " <connection>syslog</connection>" >> $NEWCONFIG
+ echo " </remote>" >> $NEWCONFIG
+ fi
- if [ "X$SLOG" = "Xyes" ]; then
- echo "" >> $NEWCONFIG
- echo " <remote>" >> $NEWCONFIG
- echo " <connection>secure</connection>" >> $NEWCONFIG
- echo " </remote>" >> $NEWCONFIG
- fi
+ if [ "X$SLOG" = "Xyes" ]; then
+ echo "" >> $NEWCONFIG
+ echo " <remote>" >> $NEWCONFIG
+ echo " <connection>secure</connection>" >> $NEWCONFIG
+ echo " </remote>" >> $NEWCONFIG
+ fi
- # Email/log alerts
- echo "" >> $NEWCONFIG
- echo " <alerts>" >> $NEWCONFIG
+ # Email/log alerts
+ echo "" >> $NEWCONFIG
+ echo " <alerts>" >> $NEWCONFIG
echo " <log_alert_level>1</log_alert_level>" >> $NEWCONFIG
if [ "$EMAILNOTIFY" = "yes" ]; then
echo " <email_alert_level>7</email_alert_level>">> $NEWCONFIG
- fi
- echo " </alerts>" >> $NEWCONFIG
+ fi
+ echo " </alerts>" >> $NEWCONFIG
if [ "X$ACTIVERESPONSE" = "Xyes" ]; then
CEXTRA="$CEXTRA -DLOCAL"
fi
- ls $INSTALLDIR >/dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -d "$INSTALLDIR" ]; then
if [ "X${USER_DELETE_DIR}" = "X" ]; then
echo ""
$ECHO " - ${deletedir} ($yes/$no) [$yes]: "
##########
AddWhite()
{
- while [ 1 ]
- do
+ while [ 1 ]
+ do
echo ""
- $ECHO " - ${addwhite} ($yes/$no)? [$no]: "
+ $ECHO " - ${addwhite} ($yes/$no)? [$no]: "
- # If white list is set, we don't need to ask it here.
+ # If allow list is set, we don't need to ask it here.
if [ "X${USER_WHITE_LIST}" = "X" ]; then
- read ANSWER
+ read ANSWER
else
ANSWER=$yes
fi
- if [ "X${ANSWER}" = "X" ] ; then
- ANSWER=$no
- fi
+ if [ "X${ANSWER}" = "X" ] ; then
+ ANSWER=$no
+ fi
- case $ANSWER in
- $no)
- break;
- ;;
- *)
- $ECHO " - ${ipswhite}"
+ case $ANSWER in
+ $no)
+ break;
+ ;;
+ *)
+ $ECHO " - ${ipswhite}"
if [ "X${USER_WHITE_LIST}" = "X" ]; then
- read IPS
- else
+ read IPS
+ else
IPS=${USER_WHITE_LIST}
fi
- for ip in ${IPS};
- do
- if [ ! "X${ip}" = "X" ]; then
- echo $ip | grep -E "^[0-9./]{5,20}$" > /dev/null 2>&1
+ for ip in ${IPS};
+ do
+ if [ ! "X${ip}" = "X" ]; then
+ echo $ip | grep -Ei "^[0-9a-f.:/]{5,20}$" > /dev/null 2>&1
if [ $? = 0 ]; then
- echo " <white_list>${ip}</white_list>" >>$NEWCONFIG
+ echo " <allow_list>${ip}</allow_list>" >>$NEWCONFIG
fi
- fi
- done
+ fi
+ done
- break;
- ;;
- esac
- done
+ break;
+ ;;
+ esac
+ done
}
USER_LG="en"
fi
- ls "${TEMPLATE}/${USER_LG}" > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -d "${TEMPLATE}/${USER_LG}" ]; then
break;
fi
done;
else
# If provided language is not valid, default to english
- ls "${TEMPLATE}/${USER_LANGUAGE}" > /dev/null 2>&1
- if [ $? = 0 ]; then
+ if [ -d "${TEMPLATE}/${USER_LANGUAGE}" ]; then
LANGUAGE=${USER_LANGUAGE}
else
LANGUAGE="en"
case $ANSWER in
${helpm}|${help})
- catMsg "0x102-installhelp"
- ;;
+ catMsg "0x102-installhelp"
+ ;;
${server}|${serverm})
- echo ""
- echo " - ${serverchose}."
- INSTYPE="server"
- break;
- ;;
+ echo ""
+ echo " - ${serverchose}."
+ INSTYPE="server"
+ break;
+ ;;
${agent}|${agentm})
- echo ""
- echo " - ${clientchose}."
- INSTYPE="agent"
- break;
- ;;
+ echo ""
+ echo " - ${clientchose}."
+ INSTYPE="agent"
+ break;
+ ;;
${hybrid}|${hybridm})
- echo ""
- echo " - ${serverchose} (hybrid)."
- INSTYPE="server"
+ echo ""
+ echo " - ${serverchose} (hybrid)."
+ INSTYPE="server"
HYBID="go"
- break;
- ;;
+ break;
+ ;;
${local}|${localm})
- echo ""
- echo " - ${localchose}."
- INSTYPE="local"
- break;
+ echo ""
+ echo " - ${localchose}."
+ INSTYPE="local"
+ break;
;;
esac
done
echo " - ${configurationdone}."
echo ""
echo " - ${tostart}:"
- echo " $INSTALLDIR/bin/ossec-control start"
+ echo " $INSTALLDIR/bin/ossec-control start"
echo ""
echo " - ${tostop}:"
- echo " $INSTALLDIR/bin/ossec-control stop"
+ echo " $INSTALLDIR/bin/ossec-control stop"
echo ""
echo " - ${configat} $INSTALLDIR/etc/ossec.conf"
echo ""
if [ "X$notmodified" = "Xyes" ]; then
catMsg "0x105-noboot"
- echo " $INSTALLDIR/bin/ossec-control start"
+ echo " $INSTALLDIR/bin/ossec-control start"
echo ""
fi
}
echo "" >> ./etc/preloaded-vars.conf
echo 'USER_CLEANINSTALL="y"' >> ./etc/preloaded-vars.conf
echo "" >> ./etc/preloaded-vars.conf
+
+ cd src && ${MAKEBIN} clean && cd ..
./install.sh
+ rm etc/preloaded-vars.conf
fi