id -u ${USER} > /dev/null 2>&1
if [ ! $? = 0 ]; then
- # Creating for 10.5 and 10.6
- /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.5.|10.6" > /dev/null 2>&1
+ # Creating for <= 10.4
+ /usr/bin/sw_vers 2>/dev/null| grep "ProductVersion" | grep -E "10.2.|10.3|10.4" > /dev/null 2>&1
if [ $? = 0 ]; then
- chmod +x ./init/osx105-addusers.sh
- ./init/osx105-addusers.sh
- else
chmod +x ./init/darwin-addusers.pl
./init/darwin-addusers.pl
+ else
+ chmod +x ./init/osx105-addusers.sh
+ ./init/osx105-addusers.sh
fi
fi
else
done
# Default for all directories
-chmod -R 550 ${DIR}
-chown -R root:${GROUP} ${DIR}
+chmod 550 ${DIR}
+chmod 550 ${DIR}/*
+chown root:${GROUP} ${DIR}
+chown root:${GROUP} ${DIR}/*
# AnalysisD needs to write to alerts: log, mail and cmds
chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
# To the ossec fts queue
chown -R ${USER}:${GROUP} ${DIR}/queue/fts
chmod -R 750 ${DIR}/queue/fts
-chmod 740 ${DIR}/queue/fts/* > /dev/null 2>&1
+chmod 750 ${DIR}/queue/fts/* > /dev/null 2>&1
# To the ossec syscheck/rootcheck queue
chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
chmod -R 750 ${DIR}/queue/rootcheck
chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1
-chown -R ${USER}:${GROUP} ${DIR}/queue/diff
-chmod -R 750 ${DIR}/queue/diff
+chown ${USER}:${GROUP} ${DIR}/queue/diff
+chown ${USER}:${GROUP} ${DIR}/queue/diff/* > /dev/null 2>&1
+chmod 750 ${DIR}/queue/diff
chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1
chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
-chmod -R 755 ${DIR}/queue/agent-info
-chmod 744 ${DIR}/queue/agent-info/* > /dev/null 2>&1
+chmod -R 750 ${DIR}/queue/agent-info
+chmod 740 ${DIR}/queue/agent-info/* > /dev/null 2>&1
chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
-chmod -R 755 ${DIR}/queue/rids
-chmod 744 ${DIR}/queue/rids/* > /dev/null 2>&1
+chmod -R 750 ${DIR}/queue/rids
+chmod 740 ${DIR}/queue/rids/* > /dev/null 2>&1
chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
-chmod -R 755 ${DIR}/queue/agentless
-chmod 744 ${DIR}/queue/agentless/* > /dev/null 2>&1
+chmod -R 750 ${DIR}/queue/agentless
+chmod 740 ${DIR}/queue/agentless/* > /dev/null 2>&1
+
+chown -R root:${GROUP} ${DIR}/tmp
+chmod 1550 ${DIR}/tmp
# For the stats directory
chmod -R 750 ${DIR}/logs
touch ${DIR}/logs/ossec.log
chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
-chmod 664 ${DIR}/logs/ossec.log
+chmod 660 ${DIR}/logs/ossec.log
+
+touch ${DIR}/logs/active-responses.log
+chown ${USER}:${GROUP} ${DIR}/logs/active-responses.log
+chmod 660 ${DIR}/logs/active-responses.log
# For the rules directory
ls ${DIR}/rules/*.xml > /dev/null 2>&1
fi
cp -pr ../etc/rules/* ${DIR}/rules/
+find ${DIR}/rules/ -type f -exec chmod 440 {} \;
# If the local_rules is saved, moved it back
ls ${DIR}/rules/saved_local_rules.xml.$$ > /dev/null 2>&1
ls /etc/localtime > /dev/null 2>&1
if [ $? = 0 ]; then
cp -pL /etc/localtime ${DIR}/etc/;
- chmod 555 ${DIR}/etc/localtime
+ chmod 440 ${DIR}/etc/localtime
chown root:${GROUP} ${DIR}/etc/localtime
fi
# Solaris Needs some extra files
if [ "$UNAME" = "SunOS" ]; then
mkdir -p ${DIR}/usr/share/lib/zoneinfo/
- chmod -R 555 ${DIR}/usr/
+ chmod -R 550 ${DIR}/usr/
cp -pr /usr/share/lib/zoneinfo/* ${DIR}/usr/share/lib/zoneinfo/
fi
ls /etc/TIMEZONE > /dev/null 2>&1
if [ $? = 0 ]; then
cp -p /etc/TIMEZONE ${DIR}/etc/;
- chmod 555 ${DIR}/etc/TIMEZONE
+ chmod 550 ${DIR}/etc/TIMEZONE
fi
chown root:${GROUP} ${DIR}/var/run
# Moving the binary files
-cp -pr ../bin/ossec* ${DIR}/bin/
-cp -pr ../bin/manage_agents ${DIR}/bin/
-cp -pr ../bin/syscheck_update ${DIR}/bin/
-cp -pr ../bin/verify-agent-conf ${DIR}/bin/
-cp -pr ../bin/clear_stats ${DIR}/bin/
-cp -pr ../bin/list_agents ${DIR}/bin/
-cp -pr ../bin/agent_control ${DIR}/bin/
-cp -pr ../bin/syscheck_control ${DIR}/bin/
-cp -pr ../bin/rootcheck_control ${DIR}/bin/
+cp -pr addagent/manage_agents agentlessd/ossec-agentlessd \
+ analysisd/ossec-analysisd logcollector/ossec-logcollector \
+ monitord/ossec-monitord monitord/ossec-reportd \
+ os_execd/ossec-execd os_maild/ossec-maild \
+ remoted/ossec-remoted syscheckd/ossec-syscheckd \
+ analysisd/ossec-logtest os_csyslogd/ossec-csyslogd \
+ os_auth/ossec-authd os_dbd/ossec-dbd analysisd/ossec-makelists \
+ ${DIR}/bin/
+
+cp -pr util/verify-agent-conf ${DIR}/bin/
+cp -pr util/clear_stats ${DIR}/bin/
+cp -pr util/list_agents ${DIR}/bin/
+cp -pr util/ossec-regex ${DIR}/bin/
+cp -pr util/syscheck_update ${DIR}/bin/
+cp -pr util/agent_control ${DIR}/bin/
+cp -pr util/syscheck_control ${DIR}/bin/
+cp -pr util/rootcheck_control ${DIR}/bin/
+cp -pr external/lua/src/ossec-lua ${DIR}/bin/
+cp -pr external/lua/src/ossec-luac ${DIR}/bin/
+cp -pr ../contrib/util.sh ${DIR}/bin/
+chown root:${GROUP} ${DIR}/bin/util.sh
+chmod +x ${DIR}/bin/util.sh
# Local install chosen
if [ "X$LOCAL" = "Xlocal" ]; then
cp -p ../active-response/*.sh ${DIR}/active-response/bin/
cp -p ../active-response/firewalls/*.sh ${DIR}/active-response/bin/
-chmod 755 ${DIR}/active-response/bin/*
+chmod 550 ${DIR}/active-response/bin/*
chown root:${GROUP} ${DIR}/active-response/bin/*
chown root:${GROUP} ${DIR}/bin/*