1#!/bin/sh 2# Installation script for the OSSEC 3# Author: Daniel B. Cid <daniel.cid@gmail.com> 4# Last modification: Aug 30, 2012 5 6# Changelog 19/03/2006 - Rafael M. Capovilla <under@underlinux.com.br> 7# New function AddWhite to allow users to add more Ips in the allow_list 8# Minor *echos* modifications to better look 9# Bug fix - When email address is blank 10# Bug fix - delete INSTALLDIR - Default is yes but if the user just press enter the script wasn't deleting it as it should 11# Changelog 15/07/2006 - Rafael M. Capovilla <under@underlinux.com.br> 12# New function AddTable to add support for OpenBSD pf rules in firewall-drop active response 13 14# Changelog 29 March 2012 - Adding hybrid mode (standalone + agent) 15# added fix for use of USER_AGENT_CONFIG_PROFILE in preloaded-vars 16 17 18 19### Looking up for the execution directory 20cd `dirname $0` 21 22 23### Looking for echo -n 24ECHO="echo -n" 25hs=`echo -n "a"` 26if [ ! "X$hs" = "Xa" ]; then 27 if [ -x /usr/ucb/echo ]; then 28 ECHO="/usr/ucb/echo -n" 29 else 30 ECHO=echo 31 fi 32fi 33 34# For solaris 35echo "xxxx" | grep -E "xxx" > /dev/null 2>&1 36if [ ! $? = 0 ]; then 37 if [ -x /usr/xpg4/bin/grep ]; then 38 PATH=/usr/xpg4/bin:$PATH 39 fi 40fi 41 42# Initializing vars 43SET_DEBUG="" 44 45# Checking for command line arguments 46for i in $*; do 47 if [ "X$i" = "Xdebug" ]; then 48 SET_DEBUG="debug" 49 elif [ "X$i" = "Xbinary-install" ]; then 50 USER_BINARYINSTALL="yes" 51 elif [ "X$i" = "Xhelp" ]; then 52 echo "$0 debug" 53 echo "$0 binary-install" 54 exit 1; 55 fi 56done 57 58 59 60########## 61# install() 62########## 63Install() 64{ 65 echo "" 66 echo "5- ${installing}" 67 68 echo "DIR=\"${INSTALLDIR}\"" > ${LOCATION} 69 70 # Changing Config.OS with the new C flags 71 # Checking if debug is enabled 72 if [ "X${SET_DEBUG}" = "Xdebug" ]; then 73 CEXTRA="${CEXTRA} -DDEBUGAD" 74 fi 75 76 echo "CEXTRA=${CEXTRA}" >> ./src/Config.OS 77 78 MAKEBIN=make 79 ## Find make/gmake 80 if [ "X$NUNAME" = "XOpenBSD" ]; then 81 MAKEBIN=gmake 82 fi 83 if [ "X$NUNAME" = "XFreeBSD" ]; then 84 MAKEBIN=gmake 85 fi 86 if [ "X$NUNAME" = "XNetBSD" ]; then 87 MAKEBIN=gmake 88 fi 89 if [ "X$NUNAME" = "XDragonflyBSD" ]; then 90 MAKEBIN=gmake 91 fi 92 if [ "X%NUNAME" = "XBitrig" ]; then 93 MAKEBIN=gmake 94 fi 95 96 97 # Makefile 98 echo " - ${runningmake}" 99 cd ./src 100 101 # Binary install will use the previous generated code. 102 if [ "X${USER_BINARYINSTALL}" = "X" ]; then 103 # Add DATABASE=pgsql or DATABASE=mysql to add support for database 104 # alert entry 105 ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} build 106 if [ $? != 0 ]; then 107 cd ../ 108 catError "0x5-build" 109 fi 110 fi 111 112 # If update, stop ossec 113 if [ "X${update_only}" = "Xyes" ]; then 114 UpdateStopOSSEC 115 fi 116 117 ${MAKEBIN} PREFIX=${INSTALLDIR} TARGET=${INSTYPE} install 118 119 cd ../ 120 121 122 # Generate the /etc/ossec-init.conf 123 VERSION_FILE="./src/VERSION" 124 VERSION=`cat ${VERSION_FILE}` 125 chmod 700 ${OSSEC_INIT} > /dev/null 2>&1 126 echo "DIRECTORY=\"${INSTALLDIR}\"" > ${OSSEC_INIT} 127 echo "VERSION=\"${VERSION}\"" >> ${OSSEC_INIT} 128 echo "DATE=\"`date`\"" >> ${OSSEC_INIT} 129 echo "TYPE=\"${INSTYPE}\"" >> ${OSSEC_INIT} 130 chmod 600 ${OSSEC_INIT} 131 cp -pr ${OSSEC_INIT} ${INSTALLDIR}${OSSEC_INIT} 132 chmod 640 ${INSTALLDIR}${OSSEC_INIT} 133 134 135 # If update_rules is set, we need to tweak 136 # ossec.conf to read the new signatures. 137 if [ "X${update_rules}" = "Xyes" ]; then 138 UpdateOSSECRules 139 fi 140 141 # If update, start OSSEC 142 if [ "X${update_only}" = "Xyes" ]; then 143 UpdateStartOSSEC 144 fi 145 146 # Calling the init script to start ossec hids during boot 147 if [ "X${update_only}" = "X" ]; then 148 runInit 149 if [ $? = 1 ]; then 150 notmodified="yes" 151 fi 152 fi 153 154} 155 156 157 158 159########## 160# UseSyscheck() 161########## 162UseSyscheck() 163{ 164 165 # Integrity check config 166 echo "" 167 $ECHO " 3.2- ${runsyscheck} ($yes/$no) [$yes]: " 168 if [ "X${USER_ENABLE_SYSCHECK}" = "X" ]; then 169 read AS 170 else 171 AS=${USER_ENABLE_SYSCHECK} 172 fi 173 echo "" 174 case $AS in 175 $nomatch) 176 echo " - ${nosyscheck}." 177 ;; 178 *) 179 SYSCHECK="yes" 180 echo " - ${yessyscheck}." 181 ;; 182 esac 183 184 # Adding to the config file 185 if [ "X$SYSCHECK" = "Xyes" ]; then 186 cat ${SYSCHECK_TEMPLATE} >> $NEWCONFIG 187 fi 188} 189 190 191 192 193########## 194# UseRootcheck() 195########## 196UseRootcheck() 197{ 198 199 # Rootkit detection configuration 200 echo "" 201 $ECHO " 3.3- ${runrootcheck} ($yes/$no) [$yes]: " 202 203 if [ "X${USER_ENABLE_ROOTCHECK}" = "X" ]; then 204 read ES 205 else 206 ES=${USER_ENABLE_ROOTCHECK} 207 fi 208 209 echo "" 210 case $ES in 211 $nomatch) 212 echo " - ${norootcheck}." 213 ;; 214 *) 215 ROOTCHECK="yes" 216 echo " - ${yesrootcheck}." 217 ;; 218 esac 219 220 221 # Adding to the config file 222 if [ "X$ROOTCHECK" = "Xyes" ]; then 223 echo "" >> $NEWCONFIG 224 echo " <rootcheck>" >> $NEWCONFIG 225 echo " <rootkit_files>$INSTALLDIR/etc/shared/rootkit_files.txt</rootkit_files>" >> $NEWCONFIG 226 echo " <rootkit_trojans>$INSTALLDIR/etc/shared/rootkit_trojans.txt</rootkit_trojans>" >> $NEWCONFIG 227 echo " <system_audit>$INSTALLDIR/etc/shared/system_audit_rcl.txt</system_audit>" >> $NEWCONFIG 228 echo " <system_audit>$INSTALLDIR/etc/shared/cis_debian_linux_rcl.txt</system_audit>" >> $NEWCONFIG 229 echo " <system_audit>$INSTALLDIR/etc/shared/cis_rhel_linux_rcl.txt</system_audit>" >> $NEWCONFIG 230 echo " <system_audit>$INSTALLDIR/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>" >> $NEWCONFIG 231 echo " </rootcheck>" >> $NEWCONFIG 232 # Patch for systems that use s-nail instead of GNU Mailutils (such as Arch Linux). 233 if [ -r /usr/bin/mail ] && strings /usr/bin/mail | grep "x-shsh bash" 1> /dev/null; then 234 sed -i 's/mail !bash|/mail !/' ./src/rootcheck/db/rootkit_trojans.txt 235 fi 236 else 237 echo "" >> $NEWCONFIG 238 echo " <rootcheck>" >> $NEWCONFIG 239 echo " <disabled>yes</disabled>" >> $NEWCONFIG 240 echo " </rootcheck>" >> $NEWCONFIG 241 fi 242} 243 244 245 246 247########## 248# SetupLogs() 249########## 250SetupLogs() 251{ 252 if [ "x${USER_CLEANINSTALL}" = "xy" ]; then 253 OPENDIR=`dirname $INSTALLDIR` 254 echo "" >> $NEWCONFIG 255 echo " <localfile>" >> $NEWCONFIG 256 echo " <log_format>ossecalert</log_format>" >> $NEWCONFIG 257 echo " <location>$OPENDIR/logs/alerts/alerts.log</location>" >>$NEWCONFIG 258 echo " </localfile>" >> $NEWCONFIG 259 echo "" >> $NEWCONFIG 260 return; 261 fi 262 263 NB=$1 264 echo "" 265 echo " $NB- ${readlogs}" 266 267 echo " <!-- Files to monitor (localfiles) -->" >> $NEWCONFIG 268 LOG_FILES=`cat ${SYSLOG_TEMPLATE}` 269 for i in ${LOG_FILES}; do 270 # If log file present, add it 271 if [ -f "$i" ]; then 272 echo " -- $i" 273 echo "" >> $NEWCONFIG 274 echo " <localfile>" >> $NEWCONFIG 275 echo " <log_format>syslog</log_format>" >> $NEWCONFIG 276 echo " <location>$i</location>" >>$NEWCONFIG 277 echo " </localfile>" >> $NEWCONFIG 278 fi 279 done 280 281 282 # Getting snort files 283 SNORT_FILES=`cat ${SNORT_TEMPLATE}` 284 for i in ${SNORT_FILES}; do 285 if [ -f "$i" ]; then 286 echo "" >> $NEWCONFIG 287 echo " <localfile>" >> $NEWCONFIG 288 289 head -n 1 $i|grep "\[**\] "|grep -v "Classification:" > /dev/null 290 if [ $? = 0 ]; then 291 echo " <log_format>snort-full</log_format>" >> $NEWCONFIG 292 echo " -- $i (snort-full file)" 293 else 294 echo " <log_format>snort-fast</log_format>" >> $NEWCONFIG 295 echo " -- $i (snort-fast file)" 296 fi 297 echo " <location>$i</location>" >>$NEWCONFIG 298 echo " </localfile>" >> $NEWCONFIG 299 fi 300 done 301 302 # Getting apache logs 303 APACHE_FILES=`cat ${APACHE_TEMPLATE}` 304 for i in ${APACHE_FILES}; do 305 if [ -f "$i" ]; then 306 echo "" >> $NEWCONFIG 307 echo " <localfile>" >> $NEWCONFIG 308 echo " <log_format>apache</log_format>" >> $NEWCONFIG 309 echo " <location>$i</location>" >>$NEWCONFIG 310 echo " </localfile>" >> $NEWCONFIG 311 312 echo " -- $i (apache log)" 313 fi 314 done 315 316 # Getting postgresql logs 317 PGSQL_FILES=`cat ${PGSQL_TEMPLATE}` 318 for i in ${PGSQL_FILES}; do 319 if [ -f "$i" ]; then 320 echo "" >> $NEWCONFIG 321 echo " <localfile>" >> $NEWCONFIG 322 echo " <log_format>postgresql_log</log_format>" >> $NEWCONFIG 323 echo " <location>$i</location>" >>$NEWCONFIG 324 echo " </localfile>" >> $NEWCONFIG 325 326 echo " -- $i (postgresql log)" 327 fi 328 done 329 330 if [ "X$NUNAME" = "XLinux" ]; then 331 echo "" >> $NEWCONFIG 332 echo " <localfile>" >> $NEWCONFIG 333 echo " <log_format>command</log_format>" >> $NEWCONFIG 334 echo " <command>df -P</command>" >> $NEWCONFIG 335 echo " </localfile>" >> $NEWCONFIG 336 echo "" >> $NEWCONFIG 337 echo " <localfile>" >> $NEWCONFIG 338 echo " <log_format>full_command</log_format>" >> $NEWCONFIG 339 echo " <command>netstat -tan |grep LISTEN |egrep -v '(127.0.0.1| ::1)' | sort</command>" >> $NEWCONFIG 340 echo " </localfile>" >> $NEWCONFIG 341 echo "" >> $NEWCONFIG 342 echo " <localfile>" >> $NEWCONFIG 343 echo " <log_format>full_command</log_format>" >> $NEWCONFIG 344 echo " <command>last -n 5</command>" >> $NEWCONFIG 345 echo " </localfile>" >> $NEWCONFIG 346 fi 347 348 349 350 351 echo "" 352 catMsg "0x106-logs" 353 354 355 if [ "X$USER_NO_STOP" = "X" ]; then 356 read ANY 357 fi 358} 359 360 361 362# install.sh 363 364########## 365# ConfigureClient() 366########## 367ConfigureClient() 368{ 369 echo "" 370 echo "3- ${configuring} $NAME." 371 echo "" 372 373 if [ "X${USER_AGENT_SERVER_IP}" = "X" -a "X${USER_AGENT_SERVER_NAME}" = "X" ]; then 374 # Looping and asking for server ip or hostname 375 while [ 1 ]; do 376 $ECHO " 3.1- ${serveraddr}: " 377 read ADDRANSWER 378 # Is it an IP? 379 echo $ADDRANSWER | grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" > /dev/null 2>&1 380 if [ $? = 0 ]; then 381 echo "" 382 IP=$ADDRANSWER 383 echo " - ${addingip} $IP" 384 break; 385 # Must be a name 386 elif [ $? != 0 ]; then 387 echo "" 388 HNAME=$ADDRANSWER 389 echo " - ${addingname} $HNAME" 390 break; 391 fi 392 done 393 else 394 IP=${USER_AGENT_SERVER_IP} 395 HNAME=${USER_AGENT_SERVER_NAME} 396 fi 397 398 echo "<ossec_config>" > $NEWCONFIG 399 echo " <client>" >> $NEWCONFIG 400 if [ "X${IP}" != "X" ]; then 401 echo " <server-ip>$IP</server-ip>" >> $NEWCONFIG 402 elif [ "X${HNAME}" != "X" ]; then 403 echo " <server-hostname>$HNAME</server-hostname>" >> $NEWCONFIG 404 fi 405 if [ "$X{USER_AGENT_CONFIG_PROFILE}" != "X" ]; then 406 PROFILE=${USER_AGENT_CONFIG_PROFILE} 407 echo " <config-profile>$PROFILE</config-profile>" >> $NEWCONFIG 408 fi 409 echo " </client>" >> $NEWCONFIG 410 echo "" >> $NEWCONFIG 411 412 # Syscheck? 413 UseSyscheck 414 415 # Rootcheck? 416 UseRootcheck 417 418 echo "" 419 $ECHO " 3.4 - ${enable_ar} ($yes/$no) [$yes]: " 420 421 if [ "X${USER_ENABLE_ACTIVE_RESPONSE}" = "X" ]; then 422 read ANY 423 else 424 ANY=${USER_ENABLE_ACTIVE_RESPONSE} 425 fi 426 427 case $ANY in 428 $nomatch) 429 echo "" 430 echo " - ${noactive}." 431 echo "" >> $NEWCONFIG 432 echo " <active-response>" >> $NEWCONFIG 433 echo " <disabled>yes</disabled>" >> $NEWCONFIG 434 echo " </active-response>" >> $NEWCONFIG 435 echo "" >> $NEWCONFIG 436 ;; 437 *) 438 ACTIVERESPONSE="yes" 439 echo "" 440 ;; 441 esac 442 443 # Set up the log files 444 SetupLogs "3.5" 445 446 echo "</ossec_config>" >> $NEWCONFIG 447} 448 449 450 451 452########## 453# ConfigureServer() 454########## 455ConfigureServer() 456{ 457 echo "" 458 echo "3- ${configuring} $NAME." 459 460 461 # Configuring e-mail notification 462 echo "" 463 $ECHO " 3.1- ${mailnotify} ($yes/$no) [$yes]: " 464 465 if [ "X${USER_ENABLE_EMAIL}" = "X" ]; then 466 read ANSWER 467 else 468 ANSWER=${USER_ENABLE_EMAIL} 469 fi 470 471 case $ANSWER in 472 $nomatch) 473 echo "" 474 echo " --- ${nomail}." 475 EMAILNOTIFY="no" 476 ;; 477 *) 478 EMAILNOTIFY="yes" 479 $ECHO " - ${whatsemail} " 480 if [ "X${USER_EMAIL_ADDRESS}" = "X" ]; then 481 482 read EMAIL 483 echo "${EMAIL}" | grep -E "^[a-zA-Z0-9_.+-]{1,36}@[a-zA-Z0-9_.-]{1,54}$" > /dev/null 2>&1 ;RVAL=$?; 484 # Ugly e-mail validation 485 while [ "$EMAIL" = "" -o ! ${RVAL} = 0 ] ; do 486 $ECHO " - ${whatsemail} " 487 read EMAIL 488 echo "${EMAIL}" | grep -E "^[a-zA-Z0-9_.+-]{1,36}@[a-zA-Z0-9_.-]{1,54}$" > /dev/null 2>&1 ;RVAL=$?; 489 done 490 else 491 EMAIL=${USER_EMAIL_ADDRESS} 492 fi 493 494 if [ -x "$HOST_CMD" ]; then 495 HOSTTMP=`${HOST_CMD} -W 5 -t mx ossec.net 2>/dev/null` 496 if [ $? = 1 ]; then 497 # Trying without the -W 498 HOSTTMP=`${HOST_CMD} -t mx ossec.net 2>/dev/null` 499 fi 500 echo "x$HOSTTMP" | grep "ossec.net mail is handled" > /dev/null 2>&1 501 if [ $? = 0 ]; then 502 # Breaking down the user e-mail 503 EMAILHOST=`echo ${EMAIL} | cut -d "@" -f 2` 504 if [ "X${EMAILHOST}" = "Xlocalhost" ]; then 505 SMTPHOST="127.0.0.1" 506 else 507 HOSTTMP=`${HOST_CMD} -W 5 -t mx ${EMAILHOST}` 508 SMTPHOST=`echo ${HOSTTMP} | cut -d " " -f 7` 509 fi 510 fi 511 fi 512 513 if [ "X${USER_EMAIL_SMTP}" = "X" ]; then 514 if [ "X${SMTPHOST}" != "X" ]; then 515 echo "" 516 echo " - ${yoursmtp}: ${SMTPHOST}" 517 $ECHO " - ${usesmtp} ($yes/$no) [$yes]: " 518 read EMAIL2 519 case ${EMAIL2} in 520 $nomatch) 521 echo "" 522 SMTP="" 523 ;; 524 *) 525 SMTP=${SMTPHOST} 526 echo "" 527 echo " --- ${usingsmtp} ${SMTP}" 528 ;; 529 esac 530 fi 531 532 if [ "X${SMTP}" = "X" ]; then 533 $ECHO " - ${whatsmtp} " 534 read SMTP 535 fi 536 else 537 SMTP=${USER_EMAIL_SMTP} 538 fi 539 ;; 540 esac 541 542 543 # Writting global parameters 544 echo "<ossec_config>" > $NEWCONFIG 545 echo " <global>" >> $NEWCONFIG 546 if [ "$EMAILNOTIFY" = "yes" ]; then 547 echo " <email_notification>yes</email_notification>" >> $NEWCONFIG 548 echo " <email_to>$EMAIL</email_to>" >> $NEWCONFIG 549 echo " <smtp_server>$SMTP</smtp_server>" >> $NEWCONFIG 550 echo " <email_from>ossecm@${HOST}</email_from>" >> $NEWCONFIG 551 else 552 echo " <email_notification>no</email_notification>" >> $NEWCONFIG 553 fi 554 555 echo " </global>" >> $NEWCONFIG 556 echo "" >> $NEWCONFIG 557 558 # Writting rules configuration 559 cat ${RULES_TEMPLATE} >> $NEWCONFIG 560 echo "" >> $NEWCONFIG 561 562 563 # Checking if syscheck should run 564 UseSyscheck 565 566 # Checking if rootcheck should run 567 UseRootcheck 568 569 570 # Active response 571 catMsg "0x107-ar" 572 $ECHO " - ${enable_ar} ($yes/$no) [$yes]: " 573 574 if [ "X${USER_ENABLE_ACTIVE_RESPONSE}" = "X" ]; then 575 read AR 576 else 577 AR=${USER_ENABLE_ACTIVE_RESPONSE} 578 fi 579 580 case $AR in 581 $nomatch) 582 echo "" 583 echo " - ${noactive}." 584 echo "" >> $NEWCONFIG 585 echo " <active-response>" >> $NEWCONFIG 586 echo " <disabled>yes</disabled>" >> $NEWCONFIG 587 echo " </active-response>" >> $NEWCONFIG 588 echo "" >> $NEWCONFIG 589 ;; 590 *) 591 ACTIVERESPONSE="yes" 592 echo "" 593 catMsg "0x108-ar-enabled" 594 595 echo "" 596 $ECHO " - ${firewallar} ($yes/$no) [$yes]: " 597 598 if [ "X${USER_ENABLE_FIREWALL_RESPONSE}" = "X" ]; then 599 read HD2 600 else 601 HD2=${USER_ENABLE_FIREWALL_RESPONSE} 602 fi 603 604 echo "" 605 case $HD2 in 606 $nomatch) 607 echo " - ${nofirewall}" 608 ;; 609 *) 610 echo " - ${yesfirewall}" 611 FIREWALLDROP="yes" 612 ;; 613 esac 614 echo "" >> $NEWCONFIG 615 echo " <global>" >> $NEWCONFIG 616 echo " <allow_list>127.0.0.1</allow_list>" >> $NEWCONFIG 617 echo " <allow_list>::1</allow_list>" >> $NEWCONFIG 618 echo " <allow_list>localhost.localdomain</allow_list>">>$NEWCONFIG 619 echo "" 620 echo " - ${defaultallowlist}" 621 for ip in ${NAMESERVERS} ${NAMESERVERS2}; 622 do 623 if [ ! "X${ip}" = "X" ]; then 624 echo " - ${ip}" 625 echo " <allow_list>${ip}</allow_list>" >>$NEWCONFIG 626 fi 627 done 628 AddWhite 629 630 # If Openbsd or Freebsd with pf enable, ask about 631 # automatically setting it up. 632 # Commenting it out in case I change my mind about it 633 # later. 634 #if [ "X`sh ./src/init/fw-check.sh`" = "XPF" ]; then 635 # echo "" 636 # $ECHO " - ${pfenable} ($yes/$no) [$yes]: " 637 # if [ "X${USER_ENABLE_PF}" = "X" ]; then 638 # read PFENABLE 639 # else 640 # PFENABLE=${USER_ENABLE_PF} 641 # fi 642 # 643 # echo "" 644 # case $PFENABLE in 645 # $nomatch) 646 # echo " - ${nopf}" 647 # ;; 648 # *) 649 # AddPFTable 650 # ;; 651 # esac 652 #fi 653 654 echo " </global>" >> $NEWCONFIG 655 ;; 656 esac 657 658 659 if [ "X$INSTYPE" = "Xserver" ]; then 660 # Configuring remote syslog 661 echo "" 662 $ECHO " 3.5- ${syslog} ($yes/$no) [$yes]: " 663 664 if [ "X${USER_ENABLE_SYSLOG}" = "X" ]; then 665 read ANSWER 666 else 667 ANSWER=${USER_ENABLE_SYSLOG} 668 fi 669 670 echo "" 671 case $ANSWER in 672 $nomatch) 673 echo " --- ${nosyslog}." 674 ;; 675 *) 676 echo " - ${yessyslog}." 677 RLOG="yes" 678 ;; 679 esac 680 681 # Configuring remote connections 682 SLOG="yes" 683 fi 684 685 686 687 if [ "X$RLOG" = "Xyes" ]; then 688 echo "" >> $NEWCONFIG 689 echo " <remote>" >> $NEWCONFIG 690 echo " <connection>syslog</connection>" >> $NEWCONFIG 691 echo " </remote>" >> $NEWCONFIG 692 fi 693 694 if [ "X$SLOG" = "Xyes" ]; then 695 echo "" >> $NEWCONFIG 696 echo " <remote>" >> $NEWCONFIG 697 echo " <connection>secure</connection>" >> $NEWCONFIG 698 echo " </remote>" >> $NEWCONFIG 699 fi 700 701 702 # Email/log alerts 703 echo "" >> $NEWCONFIG 704 echo " <alerts>" >> $NEWCONFIG 705 echo " <log_alert_level>1</log_alert_level>" >> $NEWCONFIG 706 if [ "$EMAILNOTIFY" = "yes" ]; then 707 echo " <email_alert_level>7</email_alert_level>">> $NEWCONFIG 708 fi 709 echo " </alerts>" >> $NEWCONFIG 710 711 712 if [ "X$ACTIVERESPONSE" = "Xyes" ]; then 713 # Add commands in here 714 echo "" >> $NEWCONFIG 715 cat ${HOST_DENY_TEMPLATE} >> $NEWCONFIG 716 echo "" >> $NEWCONFIG 717 cat ${FIREWALL_DROP_TEMPLATE} >> $NEWCONFIG 718 echo "" >> $NEWCONFIG 719 cat ${DISABLE_ACCOUNT_TEMPLATE} >> $NEWCONFIG 720 echo "" >> $NEWCONFIG 721 cat ${ROUTENULL_TEMPLATE} >> $NEWCONFIG 722 echo "" >> $NEWCONFIG 723 724 if [ "X$FIREWALLDROP" = "Xyes" ]; then 725 echo "" >> $NEWCONFIG 726 cat ${ACTIVE_RESPONSE_TEMPLATE} >> $NEWCONFIG 727 echo "" >> $NEWCONFIG 728 fi 729 fi 730 731 # Setting up the logs 732 SetupLogs "3.6" 733 echo "</ossec_config>" >> $NEWCONFIG 734} 735 736 737 738 739########## 740# setEnv() 741########## 742setEnv() 743{ 744 echo "" 745 echo "2- ${settingupenv}." 746 747 echo "" 748 if [ "X${USER_DIR}" = "X" ]; then 749 while [ 1 ]; do 750 $ECHO " - ${wheretoinstall} [$INSTALLDIR]: " 751 read ANSWER 752 if [ ! "X$ANSWER" = "X" ]; then 753 echo $ANSWER |grep -E "^/[a-zA-Z0-9./_-]{3,128}$">/dev/null 2>&1 754 if [ $? = 0 ]; then 755 INSTALLDIR=$ANSWER; 756 break; 757 fi 758 else 759 break; 760 fi 761 done 762 else 763 INSTALLDIR=${USER_DIR} 764 fi 765 766 767 CEXTRA="$CEXTRA -DDEFAULTDIR=\\\"${INSTALLDIR}\\\"" 768 769 echo "" 770 echo " - ${installat} ${INSTALLDIR} ." 771 772 773 if [ "X$INSTYPE" = "Xagent" ]; then 774 CEXTRA="$CEXTRA -DCLIENT" 775 elif [ "X$INSTYPE" = "Xlocal" ]; then 776 CEXTRA="$CEXTRA -DLOCAL" 777 fi 778 779 if [ -d "$INSTALLDIR" ]; then 780 if [ "X${USER_DELETE_DIR}" = "X" ]; then 781 echo "" 782 $ECHO " - ${deletedir} ($yes/$no) [$yes]: " 783 read ANSWER 784 else 785 ANSWER=${USER_DELETE_DIR} 786 fi 787 788 case $ANSWER in 789 $yesmatch) 790 rm -rf $INSTALLDIR 791 if [ ! $? = 0 ]; then 792 exit 2; 793 fi 794 ;; 795 esac 796 fi 797} 798 799 800 801 802########## 803# checkDependencies() 804# Thanks to gabriel@macacos.org 805########## 806checkDependencies() 807{ 808 echo "" 809 OLDOPATH=$PATH 810 if [ "X$NUNAME" = "XSunOS" ]; then 811 PATH=$PATH:/usr/ccs/bin:/usr/xpg4/bin:/opt/csw/gcc3/bin:/opt/csw/bin:/usr/sfw/bin 812 export PATH 813 elif [ "X$NUNAME" = "XAIX" ]; then 814 PATH=$PATH:/usr/vac/bin 815 export PATH 816 fi 817 818 PATH=$OLDOPATH 819 export PATH 820} 821 822########## 823# AddWhite() 824########## 825AddWhite() 826{ 827 while [ 1 ] 828 do 829 echo "" 830 $ECHO " - ${addwhite} ($yes/$no)? [$no]: " 831 832 # If allow list is set, we don't need to ask it here. 833 if [ "X${USER_WHITE_LIST}" = "X" ]; then 834 read ANSWER 835 else 836 ANSWER=$yes 837 fi 838 839 if [ "X${ANSWER}" = "X" ] ; then 840 ANSWER=$no 841 fi 842 843 case $ANSWER in 844 $no) 845 break; 846 ;; 847 *) 848 $ECHO " - ${ipswhite}" 849 if [ "X${USER_WHITE_LIST}" = "X" ]; then 850 read IPS 851 else 852 IPS=${USER_WHITE_LIST} 853 fi 854 855 for ip in ${IPS}; 856 do 857 if [ ! "X${ip}" = "X" ]; then 858 echo $ip | grep -Ei "^[0-9a-f.:/]{5,20}$" > /dev/null 2>&1 859 if [ $? = 0 ]; then 860 echo " <allow_list>${ip}</allow_list>" >>$NEWCONFIG 861 fi 862 fi 863 done 864 865 break; 866 ;; 867 esac 868 done 869} 870 871 872########## 873# AddPFTable() 874########## 875AddPFTable() 876{ 877 #default pf rules 878 TABLE="ossec_fwtable" 879 880 # Add table to the first line 881 echo "" 882 echo " - ${pfmessage}:" 883 echo " ${moreinfo}" 884 echo " http://www.ossec.net/en/manual.html#active-response-tools" 885 886 echo "" 887 echo "" 888 echo " table <${TABLE}> persist #$TABLE " 889 echo " block in quick from <${TABLE}> to any" 890 echo " block out quick from any to <${TABLE}>" 891 echo "" 892 echo "" 893 894} 895 896########## 897# main() 898########## 899main() 900{ 901 LG="en" 902 LANGUAGE="en" 903 . ./src/init/shared.sh 904 . ./src/init/functions.sh 905 906 # Reading pre-defined file 907 if [ ! `isFile ${PREDEF_FILE}` = "${FALSE}" ]; then 908 . ${PREDEF_FILE} 909 fi 910 911 # If user language is not set 912 913 if [ "X${USER_LANGUAGE}" = "X" ]; then 914 915 # Choosing the language. 916 while [ 1 ]; do 917 echo "" 918 for i in `ls ${TEMPLATE}`; do 919 # ignore CVS (should not be there anyways and config) 920 if [ "$i" = "CVS" -o "$i" = "config" ]; then continue; fi 921 cat "${TEMPLATE}/$i/language.txt" 922 if [ ! "$i" = "en" ]; then 923 LG="${LG}/$i" 924 fi 925 done 926 $ECHO " (${LG}) [en]: " 927 read USER_LG; 928 929 if [ "X${USER_LG}" = "X" ]; then 930 USER_LG="en" 931 fi 932 933 if [ -d "${TEMPLATE}/${USER_LG}" ]; then 934 break; 935 fi 936 done; 937 938 LANGUAGE=${USER_LG} 939 940 else 941 942 # If provided language is not valid, default to english 943 if [ -d "${TEMPLATE}/${USER_LANGUAGE}" ]; then 944 LANGUAGE=${USER_LANGUAGE} 945 else 946 LANGUAGE="en" 947 fi 948 949 fi # for USER_LANGUAGE 950 951 952 . ./src/init/shared.sh 953 . ./src/init/language.sh 954 . ./src/init/functions.sh 955 . ./src/init/init.sh 956 . ${TEMPLATE}/${LANGUAGE}/messages.txt 957 958 959 # Must be executed as ./install.sh 960 if [ `isFile ${VERSION_FILE}` = "${FALSE}" ]; then 961 catError "0x1-location"; 962 fi 963 964 # Must be root 965 if [ ! "X$ME" = "Xroot" ]; then 966 catError "0x2-beroot"; 967 fi 968 969 # Checking dependencies 970 checkDependencies 971 972 clear 973 974 975 # Initial message 976 echo " $NAME $VERSION ${installscript} - http://www.ossec.net" 977 978 catMsg "0x101-initial" 979 980 echo " - $system: $UNAME" 981 echo " - $user: $ME" 982 echo " - $host: $HOST" 983 echo "" 984 echo "" 985 echo " -- $hitanyorabort --" 986 987 if [ "X$USER_NO_STOP" = "X" ]; then 988 read ANY 989 fi 990 991 . ./src/init/update.sh 992 # Is this an update? 993 if [ "`isUpdate`" = "${TRUE}" -a "x${USER_CLEANINSTALL}" = "x" ]; then 994 echo "" 995 ct="1" 996 while [ $ct = "1" ]; do 997 ct="0" 998 $ECHO " - ${wanttoupdate} ($yes/$no): " 999 if [ "X${USER_UPDATE}" = "X" ]; then 1000 read ANY 1001 else 1002 ANY=$yes 1003 fi 1004 1005 case $ANY in 1006 $yes) 1007 update_only="yes" 1008 break; 1009 ;; 1010 $no) 1011 break; 1012 ;; 1013 *) 1014 ct="1" 1015 ;; 1016 esac 1017 done 1018 1019 1020 # Do some of the update steps. 1021 if [ "X${update_only}" = "Xyes" ]; then 1022 . ./src/init/update.sh 1023 1024 if [ "`doUpdatecleanup`" = "${FALSE}" ]; then 1025 # Disabling update 1026 echo "" 1027 echo "${unabletoupdate}" 1028 sleep 5; 1029 update_only="" 1030 else 1031 # Get update 1032 USER_INSTALL_TYPE=`getPreinstalled` 1033 USER_DIR=`getPreinstalledDir` 1034 USER_DELETE_DIR="$nomatch" 1035 fi 1036 1037 ct="1" 1038 1039 # We dont need to update the rules on agent installs 1040 if [ "X${USER_INSTALL_TYPE}" = "Xagent" ]; then 1041 ct="0" 1042 fi 1043 1044 while [ $ct = "1" ]; do 1045 ct="0" 1046 $ECHO " - ${updaterules} ($yes/$no): " 1047 if [ "X${USER_UPDATE_RULES}" = "X" ]; then 1048 read ANY 1049 else 1050 ANY=$yes 1051 fi 1052 1053 case $ANY in 1054 $yes) 1055 update_rules="yes" 1056 break; 1057 ;; 1058 $no) 1059 break; 1060 ;; 1061 *) 1062 ct="1" 1063 ;; 1064 esac 1065 done 1066 fi 1067 echo "" 1068 fi 1069 1070 hybrid="hybrid" 1071 HYBID="" 1072 hybridm=`echo ${hybrid} | cut -b 1` 1073 serverm=`echo ${server} | cut -b 1` 1074 localm=`echo ${local} | cut -b 1` 1075 agentm=`echo ${agent} | cut -b 1` 1076 helpm=`echo ${help} | cut -b 1` 1077 1078 # If user install type is not set, ask for it. 1079 if [ "X${USER_INSTALL_TYPE}" = "X" ]; then 1080 1081 # Loop for the installation options 1082 while [ 1 ] 1083 do 1084 echo "" 1085 $ECHO "1- ${whattoinstall} " 1086 1087 read ANSWER 1088 case $ANSWER in 1089 1090 ${helpm}|${help}) 1091 catMsg "0x102-installhelp" 1092 ;; 1093 1094 ${server}|${serverm}) 1095 echo "" 1096 echo " - ${serverchose}." 1097 INSTYPE="server" 1098 break; 1099 ;; 1100 1101 ${agent}|${agentm}) 1102 echo "" 1103 echo " - ${clientchose}." 1104 INSTYPE="agent" 1105 break; 1106 ;; 1107 1108 ${hybrid}|${hybridm}) 1109 echo "" 1110 echo " - ${serverchose} (hybrid)." 1111 INSTYPE="server" 1112 HYBID="go" 1113 break; 1114 ;; 1115 ${local}|${localm}) 1116 echo "" 1117 echo " - ${localchose}." 1118 INSTYPE="local" 1119 break; 1120 ;; 1121 esac 1122 done 1123 1124 else 1125 INSTYPE=${USER_INSTALL_TYPE} 1126 fi 1127 1128 1129 # Setting up the environment 1130 setEnv 1131 1132 1133 # Configuring the system (based on the installation type) 1134 if [ "X${update_only}" = "X" ]; then 1135 if [ "X$INSTYPE" = "Xserver" ]; then 1136 ConfigureServer 1137 elif [ "X$INSTYPE" = "Xagent" ]; then 1138 ConfigureClient 1139 elif [ "X$INSTYPE" = "Xlocal" ]; then 1140 ConfigureServer 1141 else 1142 catError "0x4-installtype" 1143 fi 1144 fi 1145 1146 # Installing (calls the respective script 1147 # -- InstallAgent.sh or InstallServer.sh 1148 Install 1149 1150 # User messages 1151 echo "" 1152 echo " - ${configurationdone}." 1153 echo "" 1154 echo " - ${tostart}:" 1155 echo " $INSTALLDIR/bin/ossec-control start" 1156 echo "" 1157 echo " - ${tostop}:" 1158 echo " $INSTALLDIR/bin/ossec-control stop" 1159 echo "" 1160 echo " - ${configat} $INSTALLDIR/etc/ossec.conf" 1161 echo "" 1162 1163 1164 catMsg "0x103-thanksforusing" 1165 1166 1167 if [ "X${update_only}" = "Xyes" ]; then 1168 # Message for the update 1169 if [ "X`sh ./src/init/fw-check.sh`" = "XPF" -a "X${ACTIVERESPONSE}" = "Xyes" ]; then 1170 if [ "X$USER_NO_STOP" = "X" ]; then 1171 read ANY 1172 fi 1173 AddPFTable 1174 fi 1175 echo "" 1176 echo " - ${updatecompleted}" 1177 echo "" 1178 exit 0; 1179 fi 1180 1181 1182 if [ "X$USER_NO_STOP" = "X" ]; then 1183 read ANY 1184 fi 1185 1186 1187 # PF firewall message 1188 if [ "X`sh ./src/init/fw-check.sh`" = "XPF" -a "X${ACTIVERESPONSE}" = "Xyes" ]; then 1189 AddPFTable 1190 fi 1191 1192 1193 if [ "X$INSTYPE" = "Xserver" ]; then 1194 echo "" 1195 echo " - ${addserveragent}" 1196 echo " ${runma}:" 1197 echo "" 1198 echo " $INSTALLDIR/bin/manage_agents" 1199 echo "" 1200 echo " ${moreinfo}" 1201 echo " http://www.ossec.net/en/manual.html#ma" 1202 echo "" 1203 1204 elif [ "X$INSTYPE" = "Xagent" ]; then 1205 catMsg "0x104-client" 1206 echo " $INSTALLDIR/bin/manage_agents" 1207 echo "" 1208 echo " ${moreinfo}" 1209 echo " http://www.ossec.net/en/manual.html#ma" 1210 echo "" 1211 fi 1212 1213 if [ "X$notmodified" = "Xyes" ]; then 1214 catMsg "0x105-noboot" 1215 echo " $INSTALLDIR/bin/ossec-control start" 1216 echo "" 1217 fi 1218} 1219 1220_f_cfg="./install.cfg.sh" 1221 1222if [ -f $_f_cfg ]; then 1223 . $_f_cfg 1224fi 1225 1226### Calling main function where everything happens 1227main 1228 1229 1230if [ "x$HYBID" = "xgo" ]; then 1231 echo " --------------------------------------------" 1232 echo " Finishing Hybrid setup (agent configuration)" 1233 echo " --------------------------------------------" 1234 echo 'USER_LANGUAGE="en"' > ./etc/preloaded-vars.conf 1235 echo "" >> ./etc/preloaded-vars.conf 1236 echo 'USER_NO_STOP="y"' >> ./etc/preloaded-vars.conf 1237 echo "" >> ./etc/preloaded-vars.conf 1238 echo 'USER_INSTALL_TYPE="agent"' >> ./etc/preloaded-vars.conf 1239 echo "" >> ./etc/preloaded-vars.conf 1240 echo "USER_DIR=\"$INSTALLDIR/ossec-agent\"" >> ./etc/preloaded-vars.conf 1241 echo "" >> ./etc/preloaded-vars.conf 1242 echo 'USER_ENABLE_ROOTCHECK="n"' >> ./etc/preloaded-vars.conf 1243 echo "" >> ./etc/preloaded-vars.conf 1244 echo 'USER_ENABLE_SYSCHECK="n"' >> ./etc/preloaded-vars.conf 1245 echo "" >> ./etc/preloaded-vars.conf 1246 echo 'USER_ENABLE_ACTIVE_RESPONSE="n"' >> ./etc/preloaded-vars.conf 1247 echo "" >> ./etc/preloaded-vars.conf 1248 echo 'USER_UPDATE="n"' >> ./etc/preloaded-vars.conf 1249 echo "" >> ./etc/preloaded-vars.conf 1250 echo 'USER_UPDATE_RULES="n"' >> ./etc/preloaded-vars.conf 1251 echo "" >> ./etc/preloaded-vars.conf 1252 echo 'USER_CLEANINSTALL="y"' >> ./etc/preloaded-vars.conf 1253 echo "" >> ./etc/preloaded-vars.conf 1254 1255 cd src && ${MAKEBIN} clean && cd .. 1256 ./install.sh 1257 rm etc/preloaded-vars.conf 1258fi 1259 1260 1261exit 0 1262 1263 1264 1265#### exit ? ### 1266