#!/bin/sh
# postinst script for ossec-hids

set -e

case "$1" in
    configure)

	DIR="/var/ossec/"
	USER="ossec"
	USER_MAIL="ossecm"
	USER_REM="ossecr"
	GROUP="ossec"
	OSSEC_HIDS_TMP_DIR="/tmp/ossec-hids"

	OSMYSHELL="/sbin/nologin"
        if [ ! -f ${OSMYSHELL} ]; then 
	    if [ -f "/bin/false" ]; then
	        OSMYSHELL="/bin/false"
	    fi
	fi

        if ! getent group | grep -q "^ossec"
        then
            addgroup --system ossec
        fi
        if ! getent passwd | grep -q "^ossec"
        then
            adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER} > /dev/null 2>&1
        fi
        if ! getent passwd | grep -q "^ossecm"
        then
            adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER_MAIL} > /dev/null 2>&1
        fi
        if ! getent passwd | grep -q "^ossecr"
        then
            adduser --system --home ${DIR} --shell ${OSMYSHELL} --ingroup ${GROUP} ${USER_REM} > /dev/null 2>&1
        fi

	# Default for all directories
	chmod -R 550 ${DIR}
	chown -R root:${GROUP} ${DIR}

	# AnalysisD needs to write to alerts: log, mail and cmds
	chown -R ${USER}:${GROUP} ${DIR}/queue/alerts
	chmod -R 770 ${DIR}/queue/alerts

	# To the ossec queue (default for analysisd to read)
	chown -R ${USER}:${GROUP} ${DIR}/queue/ossec
	chmod -R 770 ${DIR}/queue/ossec

	# To the ossec fts queue
	chown -R ${USER}:${GROUP} ${DIR}/queue/fts
	chmod -R 750 ${DIR}/queue/fts
	chmod 740 ${DIR}/queue/fts/* > /dev/null 2>&1 || true

	# To the ossec syscheck/rootcheck queue
	chown -R ${USER}:${GROUP} ${DIR}/queue/syscheck
	chmod -R 750 ${DIR}/queue/syscheck
	chmod 740 ${DIR}/queue/syscheck/* > /dev/null 2>&1 || true

	chown -R ${USER}:${GROUP} ${DIR}/queue/rootcheck
	chmod -R 750 ${DIR}/queue/rootcheck
	chmod 740 ${DIR}/queue/rootcheck/* > /dev/null 2>&1 || true

	chown -R ${USER}:${GROUP} ${DIR}/queue/diff
	chmod -R 750 ${DIR}/queue/diff
	chmod 740 ${DIR}/queue/diff/* > /dev/null 2>&1 || true

	chown -R ${USER_REM}:${GROUP} ${DIR}/queue/agent-info
	chmod -R 755 ${DIR}/queue/agent-info
	chmod 744 ${DIR}/queue/agent-info/* > /dev/null 2>&1 || true
	chown -R ${USER_REM}:${GROUP} ${DIR}/queue/rids
	chmod -R 755 ${DIR}/queue/rids
	chmod 744 ${DIR}/queue/rids/* > /dev/null 2>&1 || true

	chown -R ${USER}:${GROUP} ${DIR}/queue/agentless
	chmod -R 755 ${DIR}/queue/agentless
	chmod 744 ${DIR}/queue/agentless/* > /dev/null 2>&1 || true

	# For the stats directory
	chown -R ${USER}:${GROUP} ${DIR}/stats
	chmod -R 750 ${DIR}/stats

	# For the logging user
	chown -R ${USER}:${GROUP} ${DIR}/logs
	chmod -R 750 ${DIR}/logs
	touch ${DIR}/logs/ossec.log
	chown ${USER}:${GROUP} ${DIR}/logs/ossec.log
	chmod 664 ${DIR}/logs/ossec.log

	# Backup previous rules
	if [ -d ${DIR}/rules/ ]; then
	    mkdir ${DIR}/rules/backup-rules.$$
	    cp -pr ${DIR}/rules/*.xml ${DIR}/rules/backup-rules.$$/
	fi

	# Restore the local rules
	if [ -f ${OSSEC_HIDS_TMP_DIR}/local_rules.xml ]; then
	    mv ${OSSEC_HIDS_TMP_DIR}/local_rules.xml ${DIR}/rules/local_rules.xml
	fi

	chown -R root:${GROUP} ${DIR}/rules
	chmod -R 550 ${DIR}/rules


	# For the etc dir
	chmod 550 ${DIR}/etc
	chown -R root:${GROUP} ${DIR}/etc
	if [ -f /etc/localtime ]; then
	    cp -pL /etc/localtime ${DIR}/etc/;
	    chmod 555 ${DIR}/etc/localtime
	    chown root:${GROUP} ${DIR}/etc/localtime
	fi

	if [ -f /etc/TIMEZONE ]; then
	    cp -p /etc/TIMEZONE ${DIR}/etc/;
	    chmod 555 ${DIR}/etc/TIMEZONE
	fi

	# For the /var/run
	chmod 770 ${DIR}/var/run
	chown root:${GROUP} ${DIR}/var/run

	# More files
	chown root:${GROUP} ${DIR}/etc/decoder.xml
	chown root:${GROUP} ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 || true
	chown root:${GROUP} ${DIR}/etc/internal_options.conf
	chown root:${GROUP} ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
	chown root:${GROUP} ${DIR}/etc/client.keys >/dev/null 2>&1 || true
	chown root:${GROUP} ${DIR}/etc/shared/*
	chown root:${GROUP} ${DIR}/agentless/*
	chown ${USER}:${GROUP} ${DIR}/.ssh
	chmod 440 ${DIR}/etc/decoder.xml
	chmod 660 ${DIR}/etc/local_decoder.xml >/dev/null 2>&1 || true
	chmod 440 ${DIR}/etc/internal_options.conf
	chmod 660 ${DIR}/etc/local_internal_options.conf >/dev/null 2>&1 || true
	chmod 440 ${DIR}/etc/client.keys >/dev/null 2>&1 || true
	chmod 550 ${DIR}/etc
	chmod 770 ${DIR}/etc/shared
	chmod 660 ${DIR}/etc/shared/*
	chmod 550 ${DIR}/agentless/*
	chmod 700 ${DIR}/.ssh

	rm ${DIR}/etc/shared/merged.mg >/dev/null 2>&1 || true
	chmod 755 ${DIR}/active-response/bin/*
	chown root:${GROUP} ${DIR}/active-response/bin/*
	chown root:${GROUP} ${DIR}/bin/*
	chmod 550 ${DIR}/bin/*
	chown root:${GROUP} ${DIR}/etc/ossec.conf
	chmod 660 ${DIR}/etc/ossec.conf

	# Sticky bit for /var/ossec/tmp
	chmod +t ${DIR}/tmp	

	# Debconf
	. /usr/share/debconf/confmodule
	db_input high ossec-hids/email_notification || true
	db_go

	db_get ossec-hids/email_notification
	EMAIL_NOTIFICATION=$RET

	if [ ${EMAIL_NOTIFICATION} = "yes" ]; then
	    sed -i 's/<email_notification>[^<]\+<\/email_notification>/<email_notification>yes<\/email_notification>/' ${DIR}/etc/ossec.conf 
	    db_input high ossec-hids/email_to || true
	    db_go
	    db_input high ossec-hids/email_from || true
	    db_go
	    db_input high ossec-hids/smtp_server || true
	    db_go

	    db_get ossec-hids/email_to
	    EMAIL_TO=$RET
	    db_get ossec-hids/email_from
	    EMAIL_FROM=$RET
	    db_get ossec-hids/smtp_server
	    SMTP_SERVER=$RET

	    sed -i "s/<email_to>[^<]\+<\/email_to>/<email_to>${EMAIL_TO}<\/email_to>/" ${DIR}/etc/ossec.conf 
	    sed -i "s/<email_from>[^<]\+<\/email_from>/<email_from>${EMAIL_FROM}<\/email_from>/" ${DIR}/etc/ossec.conf 
	    sed -i "s/<smtp_server>[^<]\+<\/smtp_server>/<smtp_server>${SMTP_SERVER}<\/smtp_server>/" ${DIR}/etc/ossec.conf 
	
    	else
	    sed -i 's/<email_notification>[^<]\+<\/email_notification>/<email_notification>no<\/email_notification>/' ${DIR}/etc/ossec.conf
	fi

	db_stop

	# ossec-init.conf
	if [ -e ${DIR}/etc/ossec-init.conf ] && [ -d /etc/ ]; then
            if [ -e /etc/ossec-init.conf ]; then
                rm -f /etc/ossec-init.conf
            fi
	    ln -s ${DIR}/etc/ossec-init.conf /etc/ossec-init.conf
        fi

	# init.d/ossec file
	if [ -x ${DIR}/etc/init.d/ossec ] && [ -d /etc/init.d/ ]; then
            if [ -e /etc/init.d/ossec ]; then
                rm -f /etc/init.d/ossec
            fi
	    ln -s ${DIR}/etc/init.d/ossec /etc/init.d/ossec
        fi

	# Service
	if [ -x /etc/init.d/ossec ]; then
	    update-rc.d -f ossec defaults
	    service ossec restart
	fi

	# Delete tmp directory
	if [ -d ${OSSEC_HIDS_TMP_DIR} ]; then
	    rm -r ${OSSEC_HIDS_TMP_DIR}
	fi
  
    ;;


    abort-upgrade|abort-remove|abort-deconfigure)

    ;;


    *)
        echo "postinst called with unknown argument \`$1'" >22
        exit 1
    ;;

esac

exit 0
