[Pkg-ossec-devel] [pkg-ossec] 03/03: Configuring file permission in ossec-hids-agent.postinst.

[Jose Antonio Quevedo Muñoz]

This is an automated email from the git hooks/post-receive script.

jaqm-guest pushed a commit to branch master
in repository pkg-ossec.

commit 5e5644d5e6cf3acb8e3d4b9ae753d5e00916dc9e
Author: Jose Antonio Quevedo <joseantonio.quevedo at gmail.com>
Date:   Tue Mar 11 20:42:30 2014 +0100

    Configuring file permission in ossec-hids-agent.postinst.
---
 debian/ossec-hids-agent.config | 91 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 82 insertions(+), 9 deletions(-)

diff --git a/debian/ossec-hids-agent.config b/debian/ossec-hids-agent.config
index 7da8606..6294c2d 100755
--- a/debian/ossec-hids-agent.config
+++ b/debian/ossec-hids-agent.config
@@ -3,17 +3,90 @@
 test $DEBIAN_SCRIPT_DEBUG && set -v -x
 . /usr/share/debconf/confmodule
 
+
+# Initialise variables
+OSSECUSER="ossec"
+OSSECGROUP="ossec"
+LOGDIR="/var/log/ossec"
+HOMEDIR="/var/lib/ossec"
+CONF_FILE=/etc/ossec/ossec-init.conf
+
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see /usr/doc/packaging-manual/
+#
+# quoting from the policy:
+#     Any necessary prompting should almost always be confined to the
+#     post-installation script, and should be protected with a conditional
+#     so that unnecessary prompting doesn't happen if a package's
+#     installation fails and the `postinst' is called with `abort-upgrade',
+#     `abort-remove' or `abort-deconfigure'.
+
+case "$1" in
+    install)
+	;;
+    upgrade)
+	;;
+    configure)
+
 # TODO 
 #  - configure the results in the configuration file
 #  - setup active response (firewall response, whitelist, etc.)
-db_get ossec-hids-local/enable_email || true;	EMAIL="$RET"
-db_get ossec-hids-local/email_to     || true;	EMAIL_TO="$RET"
-db_get ossec-hids-local/email_server || true;	EMAIL_SERVER="$RET"
-db_get ossec-hids-local/enable_syslog ||  true; SYSLOG="$RET"
+	db_get ossec-hids-agent/enable_email || true;	EMAIL="$RET"
+	db_get ossec-hids-agent/email_to     || true;	EMAIL_TO="$RET"
+	db_get ossec-hids-agent/email_server || true;	EMAIL_SERVER="$RET"
+	db_get ossec-hids-agent/enable_syslog ||  true; SYSLOG="$RET"
 # Failsafe in case the values above are blank (jfs)
-[ -z "$EMAIL" ] && EMAIL="no"
-[ -z "$EMAIL_TO" ] && EMAIL_TO="root at localhost"
-[ -z "$EMAIL_SERVER" ] && EMAIL_SERVER="127.0.0.1"
-[ -z "$SYSLOG" ] && SYSLOG="no"
-db_stop
+	[ -z "$EMAIL" ] && EMAIL="no"
+	[ -z "$EMAIL_TO" ] && EMAIL_TO="root at localhost"
+	[ -z "$EMAIL_SERVER" ] && EMAIL_SERVER="127.0.0.1"
+	[ -z "$SYSLOG" ] && SYSLOG="no"
+	db_stop
+	###
+
+        # TODO - configure the configuration file
+
+	# 5. adjust file and directory permissions
+        if ! dpkg-statoverride --list ${CONF_FILE} >/dev/null && [ -e ${CONF_FILE} ] 
+        then
+            chown $OSSECUSER:$OSSECGROUP ${CONF_FILE}
+            chmod 640 ${CONF_FILE}
+	fi
+
+	if ! dpkg-statoverride --list $LOGDIR >/dev/null
+	then
+		chown -R $OSSECUSER:adm $LOGDIR
+		chmod u=rwx,g=rxs,o= $LOGDIR
+	fi
+
+
+	# in the case we reconfigure we have to restart and not just to start.
+	if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
+		invoke-rc.d ossec-hids-agent stop || exit $?
+	else
+		/etc/init.d/ossec-hids-agent stop || exit $?
+	fi
+	;;
+    abort-upgrade)
+	;;
+    *)
+	echo "postinst called with unknown argument \`$1'" >&2
+	exit 0
+	;;
+esac
+
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ossec/pkg-ossec.git