Automating ossec installation in linux

One of the challenges that I have faced in linux environment were to automate installation.

Of course it is simple to script using bash in linux to run rpm or deb binary installation.

What if the installation comes with an interactive installation or installer which is coded as a bash script. Yes, I am looking at you OSSEC .

One of the ways which is more complicated and requires additional dependencies (TCL is the dependency) installed in your system is the expect/autoexpect package. However, using expect is will not be discussed in this post.

A lightweight solution to automating interactive installation process such as OSSEC installer is using Here Document. Good news is Here Document is built in to the bash shell.

Sample of code which uses Here Document to automating OSSEC installation in linux to install a standalone OSSEC installation :

./install.sh <<HereDocument
r
local
/opt/apps/ossec
y
someone@somewhere.net
y
y
y
n
r
r
HereDocument

By running the HereDocument sample, the OSSEC installation will be installed as a standalone in directory /opt/apps/ossec. It will have logcollector and HIDS enabled. Email notification is enabled and the alerts will be sent to someone@somewheret.net. But automatic blacklist offending IP is disabled.

There is a few caveats using the Here Document :
1. HereDocument on the above sample can be substitute with word using any alphabets.
2. The HereDocument substistution must not used as part of the word matches with the input expected by the interactive program.
3. You will need to dry run to determine and document the flow of the interactivity of the program which is to be automated.
4. Interaction which uses dialog or GUI is not compatible with HereDocument.
5. There is no program flow control within the HereDocument.

As a summary, Here Document is easy to use by any veterans linux shell scripters and it does not has any overhead such as learning new language nor installing new dependencies. Unfortunately, Here Document requires the user to understand the flow of the interactive program and will be forced to create multiple Here Document scripts for different scenario. However, the shortcoming of Here Document can be addressed using expect. Of course with the price of installing the expect package and it dependencies, coupled with the need to learn LUA.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
To prove you're a person (not a spam script), type the answer to the math equation shown in the picture. Click on the picture to hear an audio file of the equation.
Click to hear an audio file of the anti-spam equation