Problem scenario
You have Debian/Ubuntu, RedHat (including CentOS and Fedora), and SUSE distributions of Linux. You want to install OSSEC on each server (to protect them with host-based intrusion detection systems, IDSes). You want to use the same script to install OSSEC on each server. How do you do this?
Solution
1. Create a script such as this /tmp/ossec.sh.
#!/bin/bash
# Written by www.continualintegration.com
ossecversion=3.1.0 # Change this version as necessary
filename=`basename "$0"`
numlines=$(wc -l $filename | awk '{print $1}')
if [ 83 -lt $numlines ] # change 83 to the correct number of lines if script grows
then
echo "line numbers too long. Were extra lines introduced accidentally during a cut and paste?"
echo "****************EXITING**********************************"
exit
else
echo "Script running..."
fi
distro=$(cat /etc/*-release | grep NAME)
debflag=$(echo $distro | grep -i "ubuntu")
if [ -z "$debflag" ]
then # If it is not Ubuntu, test if it is Debian.
debflag=$(echo $distro | grep -i "debian")
echo "determining Linux distribution..."
else
echo "You have Ubuntu Linux!"
fi
rhflag=$(echo $distro | grep -i "red*hat")
if [ -z "$rhflag" ]
then #If it is not RedHat, see if it is CentOS or Fedora.
rhflag=$(echo $distro | grep -i "centos")
if [ -z "$rhflag" ]
then #If it is neither RedHat nor CentOS, see if it is Fedora.
echo "It does not appear to be CentOS or RHEL..."
rhflag=$(echo $distro | grep -i "fedora")
fi
fi
if [ -z "$rhflag" ]
then
echo "...still determining Linux distribution..."
else
echo "You have a RedHat distribution (e.g., CentOS, RHEL, or Fedora)"
yum -y install httpd unzip wget gcc php sendmail python-inotify
fi
if [ -z "$debflag" ]
then
echo "...still determining Linux distribution..."
else
echo "You are using either Ubuntu Linux or Debian Linux."
apt-get -y update # This is necessary on new AWS Ubuntu servers.
apt -y install build-essential gcc make apache2 libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-common apache2-utils unzip
wget sendmail inotify-tools
fi
suseflag=$(echo $distro | grep -i "suse")
if [ -z "$suseflag" ]
then
if [ -z "$debflag" ]
then
if [ -z "$rhflag" ]
then
echo "*******************************************"
echo "Could not determine the Linux distribution!"
echo "Installation aborted. Nothing was done."
echo "******************************************"
exit
fi
fi
else
echo "You have Linux SUSE."
zypper -n install gcc make apache2 apache2-mod_php7 php7 apache2-utils unzip
fi
cd /tmp
wget https://github.com/ossec/ossec-hids/archive/$ossecversion.tar.gz
tar -zxvf $ossecversion.tar.gz
mv /tmp/ossec-hids-$ossecversion /bin/ossec #ossec-hids-$ossecversion
echo "go to /bin/ossec (with a cd) and run 'sudo bash install.sh'"
echo "Then follow the interactive text menu prompts after that. It should be self-explanatory."
echo "For a proof-of-concept, it is easiest if you do not configure email alerts or an SMTP notification server."
2. Run the script with this command: sudo bash ossec.sh