From 413f64ba2d2076dcd4ee6f3b1a40512bc89fd61e Mon Sep 17 00:00:00 2001
From: ramonn <noreply@pandorafms.org>
Date: Thu, 19 Sep 2013 12:07:31 +0000
Subject: [PATCH] 2013-09-19  Ramon Novoa  <rnovoa@artica.es>

	* Linux/pandora_agent.conf: The default user should not be pandora.

	* pandora_agent_installer: Removed some calls to chown that had the
	  potential to damage a Linux system.

	* pandora_agent: Delay the parsing of include files to make sure
	  that all variables that may affect a module's configuration
	  have already been read.



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@8783 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_agents/unix/ChangeLog                | 11 ++++++
 pandora_agents/unix/Linux/pandora_agent.conf |  2 +-
 pandora_agents/unix/pandora_agent            | 41 ++++++++++++--------
 pandora_agents/unix/pandora_agent_installer  | 30 +++-----------
 4 files changed, 43 insertions(+), 41 deletions(-)

diff --git a/pandora_agents/unix/ChangeLog b/pandora_agents/unix/ChangeLog
index 59b7cf7c47..23df10f649 100644
--- a/pandora_agents/unix/ChangeLog
+++ b/pandora_agents/unix/ChangeLog
@@ -1,3 +1,14 @@
+2013-09-19  Ramon Novoa  <rnovoa@artica.es>
+
+	* Linux/pandora_agent.conf: The default user should not be pandora.
+
+	* pandora_agent_installer: Removed some calls to chown that had the
+	  potential to damage a Linux system.
+
+	* pandora_agent: Delay the parsing of include files to make sure
+	  that all variables that may affect a module's configuration
+	  have already been read.
+
 2013-09-13  Ramon Novoa  <rnovoa@artica.es>
 
 	* pandora_agent: Added a missing parameter to a call to log_message.
diff --git a/pandora_agents/unix/Linux/pandora_agent.conf b/pandora_agents/unix/Linux/pandora_agent.conf
index 79a65a604b..9b924e04b8 100755
--- a/pandora_agents/unix/Linux/pandora_agent.conf
+++ b/pandora_agents/unix/Linux/pandora_agent.conf
@@ -125,7 +125,7 @@ remote_config 0
 #agent_threads 1
 
 # User the agent will run as
-#pandora_user root
+#pandora_user pandora
 
 # Enable or disable XML buffer.
 # If you are in a secured environment and want to enable the XML buffer you
diff --git a/pandora_agents/unix/pandora_agent b/pandora_agents/unix/pandora_agent
index ed6f2b360b..9402c1f092 100755
--- a/pandora_agents/unix/pandora_agent
+++ b/pandora_agents/unix/pandora_agent
@@ -649,22 +649,6 @@ sub read_config (;$) {
 			next;
 		}
 		next if ($line =~ /^module\s*\w*/);
-		
-		# Additional configuration file
-		if ($line =~ /^include\s+(.*)\s*/) {
-			log_message ('setup', "include is $1");
-			$Conf{'include'} = $Conf{'include'} ? "$Conf{'include'} $1" : $1;
-
-			foreach my $file_name (glob("$1")) {
-				open (FILE, "$file_name") or next;
-
-				log_message ('setup', "reading $file_name");
-				my @file_conf = <FILE>;
-				parse_conf_modules(\@file_conf); 
-				close (FILE);
-			}
-			next;
-		}
 
 		#Configuration token
 		if ($line =~ /^\s*(\S+)\s+(.*)$/) {		
@@ -693,6 +677,31 @@ sub read_config (;$) {
 		$Conf{'intensive_interval'} = $Conf{'interval'};
 	}
 
+	# Search for includes after all other variables have been set
+	foreach my $line (@file) {
+		
+		# Skip comments and empty lines
+		next if ($line =~ m/^\s*#/) or ($line =~ m/^\s*$/);
+		
+		# Replace CRLF with LF
+		$line =~ s/\r\n/\n/g;
+
+		# Additional configuration file
+		if ($line =~ /^include\s+(.*)\s*/) {
+			$Conf{'include'} = $Conf{'include'} ? "$Conf{'include'} $1" : $1;
+
+			foreach my $file_name (glob("$1")) {
+				open (FILE, "$file_name") or next;
+
+				log_message ('setup', "reading $file_name");
+				my @file_conf = <FILE>;
+				parse_conf_modules(\@file_conf); 
+				close (FILE);
+			}
+			next;
+		}
+	}
+	
 	# Module, plugin and collection definitions
 	parse_conf_modules(\@file);
 
diff --git a/pandora_agents/unix/pandora_agent_installer b/pandora_agents/unix/pandora_agent_installer
index f4fc9a1790..192b0bf260 100755
--- a/pandora_agents/unix/pandora_agent_installer
+++ b/pandora_agents/unix/pandora_agent_installer
@@ -32,6 +32,11 @@ PANDORA_BASE=`echo $2 | sed -e 's/\/$//'`
 if [ "$3" != "" ]
 then
 	PANDORA_USER=$3
+	if [ "$PANDORA_BASE" == "" ]
+	then
+		echo "When specifying a custom user the agent must be installed to a custom location where that user has write permissions!"
+		exit 1
+	fi
 else
 	PANDORA_USER="root"
 fi
@@ -240,10 +245,6 @@ install () {
 
 	# Alter dynamically the daemon launcher and setup the new path 
 	# if PANDORA_BASE is customized.
-
-	AGENT_CFG=$OS_NAME/pandora_agent.conf
-        AGENT_CFG_TEMP=$OS_NAME/pandora_agent.conf.temp
-
 	if [ ! -z "$PANDORA_BASE" ]
 	then
 		if [ "$OS_NAME" = "FreeBSD" ]
@@ -342,6 +343,7 @@ install () {
 		sed -e "s/.*pandora_user .*/pandora_user $PANDORA_USER/" $AGENT_CFG > $AGENT_CFG_TEMP 2> /dev/null && \
 		mv $AGENT_CFG_TEMP $AGENT_CFG
 		chmod 755 pandora_agent_daemon
+		chown -R $PANDORA_USER $PANDORA_BASE
 	fi
 
 	# Create logfile
@@ -452,26 +454,6 @@ install () {
 		chmod -R 770 $PANDORA_BASE$PANDORA_TEMP
 		chmod 775 $PANDORA_BASE$PANDORA_TEMP
 	fi
-	
-	#chown each directory one by one to avoid erros when no pandora_base and pandora_use is given
-    chown -R $PANDORA_USER $PANDORA_BASE/var/log
-    chown -R $PANDORA_USER $PANDORA_BASE/$PANDORA_MAN/man1
-
-    if [ "$OS_NAME" = "FreeBSD" ]
-    then
-        chown -R $PANDORA_USER $PANDORA_BASE/usr/local/bin
-    else
-        chown -R $PANDORA_USER $PANDORA_BASE/usr/bin
-    fi
-        
-	chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_HOME 
-
-    chown -R $PANDORA_USER $PANDORA_BASE/tmp
-    chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_TEMP/data_out
-    chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_CFG
-    chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_LOG_DIR
-    chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_HOME/collections
-    chown -R $PANDORA_USER $PANDORA_BASE$PANDORA_HOME/plugins
 
 	echo "Copying default agent configuration to $PANDORA_BASE$PANDORA_CFG/pandora_agent.conf"