| Server IP : 104.21.84.107 / Your IP : 104.23.197.209 Web Server : Apache/2.4.63 (Ubuntu) System : Linux adminpruebas-Virtual-Machine 6.14.0-37-generic #37-Ubuntu SMP PREEMPT_DYNAMIC Fri Nov 14 22:10:32 UTC 2025 x86_64 User : www-data ( 33) PHP Version : 8.4.5 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/lib/dpkg/info/ |
Upload File : |
#!/bin/sh
# Script to be run after package is installed
# disable WAP/NIS integration based on env variable passed to installer or existing disabler file from previous installation
WAP_DISABLER_PATH="/opt/eset/efs/etc/WAP_DISABLED"
NFTABLES_DISABLER_PATH="/opt/eset/efs/etc/NFTABLES_DISABLED"
if [ -f "$WAP_DISABLER_PATH" ]; then
mv "$WAP_DISABLER_PATH" "$NFTABLES_DISABLER_PATH"
fi
if [ -n "$ESET_DISABLE_WAP" ] || [ -n "$ESET_DISABLE_NFTABLES" ] || [ -f "$NFTABLES_DISABLER_PATH" ]; then
DISABLE_NFTABLES=1
fi
# for rpm as we are running at %posttrans step we always get first argument 0, or 1 depending on rpm version
# so we cannot easily detect fresh install, or upgrade in here
if [ "$1" = "0" ] || [ "$1" = "1" ]; then
IS_RPM_INSTALL="1"
# read saved value from %post step
if [ -f "%{_localstatedir}/lib/rpm-state/efs/post" ]; then
RPM_POST_VALUE=$(cat "%{_localstatedir}/lib/rpm-state/efs/post")
rm -rf "%{_localstatedir}/lib/rpm-state/efs/"
if [ "$RPM_POST_VALUE" = "1" ]; then
IS_FRESH_INSTALL="1"
fi
fi
fi
# deb first installation, we cannot properly detect `Installing from "Config-Files" state` (as same parameters as upgrade), ignore this installation
if [ "$1" = "configure" ] && [ -z "$2" ]; then
IS_FRESH_INSTALL="1"
fi
SYSTEMD_CAT="$(which systemd-cat 2>/dev/null || true)"
print_error() {
errorstr="ESET Server Security error: $1"
echo "$errorstr" 1>&2
if [ -n "$SYSTEMD_CAT" ]; then
printf "%s" "$errorstr" | $SYSTEMD_CAT -t "efs" -p err
fi
}
# Because of a bug in a cronie package, a cron daemon does not start automatically after the cronie
# package has been installed (eg. on SUSE Linux and RHEL Linux), hence we start it manually here.
# NOTE: Remove this code after https://bugzilla.suse.com/show_bug.cgi?id=1150210 has been fixed.
if systemctl --version >/dev/null 2>/dev/null; then
systemctl start cron >/dev/null 2>/dev/null || true
systemctl start crond >/dev/null 2> /dev/null || true
else
service cron start >/dev/null 2>/dev/null || true
service crond start >/dev/null 2>/dev/null || true
fi
# remove residues after old scheduler
rm -rf /var/opt/eset/efs/schedulerd || true
rm -f /etc/cron.d/eset-efs || true
# create all groups and users (there might be some new on upgrade)
for g in eset-efs-services eset-efs-vapm eset-efs-daemons eset-efs-agents; do
groupadd -f -r $g
done
for ug in eset-efs-confd:eset-efs-daemons eset-efs-watchd:eset-efs-daemons eset-efs-licensed:eset-efs-daemons eset-efs-vapm-wrapper:eset-efs-vapm eset-efs-econnd:eset-efs-daemons eset-efs-wapd:eset-efs-daemons eset-efs-sched:eset-efs-agents eset-efs-logd:eset-efs-daemons eset-efs-authd:eset-efs-daemons eset-efs-scand:eset-efs-daemons eset-efs-vapmd:eset-efs-daemons eset-efs-icapd:eset-efs-daemons eset-efs-netisd:eset-efs-daemons eset-efs-webd:eset-efs-daemons eset-efs-updated:eset-efs-daemons; do
if ! id "${ug%:*}" > /dev/null 2>&1; then
useradd -d '/opt/eset/efs' -M -N -r -s /sbin/nologin -G 'eset-efs-services' -g "${ug#*:}" "${ug%:*}"
else
usermod -a -G 'eset-efs-services' "${ug%:*}"
fi
done
for ug in eset-efs-vapmd:eset-efs-vapm; do
usermod -a -G "${ug#*:}" "${ug%:*}"
done
if [ "$IS_RPM_INSTALL" = "1" ] && [ -z "$IS_FRESH_INSTALL" ]; then
# rpm upgrade only
#remove selinux rules and all tmp files
/opt/eset/efs/lib/install_scripts/efs_selinux_uninstall_check.sh
if semodule -l | grep '^eset_efs\>' > /dev/null 2>&1; then
exit 1
fi
fi
#################################### Upgrade & Install ####################################
# these directories needs to exist for modules compilation
# permissions are set correctly after compilation
mkdir -p /var/opt/eset/efs/updated/modules
# extract modules from tar
if ! tar -xf /var/opt/eset/efs/lib/modules_efs.tar -C /var/opt/eset/efs/updated/modules; then
print_error 'Module extraction failed.'
fi
# compile modules
if ! /opt/eset/efs/lib/modfetch --compile-nups; then
print_error 'Module compilation failed.'
fi
# create directories and change directory permissions
# generated from product_paths.json
mkdir -p /var/log/eset/efs
chown eset-efs-logd:eset-efs-daemons /var/log/eset/efs
chmod 0755 /var/log/eset/efs
mkdir -p /var/log/eset/efs/logd
chown eset-efs-logd:eset-efs-daemons /var/log/eset/efs/logd
chmod 0700 /var/log/eset/efs/logd
mkdir -p /var/log/eset/efs/internal
chown root:eset-efs-daemons /var/log/eset/efs/internal
chmod 1770 /var/log/eset/efs/internal
chown root:eset-efs-daemons /var/opt/eset/efs
chmod 0775 /var/opt/eset/efs
mkdir -p /var/run/eset/efs
chown root:eset-efs-daemons /var/run/eset/efs
chmod 0755 /var/run/eset/efs
mkdir -p /var/opt/eset/efs/cache
chown eset-efs-scand:eset-efs-services /var/opt/eset/efs/cache
chmod 1770 /var/opt/eset/efs/cache
mkdir -p /var/opt/eset/efs/cache/data
chown eset-efs-scand:eset-efs-daemons /var/opt/eset/efs/cache/data
chmod 1770 /var/opt/eset/efs/cache/data
mkdir -p /var/opt/eset/efs/cache/data/Logs
chown eset-efs-scand:eset-efs-daemons /var/opt/eset/efs/cache/data/Logs
chmod 1770 /var/opt/eset/efs/cache/data/Logs
mkdir -p /var/opt/eset/efs/cache/data/Diagnostics
chown eset-efs-scand:eset-efs-daemons /var/opt/eset/efs/cache/data/Diagnostics
chmod 1770 /var/opt/eset/efs/cache/data/Diagnostics
mkdir -p /var/opt/eset/efs/installer
chown root:eset-efs-daemons /var/opt/eset/efs/installer
chmod 0775 /var/opt/eset/efs/installer
mkdir -p /var/opt/eset/efs/vapm
chown root:eset-efs-vapm /var/opt/eset/efs/vapm
chmod 0770 /var/opt/eset/efs/vapm
mkdir -p /var/opt/eset/efs/vapm/database
chown -R eset-efs-vapmd:eset-efs-vapm /var/opt/eset/efs/vapm/database
find -P /var/opt/eset/efs/vapm/database -type d -exec chmod 0750 '{}' \;
find -P /var/opt/eset/efs/vapm/database -type f -exec chmod 0640 '{}' \;
mkdir -p /var/opt/eset/efs/vapm/logs
chown -R eset-efs-vapm-wrapper:eset-efs-vapm /var/opt/eset/efs/vapm/logs
find -P /var/opt/eset/efs/vapm/logs -type d -exec chmod 0700 '{}' \;
find -P /var/opt/eset/efs/vapm/logs -type f -exec chmod 0600 '{}' \;
chown -R eset-efs-updated:eset-efs-daemons /var/opt/eset/efs/lib
find -P /var/opt/eset/efs/lib -type d -exec chmod 0755 '{}' \;
find -P /var/opt/eset/efs/lib -type f -exec chmod 0644 '{}' \;
mkdir -p /var/opt/eset/efs/modules_notice
chown root:root /var/opt/eset/efs/modules_notice
chmod 0755 /var/opt/eset/efs/modules_notice
mkdir -p /var/opt/eset/efs/updated
chown eset-efs-updated:eset-efs-daemons /var/opt/eset/efs/updated
chmod 0755 /var/opt/eset/efs/updated
mkdir -p /var/opt/eset/efs/updated/app
chown eset-efs-updated:eset-efs-daemons /var/opt/eset/efs/updated/app
chmod 0700 /var/opt/eset/efs/updated/app
mkdir -p /var/opt/eset/efs/updated/modules
chown -R eset-efs-updated:eset-efs-daemons /var/opt/eset/efs/updated/modules
find -P /var/opt/eset/efs/updated/modules -type d -exec chmod 0755 '{}' \;
find -P /var/opt/eset/efs/updated/modules -type f -exec chmod 0644 '{}' \;
mkdir -p /opt/eset/lib
chown root:root /opt/eset/lib
chmod 0755 /opt/eset/lib
mkdir -p /opt/eset/lib/modules
chown root:eset-efs-services /opt/eset/lib/modules
chmod 0775 /opt/eset/lib/modules
mkdir -p /var/opt/eset/efs/dumps
chown root:eset-efs-services /var/opt/eset/efs/dumps
chmod 0775 /var/opt/eset/efs/dumps
# disable WAP integration based on env variable passed to installer
NFTABLES_INSTALL_DISABLER="/opt/eset/efs/etc/NFTABLES_DISABLED"
if [ -n "$DISABLE_NFTABLES" ]; then
echo "1" > "$NFTABLES_INSTALL_DISABLER"
fi
if [ ! -f "$NFTABLES_INSTALL_DISABLER" ]; then
/opt/eset/efs/lib/install_scripts/eset_efs_sysctl.sh enable
/opt/eset/efs/lib/install_scripts/eset_efs_udev.sh enable
fi
# enable SHA256 integration based on env variable passed to installer
sha256_enabler_path="/opt/eset/efs/etc/SHA256_ENABLED"
if [ -n "$ESET_ENABLE_SHA256" ]; then
echo "1" > "$sha256_enabler_path"
fi
is_fresh_install() {
# rpm installation
if [ "$1" = "1" ]; then
return
fi
# deb first installation, we cannot properly detect `Installing from "Config-Files" state` (as same parameters as upgrade), ignore this installation
[ "$1" = "configure" ] && [ -z "$2" ]
}
if ! is_fresh_install "$@"; then
# move logs from old log dir to the new one
if [ -d '/var/log/eset/efs/ods' ]; then
mv -f '/var/log/eset/efs/ods' '/var/log/eset/efs/logd'
fi
for f in '/var/log/eset/efs/'*.dat; do
if [ -e "$f" ]; then
mv -f "$f" '/var/log/eset/efs/logd'
fi
done
fi
# register and start service
/opt/eset/efs/lib/install_scripts/register_service.sh
parse_and_apply_eulas() {
IFS=';' eulas="$1"
for eula in ${eulas}; do
eula_tag="$(echo "$eula" | cut -d ':' -f1)"
eula_version="$(echo "$eula" | cut -d ':' -f2)"
'/opt/eset/efs/sbin/cfg' --eula-tag "$eula_tag" --eula-version "$eula_version" > /dev/null || true
done
}
# add eula into CE path AcceptedEulas
if [ -n "$LI_ACCEPTED_EULAS" ]; then
# accepted in LiveInstaller (set via env variable)
parse_and_apply_eulas "$LI_ACCEPTED_EULAS"
else
# built-in EULA for installer
'/opt/eset/efs/sbin/cfg' --eula-tag "EULA-PRODUCT-LG" --eula-version "3537.0.3" > /dev/null || true
fi
LAST_PROCESSED_VERSION="State.Plugins.Webd.LastProcessedVersion"
fill_last_processed_version() {
'/opt/eset/efs/sbin/cfg' -i /dev/stdin > /dev/null <<HERE || true
{
"method": "_CE.rpc_api.screen_values_set",
"params": {
"values": {
"$LAST_PROCESSED_VERSION" : $1
}
}
}
HERE
}
is_last_processed_version_empty() {
VERSION=$('/opt/eset/efs/sbin/cfg' --dump "$LAST_PROCESSED_VERSION" | grep "$LAST_PROCESSED_VERSION" | cut -d: -f2)
test "$VERSION" = "[]"
}
# fill current version during the first installation or 9.0.0.0 when empty (on upgrade), what's the last product version which has not filled the LAST_PROCESSED_VERSION
if [ "$IS_FRESH_INSTALL" = "1" ]; then
fill_last_processed_version "[12, 2, 69, 0]"
elif is_last_processed_version_empty; then
fill_last_processed_version "[9,0,0,0]"
fi
# disable wap when installed with env variable set
if [ "$IS_FRESH_INSTALL" = "1" ] && [ -f "$NFTABLES_INSTALL_DISABLER" ]; then
'/opt/eset/efs/sbin/cfg' --set "Settings.Plugins.Wapd.Protoscan.WebProtectionEnabled" 0
fi
DATE_OF_PRODUCT_INSTALLATION="State.Common.DateOfProductInstallation"
is_installation_date_empty() {
DATE=$('/opt/eset/efs/sbin/cfg' --dump "$DATE_OF_PRODUCT_INSTALLATION" | grep "$DATE_OF_PRODUCT_INSTALLATION" | cut -d: -f2)
test "$DATE" = 0
}
# fill also during upgrade if the previous products version has not filled date
if is_installation_date_empty; then
'/opt/eset/efs/sbin/cfg' -i /dev/stdin > /dev/null <<HERE || true
{
"method": "_CE.rpc_api.screen_values_set",
"params": {
"values": {
"$DATE_OF_PRODUCT_INSTALLATION": $(date +%s)
}
}
}
HERE
fi