aboutsummarylogtreecommitdiffstats
path: root/kesl.install
blob: 52342e6a6649ac092c5337750154c8bdee861754 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226

TMPDIR=/tmp
KESLDIR=/etc/kesl

# checkout https://support.kaspersky.com/KES4Linux/11/en-US/161263.htm for all
# possible options. Another way is to export all settings like that:
# kesl-control --export-settings > all.conf
# then review key=value within.
KSET="File_Threat_Protection
      Scan_My_Computer
      Scan_File Boot_Scan
      Memory_Scan
      System_Integrity_Monitoring
      Firewall
      AntiCryptor
      Web_Threat_Protection
      Device_Control
      Removable_Drives_Scan
      Network_Threat_Protection
      Container_Scan
      Custom_Container_Scan
      Behavior_Detection
      Update"

create_tmp(){
    export TMPDIR=/tmp
    # avoid re-creating tmp dir when already exists
    [ ! -d "$KTMP" ] && KTMP=$(mktemp -d -t kesl.XXXXX)
    echo "$KTMP"
}

remove_tmp(){
    KTMP="$1"
    [ -d "$KTMP" ] && rm -rf "$KTMP"
}

# man pages are special here:
# 1) usr/local/share is protected (owned by filesystem package)
# 2) when modding /opt/kaspersky/kesl/libexec/symlinks/man directly the hash will break and kesl won't work properly
# 3) to be flexible for future changes we backup the symlink defs to tmp, replace, run installer, revert original
# this ensures that the kesl install dir isn't tampered and future changes will be added automagically or by
# extending the following func:
man_pre(){
    # man pages
    cp /var/opt/kaspersky/kesl/install/opt/kaspersky/kesl/libexec/symlinks/man $KTMP/
    sed -i 's#usr/local/#usr/#g' /var/opt/kaspersky/kesl/install/opt/kaspersky/kesl/libexec/symlinks/man

    for sl in $(cat /var/opt/kaspersky/kesl/install/opt/kaspersky/kesl/libexec/symlinks/man);do
        sld=$(dirname $sl)
        [ ! -d $sld ] && mkdir -p $sld
    done
}

man_post(){
    # revert man pages symlinks
    cp $KTMP/man /var/opt/kaspersky/kesl/install/opt/kaspersky/kesl/libexec/symlinks/man
    [ -d "/opt/kaspersky/kesl/libexec/symlinks" ] && cp $KTMP/man /opt/kaspersky/kesl/libexec/symlinks/man
}

# backup current kesl config
kesl_exportconf(){
    #echo $FUNCNAME
    # must be survive between different calls to this kesl.install file so
    # we use a static path + name instead of KTMP here:
    [ ! -d "$KESLDIR" ] && mkdir -p "$KESLDIR" && chmod 700 $KESLDIR

    # this does not work on import ("internal error" nothing in log):
    kesl-control --export-settings | sed 's/\[/\n[/g' > $KESLDIR/allsettings.conf

    kesl-control --get-app-settings > $KESLDIR/app.conf
    kesl-control --get-net-settings > $KESLDIR/net.conf
    for k in $KSET ; do
        kesl-control --get-settings $k > $KESLDIR/${k}.conf 2> /dev/null
    done
}

# restore kesl config
kesl_importconf(){
    #echo $FUNCNAME
    echo -e "\n"
    # must survive between different calls to this kesl.install file so
    # we use static paths + name instead of KTMP here.
    # during import any file with the extension "persistent" will be used when found
    # otherwise a previous conf will be used if found, otherwise default settings will be used.
    # "*.persistent" files need to be created manually and will never be touched by the installer other then read-only.

    #[ -s "$KESLDIR/config.export" ] && kesl-control --import-settings --file $KESLDIR/config.export && echo "... restored pervious configuration"

    if [ -s "$KESLDIR/app.conf.persistent" ];then
        kesl-control --set-app-settings --file $KESLDIR/app.conf.persistent --accept-ksn && echo "... restored persistent configuration (app)"
    elif [ -s "$KESLDIR/app.conf" ];then
        kesl-control --set-app-settings --file $KESLDIR/app.conf --accept-ksn && echo "... restored previous configuration (app)"
    fi
    if [ -s "$KESLDIR/net.conf.persistent" ];then
        kesl-control --set-net-settings --file $KESLDIR/net.conf.persistent && echo "... restored persistent configuration (network)"
    elif [ -s "$KESLDIR/net.conf" ];then
        kesl-control --set-net-settings --file $KESLDIR/net.conf && echo "... restored previous configuration (network)"
    fi
    for k in $KSET ; do
        if [ -s "$KESLDIR/${k}.conf.persistent" ];then
            kesl-control --set-settings $k --file $KESLDIR/${k}.conf.persistent && echo "... restored persistent configuration ($k)"
        elif [ -s "$KESLDIR/${k}.conf" ];then
            kesl-control --set-settings $k --file $KESLDIR/${k}.conf && echo "... restored previous configuration ($k)"
        fi
    done
    echo -e "\n"
}

kesl_updatedb(){
    #echo $FUNCNAME
    # upgrading the database can take a LONG time while any other pacman
    # jobs would wait until this has been finished. so we start the process but without progress (i.e. running in background)
    kesl-control --start-task Update
    echo -e "\n\n\e[93m\e[1mThe AV database update has been started in the background.\nCheck the GUI or watch the progress on the CLI with the following command:\e[0m\nkesl-control --get-task-state Update\n\n\e[93m\e[1mkesl will be fully operational first when this update has been finished\n(especially on new installation this will take a very long time)\e[0m\n\n"
}

#pre_install(){
    #echo $FUNCNAME
    # this always breaks post_install:
    #/var/opt/kaspersky/kesl/pkgscripts/preinst install
#}

post_install(){
    #echo $FUNCNAME

    # load preconfiguration variables and export them
    source /var/opt/kaspersky/kesl/pkgscripts/kesl.ini
    for k in $(egrep -v "^#" /var/opt/kaspersky/kesl/pkgscripts/kesl.ini);do
        key=${k/=*}; kkey="KESL_${key}"; v="${k/*=}"
        export ${key}=$v ${kkey}=$v
    done
    KTMP=$(create_tmp)
    #kesl_symlinks
    man_pre

    # manually add the link to /opt (really wondering why this is not covered
    # anywhere but likely I am blind:
    ln -s /var/opt/kaspersky/kesl/install/opt/kaspersky/kesl /opt/kaspersky/

    # exec the debian package postinst
    /var/opt/kaspersky/kesl/pkgscripts/postinst configure

    man_post

    # execute the kesl installer with preconfigured settings
    echo -e "\e[32m\e[1m ... starting '/opt/kaspersky/kesl/bin/kesl-setup.pl' now\e[0m\n(no need to execute it again after installation has finished)."
    cp /var/opt/kaspersky/kesl/pkgscripts/kesl.ini $KTMP/
    sed -i "s/@YOU@/$SUDO_USER/g" $KTMP/kesl.ini 
    /opt/kaspersky/kesl/bin/kesl-setup.pl --autoinstall=$KTMP/kesl.ini

    kesl-control -L --query
    kesl_importconf

    if [ "$SCHEDULE_AUTOUPDATES" == "y" ];then
        kesl-control --set-schedule Update RuleType=Minutely RunMissedStartRules=Yes StartTime="00:00:00; $SCHEDULE_UPDATE_INTERVAL" RandomInterval=99 \
            && echo "... scheduled virus database updates once within >${SCHEDULE_UPDATE_INTERVAL}< minutes"
    fi

    # disable all modules except file threat protection (realtime/on-access)
    # the user should enable the modules manually:
    kesl-control --import-settings --file /var/opt/kaspersky/kesl/pkgscripts/kesl.start.conf \
        && echo -e "... imported initial startup config - all modules disabled except realtime-scan\n"

    kesl_exportconf
    kesl_updatedb

    remove_tmp "$KTMP"
}

pre_upgrade(){
    #echo $FUNCNAME
    KTMP=$(create_tmp)
    kesl_exportconf

    for k in $(egrep -v "^#" /var/opt/kaspersky/kesl/pkgscripts/kesl.ini);do
        key=${k/=*}; kkey="KESL_${key}"; v="${k/*=}"
        export ${key}=$v ${kkey}=$v
    done


    # exec the debian package preinst
    man_pre
    /var/opt/kaspersky/kesl/pkgscripts/preinst upgrade
    man_post

    remove_tmp "$KTMP"
}

post_upgrade(){
    #echo $FUNCNAME

    # load preconfiguration variables and export them
    source /var/opt/kaspersky/kesl/pkgscripts/kesl.ini
    for k in $(egrep -v "^#" /var/opt/kaspersky/kesl/pkgscripts/kesl.ini);do
        key=${k/=*}; kkey="KESL_${key}"; v="${k/*=}"
        export ${key}=$v ${kkey}=$v
    done
    KTMP=$(create_tmp)
    #kesl_symlinks
    man_pre

    # exec the debian package postinst
    /var/opt/kaspersky/kesl/pkgscripts/preinst configure
    man_post

    kesl_importconf
    kesl_updatedb

    remove_tmp "$KTMP"
}

pre_remove(){
    #echo $FUNCNAME
    # ensure the configuration does not get lost even on a full uninstall
    #kesl_exportconf

    # exec the debian package rm scripts (post_remove is too late)
    /var/opt/kaspersky/kesl/pkgscripts/prerm remove
    /var/opt/kaspersky/kesl/pkgscripts/postrm remove
}

post_remove(){
    #echo $FUNCNAME
    rm -rf /etc/opt/kaspersky/ /opt/kaspersky/ /usr/share/licenses/kesl /var/opt/kaspersky
    rm /etc/kesl/*.conf
}