#!/bin/sh
## BRCM_COPYRIGHT_BEGIN,2025
## ================================================================================
## Copyright © 2025 Broadcom. All rights reserved. The term
## “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
## ================================================================================
##
## This software and all information contained therein is confidential and
## proprietary and shall not be duplicated, used, disclosed or disseminated in any
## way except as authorized by the applicable license agreement, without the
## express written permission of Broadcom. All authorized reproductions must be
## marked with this language.
##
## EXCEPT AS SET FORTH IN THE APPLICABLE LICENSE AGREEMENT, TO THE EXTENT
## PERMITTED BY APPLICABLE LAW OR AS AGREED BY BROADCOM IN ITS APPLICABLE LICENSE
## AGREEMENT, BROADCOM PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY
## KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
## FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL BROADCOM
## BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR
## INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION,
## LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA,
## EVEN IF BROADCOM IS EXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH
## LOSS OR DAMAGE.
## ================================================================================
## BRCM_COPYRIGHT_END,2025

#-------------------------------------------------------
#  testForBwrap() Function
#  Parameters: non - test for rpm-ostree installer
#   environment
#-------------------------------------------------------
testForBwrap()
{
   [ "$PLAT" != "Linux" ] && return 1
   # If /etc is mounted within a FUSE fuse.ro-files filesystem then
   # we assume are running within a bubblewrap container environment 
   # as an rpm-ostree install on Atomic.
   [ "$FSTYPE" = "" ] && FSTYPE=`mount 2>/dev/null | grep "/etc" | cut -f5 -d" "`
   [ "$FSTYPE" = "fuse.rofiles-fuse" ] && return 0
   return 1
}

#------------------------------------------------------
#  testForOstree() Function
#  Parameters: None
#  Purpose: Check if running in an ostree host environment.
#------------------------------------------------------
testForOstree()
{
   [ -f /etc/os-release ] && grep OSTREE_VERSION /etc/os-release 2>&1 > /dev/null || return 1
   return 0
}

#-------------------------------------------------------
#  logmsg() Function
#  Parameters: $1 - send a msg to logfile
#-------------------------------------------------------
logmsg()
{
   if testForBwrap; then
      printf "$0 instfunlib log: $@\n" 1>&2
   else
      _tod=`date +"%D %T"`
      [ "$LOGFILE" != "" ] && [ -f $LOGFILE ] && \
         printf "$_tod: $*\n" >> $LOGFILE || \
         printf "$*\n"
    fi
} 

#-------------------------------------------------------
#  stderr() Function
#-------------------------------------------------------
stderr()
{
   if testForBwrap; then
      printf "$0 instfunlib error: $@\n" 1>&2
   fi
   printf "$@" 1>&2
}

#-------------------------------------------------------
#  error() Function
#  Parameters: $1 - Return code, $2 - Error Message
#-------------------------------------------------------
error()
{
   _tod=`date +"%D %T"`
   stderr "Error $1 - $2\n"
   [ "$LOGFILE" != "" ] && [ -f $LOGFILE ] && \
      stderr "Please refer to $LOGFILE for more details.\n\n" && \
      printf "#<$_tod>: Error $1 - $2\n" >> $LOGFILE
   [ "$INSTATE" != "" ] && exit $1
}

# ------------------------------------------------------
#  sisInstalled() Function
#  Purpose: Check if SIS Agent is installed
# ------------------------------------------------------
sisInstalled()
{
   [ -d $SIS_DIR ] && [ -x $SIS_DIR/IPS/bin/sisipsdaemon ] && \
      return 0 || return 1
}

#------------------------------------------------------
#  configSELinux
#  Parameters: None
#  Purpose: Configure product daemons to run in the proper policy context
#------------------------------------------------------
configSELinux()
{
   SELINUX_CFG=/etc/selinux/config
   if [ -f $SELINUX_CFG ]; then
      SELINUX_POLICY=`sestatus |grep "Policy from config file:" \
         |cut -f2 -d: |sed "s/^[	 ]*\(.*\)[	 ]*$/\1/" 2>/dev/null`
      # Re-label init scripts using controlling policy
      setfiles /etc/selinux/$SELINUX_POLICY/contexts/files/file_contexts /etc/init.d/sis* 2>/dev/null
      if [ -d /etc/init ]; then
         setfiles /etc/selinux/$SELINUX_POLICY/contexts/files/file_contexts /etc/init/sis* 2>/dev/null
      fi
   fi
}

run()
{
   if [ "$ROOT_DIR" ]; then 
      chroot $ROOT_DIR /bin/sh -c "PATH=$PATH $*"; _rc=$?
      [ $_rc != 0 ] && logmsg "Error $_rc running: \"chroot $ROOT_DIR /bin/sh -c \"$*\"";
   else 
      $*; _rc=$?
      [ $_rc != 0 ] && logmsg "Error $_rc running: $*";
   fi
   return $_rc; 
}

# ------------------------------------------------------
#  installFile() Function
# ------------------------------------------------------
installFile()
{
   _opt=$1 _from=$2; _to=$3; _mod=$4
   [ ! -d `dirname $_to` ] && mkdir -p `dirname $_to`
   [ ! -f $_from ] && touch $_from 2>>$LOGFILE
   case $_opt in
      p) [ ! -f $_to ] && mv -f $_from $_to 2>>$LOGFILE;;
      c) cp -f $_from $_to 2>>$LOGFILE;;
      m) mv -f $_from $_to 2>>$LOGFILE && rmdir `dirname $_from` 2>/dev/null
         if [ $PLAT_OS = solaris ] && [ -s $_from ]; then
           removef $INSTF_PARMS $PKG_NAME $_from >>$LOGFILE 2>&1
         fi;;
      s) [ ! -f $_from ] && logmsg "installFile: $_from missing for symlink $_to";
         ln -sf $_from $_to >>$LOGFILE 2>&1;;
      *) logmsg "installFile: Invalid option $_opt to function";;
   esac
   [ "$_mod" != "" ] && chmod $_mod $_to 2>>$LOGFILE
   #printf "$_from $_to $_mod\n" >> $SIS_DIR/docs/install_manifest.txt
   [ $PLAT_OS = solaris ] && installf $INSTF_PARMS $PKG_NAME $_to >>$LOGFILE 2>&1
   return 0
}

# simulate xpg4 grep -q for CSH
qgrep() { grep $* 2>&1 >/dev/null; }
# substitution doesn't work on Solaris CSH
#strstr() { [ "${1#*$2*}" = "$1" ] && return 1 || return 0; }
strstr() { echo $1 |qgrep $2; return $?; }
ipsSupported() { strstr $OS_FEATURES P; return $?; }
amdSupported() { strstr $OS_FEATURES A; return $?; }

driverVersion()
{
  if [ -x $ROOT_DIR/usr/bin/strings ];then
      case $PLAT in
        AIX) [ -f $1 ] && strings -a -12 $1 2>/dev/null |grep "[56]\..* (af.*)" 2>/dev/null |cut -dI -f2- |sort |uniq |head -1 ;;
        *) [ -f $1 ] && strings -12 $1  2>/dev/null |grep "^[56]\..* (af.*)" 2>/dev/null |sort |uniq |head -1 ;;
      esac
  fi
}

fimDriverVersion()
{
  case $PLAT in
      Linux) [ -f $1 ] && /sbin/modinfo -F version_ $1 2>/dev/null ;;
  esac
}

# Copy of function from request script
fimSupported()
{
  case $PLAT in
    AIX) 
      if ([ $PLAT_RELEASE = 5.3 ] && [ `bootinfo -K` = 64 ]) || [ `uname -v` -ge 6 ]; then
        return 0;
      else return 1;
      fi
      ;;
    Linux) 
      case $PLAT_VARIANT in
        rhel[6789]|sles1[0-9]) return 0;;
        rhel10) return 0;;		
        ubuntu*) return 0;;
        debian*) return 0;;
        amzn*) return 0;;
        *) return 1;;
      esac
      ;;
    *) return 1;;
  esac
}

# ------------------------------------------------------
#  changeSettings() Function
# ------------------------------------------------------ 
changeSettings()
{
   trueFalse() { [ "$1" = "0" ] && printf false || printf true; };
   enableDisable() { [ "$1" = "1" ] && printf enable || printf disable; };
   
   setfiles=`find $IPS_DIR $IDS_DIR $IDS_DIR/system $LIB_DIR $SIS_ETC_DIR -type f |grep -e"\.ini$" -e"\.reg$" -e"\.sh$" -e"\.txt$" -e"\.init$" -e"\.xml$" -e"\.service$"`
   amdSupported && setfiles="$setfiles `find $AMD_DIR/system -type f -name '*.ini'`"
   setfiles="$setfiles $IPS_DIR/bin/sisipsagent $IPS_DIR/bin/sisipsutil $IPS_DIR/bin/contentmgr.logging.conf"
   setfiles="$setfiles $IPS_DIR/.profile $IDS_DIR/bin/sisidsagent"
   setfiles="$setfiles $RCDIR_NR/sisipsagent $RCDIR_NR/sisidsagent $RCDIR_NR/sisipsutil"
   setfiles="$setfiles $RCDIR_NR/sis*.init $RCDIR_NR/sisips.nfsd"
   amdSupported && setfiles="$setfiles $RCDIR_NR/sisamdagent $RCDIR_NR/sisevt.init $RCDIR_NR/sisap.init $ETC_INIT/sisamddaemon.conf"
   [ "$SYSTEMD_SCRIPT_DIR" ] && [ -d "$SYSTEMD_SCRIPT_DIR" ] && setfiles="$setfiles $SYSTEMD_SCRIPT_DIR/sis*.service"
   [ "$UPSTART_SCRIPT_DIR" ] && [ -d "$UPSTART_SCRIPT_DIR" ] && setfiles="$setfiles $UPSTART_SCRIPT_DIR/sis*.conf"
   setfiles="$setfiles $RCDIR_NR/rc.sisi?s*"

   for file in $setfiles; do
      [ ! -f $file ] && continue;
      cp -p $file $file.new
      sed -e "s|%INSTALL_DIR%|$SIS_DIR_NR|g" \
          -e "s|%DRIVER_LOG_DIR%|$SIS_LOGDIR_NR|g" \
          -e "s|%LOG_DIR%|$SIS_LOGDIR_NR|g" \
          -e "s|%AGENT_TYPE%|$AGENT_TYPE|g" \
          -e "s|%AGENT_SECURITY_GROUP%|$SIS_SEC_GROUP|g" \
          -e "s|%CONFIG_INITIAL_GROUP%|$SIS_COM_CFG_GROUP|g" \
          -e "s|%AGENT_CONFIG_INITIAL_GROUP%|$SIS_IPS_CFG_GROUP|g" \
          -e "s|%INITIAL_GROUP%|$SIS_IPS_POL_GROUP|g" \
          -e "s|%IDS_POLICY_GROUP%|$SIS_IDS_POL_GROUP|g" \
          -e "s|%IDS_CONFIG_GROUP%|$SIS_IDS_CFG_GROUP|g" \
          -e "s|%IDS_PLUS_FILE%||g" \
          -e "s|%CHARSET%|UTF-8|g" \
          -e "s|%MANAGEMENT_SERVER%|$SIS_MGMT_ADDR|g" \
          -e "s|%SERVER_LIST%|$SIS_SERVER_LIST|g" \
          -e "s|%AGENT_NAME%|$SIS_AGENT_NAME|g" \
          -e "s|%AGENT_PORT%|$SIS_AGENT_PORT|g" \
          -e "s|%AGENT_PROTOCOL%|$SIS_AGENT_PROTOCOL|g" \
          -e "s|%POLICY_FALLBACK%|0|g" \
          -e "s|%POLL_ENABLED%|true|g" \
          -e "s|%POLL_INTERVAL%|$SIS_POLL_INTERVAL|g" \
          -e "s|%NOTIFY_PORT%|$SIS_NOTIFY_PORT|g" \
          -e "s|%SERVICE_PORT%|$SIS_SERVICE_PORT|g" \
          -e "s|%SIS_LOCALE%|$SIS_LOCALE|g" \
          -e "s|%OS_FEATURES%|$OS_FEATURES|g" \
          -e "s|%NOTIFY_ENABLE%|`trueFalse $SIS_NOTIFICATIONS`|g" \
          -e "s|%IPS_ENABLE%|`trueFalse $IPS_ENABLE`|g" \
          -e "s|%IPS_ENABLE_OHONE%|$IPS_ENABLE|g" \
          -e "s|%IPS_REBOOT%|`trueFalse $IPS_ENABLE`|g" \
          -e "s|%FIM_ENABLE%|`trueFalse $FIM_ENABLE`|g" \
          -e "s|%FIM_ENABLE_OHONE%|$FIM_ENABLE|g" \
          -e "s|%FIM_REBOOT%|`trueFalse $FIM_ENABLE`|g" \
          -e "s|%AMD_ENABLE%|`enableDisable $AMD_ENABLE`|g" \
          -e "s|%AP_ENABLE%|`enableDisable $AP_ENABLE`|g" \
          -e "s|%AP_ENABLE_OHONE%|$AP_ENABLE|g" \
          -e "s|%AGENT_LOGFILE%|$SIS_LOGDIR_NR/sisipsdaemon.log|g" \
          -e "s|%DRIVER_LOG_PROFILENAME%|sisipsprofile.log|g" \
          -e "s|%DRIVER_LOG_FILENAME%|sisips.log|g" \
          -e "s|%SIS_LOG_DIR%|$SIS_LOGDIR_NR|g" \
          -e "s|%PLUS_FILE%|$SIS_ETC_DIR/sisips.sbp.zip|g" \
          -e "s|%MINUS_FILE%|$SIS_ETC_DIR/sisips.conf|g" \
          -e "s|%VARIANT%|$PLAT_VARIANT|g" \
          -e "s|%WORKING_DIR%|$WORKING_DIR|g" \
          -e "s|%OS%|$PLAT_OS|g" -e "s|%/%|/|g"  $file > $file.new
        if [ -f $file.new ]; then 
        if diff $file $file.new >/dev/null 2>&1; then rm -f $file.new
        else logmsg "changeSetting: file $file.."
           mv -f $file.new $file
        fi
      fi
      #[ -f $file.new ] && mv $file.new $file
   done

   # Change IDS LocalAgent.ini Locale (LC_CTYPE) setting
   sed -e "s|LC_CTYPE=.*$|LC_CTYPE=$SIS_LOCALE|g" \
      $IDS_DIR/system/LocalAgent.ini >$IDS_DIR/system/LocalAgent.ini.bak && \
      mv -f $IDS_DIR/system/LocalAgent.ini.bak $IDS_DIR/system/LocalAgent.ini
}


getIniSection() 
{
  _file=$1; _section=`echo $2 |awk '{print tolower($0)}'`
  if [ "$_section" = "_none_" ]; then
     cat $_file |grep -v "^#\|^$" |grep ".*=.*"
  else
     SECTION_CMD='tolower($0) ~ /^\[%SECTION%\]/ {while (getline && $0 !~ /^\[.*\]/ && $0 !~ /^$/) print $0;}'
     _cmd=`echo "$SECTION_CMD" |sed "s/\%SECTION\%/$_section/"`
     cat $_file |grep -v "^#\|^$" |awk "$_cmd" 2>/dev/null && ret=0 || ret=1
  fi
  unset SECTION_CMD _cmd _file _section
  return $ret
}

getIniSectionRepo() 
{
  _file=$1; _section=`echo $2 |awk '{print tolower($0)}'`
  if [ "$_section" = "_none_" ]; then
     cat $_file |grep -v "^|^$" |grep ".*=.*"
  else
     SECTION_CMD='tolower($0) ~ /^\[%SECTION%\]/ {while (getline && $0 !~ /^\[.*\]/ && $0 !~ /^$/) print $0;}'
     _cmd=`echo "$SECTION_CMD" |sed "s/\%SECTION\%/$_section/"`
     cat $_file |grep -v "^|^$" |awk "$_cmd" 2>/dev/null && ret=0 || ret=1
  fi
  unset SECTION_CMD _cmd _file _section
  return $ret
}


trimIniValue()
{
  echo "$*" |awk '
  {
    if (index($0,"#"))
      s=substr($0,0,index($0,"#")-1);
    else s=$0;
    sub(/[ \t\r\n\v\f]*$/,"",s); 
    print s; 
  }'
}

getIniValue()
{
   iniVal=`getIniSection "$1" "$2" 2>/dev/null |grep  -i "^$3=" 2>/dev/null |cut -d= -f2- 2>/dev/null`
   trimIniValue "$iniVal"
   unset iniVal
}

mergeIniFile()
{
   AF_EXCEPTIONS="agentlog. log.rule. plus.policy.file driverlog.logfile 
              driverlog.profile.logfile driverlog.file.pointer driverlog.unprocessed.logs 
              driverlog.rollover.pending ssl.trustStore PolicyFile LogFile ProfileFile"
   OSF_EXCEPTIONS="agent.features ips.enabled Enable NFSCEnable"
   strmatch() { return `echo "$1" "$2" | \
         awk -v s1="$1" -v s2="$2" '{if (tolower(s1)==tolower(s2)) print 0; else print 1;}'`;}
   _prev_file=$1; _inst_file=$2;
   logmsg "mergeIniFile: ** Merging $_prev_file into $_inst_file ..."
   if [ "$_prev_file" = "" ] || [ "$_inst_file" = "" ] || \
      [ ! -f $_prev_file ] || [ ! -f $_inst_file ]; then
      logmsg "WARNING: INI file \"$_prev_file\" or \"$_inst_file\" missing.."; return 1;
   fi

   _section_list="`cat $_prev_file $_inst_file |awk '/^\[.*\]/' |tr -d \"\[\]\" |sort|uniq|awk '{printf "%s:",$0}'`"
   [ "$_section_list" = "" ] && _section_list="_none_"

   OLD_IFS=$IFS; IFS=:
   for _section in $_section_list; do
      _prev_section=`getIniSection $_prev_file "$_section"`
      _inst_section=`getIniSection $_inst_file "$_section"`
      _key_list="`echo \"$_prev_section\" |cut -d= -f1`"
      _key_list="`echo \"$_inst_section\" |cut -d= -f1`
$_key_list"
      _key_list="`echo \"$_key_list\" |sort|uniq|awk '{printf "%s:",$0}'`"

      for _key in $_key_list; do
         # Check for exceptions
         #if echo $_key |grep -qi "log\.rule\."; then continue;
         [ "$_key" = "" ] && continue
         [ "$PLAT" != "Linux" ] && [ "$_key" = "NFSCEnable" ] && continue
         if echo $_key |grep -qi "^agentini\.checksum"; then continue;
         elif [ "$afupgrade" = "true" ] && echo "$AF_EXCEPTIONS" |grep -qw $_key; then
            logmsg "mergeIniFile: skipping $_key on AF upgrade.." && continue
         fi

         _inst_entry="`echo \"$_inst_section\" |grep -i \"^$_key=\" |uniq|awk '{printf "%s",$0}'`"
         _prev_entry="`echo \"$_prev_section\" |grep -i \"^$_key=\" |uniq|awk '{printf "%s",$0}'`"
         _inst_val="`echo \"$_inst_entry\" |cut -d= -f2-`"; _inst_val=`trimIniValue "$_inst_val"`
         _prev_val="`echo \"$_prev_entry\" |cut -d= -f2-`"; _prev_val=`trimIniValue "$_prev_val"`

         if [ "$osfeature_upgrade" = "true" ] && echo "$OSF_EXCEPTIONS" |grep -qw $_key; then
            [ "$_key" = "agent.features" ] && \
            logmsg "mergeIniFile: skipping $_key val on OS_FEATURES upgrade.." && continue
            #Case 1 : UB the AMD enable state is null
            [ -z $_prev_val ] && \
            logmsg "mergeIniFile: skipping $_key on OS_FEATURES upgrade.." && continue
            #Add individual cases based on feature upgrade scenario.
         fi

         # check for dir name change on upgrade for Athens rebranding
         if [ "$dnupgrade" != "true" ] && echo "$_prev_val" |egrep -q "scspagent|scsplog"; then
            _prev_val=`echo "$_prev_val" |sed -e "s/scsplog/$LOGDIR_POSTFIX/g" -e "s/scspagent/$INSTDIR_POSTFIX/g"`
            _prev_entry=`echo "$_prev_entry" |sed -e "s/scsplog/$LOGDIR_POSTFIX/g" -e "s/scspagent/$INSTDIR_POSTFIX/g"`
            logmsg "mergeIniFile: changing value of $_key to \"$_prev_val\" for dirname upgrade.."
         fi

         # check for dir name change on upgrade for Solaris IPS Package 
         if [ "$OLDBASEDIR" != "" ] && echo "$_prev_val" |grep -q $OLDBASEDIR; then
            _prev_val=`echo "$_prev_val" |sed -e "s|$OLDBASEDIR|$BASEDIR|g"`
            _prev_entry=`echo "$_prev_entry" |sed -e "s|$OLDBASEDIR|$BASEDIR|g"`
         fi
         # new entry
         if [ "$_prev_entry" = "" ]; then
            logmsg "mergeIniFile: new key $_key found in $_inst_file.." && continue
         elif [ "$_inst_entry" = "" ]; then
            logmsg "mergeIniFile: key $_key not in new INI file $_inst_file.. merging"
            awk -v sect="$_section" -v entry="$_prev_entry" \
                'BEGIN {r=sprintf("[%s]",sect); f=0;} 
                 {print; if(index(tolower($0),tolower(r))) {f=1; print entry; }}
                 END {if (!f) printf "\n%s\n%s",r,entry;}' \
               $_inst_file >$_inst_file.1 && mv -f $_inst_file.1 $_inst_file || \
           logmsg "mergeIniFile: Error adding key \"$_key\" value in $_inst_file.."
         elif strmatch "$_prev_val" "$_inst_val"; then continue
         else _key=`grep -i "^$_key=" $_inst_file |cut -d= -f1` #get correct case of key in file
            logmsg "mergeIniFile: Changing key \"$_key=$_prev_val\" value in $_inst_file.."
            awk -v key="$_key" -v val="$_prev_val" \
                'BEGIN {r=sprintf("^%s=.*$",key); s=sprintf("%s=%s",key,val);} {gsub(r,s); print;}' \
               $_inst_file >$_inst_file.1 && mv -f $_inst_file.1 $_inst_file || \
           logmsg "mergeIniFile: Error changing key \"$_key\" value in $_inst_file.."
         fi
      done
   done
   [ "$OLD_IFS" = "" ] && IFS=" " || IFS=$OLD_IFS
   unset _prev_file _inst_file _section _section_list _key
   unset __inst_entry inst_val _prev_entry _prev_val AF_EXCEPTIONS
}

mergeKernTextFile()
{
   _prev_file=$1; _new_file=$2

   diff $_prev_file $_new_file >/dev/null 2>&1 || \
   {
      logmsg "mergeKernTextFile: ** Merging $_prev_file into $_new_file ..."
      chmod +w $_new_file
      while read linevar
      do         
		 emptyLine=`echo "$linevar" | xargs`
		 [ -z "$emptyLine" ] && continue
		 
		 # Upgrade from 6.7.2 HF2 : do not merge the catchall lines
         echo $linevar | grep "(catchall)" > /dev/null 2>&1 && continue

         # Do not merge the Catch-all section
         echo $linevar | grep "#Catch-all section" >/dev/null 2>&1 && break

         # Add the line before Catch-all section
         cat $_new_file |grep -Fx "$linevar" >/dev/null 2>&1 || sed -i "/^#Catch-all*/i ${linevar}" $_new_file
      done< $_prev_file
   }
   unset _prev_file _new_file
}


mergeTextFile()
{
   _prev_file=$1; _new_file=$2
   if [ "$AGENT_TYPE" = "1" ]; then
   if egrep -q "scspagent|scsplog" $_prev_file; then
     cat $_prev_file | sed -e "s/scsplog/$LOGDIR_POSTFIX/g" -e "s/scspagent/$INSTDIR_POSTFIX/g" >${_prev_file}.tmp
     _prev_file=${_prev_file}.tmp
   fi
   fi

   diff $_prev_file $_new_file >/dev/null 2>&1 || \
   {
      logmsg "mergeTextFile: ** Merging $_prev_file into $_new_file ..." 
      chmod +w $_new_file    
      while read linevar
      do
    cat $_new_file |grep -Fx "$linevar" >/dev/null 2>&1 || echo "$linevar" >>$_new_file
      done< $_prev_file
   }
   rm -f ${_prev_file}.tmp
   unset _prev_file _new_file
}

restoreConfFile()
{
   _prev_file=$1; _new_file=$2
   if [ "$_prev_file" = "" ] || [ ! -f $_prev_file ]; then
      logmsg "WARNING: Conf file \"$_prev_file\" missing.."; return 0;
   else
      logmsg "restoreConfFile: ** Restore $_prev_file into $_new_file ..."
      mv $_prev_file $_new_file
   fi
   unset _prev_file _new_file
}

UpdateAIXBootImage()
{
   if [ $PLAT = AIX ]; then
      if ipsSupported || fimSupported ; then
         logmsg "UpdateAIXBootImage: create complete boot image and device. Run 'bosboot -ad /dev/ipldevice'."
         bmsg="An error occurred during bosboot processing.  Please rerun the 'bosboot -ad /dev/ipldevice' command as root.  If the problem persists, please correct the problem before reboot."
         /usr/sbin/bosboot -ad /dev/ipldevice >>$LOGFILE 2>&1 || error $? "bosboot: WARNING! bosboot failed - do not attempt to boot device. $bmsg"
      fi
   fi
}

#mklink( runlevel, order-number, script-name )
mklink() {
   for level in $1; do
      src=$RCDIR_NR/$3  # Actual File
      dest=$RCBASE/rc$level.d/$2$3   # Symbolic link
      logmsg "Creating symlink $dest -> $src"
      ln -fs $src $dest >>$LOGFILE 2>&1 || \
        logmsg "Error creating symbolic link of $src to $dest"
   done
}

RC_BOOT_SCRIPT="
# Begin SIS IPS -- DO NOT EDIT
if grep SISIPSNULL /proc/cmdline >/dev/null 2>&1; then
  echo \"Symantec Agent for Linux IPS driver will not be Started ...\"
else /etc/init.d/sisips.init start; fi
# End SIS IPS -- DO NOT EDIT
"

enableDriverStart()
{
   logmsg "Enabling IPS Driver for system start.."
   case $PLAT_OS in
      aix)
         rmitab sisipsdd 2>/dev/null
         $RCDIR/sisips.init setup || \
            error $? "Unable to create inittab entry for $RCDIR/sisips.init" 
         $RCDIR/sisfim.init setup || \
            error $? "Unable to create inittab entry for $RCDIR/sisfim.init" 
         ;;
      solaris)
         [ ! -f ${ROOT_DIR}/etc/system ] && touch ${ROOT_DIR}/etc/system
         cp -f ${ROOT_DIR}/etc/system ${ROOT_DIR}/etc/system-pre-sisips
         grep -q "^forceload.*sisips" ${ROOT_DIR}/etc/system || \
           echo "forceload: drv/sisips" >> ${ROOT_DIR}/etc/system
         if [ $PLAT_RELEASE -lt 10 ]; then 
            rm -f $RCBASE/rc?.d/???sisipsnet
            mklink "2" S70 sisipsnet 
         else 
            # remove the legacy sisipsnet service
            removeSisipsnetService
            # Write line to inittab to "autopush" the sisipsnet STREAMS module
            logmsg "Configuring sisipsnet STREAMS driver.."
            ed -s ${ROOT_DIR}/etc/inittab >>$LOGFILE 2>&1 <<EOF
g/sisipsnet/d
/^smf/i
sis::sysinit:$RCDIR_NR/sisipsnet
.
w
q
EOF
            if [ $? -ne 0 ]; then
               logmsg "Could not modify ${ROOT_DIR}/etc/inittab to push the sisipsnet STREAMS module"
            fi
            fi ;;
   esac
}
disableDriverStart()
{
   logmsg "Disabling IPS Driver for system start.."
   cleanScript() { awk 'BEGIN { printflag = 1; } /^# Begin SIS IPS.*/ { printflag = 0; } /^# End SIS IPS.*/ { printflag = -1; } { if (printflag == 1) print $0; else if (printflag == -1) printflag = 1; }' $1 >${ROOT_DIR}/etc/symantec/`basename $1`; mv -f ${ROOT_DIR}/etc/symantec/`basename $1` $1; chmod 700 $1; }
   
   case $PLAT_OS in
      aix)
         rmitab sisipsdd >>$LOGFILE 2>&1 ;;
      solaris)
         if [ -f ${ROOT_DIR}/etc/system ] && grep -q "^forceload.*sisips" ${ROOT_DIR}/etc/system; then
            cat ${ROOT_DIR}/etc/system |grep -v "^forceload.*sisips" >${ROOT_DIR}/etc/symantec/system.save
             mv -f ${ROOT_DIR}/etc/symantec/system.save ${ROOT_DIR}/etc/system
         fi
         if [ $PLAT_RELEASE -lt 10 ]; then 
            rm -f ${ROOT_DIR}/etc/rc?.d/???sisipsnet 
         else  
            # Remove "autopush" of sisipsnet STREAMS driver line from inittab
            ed -s ${ROOT_DIR}/etc/inittab >>$LOGFILE 2>&1 <<EOF
g/sisipsnet/d
w
q
EOF
            if [ $? -ne 0 ]; then
               logmsg "Could not modify ${ROOT_DIR}/etc/inittab to not push the sisipsnet STREAMS module"
            fi
         fi ;;
   esac
}

removeSisipsnetService()
{
   RC1=0
   RC2=0

   # check if sisipsnet service exists
   if [ -f $ROOT_DIR/var/svc/manifest/network/sisipsnet.xml ]; then

      logmsg "Removing legacy sisipsnet service.."

      # make calls to SMF to remove the legacy sisipsnet service and any
      # dependencies on it.  Note that the SMF calls will fail if running
      # from a Jumpstart environment
      svcadm disable sisipsnet >>$LOGFILE 2>&1
      RC1=$?
      svccfg delete sisipsnet >>$LOGFILE 2>&1
      RC2=$?
   fi

   # if the sisipsnet service exists and the calls to SMF failed above,
   # then setup the sisipsnet cleanup service to remove the sisipsnet
   # service on the next reboot
   if [ $RC1 -ne 0 -o $RC2 -ne 0 ]; then
      mv $SIS_ETC_DIR/sisipsnet.xml \
         $ROOT_DIR/var/svc/manifest/network/sisipsnet.xml
      chmod 444 $ROOT_DIR/var/svc/manifest/network/sisipsnet.xml
      mv $SIS_ETC_DIR/sisipsnet_cleanup.xml \
         $ROOT_DIR/var/svc/manifest/network/sisipsnet_cleanup.xml
      chmod 444 $ROOT_DIR/var/svc/manifest/network/sisipsnet_cleanup.xml
   else
      rm -f $ROOT_DIR/var/svc/manifest/network/sisipsnet.xml
      rm -f $SIS_ETC_DIR/sisipsnet.xml
      rm -f $SIS_ETC_DIR/sisipsnet_cleanup.xml
      rm -f $SIS_ETC_DIR/sisipsnet_cleanup
   fi

   return 0
}

# ------------------------------------------------------
#  configFimDriver() Function
# ------------------------------------------------------  
configFimDriver()
{
   if fimSupported; then
      logmsg "Configuring IDS real-time file integrity monitoring driver.."
      case $PLAT_OS in
         aix)
            /usr/bin/odmadd $IDS_DIR/driver/sisfim.add  >>$LOGFILE 2>&1 || error $? "configFimDriver: Add sisfim device configuration"
            ;;
       esac
   fi
}

# ------------------------------------------------------
#  unconfigFimDriver() Function
# ------------------------------------------------------  
unconfigFimDriver()
{
   logmsg "Unconfiguring IDS real-time file integrity monitoring driver.."
   if fimSupported; then
      case $PLAT_OS in
         aix)
            /usr/bin/odmdelete -q rule=/etc/methods/defsisfim -o Config_Rules >>$LOGFILE 2>&1
            /usr/bin/odmdelete -q uniquetype=security/symantec/sisfim -o PdDv >>$LOGFILE 2>&1
            /usr/bin/odmdelete -q uniquetype=security/symantec/sisfim -o PdAt >>$LOGFILE 2>&1
            /usr/bin/odmdelete -q name=sisfim -o CuDv >>$LOGFILE 2>&1
            /usr/bin/odmdelete -q value1=sisfim -o CuDvDr >>$LOGFILE 2>&1
            /usr/bin/odmdelete -q value3=sisfim -o CuDvDr >>$LOGFILE 2>&1
            ;;
      esac
   fi
}

# ------------------------------------------------------
#  enableSystemStart() Function
# ------------------------------------------------------  
enableSystemStart()
{
   logmsg "Enabling IDS & IPS Agents for system start.."
   if [ $INIT_SUBSYSTEM = systemd ]; then
      systemctl enable sisidsdaemon.service >>$LOGFILE 2>&1
      systemctl enable sisipsdaemon.service >>$LOGFILE 2>&1 
      ipsSupported && systemctl enable sisipsutildaemon.service >>$LOGFILE 2>&1
      amdSupported && systemctl enable sisamddaemon.service >>$LOGFILE 2>&1
      systemctl daemon-reload >> $LOGFILE 2>&1
      systemctl status sisidsdaemon sisipsdaemon >>$LOGFILE 2>&1
      amdSupported && systemctl status sisamddaemon.service >>$LOGFILE 2>&1
      systemctl list-timers >> $LOGFILE 2>&1
   else
      case $PLAT_OS in
         aix)
            rcs=${ROOT_DIR}/etc/rc.shutdown; ss="S[DC][CS].* Agent"
            if [ ! -f $rcs ] || [ "`grep \"$ss\" $rcs`" = "" ]; then
               echo "/etc/rc.sisidsagent stop    # Stop SDCSS Agent (IDS)" >>$rcs
               echo "/etc/rc.sisipsagent stop    # Stop SDCSS Agent (IPS)" >>$rcs
               chmod +x $rcs
            fi
            rmitab rcsisidsagent 2>/dev/null
            mkitab "rcsisidsagent:23456789:wait:$RC_IDS start >/dev/console 2>&1" || \
               error $? "Unable to create inittab entry for $RC_IDS"
            rmitab rcsisipsagent 2>/dev/null
            mkitab "rcsisipsagent:23456789:wait:$RC_IPS start >/dev/console 2>&1" || \
               error $? "Unable to create inittab entry for $RC_IPS"
            if ipsSupported; then
              rmitab rcsisipsutil 2>/dev/null
              mkitab "rcsisipsutil:23456789:wait:$RC_UTIL start >/dev/console 2>&1" || \
                 error $? "Unable to create inittab entry for $RC_UTIL"
            fi ;;
         suse)
            insserv -fr sisidsagent >>$LOGFILE 2>&1
            insserv -fr sisipsagent >>$LOGFILE 2>&1
            amdSupported && insserv -fr sisamdagent >>$LOGFILE 2>&1
            insserv -f sisidsagent >>$LOGFILE 2>&1
            insserv -f sisipsagent >>$LOGFILE 2>&1
            amdSupported && insserv -f sisamdagent >>$LOGFILE 2>&1
            if ipsSupported; then
               insserv -fr sisipsutil >>$LOGFILE 2>&1
               insserv -f sisipsutil >>$LOGFILE 2>&1
            fi ;;
         redhat)
            chkconfig --del sisidsagent  >>$LOGFILE 2>&1
            chkconfig --del sisipsagent  >>$LOGFILE 2>&1
            amdSupported && chkconfig --del sisamdagent >>$LOGFILE 2>&1
            chkconfig --add sisidsagent  >>$LOGFILE 2>&1
            chkconfig --add sisipsagent  >>$LOGFILE 2>&1
            if ipsSupported; then
               chkconfig --del sisipsutil  >>$LOGFILE 2>&1
               chkconfig --add sisipsutil  >>$LOGFILE 2>&1
            fi
            if amdSupported; then
               chkconfig --add sisamdagent >>$LOGFILE 2>&1
            #   chkconfig cgconfig on >>$LOGFILE 2>&1
            fi 
            #ESX Firewall rules enable
            if [ -f /etc/vmware/firewall/symantecCSP.xml ]; then
               esxcfg-firewall -l >>$LOGFILE 2>&1
               esxcfg-firewall -e symantecCSP >>$LOGFILE 2>&1
            fi ;;
         amazon*)
            chkconfig --del sisidsagent  >>$LOGFILE 2>&1
            chkconfig --del sisipsagent  >>$LOGFILE 2>&1
            amdSupported && chkconfig --del sisamdagent >>$LOGFILE 2>&1
            chkconfig --add sisidsagent  >>$LOGFILE 2>&1
            chkconfig --add sisipsagent  >>$LOGFILE 2>&1
            amdSupported && chkconfig --add sisamdagent >>$LOGFILE 2>&1
            if ipsSupported; then
               chkconfig --del sisipsutil  >>$LOGFILE 2>&1
               chkconfig --add sisipsutil  >>$LOGFILE 2>&1
            fi ;;
         solaris)
            rm -f $RCBASE/rc?.d/???sisi?sagent $RCBASE/rc?.d/???sisipsutil
            mklink "S 0 1" K01 sisidsagent
            mklink "S 0 1" K36 sisipsagent
            mklink "3"     S90 sisidsagent
            mklink "3"     S99 sisipsagent
            mklink "3"     S99 sisipsnet
            if ipsSupported; then
               mklink "S 0 1" K37 sisipsutil
               mklink "3"     S99 sisipsutil
            fi ;;
         hp-ux)
            # hp-ux uses 3 digit numbering scheme
            rm -f $RCBASE/rc?.d/????sisi?sagent
            mklink "2"  K925 sisidsagent
            mklink "2"  K950 sisipsagent
            mklink "3"  S050 sisidsagent
            mklink "3"  S075 sisipsagent ;;
      esac
   fi
   
   configSELinux

   case $PLAT_VARIANT in
      sles*) 
         #Add sisips to list of hidden users for KDM login greeter on SLES9
         kdmrc=${ROOT_DIR}/etc/opt/kde3/share/config/kdm/kdmrc
         if [ -f $kdmrc ] && grep "HiddenUsers*=.*" $kdmrc | \
            grep -v sisips >/dev/null 2>&1; then
            cp -f $kdmrc $kdmrc.bak; chmod +w $kdmrc
            sed "s/HiddenUsers.*=.*/&,sisips/" $kdmrc.bak | \
             sed "/HiddenUsers.*=.*,,.*/s/,\+/,/g" >$kdmrc
         fi;;
   esac

   if [ $PLAT != Linux ]; then
      # Enable or disable the driver
      ipsSupported && enableDriverStart
   fi
}

# ------------------------------------------------------
#  disableSystemStart() Function
# ------------------------------------------------------  
disableSystemStart()
{ 
   logmsg "Disabling IDS & IPS Agents for system start.."
   if [ "$INIT_SUBSYSTEM" = "systemd" ]; then
      systemctl disable sisidsdaemon.service >>$LOGFILE 2>&1
      systemctl disable sisipsdaemon.service >>$LOGFILE 2>&1
      ipsSupported && systemctl disable sisipsutildaemon.service >>$LOGFILE 2>&1
      amdSupported && systemctl disable sisamddaemon.service >>$LOGFILE 2>&1
      systemctl daemon-reload >> $LOGFILE 2>&1
      systemctl list-timers >> $LOGFILE 2>&1
   else
      case $PLAT_OS in
         aix)
            rcs=${ROOT_DIR}/etc/rc.shutdown; ss="S[DC][CS].* Agent"
            if [ -f $rcs ] && grep -q "$ss" $rcs; then
               grep -v "$ss" $rcs >$rcs.$$.sav; mv $rcs.$$.sav $rcs
               [ ! -s $rcs ] && rm -f $rcs
            fi
            rmitab rcsisidsagent >>$LOGFILE 2>&1
            rmitab rcsisipsagent >>$LOGFILE 2>&1
            rmitab rcsisipsutil >>$LOGFILE 2>&1
            rmitab sisipsdd >>$LOGFILE 2>&1 ;;
         suse)
            insserv -fr sisidsagent >>$LOGFILE 2>&1
            insserv -fr sisipsagent >>$LOGFILE 2>&1
            insserv -fr sisipsutil >>$LOGFILE 2>&1
            amdSupported && insserv -fr sisamdagent >>$LOGFILE 2>&1
            ;;
         redhat)
            chkconfig --del sisidsagent  >>$LOGFILE 2>&1
            chkconfig --del sisipsagent  >>$LOGFILE 2>&1
            chkconfig --del sisipsutil  >>$LOGFILE 2>&1
            amdSupported && chkconfig --del sisamdagent >>$LOGFILE 2>&1
            #ESX Firewall rules disable
            if [ -f /etc/vmware/firewall/symantecCSP.xml ]; then
              esxcfg-firewall -d symantecCSP >>$LOGFILE 2>&1
              esxcfg-firewall -l >>$LOGFILE 2>&1
              rm -f /etc/vmware/firewall/symantecCSP.xml
            fi ;;
         ubuntu)
            update-rc.d -f sisidsagent remove >>$LOGFILE 2>&1
            update-rc.d -f sisipsagent remove >>$LOGFILE 2>&1
            amdSupported && update-rc.d -f sisamdagent remove >>$LOGFILE 2>&1
            update-rc.d -f sisipsutil remove >>$LOGFILE 2>&1 ;;
         solaris)
            rm -f $RCBASE/rc?.d/???sisi?sagent $RCBASE/rc?.d/???sisipsutil;;
         hp-ux)
            # hp-ux uses 3 digit numbering scheme
            rm -f $RCBASE/rc?.d/????sisi?sagent ;;
      esac
   fi

   case $PLAT_VARIANT in
      sles*)
         #Remove sisips from list of hidden users for KDM login greeter on SLES9
         kdmrc=${ROOT_DIR}/etc/opt/kde3/share/config/kdm/kdmrc
         if [ -f $kdmrc ] && grep "HiddenUsers*=.*,sisips.*" $kdmrc >/dev/null 2>&1; then
            cp -f $kdmrc ${ROOT_DIR}/etc/symantec/kdmrc.save; chmod +w $kdmrc
            sed "s/,sisips//" ${ROOT_DIR}/etc/symantec/kdmrc.save >$kdmrc
         fi;;
   esac

   if [ $PLAT != Linux ]; then
      # Always disable the driver
      ipsSupported && disableDriverStart
   fi  
}

strip_altroot()
{
   [ "$ROOT_DIR" ] && \
    echo "$1" |awk -v d=$ROOT_DIR '{if (split($0,a,d)>1) print a[2]; else print $0}' || \
    echo "$1"
}

fix_attr()
{
   mode=`echo $@  |cut -d: -f1 |awk '{print $1}'`
   user=`echo $@  |cut -d: -f2 |awk '{print $1}'`
   group=`echo $@ |cut -d: -f3 |awk '{print $1}'`
   file="`echo $@  |cut -d: -f4 |awk '{print $1}'`"
   file=`strip_altroot "$file"`
   parms=`echo $@ |cut -d: -f5 |awk '{print $1}'`
   file1="`run ls -1d \"$file\" 2>/dev/null`"

   if [ "$file" = "" ] || [ "$file1" = "" ]; then
      logmsg "File $file does not exist. Cannot change attributes."
      return 1
   fi
   [ "$user" != "" ] && run chown -h $parms $user "$file" >>$LOGFILE 2>&1
   [ "$group" != "" ] && run chgrp -h $parms $group "$file" >>$LOGFILE 2>&1
   [ "$mode" != "" ] && run chmod $parms $mode "$file" >>$LOGFILE 2>&1

   unset mode user group file parms lfile
}

# ------------------------------------------------------
#  fixowner() Function
# ------------------------------------------------------  
fixowner()
{
   # Common
   fix_attr 755:root::$BASEDIR
   fix_attr 750:root:sisips:$SIS_DIR
   fix_attr 750:root:sisips:$SIS_DIR/lib:-R
   fix_attr 640:sisips:sisips:$SIS_LOGDIR:-R
   fix_attr 7750:sisips:sisips:$SIS_LOGDIR
   fix_attr 7750:sisips:sisips:$SIS_LOGDIR/upload
   fix_attr 7750:sisips:sisips:$SIS_LOGDIR/archive
   fix_attr g+s:sisips:sisips:$SIS_LOGDIR
   
   # IDS
   fix_attr g+rsx:root:sisips:$IDS_DIR
   fix_attr g+r,g-w:root:sisips:$IDS_DIR:-R
   fix_attr g+rsx:::$IDS_DIR/*
   fix_attr ug+x:::$IDS_DIR/bin:-R
   fix_attr g+w:::$IDS_DIR/log:-R
   fix_attr ug+rw:::$IDS_DIR/system:-R
   fix_attr ug-x:::$IDS_DIR/system/*.ini
   # IPS owned
   fix_attr g-wx:sisips:sisips:$IPS_DIR:-R
   fix_attr 740:sisips:sisips:$IPS_DIR/*.sh
   fix_attr u+w:::$IPS_DIR/bin/shortcuts.txt
   fix_attr ug+x:::$IPS_DIR/*.sh
    if [ -d $IPS_DIR/bin/adr ]; then
     fix_attr 7750:sisips:sisips:$SIS_LOGDIR/adr
     # Set SUID for dicovery engine 
     fix_attr 4750:root:sisips:$IPS_DIR/bin/adr/discdrvr
    fi
   if [ "$PLAT" != "HP-UX" ]; then
      fix_attr 4750:root:sisips:$IPS_DIR/bin/translate
   fi
   if [ -d $IPC_DIR ]; then
     fix_attr 770:sisips:sisips:$IPC_DIR
     fix_attr 660:sisips:sisips:$IPC_DIR/*
   fi

   # System files
   fix_attr 700:root::$RC_IDS
   fix_attr 700:root::$RC_IPS
   
   fix_attr 751:sisips:sisips:$SIS_ETC_DIR
   fix_attr u+rw,g+r:sisips:sisips:$SIS_ETC_DIR/*
   fix_attr 600:sisips:sisips:$SIS_ETC_DIR.conf
   [ -f $SIS_ETC_DIR/delete_core.sh ] && fix_attr 750:root::$SIS_ETC_DIR/delete_core.sh
   [ -f $SIS_ETC_DIR/stop_containers.sh ] && fix_attr 750:root::$SIS_ETC_DIR/stop_containers.sh

   if [ "${PLAT_OS}" = "ubuntu" ] && [ $INIT_SUBSYSTEM = upstart ] && [ -d $ROOT_DIR/etc/init ]; then
      fix_attr 644:root:root:$ROOT_DIR/etc/init/sisipsdaemon.conf
      fix_attr 644:root:root:$ROOT_DIR/etc/init/sisidsdaemon.conf
      fix_attr 644:root:root:$ROOT_DIR/etc/init/sisipsutildaemon.conf
      fix_attr 644:root:root:$ROOT_DIR/etc/init/sisamddaemon.conf
   fi

   if [ $INIT_SUBSYSTEM = systemd ] && [ -d $ROOT_DIR/$SYSTEMD_SCRIPT_DIR ]; then
      fix_attr 644:root:root:$SYSTEMD_SCRIPT_DIR/sisipsdaemon.service
      fix_attr 644:root:root:$SYSTEMD_SCRIPT_DIR/sisidsdaemon.service
      fix_attr 644:root:root:$SYSTEMD_SCRIPT_DIR/sisipsutildaemon.service
      fix_attr 644:root:root:$SYSTEMD_SCRIPT_DIR/sisamddaemon.service
   fi

   if ipsSupported; then
      fix_attr 750:sisips:sisips:$SIS_ETC_DIR/override_controls
      fix_attr 755:sisips:sisips:$SIS_ETC_DIR/override_options_available
      fix_attr 644:sisips:sisips:$SIS_ETC_DIR/override_options_available/*
      fix_attr 444:sisips:sisips:$SIS_ETC_DIR/override_options_available/global_override_feature
      fix_attr 444:sisips:sisips:$SIS_ETC_DIR/override_options_available/self_protection_override_feature
      # Global read-access for Override
      fix_attr 751:::$SIS_DIR
      fix_attr 751:::$IPS_DIR
      fix_attr 751:::$IPS_DIR/bin
      fix_attr 755:::$IPS_DIR/bin/libstdc++.so.6.0.21
      fix_attr 700:root::$RC_UTIL
      fix_attr 751:::$IPS_DIR/bin/sisipsoverride
      fix_attr 755:::$IPS_DIR/sisipsoverride.sh
      fix_attr 4751:root:sisips:$IPS_DIR/bin/sischeckpwd
      fix_attr 644:::$SIS_ETC_DIR/install.reg
      fix_attr 644:::$SIS_ETC_DIR/util.ini
      fix_attr 755:::$IPS_DIR/bin/libsisipsutils*

      case $PLAT_OS in
         suse|redhat|ubuntu|debian|amazon*)
            fix_attr 755:::/etc/init.d/sis*.init
            fix_attr 755:::/etc/init.d/sis*.nfsd
            fix_attr 444:::$SIS_ETC_DIR/testforprevention
            fix_attr 640:::$IDS_DIR/bin/esxi_fim/conf/esxi_fim*
            if [ "${PLAT_OS}" = "ubuntu" -o "${PLAT_OS}" = "debian" ]; then
              fix_attr 750:sisips:sisips:$SIS_ETC_DIR/adr
              fix_attr 750:sisips:sisips:$SIS_ETC_DIR/adr/policy
            fi
            ;;
         solaris)
            fix_attr 444:::$SIS_ETC_DIR/testforprevention
            fix_attr 640::sys:$ROOT_DIR/kernel/drv/sisips.conf
            fix_attr 750::sys:$ROOT_DIR/kernel/drv/sisips
            fix_attr 750::sys:$ROOT_DIR/kernel/drv/$DRV_ARCH/sisips
            fix_attr 750::sys:$ROOT_DIR/kernel/strmod/sisipsne
            fix_attr 750::sys:$ROOT_DIR/kernel/strmod/$DRV_ARCH/sisipsne
            [ -c $ROOT_DIR/devices/pseudo/sisips@0:sisipscontrol ] && \
               fix_attr 660:root:sisips:$ROOT_DIR/devices/pseudo/sisips*
            # For override 
            fix_attr 755:::$IPS_DIR/bin/libstdc++.so.?.*
            fix_attr 755:::$IPS_DIR/bin/libgcc_s.so.?
            ;;
         aix)
            fix_attr 444:::$SIS_ETC_DIR/testforprevention
            fix_attr 660:root:sisips:$ROOT_DIR/dev/sisips*
            # For override 
            fix_attr 755:::$IPS_DIR/bin/libz.a
            fix_attr 755:::$IPS_DIR/bin/libstdc++.a
            fix_attr 755:::$IPS_DIR/bin/libgcc_s.a
            ;;
      esac
   fi
 
   if amdSupported; then
      fix_attr 750::sisips:$AMD_DIR
      fix_attr 770::sisips:$AMD_DIR/system
      fix_attr 660::sisips:$AMD_DIR/system/AntiMalware.ini
      fix_attr 400:::$AMD_DIR/system/amdkey
      fix_attr 700:root::$RC_AMD
   fi
}

md5_list()
{
  input="$*"
  if [ "$input" ] || [ "`ls -1d $input 2>/dev/null`" ]; then
    if [ -d $input ]; then
      for f in `find $input -type f`; do
        ( [ -x $f ] || [ -L $f ] ) && flist="$f $flist"
      done
    else flist=`ls -1d $input`;
    fi

    for f in $flist; do $MD5CMD $f 2>>$LOGFILE; done
  fi
  unset input flist f
}

buildMD5Manifest()
{
  [ "$MD5CMD" = "" ] && logmsg "buildMD5Manifest: MD5CMD not set." && return 0
  md5_list $IPS_DIR
  md5_list $IPS_DIR/.profile
  md5_list $IDS_DIR
  md5_list $BASEDIR/$INSTPOSTDIR/docs/license.txt
  md5_list $SIS_DIR/lib/instfunlib
  md5_list $SIS_ETC_DIR/install.reg
  md5_list $SIS_ETC_DIR/sisips.conf
  md5_list $SIS_ETC_DIR/sis-version.properties
  md5_list ${ROOT_DIR}/etc/rc?.d/*sisi?s*
  md5_list ${ROOT_DIR}${SIS_ETC_DIR}.conf
  md5_list $RC_IPS
  md5_list $RC_IDS
  if ipsSupported; then
    md5_list $RC_UTIL
    md5_list $SIS_ETC_DIR/sisips.sbp.zip
    md5_list $SIS_ETC_DIR/builtin.zip
    md5_list $SIS_ETC_DIR/sisipspush-32
    md5_list $SIS_ETC_DIR/sisipspush-64
    case $PLAT_OS in
      solaris)
        md5_list $ROOT_DIR/kernel/drv/sisips*
        md5_list $ROOT_DIR/kernel/drv/$DRV_ARCH/sisips
        md5_list $ROOT_DIR/kernel/strmod/sisipsne
        md5_list $ROOT_DIR/kernel/strmod/$DRV_ARCH/sisipsne ;;
    esac
  fi
}

md5Sums()
{
   MD5SUMS_FILE=$1
   logmsg "md5Sums: Generating Post-Install MD5SUMS list: $MD5SUMS_FILE"
   [ -f $MD5SUMS_FILE ] && mv $MD5SUMS_FILE $MD5SUMS.prev
   buildMD5Manifest > $MD5SUMS_FILE
   chmod 0400 $MD5SUMS_FILE
}

#------------------------------------------------------
#  defaultAgentDotResponseSettings() Function
#  Parameters: None
#  Purpose: Provides default settings for installer
#           vars that are normally read  from 
#           sdcss-agent.response file.
#   
#------------------------------------------------------
defaultAgentDotResponseSettings()
{
    [ "$AGENT_TYPE" = "" ] && AGENT_TYPE=1
    [ "$PKG_NAME" = "" ] && PKG_NAME=sdcss
    #[ "$BASEDIR" = "" ] && BASEDIR=/usr/lib/symantec
    [ "$INSTPOSTDIR" = "" ] && INSTPOSTDIR=sdcssagent
    [ "$SIS_CERT_FILE" = "" ] && SIS_CERT_FILE=$BASEDIR/$INSTPOSTDIR/lib/dummy-cert.ssl
    [ "$SIS_TMPDIR" = "" ] && SIS_TMPDIR=/var/tmp
    [ "$SIS_LOGDIR" = "" ] && SIS_LOGDIR=/var/log/sdcsslog
    [ "$SIS_AGENT_NAME" = "" ] && SIS_AGENT_NAME=`hostname`
    [ "$SIS_AGENT_PORT" = "" ] && SIS_AGENT_PORT=443
    [ "$SIS_POLL_INTERVAL" = "" ] && SIS_POLL_INTERVAL=300
    [ "$SIS_NOTIFY_PORT" = "" ] && SIS_NOTIFY_PORT=2222
    [ "$SIS_NOTIFICATIONS"  = "" ] && SIS_NOTIFICATIONS=1
    [ "$SIS_AGENT_PROTOCOL" = "" ] && SIS_AGENT_PROTOCOL=https
    [ "$SIS_SERVICE_PORT"  = "" ] && SIS_SERVICE_PORT=2323
    [ "$SIS_MGMT_ADDR" = "" ] && SIS_MGMT_ADDR=127.0.0.1
    [ "$SIS_SERVER_LIST" = "" ] && SIS_SERVER_LIST=127.0.0.1
    [ "$SIS_LOCALE" = "" ] && SIS_LOCALE=POSIX
    [ "$SIS_SEC_GROUP"  = "" ] && SIS_SEC_GROUP=""
    [ "$ACCEPTS_LICENSE" = "" ] && ACCEPTS_LICENSE="YES"
    if [ "$OS_FEATURES" = "" ]; then
        OS_FEATURES=DPA
        if testForBwrap; then
           # RH Atomic 
           OS_FEATURES=DP
        fi
    fi
    [ "$IPS_ENABLE"  = "" ] && IPS_ENABLE=1
    [ "$FIM_ENABLE"  = "" ] && FIM_ENABLE=1
    [ "$AP_ENABLE" = "" ] && AP_ENABLE=1

}

#------------------------------------------------------
#  getInstSettings() Function
#  Parameters: None
#  Purpose: Read and check the Installation Settings
#------------------------------------------------------
getInstSettings()
{
   # Default the response file settings if the agent.response 
   # file is not found. ie. for kmod package installed prior to agent on clean install
   # and not run through request script
   if [ ! -f $RESPONSE_FILE ]; then
      defaultAgentDotResponseSettings
      defaultResponse=true
   else . $RESPONSE_FILE || error 1 "Reading response file"
      defaultResponse=false
   fi
   
   if [ "$BASEDIR" = "" ] || [ "$SIS_LOGDIR" = "" ] || [ "$INSTPOSTDIR" = "" ] || \
      [ "$IPS_ENABLE" = "" ] || [ "$OS_FEATURES" = "" ]; then
      error 1 "Invalid settings in response file \"$RESPONSE_FILE\""
   elif [ "$SIS_VERSION" = "" ]; then
     #this may be unset on a clean install for native pkg installs
     SIS_VERSION=`grep "^SisVersionInfo=" $SIS_CONF 2>/dev/null |cut -d= -f2`
     sed "s/^SIS_VERSION=.*/SIS_VERSION=$SIS_VERSION/" $RESPONSE_FILE >$RESPONSE_FILE.1
     mv $RESPONSE_FILE.1 $RESPONSE_FILE
   fi

   SIS_LOGDIR_NR=$SIS_LOGDIR
   SIS_LOGDIR=${ROOT_DIR}${SIS_LOGDIR}
   SIS_DIR=${ROOT_DIR}${BASEDIR}/${INSTPOSTDIR};  SIS_DIR_NR=$BASEDIR/${INSTPOSTDIR};
   IDS_DIR=$SIS_DIR/IDS;                          IDS_DIR_NR=$SIS_DIR_NR/IDS
   IPS_DIR=$SIS_DIR/IPS;                          IPS_DIR_NR=$SIS_DIR_NR/IPS;
   AMD_DIR=$SIS_DIR/AMD
   LIB_DIR=$SIS_DIR/lib
   IPC_DIR=$IPS_DIR/rpc
   WORKING_DIR=$SIS_DIR
   if testForBwrap; then
        WORKING_DIR=/opt/Symantec/sdcssagent
   fi

   if [ "$LOGFILE" = "" ]; then
      LOGFILE=${SIS_LOGDIR}/agent_install.log
      if testForBwrap; then 
         LOGFILE=$SIS_DIR/agent_install.log
      fi
   fi
   [ ! -f $LOGFILE ] && mkdir -p $SIS_LOGDIR && touch $LOGFILE && chmod 600 $LOGFILE
   logmsg "Using response file $RESPONSE_FILE"
   INSTALL_VARIANT=$PLAT_VARIANT
}

#------------------------------------------------------
#  getPlatformInfo() Function
#  Parameters: None
#  Purpose: set the following globals:
#   PATH (if necessary), RCDIR, RC_I[DP]S
#------------------------------------------------------
getPlatformInfo()
{
   case $PLAT in
      SunOS)
         [ "$PLAT_ARCH" = "x86" ] && DRV_ARCH=amd64 || DRV_ARCH=sparcv9;
         PATH=/usr/xpg4/bin:$PATH
         [ "$ROOT_DIR" ] && PATH=$ROOT_DIR/usr/xpg4/bin:$PATH
         export PATH
        
        # Addl params to pass to installf & removef
        [ "$ROOT_DIR" ] && INSTF_PARMS="-R $ROOT_DIR"
        
         RCDIR_NR=/etc/init.d
         RCDIR=${ROOT_DIR}${RCDIR_NR}
         RCBASE=$ROOT_DIR/etc
         RC_IPS=$RCDIR/sisipsagent
         RC_IDS=$RCDIR/sisidsagent
         RC_UTIL=$RCDIR/sisipsutil
         ;;
      Linux)
         RCDIR_NR=/etc/init.d
         RCDIR=${ROOT_DIR}${RCDIR_NR}
         RCBASE=$ROOT_DIR/etc
         RC_IPS=$RCDIR/sisipsagent
         RC_IDS=$RCDIR/sisidsagent
         RC_UTIL=$RCDIR/sisipsutil
         RC_CAF=$RCDIR/cafagent
         RC_AMD=$RCDIR/sisamdagent
         ;;
      AIX)
         RCDIR_NR=/etc
         RCDIR=${ROOT_DIR}${RCDIR_NR}
         RCBASE=$ROOT_DIR/etc
         RC_IDS=$RCDIR/rc.sisidsagent
         RC_IPS=$RCDIR/rc.sisipsagent
         RC_UTIL=$RCDIR/rc.sisipsutil
         LOCK_DIR=/etc
         if [ "$ODMDIR" = "" ]; then
           ODMDIR=/etc/objrepos
           export ODMDIR
         fi
         ;;
   esac
   
   case $PLAT_VARIANT in
      rhel6)
         INIT_SUBSYSTEM=sysinit
         ETC_INIT=/etc/init
         ;;
      ubuntu12|ubuntu14)
         INIT_SUBSYSTEM=upstart
         UPSTART_SCRIPT_DIR=/etc/init
         ;;
      rhel*|sles12|sles15|amzn2*|ubuntu*|debian*)
         INIT_SUBSYSTEM=systemd
         SYSTEMD_SCRIPT_DIR=/etc/systemd/system
         ;;      
	  *)
         INIT_SUBSYSTEM=sysinit
         ;;
   esac
}

#------------------------------------------------------
#  checkPasswordAging() Function
#  Parameters: None
#  Purpose: Check if password aging is configured for user 'sisips',
#           disable it upon the checking result. 
#------------------------------------------------------ 
checkPasswordAging()
{
   logmsg "checkPasswordAging: user 'sisips'..."
   logmsg "checkPasswordAging: Running $IPS_DIR/sisipspasswdage.sh"
   run $IPS_DIR/sisipspasswdage.sh >>$LOGFILE 2>&1
}

#------------------------------------------------------
#  unregisterCAF() Function
#  Parameters: None
#  Purpose: On CSp agent uninstall unregister caf with server
#
#------------------------------------------------------
unregisterCAF ()
{
   CAF_INSTPOSTDIR=cafagent
   CAF_DIR=${ROOT_DIR}${BASEDIR}/${CAF_INSTPOSTDIR}

   if [ -d $CAF_DIR ] && [ -x $CAF_DIR/bin/cafunregister ]; then
      logmsg "CAF Agent unregistered with the cloud server."
      $CAF_DIR/bin/cafunregister.sh >>$LOGFILE 2>&1

      $RC_CAF stop >>$LOGFILE 2>&1; rc=$?
      if [ $rc -eq 0 ]; then
         logmsg "CAF Agent stopped successfully."
         rm -rf $CAF_DIR/bin/CAFStorage.ini
      else stderr "$RC_CAF - Error $rc Stopping CAF Agent"
         logmsg "$RC_CAF - Error $rc Stopping CAF Agent."
      fi
   fi


}

#-------------------------------------------------------
#  INSTFUNLIB GLOBAL SETTINGS
#-------------------------------------------------------
ROOT_DIR=$PKG_INSTALL_ROOT
PATH=/usr/sbin:/sbin:/usr/bin:/bin:$PATH
[ "$ROOT_DIR" ] && PATH=$ROOT_DIR/usr/sbin:$ROOT_DIR/sbin:$ROOT_DIR/usr/bin:$ROOT_DIR/bin:$PATH
export PATH
PLAT=`uname`
LOGDIR_POSTFIX=sdcsslog
INSTDIR_POSTFIX=sdcssagent
DFLT_BASEDIR=${ROOT_DIR}/opt/Symantec
DFLT_SIS_DIR=${DFLT_BASEDIR}/${INSTDIR_POSTFIX}
SIS_ETC_DIR=$ROOT_DIR/etc/sisips                # also defined in request
SIS_ETC_DIR_NR=/etc/sisips
# Default the response file to tmp location for kmod install to find it.
# The agent installer package will move it to /etc/sisips in its preinstall
# script
RESPONSE_FILE=${RESPONSE_FILE:-/var/tmp/sdcss-agent.response}
if [ ! -f $RESPONSE_FILE ]; then
   RESPONSE_FILE=$SIS_ETC_DIR/sdcss-agent.response
fi
SIS_CONF=/etc/symantec/sis/sis.conf
LOCK_DIR=/var/run

getInstSettings
getPlatformInfo

if [ "$0" = "$BASH_SOURCE" ] && [ "$1" != "" ]; then
   case "$1" in
      enable) enableSystemStart;;
      disable) disableSystemStart;;
	  *)
        stderr "invalid argument: $@\n"
        stderr "Usage: $0 {enable|disable}\n"
        exit 1
        ;;		
    esac
fi
