source: branches/samhain_3_1/Install.sh@ 583

Last change on this file since 583 was 112, checked in by rainer, 17 years ago

Fix for ticket #72 (--separate-output with non-checklist widgets in Install.sh).

File size: 17.5 KB
Line 
1#! /bin/sh
2# Please have a TMP or TMPDIR environment variable if you don't trust /tmp,
3# or don't run this as root.
4#
5# -- partly taken from PureFTPd
6#
7
8VERSION=1.6.4
9
10
11# exits with a custom error message
12bail_error () {
13 echo
14 echo $1
15 echo
16 exit 1
17}
18
19get_config() {
20 mfile=`cat $tmp`
21 for z in $mfile ; do
22 cfgline="$cfgline --$z"
23 done
24}
25
26get_error() {
27 ge_rval=0
28 if cat $tmp 2>&1 | grep Error > /dev/null ; then
29 ge_rval=1
30 fi
31 return ${ge_rval}
32}
33
34
35
36#------------------------------------------------------------
37#
38# Find a 'dialog' program
39#
40#------------------------------------------------------------
41PATH=/usr/local/bin:/usr/local/sbin:$PATH; export PATH
42
43WELCOME=`cat <<EOF
44Welcome to the SAMHAIN configuration tool
45
46This script is meant to make installing SAMHAIN as easy as
47possible. Just read the text below, hit ENTER, and you are
48on your way.
49
50SAMHAIN ships with NO WARRANTY whatsoever, without
51even the implied warranty of merchantability or fitness
52for a particular purpose. The author takes no responsibility
53for the consequences of running this script.
54
55Please send any questions to support@la-samhna.com.
56EOF`
57
58if [ -z "$dialog" ] ; then
59 if [ -n "$DISPLAY" ] ; then
60 Xdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='Xdialog'
61 gauge='--gauge'
62 fi
63fi
64if [ -z "$dialog" ] ; then
65 dialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='dialog'
66
67# Workaround for old versions of 'dialog' (Slackware)
68
69 if "$dialog" 2>&1 | grep gauge > /dev/null ; then
70 gauge='--gauge'
71 elif "$dialog" 2>&1 | grep guage > /dev/null ; then
72 gauge='--guage'
73 else
74 gauge=''
75 fi
76fi
77if [ -z "$dialog" ] ; then
78 lxdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='lxdialog'
79fi
80if [ -z "$dialog" ] ; then
81 /usr/src/linux/scripts/lxdialog/lxdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='/usr/src/linux/scripts/lxdialog/lxdialog'
82fi
83
84if [ -z "$dialog" ] ; then
85 bail_error "No \"dialog\" found, GUI installation impossible"
86fi
87
88#------------------------------------------------------------
89#
90# Find a writable temporary directory
91#
92#------------------------------------------------------------
93tempdir=''
94for tmpdir in "$TMP" "$TMPDIR" /tmp /var/tmp; do
95 if [ -z "$tempdir" ] && [ -d "$tmpdir" ] && [ -w "$tmpdir" ]; then
96 tempdir="$tmpdir"
97 fi
98done
99if [ -z "$tempdir" ]; then
100 bail_error "Unable to find a suitable temporary directory"
101fi
102
103# Create a temporary file
104tmp=`mktemp $tempdir/build.gui.XXXXXX`
105if [ $? -ne 0 ]; then
106 bail_error "Cannot create temp file, exiting..."
107fi
108
109trap "rm -f $tmp; exit 1" EXIT SIGHUP SIGINT SIGQUIT SIGSEGV SIGTERM
110
111#------------------------------------------------------------
112#
113# Build config line
114#
115#------------------------------------------------------------
116cfgline='';
117
118$dialog \
119--title "Compile-time options" \
120--backtitle "Samhain $VERSION" \
121--radiolist "Samhain can run as standalone application on a single dektop machine, or as a client/server application for centralized monitoring of many hosts" \
12210 75 3 \
123"disable-network" "Single desktop machine" on \
124"enable-network=client" "Network (client)" off \
125"enable-network=server" "Network (server)" off \
1262> $tmp
127
128mtest=$?
129if [ $mtest = -1 ]; then
130 exit 1
131fi
132if [ $mtest = 0 ]; then
133 get_config
134else
135 get_error || bail_error "Your \"dialog\" does not support --radiolist, GUI installation impossible"
136 cfgline="--disable-network"
137fi
138
139cfgtest=`echo $cfgline | grep disable`
140
141
142#------------------------------------------------------------
143#
144# Server options
145#
146#------------------------------------------------------------
147if [ -z $cfgtest ]; then
148
149INET=yes
150HTML="\n /usr/local/var/samhain/samhain.html"
151
152$dialog \
153--backtitle "Samhain $VERSION" \
154--msgbox "You have chosen to build SAMHAIN as a client/server application.\n\nThis requires some additional configuration.\nPlease read the manual if you are not sure\nwhich options are useful or neccessary for you." 10 75
155
156if [ $? = -1 ]; then
157 exit 1
158fi
159
160
161$dialog \
162--title 'Network options' \
163--separate-output \
164--backtitle "Samhain $VERSION" \
165--checklist 'Use SPACE to set/unset. If in doubt, read the manual.' \
16620 75 10 \
167'enable-udp' "Server listens also on 514/udp" off \
168'disable-encrypt' "Disable client/server encryption" off \
169'disable-srp' "Disable SRP client/server authentication" off \
1702> $tmp
171
172mtest=$?
173if [ $mtest = -1 ]; then
174 exit 1
175fi
176if [ $mtest = 0 ]; then
177 get_config
178fi
179
180$dialog \
181--title 'Network options' \
182--backtitle "Samhain $VERSION" \
183--inputbox "Server port" 10 75 "49777" \
1842> $tmp
185
186mtest=$?
187if [ $mtest = -1 ]; then
188 exit 1
189fi
190
191if [ $mtest = 0 ]; then
192 mfile=`cat $tmp`
193 for z in $mfile ; do
194 cfgline="$cfgline --with-port=$z"
195 done
196fi
197
198
199$dialog \
200--title 'Network options' \
201--backtitle "Samhain $VERSION" \
202--inputbox "Server address" 10 75 "127.0.0.1" \
2032> $tmp
204
205mtest=$?
206if [ $mtest = -1 ]; then
207 exit 1
208fi
209if [ $mtest = 0 ]; then
210 mfile=`cat $tmp`
211 for z in $mfile ; do
212 cfgline="$cfgline --with-logserver=$z"
213 done
214fi
215
216$dialog \
217--title "Network options" \
218--backtitle 'Samhain $VERSION' \
219--inputbox "Backup server address" 10 75 "none" \
2202> $tmp
221
222mtest=$?
223if [ $mtest = -1 ]; then
224 exit 1
225fi
226if [ $mtest = 0 ]; then
227 mfile=`cat $tmp`
228 for z in $mfile ; do
229 if [ "x$z" != "xnone" ]; then
230 cfgline="$cfgline --with-altlogserver=$z"
231 fi
232 done
233fi
234
235# if [ -z $cfgtest ]; then
236fi
237
238os=`uname -s`
239if [ x"$os" = xLinux ]
240then
241 PROC=`uname -m`
242 if [ x"$PROC" = xi686 ] ; then
243 I386_LINUX=yes
244 fi
245 if [ x"$PROC" = xi586 ] ; then
246 I386_LINUX=yes
247 fi
248 if [ x"$PROC" = xi486 ] ; then
249 I386_LINUX=yes
250 fi
251 if [ x"$PROC" = xi386 ] ; then
252 I386_LINUX=yes
253 fi
254fi
255
256$dialog \
257--title 'General options' \
258--separate-output \
259--backtitle "Samhain $VERSION" \
260--checklist 'Use SPACE to set/unset. If in doubt, read the MANUAL.' \
26120 75 10 \
262'enable-static' "Don't link with shared libraries" on \
263'enable-suidcheck' "Check for suid/sgid files" on \
264'enable-login-watch' "Watch for login/logout events" off \
265'enable-ptrace' "Enable anti-debugger code" off \
266'enable-db-reload' "Reload database on SIGHUP" off \
267'enable-xml-log' "Write log in XML format" off \
268'disable-mail' "Compile without built-in mailer" off \
269'disable-external-scripts' "Disable use of external scripts" off \
270'enable-debug' "Compile in debugging code" off \
2712> $tmp
272
273mtest=$?
274if [ $mtest = -1 ]; then
275 exit 1
276fi
277if [ $mtest = 0 ]; then
278 get_config
279fi
280
281#------------------------------------------------------------
282#
283# Kernel module
284#
285#------------------------------------------------------------
286
287KCHECK="no"
288
289if [ "x$I386_LINUX" = "xyes" ]; then
290
291$dialog \
292--title "Kernel module rootkit detection" \
293--backtitle "Samhain $VERSION" \
294--inputbox "SAMHAIN can detect kernel module rootkits if compiled with support\nfor this. If you want to enable this option, please give the path\nto your System.map file, else choose CANCEL.\n\nNOTE: this option will require root privileges for at least one\ncommand during compilation (to read from /dev/kmem)." \
29516 75 "/boot/System.map" \
2962> $tmp
297
298
299mtest=$?
300
301if [ $mtest = -1 ]; then
302 exit 1
303fi
304if [ $mtest = 0 ]; then
305 mfile=`cat $tmp`
306 for z in $mfile ; do
307 cfgline="$cfgline --with-kcheck=$z"
308 done
309 KCHECK="yes"
310fi
311
312fi
313
314#------------------------------------------------------------
315#
316# Signature options
317#
318#------------------------------------------------------------
319$dialog \
320--title "Signed database and configuration" \
321--backtitle "Samhain $VERSION" \
322--yesno "Samhain can be configured to support PGP signed database\nand configuration files. This requires a working installation\nof GnuPG.\n\nDo you want to use this option ?" \
32310 75 \
3242> $tmp
325
326mtest=$?
327
328if [ $mtest = -1 ]; then
329 exit 1
330fi
331if [ $mtest = 0 ]; then
332
333
334$dialog \
335--title "Signed database and configuration" \
336--backtitle "Samhain $VERSION" \
337--inputbox "Please enter the full path to gpg (i.e. the GnuPG binary)" \
33810 75 "/usr/bin/gpg" \
3392> $tmp
340
341mtest=$?
342
343if [ $mtest = -1 ]
344then
345 exit 1
346fi
347if [ $mtest = 0 ]
348then
349
350mfile=`cat $tmp`
351for z in $mfile ; do
352 cfgline="$cfgline --with-gpg=$z"
353done
354
355$dialog \
356--title "Signed database and configuration" \
357--backtitle "Samhain $VERSION" \
358--inputbox "Please enter the fingerprint of the key to use (one string, no spaces)" \
35910 75 "6BD9050FD8FC941B43412DCC68B7AB8957548DCD" \
3602> $tmp
361
362mtest=$?
363
364if [ $mtest = -1 ]; then
365 exit 1
366fi
367if [ $mtest = 0 ]; then
368 z=`cat $tmp`
369 cfgline="$cfgline --with-fp=$z"
370fi
371
372
373fi
374# want signed
375fi
376
377#------------------------------------------------------------
378#
379# Stealth options
380#
381#------------------------------------------------------------
382$dialog \
383--title "Stealth options" \
384--backtitle "Samhain $VERSION" \
385--yesno "Samhain has some stealth options to hide its presence.\nDo you want to take advantage of these ?" \
38610 75 \
3872> $tmp
388
389mtest=$?
390if [ $mtest = -1 ]; then
391 exit 1
392fi
393if [ $mtest = 0 ]; then
394
395$dialog \
396--title "Stealth options" \
397--backtitle "Samhain $VERSION" \
398--radiolist "Full stealth mode will hide ascii strings within the binary, and use a config file that is hidden by steganography within an image file. Micro stealth is just strings hiding, without the stego config file." \
39920 75 4 \
400'full' "Enable full stealth mode" off \
401'micro' "Enable micro stealth mode" on \
402'none' "None of both" off \
4032> $tmp
404
405mtest=$?
406if [ $mtest = -1 ]; then
407 exit 1
408fi
409if [ $mtest = 0 ]; then
410 mfile=`cat $tmp`
411 for z in $mfile ; do
412 mtest=$z
413 done
414else
415 mtest="none"
416fi
417
418if [ "x$mtest" != "xnone" ]; then
419
420if [ "x$mtest" = "xfull" ]; then
421 FULL_STEALTH="yes"
422fi
423
424$dialog \
425--title 'Stealth options' \
426--backtitle "Samhain $VERSION" \
427--inputbox "Please select a number between 128 and 255. This number will be used to obfuscate strings within the binary by xoring them." 10 75 "137" \
4282> $tmp
429
430mtest=$?
431if [ $mtest = -1 ]; then
432 exit 1
433fi
434if [ $mtest = 0 ]; then
435 mfile=`cat $tmp`
436 for z in $mfile ; do
437 mnum=$z
438 done
439else
440 mnum="137"
441fi
442
443if [ "x$FULL_STEALTH" = "xyes" ]; then
444 cfgline="$cfgline --enable-stealth=$mnum"
445else
446 cfgline="$cfgline --enable-micro-stealth=$mnum"
447fi
448
449# if [ "x$mtest" != "xnone" ]; then
450fi
451
452
453$dialog \
454--title 'Stealth options' \
455--backtitle "Samhain $VERSION" \
456--inputbox "Please choose a new name to replace \"samhain\" upon installation" \
45710 75 "samhain" \
4582> $tmp
459
460mtest=$?
461if [ $mtest = -1 ]; then
462 exit 1
463fi
464if [ $mtest = 0 ]; then
465 mfile=`cat $tmp`
466 for z in $mfile ; do
467 cfgline="$cfgline --enable-install-name=$z"
468 done
469fi
470
471$dialog \
472--title "Stealth options" \
473--backtitle "Samhain $VERSION" \
474--inputbox "You can set a magic string such that command line arguments will be ignored unless the first argument is this magic string, and read from stdin otherwise. If you do not want this, select CANCEL, otherwise choose a string and select OK." \
47510 75 "foo" \
4762> $tmp
477
478mtest=$?
479if [ $mtest = -1 ]; then
480 exit 1
481fi
482if [ $mtest = 0 ]; then
483 mfile=`cat $tmp`
484 for z in $mfile ; do
485 cfgline="$cfgline --enable-nocl=$z"
486 done
487fi
488
489if [ "x$I386_LINUX" = "xyes" ]; then
490$dialog \
491--title "Stealth options" \
492--backtitle "Samhain $VERSION" \
493--yesno "SAMHAIN can compile and install a kernel module to hide the SAMHAIN daemon process. Do you want that ?"\
4942> $tmp
495
496mtest=$?
497
498if [ $mtest = -1 ]; then
499 exit 1
500fi
501if [ $mtest = 0 ]; then
502 cfgline="$cfgline --enable-khide"
503fi
504
505# f [ "x$I386_LINUX" = "xyes" ]; then
506fi
507
508# want stealth
509fi
510
511#------------------------------------------------------------
512#
513# Paths to configure
514#
515#------------------------------------------------------------
516$dialog \
517--title 'Paths' \
518--backtitle "Samhain $VERSION" \
519--radiolist "Do you wish to change the default paths ?\n\nThe default paths are:\n\n /usr/local/sbin all binaries\n /etc/samhainrc configuration file\n /var/lib/samhain/samhain_file data file\n /var/log/samhain_log log file\n /var/run/samhain.pid pid file $HTML" 20 76 5 \
520'usr' "Install binaries in /usr/sbin" off \
521'opt' "Use /opt/samhain, /etc/opt, /var/opt" off \
522'all' "Set paths individually" off \
523'cancel' "Don't change the paths" on \
5242> $tmp
525
526mtest=$?
527if [ $mtest = -1 ]; then
528 exit 1
529fi
530if [ $mtest = 0 ]; then
531#
532# edit paths
533#
534mfile=`cat $tmp`
535for z in $mfile ; do
536 if [ "x$z" = "xopt" ]; then
537 cfgline="$cfgline --prefix=OPT"
538 fi
539 if [ "x$z" = "xusr" ]; then
540 cfgline="$cfgline --prefix=USR"
541 fi
542 if [ "x$z" = "xall" ]; then
543$dialog \
544--title 'Paths' \
545--backtitle "Samhain $VERSION" \
546--inputbox "Exec prefix" 10 75 "/usr/local" \
5472> $tmp
548
549mtest=$?
550if [ $mtest = -1 ]; then
551 exit 1
552fi
553if [ $mtest = 0 ]; then
554 mfile=`cat $tmp`
555 for z in $mfile ; do
556 cfgline="$cfgline --exec-prefix=$z"
557 done
558fi
559
560
561$dialog \
562--title 'Paths' \
563--backtitle "Samhain $VERSION" \
564--inputbox "Configuration" 10 75 "/etc/samhainrc" \
5652> $tmp
566
567mtest=$?
568if [ $mtest = -1 ]; then
569 exit 1
570fi
571if [ $mtest = 0 ]; then
572 mfile=`cat $tmp`
573 for z in $mfile ; do
574 cfgline="$cfgline --with-config-file=$z"
575 done
576fi
577
578$dialog \
579--title 'Paths' \
580--backtitle "Samhain $VERSION" \
581--inputbox "Man pages" 10 75 "/usr/local/share/man" \
5822> $tmp
583
584mtest=$?
585if [ $mtest = -1 ]; then
586 exit 1
587fi
588if [ $mtest = 0 ]; then
589 mfile=`cat $tmp`
590 for z in $mfile ; do
591 cfgline="$cfgline --with-mandir=$z"
592 done
593fi
594
595$dialog \
596--title 'Paths' \
597--backtitle "Samhain $VERSION" \
598--inputbox "Database" 10 75 "/var/lib/samhain/samhain_data" \
5992> $tmp
600
601mtest=$?
602if [ $mtest = -1 ]; then
603 exit 1
604fi
605if [ $mtest = 0 ]; then
606 mfile=`cat $tmp`
607 for z in $mfile ; do
608 cfgline="$cfgline --with-data-file=$z"
609 done
610fi
611
612$dialog \
613--title 'Paths' \
614--backtitle "Samhain $VERSION" \
615--inputbox "Log file" 10 75 "/var/log/samhain_log" \
6162> $tmp
617
618mtest=$?
619if [ $mtest = -1 ]; then
620 exit 1
621fi
622if [ $mtest = 0 ]; then
623 mfile=`cat $tmp`
624 for z in $mfile ; do
625 cfgline="$cfgline --with-log-file=$z"
626 done
627fi
628
629$dialog \
630--title 'Paths' \
631--backtitle "Samhain $VERSION" \
632--inputbox "Lock file" 10 75 "/var/run/samhain.pid" \
6332> $tmp
634
635mtest=$?
636if [ $mtest = -1 ]; then
637 exit 1
638fi
639if [ $mtest = 0 ]; then
640 mfile=`cat $tmp`
641 for z in $mfile ; do
642 cfgline="$cfgline --with-pid-file=$z"
643 done
644fi
645
646if [ "x$INET" = "xyes" ]; then
647$dialog \
648--title 'Paths' \
649--backtitle "Samhain $VERSION" \
650--inputbox "Server status" 10 75 "/var/lib/samhain/samhain.html" \
6512> $tmp
652
653mtest=$?
654if [ $mtest = -1 ]; then
655 exit 1
656fi
657if [ $mtest = 0 ]; then
658 mfile=`cat $tmp`
659 for z in $mfile ; do
660 cfgline="$cfgline --with-html-file=$z"
661 done
662fi
663# if [ "x$INET" = "xyes" ]; then
664fi
665
666 fi
667
668done
669# edit paths
670fi
671
672
673if [ ! -f "configure" ] ; then
674 bail_error "Setup problem... try to install manually"
675fi
676
677echo "./configure $cfgline" > Install.log 2>/dev/null
678
679if [ $? != 0 ]; then
680 $dialog --infobox "ERROR writing to \"Install.log\".\n\nAborting." 10 55
681 exit 1
682fi
683
684
685
686if [ "x$KCHECK" = "xyes" ]; then
687 if [ `id -u` != 0 ]; then
688$dialog --msgbox "Compiling with --with-kcheck option (kernel rootkit detection). This\nrequires root privileges for at least one command during compilation,\nbut you are not running this as root. Please expect compilation to fail.\n\nYou need to follow the instructions shown in the \nerror message after failure." 20 75
689 fi
690fi
691
692
693if [ -n "$gauge" ] ; then
694(
695 sfail=0
696 echo 20
697 rm -f config.cache 2> /dev/null
698 echo 30
699 if [ -z "$cfgline2" ]; then
700 ./configure $cfgline >> Install.log 2>&1
701 else
702 ./configure $cfgline --with-checksum="$cfgline2" >> Install.log 2>&1
703 fi
704 cfail=$?
705 echo 50
706 if [ $cfail = 0 ]; then
707 make clean >> Install.log 2>&1
708 cfail=$?
709 else
710 sfail=1
711 fi
712 echo 60
713 if [ $cfail = 0 ]; then
714 make >> Install.log 2>&1
715 cfail=$?
716 else
717 sfail=1
718 fi
719 echo 80
720 if [ $cfail = 0 ]; then
721 make install >> Install.log 2>&1
722 cfail=$?
723 else
724 sfail=1
725 fi
726 echo 100
727 echo cfail=$cfail > $tmp
728 echo sfail=$sfail >> $tmp
729) | $dialog \
730--title 'Compilation and installation' \
731--backtitle "Samhain $VERSION" \
732"$gauge" 'Please wait...' 10 75 10
733else
734 sfail=0
735 rm -f config.cache 2> /dev/null
736 $dialog --infobox "Running configure ..." 4 44
737 if [ -z "$cfgline2" ]; then
738 ./configure $cfgline >> Install.log 2>&1
739 else
740 ./configure $cfgline --with-checksum="$cfgline2" >> Install.log 2>&1
741 fi
742 cfail=$?
743 if [ $cfail = 0 ]; then
744 $dialog --infobox "Running make clean ..." 4 44
745 make clean >> Install.log 2>&1
746 cfail=$?
747 else
748 sfail=1
749 fi
750 if [ $cfail = 0 ]; then
751 $dialog --infobox "Running make ..." 4 44
752 make >> Install.log 2>&1
753 cfail=$?
754 else
755 sfail=1
756 fi
757 if [ $cfail = 0 ]; then
758 $dialog --infobox "Running make install ..." 4 44
759 make install >> Install.log 2>&1
760 cfail=$?
761 else
762 sfail=1
763 fi
764 echo cfail=$cfail > $tmp
765 echo sfail=$sfail >> $tmp
766fi
767
768. $tmp
769
770
771echo "SAMHAIN is now installed on your system." > $tmp
772echo "Please read the documentation to know how to run it." >> $tmp
773
774
775if [ "x$sfail" = "x0" ] ; then
776
777 if [ "x$cfail" = "x0" ] ; then
778 if [ "x${FULL_STEALTH}" = "xyes" ]; then
779 tail -21 Install.log >> $tmp
780 else
781 tail -11 Install.log >> $tmp
782 fi
783 $dialog --title "Build report (use arrow keys to scroll the text box)" \
784--backtitle "Samhain $VERSION installed. PLEASE READ THE MANUAL." \
785--textbox \
786$tmp \
78720 75
788 else
789 $dialog --title "Problem report" \
790--backtitle "Samhain $VERSION: Build failed (see Install.log):" \
791--msgbox \
792"Compilation was successful, but you need to be root in\norder to install the files to the selected prefix.\nPlease run 'make install' as root." \
79310 75
794 fi
795
796else
797
798 MSG=`tail -10 Install.log`
799 $dialog --title "Problem report" \
800--backtitle "Samhain $VERSION: Build failed (see Install.log):" \
801--msgbox "$MSG" 20 75
802
803fi
804
805rm -f $tmp
806
807exit 0
808
809
810
811
812
813
Note: See TracBrowser for help on using the repository browser.