source: tags/4.1.0/Install.sh

Last change on this file was 481, checked in by katerina, 5 years ago

Enhancements and fixes for tickets #374, #375, #376, #377, #378, and #379.

File size: 16.7 KB
Line 
1#! /bin/sh
2# Please have a TMP or TMPDIR environment variable if you don't trust /tmp,
3# or don't run this as root.
4#
5# -- partly taken from PureFTPd
6#
7
8VERSION=1.6.4
9
10
11# exits with a custom error message
12bail_error () {
13    echo
14    echo $1
15    echo
16    exit 1
17}
18
19get_config() {
20    mfile=`cat $tmp`
21    for z in $mfile ; do
22        cfgline="$cfgline --$z"
23    done
24}
25
26get_error() {
27    ge_rval=0
28    if  cat $tmp 2>&1 | grep Error > /dev/null ; then
29        ge_rval=1
30    fi
31    return ${ge_rval}
32}
33
34 
35
36#------------------------------------------------------------
37#
38#  Find a 'dialog' program
39#
40#------------------------------------------------------------
41PATH=/usr/local/bin:/usr/local/sbin:$PATH; export PATH
42
43WELCOME=`cat <<EOF
44Welcome to the SAMHAIN configuration tool
45
46This script is meant to make installing SAMHAIN as easy as
47possible.  Just read the text below, hit ENTER, and you are
48on your way.
49
50SAMHAIN ships with NO WARRANTY whatsoever, without
51even the implied warranty of merchantability or fitness
52for a particular purpose. The author takes no responsibility
53for the consequences of running this script.
54
55Please send any questions to support@la-samhna.com.
56EOF`
57
58if [ -z "$dialog" ] ; then
59  if [ -n "$DISPLAY" ] ; then
60    Xdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='Xdialog'
61        gauge='--gauge'
62  fi
63fi
64if [ -z "$dialog" ] ; then
65  dialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='dialog'
66
67# Workaround for old versions of 'dialog' (Slackware)
68
69  if "$dialog" 2>&1 | grep gauge > /dev/null ; then
70    gauge='--gauge'
71  elif "$dialog" 2>&1 | grep guage > /dev/null ; then
72    gauge='--guage'
73  else
74    gauge=''
75  fi
76fi
77if [ -z "$dialog" ] ; then
78  lxdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='lxdialog'
79fi
80if [ -z "$dialog" ] ; then
81  /usr/src/linux/scripts/lxdialog/lxdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='/usr/src/linux/scripts/lxdialog/lxdialog'
82fi
83
84if [ -z "$dialog" ] ; then
85  bail_error "No \"dialog\" found, GUI installation impossible"
86fi
87
88#------------------------------------------------------------
89#
90#  Find a writable temporary directory
91#
92#------------------------------------------------------------
93tempdir=''
94for tmpdir in "$TMP" "$TMPDIR" /tmp /var/tmp; do
95  if [ -z "$tempdir" ] && [ -d "$tmpdir" ] && [ -w "$tmpdir" ]; then
96    tempdir="$tmpdir"
97  fi
98done
99if [ -z "$tempdir" ]; then
100  bail_error "Unable to find a suitable temporary directory"
101fi
102
103# Create a temporary file
104tmp=`mktemp $tempdir/build.gui.XXXXXX`
105if [ $? -ne 0 ]; then
106  bail_error "Cannot create temp file, exiting..."
107fi
108
109trap "rm -f $tmp; exit 1" EXIT SIGHUP SIGINT SIGQUIT SIGSEGV SIGTERM
110
111#------------------------------------------------------------
112#
113#  Build config line
114#
115#------------------------------------------------------------
116cfgline='';
117
118$dialog \
119--title "Compile-time options" \
120--backtitle "Samhain $VERSION" \
121--radiolist "Samhain can run as standalone application on a single dektop machine, or as a client/server application for centralized monitoring of many hosts" \
12210 75 3 \
123"disable-network"          "Single desktop machine" on \
124"enable-network=client"    "Network (client)" off \
125"enable-network=server"    "Network (server)" off \
1262> $tmp
127
128mtest=$?
129if [ $mtest = -1 ]; then
130    exit 1
131fi
132if [ $mtest = 0 ]; then
133    get_config
134else
135    get_error || bail_error "Your \"dialog\" does not support --radiolist, GUI installation impossible"
136    cfgline="--disable-network"
137fi
138
139cfgtest=`echo $cfgline | grep disable`
140
141
142#------------------------------------------------------------
143#
144#  Server options
145#
146#------------------------------------------------------------
147if [ -z $cfgtest ]; then
148
149INET=yes
150HTML="\n /usr/local/var/samhain/samhain.html"
151
152$dialog \
153--backtitle "Samhain $VERSION" \
154--msgbox "You have chosen to build SAMHAIN as a client/server application.\n\nThis requires some additional configuration.\nPlease read the manual if you are not sure\nwhich options are useful or neccessary for you." 10 75 
155
156if [ $? = -1 ]; then
157    exit 1
158fi
159
160
161$dialog \
162--title 'Network options' \
163--separate-output \
164--backtitle "Samhain $VERSION" \
165--checklist 'Use SPACE to set/unset. If in doubt, read the manual.' \
16620 75 10 \
167'enable-udp' "Server listens also on 514/udp" off \
168'disable-encrypt' "Disable client/server encryption" off \
169'disable-srp' "Disable SRP client/server authentication" off \
1702> $tmp
171
172mtest=$?
173if [ $mtest = -1 ]; then
174    exit 1
175fi
176if [ $mtest = 0 ]; then
177    get_config
178fi
179
180$dialog \
181--title 'Network options' \
182--backtitle "Samhain $VERSION" \
183--inputbox "Server port" 10 75 "49777" \
1842> $tmp
185
186mtest=$?
187if [ $mtest = -1 ]; then
188    exit 1
189fi
190
191if [ $mtest = 0 ]; then
192    mfile=`cat $tmp`
193    for z in $mfile ; do
194        cfgline="$cfgline --with-port=$z"
195    done
196fi
197
198
199$dialog \
200--title 'Network options' \
201--backtitle "Samhain $VERSION" \
202--inputbox "Server address" 10 75 "127.0.0.1" \
2032> $tmp
204
205mtest=$?
206if [ $mtest = -1 ]; then
207    exit 1
208fi
209if [ $mtest = 0 ]; then
210    mfile=`cat $tmp`
211    for z in $mfile ; do
212        cfgline="$cfgline --with-logserver=$z"
213    done
214fi
215
216$dialog \
217--title "Network options" \
218--backtitle 'Samhain $VERSION' \
219--inputbox "Backup server address" 10 75 "none" \
2202> $tmp
221
222mtest=$?
223if [ $mtest = -1 ]; then
224    exit 1
225fi
226if [ $mtest = 0 ]; then
227    mfile=`cat $tmp`
228    for z in $mfile ; do
229        if [ "x$z" != "xnone" ]; then 
230            cfgline="$cfgline --with-altlogserver=$z"
231        fi
232    done
233fi
234
235# if [ -z $cfgtest ]; then
236fi
237
238os=`uname -s`
239if [ x"$os" = xLinux ]
240then
241    PROC=`uname -m`
242    if [ x"$PROC" = xi686 ] ; then
243       I386_LINUX=yes
244    fi
245    if [ x"$PROC" = xi586 ] ; then 
246       I386_LINUX=yes
247    fi
248    if [ x"$PROC" = xi486 ] ; then
249       I386_LINUX=yes
250    fi
251    if [ x"$PROC" = xi386 ] ; then
252       I386_LINUX=yes
253    fi
254fi
255
256$dialog \
257--title 'General options' \
258--separate-output \
259--backtitle "Samhain $VERSION" \
260--checklist 'Use SPACE to set/unset. If in doubt, read the MANUAL.' \
26120 75 10 \
262'enable-static' "Don't link with shared libraries" on \
263'enable-suidcheck' "Check for suid/sgid files" on \
264'enable-login-watch' "Watch for login/logout events" off \
265'enable-ptrace' "Enable anti-debugger code" off \
266'enable-db-reload' "Reload database on SIGHUP" off \
267'enable-xml-log' "Write log in XML format" off \
268'disable-mail' "Compile without built-in mailer" off \
269'disable-external-scripts' "Disable use of external scripts" off \
270'enable-debug' "Compile in debugging code" off \
2712> $tmp
272
273mtest=$?
274if [ $mtest = -1 ]; then
275    exit 1
276fi
277if [ $mtest = 0 ]; then
278    get_config
279fi
280
281
282#------------------------------------------------------------
283#
284#  Signature options
285#
286#------------------------------------------------------------
287$dialog \
288--title "Signed database and configuration" \
289--backtitle "Samhain $VERSION" \
290--yesno "Samhain can be configured to support PGP signed database\nand configuration files. This requires a working installation\nof GnuPG.\n\nDo you want to use this option ?" \
29110 75 \
2922> $tmp
293
294mtest=$?
295
296if [ $mtest = -1 ]; then
297    exit 1
298fi
299if [ $mtest = 0 ]; then
300 
301
302$dialog \
303--title "Signed database and configuration" \
304--backtitle "Samhain $VERSION" \
305--inputbox "Please enter the full path to gpg (i.e. the GnuPG binary)" \
30610 75 "/usr/bin/gpg" \
3072> $tmp
308
309mtest=$?
310
311if [ $mtest = -1 ] 
312then
313    exit 1
314fi
315if [ $mtest = 0 ]
316then
317
318mfile=`cat $tmp`
319for z in $mfile ; do
320        cfgline="$cfgline --with-gpg=$z"
321done
322
323$dialog \
324--title "Signed database and configuration" \
325--backtitle "Samhain $VERSION" \
326--inputbox "Please enter the fingerprint of the key to use (one string, no spaces)" \
32710 75 "6BD9050FD8FC941B43412DCC68B7AB8957548DCD" \
3282> $tmp
329
330mtest=$?
331
332if [ $mtest = -1 ]; then
333    exit 1
334fi
335if [ $mtest = 0 ]; then
336    z=`cat $tmp`
337    cfgline="$cfgline --with-fp=$z"
338fi
339 
340
341fi 
342# want signed
343fi
344
345#------------------------------------------------------------
346#
347#  Stealth options
348#
349#------------------------------------------------------------
350$dialog \
351--title "Stealth options" \
352--backtitle "Samhain $VERSION" \
353--yesno "Samhain has some stealth options to hide its presence.\nDo you want to take advantage of these ?" \
35410 75 \
3552> $tmp
356
357mtest=$?
358if [ $mtest = -1 ]; then
359    exit 1
360fi
361if [ $mtest = 0 ]; then
362
363$dialog \
364--title "Stealth options" \
365--backtitle "Samhain $VERSION" \
366--radiolist "Full stealth mode will hide ascii strings within the binary, and use a config file that is hidden by steganography within an image file. Micro stealth is just strings hiding, without the stego config file." \
36720 75 4 \
368'full' "Enable full stealth mode" off \
369'micro' "Enable micro stealth mode" on \
370'none'  "None of both" off \
3712> $tmp
372
373mtest=$?
374if [ $mtest = -1 ]; then
375    exit 1
376fi
377if [ $mtest = 0 ]; then
378    mfile=`cat $tmp`
379    for z in $mfile ; do
380        mtest=$z
381    done
382else
383    mtest="none"
384fi
385
386if [ "x$mtest" != "xnone" ]; then
387
388if [ "x$mtest" = "xfull" ]; then
389    FULL_STEALTH="yes"
390fi
391
392$dialog \
393--title 'Stealth options' \
394--backtitle "Samhain $VERSION" \
395--inputbox "Please select a number between 128 and 255. This number will be used to obfuscate strings within the binary by xoring them." 10 75 "137" \
3962> $tmp
397
398mtest=$?
399if [ $mtest = -1 ]; then
400    exit 1
401fi
402if [ $mtest = 0 ]; then
403    mfile=`cat $tmp`
404    for z in $mfile ; do
405        mnum=$z
406    done
407else
408    mnum="137"
409fi
410
411if [ "x$FULL_STEALTH" = "xyes" ]; then
412    cfgline="$cfgline --enable-stealth=$mnum"
413else
414    cfgline="$cfgline --enable-micro-stealth=$mnum"
415fi
416
417# if [ "x$mtest" != "xnone" ]; then
418fi
419
420
421$dialog \
422--title 'Stealth options' \
423--backtitle "Samhain $VERSION" \
424--inputbox "Please choose a new name to replace \"samhain\" upon installation" \
42510 75 "samhain" \
4262> $tmp
427
428mtest=$?
429if [ $mtest = -1 ]; then
430    exit 1
431fi
432if [ $mtest = 0 ]; then
433    mfile=`cat $tmp`
434    for z in $mfile ; do
435        cfgline="$cfgline --enable-install-name=$z"
436    done
437fi
438
439$dialog \
440--title "Stealth options" \
441--backtitle "Samhain $VERSION" \
442--inputbox "You can set a magic string such that command line arguments will be ignored unless the first argument is this magic string, and read from stdin otherwise. If you do not want this, select CANCEL, otherwise choose a string and select OK." \
44310 75 "foo" \
4442> $tmp
445
446mtest=$?
447if [ $mtest = -1 ]; then
448    exit 1
449fi
450if [ $mtest = 0 ]; then
451    mfile=`cat $tmp`
452    for z in $mfile ; do
453        cfgline="$cfgline --enable-nocl=$z"
454    done
455fi
456
457if [ "x$I386_LINUX" = "xyes" ]; then
458$dialog \
459--title "Stealth options" \
460--backtitle "Samhain $VERSION" \
461--yesno "SAMHAIN can compile and install a kernel module to hide the SAMHAIN daemon process. Do you want that ?"\
4622> $tmp
463
464mtest=$?
465
466if [ $mtest = -1 ]; then
467    exit 1
468fi
469if [ $mtest = 0 ]; then
470    cfgline="$cfgline --enable-khide"
471fi
472
473# f [ "x$I386_LINUX" = "xyes" ]; then
474fi
475
476# want stealth
477fi
478
479#------------------------------------------------------------
480#
481#  Paths to configure
482#
483#------------------------------------------------------------
484$dialog \
485--title 'Paths' \
486--backtitle "Samhain $VERSION" \
487--radiolist "Do you wish to change the default paths ?\n\nThe default paths are:\n\n /usr/local/sbin all binaries\n /etc/samhainrc configuration file\n /var/lib/samhain/samhain_file data file\n /var/log/samhain_log log file\n /var/run/samhain.pid pid file $HTML" 20 76 5 \
488'usr'    "Install binaries in /usr/sbin" off \
489'opt'    "Use /opt/samhain, /etc/opt, /var/opt" off \
490'all'    "Set paths individually" off \
491'cancel' "Don't change the paths" on \
4922> $tmp
493
494mtest=$?
495if [ $mtest = -1 ]; then
496    exit 1
497fi
498if [ $mtest = 0 ]; then
499#
500# edit paths
501#
502mfile=`cat $tmp`
503for z in $mfile ; do
504    if [ "x$z" = "xopt" ]; then
505            cfgline="$cfgline --prefix=OPT"
506    fi
507    if [ "x$z" = "xusr" ]; then
508            cfgline="$cfgline --prefix=USR"
509    fi
510    if [ "x$z" = "xall" ]; then
511$dialog \
512--title 'Paths' \
513--backtitle "Samhain $VERSION" \
514--inputbox "Exec prefix" 10 75 "/usr/local" \
5152> $tmp
516
517mtest=$?
518if [ $mtest = -1 ]; then
519    exit 1
520fi
521if [ $mtest = 0 ]; then
522    mfile=`cat $tmp`
523    for z in $mfile ; do
524        cfgline="$cfgline --exec-prefix=$z"
525    done
526fi
527
528
529$dialog \
530--title 'Paths' \
531--backtitle "Samhain $VERSION" \
532--inputbox "Configuration" 10 75 "/etc/samhainrc" \
5332> $tmp
534
535mtest=$?
536if [ $mtest = -1 ]; then
537    exit 1
538fi
539if [ $mtest = 0 ]; then
540    mfile=`cat $tmp`
541    for z in $mfile ; do
542        cfgline="$cfgline --with-config-file=$z"
543    done
544fi
545
546$dialog \
547--title 'Paths' \
548--backtitle "Samhain $VERSION" \
549--inputbox "Man pages" 10 75 "/usr/local/share/man" \
5502> $tmp
551
552mtest=$?
553if [ $mtest = -1 ]; then
554    exit 1
555fi
556if [ $mtest = 0 ]; then
557    mfile=`cat $tmp`
558    for z in $mfile ; do
559        cfgline="$cfgline --with-mandir=$z"
560    done
561fi
562
563$dialog \
564--title 'Paths' \
565--backtitle "Samhain $VERSION" \
566--inputbox "Database" 10 75 "/var/lib/samhain/samhain_data" \
5672> $tmp
568
569mtest=$?
570if [ $mtest = -1 ]; then
571    exit 1
572fi
573if [ $mtest = 0 ]; then
574    mfile=`cat $tmp`
575    for z in $mfile ; do
576        cfgline="$cfgline --with-data-file=$z"
577    done
578fi
579
580$dialog \
581--title 'Paths' \
582--backtitle "Samhain $VERSION" \
583--inputbox "Log file" 10 75 "/var/log/samhain_log" \
5842> $tmp
585
586mtest=$?
587if [ $mtest = -1 ]; then
588    exit 1
589fi
590if [ $mtest = 0 ]; then
591    mfile=`cat $tmp`
592    for z in $mfile ; do
593        cfgline="$cfgline --with-log-file=$z"
594    done
595fi
596
597$dialog \
598--title 'Paths' \
599--backtitle "Samhain $VERSION" \
600--inputbox "Lock file" 10 75 "/var/run/samhain.pid" \
6012> $tmp
602
603mtest=$?
604if [ $mtest = -1 ]; then
605    exit 1
606fi
607if [ $mtest = 0 ]; then
608    mfile=`cat $tmp`
609    for z in $mfile ; do
610        cfgline="$cfgline --with-pid-file=$z"
611    done
612fi
613
614if [ "x$INET" = "xyes" ]; then
615$dialog \
616--title 'Paths' \
617--backtitle "Samhain $VERSION" \
618--inputbox "Server status" 10 75 "/var/lib/samhain/samhain.html" \
6192> $tmp
620
621mtest=$?
622if [ $mtest = -1 ]; then
623    exit 1
624fi
625if [ $mtest = 0 ]; then
626    mfile=`cat $tmp`
627    for z in $mfile ; do
628        cfgline="$cfgline --with-html-file=$z"
629    done
630fi
631# if [ "x$INET" = "xyes" ]; then
632fi
633
634   fi
635
636done
637# edit paths
638fi
639
640
641if [ ! -f "configure" ] ; then
642    bail_error "Setup problem... try to install manually"
643fi
644
645echo "./configure $cfgline" > Install.log 2>/dev/null
646
647if [ $? != 0 ]; then
648    $dialog --infobox "ERROR writing to \"Install.log\".\n\nAborting." 10 55
649    exit 1
650fi
651
652
653
654if [ "x$KCHECK" = "xyes" ]; then
655    if [ `id -u` != 0 ]; then
656$dialog --msgbox "Compiling with --with-kcheck option (kernel rootkit detection). This\nrequires root privileges for at least one command during compilation,\nbut you are not running this as root. Please expect compilation to fail.\n\nYou need to follow the instructions shown in the \nerror message after failure." 20 75
657    fi
658fi
659
660
661if [ -n "$gauge" ] ; then
662(
663  sfail=0
664  echo 20
665  rm -f config.cache 2> /dev/null
666  echo 30
667  if [ -z "$cfgline2" ]; then
668    ./configure $cfgline >> Install.log 2>&1
669  else
670    ./configure $cfgline --with-checksum="$cfgline2" >> Install.log 2>&1
671  fi
672  cfail=$?
673  echo 50
674  if [ $cfail = 0 ]; then
675    make clean >> Install.log 2>&1
676    cfail=$?
677  else
678    sfail=1
679  fi
680  echo 60
681  if [ $cfail = 0 ]; then
682    make >> Install.log 2>&1
683    cfail=$?
684  else
685    sfail=1
686  fi
687  echo 80
688  if [ $cfail = 0 ]; then
689    make install >> Install.log 2>&1
690    cfail=$?
691  else
692    sfail=1
693  fi
694  echo 100
695  echo cfail=$cfail > $tmp
696  echo sfail=$sfail >> $tmp
697) | $dialog \
698--title 'Compilation and installation' \
699--backtitle "Samhain $VERSION" \
700"$gauge" 'Please wait...' 10 75 10
701else
702  sfail=0
703  rm -f config.cache 2> /dev/null
704  $dialog --infobox "Running configure ..." 4 44
705  if [ -z "$cfgline2" ]; then
706    ./configure $cfgline >> Install.log 2>&1
707  else
708    ./configure $cfgline --with-checksum="$cfgline2" >> Install.log 2>&1
709  fi
710  cfail=$?
711  if [ $cfail = 0 ]; then
712    $dialog --infobox "Running make clean ..." 4 44
713    make clean >> Install.log 2>&1
714    cfail=$?
715  else
716    sfail=1
717  fi
718  if [ $cfail = 0 ]; then
719    $dialog --infobox "Running make ..." 4 44
720    make >> Install.log 2>&1
721    cfail=$?
722  else
723    sfail=1
724  fi
725  if [ $cfail = 0 ]; then
726    $dialog --infobox "Running make install ..." 4 44
727    make install >> Install.log 2>&1
728    cfail=$?
729  else
730    sfail=1
731  fi
732  echo cfail=$cfail > $tmp
733  echo sfail=$sfail >> $tmp
734fi
735
736. $tmp
737
738
739echo "SAMHAIN is now installed on your system." > $tmp
740echo "Please read the documentation to know how to run it." >> $tmp
741
742
743if [ "x$sfail" = "x0" ] ; then
744
745    if [ "x$cfail" = "x0" ] ; then
746        if [ "x${FULL_STEALTH}" = "xyes" ]; then
747            tail -21 Install.log >> $tmp
748        else
749            tail -11 Install.log >> $tmp
750        fi
751        $dialog --title "Build report (use arrow keys to scroll the text box)" \
752--backtitle "Samhain $VERSION installed. PLEASE READ THE MANUAL." \
753--textbox \
754$tmp \
75520 75
756    else
757        $dialog --title "Problem report" \
758--backtitle "Samhain $VERSION: Build failed (see Install.log):" \
759--msgbox \
760"Compilation was successful, but you need to be root in\norder to install the files to the selected prefix.\nPlease run 'make install' as root." \
76110 75
762    fi
763
764else
765
766    MSG=`tail -10 Install.log`
767    $dialog --title "Problem report" \
768--backtitle "Samhain $VERSION: Build failed (see Install.log):" \
769--msgbox "$MSG" 20 75
770
771fi
772
773rm -f $tmp
774
775exit 0
776
777
778
779
780
781
Note: See TracBrowser for help on using the repository browser.