source: trunk/Install.sh @ 112

Last change on this file since 112 was 112, checked in by rainer, 14 years ago

Fix for ticket #72 (--separate-output with non-checklist widgets in Install.sh).

File size: 17.5 KB
Line 
1#! /bin/sh
2# Please have a TMP or TMPDIR environment variable if you don't trust /tmp,
3# or don't run this as root.
4#
5# -- partly taken from PureFTPd
6#
7
8VERSION=1.6.4
9
10
11# exits with a custom error message
12bail_error () {
13    echo
14    echo $1
15    echo
16    exit 1
17}
18
19get_config() {
20    mfile=`cat $tmp`
21    for z in $mfile ; do
22        cfgline="$cfgline --$z"
23    done
24}
25
26get_error() {
27    ge_rval=0
28    if  cat $tmp 2>&1 | grep Error > /dev/null ; then
29        ge_rval=1
30    fi
31    return ${ge_rval}
32}
33
34 
35
36#------------------------------------------------------------
37#
38#  Find a 'dialog' program
39#
40#------------------------------------------------------------
41PATH=/usr/local/bin:/usr/local/sbin:$PATH; export PATH
42
43WELCOME=`cat <<EOF
44Welcome to the SAMHAIN configuration tool
45
46This script is meant to make installing SAMHAIN as easy as
47possible.  Just read the text below, hit ENTER, and you are
48on your way.
49
50SAMHAIN ships with NO WARRANTY whatsoever, without
51even the implied warranty of merchantability or fitness
52for a particular purpose. The author takes no responsibility
53for the consequences of running this script.
54
55Please send any questions to support@la-samhna.com.
56EOF`
57
58if [ -z "$dialog" ] ; then
59  if [ -n "$DISPLAY" ] ; then
60    Xdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='Xdialog'
61        gauge='--gauge'
62  fi
63fi
64if [ -z "$dialog" ] ; then
65  dialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='dialog'
66
67# Workaround for old versions of 'dialog' (Slackware)
68
69  if "$dialog" 2>&1 | grep gauge > /dev/null ; then
70    gauge='--gauge'
71  elif "$dialog" 2>&1 | grep guage > /dev/null ; then
72    gauge='--guage'
73  else
74    gauge=''
75  fi
76fi
77if [ -z "$dialog" ] ; then
78  lxdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='lxdialog'
79fi
80if [ -z "$dialog" ] ; then
81  /usr/src/linux/scripts/lxdialog/lxdialog --msgbox "$WELCOME" 20 75 2> /dev/null && dialog='/usr/src/linux/scripts/lxdialog/lxdialog'
82fi
83
84if [ -z "$dialog" ] ; then
85  bail_error "No \"dialog\" found, GUI installation impossible"
86fi
87
88#------------------------------------------------------------
89#
90#  Find a writable temporary directory
91#
92#------------------------------------------------------------
93tempdir=''
94for tmpdir in "$TMP" "$TMPDIR" /tmp /var/tmp; do
95  if [ -z "$tempdir" ] && [ -d "$tmpdir" ] && [ -w "$tmpdir" ]; then
96    tempdir="$tmpdir"
97  fi
98done
99if [ -z "$tempdir" ]; then
100  bail_error "Unable to find a suitable temporary directory"
101fi
102
103# Create a temporary file
104tmp=`mktemp $tempdir/build.gui.XXXXXX`
105if [ $? -ne 0 ]; then
106  bail_error "Cannot create temp file, exiting..."
107fi
108
109trap "rm -f $tmp; exit 1" EXIT SIGHUP SIGINT SIGQUIT SIGSEGV SIGTERM
110
111#------------------------------------------------------------
112#
113#  Build config line
114#
115#------------------------------------------------------------
116cfgline='';
117
118$dialog \
119--title "Compile-time options" \
120--backtitle "Samhain $VERSION" \
121--radiolist "Samhain can run as standalone application on a single dektop machine, or as a client/server application for centralized monitoring of many hosts" \
12210 75 3 \
123"disable-network"          "Single desktop machine" on \
124"enable-network=client"    "Network (client)" off \
125"enable-network=server"    "Network (server)" off \
1262> $tmp
127
128mtest=$?
129if [ $mtest = -1 ]; then
130    exit 1
131fi
132if [ $mtest = 0 ]; then
133    get_config
134else
135    get_error || bail_error "Your \"dialog\" does not support --radiolist, GUI installation impossible"
136    cfgline="--disable-network"
137fi
138
139cfgtest=`echo $cfgline | grep disable`
140
141
142#------------------------------------------------------------
143#
144#  Server options
145#
146#------------------------------------------------------------
147if [ -z $cfgtest ]; then
148
149INET=yes
150HTML="\n /usr/local/var/samhain/samhain.html"
151
152$dialog \
153--backtitle "Samhain $VERSION" \
154--msgbox "You have chosen to build SAMHAIN as a client/server application.\n\nThis requires some additional configuration.\nPlease read the manual if you are not sure\nwhich options are useful or neccessary for you." 10 75 
155
156if [ $? = -1 ]; then
157    exit 1
158fi
159
160
161$dialog \
162--title 'Network options' \
163--separate-output \
164--backtitle "Samhain $VERSION" \
165--checklist 'Use SPACE to set/unset. If in doubt, read the manual.' \
16620 75 10 \
167'enable-udp' "Server listens also on 514/udp" off \
168'disable-encrypt' "Disable client/server encryption" off \
169'disable-srp' "Disable SRP client/server authentication" off \
1702> $tmp
171
172mtest=$?
173if [ $mtest = -1 ]; then
174    exit 1
175fi
176if [ $mtest = 0 ]; then
177    get_config
178fi
179
180$dialog \
181--title 'Network options' \
182--backtitle "Samhain $VERSION" \
183--inputbox "Server port" 10 75 "49777" \
1842> $tmp
185
186mtest=$?
187if [ $mtest = -1 ]; then
188    exit 1
189fi
190
191if [ $mtest = 0 ]; then
192    mfile=`cat $tmp`
193    for z in $mfile ; do
194        cfgline="$cfgline --with-port=$z"
195    done
196fi
197
198
199$dialog \
200--title 'Network options' \
201--backtitle "Samhain $VERSION" \
202--inputbox "Server address" 10 75 "127.0.0.1" \
2032> $tmp
204
205mtest=$?
206if [ $mtest = -1 ]; then
207    exit 1
208fi
209if [ $mtest = 0 ]; then
210    mfile=`cat $tmp`
211    for z in $mfile ; do
212        cfgline="$cfgline --with-logserver=$z"
213    done
214fi
215
216$dialog \
217--title "Network options" \
218--backtitle 'Samhain $VERSION' \
219--inputbox "Backup server address" 10 75 "none" \
2202> $tmp
221
222mtest=$?
223if [ $mtest = -1 ]; then
224    exit 1
225fi
226if [ $mtest = 0 ]; then
227    mfile=`cat $tmp`
228    for z in $mfile ; do
229        if [ "x$z" != "xnone" ]; then 
230            cfgline="$cfgline --with-altlogserver=$z"
231        fi
232    done
233fi
234
235# if [ -z $cfgtest ]; then
236fi
237
238os=`uname -s`
239if [ x"$os" = xLinux ]
240then
241    PROC=`uname -m`
242    if [ x"$PROC" = xi686 ] ; then
243       I386_LINUX=yes
244    fi
245    if [ x"$PROC" = xi586 ] ; then 
246       I386_LINUX=yes
247    fi
248    if [ x"$PROC" = xi486 ] ; then
249       I386_LINUX=yes
250    fi
251    if [ x"$PROC" = xi386 ] ; then
252       I386_LINUX=yes
253    fi
254fi
255
256$dialog \
257--title 'General options' \
258--separate-output \
259--backtitle "Samhain $VERSION" \
260--checklist 'Use SPACE to set/unset. If in doubt, read the MANUAL.' \
26120 75 10 \
262'enable-static' "Don't link with shared libraries" on \
263'enable-suidcheck' "Check for suid/sgid files" on \
264'enable-login-watch' "Watch for login/logout events" off \
265'enable-ptrace' "Enable anti-debugger code" off \
266'enable-db-reload' "Reload database on SIGHUP" off \
267'enable-xml-log' "Write log in XML format" off \
268'disable-mail' "Compile without built-in mailer" off \
269'disable-external-scripts' "Disable use of external scripts" off \
270'enable-debug' "Compile in debugging code" off \
2712> $tmp
272
273mtest=$?
274if [ $mtest = -1 ]; then
275    exit 1
276fi
277if [ $mtest = 0 ]; then
278    get_config
279fi
280
281#------------------------------------------------------------
282#
283#  Kernel module
284#
285#------------------------------------------------------------
286
287KCHECK="no"
288
289if [ "x$I386_LINUX" = "xyes" ]; then
290
291$dialog \
292--title "Kernel module rootkit detection" \
293--backtitle "Samhain $VERSION" \
294--inputbox "SAMHAIN can detect kernel module rootkits if compiled with support\nfor this. If you want to enable this option, please give the path\nto your System.map file, else choose CANCEL.\n\nNOTE: this option will require root privileges for at least one\ncommand during compilation (to read from /dev/kmem)." \
29516 75 "/boot/System.map" \
2962> $tmp
297
298
299mtest=$?
300
301if [ $mtest = -1 ]; then
302    exit 1
303fi
304if [ $mtest = 0 ]; then
305    mfile=`cat $tmp`
306    for z in $mfile ; do
307        cfgline="$cfgline --with-kcheck=$z"
308    done
309    KCHECK="yes"
310fi
311
312fi
313
314#------------------------------------------------------------
315#
316#  Signature options
317#
318#------------------------------------------------------------
319$dialog \
320--title "Signed database and configuration" \
321--backtitle "Samhain $VERSION" \
322--yesno "Samhain can be configured to support PGP signed database\nand configuration files. This requires a working installation\nof GnuPG.\n\nDo you want to use this option ?" \
32310 75 \
3242> $tmp
325
326mtest=$?
327
328if [ $mtest = -1 ]; then
329    exit 1
330fi
331if [ $mtest = 0 ]; then
332 
333
334$dialog \
335--title "Signed database and configuration" \
336--backtitle "Samhain $VERSION" \
337--inputbox "Please enter the full path to gpg (i.e. the GnuPG binary)" \
33810 75 "/usr/bin/gpg" \
3392> $tmp
340
341mtest=$?
342
343if [ $mtest = -1 ] 
344then
345    exit 1
346fi
347if [ $mtest = 0 ]
348then
349
350mfile=`cat $tmp`
351for z in $mfile ; do
352        cfgline="$cfgline --with-gpg=$z"
353done
354
355$dialog \
356--title "Signed database and configuration" \
357--backtitle "Samhain $VERSION" \
358--inputbox "Please enter the fingerprint of the key to use (one string, no spaces)" \
35910 75 "6BD9050FD8FC941B43412DCC68B7AB8957548DCD" \
3602> $tmp
361
362mtest=$?
363
364if [ $mtest = -1 ]; then
365    exit 1
366fi
367if [ $mtest = 0 ]; then
368    z=`cat $tmp`
369    cfgline="$cfgline --with-fp=$z"
370fi
371 
372
373fi 
374# want signed
375fi
376
377#------------------------------------------------------------
378#
379#  Stealth options
380#
381#------------------------------------------------------------
382$dialog \
383--title "Stealth options" \
384--backtitle "Samhain $VERSION" \
385--yesno "Samhain has some stealth options to hide its presence.\nDo you want to take advantage of these ?" \
38610 75 \
3872> $tmp
388
389mtest=$?
390if [ $mtest = -1 ]; then
391    exit 1
392fi
393if [ $mtest = 0 ]; then
394
395$dialog \
396--title "Stealth options" \
397--backtitle "Samhain $VERSION" \
398--radiolist "Full stealth mode will hide ascii strings within the binary, and use a config file that is hidden by steganography within an image file. Micro stealth is just strings hiding, without the stego config file." \
39920 75 4 \
400'full' "Enable full stealth mode" off \
401'micro' "Enable micro stealth mode" on \
402'none'  "None of both" off \
4032> $tmp
404
405mtest=$?
406if [ $mtest = -1 ]; then
407    exit 1
408fi
409if [ $mtest = 0 ]; then
410    mfile=`cat $tmp`
411    for z in $mfile ; do
412        mtest=$z
413    done
414else
415    mtest="none"
416fi
417
418if [ "x$mtest" != "xnone" ]; then
419
420if [ "x$mtest" = "xfull" ]; then
421    FULL_STEALTH="yes"
422fi
423
424$dialog \
425--title 'Stealth options' \
426--backtitle "Samhain $VERSION" \
427--inputbox "Please select a number between 128 and 255. This number will be used to obfuscate strings within the binary by xoring them." 10 75 "137" \
4282> $tmp
429
430mtest=$?
431if [ $mtest = -1 ]; then
432    exit 1
433fi
434if [ $mtest = 0 ]; then
435    mfile=`cat $tmp`
436    for z in $mfile ; do
437        mnum=$z
438    done
439else
440    mnum="137"
441fi
442
443if [ "x$FULL_STEALTH" = "xyes" ]; then
444    cfgline="$cfgline --enable-stealth=$mnum"
445else
446    cfgline="$cfgline --enable-micro-stealth=$mnum"
447fi
448
449# if [ "x$mtest" != "xnone" ]; then
450fi
451
452
453$dialog \
454--title 'Stealth options' \
455--backtitle "Samhain $VERSION" \
456--inputbox "Please choose a new name to replace \"samhain\" upon installation" \
45710 75 "samhain" \
4582> $tmp
459
460mtest=$?
461if [ $mtest = -1 ]; then
462    exit 1
463fi
464if [ $mtest = 0 ]; then
465    mfile=`cat $tmp`
466    for z in $mfile ; do
467        cfgline="$cfgline --enable-install-name=$z"
468    done
469fi
470
471$dialog \
472--title "Stealth options" \
473--backtitle "Samhain $VERSION" \
474--inputbox "You can set a magic string such that command line arguments will be ignored unless the first argument is this magic string, and read from stdin otherwise. If you do not want this, select CANCEL, otherwise choose a string and select OK." \
47510 75 "foo" \
4762> $tmp
477
478mtest=$?
479if [ $mtest = -1 ]; then
480    exit 1
481fi
482if [ $mtest = 0 ]; then
483    mfile=`cat $tmp`
484    for z in $mfile ; do
485        cfgline="$cfgline --enable-nocl=$z"
486    done
487fi
488
489if [ "x$I386_LINUX" = "xyes" ]; then
490$dialog \
491--title "Stealth options" \
492--backtitle "Samhain $VERSION" \
493--yesno "SAMHAIN can compile and install a kernel module to hide the SAMHAIN daemon process. Do you want that ?"\
4942> $tmp
495
496mtest=$?
497
498if [ $mtest = -1 ]; then
499    exit 1
500fi
501if [ $mtest = 0 ]; then
502    cfgline="$cfgline --enable-khide"
503fi
504
505# f [ "x$I386_LINUX" = "xyes" ]; then
506fi
507
508# want stealth
509fi
510
511#------------------------------------------------------------
512#
513#  Paths to configure
514#
515#------------------------------------------------------------
516$dialog \
517--title 'Paths' \
518--backtitle "Samhain $VERSION" \
519--radiolist "Do you wish to change the default paths ?\n\nThe default paths are:\n\n /usr/local/sbin all binaries\n /etc/samhainrc configuration file\n /var/lib/samhain/samhain_file data file\n /var/log/samhain_log log file\n /var/run/samhain.pid pid file $HTML" 20 76 5 \
520'usr'    "Install binaries in /usr/sbin" off \
521'opt'    "Use /opt/samhain, /etc/opt, /var/opt" off \
522'all'    "Set paths individually" off \
523'cancel' "Don't change the paths" on \
5242> $tmp
525
526mtest=$?
527if [ $mtest = -1 ]; then
528    exit 1
529fi
530if [ $mtest = 0 ]; then
531#
532# edit paths
533#
534mfile=`cat $tmp`
535for z in $mfile ; do
536    if [ "x$z" = "xopt" ]; then
537            cfgline="$cfgline --prefix=OPT"
538    fi
539    if [ "x$z" = "xusr" ]; then
540            cfgline="$cfgline --prefix=USR"
541    fi
542    if [ "x$z" = "xall" ]; then
543$dialog \
544--title 'Paths' \
545--backtitle "Samhain $VERSION" \
546--inputbox "Exec prefix" 10 75 "/usr/local" \
5472> $tmp
548
549mtest=$?
550if [ $mtest = -1 ]; then
551    exit 1
552fi
553if [ $mtest = 0 ]; then
554    mfile=`cat $tmp`
555    for z in $mfile ; do
556        cfgline="$cfgline --exec-prefix=$z"
557    done
558fi
559
560
561$dialog \
562--title 'Paths' \
563--backtitle "Samhain $VERSION" \
564--inputbox "Configuration" 10 75 "/etc/samhainrc" \
5652> $tmp
566
567mtest=$?
568if [ $mtest = -1 ]; then
569    exit 1
570fi
571if [ $mtest = 0 ]; then
572    mfile=`cat $tmp`
573    for z in $mfile ; do
574        cfgline="$cfgline --with-config-file=$z"
575    done
576fi
577
578$dialog \
579--title 'Paths' \
580--backtitle "Samhain $VERSION" \
581--inputbox "Man pages" 10 75 "/usr/local/share/man" \
5822> $tmp
583
584mtest=$?
585if [ $mtest = -1 ]; then
586    exit 1
587fi
588if [ $mtest = 0 ]; then
589    mfile=`cat $tmp`
590    for z in $mfile ; do
591        cfgline="$cfgline --with-mandir=$z"
592    done
593fi
594
595$dialog \
596--title 'Paths' \
597--backtitle "Samhain $VERSION" \
598--inputbox "Database" 10 75 "/var/lib/samhain/samhain_data" \
5992> $tmp
600
601mtest=$?
602if [ $mtest = -1 ]; then
603    exit 1
604fi
605if [ $mtest = 0 ]; then
606    mfile=`cat $tmp`
607    for z in $mfile ; do
608        cfgline="$cfgline --with-data-file=$z"
609    done
610fi
611
612$dialog \
613--title 'Paths' \
614--backtitle "Samhain $VERSION" \
615--inputbox "Log file" 10 75 "/var/log/samhain_log" \
6162> $tmp
617
618mtest=$?
619if [ $mtest = -1 ]; then
620    exit 1
621fi
622if [ $mtest = 0 ]; then
623    mfile=`cat $tmp`
624    for z in $mfile ; do
625        cfgline="$cfgline --with-log-file=$z"
626    done
627fi
628
629$dialog \
630--title 'Paths' \
631--backtitle "Samhain $VERSION" \
632--inputbox "Lock file" 10 75 "/var/run/samhain.pid" \
6332> $tmp
634
635mtest=$?
636if [ $mtest = -1 ]; then
637    exit 1
638fi
639if [ $mtest = 0 ]; then
640    mfile=`cat $tmp`
641    for z in $mfile ; do
642        cfgline="$cfgline --with-pid-file=$z"
643    done
644fi
645
646if [ "x$INET" = "xyes" ]; then
647$dialog \
648--title 'Paths' \
649--backtitle "Samhain $VERSION" \
650--inputbox "Server status" 10 75 "/var/lib/samhain/samhain.html" \
6512> $tmp
652
653mtest=$?
654if [ $mtest = -1 ]; then
655    exit 1
656fi
657if [ $mtest = 0 ]; then
658    mfile=`cat $tmp`
659    for z in $mfile ; do
660        cfgline="$cfgline --with-html-file=$z"
661    done
662fi
663# if [ "x$INET" = "xyes" ]; then
664fi
665
666   fi
667
668done
669# edit paths
670fi
671
672
673if [ ! -f "configure" ] ; then
674    bail_error "Setup problem... try to install manually"
675fi
676
677echo "./configure $cfgline" > Install.log 2>/dev/null
678
679if [ $? != 0 ]; then
680    $dialog --infobox "ERROR writing to \"Install.log\".\n\nAborting." 10 55
681    exit 1
682fi
683
684
685
686if [ "x$KCHECK" = "xyes" ]; then
687    if [ `id -u` != 0 ]; then
688$dialog --msgbox "Compiling with --with-kcheck option (kernel rootkit detection). This\nrequires root privileges for at least one command during compilation,\nbut you are not running this as root. Please expect compilation to fail.\n\nYou need to follow the instructions shown in the \nerror message after failure." 20 75
689    fi
690fi
691
692
693if [ -n "$gauge" ] ; then
694(
695  sfail=0
696  echo 20
697  rm -f config.cache 2> /dev/null
698  echo 30
699  if [ -z "$cfgline2" ]; then
700    ./configure $cfgline >> Install.log 2>&1
701  else
702    ./configure $cfgline --with-checksum="$cfgline2" >> Install.log 2>&1
703  fi
704  cfail=$?
705  echo 50
706  if [ $cfail = 0 ]; then
707    make clean >> Install.log 2>&1
708    cfail=$?
709  else
710    sfail=1
711  fi
712  echo 60
713  if [ $cfail = 0 ]; then
714    make >> Install.log 2>&1
715    cfail=$?
716  else
717    sfail=1
718  fi
719  echo 80
720  if [ $cfail = 0 ]; then
721    make install >> Install.log 2>&1
722    cfail=$?
723  else
724    sfail=1
725  fi
726  echo 100
727  echo cfail=$cfail > $tmp
728  echo sfail=$sfail >> $tmp
729) | $dialog \
730--title 'Compilation and installation' \
731--backtitle "Samhain $VERSION" \
732"$gauge" 'Please wait...' 10 75 10
733else
734  sfail=0
735  rm -f config.cache 2> /dev/null
736  $dialog --infobox "Running configure ..." 4 44
737  if [ -z "$cfgline2" ]; then
738    ./configure $cfgline >> Install.log 2>&1
739  else
740    ./configure $cfgline --with-checksum="$cfgline2" >> Install.log 2>&1
741  fi
742  cfail=$?
743  if [ $cfail = 0 ]; then
744    $dialog --infobox "Running make clean ..." 4 44
745    make clean >> Install.log 2>&1
746    cfail=$?
747  else
748    sfail=1
749  fi
750  if [ $cfail = 0 ]; then
751    $dialog --infobox "Running make ..." 4 44
752    make >> Install.log 2>&1
753    cfail=$?
754  else
755    sfail=1
756  fi
757  if [ $cfail = 0 ]; then
758    $dialog --infobox "Running make install ..." 4 44
759    make install >> Install.log 2>&1
760    cfail=$?
761  else
762    sfail=1
763  fi
764  echo cfail=$cfail > $tmp
765  echo sfail=$sfail >> $tmp
766fi
767
768. $tmp
769
770
771echo "SAMHAIN is now installed on your system." > $tmp
772echo "Please read the documentation to know how to run it." >> $tmp 
773
774
775if [ "x$sfail" = "x0" ] ; then
776
777    if [ "x$cfail" = "x0" ] ; then
778        if [ "x${FULL_STEALTH}" = "xyes" ]; then
779            tail -21 Install.log >> $tmp
780        else
781            tail -11 Install.log >> $tmp
782        fi
783        $dialog --title "Build report (use arrow keys to scroll the text box)" \
784--backtitle "Samhain $VERSION installed. PLEASE READ THE MANUAL." \
785--textbox \
786$tmp \
78720 75
788    else
789        $dialog --title "Problem report" \
790--backtitle "Samhain $VERSION: Build failed (see Install.log):" \
791--msgbox \
792"Compilation was successful, but you need to be root in\norder to install the files to the selected prefix.\nPlease run 'make install' as root." \
79310 75
794    fi
795
796else
797
798    MSG=`tail -10 Install.log`
799    $dialog --title "Problem report" \
800--backtitle "Samhain $VERSION: Build failed (see Install.log):" \
801--msgbox "$MSG" 20 75
802
803fi
804
805rm -f $tmp
806
807exit 0
808
809
810
811
812
813
Note: See TracBrowser for help on using the repository browser.