[1] | 1 |
|
---|
| 2 |
|
---|
| 3 | This directory contains miscellaneous useful scripts, mostly contributed
|
---|
| 4 | by various users. Additions and/or improvements are welcome.
|
---|
| 5 |
|
---|
| 6 | chroot.sh: prepare chroot environment for the log server
|
---|
| 7 | ---------
|
---|
| 8 |
|
---|
| 9 | Usage: chroot.sh <chroot_directory>
|
---|
| 10 |
|
---|
| 11 | Tested on Debian Linux. Your mileage may vary.
|
---|
| 12 | After running the script, review <chroot_directory>/etc/passwd
|
---|
| 13 | to replace passwords with a *, and to fix the
|
---|
| 14 | path to the home directory of the yule user.
|
---|
| 15 | If using a signed configuration file, you need
|
---|
| 16 | a working copy of GnuPG inside the chroot jail.
|
---|
| 17 |
|
---|
| 18 | This script will probably fail on systems other than Linux,
|
---|
| 19 | mainly because of the mknod commands to create devices
|
---|
| 20 | in the chroot jail.
|
---|
| 21 |
|
---|
| 22 | NO WARRANTY !!!
|
---|
| 23 |
|
---|
| 24 | samhainadmin.pl
|
---|
| 25 | ---------------
|
---|
| 26 |
|
---|
| 27 | Perform various tasks useful if you are using signed configuration
|
---|
| 28 | and database files.
|
---|
| 29 |
|
---|
| 30 | Run 'samhainadmin.pl -h' for usage instaructions.
|
---|
| 31 |
|
---|
| 32 | samhainrc_update.sh
|
---|
| 33 | -------------------
|
---|
| 34 |
|
---|
| 35 | If you are using the --with-kcheck option on Linux, after a kernel
|
---|
| 36 | update you need to change some option (addresses of kernel functions)
|
---|
| 37 | in the samhainrc configuration file. The correct new addresses must
|
---|
| 38 | be looked up in the System.map file
|
---|
| 39 |
|
---|
| 40 | This script will do this automatically. Run 'samhainrc_update.sh -h'
|
---|
| 41 | for usage instructions. You may need to change the location of the
|
---|
[29] | 42 | samhainrc file by editing the line 'cfgfile="/etc/samhainrc"'
|
---|
[1] | 43 | at the beginning of the script.
|
---|
| 44 |
|
---|
| 45 | check_samhain.pl
|
---|
| 46 | ----------------
|
---|
| 47 |
|
---|
| 48 | Nagios plugin for samhain. Will execute samhain and report results
|
---|
| 49 | in the way expected by nagios. Drop this into your nagios/libexec/
|
---|
| 50 | directory.
|
---|
| 51 |
|
---|
| 52 | samhain.logrotator: logrotate script
|
---|
| 53 | ------------------
|
---|
| 54 |
|
---|
| 55 | This is a logrotate script (contributed by Simon Bailey)
|
---|
| 56 |
|
---|
| 57 | concat.pl
|
---|
| 58 | ---------
|
---|
| 59 |
|
---|
| 60 | Concatenate samhain file signature databases and write the resulting
|
---|
| 61 | database file to stdout. Does not work on signed or otherwise modified
|
---|
| 62 | file signature databases.
|
---|
| 63 |
|
---|
| 64 | samhain.{cgi|dtd|xsl}: display XML logfile in XML capable browser
|
---|
| 65 | --------------------- (works with Mozilla 1.2, possibly Mozilla 1.0, IE 6)
|
---|
| 66 |
|
---|
| 67 | Usage: 1. review samhain.cgi (see remarks in file)
|
---|
| 68 | 2. drop samhain.cgi, samhain.dtd, samhain.xsl in some
|
---|
| 69 | directory on your webserver
|
---|
| 70 | 3. use .htaccess to protect access to that directory
|
---|
| 71 | 4. point your browser at samhain.cgi
|
---|
| 72 |
|
---|
| 73 | You may need to rename samhain.cgi to samhain.php if you use
|
---|
| 74 | mod_php. Also, you will certainly need to edit the path to the
|
---|
| 75 | logfile in samhain.cgi.
|
---|
| 76 |
|
---|
| 77 | CAVEAT: There is no built-in access restriction (use .htaccess to
|
---|
| 78 | password-protect the directory).
|
---|
| 79 |
|
---|
| 80 | The XSL stylesheet is based on a contribution by Olivier Salaun.
|
---|
| 81 |
|
---|
| 82 |
|
---|
| 83 | samhain.spec: RPM spec file for building a vanilla single-host RPM
|
---|
| 84 | ------------
|
---|
| 85 |
|
---|
| 86 | Contributed by Andre Oliveira da Costa <brblueser@uol.com.br>
|
---|
| 87 |
|
---|
| 88 | This is a spec file to produce a vanilla single-host samhain RPM
|
---|
| 89 | (no fancy options, standard directory layout :).
|
---|
| 90 |
|
---|
| 91 | Accepted parameters for 'rpmbuild':
|
---|
| 92 |
|
---|
| 93 | --with gpg - enables gpg support
|
---|
| 94 | --with tests - make tests before building
|
---|
| 95 |
|
---|
| 96 | redhat_i386.client.spec: RPM spec file for building a RedHat client RPM
|
---|
| 97 | ------------
|
---|
| 98 |
|
---|
| 99 | Contributed by Philipp Stadler <philipp@stadler.priv.at>
|
---|
| 100 |
|
---|
| 101 | Does not install documentation or local config file.
|
---|
| 102 |
|
---|
| 103 |
|
---|
| 104 | samhain-scripts/ Administrative scripts by
|
---|
| 105 | ---------------- Simon Bailey <simon.bailey@uibk.ac.at> and
|
---|
| 106 | Michael Redinger <michael.redinger@uibk.ac.at>
|
---|
| 107 |
|
---|
| 108 | You may need to adjust some of the variables in the
|
---|
| 109 | top lines of these scripts.
|
---|
| 110 |
|
---|
| 111 | samhain.table.rotate.pl: Move old entries from mysql log table to a
|
---|
| 112 | backup table
|
---|
| 113 |
|
---|
| 114 | samhain-admin: Interactive script to (1) clear log entries in SQL database,
|
---|
| 115 | (2) re-initialize file database of remote client, or (3) add
|
---|
| 116 | a new host.
|
---|
| 117 | This script requires that you are using samhains deploy
|
---|
| 118 | system (i.e. the deploy.sh script et al.).
|
---|
| 119 | Re-initialize will stop the daemon on the remote host,
|
---|
| 120 | create a temp dir for the database, run samhain -t init,
|
---|
| 121 | copy the database to the server, and clear the mysql log for
|
---|
| 122 | this host.
|
---|
| 123 |
|
---|
| 124 | samhain.clearhost: Helper script for samhain-admin.
|
---|
| 125 |
|
---|