source: trunk/scripts/samhainrc_update.sh@ 15

Last change on this file since 15 was 1, checked in by katerina, 19 years ago

Initial import

File size: 6.6 KB
RevLine 
[1]1#!/bin/bash
2# -----------------------------------------------------------------------------
3# @brief: update the kernel options in the samhain configuration
4# file, after a new kernel has been compiled
5# @author: marc heisterkamp <marzheister@web.de>
6# -----------------------------------------------------------------------------
7
8SAMHAIN_CFG="/etc/samhainrc"
9
10BLUE="[34;01m"
11CYAN="[36;01m"
12GREEN="[32;01m"
13DARK_GREEN="[32m"
14RED="[31;01m"
15PURPLE="[35;01m"
16WHITE="[37;01m"
17DARK_GRAY="[30;01m"
18LIGHT_GRAY="[37m"
19YELLOW="[33;01m"
20BROWN="[33m"
21OFF="[0m"
22
23
24SYSTEM_MAP=""
25new_cfg=''
26scriptname="$0"
27
28# global variables for system adresses (extracted from System.map)
29SYS_CALL=''
30SYS_CALL_TABLE=''
31PROC_ROOT=''
32PROC_ROOT_IOPS=''
33PROC_ROOT_LOOKUP=''
34
35# Make sure the user has root permissions
36if [ $UID -ne 0 ] ; then
37 echo "You must be root to run this script. Exiting."
38 exit 1
39fi
40
41
42#------------------------------------------------------------------------------
43# usage
44#------------------------------------------------------------------------------
45function print_usage() {
46
47 cat >&2 <<EOHELP
48
49 update the samhainrc configuration file with new kernel system addresses
50 (i.e: after kernel compilation) by extracting these from the new System.map
51 file
52
53 SYNOPSIS
54 $scriptname [ ${GREEN}--help${OFF} ]
55 [ ${GREEN}--nocolor${OFF} ]
56 [ ${GREEN}--print-only${OFF} ] <System.map>
57 [ ${GREEN}--update${OFF} ] <System.map>
58
59 OPTIONS
60 ${GREEN}-h${OFF} ${GREEN}--help${OFF}
61 Show help.
62
63 ${GREEN}--nocolor${OFF}
64 Disable color hilighting for non ANSI-compatible terms.
65
66 ${GREEN}-p${OFF} ${GREEN}--print-only${OFF} <System.map>
67 Print the extracted system adresses and do not write them to the
68 samhain configuration file.
69
70 ${GREEN}-u${OFF} ${GREEN}--update${OFF} <System.map>
71 Update the samhainrc configuration file with new kernel system
72 addresses from the given System.map file
73
74EOHELP
75 exit 0
76}
77
78
79#------------------------------------------------------------------------------
80# parses the command line options
81# param in: all parameters given to the script
82#------------------------------------------------------------------------------
83function parse_cmd_line() {
84
85 # parse the command-line
86 while [ -n "$1" ]; do
87 case "$1" in
88 --help|-h)
89 print_usage
90 ;;
91 --nocolor|-n)
92 unset DARK_GREEN GREEN RED BROWN LIGHT_GRAY WHITE OFF
93 ;;
94 --print-only|-p)
95 shift
96 SYSTEM_MAP="$1"
97 get_system_addresses
98 print_system_addresses
99 break
100 ;;
101 --update|-u)
102 shift
103 SYSTEM_MAP="$1"
104 get_system_addresses
105 print_system_addresses
106 replace_system_addresses
107 ;;
108 -*)
109 echo "$scriptname: unknown option $1. Exiting" >&2
110 exit 1
111 ;;
112 esac
113 shift
114 done
115}
116
117
118#------------------------------------------------------------------------------
119# extract system adresses from given System.map file and save to global
120# variables
121#------------------------------------------------------------------------------
122function get_system_addresses() {
123
124 if [ -z "$SYSTEM_MAP" ] ; then
125 echo
126 echo "No System.map specified. Exiting" >&2
127 echo
128 exit 1
129 fi
130
131 if [ ! -f "$SYSTEM_MAP" ] ; then
132 echo
133 echo "Could not find System.map: $SYSTEM_MAP. Exiting" >&2
134 echo
135 exit 1
136 fi
137
138 # 1. this is the address of system_call (grep system_call System.map)
139 # KernelSystemCall = 0xc0106cf8
140 SYS_CALL="0x`grep system_call $SYSTEM_MAP | cut -d' ' -f1`"
141
142 # 2. this is the address of sys_call_table (grep ' sys_call_table' System.map)
143 # KernelSyscallTable = 0xc01efb98
144 SYS_CALL_TABLE="0x`grep sys_call_table $SYSTEM_MAP | cut -d' ' -f1`"
145
146 # 3. this is the address of proc_root (grep ' proc_root$' System.map)
147 # KernelProcRoot = 0xc01efb98
148 PROC_ROOT="0x`grep ' proc_root$' $SYSTEM_MAP | cut -d' ' -f1`"
149
150 # 4. this is the address of proc_root_inode_operations
151 # (grep proc_root_inode_operations System.map)
152 # KernelProcRootIops = 0xc01efb98
153 PROC_ROOT_IOPS="0x`grep proc_root_inode_operations $SYSTEM_MAP | cut -d' ' -f1`"
154
155 # 5. this is the address of proc_root_lookup
156 # (grep proc_root_lookup System.map)
157 # KernelProcRootLookup = 0xc01efb98
158 PROC_ROOT_LOOKUP="0x`grep proc_root_lookup $SYSTEM_MAP | cut -d' ' -f1`"
159}
160
161
162#------------------------------------------------------------------------------
163# extract system adresses from given System.map file and save to global
164# variables
165#------------------------------------------------------------------------------
166function replace_system_addresses() {
167
168 if [ -z "$SAMHAIN_CFG" ] ; then
169 echo "Could not find your samhainrc config file: $SAMHAIN_CFG. Exiting" >&2
170 exit 1
171 fi
172
173 echo
174 echo "Replacing current kernel system addresses in: $SAMHAIN_CFG"
175
176 # 1. replace current 'KernelSystemCall' setting
177 new_cfg=`sed -e "s/^\(KernelSystemCall[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL}/" $SAMHAIN_CFG`
178
179 # 2. replace current 'KernelSyscallTable' setting
180 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelSyscallTable[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL_TABLE}/"`
181
182 # 3. replace current 'KernelProcRoot' setting
183 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRoot[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT}/"`
184
185 # 4. replace current 'KernelProcRootIops' setting
186 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootIops[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_IOPS}/"`
187
188 # 5. replace current 'KernelSystemCall' setting
189 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootLookup[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_LOOKUP}/"`
190
191 echo "Backup old samhainrc $SAMHAIN_CFG to $SAMHAIN_CFG.bak"
192
193 # backup old samhainrc config file
194 mv "$SAMHAIN_CFG" "$SAMHAIN_CFG.bak"
195
196 # write new samhainrc config file
197 echo "$new_cfg" > "$SAMHAIN_CFG"
198
199 echo "Successfully updated kernel system addresses."
200 echo
201}
202
203
204#------------------------------------------------------------------------------
205# print samhain required system adresses
206#------------------------------------------------------------------------------
207function print_system_addresses() {
208
209 echo
210 echo "your kernel system addresses from: `basename $SYSTEM_MAP`"
211 echo
212 echo " KernelSystemCall = $SYS_CALL"
213 echo " KernelSyscallTable = $SYS_CALL_TABLE"
214 echo " KernelProcRoot = $PROC_ROOT"
215 echo " KernelProcRootIops = $PROC_ROOT_IOPS"
216 echo " KernelProcRootLookup = $PROC_ROOT_LOOKUP"
217 echo
218
219}
220
221if [ $# -eq 0 ] ; then
222 print_usage
223fi
224
225parse_cmd_line $*
226
227exit 0
Note: See TracBrowser for help on using the repository browser.