source: trunk/scripts/samhainrc_update.sh@ 341

Last change on this file since 341 was 100, checked in by rainer, 18 years ago

Release 2.3.3; minor testscript and typo fixes.

File size: 8.0 KB
RevLine 
[29]1#! /bin/sh
[1]2
[100]3# Copyright Rainer Wichmann (2006)
4#
5# License Information:
6# This program is free software; you can redistribute it and/or modify
7# it under the terms of the GNU General Public License as published by
8# the Free Software Foundation; either version 2 of the License, or
9# (at your option) any later version.
10#
11# This program is distributed in the hope that it will be useful,
12# but WITHOUT ANY WARRANTY; without even the implied warranty of
13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14# GNU General Public License for more details.
15#
16# You should have received a copy of the GNU General Public License
17# along with this program; if not, write to the Free Software
18# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19
20
[29]21# -----------------------------------------------------------------------
22# The default configuration file
23# -----------------------------------------------------------------------
[1]24
[29]25cfgfile="/etc/samhainrc"
[1]26
[29]27# -----------------------------------------------------------------------
28# Be Bourne compatible
29# -----------------------------------------------------------------------
[1]30
[29]31if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
32 emulate sh
33 NULLCMD=:
34elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
35 set -o posix
36fi
[1]37
[29]38programname="$0"
39sysmap=
[1]40
[29]41# -----------------------------------------------------------------------
42# Print help
43# -----------------------------------------------------------------------
[1]44
[29]45showhelp() {
46 echo
47 echo "$programname - update samhain config file after kernel update"
48 echo
49 echo "OPTIONS:"
50 echo
51 echo " -u|--update </path/to/System.map>"
52 echo " Update the configuration file with new"
53 echo " settings as taken from </path/to/System.map>"
54 echo
55 echo " -c|--config-file </path/to/config-file>"
56 echo " Specify the configuration file to update [${cfgfile}]"
57 echo
58 echo " -p|--print-only </path/to/System.map>"
59 echo " Print new settings, don't modify anything"
60 echo
61 echo " -h|--help"
62 echo " Print this help"
63 echo
64 echo " -n|--nocolor"
65 echo " (ignored, legacy support)"
66 echo
67}
[1]68
69
[29]70# -----------------------------------------------------------------------
71# Death strikes
72# -----------------------------------------------------------------------
[1]73
[29]74die() {
75 echo ${1+"$@"} >&2
76 { (exit 1); exit 1; }
77}
[1]78
[29]79# -----------------------------------------------------------------------
80# Get new settings from </path/to/System.map>
81# -----------------------------------------------------------------------
[1]82
[29]83system_call=
84syscall_table=
85proc_root=
86proc_root_inode_operations=
87proc_root_lookup=
[1]88
[29]89get_new_settings() {
[1]90
[29]91 if [ -z "$sysmap" ]; then
92 die "No System.map specified"
93 fi
94 if [ -f "$sysmap" ]; then
95 if [ -r "$sysmap" ]; then
96 system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'`
97 syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'`
98 proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'`
99 proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'`
100 proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'`
101 else
102 die "System.map ${sysmap} not readable"
103 fi
104 else
105 die "System.map ${sysmap} not found"
106 fi
107 test -z "${system_call}" && die "system_call not found in ${cfgfile}"
108 test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}"
109 test -z "${proc_root}" && die "proc_root not found in ${cfgfile}"
110 test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}"
111 test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}"
[1]112
[29]113}
[1]114
[29]115# -----------------------------------------------------------------------
116# Print new settings
117# -----------------------------------------------------------------------
118
119run_print() {
120 get_new_settings
121 echo
122 echo "KernelSystemCall = 0x${system_call}"
123 echo "KernelSyscallTable = 0x${syscall_table}"
124 echo "KernelProcRoot = 0x${proc_root}"
125 echo "KernelProcRootIops = 0x${proc_root_inode_operations}"
126 echo "KernelProcRootLookup = 0x${proc_root_lookup}"
127 echo
[1]128}
129
[29]130# -----------------------------------------------------------------------
131# Replace a setting
132# -----------------------------------------------------------------------
[1]133
[29]134# set ignorecase
135# search pattern
136# delete current line
137# insert
138# single dot == end of insert text
139# save and exit
[1]140
[29]141run_replace() {
142 item="$1"
143 address="$2"
144 ex -s "$cfgfile" <<EOF
145:set ic
146:/^[[:blank:]]*$1[[:blank:]]*=
147:d
148:i
149$item = $address
150.
151:x
152EOF
[1]153}
154
[29]155# -----------------------------------------------------------------------
156# Add a setting
157# -----------------------------------------------------------------------
[1]158
[29]159# set ignorecase
160# search pattern ([Kernel] section)
161# append (next line)
162# single dot == end of insert text
163# save and exit
[1]164
[29]165run_add() {
166 item="$1"
167 address="$2"
168 ex -s "$cfgfile" <<EOF
169:set ic
170:/^[[:space:]]*\[Kernel\]
171:a
172$item = $address
173.
174:x
175EOF
176}
[1]177
[29]178# -----------------------------------------------------------------------
179# Update with new settings
180# -----------------------------------------------------------------------
[1]181
[29]182run_update() {
[1]183
[29]184 get_new_settings
[1]185
[29]186 if [ -z "$cfgfile" ]; then
187 die "No configuration file specified"
188 fi
189 if [ ! -w "$cfgfile" ]; then
190 die "Configuration file ${cfgfile} not writeable"
191 fi
192 egrep '^[[:space:]]*\[Kernel\]' "$cfgfile" >/dev/null
193 if [ $? -ne 0 ]; then
194 die "No [Kernel] section in configuration file $cfgfile"
195 fi
[1]196
[29]197 cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null
198 if [ $? -eq 0 ]; then
199 run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}"
200 else
201 run_add 'KernelProcRootLookup' "0x${proc_root_lookup}"
202 fi
203
204 cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null
205 if [ $? -eq 0 ]; then
206 run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}"
207 else
208 run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}"
209 fi
[1]210
[29]211 cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null
212 if [ $? -eq 0 ]; then
213 run_replace 'KernelProcRoot' "0x${proc_root}"
214 else
215 run_add 'KernelProcRoot' "0x${proc_root}"
216 fi
217
218 cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null
219 if [ $? -eq 0 ]; then
220 run_replace 'KernelSyscallTable' "0x${syscall_table}"
221 else
222 run_add 'KernelSyscallTable' "0x${syscall_table}"
223 fi
224
225 cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null
226 if [ $? -eq 0 ]; then
227 run_replace 'KernelSystemCall' "0x${system_call}"
228 else
229 run_add 'KernelSystemCall' "0x${system_call}"
230 fi
231
[1]232}
233
[29]234# -----------------------------------------------------------------------
235# Parse command line
236# -----------------------------------------------------------------------
[1]237
[29]238sysmap=
239action=
[1]240
[29]241for option
242do
243
244 # If the previous option needs an argument, assign it.
245 #
246 if test -n "$opt_prev"; then
247 eval "$opt_prev=\$option"
248 eval export "$opt_prev"
249 opt_prev=
250 continue
[1]251 fi
252
[29]253 case "$option" in
254 -*=*)
255 optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'`
256 ;;
257 *)
258 optarg=
259 ;;
260 esac
[1]261
[29]262 case "$option" in
[1]263
[29]264 -h|--help)
265 showhelp
266 exit 0
267 ;;
[1]268
[29]269 -n|--nocolor)
270 ;;
[1]271
[29]272 -c|--config-file)
273 opt_prev=cfgfile
274 ;;
[1]275
[29]276 -c=* | --config-file=*)
277 cfgfile="$optarg"
278 ;;
[1]279
[29]280 -p|--print-only)
281 opt_prev=sysmap
282 action=p
283 ;;
[1]284
285
[29]286 -p=* | --print-only=*)
287 sysmap="$optarg"
288 action=p
289 ;;
290
291 -u|--update)
292 opt_prev=sysmap
293 action=u
294 ;;
[1]295
[29]296 -u=* | --update=*)
297 sysmap="$optarg"
298 action=u
299 ;;
[1]300
[29]301 esac
[1]302
[29]303done
[1]304
[29]305if [ x"$action" = xp ]; then
306 run_print
307 exit 0
[1]308fi
[29]309if [ x"$action" = xu ]; then
310 run_update
311 exit 0
312fi
[1]313
[29]314showhelp
315exit 1
Note: See TracBrowser for help on using the repository browser.