source: trunk/scripts/samhainrc_update.sh@ 111

Last change on this file since 111 was 100, checked in by rainer, 18 years ago

Release 2.3.3; minor testscript and typo fixes.

File size: 8.0 KB
Line 
1#! /bin/sh
2
3# Copyright Rainer Wichmann (2006)
4#
5# License Information:
6# This program is free software; you can redistribute it and/or modify
7# it under the terms of the GNU General Public License as published by
8# the Free Software Foundation; either version 2 of the License, or
9# (at your option) any later version.
10#
11# This program is distributed in the hope that it will be useful,
12# but WITHOUT ANY WARRANTY; without even the implied warranty of
13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14# GNU General Public License for more details.
15#
16# You should have received a copy of the GNU General Public License
17# along with this program; if not, write to the Free Software
18# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19
20
21# -----------------------------------------------------------------------
22# The default configuration file
23# -----------------------------------------------------------------------
24
25cfgfile="/etc/samhainrc"
26
27# -----------------------------------------------------------------------
28# Be Bourne compatible
29# -----------------------------------------------------------------------
30
31if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
32 emulate sh
33 NULLCMD=:
34elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
35 set -o posix
36fi
37
38programname="$0"
39sysmap=
40
41# -----------------------------------------------------------------------
42# Print help
43# -----------------------------------------------------------------------
44
45showhelp() {
46 echo
47 echo "$programname - update samhain config file after kernel update"
48 echo
49 echo "OPTIONS:"
50 echo
51 echo " -u|--update </path/to/System.map>"
52 echo " Update the configuration file with new"
53 echo " settings as taken from </path/to/System.map>"
54 echo
55 echo " -c|--config-file </path/to/config-file>"
56 echo " Specify the configuration file to update [${cfgfile}]"
57 echo
58 echo " -p|--print-only </path/to/System.map>"
59 echo " Print new settings, don't modify anything"
60 echo
61 echo " -h|--help"
62 echo " Print this help"
63 echo
64 echo " -n|--nocolor"
65 echo " (ignored, legacy support)"
66 echo
67}
68
69
70# -----------------------------------------------------------------------
71# Death strikes
72# -----------------------------------------------------------------------
73
74die() {
75 echo ${1+"$@"} >&2
76 { (exit 1); exit 1; }
77}
78
79# -----------------------------------------------------------------------
80# Get new settings from </path/to/System.map>
81# -----------------------------------------------------------------------
82
83system_call=
84syscall_table=
85proc_root=
86proc_root_inode_operations=
87proc_root_lookup=
88
89get_new_settings() {
90
91 if [ -z "$sysmap" ]; then
92 die "No System.map specified"
93 fi
94 if [ -f "$sysmap" ]; then
95 if [ -r "$sysmap" ]; then
96 system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'`
97 syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'`
98 proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'`
99 proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'`
100 proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'`
101 else
102 die "System.map ${sysmap} not readable"
103 fi
104 else
105 die "System.map ${sysmap} not found"
106 fi
107 test -z "${system_call}" && die "system_call not found in ${cfgfile}"
108 test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}"
109 test -z "${proc_root}" && die "proc_root not found in ${cfgfile}"
110 test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}"
111 test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}"
112
113}
114
115# -----------------------------------------------------------------------
116# Print new settings
117# -----------------------------------------------------------------------
118
119run_print() {
120 get_new_settings
121 echo
122 echo "KernelSystemCall = 0x${system_call}"
123 echo "KernelSyscallTable = 0x${syscall_table}"
124 echo "KernelProcRoot = 0x${proc_root}"
125 echo "KernelProcRootIops = 0x${proc_root_inode_operations}"
126 echo "KernelProcRootLookup = 0x${proc_root_lookup}"
127 echo
128}
129
130# -----------------------------------------------------------------------
131# Replace a setting
132# -----------------------------------------------------------------------
133
134# set ignorecase
135# search pattern
136# delete current line
137# insert
138# single dot == end of insert text
139# save and exit
140
141run_replace() {
142 item="$1"
143 address="$2"
144 ex -s "$cfgfile" <<EOF
145:set ic
146:/^[[:blank:]]*$1[[:blank:]]*=
147:d
148:i
149$item = $address
150.
151:x
152EOF
153}
154
155# -----------------------------------------------------------------------
156# Add a setting
157# -----------------------------------------------------------------------
158
159# set ignorecase
160# search pattern ([Kernel] section)
161# append (next line)
162# single dot == end of insert text
163# save and exit
164
165run_add() {
166 item="$1"
167 address="$2"
168 ex -s "$cfgfile" <<EOF
169:set ic
170:/^[[:space:]]*\[Kernel\]
171:a
172$item = $address
173.
174:x
175EOF
176}
177
178# -----------------------------------------------------------------------
179# Update with new settings
180# -----------------------------------------------------------------------
181
182run_update() {
183
184 get_new_settings
185
186 if [ -z "$cfgfile" ]; then
187 die "No configuration file specified"
188 fi
189 if [ ! -w "$cfgfile" ]; then
190 die "Configuration file ${cfgfile} not writeable"
191 fi
192 egrep '^[[:space:]]*\[Kernel\]' "$cfgfile" >/dev/null
193 if [ $? -ne 0 ]; then
194 die "No [Kernel] section in configuration file $cfgfile"
195 fi
196
197 cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null
198 if [ $? -eq 0 ]; then
199 run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}"
200 else
201 run_add 'KernelProcRootLookup' "0x${proc_root_lookup}"
202 fi
203
204 cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null
205 if [ $? -eq 0 ]; then
206 run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}"
207 else
208 run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}"
209 fi
210
211 cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null
212 if [ $? -eq 0 ]; then
213 run_replace 'KernelProcRoot' "0x${proc_root}"
214 else
215 run_add 'KernelProcRoot' "0x${proc_root}"
216 fi
217
218 cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null
219 if [ $? -eq 0 ]; then
220 run_replace 'KernelSyscallTable' "0x${syscall_table}"
221 else
222 run_add 'KernelSyscallTable' "0x${syscall_table}"
223 fi
224
225 cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null
226 if [ $? -eq 0 ]; then
227 run_replace 'KernelSystemCall' "0x${system_call}"
228 else
229 run_add 'KernelSystemCall' "0x${system_call}"
230 fi
231
232}
233
234# -----------------------------------------------------------------------
235# Parse command line
236# -----------------------------------------------------------------------
237
238sysmap=
239action=
240
241for option
242do
243
244 # If the previous option needs an argument, assign it.
245 #
246 if test -n "$opt_prev"; then
247 eval "$opt_prev=\$option"
248 eval export "$opt_prev"
249 opt_prev=
250 continue
251 fi
252
253 case "$option" in
254 -*=*)
255 optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'`
256 ;;
257 *)
258 optarg=
259 ;;
260 esac
261
262 case "$option" in
263
264 -h|--help)
265 showhelp
266 exit 0
267 ;;
268
269 -n|--nocolor)
270 ;;
271
272 -c|--config-file)
273 opt_prev=cfgfile
274 ;;
275
276 -c=* | --config-file=*)
277 cfgfile="$optarg"
278 ;;
279
280 -p|--print-only)
281 opt_prev=sysmap
282 action=p
283 ;;
284
285
286 -p=* | --print-only=*)
287 sysmap="$optarg"
288 action=p
289 ;;
290
291 -u|--update)
292 opt_prev=sysmap
293 action=u
294 ;;
295
296 -u=* | --update=*)
297 sysmap="$optarg"
298 action=u
299 ;;
300
301 esac
302
303done
304
305if [ x"$action" = xp ]; then
306 run_print
307 exit 0
308fi
309if [ x"$action" = xu ]; then
310 run_update
311 exit 0
312fi
313
314showhelp
315exit 1
Note: See TracBrowser for help on using the repository browser.