source: trunk/scripts/samhainrc_update.sh @ 100

Last change on this file since 100 was 100, checked in by rainer, 15 years ago

Release 2.3.3; minor testscript and typo fixes.

File size: 8.0 KB
Line 
1#! /bin/sh
2
3# Copyright Rainer Wichmann (2006)
4#
5# License Information:
6# This program is free software; you can redistribute it and/or modify
7# it under the terms of the GNU General Public License as published by
8# the Free Software Foundation; either version 2 of the License, or
9# (at your option) any later version.
10#
11# This program is distributed in the hope that it will be useful,
12# but WITHOUT ANY WARRANTY; without even the implied warranty of
13# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14# GNU General Public License for more details.
15#
16# You should have received a copy of the GNU General Public License
17# along with this program; if not, write to the Free Software
18# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19
20
21# -----------------------------------------------------------------------
22# The default configuration file
23# -----------------------------------------------------------------------
24
25cfgfile="/etc/samhainrc"
26
27# -----------------------------------------------------------------------
28# Be Bourne compatible
29# -----------------------------------------------------------------------
30
31if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
32  emulate sh
33  NULLCMD=:
34elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
35  set -o posix
36fi
37
38programname="$0"
39sysmap=
40
41# -----------------------------------------------------------------------
42# Print help
43# -----------------------------------------------------------------------
44
45showhelp() {
46    echo
47    echo "$programname - update samhain config file after kernel update"
48    echo
49    echo "OPTIONS:"
50    echo
51    echo " -u|--update </path/to/System.map>"
52    echo "         Update the configuration file with new"
53    echo "         settings as taken from </path/to/System.map>"
54    echo
55    echo " -c|--config-file </path/to/config-file>"
56    echo "         Specify the configuration file to update [${cfgfile}]"
57    echo
58    echo " -p|--print-only </path/to/System.map>"
59    echo "         Print new settings, don't modify anything"
60    echo
61    echo " -h|--help"
62    echo "         Print this help"
63    echo
64    echo " -n|--nocolor"
65    echo "         (ignored, legacy support)"
66    echo
67}
68
69
70# -----------------------------------------------------------------------
71# Death strikes
72# -----------------------------------------------------------------------
73
74die() {
75    echo ${1+"$@"} >&2
76    { (exit 1); exit 1; }
77}
78
79# -----------------------------------------------------------------------
80# Get new settings from </path/to/System.map>
81# -----------------------------------------------------------------------
82
83system_call=
84syscall_table=
85proc_root=
86proc_root_inode_operations=
87proc_root_lookup=
88
89get_new_settings() {
90
91    if [ -z "$sysmap" ]; then
92        die "No System.map specified"
93    fi
94    if [ -f "$sysmap" ]; then
95        if [ -r "$sysmap" ]; then
96            system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'`
97            syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'`
98            proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'`
99            proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'`
100            proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'`
101        else
102            die "System.map ${sysmap} not readable"
103        fi
104    else
105        die "System.map ${sysmap} not found"
106    fi
107    test -z "${system_call}" && die "system_call not found in ${cfgfile}"
108    test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}"
109    test -z "${proc_root}" && die "proc_root not found in ${cfgfile}"
110    test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}"
111    test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}"
112
113}
114
115# -----------------------------------------------------------------------
116# Print new settings
117# -----------------------------------------------------------------------
118
119run_print() {
120    get_new_settings
121    echo
122    echo "KernelSystemCall =     0x${system_call}"
123    echo "KernelSyscallTable =   0x${syscall_table}"
124    echo "KernelProcRoot =       0x${proc_root}"
125    echo "KernelProcRootIops =   0x${proc_root_inode_operations}"
126    echo "KernelProcRootLookup = 0x${proc_root_lookup}"
127    echo
128}
129
130# -----------------------------------------------------------------------
131# Replace a setting
132# -----------------------------------------------------------------------
133
134# set ignorecase
135# search pattern
136# delete current line
137# insert
138# single dot == end of insert text
139# save and exit
140
141run_replace() {
142    item="$1"
143    address="$2"
144    ex -s "$cfgfile" <<EOF
145:set ic
146:/^[[:blank:]]*$1[[:blank:]]*=
147:d
148:i
149$item = $address
150.
151:x
152EOF
153}
154
155# -----------------------------------------------------------------------
156# Add a setting
157# -----------------------------------------------------------------------
158
159# set ignorecase
160# search pattern ([Kernel] section)
161# append (next line)
162# single dot == end of insert text
163# save and exit
164
165run_add() {
166    item="$1"
167    address="$2"
168    ex -s "$cfgfile" <<EOF
169:set ic
170:/^[[:space:]]*\[Kernel\]
171:a
172$item = $address
173.
174:x
175EOF
176}
177
178# -----------------------------------------------------------------------
179# Update with new settings
180# -----------------------------------------------------------------------
181
182run_update() {
183
184    get_new_settings
185
186    if [ -z "$cfgfile" ]; then
187        die "No configuration file specified"
188    fi
189    if [ ! -w "$cfgfile" ]; then
190        die "Configuration file ${cfgfile} not writeable"
191    fi
192    egrep '^[[:space:]]*\[Kernel\]' "$cfgfile" >/dev/null
193    if [ $? -ne 0 ]; then
194        die "No [Kernel] section in configuration file $cfgfile"
195    fi
196
197    cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null
198    if [ $? -eq 0 ]; then
199        run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}"
200    else
201        run_add 'KernelProcRootLookup' "0x${proc_root_lookup}"
202    fi
203 
204    cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null
205    if [ $? -eq 0 ]; then
206        run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}"
207    else
208        run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}"
209    fi
210
211    cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null
212    if [ $? -eq 0 ]; then
213        run_replace 'KernelProcRoot' "0x${proc_root}"
214    else
215        run_add 'KernelProcRoot' "0x${proc_root}"
216    fi
217
218    cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null
219    if [ $? -eq 0 ]; then
220        run_replace 'KernelSyscallTable' "0x${syscall_table}"
221    else
222        run_add 'KernelSyscallTable' "0x${syscall_table}"
223    fi
224
225    cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null
226    if [ $? -eq 0 ]; then
227        run_replace 'KernelSystemCall' "0x${system_call}"
228    else
229        run_add 'KernelSystemCall' "0x${system_call}"
230    fi
231
232}
233
234# -----------------------------------------------------------------------
235# Parse command line
236# -----------------------------------------------------------------------
237
238sysmap=
239action=
240
241for option
242do
243
244  # If the previous option needs an argument, assign it.
245  #
246  if test -n "$opt_prev"; then
247    eval "$opt_prev=\$option"
248    eval export "$opt_prev"
249    opt_prev=
250    continue
251  fi
252
253  case "$option" in
254      -*=*) 
255          optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` 
256          ;;
257      *) 
258          optarg= 
259          ;;
260  esac
261
262  case "$option" in
263
264      -h|--help)
265          showhelp
266          exit 0
267          ;;
268
269      -n|--nocolor)
270          ;;
271
272      -c|--config-file)
273          opt_prev=cfgfile
274          ;;
275
276      -c=* | --config-file=*)
277          cfgfile="$optarg"
278          ;;
279
280      -p|--print-only)
281          opt_prev=sysmap
282          action=p
283          ;;
284
285
286      -p=* | --print-only=*)
287          sysmap="$optarg"
288          action=p
289          ;;
290   
291      -u|--update)
292          opt_prev=sysmap
293          action=u
294          ;;
295
296      -u=* | --update=*)
297          sysmap="$optarg"
298          action=u
299          ;;
300
301  esac
302
303done
304
305if [ x"$action" = xp ]; then
306    run_print
307    exit 0
308fi
309if [ x"$action" = xu ]; then
310    run_update
311    exit 0
312fi
313
314showhelp
315exit 1
Note: See TracBrowser for help on using the repository browser.