source: trunk/scripts/samhainrc_update.sh @ 29

Last change on this file since 29 was 29, checked in by rainer, 16 years ago

Fixes for test suite, OpenBSD portability, self-resolving, and suidchk patch by Neil

File size: 7.2 KB
Line 
1#! /bin/sh
2
3# -----------------------------------------------------------------------
4# The default configuration file
5# -----------------------------------------------------------------------
6
7cfgfile="/etc/samhainrc"
8
9# -----------------------------------------------------------------------
10# Be Bourne compatible
11# -----------------------------------------------------------------------
12
13if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
14  emulate sh
15  NULLCMD=:
16elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
17  set -o posix
18fi
19
20programname="$0"
21sysmap=
22
23# -----------------------------------------------------------------------
24# Print help
25# -----------------------------------------------------------------------
26
27showhelp() {
28    echo
29    echo "$programname - update samhain config file after kernel update"
30    echo
31    echo "OPTIONS:"
32    echo
33    echo " -u|--update </path/to/System.map>"
34    echo "         Update the configuration file with new"
35    echo "         settings as taken from </path/to/System.map>"
36    echo
37    echo " -c|--config-file </path/to/config-file>"
38    echo "         Specify the configuration file to update [${cfgfile}]"
39    echo
40    echo " -p|--print-only </path/to/System.map>"
41    echo "         Print new settings, don't modify anything"
42    echo
43    echo " -h|--help"
44    echo "         Print this help"
45    echo
46    echo " -n|--nocolor"
47    echo "         (ignored, legacy support)"
48    echo
49}
50
51
52# -----------------------------------------------------------------------
53# Death strikes
54# -----------------------------------------------------------------------
55
56die() {
57    echo ${1+"$@"} >&2
58    { (exit 1); exit 1; }
59}
60
61# -----------------------------------------------------------------------
62# Get new settings from </path/to/System.map>
63# -----------------------------------------------------------------------
64
65system_call=
66syscall_table=
67proc_root=
68proc_root_inode_operations=
69proc_root_lookup=
70
71get_new_settings() {
72
73    if [ -z "$sysmap" ]; then
74        die "No System.map specified"
75    fi
76    if [ -f "$sysmap" ]; then
77        if [ -r "$sysmap" ]; then
78            system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'`
79            syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'`
80            proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'`
81            proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'`
82            proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'`
83        else
84            die "System.map ${sysmap} not readable"
85        fi
86    else
87        die "System.map ${sysmap} not found"
88    fi
89    test -z "${system_call}" && die "system_call not found in ${cfgfile}"
90    test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}"
91    test -z "${proc_root}" && die "proc_root not found in ${cfgfile}"
92    test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}"
93    test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}"
94
95}
96
97# -----------------------------------------------------------------------
98# Print new settings
99# -----------------------------------------------------------------------
100
101run_print() {
102    get_new_settings
103    echo
104    echo "KernelSystemCall =     0x${system_call}"
105    echo "KernelSyscallTable =   0x${syscall_table}"
106    echo "KernelProcRoot =       0x${proc_root}"
107    echo "KernelProcRootIops =   0x${proc_root_inode_operations}"
108    echo "KernelProcRootLookup = 0x${proc_root_lookup}"
109    echo
110}
111
112# -----------------------------------------------------------------------
113# Replace a setting
114# -----------------------------------------------------------------------
115
116# set ignorecase
117# search pattern
118# delete current line
119# insert
120# single dot == end of insert text
121# save and exit
122
123run_replace() {
124    item="$1"
125    address="$2"
126    ex -s "$cfgfile" <<EOF
127:set ic
128:/^[[:blank:]]*$1[[:blank:]]*=
129:d
130:i
131$item = $address
132.
133:x
134EOF
135}
136
137# -----------------------------------------------------------------------
138# Add a setting
139# -----------------------------------------------------------------------
140
141# set ignorecase
142# search pattern ([Kernel] section)
143# append (next line)
144# single dot == end of insert text
145# save and exit
146
147run_add() {
148    item="$1"
149    address="$2"
150    ex -s "$cfgfile" <<EOF
151:set ic
152:/^[[:space:]]*\[Kernel\]
153:a
154$item = $address
155.
156:x
157EOF
158}
159
160# -----------------------------------------------------------------------
161# Update with new settings
162# -----------------------------------------------------------------------
163
164run_update() {
165
166    get_new_settings
167
168    if [ -z "$cfgfile" ]; then
169        die "No configuration file specified"
170    fi
171    if [ ! -w "$cfgfile" ]; then
172        die "Configuration file ${cfgfile} not writeable"
173    fi
174    egrep '^[[:space:]]*\[Kernel\]' "$cfgfile" >/dev/null
175    if [ $? -ne 0 ]; then
176        die "No [Kernel] section in configuration file $cfgfile"
177    fi
178
179    cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null
180    if [ $? -eq 0 ]; then
181        run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}"
182    else
183        run_add 'KernelProcRootLookup' "0x${proc_root_lookup}"
184    fi
185 
186    cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null
187    if [ $? -eq 0 ]; then
188        run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}"
189    else
190        run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}"
191    fi
192
193    cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null
194    if [ $? -eq 0 ]; then
195        run_replace 'KernelProcRoot' "0x${proc_root}"
196    else
197        run_add 'KernelProcRoot' "0x${proc_root}"
198    fi
199
200    cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null
201    if [ $? -eq 0 ]; then
202        run_replace 'KernelSyscallTable' "0x${syscall_table}"
203    else
204        run_add 'KernelSyscallTable' "0x${syscall_table}"
205    fi
206
207    cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null
208    if [ $? -eq 0 ]; then
209        run_replace 'KernelSystemCall' "0x${system_call}"
210    else
211        run_add 'KernelSystemCall' "0x${system_call}"
212    fi
213
214}
215
216# -----------------------------------------------------------------------
217# Parse command line
218# -----------------------------------------------------------------------
219
220sysmap=
221action=
222
223for option
224do
225
226  # If the previous option needs an argument, assign it.
227  #
228  if test -n "$opt_prev"; then
229    eval "$opt_prev=\$option"
230    eval export "$opt_prev"
231    opt_prev=
232    continue
233  fi
234
235  case "$option" in
236      -*=*) 
237          optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` 
238          ;;
239      *) 
240          optarg= 
241          ;;
242  esac
243
244  case "$option" in
245
246      -h|--help)
247          showhelp
248          exit 0
249          ;;
250
251      -n|--nocolor)
252          ;;
253
254      -c|--config-file)
255          opt_prev=cfgfile
256          ;;
257
258      -c=* | --config-file=*)
259          cfgfile="$optarg"
260          ;;
261
262      -p|--print-only)
263          opt_prev=sysmap
264          action=p
265          ;;
266
267
268      -p=* | --print-only=*)
269          sysmap="$optarg"
270          action=p
271          ;;
272   
273      -u|--update)
274          opt_prev=sysmap
275          action=u
276          ;;
277
278      -u=* | --update=*)
279          sysmap="$optarg"
280          action=u
281          ;;
282
283  esac
284
285done
286
287if [ x"$action" = xp ]; then
288    run_print
289    exit 0
290fi
291if [ x"$action" = xu ]; then
292    run_update
293    exit 0
294fi
295
296showhelp
297exit 1
Note: See TracBrowser for help on using the repository browser.