Changeset 29 for trunk/scripts


Ignore:
Timestamp:
Apr 11, 2006, 1:48:18 PM (19 years ago)
Author:
rainer
Message:

Fixes for test suite, OpenBSD portability, self-resolving, and suidchk patch by Neil

Location:
trunk/scripts
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/scripts/README

    r1 r29  
    4040   This script will do this automatically. Run 'samhainrc_update.sh -h'
    4141   for usage instructions. You may need to change the location of the
    42    samhainrc file by editing the line 'SAMHAIN_CFG="/etc/samhainrc"'
     42   samhainrc file by editing the line 'cfgfile="/etc/samhainrc"'
    4343   at the beginning of the script.
    4444 
  • trunk/scripts/samhainrc_update.sh

    r1 r29  
    1 #!/bin/bash
    2 # -----------------------------------------------------------------------------
    3 # @brief: update the kernel options in the samhain configuration
    4 #         file, after a new kernel has been compiled
    5 # @author: marc heisterkamp <marzheister@web.de>
    6 # -----------------------------------------------------------------------------
    7 
    8 SAMHAIN_CFG="/etc/samhainrc"
    9 
    10 BLUE="[34;01m"
    11 CYAN="[36;01m"
    12 GREEN="[32;01m"
    13 DARK_GREEN="[32m"
    14 RED="[31;01m"
    15 PURPLE="[35;01m"
    16 WHITE="[37;01m"
    17 DARK_GRAY="[30;01m"
    18 LIGHT_GRAY="[37m"
    19 YELLOW="[33;01m"
    20 BROWN="[33m"
    21 OFF="[0m"
    22 
    23 
    24 SYSTEM_MAP=""
    25 new_cfg=''
    26 scriptname="$0"
    27 
    28 # global variables for system adresses (extracted from System.map)
    29 SYS_CALL=''
    30 SYS_CALL_TABLE=''
    31 PROC_ROOT=''
    32 PROC_ROOT_IOPS=''
    33 PROC_ROOT_LOOKUP=''
    34 
    35 # Make sure the user has root permissions
    36 if [ $UID -ne 0 ] ; then
    37   echo "You must be root to run this script. Exiting."
    38   exit 1
     1#! /bin/sh
     2
     3# -----------------------------------------------------------------------
     4# The default configuration file
     5# -----------------------------------------------------------------------
     6
     7cfgfile="/etc/samhainrc"
     8
     9# -----------------------------------------------------------------------
     10# Be Bourne compatible
     11# -----------------------------------------------------------------------
     12
     13if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
     14  emulate sh
     15  NULLCMD=:
     16elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
     17  set -o posix
    3918fi
    4019
    41 
    42 #------------------------------------------------------------------------------
    43 # usage
    44 #------------------------------------------------------------------------------
    45 function print_usage() {
    46 
    47   cat >&2 <<EOHELP
    48 
    49   update the samhainrc configuration file with new kernel system addresses
    50   (i.e: after kernel compilation) by extracting these from the new System.map
    51   file
    52 
    53   SYNOPSIS
    54      $scriptname [ ${GREEN}--help${OFF} ]
    55                            [ ${GREEN}--nocolor${OFF} ]
    56                            [ ${GREEN}--print-only${OFF} ] <System.map>
    57                            [ ${GREEN}--update${OFF} ]     <System.map>
    58 
    59   OPTIONS
    60      ${GREEN}-h${OFF} ${GREEN}--help${OFF}
    61         Show help.
    62 
    63      ${GREEN}--nocolor${OFF}
    64         Disable color hilighting for non ANSI-compatible terms.
    65 
    66      ${GREEN}-p${OFF} ${GREEN}--print-only${OFF} <System.map>
    67         Print the extracted system adresses and do not write them to the
    68         samhain configuration file.
    69 
    70      ${GREEN}-u${OFF} ${GREEN}--update${OFF} <System.map>
    71         Update the samhainrc configuration file with new kernel system
    72         addresses from the given System.map file
    73 
    74 EOHELP
    75  exit 0
    76 }
    77 
    78 
    79 #------------------------------------------------------------------------------
    80 # parses the command line options
    81 # param in: all parameters given to the script
    82 #------------------------------------------------------------------------------
    83 function parse_cmd_line() {
    84 
    85   # parse the command-line
    86   while [ -n "$1" ]; do
    87     case "$1" in
    88       --help|-h)
    89         print_usage
    90         ;;
    91       --nocolor|-n)
    92         unset DARK_GREEN GREEN RED BROWN LIGHT_GRAY WHITE OFF
    93         ;;
    94       --print-only|-p)
    95         shift
    96         SYSTEM_MAP="$1"
    97         get_system_addresses
    98         print_system_addresses
    99         break
    100         ;;
    101       --update|-u)
    102         shift
    103         SYSTEM_MAP="$1"
    104         get_system_addresses
    105         print_system_addresses
    106         replace_system_addresses
    107         ;;
    108       -*)
    109         echo "$scriptname: unknown option $1. Exiting" >&2
    110         exit 1
    111         ;;
    112     esac
    113     shift
    114   done
    115 }
    116 
    117 
    118 #------------------------------------------------------------------------------
    119 # extract system adresses from given System.map file and save to global
    120 # variables
    121 #------------------------------------------------------------------------------
    122 function get_system_addresses() {
    123 
    124   if [ -z "$SYSTEM_MAP" ] ; then
    125     echo
    126     echo "No System.map specified. Exiting" >&2
    127     echo
    128     exit 1
     20programname="$0"
     21sysmap=
     22
     23# -----------------------------------------------------------------------
     24# Print help
     25# -----------------------------------------------------------------------
     26
     27showhelp() {
     28    echo
     29    echo "$programname - update samhain config file after kernel update"
     30    echo
     31    echo "OPTIONS:"
     32    echo
     33    echo " -u|--update </path/to/System.map>"
     34    echo "         Update the configuration file with new"
     35    echo "         settings as taken from </path/to/System.map>"
     36    echo
     37    echo " -c|--config-file </path/to/config-file>"
     38    echo "         Specify the configuration file to update [${cfgfile}]"
     39    echo
     40    echo " -p|--print-only </path/to/System.map>"
     41    echo "         Print new settings, don't modify anything"
     42    echo
     43    echo " -h|--help"
     44    echo "         Print this help"
     45    echo
     46    echo " -n|--nocolor"
     47    echo "         (ignored, legacy support)"
     48    echo
     49}
     50
     51
     52# -----------------------------------------------------------------------
     53# Death strikes
     54# -----------------------------------------------------------------------
     55
     56die() {
     57    echo ${1+"$@"} >&2
     58    { (exit 1); exit 1; }
     59}
     60
     61# -----------------------------------------------------------------------
     62# Get new settings from </path/to/System.map>
     63# -----------------------------------------------------------------------
     64
     65system_call=
     66syscall_table=
     67proc_root=
     68proc_root_inode_operations=
     69proc_root_lookup=
     70
     71get_new_settings() {
     72
     73    if [ -z "$sysmap" ]; then
     74        die "No System.map specified"
     75    fi
     76    if [ -f "$sysmap" ]; then
     77        if [ -r "$sysmap" ]; then
     78            system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'`
     79            syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'`
     80            proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'`
     81            proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'`
     82            proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'`
     83        else
     84            die "System.map ${sysmap} not readable"
     85        fi
     86    else
     87        die "System.map ${sysmap} not found"
     88    fi
     89    test -z "${system_call}" && die "system_call not found in ${cfgfile}"
     90    test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}"
     91    test -z "${proc_root}" && die "proc_root not found in ${cfgfile}"
     92    test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}"
     93    test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}"
     94
     95}
     96
     97# -----------------------------------------------------------------------
     98# Print new settings
     99# -----------------------------------------------------------------------
     100
     101run_print() {
     102    get_new_settings
     103    echo
     104    echo "KernelSystemCall =     0x${system_call}"
     105    echo "KernelSyscallTable =   0x${syscall_table}"
     106    echo "KernelProcRoot =       0x${proc_root}"
     107    echo "KernelProcRootIops =   0x${proc_root_inode_operations}"
     108    echo "KernelProcRootLookup = 0x${proc_root_lookup}"
     109    echo
     110}
     111
     112# -----------------------------------------------------------------------
     113# Replace a setting
     114# -----------------------------------------------------------------------
     115
     116# set ignorecase
     117# search pattern
     118# delete current line
     119# insert
     120# single dot == end of insert text
     121# save and exit
     122
     123run_replace() {
     124    item="$1"
     125    address="$2"
     126    ex -s "$cfgfile" <<EOF
     127:set ic
     128:/^[[:blank:]]*$1[[:blank:]]*=
     129:d
     130:i
     131$item = $address
     132.
     133:x
     134EOF
     135}
     136
     137# -----------------------------------------------------------------------
     138# Add a setting
     139# -----------------------------------------------------------------------
     140
     141# set ignorecase
     142# search pattern ([Kernel] section)
     143# append (next line)
     144# single dot == end of insert text
     145# save and exit
     146
     147run_add() {
     148    item="$1"
     149    address="$2"
     150    ex -s "$cfgfile" <<EOF
     151:set ic
     152:/^[[:space:]]*\[Kernel\]
     153:a
     154$item = $address
     155.
     156:x
     157EOF
     158}
     159
     160# -----------------------------------------------------------------------
     161# Update with new settings
     162# -----------------------------------------------------------------------
     163
     164run_update() {
     165
     166    get_new_settings
     167
     168    if [ -z "$cfgfile" ]; then
     169        die "No configuration file specified"
     170    fi
     171    if [ ! -w "$cfgfile" ]; then
     172        die "Configuration file ${cfgfile} not writeable"
     173    fi
     174    egrep '^[[:space:]]*\[Kernel\]' "$cfgfile" >/dev/null
     175    if [ $? -ne 0 ]; then
     176        die "No [Kernel] section in configuration file $cfgfile"
     177    fi
     178
     179    cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null
     180    if [ $? -eq 0 ]; then
     181        run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}"
     182    else
     183        run_add 'KernelProcRootLookup' "0x${proc_root_lookup}"
     184    fi
     185 
     186    cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null
     187    if [ $? -eq 0 ]; then
     188        run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}"
     189    else
     190        run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}"
     191    fi
     192
     193    cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null
     194    if [ $? -eq 0 ]; then
     195        run_replace 'KernelProcRoot' "0x${proc_root}"
     196    else
     197        run_add 'KernelProcRoot' "0x${proc_root}"
     198    fi
     199
     200    cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null
     201    if [ $? -eq 0 ]; then
     202        run_replace 'KernelSyscallTable' "0x${syscall_table}"
     203    else
     204        run_add 'KernelSyscallTable' "0x${syscall_table}"
     205    fi
     206
     207    cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null
     208    if [ $? -eq 0 ]; then
     209        run_replace 'KernelSystemCall' "0x${system_call}"
     210    else
     211        run_add 'KernelSystemCall' "0x${system_call}"
     212    fi
     213
     214}
     215
     216# -----------------------------------------------------------------------
     217# Parse command line
     218# -----------------------------------------------------------------------
     219
     220sysmap=
     221action=
     222
     223for option
     224do
     225
     226  # If the previous option needs an argument, assign it.
     227  #
     228  if test -n "$opt_prev"; then
     229    eval "$opt_prev=\$option"
     230    eval export "$opt_prev"
     231    opt_prev=
     232    continue
    129233  fi
    130234
    131   if [ ! -f "$SYSTEM_MAP" ] ; then
    132     echo
    133     echo "Could not find System.map: $SYSTEM_MAP. Exiting" >&2
    134     echo
    135     exit 1
    136   fi
    137 
    138   # 1. this is the address of system_call (grep system_call System.map)
    139   #    KernelSystemCall = 0xc0106cf8
    140   SYS_CALL="0x`grep system_call $SYSTEM_MAP | cut -d' ' -f1`"
    141 
    142   # 2. this is the address of sys_call_table (grep ' sys_call_table' System.map)
    143   #    KernelSyscallTable = 0xc01efb98
    144   SYS_CALL_TABLE="0x`grep sys_call_table $SYSTEM_MAP | cut -d' ' -f1`"
    145 
    146   # 3. this is the address of proc_root (grep ' proc_root$' System.map)
    147   #    KernelProcRoot = 0xc01efb98
    148   PROC_ROOT="0x`grep ' proc_root$' $SYSTEM_MAP | cut -d' ' -f1`"
    149 
    150   # 4. this is the address of proc_root_inode_operations
    151   #    (grep proc_root_inode_operations System.map)
    152   #    KernelProcRootIops = 0xc01efb98
    153   PROC_ROOT_IOPS="0x`grep proc_root_inode_operations $SYSTEM_MAP | cut -d' ' -f1`"
    154 
    155   # 5. this is the address of proc_root_lookup
    156   #    (grep proc_root_lookup System.map)
    157   #    KernelProcRootLookup = 0xc01efb98
    158   PROC_ROOT_LOOKUP="0x`grep proc_root_lookup $SYSTEM_MAP | cut -d' ' -f1`"
    159 }
    160 
    161 
    162 #------------------------------------------------------------------------------
    163 # extract system adresses from given System.map file and save to global
    164 # variables
    165 #------------------------------------------------------------------------------
    166 function replace_system_addresses() {
    167 
    168   if [ -z "$SAMHAIN_CFG" ] ; then
    169     echo "Could not find your samhainrc config file: $SAMHAIN_CFG. Exiting" >&2
    170     exit 1
    171   fi
    172 
    173   echo
    174   echo "Replacing current kernel system addresses in: $SAMHAIN_CFG"
    175 
    176   # 1. replace current 'KernelSystemCall' setting
    177   new_cfg=`sed -e "s/^\(KernelSystemCall[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL}/" $SAMHAIN_CFG`
    178 
    179   # 2. replace current 'KernelSyscallTable' setting
    180   new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelSyscallTable[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL_TABLE}/"`
    181 
    182   # 3. replace current 'KernelProcRoot' setting
    183   new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRoot[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT}/"`
    184 
    185   # 4. replace current 'KernelProcRootIops' setting
    186   new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootIops[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_IOPS}/"`
    187 
    188   # 5. replace current 'KernelSystemCall' setting
    189   new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootLookup[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_LOOKUP}/"`
    190 
    191   echo "Backup old samhainrc $SAMHAIN_CFG to $SAMHAIN_CFG.bak"
    192 
    193   # backup old samhainrc config file
    194   mv "$SAMHAIN_CFG" "$SAMHAIN_CFG.bak"
    195 
    196   # write new samhainrc config file
    197   echo "$new_cfg" > "$SAMHAIN_CFG"
    198 
    199   echo "Successfully updated kernel system addresses."
    200   echo
    201 }
    202 
    203 
    204 #------------------------------------------------------------------------------
    205 # print samhain required system adresses
    206 #------------------------------------------------------------------------------
    207 function print_system_addresses() {
    208 
    209   echo
    210   echo "your kernel system addresses from: `basename $SYSTEM_MAP`"
    211   echo
    212   echo "  KernelSystemCall     = $SYS_CALL"
    213   echo "  KernelSyscallTable   = $SYS_CALL_TABLE"
    214   echo "  KernelProcRoot       = $PROC_ROOT"
    215   echo "  KernelProcRootIops   = $PROC_ROOT_IOPS"
    216   echo "  KernelProcRootLookup = $PROC_ROOT_LOOKUP"
    217   echo
    218 
    219 }
    220 
    221 if [ $# -eq 0 ] ; then
    222   print_usage
     235  case "$option" in
     236      -*=*)
     237          optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'`
     238          ;;
     239      *)
     240          optarg=
     241          ;;
     242  esac
     243
     244  case "$option" in
     245
     246      -h|--help)
     247          showhelp
     248          exit 0
     249          ;;
     250
     251      -n|--nocolor)
     252          ;;
     253
     254      -c|--config-file)
     255          opt_prev=cfgfile
     256          ;;
     257
     258      -c=* | --config-file=*)
     259          cfgfile="$optarg"
     260          ;;
     261
     262      -p|--print-only)
     263          opt_prev=sysmap
     264          action=p
     265          ;;
     266
     267
     268      -p=* | --print-only=*)
     269          sysmap="$optarg"
     270          action=p
     271          ;;
     272   
     273      -u|--update)
     274          opt_prev=sysmap
     275          action=u
     276          ;;
     277
     278      -u=* | --update=*)
     279          sysmap="$optarg"
     280          action=u
     281          ;;
     282
     283  esac
     284
     285done
     286
     287if [ x"$action" = xp ]; then
     288    run_print
     289    exit 0
    223290fi
    224 
    225 parse_cmd_line $*
    226 
    227 exit 0
     291if [ x"$action" = xu ]; then
     292    run_update
     293    exit 0
     294fi
     295
     296showhelp
     297exit 1
Note: See TracChangeset for help on using the changeset viewer.