Changeset 29 for trunk/scripts
- Timestamp:
- Apr 11, 2006, 1:48:18 PM (19 years ago)
- Location:
- trunk/scripts
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/scripts/README
r1 r29 40 40 This script will do this automatically. Run 'samhainrc_update.sh -h' 41 41 for usage instructions. You may need to change the location of the 42 samhainrc file by editing the line ' SAMHAIN_CFG="/etc/samhainrc"'42 samhainrc file by editing the line 'cfgfile="/etc/samhainrc"' 43 43 at the beginning of the script. 44 44 -
trunk/scripts/samhainrc_update.sh
r1 r29 1 #!/bin/bash 2 # ----------------------------------------------------------------------------- 3 # @brief: update the kernel options in the samhain configuration 4 # file, after a new kernel has been compiled 5 # @author: marc heisterkamp <marzheister@web.de> 6 # ----------------------------------------------------------------------------- 7 8 SAMHAIN_CFG="/etc/samhainrc" 9 10 BLUE="[34;01m" 11 CYAN="[36;01m" 12 GREEN="[32;01m" 13 DARK_GREEN="[32m" 14 RED="[31;01m" 15 PURPLE="[35;01m" 16 WHITE="[37;01m" 17 DARK_GRAY="[30;01m" 18 LIGHT_GRAY="[37m" 19 YELLOW="[33;01m" 20 BROWN="[33m" 21 OFF="[0m" 22 23 24 SYSTEM_MAP="" 25 new_cfg='' 26 scriptname="$0" 27 28 # global variables for system adresses (extracted from System.map) 29 SYS_CALL='' 30 SYS_CALL_TABLE='' 31 PROC_ROOT='' 32 PROC_ROOT_IOPS='' 33 PROC_ROOT_LOOKUP='' 34 35 # Make sure the user has root permissions 36 if [ $UID -ne 0 ] ; then 37 echo "You must be root to run this script. Exiting." 38 exit 1 1 #! /bin/sh 2 3 # ----------------------------------------------------------------------- 4 # The default configuration file 5 # ----------------------------------------------------------------------- 6 7 cfgfile="/etc/samhainrc" 8 9 # ----------------------------------------------------------------------- 10 # Be Bourne compatible 11 # ----------------------------------------------------------------------- 12 13 if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then 14 emulate sh 15 NULLCMD=: 16 elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then 17 set -o posix 39 18 fi 40 19 41 42 #------------------------------------------------------------------------------ 43 # usage 44 #------------------------------------------------------------------------------ 45 function print_usage() { 46 47 cat >&2 <<EOHELP 48 49 update the samhainrc configuration file with new kernel system addresses 50 (i.e: after kernel compilation) by extracting these from the new System.map 51 file 52 53 SYNOPSIS 54 $scriptname [ ${GREEN}--help${OFF} ] 55 [ ${GREEN}--nocolor${OFF} ] 56 [ ${GREEN}--print-only${OFF} ] <System.map> 57 [ ${GREEN}--update${OFF} ] <System.map> 58 59 OPTIONS 60 ${GREEN}-h${OFF} ${GREEN}--help${OFF} 61 Show help. 62 63 ${GREEN}--nocolor${OFF} 64 Disable color hilighting for non ANSI-compatible terms. 65 66 ${GREEN}-p${OFF} ${GREEN}--print-only${OFF} <System.map> 67 Print the extracted system adresses and do not write them to the 68 samhain configuration file. 69 70 ${GREEN}-u${OFF} ${GREEN}--update${OFF} <System.map> 71 Update the samhainrc configuration file with new kernel system 72 addresses from the given System.map file 73 74 EOHELP 75 exit 0 76 } 77 78 79 #------------------------------------------------------------------------------ 80 # parses the command line options 81 # param in: all parameters given to the script 82 #------------------------------------------------------------------------------ 83 function parse_cmd_line() { 84 85 # parse the command-line 86 while [ -n "$1" ]; do 87 case "$1" in 88 --help|-h) 89 print_usage 90 ;; 91 --nocolor|-n) 92 unset DARK_GREEN GREEN RED BROWN LIGHT_GRAY WHITE OFF 93 ;; 94 --print-only|-p) 95 shift 96 SYSTEM_MAP="$1" 97 get_system_addresses 98 print_system_addresses 99 break 100 ;; 101 --update|-u) 102 shift 103 SYSTEM_MAP="$1" 104 get_system_addresses 105 print_system_addresses 106 replace_system_addresses 107 ;; 108 -*) 109 echo "$scriptname: unknown option $1. Exiting" >&2 110 exit 1 111 ;; 112 esac 113 shift 114 done 115 } 116 117 118 #------------------------------------------------------------------------------ 119 # extract system adresses from given System.map file and save to global 120 # variables 121 #------------------------------------------------------------------------------ 122 function get_system_addresses() { 123 124 if [ -z "$SYSTEM_MAP" ] ; then 125 echo 126 echo "No System.map specified. Exiting" >&2 127 echo 128 exit 1 20 programname="$0" 21 sysmap= 22 23 # ----------------------------------------------------------------------- 24 # Print help 25 # ----------------------------------------------------------------------- 26 27 showhelp() { 28 echo 29 echo "$programname - update samhain config file after kernel update" 30 echo 31 echo "OPTIONS:" 32 echo 33 echo " -u|--update </path/to/System.map>" 34 echo " Update the configuration file with new" 35 echo " settings as taken from </path/to/System.map>" 36 echo 37 echo " -c|--config-file </path/to/config-file>" 38 echo " Specify the configuration file to update [${cfgfile}]" 39 echo 40 echo " -p|--print-only </path/to/System.map>" 41 echo " Print new settings, don't modify anything" 42 echo 43 echo " -h|--help" 44 echo " Print this help" 45 echo 46 echo " -n|--nocolor" 47 echo " (ignored, legacy support)" 48 echo 49 } 50 51 52 # ----------------------------------------------------------------------- 53 # Death strikes 54 # ----------------------------------------------------------------------- 55 56 die() { 57 echo ${1+"$@"} >&2 58 { (exit 1); exit 1; } 59 } 60 61 # ----------------------------------------------------------------------- 62 # Get new settings from </path/to/System.map> 63 # ----------------------------------------------------------------------- 64 65 system_call= 66 syscall_table= 67 proc_root= 68 proc_root_inode_operations= 69 proc_root_lookup= 70 71 get_new_settings() { 72 73 if [ -z "$sysmap" ]; then 74 die "No System.map specified" 75 fi 76 if [ -f "$sysmap" ]; then 77 if [ -r "$sysmap" ]; then 78 system_call=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+system_call$' ${sysmap} | awk '{ print $1 }'` 79 syscall_table=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+sys_call_table$' ${sysmap} | awk '{ print $1 }'` 80 proc_root=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root$' ${sysmap} | awk '{ print $1 }'` 81 proc_root_inode_operations=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_inode_operations$' ${sysmap} | awk '{ print $1 }'` 82 proc_root_lookup=`egrep '[[:alnum:]]{8}[[:space:]]+[[:alpha:]]{1}[[:space:]]+proc_root_lookup$' ${sysmap} | awk '{ print $1 }'` 83 else 84 die "System.map ${sysmap} not readable" 85 fi 86 else 87 die "System.map ${sysmap} not found" 88 fi 89 test -z "${system_call}" && die "system_call not found in ${cfgfile}" 90 test -z "${syscall_table}" && die "sys_call_table not found in ${cfgfile}" 91 test -z "${proc_root}" && die "proc_root not found in ${cfgfile}" 92 test -z "${proc_root_inode_operations}" && die "proc_root_inode_operations not found in ${cfgfile}" 93 test -z "${proc_root_lookup}" && die "proc_root_lookup not found in ${cfgfile}" 94 95 } 96 97 # ----------------------------------------------------------------------- 98 # Print new settings 99 # ----------------------------------------------------------------------- 100 101 run_print() { 102 get_new_settings 103 echo 104 echo "KernelSystemCall = 0x${system_call}" 105 echo "KernelSyscallTable = 0x${syscall_table}" 106 echo "KernelProcRoot = 0x${proc_root}" 107 echo "KernelProcRootIops = 0x${proc_root_inode_operations}" 108 echo "KernelProcRootLookup = 0x${proc_root_lookup}" 109 echo 110 } 111 112 # ----------------------------------------------------------------------- 113 # Replace a setting 114 # ----------------------------------------------------------------------- 115 116 # set ignorecase 117 # search pattern 118 # delete current line 119 # insert 120 # single dot == end of insert text 121 # save and exit 122 123 run_replace() { 124 item="$1" 125 address="$2" 126 ex -s "$cfgfile" <<EOF 127 :set ic 128 :/^[[:blank:]]*$1[[:blank:]]*= 129 :d 130 :i 131 $item = $address 132 . 133 :x 134 EOF 135 } 136 137 # ----------------------------------------------------------------------- 138 # Add a setting 139 # ----------------------------------------------------------------------- 140 141 # set ignorecase 142 # search pattern ([Kernel] section) 143 # append (next line) 144 # single dot == end of insert text 145 # save and exit 146 147 run_add() { 148 item="$1" 149 address="$2" 150 ex -s "$cfgfile" <<EOF 151 :set ic 152 :/^[[:space:]]*\[Kernel\] 153 :a 154 $item = $address 155 . 156 :x 157 EOF 158 } 159 160 # ----------------------------------------------------------------------- 161 # Update with new settings 162 # ----------------------------------------------------------------------- 163 164 run_update() { 165 166 get_new_settings 167 168 if [ -z "$cfgfile" ]; then 169 die "No configuration file specified" 170 fi 171 if [ ! -w "$cfgfile" ]; then 172 die "Configuration file ${cfgfile} not writeable" 173 fi 174 egrep '^[[:space:]]*\[Kernel\]' "$cfgfile" >/dev/null 175 if [ $? -ne 0 ]; then 176 die "No [Kernel] section in configuration file $cfgfile" 177 fi 178 179 cat "$cfgfile" | egrep -i 'KernelProcRootLookup' >/dev/null 180 if [ $? -eq 0 ]; then 181 run_replace 'KernelProcRootLookup' "0x${proc_root_lookup}" 182 else 183 run_add 'KernelProcRootLookup' "0x${proc_root_lookup}" 184 fi 185 186 cat "$cfgfile" | egrep -i 'KernelProcRootIops' >/dev/null 187 if [ $? -eq 0 ]; then 188 run_replace 'KernelProcRootIops' "0x${proc_root_inode_operations}" 189 else 190 run_add 'KernelProcRootIops' "0x${proc_root_inode_operations}" 191 fi 192 193 cat "$cfgfile" | egrep -i 'KernelProcRoot[[:space:]]*=' >/dev/null 194 if [ $? -eq 0 ]; then 195 run_replace 'KernelProcRoot' "0x${proc_root}" 196 else 197 run_add 'KernelProcRoot' "0x${proc_root}" 198 fi 199 200 cat "$cfgfile" | egrep -i 'KernelSyscallTable' >/dev/null 201 if [ $? -eq 0 ]; then 202 run_replace 'KernelSyscallTable' "0x${syscall_table}" 203 else 204 run_add 'KernelSyscallTable' "0x${syscall_table}" 205 fi 206 207 cat "$cfgfile" | egrep -i 'KernelSystemCall' >/dev/null 208 if [ $? -eq 0 ]; then 209 run_replace 'KernelSystemCall' "0x${system_call}" 210 else 211 run_add 'KernelSystemCall' "0x${system_call}" 212 fi 213 214 } 215 216 # ----------------------------------------------------------------------- 217 # Parse command line 218 # ----------------------------------------------------------------------- 219 220 sysmap= 221 action= 222 223 for option 224 do 225 226 # If the previous option needs an argument, assign it. 227 # 228 if test -n "$opt_prev"; then 229 eval "$opt_prev=\$option" 230 eval export "$opt_prev" 231 opt_prev= 232 continue 129 233 fi 130 234 131 if [ ! -f "$SYSTEM_MAP" ] ; then 132 echo 133 echo "Could not find System.map: $SYSTEM_MAP. Exiting" >&2 134 echo 135 exit 1 136 fi 137 138 # 1. this is the address of system_call (grep system_call System.map) 139 # KernelSystemCall = 0xc0106cf8 140 SYS_CALL="0x`grep system_call $SYSTEM_MAP | cut -d' ' -f1`" 141 142 # 2. this is the address of sys_call_table (grep ' sys_call_table' System.map) 143 # KernelSyscallTable = 0xc01efb98 144 SYS_CALL_TABLE="0x`grep sys_call_table $SYSTEM_MAP | cut -d' ' -f1`" 145 146 # 3. this is the address of proc_root (grep ' proc_root$' System.map) 147 # KernelProcRoot = 0xc01efb98 148 PROC_ROOT="0x`grep ' proc_root$' $SYSTEM_MAP | cut -d' ' -f1`" 149 150 # 4. this is the address of proc_root_inode_operations 151 # (grep proc_root_inode_operations System.map) 152 # KernelProcRootIops = 0xc01efb98 153 PROC_ROOT_IOPS="0x`grep proc_root_inode_operations $SYSTEM_MAP | cut -d' ' -f1`" 154 155 # 5. this is the address of proc_root_lookup 156 # (grep proc_root_lookup System.map) 157 # KernelProcRootLookup = 0xc01efb98 158 PROC_ROOT_LOOKUP="0x`grep proc_root_lookup $SYSTEM_MAP | cut -d' ' -f1`" 159 } 160 161 162 #------------------------------------------------------------------------------ 163 # extract system adresses from given System.map file and save to global 164 # variables 165 #------------------------------------------------------------------------------ 166 function replace_system_addresses() { 167 168 if [ -z "$SAMHAIN_CFG" ] ; then 169 echo "Could not find your samhainrc config file: $SAMHAIN_CFG. Exiting" >&2 170 exit 1 171 fi 172 173 echo 174 echo "Replacing current kernel system addresses in: $SAMHAIN_CFG" 175 176 # 1. replace current 'KernelSystemCall' setting 177 new_cfg=`sed -e "s/^\(KernelSystemCall[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL}/" $SAMHAIN_CFG` 178 179 # 2. replace current 'KernelSyscallTable' setting 180 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelSyscallTable[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${SYS_CALL_TABLE}/"` 181 182 # 3. replace current 'KernelProcRoot' setting 183 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRoot[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT}/"` 184 185 # 4. replace current 'KernelProcRootIops' setting 186 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootIops[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_IOPS}/"` 187 188 # 5. replace current 'KernelSystemCall' setting 189 new_cfg=`echo "$new_cfg" | sed -e "s/^\(KernelProcRootLookup[[:blank:]]*=\)[[:blank:]]*\(.*\)/\1 ${PROC_ROOT_LOOKUP}/"` 190 191 echo "Backup old samhainrc $SAMHAIN_CFG to $SAMHAIN_CFG.bak" 192 193 # backup old samhainrc config file 194 mv "$SAMHAIN_CFG" "$SAMHAIN_CFG.bak" 195 196 # write new samhainrc config file 197 echo "$new_cfg" > "$SAMHAIN_CFG" 198 199 echo "Successfully updated kernel system addresses." 200 echo 201 } 202 203 204 #------------------------------------------------------------------------------ 205 # print samhain required system adresses 206 #------------------------------------------------------------------------------ 207 function print_system_addresses() { 208 209 echo 210 echo "your kernel system addresses from: `basename $SYSTEM_MAP`" 211 echo 212 echo " KernelSystemCall = $SYS_CALL" 213 echo " KernelSyscallTable = $SYS_CALL_TABLE" 214 echo " KernelProcRoot = $PROC_ROOT" 215 echo " KernelProcRootIops = $PROC_ROOT_IOPS" 216 echo " KernelProcRootLookup = $PROC_ROOT_LOOKUP" 217 echo 218 219 } 220 221 if [ $# -eq 0 ] ; then 222 print_usage 235 case "$option" in 236 -*=*) 237 optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` 238 ;; 239 *) 240 optarg= 241 ;; 242 esac 243 244 case "$option" in 245 246 -h|--help) 247 showhelp 248 exit 0 249 ;; 250 251 -n|--nocolor) 252 ;; 253 254 -c|--config-file) 255 opt_prev=cfgfile 256 ;; 257 258 -c=* | --config-file=*) 259 cfgfile="$optarg" 260 ;; 261 262 -p|--print-only) 263 opt_prev=sysmap 264 action=p 265 ;; 266 267 268 -p=* | --print-only=*) 269 sysmap="$optarg" 270 action=p 271 ;; 272 273 -u|--update) 274 opt_prev=sysmap 275 action=u 276 ;; 277 278 -u=* | --update=*) 279 sysmap="$optarg" 280 action=u 281 ;; 282 283 esac 284 285 done 286 287 if [ x"$action" = xp ]; then 288 run_print 289 exit 0 223 290 fi 224 225 parse_cmd_line $* 226 227 exit 0 291 if [ x"$action" = xu ]; then 292 run_update 293 exit 0 294 fi 295 296 showhelp 297 exit 1
Note:
See TracChangeset
for help on using the changeset viewer.