]>
Commit | Line | Data |
---|---|---|
92004c61 CS |
1 | #include <stdio.h> |
2 | #include <string.h> | |
3 | #include <stdlib.h> | |
4 | #include <unistd.h> | |
5 | #include <sys/types.h> | |
6 | #include <fcntl.h> | |
7 | #include "setuid.h" | |
8 | ||
9 | #define BUFFER_SIZE 1024 | |
10 | ||
498f4839 | 11 | char command[BUFFER_SIZE]; |
92004c61 CS |
12 | |
13 | int main(int argc, char *argv[]) | |
14 | { | |
15 | ||
71dfc4b7 CS |
16 | if (!(initsetuid())) |
17 | exit(1); | |
92004c61 | 18 | |
71dfc4b7 CS |
19 | // Check what command is asked |
20 | if (argc==1) | |
21 | { | |
22 | fprintf (stderr, "Missing tripwirectrl command!\n"); | |
23 | return 1; | |
24 | } | |
92004c61 | 25 | |
71dfc4b7 CS |
26 | if (strcmp(argv[1], "tripwirelog")==0) |
27 | { | |
28 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --cfgfile /var/ipfire/tripwire/tw.cfg --twrfile /var/ipfire/tripwire/report/%s", argv[2]); | |
29 | safe_system(command); | |
30 | return 0; | |
31 | } | |
92004c61 | 32 | |
71dfc4b7 CS |
33 | if (strcmp(argv[1], "generatereport")==0) |
34 | { | |
88932936 | 35 | safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol"); |
71dfc4b7 CS |
36 | return 0; |
37 | } | |
1465b127 | 38 | |
71dfc4b7 CS |
39 | if (strcmp(argv[1], "deletereport")==0) |
40 | { | |
41 | sprintf(command, "rm -f /var/ipfire/tripwire/report/%s", argv[2]); | |
42 | safe_system(command); | |
43 | return 0; | |
44 | } | |
92004c61 | 45 | |
71dfc4b7 CS |
46 | if (strcmp(argv[1], "updatedatabase")==0) |
47 | { | |
88932936 | 48 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s", argv[2], argv[3]); |
71dfc4b7 CS |
49 | safe_system(command); |
50 | return 0; | |
51 | } | |
92004c61 | 52 | |
71dfc4b7 CS |
53 | if (strcmp(argv[1], "keys")==0) |
54 | { | |
88932936 | 55 | snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]); |
71dfc4b7 | 56 | safe_system(command); |
88932936 | 57 | snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key", argv[3]); |
71dfc4b7 | 58 | safe_system(command); |
88932936 | 59 | snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]); |
71dfc4b7 | 60 | safe_system(command); |
88932936 | 61 | snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]); |
71dfc4b7 | 62 | safe_system(command); |
88932936 | 63 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]); |
71dfc4b7 CS |
64 | safe_system(command); |
65 | return 0; | |
66 | } | |
92004c61 | 67 | |
71dfc4b7 CS |
68 | if (strcmp(argv[1], "generatepolicy")==0) |
69 | { | |
8f55c54e | 70 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]); |
71dfc4b7 | 71 | safe_system(command); |
88932936 | 72 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]); |
71dfc4b7 CS |
73 | safe_system(command); |
74 | return 0; | |
75 | } | |
92004c61 | 76 | |
71dfc4b7 CS |
77 | if (strcmp(argv[1], "resetpolicy")==0) |
78 | { | |
88932936 | 79 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]); |
71dfc4b7 | 80 | safe_system(command); |
88932936 | 81 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]); |
71dfc4b7 CS |
82 | safe_system(command); |
83 | return 0; | |
84 | } | |
92004c61 | 85 | |
71dfc4b7 CS |
86 | if (strcmp(argv[1], "readconfig")==0) |
87 | { | |
88 | safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt"); | |
89 | return 0; | |
90 | } | |
92004c61 | 91 | |
71dfc4b7 CS |
92 | if (strcmp(argv[1], "lockconfig")==0) |
93 | { | |
94 | safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt"); | |
1cdddb12 | 95 | return 0; |
1465b127 | 96 | } |
88932936 CS |
97 | |
98 | if (strcmp(argv[1], "enable")==0) | |
99 | { | |
100 | safe_system("touch /var/ipfire/tripwire/enable"); | |
101 | safe_system("rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire && chmod 640 /var/ipfire/tripwire/site.key"); | |
102 | safe_system("rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase ipfire && chmod 640 /var/ipfire/tripwire/local.key"); | |
103 | safe_system("rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg"); | |
104 | safe_system("rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol"); | |
105 | safe_system("/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase ipfire"); | |
106 | safe_system("cat /usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol > /etc/fcron.daily/tripwire0600"); | |
107 | safe_system("chmod 755 /etc/fcron.daily/tripwire0600"); | |
108 | safe_system("touch -t 01010600 /etc/fcron.daily/tripwire0600"); | |
109 | return 0; | |
110 | } | |
111 | ||
112 | if (strcmp(argv[1], "disable")==0) | |
113 | { | |
114 | safe_system("unlink /var/ipfire/tripwire/enable"); | |
115 | safe_system("unlink /etc/fcron.daily/tripwire*"); | |
116 | safe_system("rm -rf /var/ipfire/tripwire/site.key"); | |
117 | safe_system("rm -rf /var/ipfire/tripwire/local.key"); | |
118 | safe_system("rm -rf /var/ipfire/tripwire/tw.cfg*"); | |
119 | safe_system("rm -rf /var/ipfire/tripwire/tw.pol*"); | |
120 | safe_system("rm -rf /var/ipfire/tripwire/*.twd*"); | |
121 | safe_system("rm -rf /var/ipfire/tripwire/report/*"); | |
122 | return 0; | |
123 | } | |
124 | ||
125 | if (strcmp(argv[1], "addcron")==0) | |
126 | { | |
498f4839 | 127 | snprintf(command, BUFFER_SIZE-1, "echo \"/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol\" > /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]); |
88932936 CS |
128 | safe_system(command); |
129 | snprintf(command, BUFFER_SIZE-1, "chmod 755 /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]); | |
130 | safe_system(command); | |
131 | snprintf(command, BUFFER_SIZE-1, "touch -t 0101%s%s /etc/fcron.daily/tripwire%s%s", argv[2], argv[3], argv[2], argv[3]); | |
132 | safe_system(command); | |
133 | return 0; | |
134 | } | |
135 | if (strcmp(argv[1], "disablecron")==0) | |
136 | { | |
137 | snprintf(command, BUFFER_SIZE-1, "unlink /etc/fcron.daily/tripwire%s", argv[2]); | |
138 | safe_system(command); | |
139 | return 0; | |
140 | } | |
71dfc4b7 | 141 | return 0; |
8f55c54e | 142 | } |