]> git.ipfire.org Git - ipfire-2.x.git/blob - src/misc-progs/tripwirectrl.c
binutils: update to 2.18.
[ipfire-2.x.git] / src / misc-progs / tripwirectrl.c
1 #include <stdio.h>
2 #include <string.h>
3 #include <stdlib.h>
4 #include <unistd.h>
5 #include <sys/types.h>
6 #include <fcntl.h>
7 #include "setuid.h"
8
9 #define BUFFER_SIZE 1024
10
11 char command[BUFFER_SIZE];
12
13 int main(int argc, char *argv[])
14 {
15
16 if (!(initsetuid()))
17 exit(1);
18
19 // Check what command is asked
20 if (argc==1)
21 {
22 fprintf (stderr, "Missing tripwirectrl command!\n");
23 return 1;
24 }
25
26 if (strcmp(argv[1], "tripwirelog")==0)
27 {
28 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --cfgfile /var/ipfire/tripwire/tw.cfg --twrfile /var/ipfire/tripwire/report/%s", argv[2]);
29 safe_system(command);
30 return 0;
31 }
32
33 if (strcmp(argv[1], "generatereport")==0)
34 {
35 safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol");
36 return 0;
37 }
38
39 if (strcmp(argv[1], "deletereport")==0)
40 {
41 sprintf(command, "rm -f /var/ipfire/tripwire/report/%s", argv[2]);
42 safe_system(command);
43 return 0;
44 }
45
46 if (strcmp(argv[1], "updatedatabase")==0)
47 {
48 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s", argv[2], argv[3]);
49 safe_system(command);
50 return 0;
51 }
52
53 if (strcmp(argv[1], "keys")==0)
54 {
55 snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]);
56 safe_system(command);
57 snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key", argv[3]);
58 safe_system(command);
59 snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]);
60 safe_system(command);
61 snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]);
62 safe_system(command);
63 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]);
64 safe_system(command);
65 return 0;
66 }
67
68 if (strcmp(argv[1], "generatepolicy")==0)
69 {
70 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]);
71 safe_system(command);
72 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]);
73 safe_system(command);
74 return 0;
75 }
76
77 if (strcmp(argv[1], "resetpolicy")==0)
78 {
79 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]);
80 safe_system(command);
81 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]);
82 safe_system(command);
83 return 0;
84 }
85
86 if (strcmp(argv[1], "readconfig")==0)
87 {
88 safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt");
89 return 0;
90 }
91
92 if (strcmp(argv[1], "lockconfig")==0)
93 {
94 safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt");
95 return 0;
96 }
97
98 if (strcmp(argv[1], "enable")==0)
99 {
100 safe_system("touch /var/ipfire/tripwire/enable");
101 safe_system("rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire && chmod 640 /var/ipfire/tripwire/site.key");
102 safe_system("rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase ipfire && chmod 640 /var/ipfire/tripwire/local.key");
103 safe_system("rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg");
104 safe_system("rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol");
105 safe_system("/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase ipfire");
106 safe_system("cat /usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol > /etc/fcron.daily/tripwire0600");
107 safe_system("chmod 755 /etc/fcron.daily/tripwire0600");
108 safe_system("touch -t 01010600 /etc/fcron.daily/tripwire0600");
109 return 0;
110 }
111
112 if (strcmp(argv[1], "disable")==0)
113 {
114 safe_system("unlink /var/ipfire/tripwire/enable");
115 safe_system("unlink /etc/fcron.daily/tripwire*");
116 safe_system("rm -rf /var/ipfire/tripwire/site.key");
117 safe_system("rm -rf /var/ipfire/tripwire/local.key");
118 safe_system("rm -rf /var/ipfire/tripwire/tw.cfg*");
119 safe_system("rm -rf /var/ipfire/tripwire/tw.pol*");
120 safe_system("rm -rf /var/ipfire/tripwire/*.twd*");
121 safe_system("rm -rf /var/ipfire/tripwire/report/*");
122 return 0;
123 }
124
125 if (strcmp(argv[1], "addcron")==0)
126 {
127 snprintf(command, BUFFER_SIZE-1, "echo \"/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol\" > /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]);
128 safe_system(command);
129 snprintf(command, BUFFER_SIZE-1, "chmod 755 /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]);
130 safe_system(command);
131 snprintf(command, BUFFER_SIZE-1, "touch -t 0101%s%s /etc/fcron.daily/tripwire%s%s", argv[2], argv[3], argv[2], argv[3]);
132 safe_system(command);
133 return 0;
134 }
135 if (strcmp(argv[1], "disablecron")==0)
136 {
137 snprintf(command, BUFFER_SIZE-1, "unlink /etc/fcron.daily/tripwire%s", argv[2]);
138 safe_system(command);
139 return 0;
140 }
141 return 0;
142 }