From 2b163f4497855bc56d00a8cc626c669517e8b95d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 4 Dec 2015 21:41:56 +0000 Subject: [PATCH] Drop tripwire This add-on is likely to be unused Signed-off-by: Michael Tremer --- config/menu/EX-tripwire.menu | 5 - config/rootfiles/common/configroot | 4 - config/rootfiles/common/misc-progs | 1 - config/rootfiles/common/web-user-interface | 1 - config/rootfiles/packages/tripwire | 13 - config/tripwire/settings | 0 config/tripwire/twcfg.txt | 18 - config/tripwire/twpol.txt | 75 --- html/cgi-bin/tripwire.cgi | 540 --------------------- lfs/configroot | 4 +- lfs/tripwire | 98 ---- make.sh | 1 - src/misc-progs/Makefile | 2 +- src/misc-progs/tripwirectrl.c | 142 ------ 14 files changed, 3 insertions(+), 901 deletions(-) delete mode 100644 config/menu/EX-tripwire.menu delete mode 100644 config/rootfiles/packages/tripwire delete mode 100755 config/tripwire/settings delete mode 100644 config/tripwire/twcfg.txt delete mode 100644 config/tripwire/twpol.txt delete mode 100644 html/cgi-bin/tripwire.cgi delete mode 100644 lfs/tripwire delete mode 100644 src/misc-progs/tripwirectrl.c diff --git a/config/menu/EX-tripwire.menu b/config/menu/EX-tripwire.menu deleted file mode 100644 index 6a23312b5..000000000 --- a/config/menu/EX-tripwire.menu +++ /dev/null @@ -1,5 +0,0 @@ - $subipfire->{'40.tripwire'} = {'caption' => $Lang::tr{'tripwire'}, - 'uri' => '/cgi-bin/tripwire.cgi', - 'title' => $Lang::tr{'tripwire'}, - 'enabled' => 1, - }; diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot index f6cbb61ef..71539ef42 100644 --- a/config/rootfiles/common/configroot +++ b/config/rootfiles/common/configroot @@ -115,7 +115,6 @@ var/ipfire/menu.d/70-log.menu #var/ipfire/menu.d/EX-mpfire.menu #var/ipfire/menu.d/EX-samba.menu #var/ipfire/menu.d/EX-tor.menu -#var/ipfire/menu.d/EX-tripwire.menu #var/ipfire/menu.d/EX-wlanap.menu var/ipfire/modem #var/ipfire/modem/defaults @@ -182,9 +181,6 @@ var/ipfire/snort #var/ipfire/snort/settings var/ipfire/time #var/ipfire/time/settings -#var/ipfire/tripwire -#var/ipfire/tripwire/report -#var/ipfire/tripwire/settings var/ipfire/updatexlrator var/ipfire/updatexlrator/autocheck var/ipfire/updatexlrator/bin diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index 349aac76c..191788460 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -33,7 +33,6 @@ usr/local/bin/sshctrl usr/local/bin/syslogdctrl usr/local/bin/timectrl #usr/local/bin/torctrl -#usr/local/bin/tripwirectrl usr/local/bin/updxlratorctrl usr/local/bin/upnpctrl usr/local/bin/urlfilterctrl diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface index d22c1a34c..b9780ea4f 100644 --- a/config/rootfiles/common/web-user-interface +++ b/config/rootfiles/common/web-user-interface @@ -78,7 +78,6 @@ srv/web/ipfire/cgi-bin/system.cgi srv/web/ipfire/cgi-bin/time.cgi #srv/web/ipfire/cgi-bin/tor.cgi srv/web/ipfire/cgi-bin/traffic.cgi -#srv/web/ipfire/cgi-bin/tripwire.cgi srv/web/ipfire/cgi-bin/updatexlrator.cgi #srv/web/ipfire/cgi-bin/upnp.cgi srv/web/ipfire/cgi-bin/urlfilter.cgi diff --git a/config/rootfiles/packages/tripwire b/config/rootfiles/packages/tripwire deleted file mode 100644 index b30e843bd..000000000 --- a/config/rootfiles/packages/tripwire +++ /dev/null @@ -1,13 +0,0 @@ -#etc/rc.d/init.d/tripwire -usr/local/bin/tripwirectrl -usr/sbin/siggen -usr/sbin/tripwire -usr/sbin/twadmin -usr/sbin/twprint -var/ipfire/tripwire -#var/ipfire/tripwire/twcfg.default -#var/ipfire/tripwire/twcfg.txt -#var/ipfire/tripwire/twpol.default -#var/ipfire/tripwire/twpol.txt -srv/web/ipfire/cgi-bin/tripwire.cgi -var/ipfire/menu.d/EX-tripwire.menu diff --git a/config/tripwire/settings b/config/tripwire/settings deleted file mode 100755 index e69de29bb..000000000 diff --git a/config/tripwire/twcfg.txt b/config/tripwire/twcfg.txt deleted file mode 100644 index 195819cb8..000000000 --- a/config/tripwire/twcfg.txt +++ /dev/null @@ -1,18 +0,0 @@ -ROOT =/usr/sbin -POLFILE =/var/ipfire/tripwire/tw.pol -DBFILE =/var/ipfire/tripwire/$(HOSTNAME).twd -REPORTFILE =/var/ipfire/tripwire/report/$(DATE).twr -SITEKEYFILE =/var/ipfire/tripwire/site.key -LOCALKEYFILE =/var/ipfire/tripwire/local.key -EDITOR =/usr/bin/vi -LATEPROMPTING =false -LOOSEDIRECTORYCHECKING =false -MAILNOVIOLATIONS =false -EMAILREPORTLEVEL =3 -REPORTLEVEL =3 -#MAILMETHOD =SENDMAIL -#MAILMETHOD =SMTP -#SMTPHOST =phoenix.e-vector.com -#SMTPPORT =25 -SYSLOGREPORTING =false -#MAILPROGRAM =/usr/sbin/sendmail -oi -t diff --git a/config/tripwire/twpol.txt b/config/tripwire/twpol.txt deleted file mode 100644 index 9cdcce89f..000000000 --- a/config/tripwire/twpol.txt +++ /dev/null @@ -1,75 +0,0 @@ -@@section GLOBAL -TWROOT=/usr/sbin; -TWBIN=/usr/sbin; -TWPOL="/var/ipfire/tripwire"; -TWDB="/var/ipfire/tripwire"; -TWSKEY="/var/ipfire/tripwire"; -TWLKEY="/var/ipfire/tripwire"; -TWREPORT="/var/ipfire/tripwire/report"; -HOSTNAME=ipfire; - -@@section FS -SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change -SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often -SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership -SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership -SIG_LOW = 33 ; # Non-critical files that are of minimal security impact -SIG_MED = 66 ; # Non-critical files that are of significant security impact -SIG_HI = 100 ; # Critical files that are significant points of vulnerability - -# System Files - -( - rulename = "System Files", - severity = $(SIG_HI) -) -{ - $(TWDB) -> $(SEC_CRIT) ; - $(TWPOL)/tw.pol -> $(SEC_CRIT) -i ; - $(TWPOL)/tw.cfg -> $(SEC_CRIT) -i ; - $(TWLKEY)/local.key -> $(SEC_CRIT) ; - $(TWSKEY)/site.key -> $(SEC_CRIT) ; - - /bin -> $(SEC_CRIT) ; - /boot -> $(SEC_CRIT) ; - /etc -> $(SEC_CRIT) ; - /etc/snort/rules/ -> $(Dynamic) ; - /lib -> $(SEC_CRIT) ; - /root -> $(SEC_CRIT) ; - /root/.bash_history -> $(Dynamic) ; - /sbin -> $(SEC_CRIT) ; - /usr -> $(SEC_CRIT) ; - /usr/share/clamav -> $(Dynamic) ; - /etc/mtab -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount - - #don't scan the individual reports - $(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ; -} - -# Commonly accessed directories that should remain static with regards to owner and group -( - rulename = "Invariant Directories", - severity = $(SIG_MED) -) -{ - / -> $(SEC_INVARIANT) (recurse = 0) ; - /home -> $(SEC_INVARIANT) (recurse = 0) ; - /tmp -> $(SEC_INVARIANT) ; -} - -# Critical Devices - -( - rulename = "Critical devices", - severity = $(SIG_HI), - recurse = false -) -{ - /dev/console -> $(SEC_CONFIG) -u ; # User ID may change on console login/logout. - /dev/initctl -> $(SEC_CONFIG) ; /dev/log -> $(SEC_CONFIG) ; - /proc/modules -> $(Device) ; - /proc/mounts -> $(Device) ; - /proc/filesystems -> $(Device) ; - /proc/misc -> $(Device) ; - /var/log -> $(SEC_LOG) ; -} diff --git a/html/cgi-bin/tripwire.cgi b/html/cgi-bin/tripwire.cgi deleted file mode 100644 index fb48a270f..000000000 --- a/html/cgi-bin/tripwire.cgi +++ /dev/null @@ -1,540 +0,0 @@ -#!/usr/bin/perl -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -use strict; -# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; - -require '/var/ipfire/general-functions.pl'; -require "${General::swroot}/lang.pl"; -require "${General::swroot}/header.pl"; - -my %tripwiresettings = (); -my %checked = (); -my %netsettings = (); -my $message = ""; -my $errormessage = ""; -my @Logs = `ls -r /var/ipfire/tripwire/report/ 2>/dev/null`; -my $file = `ls -tr /var/ipfire/tripwire/report/ | tail -1 2>/dev/null`; -my @cronjobs = `ls /etc/fcron.daily/tripwire* 2>/dev/null`; -my $Log =$Lang::tr{'no log selected'}; - -my %color = (); -my %mainsettings = (); -&General::readhash("${General::swroot}/main/settings", \%mainsettings); -&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - -############################################################################################################################ -################################################# Tripwire Default Variablen ################################################ - -$tripwiresettings{'ROOT'} = '/usr/sbin'; -$tripwiresettings{'POLFILE'} = '/var/ipfire/tripwire/tw.pol'; -$tripwiresettings{'DBFILE'} = '/var/ipfire/tripwire/$(HOSTNAME).twd'; -$tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(DATE).twr'; -$tripwiresettings{'SITEKEYFILE'} = '/var/ipfire/tripwire/site.key'; -$tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/local.key'; -$tripwiresettings{'EDITOR'} = '/usr/bin/vi'; -$tripwiresettings{'LATEPROMPTING'} = 'false'; -$tripwiresettings{'LOOSEDIRECTORYCHECKING'} = 'false'; -$tripwiresettings{'MAILNOVIOLATIONS'} = 'false'; -$tripwiresettings{'EMAILREPORTLEVEL'} = '3'; -$tripwiresettings{'REPORTLEVEL'} = '3'; -$tripwiresettings{'MAILMETHOD'} = 'SENDMAIL'; -$tripwiresettings{'SMTPHOST'} = 'ipfire.myipfire.de'; -$tripwiresettings{'SMTPPORT'} = '25'; -$tripwiresettings{'SYSLOGREPORTING'} = 'false'; -$tripwiresettings{'MAILPROGRAM'} = '/usr/sbin/sendmail -oi -t'; -$tripwiresettings{'SITEKEY'} = 'ipfire'; -$tripwiresettings{'LOCALKEY'} = 'ipfire'; -$tripwiresettings{'ACTION'} = ''; - -&General::readhash("${General::swroot}/tripwire/settings", \%tripwiresettings); - -############################################################################################################################ -######################################################### Tripwire HTML Part ############################################### - -&Header::showhttpheaders(); - -&Header::getcgihash(\%tripwiresettings); -&Header::openpage('Tripwire', 1,); -&Header::openbigbox('100%', 'left', '', $errormessage); - -############################################################################################################################ -############################################### Tripwire Config Datei erstellen ############################################ - -if ($tripwiresettings{'ACTION'} eq $Lang::tr{'save'}) -{ -system("/usr/local/bin/tripwirectrl readconfig >/dev/null 2>&1"); -open (FILE, ">${General::swroot}/tripwire/twcfg.txt") or die "Can't save tripwire config: $!"; -flock (FILE, 2); - -print FILE </dev/null 2>&1"); -} - -############################################################################################################################ -################################################## Sicherheitsabfrage für CGI ############################################## - -if ($tripwiresettings{'ACTION'} eq 'addcron') - { - print < - - - - - -
$Lang::tr{'add cron'} -
-
HHMM

- $Lang::tr{'ok'} -
- $Lang::tr{'cancel'} -
-END -; -} - -if ($tripwiresettings{'ACTION'} eq 'globalreset') - { - print < - - - - - -
$Lang::tr{'resetglobals'} -
$Lang::tr{'defaultwarning'}

- $Lang::tr{'ok'} -
- $Lang::tr{'cancel'} -
-END -; -} - -if ($tripwiresettings{'ACTION'} eq 'generatepolicypw') - { - print < - - - - - - - -
$Lang::tr{'generatepolicy'} -
$Lang::tr{'tripwirewarningpolicy'}

$Lang::tr{'sitekey'}
$Lang::tr{'localkey'}

- $Lang::tr{'ok'} -
- $Lang::tr{'cancel'} -
-END -; -} - -if ($tripwiresettings{'ACTION'} eq 'policyresetpw') - { - print < - - - - - - - -
$Lang::tr{'resetpolicy'} -
$Lang::tr{'tripwirewarningpolicy'}

$Lang::tr{'sitekey'}
$Lang::tr{'localkey'}

- $Lang::tr{'ok'} -
- $Lang::tr{'cancel'} -
-END -; -} - -if ($tripwiresettings{'ACTION'} eq 'updatedatabasepw') - { - print < - - - - - - -
$Lang::tr{'updatedatabase'} -
$Lang::tr{'tripwirewarningdatabase'}

$Lang::tr{'localkey'}


- $Lang::tr{'ok'} -
- $Lang::tr{'cancel'} -
-END -; -} -if ($tripwiresettings{'ACTION'} eq 'keyreset') - { - print < - - - - - -
$Lang::tr{'keyreset'} -
$Lang::tr{'tripwirewarningkeys'}

- $Lang::tr{'ok'} -
- $Lang::tr{'cancel'} -
-END -; -} - -if ($tripwiresettings{'ACTION'} eq 'generatekeys') - { - print < - - - - - -
$Lang::tr{'generatekeys'} -
$Lang::tr{'tripwirewarningkeys'}

- $Lang::tr{'ok'} -
- $Lang::tr{'cancel'} -
-END -; -} - -############################################################################################################################ -######################################################## Tripwire Funktionen ############################################### - -if ($tripwiresettings{'ACTION'} eq 'globalresetyes') -{ -&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";&Header::closebox(); -$tripwiresettings{'ROOT'} = '/usr/sbin'; -$tripwiresettings{'POLFILE'} = '/var/ipfire/tripwire/tw.pol'; -$tripwiresettings{'DBFILE'} = '/var/ipfire/tripwire/$(HOSTNAME).twd'; -$tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(DATE).twr'; -$tripwiresettings{'SITEKEYFILE'} = '/var/ipfire/tripwire/site.key'; -$tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/local.key'; -$tripwiresettings{'EDITOR'} = '/usr/bin/vi'; -$tripwiresettings{'LATEPROMPTING'} = 'false'; -$tripwiresettings{'LOOSEDIRECTORYCHECKING'} = 'false'; -$tripwiresettings{'MAILNOVIOLATIONS'} = 'false'; -$tripwiresettings{'EMAILREPORTLEVEL'} = '3'; -$tripwiresettings{'REPORTLEVEL'} = '3'; -$tripwiresettings{'MAILMETHOD'} = 'SENDMAIL'; -$tripwiresettings{'SMTPHOST'} = 'ipfire.myipfire.de'; -$tripwiresettings{'SMTPPORT'} = '25'; -$tripwiresettings{'SYSLOGREPORTING'} = 'false'; -$tripwiresettings{'MAILPROGRAM'} = '/usr/sbin/sendmail -oi -t'; -$tripwiresettings{'SITEKEY'} = 'ipfire'; -$tripwiresettings{'LOCALKEY'} = 'ipfire'; -$tripwiresettings{'ACTION'} = ''; -system("/usr/local/bin/tripwirectrl readconfig >/dev/null 2>&1"); -open (FILE, ">${General::swroot}/tripwire/twcfg.txt") or die "Can't save tripwire config: $!"; -flock (FILE, 2); -print FILE </dev/null 2>&1l"); -system("/usr/local/bin/tripwirectrl keys ipfire ipfire >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire'; -} -if ($tripwiresettings{'ACTION'} eq 'generatekeysyes'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl keys $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'} >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';} -if ($tripwiresettings{'ACTION'} eq 'keyresetyes'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl keys ipfire ipfire >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';} -if ($tripwiresettings{'ACTION'} eq 'resetpolicyyes'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl resetpolicy tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'} >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';} -if ($tripwiresettings{'ACTION'} eq 'generatepolicyyes'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl generatepolicy $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'} >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';} -if ($tripwiresettings{'ACTION'} eq 'updatedatabaseyes'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl updatedatabase $tripwiresettings{'LOCALKEY'} /var/ipfire/tripwire/report/$file >/dev/null 2>&1");$tripwiresettings{'LOCALKEY'} = 'ipfire';} -if ($tripwiresettings{'ACTION'} eq 'generatereport'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl generatereport >/dev/null 2>&1");} -if ($tripwiresettings{'ACTION'} eq 'addcronyes'){system("/usr/local/bin/tripwirectrl addcron $tripwiresettings{'HOUR'} $tripwiresettings{'MINUTE'} >/dev/null 2>&1");} -if ($tripwiresettings{'ACTION'} eq 'deletecron'){system("/usr/local/bin/tripwirectrl disablecron $tripwiresettings{'CRON'} >/dev/null 2>&1");@cronjobs = `ls /etc/fcron.daily/tripwire* 2>/dev/null`;} - -############################################################################################################################ -##################################################### Tripwire globale Optionen ############################################ - -&Header::openbox('100%', 'center', 'Tripwire'); -print < - -
- - - - - - - - -
$Lang::tr{'basic options'}
$Lang::tr{'emailreportlevel'}
$Lang::tr{'reportlevel'}
$Lang::tr{'mailmethod'}
$Lang::tr{'smtphost'}
$Lang::tr{'smtpport'}
$Lang::tr{'mailprogramm'}
-
- - - - -
- -
- -
- -
- -END -; -if ($tripwiresettings{'ACTION'} eq 'globalcaption') -{ -print < - - - - -
$Lang::tr{'caption'}
$Lang::tr{$Lang::tr{'save settings'}
$Lang::tr{$Lang::tr{'restore settings'}
-END -; - -} - -&Header::closebox(); - -############################################################################################################################ -################################################### Tripwire Init Policy and keygen ######################################## - -&Header::openbox('100%', 'center', $Lang::tr{'generate tripwire keys and init'}); -print < - -
- - - - -
$Lang::tr{'keys'}
$Lang::tr{'sitekey'}
$Lang::tr{'localkey'}
-
- - - - -
- -
- -
- -
- -END -; -if ($tripwiresettings{'ACTION'} eq 'keycaption') -{ -print < - - - - -
$Lang::tr{'caption'}
$Lang::tr{$Lang::tr{'generatekeys'}
$Lang::tr{$Lang::tr{'keyreset'}
-END -; - -} - -&Header::closebox(); - -############################################################################################################################ -################################################# Tripwire general functions ############################################### - -&Header::openbox('100%', 'center', $Lang::tr{'tripwire functions'}); -print < - - - - - - - -
- -
- -
- -
- -
- -
-END -; -if ($tripwiresettings{'ACTION'} eq 'policycaption') -{ -print < - - - - - - -
$Lang::tr{'caption'}
$Lang::tr{$Lang::tr{'generatepolicy'}
$Lang::tr{$Lang::tr{'resetpolicy'}
$Lang::tr{$Lang::tr{'generatereport'}
$Lang::tr{$Lang::tr{'updatedatabase'}
-END -; - -} -&Header::closebox(); - -############################################################################################################################ -####################################################### Tripwire Log View ################################################## - -&Header::openbox('100%', 'center', $Lang::tr{'tripwire reports'}); -print < -
-
- - - - -
$Lang::tr{'log view'}

-
-END -; -if ($tripwiresettings{'ACTION'} eq 'showlog') -{ -$Log = qx(/usr/local/bin/tripwirectrl tripwirelog $tripwiresettings{'LOG'}); -$Log=~s/--cfgfile \/var\/ipfire\/tripwire\/tw.cfg --polfile \/var\/ipfire\/tripwire\/tw.pol//g; -print < -
-
$Log
-
-$tripwiresettings{'LOG'} - -END -; - -} - -&Header::closebox(); - -############################################################################################################################ -####################################################### Tripwire Cronjob ################################################## -# -#&Header::openbox('100%', 'center', $Lang::tr{'tripwire cronjob'}); -#print < -# -# -#END -#; -#foreach my $cronjob (@cronjobs) {chomp $cronjob;my $time=$cronjob; $time=~s/\/etc\/fcron.daily\/tripwire//g;print"";} -#print < -#
-#

$cronjob at $time daily
-# -# -#
-# -#
-# -#
-#END -#; - -#if ($tripwiresettings{'ACTION'} eq 'croncaption') -#{ -#print < -# -# -# -# -#
$Lang::tr{'caption'}
$Lang::tr{'add cron'}
$Lang::tr{'delete cron'}
-#END -#; -#} -# -#&Header::closebox(); - -&Header::closebigbox(); -&Header::closepage(); diff --git a/lfs/configroot b/lfs/configroot index 601cdf6d3..cb7499694 100644 --- a/lfs/configroot +++ b/lfs/configroot @@ -54,7 +54,7 @@ $(TARGET) : ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \ menu.d modem net-traffic net-traffic/templates nfs optionsfw \ ovpn patches pakfire portfw ppp private proxy/advanced/cre \ - proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \ + proxy/calamaris/bin qos/bin red remote sensors snort time \ updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \ wakeonlan wireless ; do \ mkdir -p $(CONFIG_ROOT)/$$i; \ @@ -69,7 +69,7 @@ $(TARGET) : isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \ ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \ ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \ - qos/tosconfig snort/settings tripwire/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \ + qos/tosconfig snort/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \ vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \ touch $(CONFIG_ROOT)/$$i; \ done diff --git a/lfs/tripwire b/lfs/tripwire deleted file mode 100644 index 9942441e9..000000000 --- a/lfs/tripwire +++ /dev/null @@ -1,98 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 2.4.1.2 - -THISAPP = tripwire-$(VER) -DL_FILE = $(THISAPP)-src.tar.bz2 -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/$(THISAPP) -TARGET = $(DIR_INFO)/$(THISAPP) -PROG = tripwire -PAK_VER = 1 -CFLAGS = -CXXFLAGS = - -DEPS = "" - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = 8a1147c278b528ed593023912c4b649a - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -dist: - $(PAK) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP)* && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP)-src && ln -fs contrib install - cd $(DIR_APP)-src && sed -i -e 's@TWDB="$${prefix}@TWDB="/var@' \ - -e 's@^CLOBBER="false"@CLOBBER="true"@' install/install.cfg - cd $(DIR_APP)-src && sed -i -e 's@^PROMPT="true"@PROMPT="false"@' \ - -e 's@^TW_SITE_PASS=""@TW_SITE_PASS="ipfire"@' \ - -e 's@^TW_LOCAL_PASS=""@TW_LOCAL_PASS="ipfire"@' \ - install/install.sh - cd $(DIR_APP)-src && ./configure --prefix=/usr --sysconfdir=/var/ipfire/tripwire - cd $(DIR_APP)-src && make $(MAKETUNING) $(EXTRA_MAKE) - cd $(DIR_APP)-src && for i in siggen tripwire twadmin twprint; do \ - cp -vf $(DIR_APP)-src/bin/$$i /usr/sbin; \ - done - cp -vrf $(DIR_SRC)/config/tripwire/* /var/ipfire/tripwire/ - cp -vfp /var/ipfire/tripwire/twcfg.txt /var/ipfire/tripwire/twcfg.default - cp -vfp /var/ipfire/tripwire/twpol.txt /var/ipfire/tripwire/twpol.default - @rm -rf $(DIR_APP)* - @$(POSTBUILD) diff --git a/make.sh b/make.sh index 422e87131..3be21820c 100755 --- a/make.sh +++ b/make.sh @@ -679,7 +679,6 @@ buildipfire() { ipfiremake ncftp ipfiremake etherwake ipfiremake bwm-ng - ipfiremake tripwire ipfiremake sysstat ipfiremake vsftpd ipfiremake strongswan diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index e4bf04972..ff775da2a 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -28,7 +28,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \ applejuicectrl rebuildhosts backupctrl collectdctrl \ logwatch openvpnctrl firewallctrl \ wirelessctrl getipstat qosctrl launch-ether-wake \ - redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \ + redctrl syslogdctrl extrahdctrl sambactrl upnpctrl \ smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \ getconntracktable wirelessclient dnsmasqctrl torctrl ddnsctrl diff --git a/src/misc-progs/tripwirectrl.c b/src/misc-progs/tripwirectrl.c deleted file mode 100644 index 8f02d0d18..000000000 --- a/src/misc-progs/tripwirectrl.c +++ /dev/null @@ -1,142 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include "setuid.h" - -#define BUFFER_SIZE 1024 - -char command[BUFFER_SIZE]; - -int main(int argc, char *argv[]) -{ - -if (!(initsetuid())) - exit(1); - -// Check what command is asked -if (argc==1) -{ -fprintf (stderr, "Missing tripwirectrl command!\n"); -return 1; -} - -if (strcmp(argv[1], "tripwirelog")==0) -{ -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --cfgfile /var/ipfire/tripwire/tw.cfg --twrfile /var/ipfire/tripwire/report/%s", argv[2]); -safe_system(command); -return 0; -} - -if (strcmp(argv[1], "generatereport")==0) -{ -safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol"); -return 0; -} - -if (strcmp(argv[1], "deletereport")==0) -{ -sprintf(command, "rm -f /var/ipfire/tripwire/report/%s", argv[2]); -safe_system(command); -return 0; -} - -if (strcmp(argv[1], "updatedatabase")==0) -{ -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s", argv[2], argv[3]); -safe_system(command); -return 0; -} - -if (strcmp(argv[1], "keys")==0) -{ -snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key", argv[3]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]); -safe_system(command); -return 0; -} - -if (strcmp(argv[1], "generatepolicy")==0) -{ -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]); -safe_system(command); -return 0; -} - -if (strcmp(argv[1], "resetpolicy")==0) -{ -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]); -safe_system(command); -return 0; -} - -if (strcmp(argv[1], "readconfig")==0) -{ -safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt"); -return 0; -} - -if (strcmp(argv[1], "lockconfig")==0) -{ -safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt"); -return 0; -} - -if (strcmp(argv[1], "enable")==0) -{ -safe_system("touch /var/ipfire/tripwire/enable"); -safe_system("rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire && chmod 640 /var/ipfire/tripwire/site.key"); -safe_system("rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase ipfire && chmod 640 /var/ipfire/tripwire/local.key"); -safe_system("rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg"); -safe_system("rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol"); -safe_system("/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase ipfire"); -safe_system("cat /usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol > /etc/fcron.daily/tripwire0600"); -safe_system("chmod 755 /etc/fcron.daily/tripwire0600"); -safe_system("touch -t 01010600 /etc/fcron.daily/tripwire0600"); -return 0; -} - -if (strcmp(argv[1], "disable")==0) -{ -safe_system("unlink /var/ipfire/tripwire/enable"); -safe_system("unlink /etc/fcron.daily/tripwire*"); -safe_system("rm -rf /var/ipfire/tripwire/site.key"); -safe_system("rm -rf /var/ipfire/tripwire/local.key"); -safe_system("rm -rf /var/ipfire/tripwire/tw.cfg*"); -safe_system("rm -rf /var/ipfire/tripwire/tw.pol*"); -safe_system("rm -rf /var/ipfire/tripwire/*.twd*"); -safe_system("rm -rf /var/ipfire/tripwire/report/*"); -return 0; -} - -if (strcmp(argv[1], "addcron")==0) -{ -snprintf(command, BUFFER_SIZE-1, "echo \"/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol\" > /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "chmod 755 /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "touch -t 0101%s%s /etc/fcron.daily/tripwire%s%s", argv[2], argv[3], argv[2], argv[3]); -safe_system(command); -return 0; -} -if (strcmp(argv[1], "disablecron")==0) -{ -snprintf(command, BUFFER_SIZE-1, "unlink /etc/fcron.daily/tripwire%s", argv[2]); -safe_system(command); -return 0; -} -return 0; -} -- 2.39.2