src/misc-progs/tripwirectrl.c

   1 #include <stdio.h>
   2 #include <string.h>
   3 #include <stdlib.h>
   4 #include <unistd.h>
   5 #include <sys/types.h>
   6 #include <fcntl.h>
   7 #include "setuid.h"
   8
   9 #define BUFFER_SIZE 1024
  10
  11 char command[BUFFER_SIZE];
  12
  13 int main(int argc, char *argv[])
  14 {
  15
  16 if (!(initsetuid()))
  17  exit(1);
  18
  19 // Check what command is asked
  20 if (argc==1)
  21 {
  22 fprintf (stderr, "Missing tripwirectrl command!\n");
  23 return 1;
  24 }
  25
  26 if (strcmp(argv[1], "tripwirelog")==0)
  27 {
  28 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --cfgfile /var/ipfire/tripwire/tw.cfg --twrfile /var/ipfire/tripwire/report/%s", argv[2]);
  29 safe_system(command);
  30 return 0;
  31 }
  32
  33 if (strcmp(argv[1], "generatereport")==0)
  34 {
  35 safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol");
  36 return 0;
  37 }
  38
  39 if (strcmp(argv[1], "deletereport")==0)
  40 {
  41 sprintf(command, "rm -f /var/ipfire/tripwire/report/%s", argv[2]);
  42 safe_system(command);
  43 return 0;
  44 }
  45
  46 if (strcmp(argv[1], "updatedatabase")==0)
  47 {
  48 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s", argv[2], argv[3]);
  49 safe_system(command);
  50 return 0;
  51 }
  52
  53 if (strcmp(argv[1], "keys")==0)
  54 {
  55 snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]);
  56 safe_system(command);
  57 snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key", argv[3]);
  58 safe_system(command);
  59 snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]);
  60 safe_system(command);
  61 snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]);
  62 safe_system(command);
  63 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]);
  64 safe_system(command);
  65 return 0;
  66 }
  67
  68 if (strcmp(argv[1], "generatepolicy")==0)
  69 {
  70 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]);
  71 safe_system(command);
  72 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]);
  73 safe_system(command);
  74 return 0;
  75 }
  76
  77 if (strcmp(argv[1], "resetpolicy")==0)
  78 {
  79 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]);
  80 safe_system(command);
  81 snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]);
  82 safe_system(command);
  83 return 0;
  84 }
  85
  86 if (strcmp(argv[1], "readconfig")==0)
  87 {
  88 safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt");
  89 return 0;
  90 }
  91
  92 if (strcmp(argv[1], "lockconfig")==0)
  93 {
  94 safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt");
  95 return 0;
  96 }
  97
  98 if (strcmp(argv[1], "enable")==0)
  99 {
 100 safe_system("touch /var/ipfire/tripwire/enable");
 101 safe_system("rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire && chmod 640 /var/ipfire/tripwire/site.key");
 102 safe_system("rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase ipfire && chmod 640 /var/ipfire/tripwire/local.key");
 103 safe_system("rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg");
 104 safe_system("rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol");
 105 safe_system("/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase ipfire");
 106 safe_system("cat /usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol > /etc/fcron.daily/tripwire0600");
 107 safe_system("chmod 755 /etc/fcron.daily/tripwire0600");
 108 safe_system("touch -t 01010600 /etc/fcron.daily/tripwire0600");
 109 return 0;
 110 }
 111
 112 if (strcmp(argv[1], "disable")==0)
 113 {
 114 safe_system("unlink /var/ipfire/tripwire/enable");
 115 safe_system("unlink /etc/fcron.daily/tripwire*");
 116 safe_system("rm -rf /var/ipfire/tripwire/site.key");
 117 safe_system("rm -rf /var/ipfire/tripwire/local.key");
 118 safe_system("rm -rf /var/ipfire/tripwire/tw.cfg*");
 119 safe_system("rm -rf /var/ipfire/tripwire/tw.pol*");
 120 safe_system("rm -rf /var/ipfire/tripwire/*.twd*");
 121 safe_system("rm -rf /var/ipfire/tripwire/report/*");
 122 return 0;
 123 }
 124
 125 if (strcmp(argv[1], "addcron")==0)
 126 {
 127 snprintf(command, BUFFER_SIZE-1, "echo \"/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol\" > /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]);
 128 safe_system(command);
 129 snprintf(command, BUFFER_SIZE-1, "chmod 755 /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]);
 130 safe_system(command);
 131 snprintf(command, BUFFER_SIZE-1, "touch -t 0101%s%s /etc/fcron.daily/tripwire%s%s", argv[2], argv[3], argv[2], argv[3]);
 132 safe_system(command);
 133 return 0;
 134 }
 135 if (strcmp(argv[1], "disablecron")==0)
 136 {
 137 snprintf(command, BUFFER_SIZE-1, "unlink /etc/fcron.daily/tripwire%s", argv[2]);
 138 safe_system(command);
 139 return 0;
 140 }
 141 return 0;
 142 }