#!/usr/bin/perl ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2007 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### use strict; # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; my %tripwiresettings = (); my %checked = (); my %netsettings = (); my $message = ""; my $errormessage = ""; my @Logs = `ls -r /var/ipfire/tripwire/report/ 2>/dev/null`; my $file = `ls -tr /var/ipfire/tripwire/report/ | tail -1 2>/dev/null`; my @cronjobs = `ls /etc/fcron.daily/tripwire* 2>/dev/null`; my $Log =$Lang::tr{'no log selected'}; my %color = (); my %mainsettings = (); &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); ############################################################################################################################ ################################################# Tripwire Default Variablen ################################################ $tripwiresettings{'ROOT'} = '/usr/sbin'; $tripwiresettings{'POLFILE'} = '/var/ipfire/tripwire/tw.pol'; $tripwiresettings{'DBFILE'} = '/var/ipfire/tripwire/$(HOSTNAME).twd'; $tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(DATE).twr'; $tripwiresettings{'SITEKEYFILE'} = '/var/ipfire/tripwire/site.key'; $tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/local.key'; $tripwiresettings{'EDITOR'} = '/usr/bin/vi'; $tripwiresettings{'LATEPROMPTING'} = 'false'; $tripwiresettings{'LOOSEDIRECTORYCHECKING'} = 'false'; $tripwiresettings{'MAILNOVIOLATIONS'} = 'false'; $tripwiresettings{'EMAILREPORTLEVEL'} = '3'; $tripwiresettings{'REPORTLEVEL'} = '3'; $tripwiresettings{'MAILMETHOD'} = 'SENDMAIL'; $tripwiresettings{'SMTPHOST'} = 'ipfire.myipfire.de'; $tripwiresettings{'SMTPPORT'} = '25'; $tripwiresettings{'SYSLOGREPORTING'} = 'false'; $tripwiresettings{'MAILPROGRAM'} = '/usr/sbin/sendmail -oi -t'; $tripwiresettings{'SITEKEY'} = 'ipfire'; $tripwiresettings{'LOCALKEY'} = 'ipfire'; $tripwiresettings{'ACTION'} = ''; &General::readhash("${General::swroot}/tripwire/settings", \%tripwiresettings); ############################################################################################################################ ######################################################### Tripwire HTML Part ############################################### &Header::showhttpheaders(); &Header::getcgihash(\%tripwiresettings); &Header::openpage('Tripwire', 1,); &Header::openbigbox('100%', 'left', '', $errormessage); ############################################################################################################################ ############################################### Tripwire Config Datei erstellen ############################################ if ($tripwiresettings{'ACTION'} eq $Lang::tr{'save'}) { system("/usr/local/bin/tripwirectrl readconfig >/dev/null 2>&1"); open (FILE, ">${General::swroot}/tripwire/twcfg.txt") or die "Can't save tripwire config: $!"; flock (FILE, 2); print FILE </dev/null 2>&1"); } ############################################################################################################################ ################################################## Sicherheitsabfrage für CGI ############################################## if ($tripwiresettings{'ACTION'} eq 'addcron') { print <
$Lang::tr{'add cron'}
HHMM

$Lang::tr{'ok'}
$Lang::tr{'cancel'}
END ; } if ($tripwiresettings{'ACTION'} eq 'globalreset') { print <
$Lang::tr{'resetglobals'}
$Lang::tr{'defaultwarning'}

$Lang::tr{'ok'}
$Lang::tr{'cancel'}
END ; } if ($tripwiresettings{'ACTION'} eq 'generatepolicypw') { print <
$Lang::tr{'generatepolicy'}
$Lang::tr{'tripwirewarningpolicy'}

$Lang::tr{'sitekey'}
$Lang::tr{'localkey'}

$Lang::tr{'ok'}
$Lang::tr{'cancel'}
END ; } if ($tripwiresettings{'ACTION'} eq 'policyresetpw') { print <
$Lang::tr{'resetpolicy'}
$Lang::tr{'tripwirewarningpolicy'}

$Lang::tr{'sitekey'}
$Lang::tr{'localkey'}

$Lang::tr{'ok'}
$Lang::tr{'cancel'}
END ; } if ($tripwiresettings{'ACTION'} eq 'updatedatabasepw') { print <
$Lang::tr{'updatedatabase'}
$Lang::tr{'tripwirewarningdatabase'}

$Lang::tr{'localkey'}


$Lang::tr{'ok'}
$Lang::tr{'cancel'}
END ; } if ($tripwiresettings{'ACTION'} eq 'keyreset') { print <
$Lang::tr{'keyreset'}
$Lang::tr{'tripwirewarningkeys'}

$Lang::tr{'ok'}
$Lang::tr{'cancel'}
END ; } if ($tripwiresettings{'ACTION'} eq 'generatekeys') { print <
$Lang::tr{'generatekeys'}
$Lang::tr{'tripwirewarningkeys'}

$Lang::tr{'ok'}
$Lang::tr{'cancel'}
END ; } ############################################################################################################################ ######################################################## Tripwire Funktionen ############################################### if ($tripwiresettings{'ACTION'} eq 'globalresetyes') { &Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";&Header::closebox(); $tripwiresettings{'ROOT'} = '/usr/sbin'; $tripwiresettings{'POLFILE'} = '/var/ipfire/tripwire/tw.pol'; $tripwiresettings{'DBFILE'} = '/var/ipfire/tripwire/$(HOSTNAME).twd'; $tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(DATE).twr'; $tripwiresettings{'SITEKEYFILE'} = '/var/ipfire/tripwire/site.key'; $tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/local.key'; $tripwiresettings{'EDITOR'} = '/usr/bin/vi'; $tripwiresettings{'LATEPROMPTING'} = 'false'; $tripwiresettings{'LOOSEDIRECTORYCHECKING'} = 'false'; $tripwiresettings{'MAILNOVIOLATIONS'} = 'false'; $tripwiresettings{'EMAILREPORTLEVEL'} = '3'; $tripwiresettings{'REPORTLEVEL'} = '3'; $tripwiresettings{'MAILMETHOD'} = 'SENDMAIL'; $tripwiresettings{'SMTPHOST'} = 'ipfire.myipfire.de'; $tripwiresettings{'SMTPPORT'} = '25'; $tripwiresettings{'SYSLOGREPORTING'} = 'false'; $tripwiresettings{'MAILPROGRAM'} = '/usr/sbin/sendmail -oi -t'; $tripwiresettings{'SITEKEY'} = 'ipfire'; $tripwiresettings{'LOCALKEY'} = 'ipfire'; $tripwiresettings{'ACTION'} = ''; system("/usr/local/bin/tripwirectrl readconfig >/dev/null 2>&1"); open (FILE, ">${General::swroot}/tripwire/twcfg.txt") or die "Can't save tripwire config: $!"; flock (FILE, 2); print FILE </dev/null 2>&1l"); system("/usr/local/bin/tripwirectrl keys ipfire ipfire >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire'; } if ($tripwiresettings{'ACTION'} eq 'generatekeysyes'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl keys $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'} >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';} if ($tripwiresettings{'ACTION'} eq 'keyresetyes'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl keys ipfire ipfire >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';} if ($tripwiresettings{'ACTION'} eq 'resetpolicyyes'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl resetpolicy tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'} >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';} if ($tripwiresettings{'ACTION'} eq 'generatepolicyyes'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl generatepolicy $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'} >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';} if ($tripwiresettings{'ACTION'} eq 'updatedatabaseyes'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl updatedatabase $tripwiresettings{'LOCALKEY'} /var/ipfire/tripwire/report/$file >/dev/null 2>&1");$tripwiresettings{'LOCALKEY'} = 'ipfire';} if ($tripwiresettings{'ACTION'} eq 'generatereport'){&Header::openbox( 'Waiting', 1, "" );print "

$Lang::tr{'tripwireoperating'}
";system("/usr/local/bin/tripwirectrl generatereport >/dev/null 2>&1");} if ($tripwiresettings{'ACTION'} eq 'addcronyes'){system("/usr/local/bin/tripwirectrl addcron $tripwiresettings{'HOUR'} $tripwiresettings{'MINUTE'} >/dev/null 2>&1");} if ($tripwiresettings{'ACTION'} eq 'deletecron'){system("/usr/local/bin/tripwirectrl disablecron $tripwiresettings{'CRON'} >/dev/null 2>&1");@cronjobs = `ls /etc/fcron.daily/tripwire* 2>/dev/null`;} ############################################################################################################################ ##################################################### Tripwire globale Optionen ############################################ &Header::openbox('100%', 'center', 'Tripwire'); print <
$Lang::tr{'basic options'}
$Lang::tr{'emailreportlevel'}
$Lang::tr{'reportlevel'}
$Lang::tr{'mailmethod'}
$Lang::tr{'smtphost'}
$Lang::tr{'smtpport'}
$Lang::tr{'mailprogramm'}
END ; if ($tripwiresettings{'ACTION'} eq 'globalcaption') { print <
$Lang::tr{'caption'}
$Lang::tr{$Lang::tr{'save settings'}
$Lang::tr{$Lang::tr{'restore settings'}
END ; } &Header::closebox(); ############################################################################################################################ ################################################### Tripwire Init Policy and keygen ######################################## &Header::openbox('100%', 'center', $Lang::tr{'generate tripwire keys and init'}); print <
$Lang::tr{'keys'}
$Lang::tr{'sitekey'}
$Lang::tr{'localkey'}
END ; if ($tripwiresettings{'ACTION'} eq 'keycaption') { print <
$Lang::tr{'caption'}
$Lang::tr{$Lang::tr{'generatekeys'}
$Lang::tr{$Lang::tr{'keyreset'}
END ; } &Header::closebox(); ############################################################################################################################ ################################################# Tripwire general functions ############################################### &Header::openbox('100%', 'center', $Lang::tr{'tripwire functions'}); print <
END ; if ($tripwiresettings{'ACTION'} eq 'policycaption') { print <
$Lang::tr{'caption'}
$Lang::tr{$Lang::tr{'generatepolicy'}
$Lang::tr{$Lang::tr{'resetpolicy'}
$Lang::tr{$Lang::tr{'generatereport'}
$Lang::tr{$Lang::tr{'updatedatabase'}
END ; } &Header::closebox(); ############################################################################################################################ ####################################################### Tripwire Log View ################################################## &Header::openbox('100%', 'center', $Lang::tr{'tripwire reports'}); print <
$Lang::tr{'log view'}

END ; if ($tripwiresettings{'ACTION'} eq 'showlog') { $Log = qx(/usr/local/bin/tripwirectrl tripwirelog $tripwiresettings{'LOG'}); $Log=~s/--cfgfile \/var\/ipfire\/tripwire\/tw.cfg --polfile \/var\/ipfire\/tripwire\/tw.pol//g; print < 
$Log

$tripwiresettings{'LOG'} END ; } &Header::closebox(); ############################################################################################################################ ####################################################### Tripwire Cronjob ################################################## # #&Header::openbox('100%', 'center', $Lang::tr{'tripwire cronjob'}); #print < # # #END #; #foreach my $cronjob (@cronjobs) {chomp $cronjob;my $time=$cronjob; $time=~s/\/etc\/fcron.daily\/tripwire//g;print"";} #print < #
#

$cronjob at $time daily
# # #
# #
# #
#END #; #if ($tripwiresettings{'ACTION'} eq 'croncaption') #{ #print < # # # # #
$Lang::tr{'caption'}
$Lang::tr{'add cron'}
$Lang::tr{'delete cron'}
#END #; #} # #&Header::closebox(); &Header::closebigbox(); &Header::closepage();