]>
Commit | Line | Data |
---|---|---|
92004c61 CS |
1 | #include <stdio.h> |
2 | #include <string.h> | |
3 | #include <stdlib.h> | |
4 | #include <unistd.h> | |
5 | #include <sys/types.h> | |
6 | #include <fcntl.h> | |
7 | #include "setuid.h" | |
8 | ||
9 | #define BUFFER_SIZE 1024 | |
10 | ||
11 | char command[BUFFER_SIZE]; | |
12 | ||
13 | int main(int argc, char *argv[]) | |
14 | { | |
15 | ||
16 | if (!(initsetuid())) | |
17 | exit(1); | |
18 | ||
19 | // Check what command is asked | |
20 | if (argc==1) | |
21 | { | |
22 | fprintf (stderr, "Missing tripwirectrl command!\n"); | |
23 | return 1; | |
24 | } | |
25 | ||
26 | if (strcmp(argv[1], "tripwirelog")==0) | |
27 | { | |
28 | char log; | |
29 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --twrfile /var/ipfire/tripwire/report/%s", argv[2]); | |
30 | log=safe_system(command); | |
31 | printf(command); | |
32 | return(log); | |
33 | } | |
34 | ||
35 | if (strcmp(argv[1], "generatereport")==0) | |
36 | { | |
37 | safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg"); | |
38 | printf(command); | |
39 | return 0; | |
40 | } | |
41 | ||
42 | if (strcmp(argv[1], "updatedatabase")==0) | |
43 | { | |
44 | char file; | |
45 | file=safe_system("ls -S | tail -1"); | |
46 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --local-passphrase %s --twrfile %s", argv[2], file); | |
47 | safe_system(command); | |
48 | printf(command); | |
49 | return 0; | |
50 | } | |
51 | ||
52 | if (strcmp(argv[1], "keys")==0) | |
53 | { | |
54 | snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]); | |
55 | safe_system(command); | |
56 | printf(command); | |
57 | snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/$(HOSTNAME)-local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/$(HOSTNAME)-local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/$(HOSTNAME)-local.key", argv[3]); | |
58 | safe_system(command); | |
59 | printf(command); | |
60 | snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]); | |
61 | safe_system(command); | |
62 | printf(command); | |
63 | snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]); | |
64 | safe_system(command); | |
65 | printf(command); | |
66 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.cfg --site-passphrase %s", argv[2]); | |
67 | safe_system(command); | |
68 | printf(command); | |
69 | return 0; | |
70 | } | |
71 | ||
72 | if (strcmp(argv[1], "generatepolicy")==0) | |
73 | { | |
74 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --generate-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]); | |
75 | safe_system(command); | |
76 | printf(command); | |
77 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init -c /var/ipfire/tripwire/tw.cfg -p /var/ipfire/tripwire/tw.cfg --site-passphrase %s", argv[2]); | |
78 | safe_system(command); | |
79 | printf(command); | |
80 | return 0; | |
81 | } | |
82 | ||
83 | if (strcmp(argv[1], "resetpolicy")==0) | |
84 | { | |
85 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --generate-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]); | |
86 | safe_system(command); | |
87 | printf(command); | |
88 | snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init -c /var/ipfire/tripwire/tw.cfg -p /var/ipfire/tripwire/tw.cfg --site-passphrase %s", argv[2]); | |
89 | safe_system(command); | |
90 | printf(command); | |
91 | return 0; | |
92 | } | |
93 | ||
94 | if (strcmp(argv[1], "readconfig")==0) | |
95 | { | |
96 | safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt"); | |
97 | printf(command); | |
98 | return 0; | |
99 | } | |
100 | ||
101 | if (strcmp(argv[1], "lockconfig")==0) | |
102 | { | |
103 | safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt"); | |
104 | printf(command); | |
105 | return 0; | |
106 | } | |
107 | } |