webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Drop tripwire

Browse Source 
This add-on is likely to be unused

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2015-12-04 21:41:56 +00:00
parent 74e43e1493
commit 2b163f4497
14 changed files with 3 additions and 901 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config/menu/EX-tripwire.menu
View File

@@ -1,5 +0,0 @@
$subipfire->{'40.tripwire'} = {'caption' => $Lang::tr{'tripwire'},
'uri' => '/cgi-bin/tripwire.cgi',
'title' => $Lang::tr{'tripwire'},
'enabled' => 1,
};

4
config/rootfiles/common/configroot
View File

@@ -115,7 +115,6 @@ var/ipfire/menu.d/70-log.menu
#var/ipfire/menu.d/EX-mpfire.menu
#var/ipfire/menu.d/EX-samba.menu
#var/ipfire/menu.d/EX-tor.menu
#var/ipfire/menu.d/EX-tripwire.menu
#var/ipfire/menu.d/EX-wlanap.menu
var/ipfire/modem
#var/ipfire/modem/defaults
@@ -182,9 +181,6 @@ var/ipfire/snort
#var/ipfire/snort/settings
var/ipfire/time
#var/ipfire/time/settings
#var/ipfire/tripwire
#var/ipfire/tripwire/report
#var/ipfire/tripwire/settings
var/ipfire/updatexlrator
var/ipfire/updatexlrator/autocheck
var/ipfire/updatexlrator/bin

1
config/rootfiles/common/misc-progs
View File

@@ -33,7 +33,6 @@ usr/local/bin/sshctrl
usr/local/bin/syslogdctrl
usr/local/bin/timectrl
#usr/local/bin/torctrl
#usr/local/bin/tripwirectrl
usr/local/bin/updxlratorctrl
usr/local/bin/upnpctrl
usr/local/bin/urlfilterctrl

1
config/rootfiles/common/web-user-interface
View File

@@ -78,7 +78,6 @@ srv/web/ipfire/cgi-bin/system.cgi
srv/web/ipfire/cgi-bin/time.cgi
#srv/web/ipfire/cgi-bin/tor.cgi
srv/web/ipfire/cgi-bin/traffic.cgi
#srv/web/ipfire/cgi-bin/tripwire.cgi
srv/web/ipfire/cgi-bin/updatexlrator.cgi
#srv/web/ipfire/cgi-bin/upnp.cgi
srv/web/ipfire/cgi-bin/urlfilter.cgi

13
config/rootfiles/packages/tripwire
View File

@@ -1,13 +0,0 @@
#etc/rc.d/init.d/tripwire
usr/local/bin/tripwirectrl
usr/sbin/siggen
usr/sbin/tripwire
usr/sbin/twadmin
usr/sbin/twprint
var/ipfire/tripwire
#var/ipfire/tripwire/twcfg.default
#var/ipfire/tripwire/twcfg.txt
#var/ipfire/tripwire/twpol.default
#var/ipfire/tripwire/twpol.txt
srv/web/ipfire/cgi-bin/tripwire.cgi
var/ipfire/menu.d/EX-tripwire.menu

0
config/tripwire/settings
View File

18
config/tripwire/twcfg.txt
View File

@@ -1,18 +0,0 @@
ROOT =/usr/sbin
POLFILE =/var/ipfire/tripwire/tw.pol
DBFILE =/var/ipfire/tripwire/$(HOSTNAME).twd
REPORTFILE =/var/ipfire/tripwire/report/$(DATE).twr
SITEKEYFILE =/var/ipfire/tripwire/site.key
LOCALKEYFILE =/var/ipfire/tripwire/local.key
EDITOR =/usr/bin/vi
LATEPROMPTING =false
LOOSEDIRECTORYCHECKING =false
MAILNOVIOLATIONS =false
EMAILREPORTLEVEL =3
REPORTLEVEL =3
#MAILMETHOD =SENDMAIL
#MAILMETHOD =SMTP
#SMTPHOST =phoenix.e-vector.com
#SMTPPORT =25
SYSLOGREPORTING =false
#MAILPROGRAM =/usr/sbin/sendmail -oi -t

75
config/tripwire/twpol.txt
View File

@@ -1,75 +0,0 @@
@@section GLOBAL
TWROOT=/usr/sbin;
TWBIN=/usr/sbin;
TWPOL="/var/ipfire/tripwire";
TWDB="/var/ipfire/tripwire";
TWSKEY="/var/ipfire/tripwire";
TWLKEY="/var/ipfire/tripwire";
TWREPORT="/var/ipfire/tripwire/report";
HOSTNAME=ipfire;
@@section FS
SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change
SEC_CONFIG = $(Dynamic) ; # Config files that are changed infrequently but accessed often
SEC_LOG = $(Growing) ; # Files that grow, but that should never change ownership
SEC_INVARIANT = +tpug ; # Directories that should never change permission or ownership
SIG_LOW = 33 ; # Non-critical files that are of minimal security impact
SIG_MED = 66 ; # Non-critical files that are of significant security impact
SIG_HI = 100 ; # Critical files that are significant points of vulnerability
# System Files
(
rulename = "System Files",
severity = $(SIG_HI)
)
{
$(TWDB) -> $(SEC_CRIT) ;
$(TWPOL)/tw.pol -> $(SEC_CRIT) -i ;
$(TWPOL)/tw.cfg -> $(SEC_CRIT) -i ;
$(TWLKEY)/local.key -> $(SEC_CRIT) ;
$(TWSKEY)/site.key -> $(SEC_CRIT) ;
/bin -> $(SEC_CRIT) ;
/boot -> $(SEC_CRIT) ;
/etc -> $(SEC_CRIT) ;
/etc/snort/rules/ -> $(Dynamic) ;
/lib -> $(SEC_CRIT) ;
/root -> $(SEC_CRIT) ;
/root/.bash_history -> $(Dynamic) ;
/sbin -> $(SEC_CRIT) ;
/usr -> $(SEC_CRIT) ;
/usr/share/clamav -> $(Dynamic) ;
/etc/mtab -> $(SEC_CONFIG) -i ; # Inode number changes on any mount/unmount
#don't scan the individual reports
$(TWREPORT) -> $(SEC_CONFIG) (recurse=0) ;
}
# Commonly accessed directories that should remain static with regards to owner and group
(
rulename = "Invariant Directories",
severity = $(SIG_MED)
)
{
/ -> $(SEC_INVARIANT) (recurse = 0) ;
/home -> $(SEC_INVARIANT) (recurse = 0) ;
/tmp -> $(SEC_INVARIANT) ;
}
# Critical Devices
(
rulename = "Critical devices",
severity = $(SIG_HI),
recurse = false
)
{
/dev/console -> $(SEC_CONFIG) -u ; # User ID may change on console login/logout.
/dev/initctl -> $(SEC_CONFIG) ; /dev/log -> $(SEC_CONFIG) ;
/proc/modules -> $(Device) ;
/proc/mounts -> $(Device) ;
/proc/filesystems -> $(Device) ;
/proc/misc -> $(Device) ;
/var/log -> $(SEC_LOG) ;
}

540
html/cgi-bin/tripwire.cgi
View File

@@ -1,540 +0,0 @@
#!/usr/bin/perl
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
use strict;
# enable only the following on debugging purpose
#use warnings;
#use CGI::Carp 'fatalsToBrowser';
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
my %tripwiresettings = ();
my %checked = ();
my %netsettings = ();
my $message = "";
my $errormessage = "";
my @Logs = `ls -r /var/ipfire/tripwire/report/ 2>/dev/null`;
my $file = `ls -tr /var/ipfire/tripwire/report/ | tail -1 2>/dev/null`;
my @cronjobs = `ls /etc/fcron.daily/tripwire* 2>/dev/null`;
my $Log =$Lang::tr{'no log selected'};
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
############################################################################################################################
################################################# Tripwire Default Variablen ################################################
$tripwiresettings{'ROOT'} = '/usr/sbin';
$tripwiresettings{'POLFILE'} = '/var/ipfire/tripwire/tw.pol';
$tripwiresettings{'DBFILE'} = '/var/ipfire/tripwire/$(HOSTNAME).twd';
$tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(DATE).twr';
$tripwiresettings{'SITEKEYFILE'} = '/var/ipfire/tripwire/site.key';
$tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/local.key';
$tripwiresettings{'EDITOR'} = '/usr/bin/vi';
$tripwiresettings{'LATEPROMPTING'} = 'false';
$tripwiresettings{'LOOSEDIRECTORYCHECKING'} = 'false';
$tripwiresettings{'MAILNOVIOLATIONS'} = 'false';
$tripwiresettings{'EMAILREPORTLEVEL'} = '3';
$tripwiresettings{'REPORTLEVEL'} = '3';
$tripwiresettings{'MAILMETHOD'} = 'SENDMAIL';
$tripwiresettings{'SMTPHOST'} = 'ipfire.myipfire.de';
$tripwiresettings{'SMTPPORT'} = '25';
$tripwiresettings{'SYSLOGREPORTING'} = 'false';
$tripwiresettings{'MAILPROGRAM'} = '/usr/sbin/sendmail -oi -t';
$tripwiresettings{'SITEKEY'} = 'ipfire';
$tripwiresettings{'LOCALKEY'} = 'ipfire';
$tripwiresettings{'ACTION'} = '';
&General::readhash("${General::swroot}/tripwire/settings", \%tripwiresettings);
############################################################################################################################
######################################################### Tripwire HTML Part ###############################################
&Header::showhttpheaders();
&Header::getcgihash(\%tripwiresettings);
&Header::openpage('Tripwire', 1,);
&Header::openbigbox('100%', 'left', '', $errormessage);
############################################################################################################################
############################################### Tripwire Config Datei erstellen ############################################
if ($tripwiresettings{'ACTION'} eq $Lang::tr{'save'})
{
system("/usr/local/bin/tripwirectrl readconfig >/dev/null 2>&1");
open (FILE, ">${General::swroot}/tripwire/twcfg.txt") or die "Can't save tripwire config: $!";
flock (FILE, 2);
print FILE <<END
ROOT =$tripwiresettings{'ROOT'}
POLFILE =$tripwiresettings{'POLFILE'}
DBFILE =$tripwiresettings{'DBFILE'}
REPORTFILE =$tripwiresettings{'REPORTFILE'}
SITEKEYFILE =$tripwiresettings{'SITEKEYFILE'}
LOCALKEYFILE =$tripwiresettings{'LOCALKEYFILE'}
EDITOR =$tripwiresettings{'EDITOR'}
LATEPROMPTING =$tripwiresettings{'LATEPROMPTING'}
LOOSEDIRECTORYCHECKING =$tripwiresettings{'LOOSEDIRECTORYCHECKING'}
MAILNOVIOLATIONS =$tripwiresettings{'MAILNOVIOLATIONS'}
EMAILREPORTLEVEL =$tripwiresettings{'EMAILREPORTLEVEL'}
REPORTLEVEL =$tripwiresettings{'REPORTLEVEL'}
MAILMETHOD =$tripwiresettings{'MAILMETHOD'}
SMTPHOST =$tripwiresettings{'SMTPHOST'}
SMTPPORT =$tripwiresettings{'SMTPPORT'}
SYSLOGREPORTING =$tripwiresettings{'SYSLOGREPORTING'}
MAILPROGRAM =$tripwiresettings{'MAILPROGRAM'}
END
;
close FILE;
&General::writehash("${General::swroot}/tripwire/settings", \%tripwiresettings);
system("/usr/local/bin/tripwirectrl lockconfig >/dev/null 2>&1");
}
############################################################################################################################
################################################## Sicherheitsabfrage f<>r CGI ##############################################
if ($tripwiresettings{'ACTION'} eq 'addcron')
{
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td bgcolor='$color{'color20'}' colspan='2' align='center'><b>$Lang::tr{'add cron'}</b>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<tr><td align='center' colspan='2'>HH<input type='text' size='2' name='HOUR' value='08'/>MM<input type='text' size='2' name='MINUTE' value='00'/><br /><br /></td></tr>
<tr><td align='right' width='50%'>
$Lang::tr{'ok'} <input type='image' alt='$Lang::tr{'ok'}' title='$Lang::tr{'ok'}' src='/images/edit-redo.png' />
<input type='hidden' name='ACTION' value='addcronyes' /></form></td>
<td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' alt='$Lang::tr{'cancel'}' title='$Lang::tr{'cancel'}' src='/images/dialog-error.png' /> $Lang::tr{'cancel'}
<input type='hidden' name='ACTION' value='cancel' /></form></td>
</tr>
</table>
END
;
}
if ($tripwiresettings{'ACTION'} eq 'globalreset')
{
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td bgcolor='$color{'color20'}' colspan='2' align='center'><b>$Lang::tr{'resetglobals'}</b>
<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'defaultwarning'}<br /><br /></font></td></tr>
<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
$Lang::tr{'ok'} <input type='image' alt='$Lang::tr{'ok'}' title='$Lang::tr{'ok'}' src='/images/edit-redo.png' />
<input type='hidden' name='ACTION' value='globalresetyes' /></form></td>
<td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' alt='$Lang::tr{'cancel'}' title='$Lang::tr{'cancel'}' src='/images/dialog-error.png' /> $Lang::tr{'cancel'}
<input type='hidden' name='ACTION' value='cancel' /></form></td>
</tr>
</table>
END
;
}
if ($tripwiresettings{'ACTION'} eq 'generatepolicypw')
{
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td bgcolor='$color{'color20'}' colspan='2' align='center'><b>$Lang::tr{'generatepolicy'}</b>
<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningpolicy'}<br /><br /></font></td></tr>
<tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
<tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'localkey'}</td><td align='left'><input type='password' name='LOCALKEY' value='$tripwiresettings{'LOCALKEY'}' size="30" /><br /><br /></td></tr>
<tr><td align='right' width='50%'>
$Lang::tr{'ok'} <input type='image' alt='$Lang::tr{'ok'}' title='$Lang::tr{'ok'}' src='/images/edit-redo.png' />
<input type='hidden' name='ACTION' value='generatepolicyyes' /></form></td>
<td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' alt='$Lang::tr{'cancel'}' title='$Lang::tr{'cancel'}' src='/images/dialog-error.png' /> $Lang::tr{'cancel'}
<input type='hidden' name='ACTION' value='cancel' /></form></td>
</tr>
</table>
END
;
}
if ($tripwiresettings{'ACTION'} eq 'policyresetpw')
{
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td bgcolor='$color{'color20'}' colspan='2' align='center'><b>$Lang::tr{'resetpolicy'}</b>
<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningpolicy'}<br /><br /></font></td></tr>
<tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
<tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'localkey'}</td><td align='left'><input type='password' name='LOCALKEY' value='$tripwiresettings{'LOCALKEY'}' size="30" /><br /><br /></td></tr>
<tr><td align='right' width='50%'>
$Lang::tr{'ok'} <input type='image' alt='$Lang::tr{'ok'}' title='$Lang::tr{'ok'}' src='/images/edit-redo.png' />
<input type='hidden' name='ACTION' value='resetpolicyyes' /></form></td>
<td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' alt='$Lang::tr{'cancel'}' title='$Lang::tr{'cancel'}' src='/images/dialog-error.png' /> $Lang::tr{'cancel'}
<input type='hidden' name='ACTION' value='cancel' /></form></td>
</tr>
</table>
END
;
}
if ($tripwiresettings{'ACTION'} eq 'updatedatabasepw')
{
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td bgcolor='$color{'color20'}' colspan='2' align='center'><b>$Lang::tr{'updatedatabase'}</b>
<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningdatabase'}<br /><br /></font></td></tr>
<tr><td align='left' width='40%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>$Lang::tr{'localkey'}</td><td align='left'><input type='password' name='LOCALKEY' value='$tripwiresettings{'LOCALKEY'}' size="30" /><br /><br /></td></tr>
<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
$Lang::tr{'ok'} <input type='image' alt='$Lang::tr{'ok'}' title='$Lang::tr{'ok'}' src='/images/edit-redo.png' />
<input type='hidden' name='ACTION' value='updatedatabaseyes' /></form></td>
<td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' alt='$Lang::tr{'cancel'}' title='$Lang::tr{'cancel'}' src='/images/dialog-error.png' /> $Lang::tr{'cancel'}
<input type='hidden' name='ACTION' value='cancel' /></form></td>
</tr>
</table>
END
;
}
if ($tripwiresettings{'ACTION'} eq 'keyreset')
{
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td bgcolor='$color{'color20'}' colspan='2' align='center'><b>$Lang::tr{'keyreset'}</b>
<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningkeys'}<br /><br /></font></td></tr>
<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
$Lang::tr{'ok'} <input type='image' alt='$Lang::tr{'ok'}' title='$Lang::tr{'ok'}' src='/images/edit-redo.png' />
<input type='hidden' name='ACTION' value='keyresetyes' /></form></td>
<td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' alt='$Lang::tr{'cancel'}' title='$Lang::tr{'cancel'}' src='/images/dialog-error.png' /> $Lang::tr{'cancel'}
<input type='hidden' name='ACTION' value='cancel' /></form></td>
</tr>
</table>
END
;
}
if ($tripwiresettings{'ACTION'} eq 'generatekeys')
{
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td bgcolor='$color{'color20'}' colspan='2' align='center'><b>$Lang::tr{'generatekeys'}</b>
<tr><td colspan='2' align='center'><font color=red>$Lang::tr{'tripwirewarningkeys'}<br /><br /></font></td></tr>
<tr><td align='right' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
$Lang::tr{'ok'} <input type='image' alt='$Lang::tr{'ok'}' title='$Lang::tr{'ok'}' src='/images/edit-redo.png' />
<input type='hidden' name='ACTION' value='generatekeysyes' /></form></td>
<td align='left' width='50%'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='image' alt='$Lang::tr{'cancel'}' title='$Lang::tr{'cancel'}' src='/images/dialog-error.png' /> $Lang::tr{'cancel'}
<input type='hidden' name='ACTION' value='cancel' /></form></td>
</tr>
</table>
END
;
}
############################################################################################################################
######################################################## Tripwire Funktionen ###############################################
if ($tripwiresettings{'ACTION'} eq 'globalresetyes')
{
&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'tripwireoperating'}</font></center>";&Header::closebox();
$tripwiresettings{'ROOT'} = '/usr/sbin';
$tripwiresettings{'POLFILE'} = '/var/ipfire/tripwire/tw.pol';
$tripwiresettings{'DBFILE'} = '/var/ipfire/tripwire/$(HOSTNAME).twd';
$tripwiresettings{'REPORTFILE'} = '/var/ipfire/tripwire/report/$(DATE).twr';
$tripwiresettings{'SITEKEYFILE'} = '/var/ipfire/tripwire/site.key';
$tripwiresettings{'LOCALKEYFILE'} = '/var/ipfire/tripwire/local.key';
$tripwiresettings{'EDITOR'} = '/usr/bin/vi';
$tripwiresettings{'LATEPROMPTING'} = 'false';
$tripwiresettings{'LOOSEDIRECTORYCHECKING'} = 'false';
$tripwiresettings{'MAILNOVIOLATIONS'} = 'false';
$tripwiresettings{'EMAILREPORTLEVEL'} = '3';
$tripwiresettings{'REPORTLEVEL'} = '3';
$tripwiresettings{'MAILMETHOD'} = 'SENDMAIL';
$tripwiresettings{'SMTPHOST'} = 'ipfire.myipfire.de';
$tripwiresettings{'SMTPPORT'} = '25';
$tripwiresettings{'SYSLOGREPORTING'} = 'false';
$tripwiresettings{'MAILPROGRAM'} = '/usr/sbin/sendmail -oi -t';
$tripwiresettings{'SITEKEY'} = 'ipfire';
$tripwiresettings{'LOCALKEY'} = 'ipfire';
$tripwiresettings{'ACTION'} = '';
system("/usr/local/bin/tripwirectrl readconfig >/dev/null 2>&1");
open (FILE, ">${General::swroot}/tripwire/twcfg.txt") or die "Can't save tripwire config: $!";
flock (FILE, 2);
print FILE <<END
ROOT =$tripwiresettings{'ROOT'}
POLFILE =$tripwiresettings{'POLFILE'}
DBFILE =$tripwiresettings{'DBFILE'}
REPORTFILE =$tripwiresettings{'REPORTFILE'}
SITEKEYFILE =$tripwiresettings{'SITEKEYFILE'}
LOCALKEYFILE =$tripwiresettings{'LOCALKEYFILE'}
EDITOR =$tripwiresettings{'EDITOR'}
LATEPROMPTING =$tripwiresettings{'LATEPROMPTING'}
LOOSEDIRECTORYCHECKING =$tripwiresettings{'LOOSEDIRECTORYCHECKING'}
MAILNOVIOLATIONS =$tripwiresettings{'MAILNOVIOLATIONS'}
EMAILREPORTLEVEL =$tripwiresettings{'EMAILREPORTLEVEL'}
REPORTLEVEL =$tripwiresettings{'REPORTLEVEL'}
MAILMETHOD =$tripwiresettings{'MAILMETHOD'}
SMTPHOST =$tripwiresettings{'SMTPHOST'}
SMTPPORT =$tripwiresettings{'SMTPPORT'}
SYSLOGREPORTING =$tripwiresettings{'SYSLOGREPORTING'}
MAILPROGRAM =$tripwiresettings{'MAILPROGRAM'}
END
;
close FILE;
&General::writehash("${General::swroot}/tripwire/settings", \%tripwiresettings);
system("/usr/local/bin/tripwirectrl lockconfig >/dev/null 2>&1l");
system("/usr/local/bin/tripwirectrl keys ipfire ipfire >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';
}
if ($tripwiresettings{'ACTION'} eq 'generatekeysyes'){&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'tripwireoperating'}</font></center>";system("/usr/local/bin/tripwirectrl keys $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'} >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';}
if ($tripwiresettings{'ACTION'} eq 'keyresetyes'){&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'tripwireoperating'}</font></center>";system("/usr/local/bin/tripwirectrl keys ipfire ipfire >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';}
if ($tripwiresettings{'ACTION'} eq 'resetpolicyyes'){&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'tripwireoperating'}</font></center>";system("/usr/local/bin/tripwirectrl resetpolicy tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'} >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';}
if ($tripwiresettings{'ACTION'} eq 'generatepolicyyes'){&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'tripwireoperating'}</font></center>";system("/usr/local/bin/tripwirectrl generatepolicy $tripwiresettings{'SITEKEY'} $tripwiresettings{'LOCALKEY'} >/dev/null 2>&1");$tripwiresettings{'SITEKEY'} = 'ipfire';$tripwiresettings{'LOCALKEY'} = 'ipfire';}
if ($tripwiresettings{'ACTION'} eq 'updatedatabaseyes'){&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'tripwireoperating'}</font></center>";system("/usr/local/bin/tripwirectrl updatedatabase $tripwiresettings{'LOCALKEY'} /var/ipfire/tripwire/report/$file >/dev/null 2>&1");$tripwiresettings{'LOCALKEY'} = 'ipfire';}
if ($tripwiresettings{'ACTION'} eq 'generatereport'){&Header::openbox( 'Waiting', 1, "<meta http-equiv='refresh' content='1;'>" );print "<center><img src='/images/clock.gif' alt='' /><br/><font color='red'>$Lang::tr{'tripwireoperating'}</font></center>";system("/usr/local/bin/tripwirectrl generatereport >/dev/null 2>&1");}
if ($tripwiresettings{'ACTION'} eq 'addcronyes'){system("/usr/local/bin/tripwirectrl addcron $tripwiresettings{'HOUR'} $tripwiresettings{'MINUTE'} >/dev/null 2>&1");}
if ($tripwiresettings{'ACTION'} eq 'deletecron'){system("/usr/local/bin/tripwirectrl disablecron $tripwiresettings{'CRON'} >/dev/null 2>&1");@cronjobs = `ls /etc/fcron.daily/tripwire* 2>/dev/null`;}
############################################################################################################################
##################################################### Tripwire globale Optionen ############################################
&Header::openbox('100%', 'center', 'Tripwire');
print <<END
<br />
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='95%' cellspacing='0'>
<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'basic options'}</b></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'emailreportlevel'}</td><td align='left'><input type='text' name='EMAILREPORTLEVEL' value='$tripwiresettings{'EMAILREPORTLEVEL'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'reportlevel'}</td><td align='left'><input type='text' name='REPORTLEVEL' value='$tripwiresettings{'REPORTLEVEL'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'mailmethod'}</td><td align='left'><input type='text' name='MAILMETHOD' value='$tripwiresettings{'MAILMETHOD'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'smtphost'}</td><td align='left'><input type='text' name='SMTPHOST' value='$tripwiresettings{'SMTPHOST'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'smtpport'}</td><td align='left'><input type='text' name='SMTPPORT' value='$tripwiresettings{'SMTPPORT'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'mailprogramm'}</td><td align='left'><input type='text' name='MAILPROGRAM' value='$tripwiresettings{'MAILPROGRAM'}' size="30" /></td></tr>
</table>
<br />
<table width='10%' cellspacing='0'>
<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value=$Lang::tr{'save'} />
<input type='image' alt='$Lang::tr{'save'}' title='$Lang::tr{'save'}' src='/images/media-floppy.png' /></form></td>
<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='globalreset' />
<input type='image' alt='$Lang::tr{'reset'}' title='$Lang::tr{'reset'}' src='/images/reload.gif' /></form></td>
<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='globalcaption' />
<input type='image' alt='$Lang::tr{'caption'}' title='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
</table>
</from>
END
;
if ($tripwiresettings{'ACTION'} eq 'globalcaption')
{
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
<tr><td align='right' width='33%'><img src='/images/media-floppy.png' alt='$Lang::tr{'save settings'}' /></td><td align='left'>$Lang::tr{'save settings'}</td></tr>
<tr><td align='right' width='33%'><img src='/images/reload.gif' alt='$Lang::tr{'restore settings'}' /></td><td align='left'>$Lang::tr{'restore settings'}</td></tr>
</table>
END
;
}
&Header::closebox();
############################################################################################################################
################################################### Tripwire Init Policy and keygen ########################################
&Header::openbox('100%', 'center', $Lang::tr{'generate tripwire keys and init'});
print <<END
<br />
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='95%' cellspacing='0'>
<tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'keys'}</b></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'sitekey'}</td><td align='left'><input type='password' name='SITEKEY' value='$tripwiresettings{'SITEKEY'}' size="30" /></td></tr>
<tr><td align='left' width='40%'>$Lang::tr{'localkey'}</td><td align='left'><input type='password' name='LOCALKEY' value='$tripwiresettings{'LOCALKEY'}' size="30" /></td></tr>
</table>
<br />
<table width='10%' cellspacing='0'>
<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='generatekeys'/>
<input type='image' alt='$Lang::tr{'generatekeys'}' title='$Lang::tr{'generatekeys'}' src='/images/system-lock-screen.png' /></form></td>
<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='keyreset' />
<input type='image' alt='$Lang::tr{'reset'}' title='$Lang::tr{'reset'}' src='/images/reload.gif' /></form></td>
<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='keycaption' />
<input type='image' alt='$Lang::tr{'caption'}' title='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
</table>
</from>
END
;
if ($tripwiresettings{'ACTION'} eq 'keycaption')
{
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
<tr><td align='right' width='33%'><img src='/images/system-lock-screen.png' alt='$Lang::tr{'generatekeys'}' /></td><td align='left'>$Lang::tr{'generatekeys'}</td></tr>
<tr><td align='right' width='33%'><img src='/images/reload.gif' alt='$Lang::tr{'keyreset'}' /></td><td align='left'>$Lang::tr{'keyreset'}</td></tr>
</table>
END
;
}
&Header::closebox();
############################################################################################################################
################################################# Tripwire general functions ###############################################
&Header::openbox('100%', 'center', $Lang::tr{'tripwire functions'});
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='generatepolicypw'/>
<input type='image' alt='$Lang::tr{'generatepolicy'}' title='$Lang::tr{'generatepolicy'}' src='/images/document-new.png' /></form></td>
<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='policyresetpw' />
<input type='image' alt='$Lang::tr{'resetpolicy'}' title='$Lang::tr{'resetpolicy'}' src='/images/reload.gif' /></form></td>
<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='generatereport' />
<input type='image' alt='$Lang::tr{'generatereport'}' title='$Lang::tr{'generatereport'}' src='/images/document-properties.png' /></form></td>
<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='updatedatabasepw' />
<input type='image' alt='$Lang::tr{'updatedatabase'}' title='$Lang::tr{'updatedatabase'}' src='/images/network-server.png' /></form></td>
<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
<input type='hidden' name='ACTION' value='policycaption' />
<input type='image' alt='$Lang::tr{'caption'}' title='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
</table>
END
;
if ($tripwiresettings{'ACTION'} eq 'policycaption')
{
print <<END
<br />
<table width='95%' cellspacing='0'>
<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
<tr><td align='right' width='33%'><img src='/images/document-new.png' alt='$Lang::tr{'generatepolicy'}' /></td><td align='left'>$Lang::tr{'generatepolicy'}</td></tr>
<tr><td align='right' width='33%'><img src='/images/reload.gif' alt='$Lang::tr{'resetpolicy'}' /></td><td align='left'>$Lang::tr{'resetpolicy'}</td></tr>
<tr><td align='right' width='33%'><img src='/images/document-properties.png' alt='$Lang::tr{'generatereport'}' /></td><td align='left'>$Lang::tr{'generatereport'}</td></tr>
<tr><td align='right' width='33%'><img src='/images/network-server.png' alt='$Lang::tr{'updatedatabase'}' /></td><td align='left'>$Lang::tr{'updatedatabase'}</td></tr>
</table>
END
;
}
&Header::closebox();
############################################################################################################################
####################################################### Tripwire Log View ##################################################
&Header::openbox('100%', 'center', $Lang::tr{'tripwire reports'});
print <<END
<a name="$Lang::tr{'log view'}"</a>
<br />
<form method='post' action='$ENV{'SCRIPT_NAME'}#$Lang::tr{'log view'}'>
<table width='95%' cellspacing='0'>
<tr><td bgcolor='$color{'color20'}' colspan='3' align='left'><b>$Lang::tr{'log view'}</b></td></tr>
<tr><td colspan='3' align='left'><br /></td></tr>
<tr><td align='left'><select name='LOG' style="width: 500px">
END
;
foreach my $log (@Logs) {chomp $log;print"<option value='$log'>$log</option>";}
print <<END
</select></td><td align='left'><input type='hidden' name='ACTION' value='showlog' /><input type='image' alt='view Log' title='view log' src='/images/format-justify-fill.png' /></td></tr>
</table>
</form>
END
;
if ($tripwiresettings{'ACTION'} eq 'showlog')
{
$Log = qx(/usr/local/bin/tripwirectrl tripwirelog $tripwiresettings{'LOG'});
$Log=~s/--cfgfile \/var\/ipfire\/tripwire\/tw.cfg --polfile \/var\/ipfire\/tripwire\/tw.pol//g;
print <<END
<table width='95%' cellspacing='0'>
<tr><td><br /></td></tr>
<tr><td><pre>$Log</pre></td></tr>
<tr><td><br /></td></tr>
<tr><td align='center'>$tripwiresettings{'LOG'}</td></tr>
</table>
END
;
}
&Header::closebox();
############################################################################################################################
####################################################### Tripwire Cronjob ##################################################
#
#&Header::openbox('100%', 'center', $Lang::tr{'tripwire cronjob'});
#print <<END
#<br />
#<table width='95%' cellspacing='0'>
#<tr><td colspan='3' align='left'><br /></td></tr>
#END
#;
#foreach my $cronjob (@cronjobs) {chomp $cronjob;my $time=$cronjob; $time=~s/\/etc\/fcron.daily\/tripwire//g;print"<form method='post' action='$ENV{'SCRIPT_NAME'}'><tr><td align='left' colspan='2'>$cronjob at $time daily</td><td><input type='hidden' name='ACTION' value='deletecron' /><input type='hidden' name='CRON' value='$time' /><input type='image' alt='delete cron' title='delete cron' src='/images/user-trash.png' /></td></tr></form>";}
#print <<END
#</table>
#<br />
#<table width='10%' cellspacing='0'>
#<tr><td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
# <input type='hidden' name='ACTION' value='addcron'/>
# <input type='image' alt='$Lang::tr{'add cron'}' title='$Lang::tr{'add cron'}' src='/images/appointment-new.png' /></form></td>
#<td align='center'><form method='post' action='$ENV{'SCRIPT_NAME'}'>
# <input type='hidden' name='ACTION' value='croncaption' />
# <input type='image' alt='$Lang::tr{'caption'}' title='$Lang::tr{'caption'}' src='/images/help-browser.png' /></form></td></tr>
#</table>
#END
#;
#if ($tripwiresettings{'ACTION'} eq 'croncaption')
#{
#print <<END
#<br />
#<table width='95%' cellspacing='0'>
#<tr><td align='center' colspan='2'><b>$Lang::tr{'caption'}</b></td></tr>
#<tr><td align='right' width='33%'><img src='/images/appointment-new.png' /></td><td align='left'>$Lang::tr{'add cron'}</td></tr>
#<tr><td align='right' width='33%'><img src='/images/user-trash.png' /></td><td align='left'>$Lang::tr{'delete cron'}</td></tr>
#</table>
#END
#;
#}
#
#&Header::closebox();
&Header::closebigbox();
&Header::closepage();

4
lfs/configroot
View File

@@ -54,7 +54,7 @@ $(TARGET) :
ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \
menu.d modem net-traffic net-traffic/templates nfs optionsfw \
ovpn patches pakfire portfw ppp private proxy/advanced/cre \
proxy/calamaris/bin qos/bin red remote sensors snort time tripwire/report \
proxy/calamaris/bin qos/bin red remote sensors snort time \
updatexlrator/bin updatexlrator/autocheck urlfilter/autoupdate urlfilter/bin upnp vpn \
wakeonlan wireless ; do \
mkdir -p $(CONFIG_ROOT)/$$i; \
@@ -69,7 +69,7 @@ $(TARGET) :
isdn/settings mac/settings main/disable_nf_sip main/hosts main/routing main/settings net-traffic/settings optionsfw/settings \
ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
qos/tosconfig snort/settings tripwire/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
qos/tosconfig snort/settings upnp/settings vpn/config vpn/settings vpn/ipsec.conf \
vpn/ipsec.secrets vpn/caconfig wakeonlan/clients.conf wireless/config wireless/settings; do \
touch $(CONFIG_ROOT)/$$i; \
done

98
lfs/tripwire
View File

@@ -1,98 +0,0 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 2.4.1.2
THISAPP = tripwire-$(VER)
DL_FILE = $(THISAPP)-src.tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = tripwire
PAK_VER = 1
CFLAGS =
CXXFLAGS =
DEPS = ""
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 8a1147c278b528ed593023912c4b649a
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
dist:
$(PAK)
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP)* && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP)-src && ln -fs contrib install
cd $(DIR_APP)-src && sed -i -e 's@TWDB="$${prefix}@TWDB="/var@' \
-e 's@^CLOBBER="false"@CLOBBER="true"@' install/install.cfg
cd $(DIR_APP)-src && sed -i -e 's@^PROMPT="true"@PROMPT="false"@' \
-e 's@^TW_SITE_PASS=""@TW_SITE_PASS="ipfire"@' \
-e 's@^TW_LOCAL_PASS=""@TW_LOCAL_PASS="ipfire"@' \
install/install.sh
cd $(DIR_APP)-src && ./configure --prefix=/usr --sysconfdir=/var/ipfire/tripwire
cd $(DIR_APP)-src && make $(MAKETUNING) $(EXTRA_MAKE)
cd $(DIR_APP)-src && for i in siggen tripwire twadmin twprint; do \
cp -vf $(DIR_APP)-src/bin/$$i /usr/sbin; \
done
cp -vrf $(DIR_SRC)/config/tripwire/* /var/ipfire/tripwire/
cp -vfp /var/ipfire/tripwire/twcfg.txt /var/ipfire/tripwire/twcfg.default
cp -vfp /var/ipfire/tripwire/twpol.txt /var/ipfire/tripwire/twpol.default
@rm -rf $(DIR_APP)*
@$(POSTBUILD)

1
make.sh
View File

@@ -679,7 +679,6 @@ buildipfire() {
ipfiremake ncftp
ipfiremake etherwake
ipfiremake bwm-ng
ipfiremake tripwire
ipfiremake sysstat
ipfiremake vsftpd
ipfiremake strongswan

2
src/misc-progs/Makefile
View File

@@ -28,7 +28,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \
applejuicectrl rebuildhosts backupctrl collectdctrl \
logwatch openvpnctrl firewallctrl \
wirelessctrl getipstat qosctrl launch-ether-wake \
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
getconntracktable wirelessclient dnsmasqctrl torctrl ddnsctrl

142
src/misc-progs/tripwirectrl.c
View File

@@ -1,142 +0,0 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <fcntl.h>
#include "setuid.h"
#define BUFFER_SIZE 1024
char command[BUFFER_SIZE];
int main(int argc, char *argv[])
{
if (!(initsetuid()))
exit(1);
// Check what command is asked
if (argc==1)
{
fprintf (stderr, "Missing tripwirectrl command!\n");
return 1;
}
if (strcmp(argv[1], "tripwirelog")==0)
{
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twprint -m r --cfgfile /var/ipfire/tripwire/tw.cfg --twrfile /var/ipfire/tripwire/report/%s", argv[2]);
safe_system(command);
return 0;
}
if (strcmp(argv[1], "generatereport")==0)
{
safe_system("/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol");
return 0;
}
if (strcmp(argv[1], "deletereport")==0)
{
sprintf(command, "rm -f /var/ipfire/tripwire/report/%s", argv[2]);
safe_system(command);
return 0;
}
if (strcmp(argv[1], "updatedatabase")==0)
{
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --update --accept-all --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s --twrfile %s", argv[2], argv[3]);
safe_system(command);
return 0;
}
if (strcmp(argv[1], "keys")==0)
{
snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s && chmod 640 /var/ipfire/tripwire/site.key", argv[2]);
safe_system(command);
snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase %s && chmod 640 /var/ipfire/tripwire/local.key", argv[3]);
safe_system(command);
snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg", argv[2]);
safe_system(command);
snprintf(command, BUFFER_SIZE-1, "rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol", argv[2]);
safe_system(command);
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]);
safe_system(command);
return 0;
}
if (strcmp(argv[1], "generatepolicy")==0)
{
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.txt", argv[2]);
safe_system(command);
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]);
safe_system(command);
return 0;
}
if (strcmp(argv[1], "resetpolicy")==0)
{
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/twadmin --create-polfile --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase %s --polfile /var/ipfire/tripwire/tw.pol --cfgfile /var/ipfire/tripwire/tw.cfg /var/ipfire/tripwire/twpol.default", argv[2]);
safe_system(command);
snprintf(command, BUFFER_SIZE-1, "/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase %s", argv[3]);
safe_system(command);
return 0;
}
if (strcmp(argv[1], "readconfig")==0)
{
safe_system("/bin/chown nobody:nobody /var/ipfire/tripwire/twcfg.txt");
return 0;
}
if (strcmp(argv[1], "lockconfig")==0)
{
safe_system("/bin/chown root:root /var/ipfire/tripwire/twcfg.txt");
return 0;
}
if (strcmp(argv[1], "enable")==0)
{
safe_system("touch /var/ipfire/tripwire/enable");
safe_system("rm -rf /var/ipfire/tripwire/site.key && /usr/sbin/twadmin --generate-keys --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire && chmod 640 /var/ipfire/tripwire/site.key");
safe_system("rm -rf /var/ipfire/tripwire/local.key && /usr/sbin/twadmin --generate-keys --local-keyfile /var/ipfire/tripwire/local.key --local-passphrase ipfire && chmod 640 /var/ipfire/tripwire/local.key");
safe_system("rm -rf /var/ipfire/tripwire/tw.cfg && /usr/sbin/twadmin --create-cfgfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twcfg.txt && chmod 640 /var/ipfire/tripwire/tw.cfg");
safe_system("rm -rf /var/ipfire/tripwire/tw.pol && /usr/sbin/twadmin --create-polfile --cfgfile /var/ipfire/tripwire/tw.cfg --site-keyfile /var/ipfire/tripwire/site.key --site-passphrase ipfire /var/ipfire/tripwire/twpol.txt && chmod 640 /var/ipfire/tripwire/tw.pol");
safe_system("/usr/sbin/tripwire --init --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol --local-passphrase ipfire");
safe_system("cat /usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol > /etc/fcron.daily/tripwire0600");
safe_system("chmod 755 /etc/fcron.daily/tripwire0600");
safe_system("touch -t 01010600 /etc/fcron.daily/tripwire0600");
return 0;
}
if (strcmp(argv[1], "disable")==0)
{
safe_system("unlink /var/ipfire/tripwire/enable");
safe_system("unlink /etc/fcron.daily/tripwire*");
safe_system("rm -rf /var/ipfire/tripwire/site.key");
safe_system("rm -rf /var/ipfire/tripwire/local.key");
safe_system("rm -rf /var/ipfire/tripwire/tw.cfg*");
safe_system("rm -rf /var/ipfire/tripwire/tw.pol*");
safe_system("rm -rf /var/ipfire/tripwire/*.twd*");
safe_system("rm -rf /var/ipfire/tripwire/report/*");
return 0;
}
if (strcmp(argv[1], "addcron")==0)
{
snprintf(command, BUFFER_SIZE-1, "echo \"/usr/sbin/tripwire --check --cfgfile /var/ipfire/tripwire/tw.cfg --polfile /var/ipfire/tripwire/tw.pol\" > /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]);
safe_system(command);
snprintf(command, BUFFER_SIZE-1, "chmod 755 /etc/fcron.daily/tripwire%s%s", argv[2], argv[3]);
safe_system(command);
snprintf(command, BUFFER_SIZE-1, "touch -t 0101%s%s /etc/fcron.daily/tripwire%s%s", argv[2], argv[3], argv[2], argv[3]);
safe_system(command);
return 0;
}
if (strcmp(argv[1], "disablecron")==0)
{
snprintf(command, BUFFER_SIZE-1, "unlink /etc/fcron.daily/tripwire%s", argv[2]);
safe_system(command);
return 0;
}
return 0;
}