diff options
author | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
---|---|---|
committer | takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp> | 2020-11-02 11:07:33 +0900 |
commit | 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf (patch) | |
tree | cd70a267a5ef105ba32f200aa088e281fbd85747 /external/meta-security/recipes-security/tripwire/files/twinstall.sh | |
parent | 4204309872da5cb401cbb2729d9e2d4869a87f42 (diff) |
basesystem-jjsandbox/ToshikazuOhiwa/master-jj
recipes
Diffstat (limited to 'external/meta-security/recipes-security/tripwire/files/twinstall.sh')
-rw-r--r-- | external/meta-security/recipes-security/tripwire/files/twinstall.sh | 320 |
1 files changed, 0 insertions, 320 deletions
diff --git a/external/meta-security/recipes-security/tripwire/files/twinstall.sh b/external/meta-security/recipes-security/tripwire/files/twinstall.sh deleted file mode 100644 index 7d1b63fe..00000000 --- a/external/meta-security/recipes-security/tripwire/files/twinstall.sh +++ /dev/null @@ -1,320 +0,0 @@ -#!/bin/sh - -######################################################################## -######################################################################## -## -## Tripwire(R) 2.3 for LINUX(R) Post-RPM installation script -## -## Copyleft information contained in footer -## -######################################################################## -######################################################################## - -##======================================================= -## Setup -##======================================================= - -# We can assume all the correct tools are in place because the -# RPM installed, didn't it? - -##------------------------------------------------------- -## Set HOST_NAME variable -##------------------------------------------------------- -HOST_NAME='localhost' -if uname -n > /dev/null 2> /dev/null ; then - HOST_NAME=`uname -n` -fi - -##------------------------------------------------------- -## Program variables - edited by RPM during initial install -##------------------------------------------------------- - -# Site Passphrase variable -TW_SITE_PASS="tripwire" - -# Complete path to site key -SITE_KEY="/etc/tripwire/site.key" - -# Local Passphrase variable -TW_LOCAL_PASS="tripwire" - -# Complete path to local key -LOCAL_KEY="/etc/tripwire/${HOST_NAME}-local.key" - -# If clobber==true, overwrite files; if false, do not overwrite files. -CLOBBER="false" - -# If prompt==true, ask for confirmation before continuing with install. -PROMPT="true" - -# Name of twadmin executeable -TWADMIN="twadmin" - -# Path to twadmin executeable -TWADMPATH=/usr/sbin - -# Path to configuration directory -CONF_PATH="/etc/tripwire" - -# Name of clear text policy file -TXT_POL=$CONF_PATH/twpol.txt - -# Name of clear text configuration file -TXT_CFG=$CONF_PATH/twcfg.txt - -# Name of encrypted configuration file -CONFIG_FILE=$CONF_PATH/tw.cfg - -# Path of the final Tripwire policy file (signed) -SIGNED_POL=`grep POLFILE $TXT_CFG | sed -e 's/^.*=\(.*\)/\1/'` - - -##======================================================= -## Create Key Files -##======================================================= - -##------------------------------------------------------- -## If user has to enter a passphrase, give some -## advice about what is appropriate. -##------------------------------------------------------- - -if [ -z "$TW_SITE_PASS" ] || [ -z "$TW_LOCAL_PASS" ]; then -cat << END_OF_TEXT - ----------------------------------------------- -The Tripwire site and local passphrases are used to -sign a variety of files, such as the configuration, -policy, and database files. - -Passphrases should be at least 8 characters in length -and contain both letters and numbers. - -See the Tripwire manual for more information. -END_OF_TEXT -fi - -##======================================================= -## Generate keys. -##======================================================= - -echo -echo "----------------------------------------------" -echo "Creating key files..." - -##------------------------------------------------------- -## Site key file. -##------------------------------------------------------- - -# If clobber is true, and prompting is off (unattended operation) -# and the key file already exists, remove it. Otherwise twadmin -# will prompt with an "are you sure?" message. - -if [ "$CLOBBER" = "true" ] && [ "$PROMPT" = "false" ] && [ -f "$SITE_KEY" ] ; then - rm -f "$SITE_KEY" -fi - -if [ -f "$SITE_KEY" ] && [ "$CLOBBER" = "false" ] ; then - echo "The site key file \"$SITE_KEY\"" - echo 'exists and will not be overwritten.' -else - cmdargs="--generate-keys --site-keyfile \"$SITE_KEY\"" - if [ -n "$TW_SITE_PASS" ] ; then - cmdargs="$cmdargs --site-passphrase \"$TW_SITE_PASS\"" - fi - eval "\"$TWADMPATH/$TWADMIN\" $cmdargs" - if [ $? -ne 0 ] ; then - echo "Error: site key generation failed" - exit 1 - else chmod 640 "$SITE_KEY" - fi -fi - -##------------------------------------------------------- -## Local key file. -##------------------------------------------------------- - -# If clobber is true, and prompting is off (unattended operation) -# and the key file already exists, remove it. Otherwise twadmin -# will prompt with an "are you sure?" message. - -if [ "$CLOBBER" = "true" ] && [ "$PROMPT" = "false" ] && [ -f "$LOCAL_KEY" ] ; then - rm -f "$LOCAL_KEY" -fi - -if [ -f "$LOCAL_KEY" ] && [ "$CLOBBER" = "false" ] ; then - echo "The site key file \"$LOCAL_KEY\"" - echo 'exists and will not be overwritten.' -else - cmdargs="--generate-keys --local-keyfile \"$LOCAL_KEY\"" - if [ -n "$TW_LOCAL_PASS" ] ; then - cmdargs="$cmdargs --local-passphrase \"$TW_LOCAL_PASS\"" - fi - eval "\"$TWADMPATH/$TWADMIN\" $cmdargs" - if [ $? -ne 0 ] ; then - echo "Error: local key generation failed" - exit 1 - else chmod 640 "$LOCAL_KEY" - fi -fi - -##======================================================= -## Sign the Configuration File -##======================================================= - -echo -echo "----------------------------------------------" -echo "Signing configuration file..." - -##------------------------------------------------------- -## If noclobber, then backup any existing config file. -##------------------------------------------------------- - -if [ "$CLOBBER" = "false" ] && [ -s "$CONFIG_FILE" ] ; then - backup="${CONFIG_FILE}.$$.bak" - echo "Backing up $CONFIG_FILE" - echo " to $backup" - `mv "$CONFIG_FILE" "$backup"` - if [ $? -ne 0 ] ; then - echo "Error: backup of configuration file failed." - exit 1 - fi -fi - -##------------------------------------------------------- -## Build command line. -##------------------------------------------------------- - -cmdargs="--create-cfgfile" -cmdargs="$cmdargs --cfgfile \"$CONFIG_FILE\"" -cmdargs="$cmdargs --site-keyfile \"$SITE_KEY\"" -if [ -n "$TW_SITE_PASS" ] ; then - cmdargs="$cmdargs --site-passphrase \"$TW_SITE_PASS\"" -fi - -##------------------------------------------------------- -## Sign the file. -##------------------------------------------------------- - -eval "\"$TWADMPATH/$TWADMIN\" $cmdargs \"$TXT_CFG\"" -if [ $? -ne 0 ] ; then - echo "Error: signing of configuration file failed." - exit 1 -fi - -# Set the rights properly -chmod 640 "$CONFIG_FILE" - -##------------------------------------------------------- -## We keep the cleartext version around. -##------------------------------------------------------- - -cat << END_OF_TEXT - -A clear-text version of the Tripwire configuration file -$TXT_CFG -has been preserved for your inspection. It is recommended -that you delete this file manually after you have examined it. - -END_OF_TEXT - -##======================================================= -## Sign tripwire policy file. -##======================================================= - -echo -echo "----------------------------------------------" -echo "Signing policy file..." - -##------------------------------------------------------- -## If noclobber, then backup any existing policy file. -##------------------------------------------------------- - -if [ "$CLOBBER" = "false" ] && [ -s "$POLICY_FILE" ] ; then - backup="${POLICY_FILE}.$$.bak" - echo "Backing up $POLICY_FILE" - echo " to $backup" - mv "$POLICY_FILE" "$backup" - if [ $? -ne 0 ] ; then - echo "Error: backup of policy file failed." - exit 1 - fi -fi - -##------------------------------------------------------- -## Build command line. -##------------------------------------------------------- - -cmdargs="--create-polfile" -cmdargs="$cmdargs --cfgfile \"$CONFIG_FILE\"" -cmdargs="$cmdargs --site-keyfile \"$SITE_KEY\"" -if [ -n "$TW_SITE_PASS" ] ; then - cmdargs="$cmdargs --site-passphrase \"$TW_SITE_PASS\"" -fi - -##------------------------------------------------------- -## Sign the file. -##------------------------------------------------------- - -eval "\"$TWADMPATH/$TWADMIN\" $cmdargs \"$TXT_POL\"" -if [ $? -ne 0 ] ; then - echo "Error: signing of policy file failed." - exit 1 -fi - -# Set the proper rights on the newly signed policy file. -chmod 0640 "$SIGNED_POL" - -##------------------------------------------------------- -## We keep the cleartext version around. -##------------------------------------------------------- - -cat << END_OF_TEXT - -A clear-text version of the Tripwire policy file -$TXT_POL -has been preserved for your inspection. This implements -a minimal policy, intended only to test essential -Tripwire functionality. You should edit the policy file -to describe your system, and then use twadmin to generate -a new signed copy of the Tripwire policy. - -END_OF_TEXT - -# Initialize tripwire database -/usr/sbin/tripwire --init --cfgfile $CONFIG_FILE --site-keyfile $SITE_KEY \ ---local-passphrase $TW_LOCAL_PASS 2> /dev/null - -######################################################################## -######################################################################## -# -# TRIPWIRE GPL NOTICES -# -# The developer of the original code and/or files is Tripwire, Inc. -# Portions created by Tripwire, Inc. are copyright 2000 Tripwire, Inc. -# Tripwire is a registered trademark of Tripwire, Inc. All rights reserved. -# -# This program is free software. The contents of this file are subject to -# the terms of the GNU General Public License as published by the Free -# Software Foundation; either version 2 of the License, or (at your option) -# any later version. You may redistribute it and/or modify it only in -# compliance with the GNU General Public License. -# -# This program is distributed in the hope that it will be useful. However, -# this program is distributed "AS-IS" WITHOUT ANY WARRANTY; INCLUDING THE -# IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -# Please see the GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# Nothing in the GNU General Public License or any other license to use the -# code or files shall permit you to use Tripwire's trademarks, -# service marks, or other intellectual property without Tripwire's -# prior written consent. -# -# If you have any questions, please contact Tripwire, Inc. at either -# info@tripwire.org or www.tripwire.org. -# -######################################################################## -######################################################################## |