106 lines
3.4 KiB
Bash
Executable File
106 lines
3.4 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# .---. . .
|
|
# | | |
|
|
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
|
|
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
|
|
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
|
|
#
|
|
# Freedom in the Cloud
|
|
#
|
|
# Intrusion detection application
|
|
#
|
|
# License
|
|
# =======
|
|
#
|
|
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
function backup_local_tripwire {
|
|
echo -n ''
|
|
}
|
|
|
|
function backup_remote_tripwire {
|
|
echo -n ''
|
|
}
|
|
|
|
function remove_tripwire {
|
|
if ! grep -Fxq "tripwire" $COMPLETION_FILE; then
|
|
return
|
|
fi
|
|
apt-get -y remove --purge tripwire
|
|
if [ -d /etc/tripwire ]; then
|
|
rm -rf /etc/tripwire
|
|
fi
|
|
rm /usr/bin/reset-tripwire
|
|
sed -i '/tripwire/d' $COMPLETION_FILE
|
|
}
|
|
|
|
function install_tripwire {
|
|
if grep -Fxq "install_tripwire" $COMPLETION_FILE; then
|
|
return
|
|
fi
|
|
apt-get -y install tripwire
|
|
apt-get -y autoremove
|
|
cd /etc/tripwire
|
|
cp site.key $DEFAULT_DOMAIN_NAME-site.key
|
|
echo '*** Installing intrusion detection ***'
|
|
echo '
|
|
|
|
' | tripwire --init
|
|
|
|
# make a script for easy resetting of the tripwire
|
|
echo '#!/bin/sh' > /usr/bin/reset-tripwire
|
|
echo 'tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt' >> /usr/bin/reset-tripwire
|
|
chmod +x /usr/bin/reset-tripwire
|
|
|
|
sed -i 's/SYSLOGREPORTING.*/SYSLOGREPORTING =false/g' /etc/tripwire/twcfg.txt
|
|
# only send emails if something has changed
|
|
sed -i 's|MAILNOVIOLATIONS.*|MAILNOVIOLATIONS = false|g' /etc/tripwire/twcfg.txt
|
|
sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt
|
|
sed -i 's|/etc/rc.boot.*||g' /etc/tripwire/twpol.txt
|
|
# Don't show any changes to /proc
|
|
sed -i 's|/proc.*||g' /etc/tripwire/twpol.txt
|
|
# Don't report log changes
|
|
sed -i 's|/var/log.*||g' /etc/tripwire/twpol.txt
|
|
# Ignore /etc/tripwire
|
|
if ! grep -q '!/etc/tripwire' /etc/tripwire/twpol.txt; then
|
|
sed -i '\|/etc\t\t->.*|a\ !/etc/tripwire ;' /etc/tripwire/twpol.txt
|
|
fi
|
|
# ignore tt-rss cache
|
|
if ! grep -q '!/etc/share/tt-rss/cache' /etc/tripwire/twpol.txt; then
|
|
sed -i '\|/etc\t\t->.*|a\ !/etc/share/tt-rss/cache ;' /etc/tripwire/twpol.txt
|
|
fi
|
|
if ! grep -q '!/etc/share/tt-rss/lock' /etc/tripwire/twpol.txt; then
|
|
sed -i '\|/etc\t\t->.*|a\ !/etc/share/tt-rss/lock ;' /etc/tripwire/twpol.txt
|
|
fi
|
|
# Avoid logging the changed database
|
|
sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
|
|
# recreate the configuration
|
|
echo '
|
|
|
|
' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
|
|
# reset
|
|
echo '
|
|
|
|
|
|
|
|
' | reset-tripwire
|
|
|
|
echo 'install_tripwire' >> $COMPLETION_FILE
|
|
}
|
|
|
|
# NOTE: deliberately no exit 0
|