freedomboneeee/src/freedombone-app-intrusion

101 lines
3.3 KiB
Plaintext
Raw Normal View History

2016-07-03 17:13:34 +02:00
#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# Intrusion detection application
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@robotics.uk.to>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
2016-07-03 22:49:38 +02:00
function remove_intrusion_detection {
if ! grep -Fxq "intrusion_detection" $COMPLETION_FILE; then
return
fi
apt-get -y remove --purge tripwire
if [ -d /etc/tripwire ]; then
rm -rf /etc/tripwire
fi
rm /usr/bin/reset-tripwire
sed -i '/intrusion_detection/d' $COMPLETION_FILE
}
2016-07-03 17:13:34 +02:00
function intrusion_detection {
if grep -Fxq "intrusion_detection" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
apt-get -y install tripwire
apt-get -y autoremove
cd /etc/tripwire
cp site.key $DEFAULT_DOMAIN_NAME-site.key
echo '*** Installing intrusion detection ***'
echo '
' | tripwire --init
# make a script for easy resetting of the tripwire
echo '#!/bin/sh' > /usr/bin/reset-tripwire
echo 'tripwire --update-policy --secure-mode low /etc/tripwire/twpol.txt' >> /usr/bin/reset-tripwire
chmod +x /usr/bin/reset-tripwire
sed -i 's/SYSLOGREPORTING.*/SYSLOGREPORTING =false/g' /etc/tripwire/twcfg.txt
# only send emails if something has changed
sed -i 's|MAILNOVIOLATIONS.*|MAILNOVIOLATIONS = false|g' /etc/tripwire/twcfg.txt
sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt
sed -i 's|/etc/rc.boot.*||g' /etc/tripwire/twpol.txt
# Don't show any changes to /proc
sed -i 's|/proc.*||g' /etc/tripwire/twpol.txt
# Don't report log changes
sed -i 's|/var/log.*||g' /etc/tripwire/twpol.txt
# Ignore /etc/tripwire
if ! grep -q '!/etc/tripwire' /etc/tripwire/twpol.txt; then
sed -i '\|/etc\t\t->.*|a\ !/etc/tripwire ;' /etc/tripwire/twpol.txt
fi
# ignore tt-rss cache
if ! grep -q '!/etc/share/tt-rss/cache' /etc/tripwire/twpol.txt; then
sed -i '\|/etc\t\t->.*|a\ !/etc/share/tt-rss/cache ;' /etc/tripwire/twpol.txt
fi
if ! grep -q '!/etc/share/tt-rss/lock' /etc/tripwire/twpol.txt; then
sed -i '\|/etc\t\t->.*|a\ !/etc/share/tt-rss/lock ;' /etc/tripwire/twpol.txt
fi
# Avoid logging the changed database
sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
# recreate the configuration
echo '
' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
# reset
echo '
' | reset-tripwire
echo 'intrusion_detection' >> $COMPLETION_FILE
}
# NOTE: deliberately no exit 0