free
/
freedombone
Seguir 1
Destacar 0
Cuchillo 0
Código Incidencias 0 Peticiones pull 0 Lanzamientos 0 Wiki Activity
9636 Commits
5 Ramas
Árbol: 3fe5830e02
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '3fe5830e02'
${ noResults }
freedombone/src/freedombone-base-tripwire

freedombone-base-tripwire 5.7KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153 
  1. #!/bin/bash

  2. #  _____               _           _

  3. # |   __|___ ___ ___ _| |___ _____| |_ ___ ___ ___

  4. # |   __|  _| -_| -_| . | . |     | . | . |   | -_|

  5. # |__|  |_| |___|___|___|___|_|_|_|___|___|_|_|___|

  6. #

  7. #                              Freedom in the Cloud

  8. #

  9. # Intrusion detection application

  10. #

  11. # License

  12. # =======

  13. #

  14. # Copyright (C) 2014-2018 Bob Mottram <bob@freedombone.net>

  15. #

  16. # This program is free software: you can redistribute it and/or modify

  17. # it under the terms of the GNU Affero General Public License as published by

  18. # the Free Software Foundation, either version 3 of the License, or

  19. # (at your option) any later version.

  20. #

  21. # This program is distributed in the hope that it will be useful,

  22. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  23. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  24. # GNU Affero General Public License for more details.

  25. #

  26. # You should have received a copy of the GNU Affero General Public License

  27. # along with this program.  If not, see <http://www.gnu.org/licenses/>.

  28. 

  29. function backup_local_tripwire {

  30.     echo -n ''

  31. }

  32. 

  33. function backup_remote_tripwire {

  34.     echo -n ''

  35. }

  36. 

  37. function remove_tripwire {

  38.     if ! grep -Fxq "tripwire" "$COMPLETION_FILE"; then

  39.         return

  40.     fi

  41.     apt-get -yq remove --purge tripwire

  42.     if [ -d /etc/tripwire ]; then

  43.         rm -rf /etc/tripwire

  44.     fi

  45.     rm /usr/bin/reset-tripwire

  46.     sed -i '/tripwire/d' "$COMPLETION_FILE"

  47. }

  48. 

  49. function install_tripwire {

  50.     if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then

  51.         return

  52.     fi

  53. 

  54.     echo '*** Installing intrusion detection ***'

  55. 

  56.     debconf-set-selections <<< "tripwire tripwire/use-sitekey boolean false"

  57.     debconf-set-selections <<< "tripwire tripwire/use-localkey boolean false"

  58. 

  59.     apt-get -yq install tripwire qrencode

  60.     apt-get -yq autoremove

  61.     cd /etc/tripwire || exit 246852845

  62. 

  63.     { echo 'ROOT          =/usr/sbin';

  64.       echo 'POLFILE       =/etc/tripwire/tw.pol';

  65.       echo "DBFILE        =/var/lib/tripwire/\$(HOSTNAME).twd";

  66.       echo "REPORTFILE    =/var/lib/tripwire/report/\$(HOSTNAME)-\$(DATE).twr";

  67.       echo "SITEKEYFILE   =/etc/tripwire/\$(HOSTNAME)-site.key";

  68.       echo "LOCALKEYFILE  =/etc/tripwire/\$(HOSTNAME)-local.key";

  69.       echo 'EDITOR        =/usr/bin/editor';

  70.       echo 'LATEPROMPTING =false';

  71.       echo 'LOOSEDIRECTORYCHECKING =false';

  72.       echo 'MAILNOVIOLATIONS =false';

  73.       echo 'EMAILREPORTLEVEL =3';

  74.       echo 'REPORTLEVEL   =3';

  75.       echo 'SYSLOGREPORTING =false';

  76.       echo 'MAILMETHOD    =SENDMAIL';

  77.       echo 'MAILPROGRAM   =/usr/lib/sendmail -oi -t';

  78.       echo 'SMTPHOST      =localhost';

  79.       echo 'SMTPPORT      =25';

  80.       echo 'TEMPDIRECTORY =/tmp';

  81.       echo "MAILFROMADDRESS =tripwire@\$(HOSTNAME)"; } > /etc/tripwire/twcfg.txt

  82. 

  83.     echo '

  84. 

  85.        ' | twadmin --generate-keys -L "/etc/tripwire/${HOSTNAME}-local.key" -S "/etc/tripwire/${HOSTNAME}-site.key"

  86. 

  87.     echo '

  88. 

  89.        ' | twadmin --create-cfgfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twcfg.txt

  90. 

  91.     # make a script for easy resetting of the tripwire

  92.     echo '#!/bin/sh' > /usr/bin/reset-tripwire

  93.     echo 'tripwire -m i' >> /usr/bin/reset-tripwire

  94.     chmod +x /usr/bin/reset-tripwire

  95. 

  96.     sed -i '/# These files change the behavior of the root account/,/}/ s/.*//g' /etc/tripwire/twpol.txt

  97.     sed -i 's|/etc/rc.boot.*||g' /etc/tripwire/twpol.txt

  98.     # Don't show any changes to /proc

  99.     sed -i 's|/proc.*||g' /etc/tripwire/twpol.txt

  100.     # Don't report log changes

  101.     sed -i 's|/var/log.*||g' /etc/tripwire/twpol.txt

  102.     # Ignore /etc/tripwire

  103.     if ! grep -q '!/etc/tripwire' /etc/tripwire/twpol.txt; then

  104.         sed -i '\|/etc\t\t->.*|a\    !/etc/tripwire ;' /etc/tripwire/twpol.txt

  105.     fi

  106.     # Ignore /etc/freedombone

  107.     if ! grep -q '!/etc/freedombone' /etc/tripwire/twpol.txt; then

  108.         sed -i '\|/etc\t\t->.*|a\    !/etc/freedombone ;' /etc/tripwire/twpol.txt

  109.     fi

  110.     # Ignore /etc/pihole

  111.     if ! grep -q '!/etc/pihole' /etc/tripwire/twpol.txt; then

  112.         sed -i '\|/etc\t\t->.*|a\    !/etc/pihole ;' /etc/tripwire/twpol.txt

  113.     fi

  114.     # ignore tt-rss cache

  115.     if ! grep -q '!/etc/share/tt-rss/cache' /etc/tripwire/twpol.txt; then

  116.         sed -i '\|/etc\t\t->.*|a\    !/etc/share/tt-rss/cache ;' /etc/tripwire/twpol.txt

  117.     fi

  118.     if ! grep -q '!/etc/share/tt-rss/lock' /etc/tripwire/twpol.txt; then

  119.         sed -i '\|/etc\t\t->.*|a\    !/etc/share/tt-rss/lock ;' /etc/tripwire/twpol.txt

  120.     fi

  121.     # ignore global node modules

  122.     if ! grep -q '!/usr/local/lib/node_modules' /etc/tripwire/twpol.txt; then

  123.         sed -i '\|/etc\t\t->.*|a\    !/usr/local/lib/node_modules ;' /etc/tripwire/twpol.txt

  124.     fi

  125.     if ! grep -q '!/root/.npm-global/lib/node_modules' /etc/tripwire/twpol.txt; then

  126.         sed -i '\|/etc\t\t->.*|a\    !/root/.npm-global/lib/node_modules ;' /etc/tripwire/twpol.txt

  127.     fi

  128.     # Events here are likely due to USB HRNG activity

  129.     if ! grep -q '!/dev/char' /etc/tripwire/twpol.txt; then

  130.         sed -i '\|/dev\t\t->.*|a\    !/dev/char ;' /etc/tripwire/twpol.txt

  131.     fi

  132.     if ! grep -q '!/dev/bus/usb' /etc/tripwire/twpol.txt; then

  133.         sed -i '\|/dev\t\t->.*|a\    !/dev/bus/usb ;' /etc/tripwire/twpol.txt

  134.     fi

  135. 

  136.     # Not much is in /usr/local/bin other than project commands and avoiding it removes

  137.     # problems with updates. This is a tradeoff, but not by much.

  138.     sed -i '/\/usr\/local\/bin/d' /etc/tripwire/twpol.txt

  139. 

  140.     # Avoid logging the changed database

  141.     sed -i "s|\$(TWETC)/tw.pol.*||g" /etc/tripwire/twpol.txt

  142.     # site key name

  143.     sed -i "s|\$(TWETC)/site.key|\$(TWETC)/\$(HOSTNAME)-site.key|g" /etc/tripwire/twpol.txt

  144. 

  145.     # create the policy

  146.     echo '

  147. 

  148.        ' | twadmin --create-polfile -S "/etc/tripwire/${HOSTNAME}-site.key" /etc/tripwire/twpol.txt

  149. 

  150.     mark_completed "${FUNCNAME[0]}"

  151. }

  152. 

  153. # NOTE: deliberately no exit 0