📄 lidsadm.c
字号:
/*# lidsadm.c --- The Linux Intrusion Detection System Administration Tool # (C) Huagang Xie 1999-2001 All rights reserved.# EMail complaints to xie@gnuchina.org## This program is free software; you can redistribute it and/or modify# it under the terms of the GNU General Public License as published by# the Free Software Foundation; either version 2 of the License, or# (at your option) any later version.## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program; if not, write to the Free Software# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.#*//* ------------------------------------------------------------------------- *//* Includes */#ifdef HAVE_CONFIG_H#include <../config.h>#endif#include <stdio.h>#include <sys/types.h>#include <unistd.h>#include <sys/stat.h>#include <fcntl.h>#include "lidstools.h"#include "lids_capflag.h"/* These includes come from kernel (and override stdincs) */#include "linux/capability.h"#include "linux/lidsif.h"/* ------------------------------------------------------------------------- */#ifdef DEBUG#define LIDS_DBG(msg...) printf( __FUNCTION__ ".l" LIDS_STR(__LINE__) ": " ##msg)#else#define LIDS_DBG(msg...)#endifvoid exit_error (int status, char *msg){ fprintf (stderr, "lidsadm: %s\n", msg); if(status == 3 ) perror("reason:"); printf("\n"); exit (status);}void exit_version (){ printf ("lidsadm version " VERSION " for LIDS project\n"); exit(1);}void exit_normal (){ printf ("lidsadm version " VERSION " for LIDS project\n" "Use 'lidsadm -h' for help\n"); exit(1);}void exit_help (){ int i; entry_t *entry; printf("lidsadm version " VERSION " for LIDS project\n" " Huagang Xie<xie@gnuchina.org>\n" " Philippe Biondi <pbi@cartel-info.fr>\n\n" "Usage: lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...]\n"#ifndef NOVIEW " lidsadm -V\n"#endif " lidsadm -h\n\n" "Commands:\n" " -S To submit a password to switch some protections\n" " -I To switch some protections without submitting password (sealing time)\n"#ifndef NOVIEW " -V To view current LIDS state (caps/flags)\n"#endif " -v To show the version\n" " -h To list this help \n"); printf("\nAvailable capabilities:\n"); for_each_entry(cap_list,entry) printf("%20s %s\n",entry->name,entry->desc); printf("\nAvailable flags:\n"); for_each_entry(flag_list,entry) printf("%20s %s\n",entry->name,entry->desc); exit(1);}void lids_set_caps(int optind, int argc, char *argv[],lids_locks_t *locks){ int i; LIDS_DBG("Before : caps=%#0x flags=%#0x\n",locks->cap_bset,locks->flags); for (i=optind; i < argc; i++) { entry_t *entry; int flag_entry; int j=0; flag_entry=0; entry=getentrybyname(cap_list,argv[i]+1); if (!entry) { entry=getentrybyname(flag_list,argv[i]+1); flag_entry=1; } if (!entry) { fprintf(stderr, " %s: invalid capability/flag\n", argv[i]); exit(1); } LIDS_DBG("Found entry: %s (%d): %s\n",entry->name,entry->val,entry->desc); switch (argv[i][0]) { case '+': if (flag_entry) flag_raise(locks->flags, entry->val); else cap_raise(locks->cap_bset, entry->val); break; case '-': if (flag_entry) flag_lower(locks->flags, entry->val); else cap_lower(locks->cap_bset, entry->val); break; default: fprintf(stderr, "%s: invalid option\n", argv[i]); exit(1); } } LIDS_DBG("After : caps=%#0x flags=%#0x\n",locks->cap_bset,locks->flags);}void lids_switch(int optind, int argc, char *argv[]){ int lk ; char passwd[BUFSIZ]; lids_locks_t before,wanted,after; kernel_cap_t capchanges; if ((lk=open(LIDS_LOCKS,O_RDWR)) == -1) { perror("open"); exit_error (2, "cannot open " LIDS_LOCKS); } if (read(lk,&before,sizeof(lids_locks_t))==-1) { perror("read"); exit_error (2, "cannot read " LIDS_LOCKS); } wanted=before; lids_set_caps(optind,argc,argv,&wanted); wanted.magic1=LIDS_MAGIC_1; wanted.magic2=LIDS_MAGIC_2; wanted.magic3=LIDS_MAGIC_3; wanted.magic4=LIDS_MAGIC_4; read_rmd160_passwd(passwd,0,1); strncpy(wanted.passwd,passwd,64); if (write(lk,&wanted,sizeof(lids_locks_t))==-1) { perror("write"); exit_error (2, "cannot write " LIDS_LOCKS); } if (read(lk,&after,sizeof(lids_locks_t))==-1) { perror("reread"); exit_error (2, "cannot reread " LIDS_LOCKS); } close(lk); /* * Little warning to prevent people to loose too much time on this... */ if (flag_raised(wanted.flags,getentrybyname(flag_list,"RELOAD_CONF")->val)) { printf("Don't forget to restart daemons for your changes to be effective.\n"); } capchanges=before.cap_bset^after.cap_bset; if (capchanges) { entry_t *cap; for_each_entry(cap_list,cap) { if (flag_raised(capchanges, cap->val)) { printf("-> %s is now %s\n", cap->name, flag_raised(after.cap_bset,cap->val) ? "allowed" : "forbidden" ); } } } else { printf("No global capabilities have changed.\n"); } /* * Dont test RELOAD_CONF because it is always read as 0 */ flag_lower(wanted.flags,getentrybyname(flag_list,"RELOAD_CONF")->val); if ((wanted.flags != after.flags)) { fprintf(stderr,"Switching LIDS failed\n"); } /**/}void lids_init(int optind, int argc, char *argv[]){ int fd ; lids_locks_t locks,locks2; locks.cap_bset=0; locks.flags=0; if ((fd=open(LIDS_LOCKS,O_RDWR)) == -1) { perror("open"); exit_error (2, "cannot open " LIDS_LOCKS); } if (read(fd,&locks,sizeof(lids_locks_t))==-1) { perror("read"); exit_error (2, "cannot read " LIDS_LOCKS); } lids_set_caps(optind,argc,argv,&locks); locks.magic1=LIDS_MAGIC_1; locks.magic2=LIDS_MAGIC_2; locks.magic3=LIDS_MAGIC_3; locks.magic4=LIDS_MAGIC_4; locks.passwd[0]=0; if (write(fd,&locks,sizeof(lids_locks_t))==-1) { perror("write"); exit_error (2, "cannot write " LIDS_LOCKS); } if (read(fd,&locks2,sizeof(lids_locks_t))==-1) { perror("read"); exit_error (2, "cannot reread " LIDS_LOCKS); } close(fd); /* * Dont test RELOAD_CONF test as * it is always read as 0 *//* flag_lower(locks.flags,getentrybyname(flag_list,"RELOAD_CONF")->val);*//* XXX Disabled until a better solution is implemented */#if 0 /* if ((locks.cap_bset != locks2.cap_bset) || */ if ((locks.flags != locks2.flags)) fprintf(stderr,"LIDS init failed\n");#endif} #ifndef NOVIEWvoid lids_view(){ int fd ; lids_locks_t locks; int i; entry_t *entry; locks.cap_bset=0; locks.flags=0; if ((fd=open(LIDS_LOCKS,O_RDWR)) == -1) { perror("open"); exit_error (2, "cannot open " LIDS_LOCKS); } if (read(fd,&locks,sizeof(lids_locks_t))==-1) { perror("read"); exit_error (2, "cannot read " LIDS_LOCKS); } close(fd); for_each_entry(cap_list,entry) printf("%30s %i\n",entry->name,cap_raised(locks.cap_bset, entry->val) != 0); for_each_entry(flag_list,entry) printf("%30s %i\n",entry->name,cap_raised(locks.flags, entry->val) != 0);}#endif#ifndef NOVIEWstatic char shortopts[] = "VSIhv";#else static char shortopts[] = "SIhv";#endifmain(int argc,char **argv){ int command = LIDS_NONE; int type=LIDS_NONE; int c,i; int index=0; setentry(cap_list); setentry(flag_list); if(getuid()!=0) { exit_error(2, "You must be root to run this program"); } while ((c = getopt(argc, argv, shortopts)) != -1) { switch (c) {#ifndef NOVIEW case 'V': if (command != LIDS_NONE) exit_error (2, "multiple commands specified"); command = LIDS_VIEW; break;#endif case 'S': if (command != LIDS_NONE) exit_error (2, "multiple commands specified"); command = LIDS_SWITCH; break; case 'I': if (command != LIDS_NONE) exit_error (2, "multiple commands specified"); command = LIDS_INIT; break; case 'v': exit_version(); break; case 'h': exit_help(); default: } } if ((command != LIDS_INIT) && (command != LIDS_SWITCH) && (optind < argc)) exit_error (2, "unknown arguments found on commandline"); if ( command == LIDS_NONE || argc < 2 ) exit_normal(); switch(command) { case LIDS_SWITCH: printf("SWITCH\n"); lids_switch(optind,argc,argv); break; case LIDS_INIT: printf("INIT\n"); lids_init(optind,argc,argv); break;#ifndef NOVIEW case LIDS_VIEW: printf("VIEW\n"); lids_view(); break;#endif } exit(0);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -