installer.sh

在网络安全中经常会遇到rootkit

#!/bin/sh

################################################################################
#
#  Rootkit Hunter installer
# --------------------------
#
# Copyright Michael Boelen ( michael AT rootkit DOT nl )
# See LICENSE file for use of this software
#
################################################################################

INSTALLER_NAME="Rootkit Hunter installer"
INSTALLER_VERSION="1.2.7"
INSTALLER_COPYRIGHT="Copyright 2003-2007, Michael Boelen"
INSTALLER_LICENSE="

Under active development by the Rootkit Hunter project team. For reporting
bugs, updates, patches, comments and questions see: rkhunter.sourceforge.net

Rootkit Hunter comes with ABSOLUTELY NO WARRANTY. This is free
software, and you are welcome to redistribute it under the terms
of the GNU General Public License. See LICENSE for details.
"

APPNAME="rkhunter"
APPVERSION="1.3.2"
RKHINST_OWNER="0:0"
RKHINST_MODE_EX="0750"
RKHINST_MODE_RW="0640"
RKHINST_MODE_RWR="0644"
RKHINST_LAYOUT=""
USE_CVS=0
STRIPROOT=""
N="-n"

umask 027

OPERATING_SYSTEM=`uname 2>/dev/null`

if [ "${OPERATING_SYSTEM}" = "SunOS" ]; then
	if [ -z "$RANDOM" ]; then
		if [ -n "`which bash 2>/dev/null | grep '^/'`" ]; then
			exec bash $0 $*
		else
			exec ksh $0 $*
		fi

		exit 0
	fi
fi

case "${OPERATING_SYSTEM}" in
AIX|OpenBSD|SunOS|IRIX*)
	# What is the default shell?
	if print >/dev/null 2>&1; then
		alias echo='print'
		ECHOOPT="--"
	elif [ "${OPERATING_SYSTEM}" = "IRIX" -o "${OPERATING_SYSTEM}" = "IRIX64" ]; then
		ECHOOPT=""
	else
		ECHOOPT="-e"
	fi

	if [ "${OPERATING_SYSTEM}" = "SunOS" ]; then
		# We need /usr/xpg4/bin before other directories on Solaris 
		PATH="/usr/xpg4/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin" 
	fi
	;;
*)
	ECHOOPT="-e"

	#
	# We want to get the actual shell used by this program, and
	# so we need to test /bin/sh.
	#

	MYSHELL=/bin/sh
	test -h ${MYSHELL} && MYSHELL=`readlink ${MYSHELL} 2>/dev/null`
	MYSHELL=`basename ${MYSHELL} 2>/dev/null`

	if [ "${MYSHELL}" = "dash" -o "${MYSHELL}" = "ash" ]; then
		ECHOOPT=""
	fi
	;;
esac


showHelp() { # Show help / version
	echo $ECHOOPT "${INSTALLER_NAME} ${INSTALLER_VERSION}"
	echo $ECHOOPT "Usage: $0 <parameters>"
	echo $ECHOOPT ""
	echo $ECHOOPT "Ordered valid parameters:"
	echo $ECHOOPT "--help (-h)      : Show this help."
	echo $ECHOOPT "--examples       : Show layout examples."
	echo $ECHOOPT "--layout <value> : Choose installation template (mandatory switch)."
	echo $ECHOOPT "                   The templates are:"
        echo $ECHOOPT "                    - default: (FHS compliant),"
        echo $ECHOOPT "                    - /usr,"
        echo $ECHOOPT "                    - /usr/local,"
	echo $ECHOOPT "                    - oldschool: previous version file locations,"
	echo $ECHOOPT "                    - custom: supply your own prefix,"
	echo $ECHOOPT "                    - RPM: for building RPM's. Requires \$RPM_BUILD_ROOT."
	echo $ECHOOPT "--striproot      : Strip path from custom layout (for package maintainers)."
	echo $ECHOOPT "--install        : Install according to chosen layout."
	echo $ECHOOPT "--show           : Show chosen layout."
	echo $ECHOOPT "--remove         : Uninstall according to chosen layout."
	echo $ECHOOPT "--version        : Show the installer version."

	exit 1
}

showExamples() { # Show examples
	echo $ECHOOPT "${INSTALLER_NAME}"
	echo $ECHOOPT ""
	echo $ECHOOPT "Examples: "
	echo $ECHOOPT "1. Show layout, files in /usr:"
	echo $ECHOOPT "     installer.sh --layout /usr --show"
	echo $ECHOOPT ""
	echo $ECHOOPT "2. Install, layout /usr/local:"
	echo $ECHOOPT "     installer.sh --layout /usr/local --install"
	echo $ECHOOPT ""
	echo $ECHOOPT "3. Install in temporary directory /tmp/rkhunter/usr/local,"
	echo $ECHOOPT " with files in /usr/local (for package maintainers):"
	echo $ECHOOPT "      mkdir -p /tmp/rkhunter/usr/local"
	echo $ECHOOPT "     installer.sh --layout custom /tmp/rkhunter/usr/local \\"
	echo $ECHOOPT "     --striproot /tmp/rkhunter --install"
	echo $ECHOOPT ""
	echo $ECHOOPT "4. Remove files, layout /usr/local:"
	echo $ECHOOPT "     installer.sh --layout /usr/local --remove"
	echo $ECHOOPT ""
	echo $ECHOOPT "Note: The installer will not remove files when a custom layout is chosen."

	exit 1
}

showVersion() { echo "${INSTALLER_NAME} ${INSTALLER_VERSION} ${INSTALLER_LICENSE}"; exit 1; }

selectTemplate() { # Take input from the "--installdir parameter"
case "$1" in
	/usr|/usr/local|default|custom_*|RPM)
		case "$1" in
			default)
				PREFIX="/usr/local"
				;;
			custom_*)
				PREFIX=`echo "${RKHINST_LAYOUT}"|sed "s|custom_||g"`
				case "${PREFIX}" in
					.)
						if [ "$action" = "install" ]; then
							echo "Standalone installation into ${PWD}/files"
						fi
						;;
					.*|/.*)
						echo "Bad prefix chosen, exiting."
						exit 1
						;;
					*)
						if [ "$action" = "install" ]; then
							RKHTMPVAR=`echo "${PATH}" | grep "${PREFIX}/bin"`
							if [ -z "${RKHTMPVAR}" ]; then
								echo ""
								echo "Note: Directory ${PREFIX}/bin is not in your PATH"
								echo ""
							fi
						fi
						;;
				esac
				;;
			RPM)	if [ -n "${RPM_BUILD_ROOT}" ]; then
					PREFIX="${RPM_BUILD_ROOT}/usr/local"
				else
					echo "RPM prefix chosen but \$RPM_BUILD_ROOT variable not found, exiting."
					exit 1
				fi
				;;
			*)	PREFIX="$1"
				;;
		esac
		case "$1" in
			RPM)
				;;
			*)
				if [ "$action" = "install" ]; then
					if [ ! -d "${PREFIX}" ]; then
						echo "Bad prefix chosen (non-existent directory), exiting."
						echo "Perhaps run \"mkdir -p ${PREFIX}\" first?"
						exit 1
					fi
				fi
				;;
		esac
		case "$1" in
			/usr/local|custom_*)
				SYSCONFIGDIR="${PREFIX}/etc"
				;;
			RPM)	SYSCONFIGDIR="${RPM_BUILD_ROOT}/etc"
				;;
			*)	SYSCONFIGDIR="/etc"
				;;
		esac
		case "$1" in
			custom_*)
				if [ "`uname -m`" = "x86_64" ]; then
					LIBDIR="${PREFIX}/lib64"
				else
					LIBDIR="${PREFIX}/lib"
				fi
				VARDIR="${PREFIX}/var"
				SHAREDIR="${PREFIX}/share"; BINDIR="${PREFIX}/bin"
				;;
			RPM)	if [ "`uname -m`" = "x86_64" ]; then
					LIBDIR="${PREFIX}/lib64"
				else
					LIBDIR="${PREFIX}/lib"
				fi
				VARDIR="${RPM_BUILD_ROOT}/var"
				SHAREDIR="${PREFIX}/share"; BINDIR="${PREFIX}/bin"
				;;
			*)
				if [ -d "${PREFIX}/lib64" ]; then
					LIBDIR="${PREFIX}/lib64"
				else
					LIBDIR="${PREFIX}/lib"
				fi
				VARDIR="/var"
				SHAREDIR="${PREFIX}/share"; BINDIR="${PREFIX}/bin"
				;;
		esac
		;;
	oldschool) # The rigid way, like RKH used to be set up.
		PREFIX="/usr/local"; SYSCONFIGDIR="${PREFIX}/etc"; LIBDIR="${PREFIX}/${APPNAME}/lib"
		VARDIR="${LIBDIR}"; SHAREDIR="${LIBDIR}"; RKHINST_DOC_DIR="${PREFIX}/${APPNAME}/lib/docs"
		BINDIR="${PREFIX}/bin"
		;;
	*)	# None chosen.
		echo "No template chosen, exiting."; exit 1
		;;
esac

RKHINST_ETC_DIR="${SYSCONFIGDIR}"
RKHINST_BIN_DIR="${BINDIR}"
RKHINST_SCRIPT_DIR="${LIBDIR}/${APPNAME}/scripts"

if [ "${RKHINST_LAYOUT}" = "oldschool" ]; then
	RKHINST_DB_DIR="${VARDIR}/${APPNAME}/db"
	RKHINST_TMP_DIR="${VARDIR}/${APPNAME}/tmp"
	RKHINST_DOC_DIR="${SHAREDIR}/${APPNAME}/docs"
else
	RKHINST_DB_DIR="${VARDIR}/lib/${APPNAME}/db"
	RKHINST_TMP_DIR="${VARDIR}/lib/${APPNAME}/tmp"
	RKHINST_DOC_DIR="${SHAREDIR}/doc/${APPNAME}-${APPVERSION}"
fi

RKHINST_MAN_DIR="${SHAREDIR}/man/man8"
RKHINST_LANG_DIR="${RKHINST_DB_DIR}/i18n"

RKHINST_ETC_FILE="${APPNAME}.conf"
RKHINST_BIN_FILES="${APPNAME}"
RKHINST_SCRIPT_FILES="check_modules.pl check_update.sh check_port.pl filehashmd5.pl filehashsha1.pl showfiles.pl stat.pl readlink.sh"
RKHINST_DB_FILES="backdoorports.dat mirrors.dat os.dat programs_bad.dat programs_good.dat defaulthashes.dat md5blacklist.dat suspscan.dat"
RKHINST_DOC_FILES="ACKNOWLEDGMENTS CHANGELOG FAQ LICENSE README WISHLIST"
RKHINST_MAN_FILES="${APPNAME}.8"

}

# Additions we need to be aware / take care of:
# any /contrib/ files which should include any RH*L/alike ones:
# Additions we need to be aware / take care of wrt RH*L/alike:
# /etc/cron.daily/01-rkhunter (different versions of cronjob)
# /etc/sysconfig/rkhunter (config for cronjob)
# /etc/logrotate.d/rkhunter

showTemplate() { # Take input from the "--installdir parameter"
	case "$1" in
		custom_.)
			# Dump *everything* in the current dir.
			echo "Standalone installation into ${PWD}/files"
			;;
		*)
			selectTemplate "$1"
			echo "PREFIX:             ${PREFIX}"
			echo "Application:        ${RKHINST_BIN_DIR}"
			echo "Configuration file: ${RKHINST_ETC_DIR}"
			echo "Documents:          ${RKHINST_DOC_DIR}"
			echo "Man page:           ${RKHINST_MAN_DIR}"
			echo "Scripts:            ${RKHINST_SCRIPT_DIR}"
			echo "Databases:          ${RKHINST_DB_DIR}"
			echo "Temporary files:    ${RKHINST_TMP_DIR}"
			if [ -n "${STRIPROOT}" ]; then
				echo ""; echo "Got STRIPROOT=\"${STRIPROOT}\""
			fi
			;;
	esac

	exit 0
}

retValChk() { 
case "$?" in
	0) echo "OK."
	   ;;
	1) echo "FAILED. Exiting."
	   exit 1
	   ;;
	*) echo "Exited with unhandled exit value $?. Exiting."
	   exit 1
	   ;;
esac
}

useCVS() { 
echo $N "Looking for cvs binary: "
SEARCH=`which cvs 2>/dev/null`
if [ "${SEARCH}" = "" ]; then
	echo "not found." 
else
	cvs -z3 -d:pserver:anonymous@rkhunter.cvs.sourceforge.net:/cvsroot/rkhunter co rkhunter
	case "$?" in
		0)
		echo "Succeeded getting Rootkit Hunter source from CVS."
		if [ -d "./files" ]; then
			echo $N "Removing stale ./files directory: "
			rm -rf "./files"; retValChk
		fi
		echo $N "Move CVS ./files directory to .: "
		mv -f rkhunter/files .; retValChk
		find ./files -type d -name CVS | while read dir; do
			echo $N "Removing CVS directory ${dir}: "
			rm -rf "${dir}"; retValChk
		done
		case "${RKHINST_LAYOUT}" in
		RPM) 
			;;
		*)
			find ./files | while read ITEM; do
				chown "${RKHINST_OWNER}" "${ITEM}" 2>/dev/null
			done
			;;
		esac
		echo "Refreshing source complete. Commence."
		;;
		*)
		echo "FAILED getting Rootkit Hunter from CVS, exiting."
		exit 1
		;;
	esac
fi
}

#################################################################################
#
# Start installation
#
#################################################################################

doInstall()  {
# Preflight checks
echo "Checking system for: "

echo $N " ${INSTALLER_NAME} files: "
if [ -f "./files/${APPNAME}" ]; then
	echo "found. OK"
	if [ $USE_CVS -eq 1 ]; then
		# You want it, and you got it!
		# The hottest source in the land..
		useCVS
	fi
	case "${RKHINST_LAYOUT}" in
	RPM) 
		;;
	*)
		find ./files | while read ITEM; do
			chown "${RKHINST_OWNER}" "${ITEM}" 2>/dev/null
		done
		;;
	esac
else
	echo "failed. Installer files not in "${PWD}/files". Exiting."
	exit 1
fi

echo " Available file retrieval tools: "
for RKHWEBCMD in wget links elinks lynx curl GET bget; do
	echo $N "    ${RKHWEBCMD}: "

	SEARCH=`which ${RKHWEBCMD} 2>/dev/null`
	if [ -z "${SEARCH}" ]; then
		echo "not found."
	else
		break
	fi
done

if [ -n "${SEARCH}" ]; then
	echo "found. OK"
else
	echo " Please install one of wget, links, elinks, lynx, curl, GET or"
	echo "   bget (from www.cpan.org/authors/id/E/EL/ELIJAH/bget)"
fi

# Perl will be found in Rkhunter itself.

RKHINST_DIRS="$RKHINST_DOC_DIR $RKHINST_MAN_DIR $RKHINST_ETC_DIR $RKHINST_BIN_DIR"
RKHINST_DIRS_EXCEP="$RKHINST_SCRIPT_DIR $RKHINST_DB_DIR $RKHINST_TMP_DIR $RKHINST_LANG_DIR"