Squashed 'import-layers/meta-security/' content from commit 4d139b9
Subtree from git://git.yoctoproject.org/meta-security
Change-Id: I14bb13faa3f2b2dc1f5d81b339dd48ffedf8562f
git-subtree-dir: import-layers/meta-security
git-subtree-split: 4d139b95c4f152d132592f515c5151f4dd6269c1
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
diff --git a/import-layers/meta-security/recipes-security/tripwire/files/twinstall.sh b/import-layers/meta-security/recipes-security/tripwire/files/twinstall.sh
new file mode 100644
index 0000000..7d1b63f
--- /dev/null
+++ b/import-layers/meta-security/recipes-security/tripwire/files/twinstall.sh
@@ -0,0 +1,320 @@
+#!/bin/sh
+
+########################################################################
+########################################################################
+##
+## Tripwire(R) 2.3 for LINUX(R) Post-RPM installation script
+##
+## Copyleft information contained in footer
+##
+########################################################################
+########################################################################
+
+##=======================================================
+## Setup
+##=======================================================
+
+# We can assume all the correct tools are in place because the
+# RPM installed, didn't it?
+
+##-------------------------------------------------------
+## Set HOST_NAME variable
+##-------------------------------------------------------
+HOST_NAME='localhost'
+if uname -n > /dev/null 2> /dev/null ; then
+ HOST_NAME=`uname -n`
+fi
+
+##-------------------------------------------------------
+## Program variables - edited by RPM during initial install
+##-------------------------------------------------------
+
+# Site Passphrase variable
+TW_SITE_PASS="tripwire"
+
+# Complete path to site key
+SITE_KEY="/etc/tripwire/site.key"
+
+# Local Passphrase variable
+TW_LOCAL_PASS="tripwire"
+
+# Complete path to local key
+LOCAL_KEY="/etc/tripwire/${HOST_NAME}-local.key"
+
+# If clobber==true, overwrite files; if false, do not overwrite files.
+CLOBBER="false"
+
+# If prompt==true, ask for confirmation before continuing with install.
+PROMPT="true"
+
+# Name of twadmin executeable
+TWADMIN="twadmin"
+
+# Path to twadmin executeable
+TWADMPATH=/usr/sbin
+
+# Path to configuration directory
+CONF_PATH="/etc/tripwire"
+
+# Name of clear text policy file
+TXT_POL=$CONF_PATH/twpol.txt
+
+# Name of clear text configuration file
+TXT_CFG=$CONF_PATH/twcfg.txt
+
+# Name of encrypted configuration file
+CONFIG_FILE=$CONF_PATH/tw.cfg
+
+# Path of the final Tripwire policy file (signed)
+SIGNED_POL=`grep POLFILE $TXT_CFG | sed -e 's/^.*=\(.*\)/\1/'`
+
+
+##=======================================================
+## Create Key Files
+##=======================================================
+
+##-------------------------------------------------------
+## If user has to enter a passphrase, give some
+## advice about what is appropriate.
+##-------------------------------------------------------
+
+if [ -z "$TW_SITE_PASS" ] || [ -z "$TW_LOCAL_PASS" ]; then
+cat << END_OF_TEXT
+
+----------------------------------------------
+The Tripwire site and local passphrases are used to
+sign a variety of files, such as the configuration,
+policy, and database files.
+
+Passphrases should be at least 8 characters in length
+and contain both letters and numbers.
+
+See the Tripwire manual for more information.
+END_OF_TEXT
+fi
+
+##=======================================================
+## Generate keys.
+##=======================================================
+
+echo
+echo "----------------------------------------------"
+echo "Creating key files..."
+
+##-------------------------------------------------------
+## Site key file.
+##-------------------------------------------------------
+
+# If clobber is true, and prompting is off (unattended operation)
+# and the key file already exists, remove it. Otherwise twadmin
+# will prompt with an "are you sure?" message.
+
+if [ "$CLOBBER" = "true" ] && [ "$PROMPT" = "false" ] && [ -f "$SITE_KEY" ] ; then
+ rm -f "$SITE_KEY"
+fi
+
+if [ -f "$SITE_KEY" ] && [ "$CLOBBER" = "false" ] ; then
+ echo "The site key file \"$SITE_KEY\""
+ echo 'exists and will not be overwritten.'
+else
+ cmdargs="--generate-keys --site-keyfile \"$SITE_KEY\""
+ if [ -n "$TW_SITE_PASS" ] ; then
+ cmdargs="$cmdargs --site-passphrase \"$TW_SITE_PASS\""
+ fi
+ eval "\"$TWADMPATH/$TWADMIN\" $cmdargs"
+ if [ $? -ne 0 ] ; then
+ echo "Error: site key generation failed"
+ exit 1
+ else chmod 640 "$SITE_KEY"
+ fi
+fi
+
+##-------------------------------------------------------
+## Local key file.
+##-------------------------------------------------------
+
+# If clobber is true, and prompting is off (unattended operation)
+# and the key file already exists, remove it. Otherwise twadmin
+# will prompt with an "are you sure?" message.
+
+if [ "$CLOBBER" = "true" ] && [ "$PROMPT" = "false" ] && [ -f "$LOCAL_KEY" ] ; then
+ rm -f "$LOCAL_KEY"
+fi
+
+if [ -f "$LOCAL_KEY" ] && [ "$CLOBBER" = "false" ] ; then
+ echo "The site key file \"$LOCAL_KEY\""
+ echo 'exists and will not be overwritten.'
+else
+ cmdargs="--generate-keys --local-keyfile \"$LOCAL_KEY\""
+ if [ -n "$TW_LOCAL_PASS" ] ; then
+ cmdargs="$cmdargs --local-passphrase \"$TW_LOCAL_PASS\""
+ fi
+ eval "\"$TWADMPATH/$TWADMIN\" $cmdargs"
+ if [ $? -ne 0 ] ; then
+ echo "Error: local key generation failed"
+ exit 1
+ else chmod 640 "$LOCAL_KEY"
+ fi
+fi
+
+##=======================================================
+## Sign the Configuration File
+##=======================================================
+
+echo
+echo "----------------------------------------------"
+echo "Signing configuration file..."
+
+##-------------------------------------------------------
+## If noclobber, then backup any existing config file.
+##-------------------------------------------------------
+
+if [ "$CLOBBER" = "false" ] && [ -s "$CONFIG_FILE" ] ; then
+ backup="${CONFIG_FILE}.$$.bak"
+ echo "Backing up $CONFIG_FILE"
+ echo " to $backup"
+ `mv "$CONFIG_FILE" "$backup"`
+ if [ $? -ne 0 ] ; then
+ echo "Error: backup of configuration file failed."
+ exit 1
+ fi
+fi
+
+##-------------------------------------------------------
+## Build command line.
+##-------------------------------------------------------
+
+cmdargs="--create-cfgfile"
+cmdargs="$cmdargs --cfgfile \"$CONFIG_FILE\""
+cmdargs="$cmdargs --site-keyfile \"$SITE_KEY\""
+if [ -n "$TW_SITE_PASS" ] ; then
+ cmdargs="$cmdargs --site-passphrase \"$TW_SITE_PASS\""
+fi
+
+##-------------------------------------------------------
+## Sign the file.
+##-------------------------------------------------------
+
+eval "\"$TWADMPATH/$TWADMIN\" $cmdargs \"$TXT_CFG\""
+if [ $? -ne 0 ] ; then
+ echo "Error: signing of configuration file failed."
+ exit 1
+fi
+
+# Set the rights properly
+chmod 640 "$CONFIG_FILE"
+
+##-------------------------------------------------------
+## We keep the cleartext version around.
+##-------------------------------------------------------
+
+cat << END_OF_TEXT
+
+A clear-text version of the Tripwire configuration file
+$TXT_CFG
+has been preserved for your inspection. It is recommended
+that you delete this file manually after you have examined it.
+
+END_OF_TEXT
+
+##=======================================================
+## Sign tripwire policy file.
+##=======================================================
+
+echo
+echo "----------------------------------------------"
+echo "Signing policy file..."
+
+##-------------------------------------------------------
+## If noclobber, then backup any existing policy file.
+##-------------------------------------------------------
+
+if [ "$CLOBBER" = "false" ] && [ -s "$POLICY_FILE" ] ; then
+ backup="${POLICY_FILE}.$$.bak"
+ echo "Backing up $POLICY_FILE"
+ echo " to $backup"
+ mv "$POLICY_FILE" "$backup"
+ if [ $? -ne 0 ] ; then
+ echo "Error: backup of policy file failed."
+ exit 1
+ fi
+fi
+
+##-------------------------------------------------------
+## Build command line.
+##-------------------------------------------------------
+
+cmdargs="--create-polfile"
+cmdargs="$cmdargs --cfgfile \"$CONFIG_FILE\""
+cmdargs="$cmdargs --site-keyfile \"$SITE_KEY\""
+if [ -n "$TW_SITE_PASS" ] ; then
+ cmdargs="$cmdargs --site-passphrase \"$TW_SITE_PASS\""
+fi
+
+##-------------------------------------------------------
+## Sign the file.
+##-------------------------------------------------------
+
+eval "\"$TWADMPATH/$TWADMIN\" $cmdargs \"$TXT_POL\""
+if [ $? -ne 0 ] ; then
+ echo "Error: signing of policy file failed."
+ exit 1
+fi
+
+# Set the proper rights on the newly signed policy file.
+chmod 0640 "$SIGNED_POL"
+
+##-------------------------------------------------------
+## We keep the cleartext version around.
+##-------------------------------------------------------
+
+cat << END_OF_TEXT
+
+A clear-text version of the Tripwire policy file
+$TXT_POL
+has been preserved for your inspection. This implements
+a minimal policy, intended only to test essential
+Tripwire functionality. You should edit the policy file
+to describe your system, and then use twadmin to generate
+a new signed copy of the Tripwire policy.
+
+END_OF_TEXT
+
+# Initialize tripwire database
+/usr/sbin/tripwire --init --cfgfile $CONFIG_FILE --site-keyfile $SITE_KEY \
+--local-passphrase $TW_LOCAL_PASS 2> /dev/null
+
+########################################################################
+########################################################################
+#
+# TRIPWIRE GPL NOTICES
+#
+# The developer of the original code and/or files is Tripwire, Inc.
+# Portions created by Tripwire, Inc. are copyright 2000 Tripwire, Inc.
+# Tripwire is a registered trademark of Tripwire, Inc. All rights reserved.
+#
+# This program is free software. The contents of this file are subject to
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation; either version 2 of the License, or (at your option)
+# any later version. You may redistribute it and/or modify it only in
+# compliance with the GNU General Public License.
+#
+# This program is distributed in the hope that it will be useful. However,
+# this program is distributed "AS-IS" WITHOUT ANY WARRANTY; INCLUDING THE
+# IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+# Please see the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# Nothing in the GNU General Public License or any other license to use the
+# code or files shall permit you to use Tripwire's trademarks,
+# service marks, or other intellectual property without Tripwire's
+# prior written consent.
+#
+# If you have any questions, please contact Tripwire, Inc. at either
+# info@tripwire.org or www.tripwire.org.
+#
+########################################################################
+########################################################################