#!/bin/sh # Greenbone LSC Agent # $Id$ # Description: Collects information like distribution, release and # package-list from targets and create a audit file from it. # Such audit files can be used to run offline # local security checks. # # It is recommended to test carefully for each operating system. # The script might need modifications to run properly. # # Version: 1.0.0 # # Authors: # Felix Wolfsteller # # Copyright: # Copyright (C) 2010 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later, # as published by the Free Software Foundation # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ################################################################################ # If succesful, creates a file gb-lsc-agent.lsc . # Possible exit codes: # -3 if the operating system could not be determined # -2 if a specific error occurred # -1 if list of installed packages could not be retrieved # 0 if all data was gathered # A skeleton of the resultant file (gsm-agent.data): # (ATTENTION: The content format is subject to change) # 200 OK|<400 errormessage> # 0 3 ssh/login/uname= # 0 3 ssh/login/release= # 0 3 = # 0 3 = ################################################################################ # Path to the resultant file outputfile=gb-lsc-agent.lsc # Remove the file immediately if it exists rm -rf $outputfile # Describes ssh/login/release (e.g. SUSE9.0) distrovalue= # Will contain the key for list of installed packages (e.g. ssh/login/rpms) pkglistkey= # Will contain the output of a package gathering program pkglist= # Contains output of uname -a unamevalue="`uname -a`" # Helper function. # Given two arguments, returns 0 if the second argument is not found in the # first (`contains abc z` -> 0), 1 if it was found. # Returns -1 if <2 arguments are given contains() { if [ $# -lt 2 ] then return -1 fi case "$1" in # match *$2*) return 1 ;; # No match *) return 0 ;; esac } # # Appends a key/value pair to the outputfile, escaping the value. # Expects two arguments and returns -1 if <2 arguments are given, 0 otherwise. write_key_value (){ if [ $# -lt 2 ] then return -1 fi OIFS="$IFS" IFS=\n value_=`echo "$2" | while read line; do echo "$line"'\\n'; done | tr -d '\n'` echo "0 3 $1=$value_" | sed 's/\\n$//g' >> "$outputfile" IFS="$OIFS" return 0 } # # Checks for Red Hat, Fedora Core, Mandrake, Mandriva, CentOS # check_rh_fc_ma_ma_centos (){ [ -e /etc/redhat-release ] || return os_version=`cat /etc/redhat-release` case "$os_version" in *Red\ Hat\ Linux\ release\ 7.3*) distrovalue=RH7.3 ;; *Red\ Hat\ Linux\ release\ 8.0\ \(Psyche\)*) distrovalue=RH8.0 ;; *Red\ Hat\ Linux\ release\ 9.0\ \(Shrike\)*) distrovalue=RH9 ;; *Fedora\ Core\ release\ 1\ \(Yarrow\)*) distrovalue=FC1 ;; *Fedora\ Core\ release\ 2\ \(Tettnang\)*) distrovalue=FC2 ;; *Fedora\ Core\ release\ 3\ \(Heidelberg\)*) distrovalue=FC3 ;; *Fedora\ Core\ release\ 4\ \(Stentz\)*) distrovalue=FC4 ;; *Fedora\ Core\ release\ 5\ \(Bordeaux\)*) distrovalue=FC5 ;; *Fedora\ Core\ release\ 6\ \(Zod\)*) distrovalue=FC6 ;; *Fedora\ Core\ release\ 7\ \(Moonshine\)*) distrovalue=FC7 ;; *Fedora\ Core\ release\ 8\ \(Werewolf\)*) distrovalue=FC8 ;; *Fedora\ Core\ release\ 9\ \(Sulphur\)*) distrovalue=FC9 ;; *Fedora\ Core\ release\ 10\ \(Cambridge\)*) distrovalue=FC10 ;; *Mandriva\ Linux\ release\ 2006.0*) distrovalue=MNDK_2006.0 ;; *Mandriva\ Linux\ release\ 2007.1*) distrovalue=MNDK_2007.1 ;; *Mandriva\ Linux\ release\ 2007.0*) distrovalue=MNDK_2007.0 ;; *Mandriva\ Linux\ release\ 2008.1*) distrovalue=MNDK_2008.1 ;; *Mandriva\ Linux\ release\ 2008.0*) distrovalue=MNDK_2008.0 ;; *Mandriva\ Linux\ release\ 2009.1*) distrovalue=MNDK_2009.1 ;; *Mandriva\ Linux\ release\ 2009.0*) distrovalue=MNDK_2009.0 ;; *Mandrake\ Linux\ release\ 7.2*) distrovalue=MNDK_8.0 ;; *Mandrake\ Linux\ release\ 8.0*) distrovalue=MNDK_8.0 ;; *Mandrake\ Linux\ release\ 8.1*) distrovalue=MNDK_8.1 ;; *Mandrake\ Linux\ release\ 9.1*) distrovalue=MNDK_9.1 ;; *Mandrake\ Linux\ release\ 9.2*) distrovalue=MNDK_9.2 ;; *Mandrake\ Linux\ release\ 10.0*) distrovalue=MNDK_10.0 ;; *Mandrakelinux\ release\ 10.1*) distrovalue=MNDK_10.1 ;; *Mandrakelinux\ release\ 10.2*) distrovalue=MNDK_10.2 ;; *CentOS\ release\ 2*) distrovalue=CentOS2 ;; *CentOS\ release\ 3*) distrovalue=CENTOS3 ;; *CentOS\ release\ 4*) distrovalue=CENTOS4 ;; *CentOS\ release\ 5*) distrovalue=CentOS5 ;; *) echo "Unknown version found in redhat-release" ;; esac if [ -n $distrovalue ] then pkglistkey="ssh/login/rpms" pkglist=`/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'` fi } # # Checks for Red Hat Enterprise Linux # check_rhe (){ [ -e /etc/redhat-release ] || return os_version=`cat /etc/redhat-release` case "$os_version" in *Red\ Hat\ Enterprise*release\ 2.1*) distrovalue=RHENT_2.1 ;; *Red\ Hat\ Enterprise*release\ 3[\ .]*) distrovalue=RHENT_3 ;; *Red\ Hat\ Enterprise*release\ 4[\ .]*) distrovalue=RHENT_4 ;; *Red\ Hat\ Enterprise*release\ 5[\ .]*) distrovalue=RHENT_5 ;; *) echo "Unknown version found in redhat-release" ;; esac if [ -n $distrovalue ] then pkglistkey="ssh/login/rpms" pkglist=";`/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE}~%{SIGGPG:pgpsig};'`" fi } # # Checks for Ubuntu # check_ubuntu (){ [ -e /etc/lsb-release ] || return os_version=`cat /etc/lsb-release` contains "$os_version" "DISTRIB_ID=UBUNTU" if [ $? -ne 1 ] then return; fi case "$os_version" in *DISTRIB_RELEASE=4.10*) distrovalue=UBUNTU4.1 ;; *DISTRIB_RELEASE=5.04*) distrovalue=UBUNTU5.04 ;; *DISTRIB_RELEASE=5.10*) distrovalue=UBUNTU5.10 ;; *DISTRIB_RELEASE=6.06*) distrovalue="UBUNTU6.06 LTS" ;; *DISTRIB_RELEASE=6.10*) distrovalue=UBUNTU6.10 ;; *DISTRIB_RELEASE=7.04*) distrovalue=UBUNTU7.04 ;; *DISTRIB_RELEASE=7.10*) distrovalue=UBUNTU7.10 ;; *DISTRIB_RELEASE=8.04*) distrovalue="UBUNTU8.04 LTS" ;; *DISTRIB_RELEASE=8.10*) distrovalue=UBUNTU8.10 ;; *DISTRIB_RELEASE=9.04*) distrovalue=UBUNTU9.04 ;; *) echo "Unknown version found in /etc/lsb-release" ;; esac if [ -n $distrovalue ] then pkglistkey="ssh/login/packages" pkglist=`COLUMNS=200 dpkg -l` fi } # # Check for Debian # check_debian (){ [ -e /etc/debian_version ] || return os_version=`cat /etc/debian_version` case "$os_version" in *2.2*) distrovalue=DEB2.2 ;; *3.0*) distrovalue=DEB3.0 ;; *3.1*) distrovalue=DEB3.1 ;; *4.0*) distrovalue=DEB4.0 ;; *5.0*) distrovalue=DEB5.0 ;; *) echo "Unknown version found in cat /etc/debian_version" ;; esac if [ -n $distrovalue ] then pkglistkey="ssh/login/packages" pkglist="`COLUMNS=200 dpkg -l`" fi } # # Checks for Slackware # check_slackware (){ [ -e /etc/slackware-version ] || return os_version=`cat /etc/slackware-version` case "$os_version" in *Slackware\ 8.1*) distrovalue=SLK8.1 ;; *Slackware\ 9.0*) distrovalue=SLK9.0 ;; *Slackware\ 9.1*) distrovalue=SLK9.1 ;; *Slackware\ 10.0*) distrovalue=SLK10.0 ;; *Slackware\ 10.1*) distrovalue=SLK10.1 ;; *Slackware\ 10.2*) distrovalue=SLK10.2 ;; *Slackware\ 11.0*) distrovalue=SLK11.0 ;; *Slackware\ 12.0*) distrovalue=SLK12.0 ;; *) echo "Unknown version found in cat /etc/slackware-version" ;; esac if [ -n $distrovalue ] then pkglistkey="ssh/login/slackpack" pkglist=`ls /var/log/packages` fi } # # Checks for SuSE, openSUSE # check_suse (){ [ -e /etc/SuSE-release ] || return os_version=`cat /etc/SuSE-release` case "$os_version" in *SuSE\ Linux\ 7.3*) distrovalue=SUSE7.3 ;; *SuSE\ Linux\ 8.0*) distrovalue=SUSE8.0 ;; *SuSE\ Linux\ 8.1*) distrovalue=SUSE8.1 ;; *SuSE\ Linux\ 8.2*) distrovalue=SUSE8.2 ;; *SuSE\ Linux\ 9.0*) distrovalue=SUSE9.0 ;; *SuSE\ Linux\ 9.1*) distrovalue=SUSE9.1 ;; *SuSE\ Linux\ 9.2*) distrovalue=SUSE9.2 ;; *SuSE\ Linux\ 9.3*) distrovalue=SUSE9.3 ;; *SUSE\ LINUX\ 10.1*) distrovalue=SUSE10.1 ;; *SUSE\ LINUX\ 10.2*) distrovalue=SUSE10.2 ;; *SUSE\ LINUX\ 10.3*) distrovalue=SUSE10.3 ;; *SUSE\ LINUX\ 11*) distrovalue=SUSE11 ;; *openSUSE\ 10.2*) distrovalue=openSUSE10.2 ;; *openSUSE\ 10.3*) distrovalue=openSUSE10.3 ;; *openSUSE\ 11.0*) distrovalue=openSUSE11.0 ;; *openSUSE\ 11.1*) distrovalue=openSUSE11.1 ;; *SUSE\ LINUX\ Enterprise\ Server\ 9\ *) distrovalue=SLES9.0 ;; *SUSE\ LINUX\ Enterprise\ Server\ 10\ *) distrovalue=SLES10.0 ;; *SUSE\ Linux\ Enterprise\ Server\ 11\ *) distrovalue=SLES11.0 ;; *) echo "Unknown version found in cat /etc/SuSE-release" ;; esac if [ -n $distrovalue ] then pkglistkey="ssh/login/rpms" pkglist=`/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'` fi } # # Checks for Gentoo # check_gentoo (){ [ -e /etc/gentoo-release ] || return os_version=`cat /etc/gentoo-release` case "$os_version" in *Gentoo*) distrovalue=GENTOO ;; *) echo "Unknown version found in cat /etc/gentoo-release" ;; esac if [ -n $distrovalue ] then pkglistkey="ssh/login/pkg" pkglist=`find /var/db/pkg -mindepth 2 -maxdepth 2 -printf "%P\\n"` fi } # # Check for HP UX versions # check_hpux (){ contains "$unamevalue" "HP-UX" if [ $? -ne 1 ] then return; fi os_version=`uname -r` if [ $? -ne 0 ] then return else case "$os_version" in *10.01*) distrovalue=HPUX10.01 ;; *10.10*) distrovalue=HPUX10.10 ;; *10.20*) distrovalue=HPUX10.20 ;; *10.24*) distrovalue=HPUX10.24 ;; *10.26*) distrovalue=HPUX10.26 ;; *11.00*) distrovalue=HPUX11.00 ;; *11.04*) distrovalue=HPUX11.04 ;; *11.20*) distrovalue=HPUX11.20 ;; *11.22*) distrovalue=HPUX11.22 ;; *11.23*) distrovalue=HPUX11.23 ;; *11.31*) distrovalue=HPUX11.31 ;; *) echo "Unknown HP-UX version found in uname -r" ;; esac fi if [ -n $distrovalue ] then pkglistkey="ssh/login/hp_pkgsupersedes" pkglist="`swlist -l patch -a supersedes`" fi } # # Check for SunOS # check_sunos (){ contains "$unamevalue" "SunOS" if [ $? -ne 1 ] then return; fi os_version=`uname -r` if [ $? -ne 0 ] then return else distrovalue=SunOS pkglistkey="ssh/login/solpackages" pkglist="`pkginfo`" fi } # # Writes the result file and exits or simply returns. # finish_or_continue (){ ## might fail if empty, depending on shell [ $distrovalue ] || return if [ -n "$pkglist" ] then status="200 OK" else status="400 List of installed packages could not be retrieved" fi echo "$status" >> $outputfile write_key_value "ssh/login/uname" "$unamevalue" write_key_value "ssh/login/release" "$distrovalue" write_key_value "$pkglistkey" "$pkglist" # Special key/values for HP-UX contains "$unamevalue" "HP-UX" if [ $? -eq 1 ] then hp_pkgrev="`swlist -a revision -l fileset`" write_key_value "ssh/login/hp_pkgrev" "$hp_pkgrev" fi # Special key/values for Gentoo contains "$distrovalue" "GENTOO" if [ $? -eq 1 ] then write_key_value "ssh/login/gentoo" "GENTOO" maintained_pkgs="`find /var/db/pkg -mindepth 2 -maxdepth 2 -printf "%P\\n"`" if [ $maintained_pkgs = "" ] then maintained_pkgs="`find /var/db/pkg -mindepth 2 -maxdepth 2 -printf "%P\\n"`" fi write_key_value "ssh/login/gentoo_maintained" "$maintained_pkgs" fi # Special key/values for SunOS contains "$distrovalue" "SunOS" if [ $? -eq 1 ] then sunosversion="`uname -r`" write_key_value "ssh/login/solosversion" "$sunosversion" hardwaretype="`uname -p`" write_key_value "ssh/login/solhardwaretype" "$hardwaretype" solpatches="`showrev -p`" write_key_value "ssh/login/solpatches" "$solpatches" fi # Exit with -1 if package list could not be retrieved [ "$pkglist" ] || exit -1 exit 0 } # # Checks for all known distributions and creates the result file # main (){ check_rh_fc_ma_ma_centos finish_or_continue check_rhe finish_or_continue check_ubuntu finish_or_continue check_debian finish_or_continue check_slackware finish_or_continue check_suse finish_or_continue check_gentoo finish_or_continue check_hpux finish_or_continue check_sunos finish_or_continue echo "400 Distribution could not be determined" >> $outputfile write_key_value "ssh/login/uname" "$unamevalue" exit -3 } main