/usr/lib/tiger/scripts/integrit_run is in tiger 1:3.2.4~rc1-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 | #!/bin/sh
#
# tiger - A UN*X security checking system
# Copyright (C) 2003 Javier Fernandez-Sanguino
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Please see the file `COPYING' for the complete copyright notice.
#
# integrit_run - 08/09/2003
#
# Runs the integrit file checker and reports the results through the mesasging
# interface.
#
# 08/13/2003 - jfs - Respect the override (if done) from the site configuration
# file
#
#-----------------------------------------------------------------------------
# TODO
# - Test further this script.
#
#-----------------------------------------------------------------------------
#
TigerInstallDir="/usr/lib/tiger"
#
# Set default base directory.
# Order or preference:
# -B option
# TIGERHOMEDIR environment variable
# TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}
for parm
do
case $parm in
-B) basedir=$2; break;;
esac
done
#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
exit 1
}
. $basedir/config
. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
haveallcmds RM || exit 1
haveallfiles BASEDIR WORKDIR || exit 1
haveallvars TESTLINK HOSTNAME Tiger_INTEGRIT_CFG
echo "--CONFIG-- [init003c] $0: Configuration ok..."
exit 0
}
#------------------------------------------------------------------------
echo
echo "# Running Integrit file checker..."
# Integrit binary location|override + default check
# Which, find, user-supplied var or tigexp's findcmd?:
if [ -z "$INTEGRIT" ]
then
if [ -z "${Tiger_INTEGRIT_LOC_OVERRIDE}" ]
then
INTEGRIT=`which integrit`
else
INTEGRIT=${Tiger_INTEGRIT_LOC_OVERRIDE}
fi
fi
haveallcmds RM INTEGRIT || exit 1
haveallfiles BASEDIR WORKDIR || exit 1
haveallvars TESTLINK HOSTNAME Tiger_INTEGRIT_CFG || exit 1
# TODO:
# - The location of integrit should be tested and not be
# hardcoded in the script.
INTEGRIT_RPT="$WORKDIR/integrit.out.tmp.$$"
safe_temp $INTEGRIT_RPT
trap 'delete $INTEGRIT_RPT; exit 1' 1 2 3 15
$INTEGRIT -c -C $Tiger_INTEGRIT_CFG 2> /dev/null > $INTEGRIT_RPT
# TODO: calling INTEGRIT should check the errors (if any)
# i.e. check $? and determine what happened
# Differentiate between added, changed and removed files
for status in changed removed detected; do
$GREP ${INTEGRIT_RPT} -e "^${status}:" |
$AWK '{ print $2; }' |
while read result
do
case "${status}" in
changed) exp="integ003w";;
removed) exp="integ004w";;
added) exp="integ005w";;
esac
message WARN ${exp} "" "Detected ${status} for file ${result}"
done
done
delete $INTEGRIT_RPT
exit 0
|