postinst is in tripwire 2.4.2.2-3.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 | #!/bin/sh
SITEKEYFILE=/etc/tripwire/site.key
LOCALKEYFILE=/etc/tripwire/${hostname}-local.key
set -e
# Post-installation script for the Debian Tripwire distribution.
# Make sure we should be running...
case "$1" in
configure)
# continue below
;;
abort-upgrade|abort-remove|abort-deconfigure)
exit 0
;;
*)
echo "postinst called with unknown argument: $1" >&2
exit 0
;;
esac
# Set up the necessary environment
CFGFILE=/etc/tripwire/tw.cfg
CFGTEXT=/etc/tripwire/twcfg.txt
POLTEXT=/etc/tripwire/twpol.txt
eval `twadmin -m f 2>/dev/null |
perl -pe 's!HOSTNAME!uname -n!g; s!DATE!date!g; \
s!^\s*([^=\s]+)\s*=\s*(.+)!$1="$2"!'`
case $ROOT in
'')
eval `perl -pe 's!HOSTNAME!uname -n!g; s!DATE!date!g; \
s!^\s*([^=\s]+)\s*=\s*(.+)!$1="$2"!' $CFGTEXT`
;;
esac
# OK, now do the debconf stuff
# Source debconf library.
. /usr/share/debconf/confmodule
# The following pass phrase retrieval sequence is known to have
# windows where the pass phrase is stoed somewhere in clear text.
# I've attempted to reduce this window to the smallest possible
# period. If you can lower it further, send me a patch.
get_pass_phrase ()
{
while true
do
db_beginblock
db_title "Get $1 passphrase"
db_fset tripwire/$1-passphrase seen false
db_input critical tripwire/$1-passphrase || true
db_fset tripwire/$1-passphrase-again seen false
db_input critical tripwire/$1-passphrase-again || true
db_endblock
db_go
db_get tripwire/$1-passphrase
pass_phrase_1="$RET"
db_reset tripwire/$1-passphrase
db_get tripwire/$1-passphrase-again
pass_phrase_2="$RET"
db_reset tripwire/$1-passphrase-again
case "$pass_phrase_1" in
"$pass_phrase_2")
break ;;
esac
done
# Protect against people using quoation characters in their passphrases
case "$1" in
local)
local_pass="$pass_phrase_1"
;;
site)
site_pass="$pass_phrase_1"
;;
esac
pass_phrase_1=
pass_phrase_2=
}
twadmin=/usr/sbin/twadmin
db_get tripwire/use-sitekey
use_sitekey="$RET"
if [ "$use_sitekey" = "true" ] && [ ! -f "$SITEKEYFILE" ]
then
get_pass_phrase site
echo "Generating site key (this may take several minutes)..."
(echo "$site_pass"; sleep 2; echo "$site_pass") \
| $twadmin -m G -S "$SITEKEYFILE" > /dev/null 2>&1
fi
db_get tripwire/use-localkey
use_localkey="$RET"
if [ "$use_localkey" = "true" ] && [ ! -f "$LOCALKEYFILE" ]
then
get_pass_phrase local
echo "Generating local key (this may take several minutes)..."
(echo "$local_pass"; sleep 2; echo "$local_pass") | \
$twadmin -m G -L "$LOCALKEYFILE" > /dev/null 2>&1
fi
chmod 600 $SITEKEYFILE || true
chmod 600 $LOCALKEYFILE || true
case "$use_sitekey" in
true)
db_get tripwire/rebuild-config
if [ ! -f "$CFGFILE" ] || [ "$RET" = "true" ]; then
case "$site_pass" in
'') get_pass_phrase site
;;
esac
while echo "$site_pass" | \
$twadmin -m F -S "$SITEKEYFILE" $CFGTEXT | \
grep -q 'Incorrect site passphrase.'
do
db_fset tripwire/site-passphrase-incorrect seen false
db_input critical tripwire/site-passphrase-incorrect
db_go
db_get tripwire/site-passphrase-incorrect
case "$RET" in
true) ;;
*) exit 0;;
esac
get_pass_phrase site
done
fi
db_get tripwire/rebuild-policy
if [ ! -f "$POLFILE" ] || [ "$RET" = "true" ]; then
case "$site_pass" in
'') get_pass_phrase site
;;
esac
while echo "$site_pass" | \
$twadmin -m P $POLTEXT | \
grep -q 'Incorrect site passphrase.'
do
db_fset tripwire/site-passphrase-incorrect seen false
db_input critical tripwire/site-passphrase-incorrect
db_get tripwire/site-passphrase-incorrect
case "$RET" in
true) ;;
*) exit 0;;
esac
get_pass_phrase site
done
fi
;;
esac
db_input high tripwire/installed || true
db_go
exit 0
|