#!/usr/bin/perl -w ##=====================================================================## ## Copyright (C) 2001-2002 Stephen Zarkos. All rights reserved. ## Obsid@Sentry.net ## ## Please see file: COPYRIGHT for further copyright information and ## disclaimer. Or online at http://www.SentryFirewall.com/files/COPYRIGHT ##=====================================================================## ## File: cd-config.pl require ("/etc/rc.d/SENTRY/do_config.pl"); require ("/etc/rc.d/SENTRY/get_config.pl"); require ("/etc/rc.d/SENTRY/process_conf.pl"); require ("/etc/rc.d/SENTRY/networking.pl"); $ENV{'PATH'} = "/bin:/sbin"; $SIG{INT} = 'IGNORE'; $SIG{HUP} = 'IGNORE'; umask 022; MAIN: { ## Read stdinput my $READWRITE = <>; ## Other vars my $status = "0"; my $config = 'sentry.conf'; my $version = '1.2.0RH-BETA5'; ## Global @conf = (); %prefs = (); $net = "0"; ($m_point,$device) = ''; ## Announcement that script is running print "\033[0;31m"; print "Sentry Firewall CD-ROM"; print "\033[0;39m"; print " [v${version}] - (www.SentryFirewall.com)\n"; &do_log("Sentry Firewall CD-ROM [v${version}] Starting..."); ## Call sub get_config to try and retrieve config file $status = &get_config($config); if ($status ne '1') { ## If we failed to mount anything and retrieve a config, then ## just grab the default config and throw it into @conf. print "Failed to find config file \"$config\", using /etc/default/${config}\n"; &do_log("Failed to find config file \"${config}\", using /etc/rc.d/SENTRY/${config}"); $status = '1'; if (-f "/etc/rc.d/SENTRY/${config}") { open(CONF,"; close(CONF); } } elsif (!(-f "/etc/default/${config}") || ($status = '0')) { print "Failed to open /etc/default/${config}\n"; print "Using defaults... \n"; &do_log("Failed to open /etc/default/${config}, using defaults."); } } ## End if ## Process @conf, put entries into %prefs. &process_conf; ## Remount root file system read/write so we can do stuff. ## Root usually not mounted 'ro' for this application anyway. if ($READWRITE eq 'no') { print "Remounting root read/write... "; system("/sbin/mount -w -n -o remount / 1>/dev/null"); if (($?) && ($? > "0")) { print "Error.\n"; ## This is bad, may have to exit. } else { print "Done.\n"; } } ## Parse config, make necessary symlinks. &do_config; print "Configuration complete...\n"; ## Clean up, unmount $m_point(used in get_config) if ($device ne '') { print "Attempting to unmount ${device} mounted on ${m_point}... "; system("/sbin/umount -n $m_point 1>/dev/null"); if (($?) && ($? gt "0")) { print "Error.\n"; &do_log("Failed to unmount ${device}, mounted on ${m_point}."); } else { print "Done.\n"; } } ## Finish up, remove any stuff left in /tmp and some static binaries we ## no longer need. print "Cleaning up... "; system("rm -rf /tmp/* 1>/dev/null 2>/dev/null"); system("rm -f /bin/{ssh,sftp,scp,wget} 1>/dev/null 2>/dev/null"); ## Needed only for network config support. print "Done.\n"; ## Avoid some annoying warnings. %prefs = (); $net = ''; exit(0); } ## End MAIN ##-------------------------------------------------------------------------## ## Function: do_log() ## Logs to $logfile sub do_log { my $logfile = '/var/log/SENTRY_LOG'; my $log = "$_[0]"; if (open(FH, ">>${logfile}")) { flock(FH,2); print FH "${log}\n"; close(FH); } else { return 0; } return 1; } ## End sub do_log() ##-------------------------------------------------------------------------## ## _EOF_ ##