# -*- sh -*-
#
#     tiger - A UN*X security checking system
#     Copyright (C) 1993 Douglas Lee Schales, David K. Hess, David R. Safford
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# Linux/2/config - (based on Sun/5/config) 06/14/93
#     Developed by Advanced Research Corporation (R)
# 
#-----------------------------------------------------------------------------
# Linux/1/config - 04/20/99
# Linux/2/config - 04/20/99
# Linux/2/config - 10/09/99
#  Added the new check_neverlogin script
# Linux/2/config - 08/07/2002 - jfs change in LSGROUPS
# Linux/2/config - 11/25/2002 - jfs added PROCDIR and APACHECONFDIR
#                               also added code to determine Linux distribution
# Linux/2/config - 04/15/2002 - jfs added check for LSGROUP variable based
#				on fileutils version
# Linux/2/config - 06/20/2002 - jfs
#   Added patch provided by Ryan Bradetich to consider the 
#   case of RedHat's 7.1 fileutils:
#   $ ls --version
#   ls (GNU fileutils) 4.0.36
# Linux/2/config - 08/11/2003 - jfs - Added TCPD to exported variables and
#                  included HOSTALLOW and HOSTDENY
# Linux/2/config - 08/13/2003 - jfs - Removed LSCRIPTDIR since it is no 
#                  longer needed.
# Linux/2/config - 08/14/2003 - jfs - Added IFCONFIG
# Linux/2/config - 08/29/2003 - jfs - TESTEXEC needs to be defined first 
#                  for findcmd() to work
# Linux/2/config - 09/19/2003 - jfs - Define UUID (otherwise the new check 
#		of script permissions in initdefs will not work)
# Linux/2/config - 11/19/2003 - jfs - Define REALPATH and SNEFRU to $BINDIR
#	        and removed paths from findcmd() (patch from Ryan Bradetich)
# Linux/2/config - 01/11/2004 - rbrad - Add OMNIBACK_CELLSERVER and NTPCONF
# Linux/2/config - 01/15/2004 - jfs - Add XINETDCONF and INETDCONF
# Linux/2/config - 03/31/2005 - jfs - Changed GROUPC to GROUPSS
# Linux/2/config - 04/17/2005 - jfs - Added IPTABLES and CMP
# Linux/2/config - 05/20/2006 - jfs - Use TAIL properly (POSIX 1003.2-1992)
#
#-----------------------------------------------------------------------------
 


#UUID=`/usr/bin/id | /bin/sed -e 's/uid=\([0-9][0-9]*\).*$/\1/'`
UUID=`id -u`
USERNAME=`whoami`
# This will work in most shells
[ "$UUID" = "" ] && UUID=$UID
[ "$USERNAME" = "" ] && USERNAME=$USER
# Last resort 
[ "$UUID" = "" -a ! "$USERNAME" = "" ] && {
	# Try this and see it works
	UUID=`grep  ^$USERNAME: /etc/passwd  |awk -F : '{print $3}'`
}
export UUID

[ "$USERNAME" != "root" ] && {
  echo " " 1>&2
  echo "This script should be run from a super-user account." 1>&2
  echo " " 1>&2
# We don't need to bail out here, but most scripts will not run
# properly, however
#  exit 1
}

findcmd()
{
  CMD=$1

  SRCH=/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin

  SAVEIFS=$IFS
  IFS=:
  set $SRCH
  IFS=$SAVEIFS
  for dir
  do
    [ $TESTEXEC $dir/$CMD ] && {
      echo $dir/$CMD
      return
    }
  done
}

# First of all, determine our distribution (might affect tests
# below)
LXDISTRIBUTION="unknown"
[ -f /etc/redhat-release ] && LXDISTRIBUTION="redhat"
[ -f /etc/debian_version ] && LXDISTRIBUTION="debian"
[ -f /etc/SuSE-release ] && LXDISTRIBUTION="redhat"
[ -f /etc/immunix-release ] && LXDISTRIBUTION="inmunix"
[ -f /etc/mandrake-release ] && LXDISTRIBUTION="mandrake"
[ -f /etc/turbolinux-release ] && LXDISTRIBUTION="turbolinux"
export LXDISTRIBUTION

TESTEXEC=-x
TESTLINK=-L
export TESTLINK TESTEXEC

RM=`findcmd rm`

AWK=`findcmd awk`
CAT=`findcmd cat`
LS=`findcmd ls`
CUT=`findcmd cut`
WC=`findcmd wc`
TEE=`findcmd tee`
COLUMN=`findcmd column`
CMP=`findcmd cmp`

GREP=`findcmd grep`
EGREP=`findcmd egrep`
SED=`findcmd sed`
SORT=`findcmd sort`
COMM=`findcmd comm`
TAIL=`findcmd tail`
TCPD=`findcmd tcpd`
HOSTALLOW=/etc/hosts.allow
HOSTDENY=/etc/hosts.deny
IFCONFIG=`findcmd ifconfig`
IP=`findcmd ip`
NETSTAT=`findcmd netstat`
IPTABLES=`findcmd iptables`
HEAD=`findcmd head`
MV=`findcmd mv`
TR=`findcmd tr`
JOIN=`findcmd join`
GROUPSS=`findcmd groups`
FILECMD=`findcmd file`
UNIQ=`findcmd uniq`
BASENAME=`findcmd basename`
CHMOD=`findcmd chmod`
CHOWN=`findcmd chown`
LN=`findcmd ln`
PASTE=`findcmd paste`
DIFF=`findcmd diff`
ID=`findcmd id`
EXPAND=`findcmd expand`
# We use sendmail better than mail since we use it to
# send appropiate headers
MAILER=`findcmd sendmail`
[ -z "$MAILER" ] && MAILER=`findcmd mail`
LSOF=`findcmd lsof`
MD5SUM=`findcmd md5sum`
if [ -f "$BINDIR/realpath" ]; then
	REALPATH=$BINDIR/realpath
else 
	REALPATH=`findcmd realpath`
fi
PWD=`findcmd pwd`
# Package management tools
DPKG=`findcmd dpkg`
APT=`findcmd apt-get`
RPM=`findcmd rpm`
AUTORPM=`findcmd autorpm`
# Silent grep
SGREP="$EGREP -s"
X=`$EGREP -s : /etc/passwd 2>&1 | $TAIL -n 1`
[ "$X" != "" ] && {
  SGREP="$GREP -s"
  X=`$GREP -s : /etc/passwd 2>&1 | $TAIL -n 1`
  [ "$X" != "" ] && {
    SGREP="$BASEDIR/util/sgrep"
  }
}
if [ -f "$BINDIR/snefru" ]; then
	SNEFRU=$BINDIR/snefru
else
	SNEFRU=`findcmd snefru`
fi
MD5=`findcmd md5`
[ -z "$MD5" -a -n "$MD5SUM" ] && MD5=$MD5SUM
PWCK=`findcmd pwck`
[  -n "$PWCK" ] && PWCK="$PWCK -r"
GRPCK=`findcmd grpck`
[  -n "$GRPCK" ] && GRPCK="$GRPCK -r"
CHAGE=`findcmd chage`
MESG=`findcmd mesg`
LASTLOG=`findcmd lastlog`
TEST=`findcmd test`

LSGROUP="-l"
# -L to show file instead of symlink
LSLINK="-L"

export CAT LS LSGROUP LSLINK RM AWK GREP EGREP SGREP SED
export SORT COMM TAIL MV TR JOIN GROUPSS FILECMD UNIQ BASENAME HEAD
export CHMOD CHOWN LN PASTE LSOF MD5SUM CUT COLUMN CMP
export SNEFRU MD5 REALPATH PWCK GRPCK CHAGE MESG DIFF WC
export PWD DPKG RPM AUTORPM APT ID EXPAND LASTLOG TEST TEE 
export TCPD HOSTALLOW HOSTDENY IFCONFIG IP IPTABLES NETSTAT


UNAME=`findcmd uname`
HOSTNAME=`findcmd hostname`
GETHOSTNAME=`findcmd hostname`
EXPR=`findcmd expr`
STRINGS=`findcmd strings`
FIND=`findcmd find`

FINDXDEV=-xdev
FMT=`findcmd fmt`
GETFS=`findcmd mount`
CC=`findcmd cc || findcmd gcc`
PS=`findcmd ps`
DATE=`findcmd date`
DATECMD="$DATE +%y%m%d"
TIMECMD="$DATE +%H:%M"


export UNAME HOSTNAME EXPR STRINGS FIND FINDXDEV GETHOSTNAME
export FMT GETFS CC PS DATE DATECMD TIMECMD 

WAIT=wait

# Configuration files
SENDMAILS="/usr/sbin/sendmail"
SENDMAILCF="/etc/sendmail.cf"
if [ -f /etc/mail/sendmail.cf ]
then
	SENDMAILCF="/etc/mail/sendmail.cf"
fi
export SENDMAILS SENDMAILCF

LOGINDEF="/etc/login.defs"
PAMLOGINDEF="/etc/pam.d/login"
export LOGINDEF PAMLOGINDEF

# For Apache server configuration
APACHECONFDIR="/etc/httpd/conf/"
[ "$LXDISTRIBUTION" = "debian" ] && APACHECONFDIR="/etc/apache/"
[ "$LXDISTRIBUTION" = "suse" ] && APACHECONFDIR="/etc/httpd/"
# For SSHd configuration
if [ -f /etc/ssh/sshd_config ]
then
        SSHD_CONFIG="/etc/ssh/sshd_config"
	export SSHD_CONFIG
fi
# TODO: Check if all distributions use this configuration file

# Inet and xinet configuration files
INETDCONF="/etc/inetd.conf"
XINETDCONF="/etc/xinetd.conf"
export INETDCONF XINETDCONF


# For omniback server configuration
OMNIBACK_CELLSERVER="/usr/omni/config/cell/cell_server"
export OMNIBACK_CELLSERVER

# Location of the NTPCONF file
NTPCONF=/etc/ntp.conf
export NTPCONF

# For Yellow Pages services
YPCAT=`findcmd ypcat`

YP=
($PS aux | $GREP ypbind | $SGREP -v $GREP) && YP=Y
export YP

YPSERVER="NO"
($PS aux | $GREP ypserv | $SGREP -v $GREP) && YPSERVER="YES"

# To check databases
GETENT=`findcmd getent`

export WAIT YPCAT YPSERVER GETENT

# Directories
MAILSPOOL=/var/spool/mail
#
if [ -d /var/spool/cron/crontabs ]; then
  CRONSPOOL=/var/spool/cron/crontabs
elif [ -d /usr/spool/cron/crontabs ]; then
  CRONSPOOL=/usr/spool/cron/crontabs
elif [ -d /var/spool/cron ]; then
  CRONSPOOL=/var/spool/cron
else
  CRONSPOOL=NULL
fi
#
ETCSHELLS=/etc/shells
CRONALLOW=/etc/cron.allow
CRONDENY=/etc/cron.deny
#
export MAILSPOOL CRONSPOOL ETCSHELLS CRONALLOW CRONDENY

LOCFS=ext2
export LOCFS

FS_WDIRSYS="/tmp/ /var/tmp/ /var/spool/mail/"
export FS_WDIRSYS
#
SYSDEFAULTPATH="/bin:/usr/bin"
export SYSDEFAULTPATH

# For check_network
PROCDIR="/proc"
export PROCDIR

CDIR="$BASEDIR/systems"
eval `
  while read var file
  do
    if [ -f "$CONFIG_DIR/$file" ]; then
      loc="$CONFIG_DIR"
    elif [ -f "$CDIR/$OS/$REL/$REV/$ARCH/$file" ]; then
      loc="$CDIR/$OS/$REL/$REV/$ARCH"
    elif [ -f "$CDIR/$OS/$REL/$REV/$file" ]; then
      loc="$CDIR/$OS/$REL/$REV"
    elif [ -f "$CDIR/$OS/$REL/$file" ]; then
      loc="$CDIR/$OS/$REL"
    elif [ -f "$CDIR/$OS/$file" ]; then
      loc="$CDIR/$OS"
    else
      loc=""
    fi
    if [ "$loc" != "" ]; then
      echo $var="$loc/$file;"
    else
      echo "$var=;"
    fi
    echo "export $var;"
  done << EOL
GEN_PASSWD_SETS gen_passwd_sets
GEN_GROUP_SETS gen_group_sets
GEN_ALIAS_SETS gen_alias_sets
CHECK_CRON check_cron
GEN_BOOTPARAM_SETS gen_bootparam_sets
GEN_EXPORT_SETS gen_export_sets
GEN_SERVICES_SETS gen_services
GET_MOUNTS gen_mounts
SIGNATURE_FILE signatures
SERVICESFILE services
INETDFILE inetd
ISSUEFILE issue
ISSUENETFILE issue.net
FILE_ACL file_access_list
SUID_LIST suid_list
SGID_LIST sgid_list
REL_FILE_EXCP rel_file_exp_list
GEN_CRON_FILES gen_cron
GETCLIENTDIRS gendlclients
GEN_INETD_SETS gen_inetd
GETDISKS getdisks
EMBEDDEDLIST embedlist
GETUSERHOME getuserhome
EOL
`
