#!/usr/bin/perl # NetUP Systems UTM install script # revision 23.12.01 aospan # e-mail:aospan@netup.ru # Copyright (c) 2001 NetUP Systems . All rights reserved. # use DBI(); use Time::Local; sub check_root { die "You are not root! Run su !\n" if $< && !$test; } check_root; # SET VARIABLES $time = time; $database="UTM"; # GET VARIABLES FROM USER # MAIN $utm_path="/netup"; $sudo_path="/usr/local/bin/sudo"; $trafd_path="/netup/utm/trafd"; # Database VARIABLES (MySQL, Oracle, etc) while (1){ print "Enter DB type: mysql Pg [mysql]:"; chop($database_type = ) or die "Error!"; $database_type =~ s/^\s*//; $database_type =~ s/\s*$//; if ($database_type eq "") { $database_type = "mysql"; }; if ($database_type eq "mysql" || $database_type eq "Pg") { print "database_type=$database_type \n"; last; } else { print "Database type $database_type not supported yet ! Try again. \n"; }; }; while (1){ print "Enter Database path (where bin directory allocated) []:"; chop($database_path = ) or die "Error!"; $database_path =~ s/^\s*//; $database_path =~ s/\s*$//; if ( -d $database_path) { print "database_path=$database_path \n"; last; } else { print "No $database_path directory. Try again. \n"; }; }; while (1){ print "Enter Database login (may be root) [root]:"; chop($database_login = ) or die "Error!"; $database_login =~ s/^\s*//; $database_login =~ s/\s*$//; if ($database_login eq "") { $database_login = "root"; print "database_login=$database_login \n"; }; last; }; while (1){ print "Enter Database password []:"; system("stty -echo"); chop($database_password = ) or die "Error!"; $database_password =~ s/^\s*//; $database_password =~ s/\s*$//; system("stty echo"); print "\n"; #print "database_password=$database_password \n"; last; }; while (1){ print "Enter initial UTM admin login [init]:"; chop($init_login = ) or die "Error!"; $init_login =~ s/^\s*//; $init_login =~ s/\s*$//; if ($init_login eq "") { $init_login = "init"; print "init_login=$init_login \n"; }; last; }; while (1){ print "Enter initial UTM admin IP address []:"; chop($init_ip = ) or die "Error!"; $init_ip =~ s/^\s*//; $init_ip =~ s/\s*$//; if ($init_ip ne "") { print "init_ip=$init_ip \n"; last; } else { print "Enter IP adress! \n"; }; }; while (1){ print "Enter initial UTM admin password []:"; system("stty -echo"); chop($init_password = ) or die "Error!"; $init_password =~ s/^\s*//; $init_password =~ s/\s*$//; system("stty echo"); print "\n"; #print "init_password=$init_password \n"; last; }; # Make libmysqlclient.so.10 available # ldconfig -i $SQL_PATH/lib/mysql/ # Apache + modssl VARIABLES # Obtain /cgi-bin directory real path while (1){ print "Enter CGI-BIN path (where www-executable scripts allocated) []:"; chop($cgi_bin_path = ) or die "Error!"; $cgi_bin_path =~ s/^\s*//; $cgi_bin_path =~ s/\s*$//; if ( -d $cgi_bin_path && -w $cgi_bin_path) { print "cgi_bin_path=$cgi_bin_path \n"; last; } else { print "No $cgi_bin_path directory or directory not writable (run su). Try again. \n"; }; }; # FIREWALL type and PATH VARIABLES while (1){ print "Enter firewall type: ipfw ipchains [ipfw]:"; chop($firewall_type = ) or die "Error!"; $firewall_type =~ s/^\s*//; $firewall_type =~ s/\s*$//; if ($firewall_type eq "") { $firewall_type = "ipfw"; }; if ($firewall_type eq "ipfw" || $firewall_type eq "ipchains") { print "firewall_type=$firewall_type \n"; last; } else { print "Firewall type $firewall_type not supported yet ! Try again. \n"; }; }; while (1){ print "Enter Firewall path (where firewall executable file allocated) [/sbin/ipfw]:"; chop($firewall_path = ) or die "Error!"; $firewall_path =~ s/^\s*//; $firewall_path =~ s/\s*$//; if ($firewall_path eq "") { $firewall_path = "/sbin/ipfw"; }; if ( -f $firewall_path && -x $firewall_path) { print "firewall_path=$firewall_path \n"; last; } else { print "No $firewall_path file or can't execute file (run su). Try again. \n"; }; }; while (1){ print "Enter SUDO path (where sudo executable file allocated) [/usr/local/bin/sudo]:"; chop($sudo_path = ) or die "Error!"; $sudo_path =~ s/^\s*//; $sudo_path =~ s/\s*$//; if ($sudo_path eq "") { $sudo_path = "/usr/local/bin/sudo"; }; if ( -f $sudo_path && -x $sudo_path) { print "sudo_path=$sudo_path \n"; last; } else { print "No $sudo_path file or can't execute file. Try again. \n"; }; }; while (1){ print "Enter collector type: trafd ipcad [ipcad]:"; chop($collector_type = ) or die "Error!"; $collector_type =~ s/^\s*//; $collector_type =~ s/\s*$//; if ($collector_type eq "") { $collector_type = "ipcad"; }; if ($collector_type eq "ipcad" || $collector_type eq "trafd") { print "collector_type=$collector_type\n"; last; } else { print "Collector type $collector_type not supported yet ! Try again. \n"; }; }; while (1){ print "Enter collector host []:"; chop($collector_host = ) or die "Error!"; $collector_host =~ s/^\s*//; $collector_host =~ s/\s*$//; print "collector_host=$collector_host \n"; last; }; while (1){ print "Enter collector iface []:"; chop($collector_iface = ) or die "Error!"; $collector_iface =~ s/^\s*//; $collector_iface =~ s/\s*$//; print "collector_iface=$collector_iface \n"; last; }; # SAVE VARIABLES INTO utm.cfg FILE $cur_time = localtime(time); open (UTM_CFG, "> utm.cfg") or die "Can't write into utm.cfg: $!"; print UTM_CFG "#NetUP UTM ver 2.0 config file \n"; print UTM_CFG "#Created: $cur_time \n"; print UTM_CFG "database=$database\n"; print UTM_CFG "database_type=$database_type\n"; print UTM_CFG "database_host=localhost\n"; print UTM_CFG "database_login=$database_login\n"; print UTM_CFG "database_password=$database_password\n"; print UTM_CFG "database_path=$database_path\n"; print UTM_CFG "cgi_bin_path=$cgi_bin_path\n"; print UTM_CFG "utm_path=/netup\n"; print UTM_CFG "sudo_path=$sudo_path\n"; print UTM_CFG "firewall_type=$firewall_type\n"; print UTM_CFG "firewall_path=$firewall_path\n"; print UTM_CFG "# collector_type={trafd ipcad}\n"; print UTM_CFG "collector_type=$collector_type\n"; print UTM_CFG "collector_path=$collector_path\n"; print UTM_CFG "collector_iface=$collector_iface\n"; print UTM_CFG "collector_host=$collector_host\n"; print UTM_CFG "admin_email=root\n"; print UTM_CFG "user_session_timeout=100\n"; print UTM_CFG "lang=ru\n"; print UTM_CFG "bytes_in_mbyte=1048576\n"; print UTM_CFG "template_path=$cgi_bin_path/utm/template\n"; print UTM_CFG "# -- end --"; close (UTM_CFG) or die "Can't write utm.cfg\n"; # # CREATE ALL NEEDED DIRECTORIES # $temp = system("/bin/echo \" o Creating $utm_path directory tree ...\" && sleep 1"); if ( !-d $utm_path) { $temp = system ("/bin/mkdir $utm_path"); } else { print " $utm_path directory already exist ! Previous installation ?. \n"; }; if (!-d "$utm_path/utm") { $temp = system("/bin/mkdir $utm_path/utm"); }; if (!-d "$utm_path/utm/bin") { $temp = system ("/bin/mkdir $utm_path/utm/bin"); }; if (!-d "$utm_path/utm/traflog") { $temp = system("/bin/mkdir $utm_path/utm/traflog"); }; if (!-d "$utm_path/utm/archive") { $temp = system ("/bin/mkdir $utm_path/utm/archive"); }; # # COPY OUR FILES # $temp = system("/bin/echo \" o Copying our files into $utm_path directory tree ...\""); $temp = system("/bin/cp ./bin/* $utm_path/utm/bin/"); $temp = system("/bin/cp utm.cfg $utm_path/utm/"); $temp = system("/bin/echo \" o Copying our files into $cgi_bin_path directory tree ...\""); $temp = system("/bin/cp -R ./utm $cgi_bin_path"); $temp = system("chmod ugo+x $cgi_bin_path/utm/*"); if ($collector_type eq "trafd"){ $temp = system("/bin/cp traflog.format $trafd_path/etc/"); }; # # CREATING DATABASE TABLES # RUN our maketable # print " o Creating UTM DB ...\n"; if ($database_type eq "mysql"){ $temp = system("$database_path/bin/mysqladmin -u $database_login --password=$database_password create $database >/dev/null 2>/dev/null"); } elsif ($database_type eq "Pg"){ if ($database_password ne ""){ $temp = system ("$database_path/bin/createdb $database -U $database_login -W $database_password"); }else { $temp = system ("$database_path/bin/createdb $database -U $database_login"); }; }; if ($temp ne 0) { print " Database $database exist ? \n"; print " Stopped! \n"; exit (1); } else { print " o Creating tables in UTM DB ...\n"; $temp = system("$database_path/bin/mysql -u $database_login --password=$database_password $database < UTM_row.sql"); # Connect to the database if ($database_type eq "mysql") { $DBI_data="DBI:$database_type:database=$database;host=$database_host"; } elsif ($database_type eq "Pg") { $DBI_data="DBI:$database_type:dbname=$database"; } else { print "Unknown database $database_type! Stopped. \n"; exit (1); }; $dbh = DBI->connect("$DBI_data","$database_login", "$database_password",{'RaiseError' => 1}); # CREATE initial ADMIN account $crypted_password=crypt($init_password,$init_password); $dbh->do("INSERT INTO users VALUES (NULL, \"$init_login\", \"$crypted_password\", \"Initial admin\", \"$init_ip\", 0, 0, 0, \"0\", \"Delete this user\", $time,\"1\",NULL,0,0,0,0,\"1\",\"\",0,0,0,0,\"rus\",0)"); # CREATE traffic INDEX for DB optimization #$dbh->do("ALTER TABLE traffic ADD INDEX ips (ip_from(15),ip_to(15));"); # Disconnect from the database. $dbh->disconnect(); }; # Write entry into /etc/sudoers $sudo_temp = system ("egrep nobody /etc/crontab >/dev/null 2>/dev/null"); if ($sudo_temp ne 0){ $temp = system ("/bin/echo \"nobody ALL= NOPASSWD: $firewall_path\" >> /etc/sudoers"); $temp = system ("/bin/echo \"nobody ALL= NOPASSWD: $database_path/bin/mysqladmin\" >> /etc/sudoers"); $temp = system ("/bin/echo \"nobody ALL= NOPASSWD: $database_path/bin/mysqldump\" >> /etc/sudoers"); $temp = system ("/bin/echo \"nobody ALL= NOPASSWD: /bin/echo\" >> /etc/sudoers"); $temp = system ("/bin/echo \"nobody ALL= NOPASSWD: /bin/mv\" >> /etc/sudoers"); }else { print " /etc/sudoers already contain necessary entry ! Check it ! \n"; }; # CREATE crontab entries print " o Writing entry into /etc/crontab ...\n"; $temp = system ("egrep tsave /etc/crontab >/dev/null 2>/dev/null"); if ($temp ne 0){ $temp = system("/bin/echo \"0,5,10,15,20,25,30,35,40,45,50,55 * * * * root $utm_path/utm/bin/tsave >/dev/null 2>/dev/null\" >> /etc/crontab"); $temp = system("killall -HUP cron >/dev/null 2>/dev/null"); $temp = system("killall -HUP crond >/dev/null 2>/dev/null"); }else { print " /etc/crontab already contain necessary entry ! Check it ! \n"; }; # INSTALL ipcad if ($collector_type eq "ipcad"){ print " o Installing ipcad \n"; $ipcad_temp = system ("cd ../ipcad && ./configure >/dev/null && make >/dev/null && make install >/dev/null"); if ($ipcad_temp eq 0){ print " ipcad installed succesfully\n"; $collector_path="/usr/local/bin/ipcad"; } else { print " Some error allocated when installing ipcad \n"; }; }; # Create ipcad.conf and write it into /usr/local/etc $cur_time = localtime(time); open (IPCAD_CFG, "> ipcad.conf") or die "Can't write into ipcad.conf: $!"; print IPCAD_CFG "#Created: $cur_time\n"; print IPCAD_CFG "interface $collector_iface promisc\;\n"; print IPCAD_CFG "rsh enable\;\n"; print IPCAD_CFG "rsh root\@127.0.0.1 admin\;\n"; print IPCAD_CFG "memory_limit = 16m\;\n"; print IPCAD_CFG "chroot = $utm_path/utm/traflog;\n"; print IPCAD_CFG "dumpfile = ipcad.dump\;\n"; print IPCAD_CFG "ttl = 3\;\n"; print IPCAD_CFG "rsh timeout = 30\;\n"; print IPCAD_CFG "# -- end --"; close (IPCAD_CFG) or die "Can't write ipcad.conf\n"; $temp = system("/bin/cp ipcad.conf /usr/local/etc"); # Start ipcad print " o Starting ipcad ...\n"; $temp = system ("$collector_path >/dev/null 2>/dev/null &"); # Write ipcad to startup script print " o Writing entry into /etc/rc.local ...\n"; $temp = system ("egrep ipcad /etc/rc.local >/dev/null 2>/dev/null"); if ($temp ne 0){ $temp = system("/bin/echo \"$collector_path \&\" >> /etc/rc.local"); }else { print " /etc/rc.local already contain necessary entry ! Check it ! \n"; }; # If firewall_type=ipchains then write DENY rules into input chain if ($firewall_type eq "ipchains"){ while (1){ print " o Write DENY entry into forward chain ? Yes/No \n"; chop($ipchains_choise = ) or die "Error!"; $ipchains_choise =~ s/^\s*//; $ipchains_choise =~ s/\s*$//; if ($ipchains_choise eq "Yes") { $temp = system("$firewall_path -i $collector_iface -I forward 1 -j DENY"); last; }elsif ($ipchains_choise eq "No"){ print " No entry added into forward chain! \n"; last; }else { print "Choose Yes or No! \n"; }; }; }; # INSTALLATION COMPLETE print "\n ----- Congratulation! Installation complete! -----\n";