1## Init Container Script
2##
3## Author: Stefan Dourado
4## Email : stefan.dourado@ncr.com
5
6set -e
7
8filter_map=/samhain/config/filter
9
10host_dir=/ien_fs
11tmp_dir=/tmp
12
13info_level=err #none, crit, err, info, etc.
14samhain="/samhain/sbin/samhain -p $info_level"
15
16pod_db=/samhain/db/samhain_db
17iso_db=$host_dir/rofs/var/samhain/db/samhain_db
18static_iso_checksum=$(cat $host_dir/rofs/var/samhain/config/db_checksum | awk -F ':' '{print $2}')
19
20pod_files=$tmp_dir/pod_db_files
21iso_files=$tmp_dir/iso_db_files
22
23pod_filter=$tmp_dir/pod_filter
24iso_filter=$tmp_dir/iso_filter
25
26filtered_pod=$tmp_dir/pod_db
27filtered_iso=$tmp_dir/iso_db
28
29ien_version_full=$(head -n1 $host_dir/ien-version)
30
31config_path=/samhain/config/samhainrc
32
33merge_db() {
34 # 1 - Init Pod DB
35 [ -f $pod_db ] && mv $pod_db /tmp/
36 $samhain -t init
37
38 # 2 - Create list of files of both pod and iso DB
39 $samhain --delimited --list-database=$pod_db | awk -F ', ' '{print $17}' | sed 's/\\ / /g' | sort > $pod_files
40 $samhain --delimited --list-database=$iso_db | awk -F ', ' '{print $17}' | sed 's/\\ / /g' | sort > $iso_files
41
42 # 3 - Create filter for both pod and iso DB
43 comm -1 -2 $pod_files $iso_files > $iso_filter
44
45 # Use mounted filter file to ignore some iso entries
46 sort $filter_map | comm -2 -3 $iso_filter - > $tmp_dir/temp_filter
47 mv $tmp_dir/temp_filter $iso_filter
48 cat $pod_files $iso_filter | sort | uniq -u > $pod_filter
49
50 # 4 - Create partial DBs
51 [ -s $pod_filter ] && $samhain --outfile=$filtered_pod --binary --list-filter=$pod_filter --list-database=$pod_db
52 [ -s $iso_filter ] && $samhain --outfile=$filtered_iso --binary --list-filter=$iso_filter --list-database=$iso_db
53
54 # 5 - Merge DBs and set IEN version before [SOF] line
55 [ -s $pod_filter ] && sed -i '1,2d' $filtered_pod
56 echo $ien_version_full > $tmp_dir/samhain_db
57 $samhain -H $config_path | awk -F ':' '{print $2}' >> $tmp_dir/samhain_db
58 [ -f $filtered_iso ] && cat $filtered_iso >> $tmp_dir/samhain_db || { echo "Filtered ISO DB was empty. Proceeding with only Pod DB entries."; echo [SOF] >> $tmp_dir/samhain_db; }
59 [ -s $pod_filter ] && cat $filtered_pod >> $tmp_dir/samhain_db
60
61 # 6 - Copy db to PV
62 cp $tmp_dir/samhain_db $pod_db
63}
64
65# If ISO DB does not exist, we exit out
66if ! test -f "$iso_db"; then
67 echo "Error: ISO DB doesn't exist!!"
68 exit 1
69fi
70
71computed_iso_checksum=$($samhain -H $iso_db | awk -F ':' '{print $2}')
72if ! test "$static_iso_checksum" = "$computed_iso_checksum"; then
73 echo "Warning: DB checksum doesn't match!!"
74fi
75
76# If PV DB does not exist, we generate one
77if ! test -f "$pod_db"; then
78 merge_db
79else
80 db_ien_version=$(head -n1 $pod_db)
81 db_config_version=$(head -n2 $pod_db | tail -1)
82 computed_config_checksum=$($samhain -H $config_path | awk -F ':' '{print $2}')
83 # In case it exists, check if patching or creation is needed
84 if test -z "$db_ien_version" || ! test "$db_ien_version" = "$ien_version_full"; then
85 merge_db
86 elif test -z "$db_config_version" || ! test "$db_config_version" = "$computed_config_checksum"; then
87 merge_db
88 fi
89 echo "OK - DB Successfully created."
90fi
View as plain text