install.pl

Revision 816, 57.5 kB (checked in by mbr, 1 year ago)

Added --interface command line argument to install.pl to allow the

sniffing interface to be specified from the command line. Also updated
install.pl to enforce a 10-try maximum for attempting to accept a valid
interface name from the command line (LANG env issues can exist
sometimes).

Property svn:eol-style set to native
Property svn:executable set to *
Property svn:keywords set to Author Date Id Revision

Line
1	#!/usr/bin/perl -w
2	#
3	#############################################################################
4	#
5	# File: install.pl
6	#
7	# URL: http://www.cipherdyne.org/fwknop
8	#
9	# Purpose: Installer for fwknop
10	#
11	# Credits: (see the CREDITS file)
12	#
13	# Copyright (C) 2004-2007 Michael Rash (mbr@cipherdyne.org)
14	#
15	# License (GNU Public License):
16	#
17	# This program is distributed in the hope that it will be useful,
18	# but WITHOUT ANY WARRANTY; without even the implied warranty of
19	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20	# GNU General Public License for more details.
21	#
22	# You should have received a copy of the GNU General Public License
23	# along with this program; if not, write to the Free Software
24	# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
25	# USA
26	#
27	#############################################################################
28	#
29	# $Id$
30	#
31
32	use Cwd;
33	use File::Copy;
34	use File::Path;
35	use Getopt::Long;
36	use Sys::Hostname;
37	use strict;
38
39	#========================== config ===========================
40	my $INIT_DIR = '/etc/init.d';
41	my $USRBIN_DIR = '/usr/bin';
42	my $USRSBIN_DIR = '/usr/sbin';
43
44	my $RUNLEVEL; ### This should only be set if install.pl
45	### cannot determine the correct runlevel
46
47	### only used it $ENV{'HOME'} is not set for some reason
48	my $config_homedir = '';
49
50	my $fwknop_conf_file = 'fwknop.conf';
51
52	### system binaries
53	my $chkconfigCmd = '/sbin/chkconfig';
54	my $rcupdateCmd = '/sbin/rc-update'; ### Gentoo
55	my $makeCmd = '/usr/bin/make';
56	my $perlCmd = '/usr/bin/perl';
57	my $gzipCmd = '/bin/gzip';
58	my $killallCmd = '/usr/bin/killall';
59	my $mknodCmd = '/bin/mknod';
60	my $ifconfigCmd = '/sbin/ifconfig';
61	#======================== end config =========================
62
63	### main configuration hash
64	my %config = ();
65
66	my $client_install = 0;
67	my $bsd_install = 0;
68	my $cygwin_install = 0;
69	my $homedir = '';
70	my $distro = '';
71	my $print_help = 0;
72	my $uninstall = 0;
73	my $syslog_conf = '';
74	my $data_method = '';
75	my $runlevel;
76	my $force_install_re = '';
77	my $force_path_update = 0;
78	my $sniff_interface = '';
79	my $cmdline_force_install = 0;
80	my $skip_module_install = 0;
81	my $force_defaults = 0;
82	my $cmdline_os_type = '';
83	my $os_type = 0;
84	my $lang_env = 'en_US.UTF-8'; ### default LANG env variable
85	my $no_lang_env = 0;
86
87	### unless --OS-type is used, install.pl will try to figure out the
88	### OS where fwknop is being installed (this is usually best).
89	my $OS_LINUX = 1;
90	my $OS_BSD = 2;
91	my $OS_CYGWIN = 3;
92	my $OS_DARWIN = 4; ### Mac OS X
93
94	my %os_types = (
95	'linux' => $OS_LINUX,
96	'bsd' => $OS_BSD,
97	'cygwin' => $OS_CYGWIN,
98	'darwin' => $OS_DARWIN
99	);
100
101	my %exclude_cmds = (
102	'mail' => '',
103	'fwknop' => '',
104	'fwknopd' => '',
105	'fwknop_serv' => '',
106	'knopmd' => '',
107	'knoptm' => '',
108	'knopwatchd' => '',
109	);
110
111	### perl module directories
112	my @required_perl_modules = (
113	{ 'module' =>'Class::MethodMaker', ### GnuPG::Interface dependency
114	'force-install' => 0,
115	'client-mode-install' => 1,
116	'mod-dir' => 'Class-MethodMaker'
117	},
118	{ 'module' => 'GnuPG::Interface',
119	'force-install' => 0,
120	'client-mode-install' => 1,
121	'mod-dir' => 'GnuPG-Interface'
122	},
123	{ 'module' => 'Unix::Syslog',
124	'force-install' => 0,
125	'client-mode-install' => 0,
126	'mod-dir' => 'Unix-Syslog'
127	},
128	{ 'module' => 'Net::IPv4Addr',
129	'force-install' => 0,
130	'client-mode-install' => 1,
131	'mod-dir' => 'Net-IPv4Addr'
132	},
133	{ 'module' => 'Net::Pcap',
134	'force-install' => 0,
135	'client-mode-install' => 0,
136	'mod-dir' => 'Net-Pcap'
137	},
138	{ 'module' => 'List::MoreUtils', ### Net::RawIP dependency
139	'force-install' => 0,
140	'client-mode-install' => 1,
141	'mod-dir' => 'List-MoreUtils'
142	},
143	{ 'module' => 'Net::RawIP',
144	'force-install' => 0,
145	'client-mode-install' => 1,
146	'mod-dir' => 'Net-RawIP'
147	},
148	{ 'module' => 'Net::Ping::External',
149	'force-install' => 0,
150	'client-mode-install' => 1,
151	'mod-dir' => 'Net-Ping-External'
152	},
153	{ 'module' => 'Crypt::Rijndael',
154	'force-install' => 0,
155	'client-mode-install' => 1,
156	'mod-dir' => 'Crypt-Rijndael'
157	},
158	{ 'module' => 'Crypt::CBC',
159	'force-install' => 0,
160	'client-mode-install' => 1,
161	'mod-dir' => 'Crypt-CBC'
162	},
163	{ 'module' => 'Term::ReadKey',
164	'force-install' => 0,
165	'client-mode-install' => 1,
166	'mod-dir' => 'TermReadKey'
167	},
168	{ 'module' => 'IPTables::Parse',
169	'force-install' => 1,
170	'client-mode-install' => 0,
171	'mod-dir' => 'IPTables-Parse'
172	},
173	{ 'module' => 'IPTables::ChainMgr',
174	'force-install' => 1,
175	'client-mode-install' => 0,
176	'mod-dir' => 'IPTables-ChainMgr'
177	}
178	);
179
180	my %cmds = (
181	'make' => $makeCmd,
182	'perl' => $perlCmd,
183	'gzip' => $gzipCmd,
184	'killall' => $killallCmd,
185	'mknod' => $mknodCmd,
186	'ifconfig' => $ifconfigCmd,
187	);
188
189	my @cmd_search_paths = qw(
190	/bin
191	/sbin
192	/usr/bin
193	/usr/sbin
194	/usr/local/bin
195	/usr/local/sbin
196	);
197
198	### for user answers
199	my $ACCEPT_YES_DEFAULT = 1;
200	my $ACCEPT_NO_DEFAULT = 2;
201	my $NO_ANS_DEFAULT = 0;
202
203	### make Getopts case sensitive
204	Getopt::Long::Configure('no_ignore_case');
205
206	&usage(1) unless (GetOptions(
207	'force-mod-install' => \$cmdline_force_install, ### force install of all modules
208	'Force-mod-regex=s' => \$force_install_re, ### force specific mod install with regex
209	'Skip-mod-install' => \$skip_module_install,
210	'OS-type=s' => \$cmdline_os_type,
211	'Cygwin-install' => \$cygwin_install,
212	'BSD-install' => \$bsd_install,
213	'Defaults' => \$force_defaults,
214	'client-only' => \$client_install, # Force client-only installation
215	'path-update' => \$force_path_update,
216	'uninstall' => \$uninstall, # Uninstall fwknop.
217	'syslog-conf=s' => \$syslog_conf, # Specify path to syslog config file.
218	'interface=s' => \$sniff_interface, # Specify interface to sniff from
219	'LANG=s' => \$lang_env,
220	'no-LANG' => \$no_lang_env,
221	'help' => \$print_help # Display help.
222	));
223	&usage(0) if $print_help;
224
225	### set LANG env variable
226	$ENV{'LANG'} = $lang_env unless $no_lang_env;
227
228	&handle_cmd_line();
229
230	### import paths from default fwknopd.conf
231	&import_config();
232
233	### check to see if we are installing as a non-root user
234	&check_non_root_user() unless $client_install;
235
236	if ($client_install) {
237
238	### we are installing as a normal user instead of root, so see
239	### if it is ok to install within the user's home directory
240	$homedir = '';
241	if ($config_homedir) {
242	$homedir = $config_homedir;
243	} else {
244	$homedir = $ENV{'HOME'} or die *'[] Could not get home '**,
245	"directory, set the $config_homedir var.";
246	}
247
248	print
249	" The fwknop client will be installed at $homedir/bin/fwknop, and a few\n",
250	" perl modules needed by fwknop will be installed in $homedir/lib/fwknop/.\n\n",
251
252	$config{'FWKNOP_MOD_DIR'} = "$homedir/lib/fwknop";
253	$USRBIN_DIR = "$homedir/bin";
254	}
255
256	### get the OS type
257	&get_os() unless $os_type;
258
259	if ($os_type == $OS_LINUX) {
260	print "[+] OS: Linux\n";
261	} elsif ($os_type == $OS_CYGWIN) {
262	print "[+] OS: Cygwin\n";
263	} elsif ($os_type == $OS_DARWIN) {
264	print "[+] OS: Darwin\n";
265	} elsif ($os_type == $OS_BSD) {
266	print "[+] OS: BSD\n";
267	}
268
269	if ($os_type == $OS_LINUX) {
270
271	$distro = &get_linux_distro();
272
273	if ($distro eq 'redhat' or $distro eq 'fedora') {
274	### add chkconfig only if we are runing on a redhat distro
275	$cmds{'chkconfig'} = $chkconfigCmd;
276	} elsif ($distro eq 'gentoo') {
277	### add rc-update if we are running on a gentoo distro
278	$cmds{'rc-update'} = $rcupdateCmd;
279	}
280	}
281
282	### make sure the system binaries are where we expect
283	### them to be.
284	&check_commands();
285
286	my $hostname = hostname();
287
288	my $src_dir = getcwd() or die *"[] Could not get current working directory."**;
289
290	if (not $uninstall) {
291	&install();
292	} else {
293	&uninstall();
294	}
295	exit 0;
296	#======================= end main ==========================
297
298	sub install() {
299	print "[+] Installing fwknop on $hostname\n";
300
301	my $preserve_rv = 0;
302	unless ($client_install) {
303	if (&ask_to_stop_fwknop()) {
304	&stop_fwknop();
305	}
306
307	for my $dir qw\| /usr/lib /var/run /var/log /var/lib \| {
308	unless (-d $dir) {
309	mkdir $dir or die *"[] Could not mkdir $dir: $!"**;
310	}
311	}
312	unless (-d $USRSBIN_DIR) {
313	mkdir $USRSBIN_DIR or die *"[] Could not mkdir $USRSBIN_DIR: $!"**;
314	}
315	for my $dir qw/FWKNOP_RUN_DIR FWKNOP_LIB_DIR FWKNOP_MOD_DIR/ {
316	unless (-d $config{$dir}) {
317	mkdir $config{$dir} or
318	die *"[] Could not mkdir $config{$dir}: $!"**;
319	}
320	}
321	}
322	unless (-d $USRBIN_DIR) {
323	print "[+] Creating: $USRBIN_DIR\n";
324	mkdir $USRBIN_DIR or die *"[] Could not mkdir $USRBIN_DIR: $!"**;
325	}
326
327	### config directory
328	unless ($client_install) {
329	if (-d $config{'FWKNOP_CONF_DIR'}) {
330	print "[-] Config directory ",
331	"$config{'FWKNOP_CONF_DIR'} already exists.\n";
332	} else {
333	### Note that root will only be able to view files in
334	### /etc/fwknop since fwknop only needs to view fwknop.conf
335	### when being run as a daemon.
336	print "[+] Creating config directory: ",
337	"$config{'FWKNOP_CONF_DIR'}\n";
338	mkdir $config{'FWKNOP_CONF_DIR'}, 0500
339	or die *"[] Could not mkdir $config{'FWKNOP_CONF_DIR'}: $!"**;
340	}
341
342	if (-d $config{'FWKNOP_DIR'}) {
343	print "[-] Cache directory $config{'FWKNOP_DIR'} already exists.\n";
344	} else {
345	print "[+] Creating cache directory: $config{'FWKNOP_DIR'}\n";
346	mkdir $config{'FWKNOP_DIR'}, 0500
347	or die *"[] Could not mkdir $config{'FWKNOP_DIR'}: $!"**;
348	}
349
350	### archive directory for previously installed config files
351	if (-d "$config{'FWKNOP_CONF_DIR'}/archive") {
352	print "[-] Archive directory ",
353	"$config{'FWKNOP_CONF_DIR'}/archive already exists.\n";
354	} else {
355	print "[+] Creating config{'FWKNOP_CONF_DIR'}/archive ",
356	"directory: $config{'FWKNOP_CONF_DIR'}/archive\n";
357	mkdir "$config{'FWKNOP_CONF_DIR'}/archive", 0500 or die
358	*"[] Could not mkdir $config{'FWKNOP_CONF_DIR'}/archive: $!"**;
359	}
360	}
361
362	print "[+] Several perl modules needed by fwknop will be installed in\n",
363	" $config{'FWKNOP_MOD_DIR'}. Installing them here will keep the ",
364	"system perl\n library tree clean.\n";
365
366	### make our library directory (for perl modules)
367	if ($client_install) {
368	if (-d "$homedir/lib") {
369	print "[-] Directory $homedir/lib already exists.\n";
370	} else {
371	print "[+] Creating directory $homedir/lib\n";
372	mkdir "$homedir/lib", 0755
373	or die *"[] Could not mkdir $homedir/lib: $!"**;
374	}
375	}
376	if (-d $config{'FWKNOP_MOD_DIR'}) {
377	print "[-] Lib directory $config{'FWKNOP_MOD_DIR'} already exists.\n";
378	} else {
379	print "[+] Creating directory $config{'FWKNOP_MOD_DIR'}\n";
380	mkdir $config{'FWKNOP_MOD_DIR'}, 0755
381	or die *"[] Could not mkdir $config{'FWKNOP_MOD_DIR'}: $!"**;
382	}
383
384	### install perl modules
385	unless ($skip_module_install) {
386	for my $mod_href (@required_perl_modules) {
387	&install_perl_module($mod_href);
388	}
389	}
390
391	### special case the NetPacket::<proto> modules since the NetPacket
392	### directory is just for the base class, and we need to make sure
393	### we have each of the NetPacket::IP, NetPacket::ICMP, NetPacket::UDP,
394	### and NetPacket::TCP modules.
395	unless ($skip_module_install or $client_install) {
396	chdir 'NetPacket' or die *"[] Could not chdir NetPacket directory: $!"**;
397	unless (-e 'Makefile.PL') {
398	die *"[] Your NetPacket source directory appears to be incomplete!\n"**,
399	" Download the latest sources from ",
400	"http://www.cipherdyne.org\n";
401	}
402	system "$cmds{'make'} clean" if -e 'Makefile';
403	system "$cmds{'perl'} Makefile.PL PREFIX=$config{'FWKNOP_MOD_DIR'} " .
404	"LIB=$config{'FWKNOP_MOD_DIR'}";
405	system $cmds{'make'};
406	# system "$cmds{'make'} test";
407	system "$cmds{'make'} install";
408	chdir $src_dir or die *"[] Could not chdir $src_dir: $!"**;
409	}
410
411	unless ($client_install) {
412
413	### install man pages
414	&install_manpage('knopmd.8');
415	&install_manpage('knopwatchd.8');
416	&install_manpage('fwknop.8');
417	&install_manpage('fwknopd.8');
418
419	if (-e "$config{'FWKNOP_CONF_DIR'}/fwknop.conf") {
420	$preserve_rv = &query_preserve_config();
421	}
422
423	print "[+] Compiling knopmd and knopwatchd daemons:\n";
424
425	### remove any previously compiled knopmd
426	unlink 'knopmd' if -e 'knopmd';
427
428	### remove any previously compiled knopwatchd
429	unlink 'knopwatchd' if -e 'knopwatchd';
430
431	### compile the C fwknop daemons
432	system $cmds{'make'};
433
434	unless (-e 'knopmd' and -e 'knopwatchd') {
435	die *"[] Compilation failed."**;
436	}
437
438	### install fwknop server-side daemons/programs
439	for my $daemon qw(fwknopd knopmd knopwatchd knoptm fwknop_serv) {
440	if ($daemon eq 'fwknopd' or $daemon eq 'knoptm') {
441	unless (((system "$cmds{'perl'} -c $daemon")>>8) == 0) {
442	die *"[] $daemon does not compile with \"perl -c\". "**,
443	"Download the latest sources ",
444	"from:\n\nhttp://www.cipherdyne.org/\n";
445	}
446	}
447	print "[+] Copying $daemon -> $USRSBIN_DIR\n";
448	copy $daemon, $USRSBIN_DIR or
449	die *"[] Could not cp $daemon to $USRSBIN_DIR: $!"**;
450	chmod 0500, "$USRSBIN_DIR/$daemon" or
451	die *"[] Could not chmod 500 $USRSBIN_DIR/$daemon: $!"**;
452	}
453	}
454
455	print "[+] Copying fwknop -> $USRBIN_DIR\n";
456	copy 'fwknop', $USRBIN_DIR or
457	die *"[] Could not cp fwknop to $USRBIN_DIR: $!"**;
458
459	if ($client_install) {
460	open F, "< $USRBIN_DIR/fwknop" or die *"[] Could not open "**,
461	"$USRBIN_DIR/fwknop: $!";
462	my @lines = <F>;
463	close F;
464	open P, "> $USRBIN_DIR/fwknop.tmp" or die *"[] Could not open "**,
465	"$USRBIN_DIR/fwknop.tmp: $!";
466	for my $line (@lines) {
467	### change the lib dir to new homedir path
468	if ($line =~ m\|^\s*use\s+lib\s+\'/usr/lib/fwknop\';\|) {
469	print P "use lib '", $config{'FWKNOP_MOD_DIR'}, "';\n";
470	} else {
471	print P $line;
472	}
473	}
474	close P;
475	move "$USRBIN_DIR/fwknop.tmp", "$USRBIN_DIR/fwknop" or die *"[] Could "**,
476	"not move $USRBIN_DIR/fwknop.tmp -> $USRBIN_DIR/fwknop: $!";
477	chmod 0700, "$USRBIN_DIR/fwknop" or
478	die *"[] Could not chmod 755 $USRBIN_DIR/fwknop: $!"**;
479	} else {
480	chmod 0755, "$USRBIN_DIR/fwknop" or
481	die *"[] Could not chmod 755 $USRBIN_DIR/fwknop: $!"**;
482	}
483
484	unless (((system "$cmds{'perl'} -c $USRBIN_DIR/fwknop")>>8) == 0) {
485	die *"[] $USRBIN_DIR/fwknop does not compile with \"perl -c\". "**,
486	"Download the latest sources ",
487	"from:\n\nhttp://www.cipherdyne.org/\n";
488	}
489
490
491	if ($client_install) {
492	print
493	"\n[+] fwknop has been installed at $USRBIN_DIR/fwknop. Since this is a\n",
494	" client-only install, the man pages could not be installed. For more\n",
495	" information about how to use fwknop, execute \"$USRBIN_DIR/fwknop -h\" or\n",
496	" refer to:\n\n",
497	" http://www.cipherdyne.org/fwknop/docs/manpages/index.html\n\n";
498
499	} else {
500
501	### install config and access files
502	for my $file qw(fwknop.conf access.conf pf.os) {
503	if (-e "$config{'FWKNOP_CONF_DIR'}/$file") {
504	&archive("$config{'FWKNOP_CONF_DIR'}/$file");
505	if ($preserve_rv) {
506	if ($file eq 'access.conf') {
507	### access.conf can have missing fields (i.e.
508	### REQUIRE_OS_REGEX and REQUIRE_USERNAME),
509	### and also it can have multiple sequences
510	### defined. Hence we just use the old one.
511	print "[+] Using original access.conf\n";
512	} elsif ($file ne 'pf.os') {
513	&preserve_config($file);
514	}
515	} else {
516	print "[+] Copying $file -> $config{'FWKNOP_CONF_DIR'}\n";
517	copy $file, $config{'FWKNOP_CONF_DIR'} or
518	die *"[] Could not cp $file to $config{'FWKNOP_CONF_DIR'}"**;
519	}
520	} else {
521	print "[+] Copying $file -> $config{'FWKNOP_CONF_DIR'}\n";
522	copy $file, $config{'FWKNOP_CONF_DIR'} or
523	die *"[] Could not cp $file to $config{'FWKNOP_CONF_DIR'}"**;
524	}
525
526	if ($force_path_update or not $preserve_rv) {
527	&update_command_paths("$config{'FWKNOP_CONF_DIR'}/$file")
528	if ($file eq 'fwknop.conf');
529	}
530
531	if ($file eq 'fwknop.conf') {
532	&set_hostname("$config{'FWKNOP_CONF_DIR'}/$file");
533	}
534	chmod 0600, "$config{'FWKNOP_CONF_DIR'}/$file" or die
535	*"[] Could not chmod(600, $config{'FWKNOP_CONF_DIR'}/$file: $!"**;
536	chown 0, 0, "$config{'FWKNOP_CONF_DIR'}/$file" or die
537	*"[] Could not chown 0,0, $config{'FWKNOP_CONF_DIR'}/$file: $!"**;
538	}
539
540	### get data acquisition method (e.g. syslogd, sysylog-ng, ulogd
541	### or pcap)
542	$data_method = &query_data_method();
543
544	if ($data_method =~ /syslog/) {
545
546	### create the named pipe
547	unless (-e $config{'KNOPMD_FIFO'} and -p $config{'KNOPMD_FIFO'}) {
548	unlink $config{'KNOPMD_FIFO'} if -e $config{'KNOPMD_FIFO'};
549	print "[+] Creating named pipe $config{'KNOPMD_FIFO'}\n";
550	my $created_pipe = 1;
551	unless (((system "$cmds{'mknod'} -m 600 $config{'KNOPMD_FIFO'} p")>>8)
552	== 0) {
553	$created_pipe = 0;
554	}
555	unless (-e $config{'KNOPMD_FIFO'} and -p $config{'KNOPMD_FIFO'}) {
556	$created_pipe = 0;
557	}
558	unless ($created_pipe) {
559	die
560	*"[] Could not create the named pipe \"$config{'KNOPMD_FIFO'}\"!\n"**,
561	*"[] fwknop requires this file to exist! Aborting install.\n"**;
562	}
563	}
564
565	unless (-e "$config{'FW_DATA_FILE'}") {
566	print "[+] Creating $config{'FW_DATA_FILE'} file\n";
567	open F, "> $config{'FW_DATA_FILE'}" or die *"[] Could not open "**,
568	"$config{'FW_DATA_FILE'}: $!";
569	close F;
570	&perms_ownership("$config{'FW_DATA_FILE'}", 0600);
571	}
572
573	### we are acquiring data via syslog
574	&put_string('AUTH_MODE', 'KNOCK',
575	"$config{'FWKNOP_CONF_DIR'}/fwknop.conf");
576
577	if ($os_type == $OS_BSD or $os_type == $OS_DARWIN) {
578	### update to use the ipfw firewall on BSD systems*
579	&put_string('FIREWALL_TYPE', 'ipfw',
580	"$config{'FWKNOP_CONF_DIR'}/fwknop.conf");
581	}
582
583	&put_string('SYSLOG_DAEMON', $data_method,
584	"$config{'FWKNOP_CONF_DIR'}/fwknop.conf");
585
586	my $restarted_syslog = 0;
587	if ($data_method eq 'syslogd') {
588	if (-e $syslog_conf) {
589	&append_fifo_syslog($syslog_conf);
590	if (((system "$cmds{'killall'} -HUP syslogd " .
591	"2> /dev/null")>>8) == 0) {
592	print "[+] HUP signal sent to syslogd.\n";
593	$restarted_syslog = 1;
594	}
595	}
596	} elsif ($data_method eq 'syslog-ng') {
597	if (-e $syslog_conf) {
598	&append_fifo_syslog_ng($syslog_conf);
599	if (((system "$cmds{'killall'} -HUP syslog-ng " .
600	"2> /dev/null")>>8) == 0) {
601	print "[+] HUP signal sent to syslog-ng.\n";
602	$restarted_syslog = 1;
603	}
604	}
605	}
606
607	unless ($restarted_syslog) {
608	print "[-] Could not restart any syslog daemons.\n";
609	}
610	} elsif ($data_method =~ /pcap/i or $data_method =~ /ulog/i) {
611
612	if ($os_type == $OS_BSD or $os_type == $OS_DARWIN) {
613	### update to use the ipfw firewall on BSD systems*
614	&put_string('FIREWALL_TYPE', 'ipfw',
615	"$config{'FWKNOP_CONF_DIR'}/fwknop.conf");
616	}
617
618	### we are using a pcap method
619	if ($data_method eq 'ulogd' or $data_method eq 'file_pcap') {
620	print
621	"[+] By default, fwknop uses the file /var/log/sniff.pcap in order to\n",
622	" acquire packet data logged via a sniffer (or ulogd) to a pcap file,\n",
623	" but this path may be changed by altering the PCAP_PKT_FILE keyword\n",
624	" in $config{'FWKNOP_CONF_DIR'}/fwknop.conf.\n\n";
625
626	if ($data_method eq 'file_pcap') {
627	&put_string('AUTH_MODE', 'FILE_PCAP',
628	"$config{'FWKNOP_CONF_DIR'}/fwknop.conf");
629	} else {
630	&put_string('AUTH_MODE', 'ULOG_PCAP',
631	"$config{'FWKNOP_CONF_DIR'}/fwknop.conf");
632	}
633	} else {
634	unless ($sniff_interface) {
635	$sniff_interface = &get_pcap_intf();
636	}
637	if ($sniff_interface) {
638	&put_string('PCAP_INTF', $sniff_interface,
639	"$config{'FWKNOP_CONF_DIR'}/fwknop.conf");
640	} else {
641	print "[-] Could not get sniffing interface, edit the PCAP_INTF var in\n",
642	" config{'FWKNOP_CONF_DIR'}/fwknop.conf\n";
643	}
644	}
645	} else {
646	### it is a client-only install, so don't reconfigure syslog
647	### or anything.
648	}
649
650	unless ($preserve_rv) {
651	my $email_str = &query_email();
652	if ($email_str) {
653	for my $file qw(fwknop.conf) {
654	&put_string('EMAIL_ADDRESSES', $email_str,
655	"$config{'FWKNOP_CONF_DIR'}/$file");
656	}
657	}
658	}
659
660
661	if ($client_install) {
662	print "\n[+] fwknop has been installed!\n\n";
663	} else {
664
665	&get_init_dir();
666	if (-d $INIT_DIR) {
667	&enable_fwknop_at_boot($distro);
668	}
669
670	print "\n[+] fwknop has been installed!";
671
672	if ($os_type == $OS_LINUX) {
673	print " To start in server mode, run\n\n",
674	" \"$INIT_DIR/fwknop start\"\n\n";
675	} else {
676	print "\n\n";
677	}
678	print
679	" Note: You will need to edit $config{'FWKNOP_CONF_DIR'}/access.conf for fwknop to\n",
680	" function properly in server mode. More information can be found in\n",
681	" the fwknopd(8) manpage.\n\n";
682	if ($os_type == $OS_BSD or $os_type == $OS_DARWIN) {
683	print
684	" You may need to update your /etc/syslog.conf file to log local info\n",
685	" messages to a file in the /var/log/ directory in order to see syslog\n",
686	" messages from the fwknop daemons.\n\n";
687	}
688	}
689
690	}
691	return;
692	}
693
694	sub uninstall() {
695
696	print "[+] Uninstalling fwknop...\n";
697
698	### stop any running fwknop daemons.
699	&stop_fwknop();
700
701	### get the init directory
702	&get_init_dir();
703
704	for my $daemon qw(fwknopd knopmd knopwatchd knoptm fwknop_serv) {
705	unlink "$USRSBIN_DIR/$daemon" if -e "$USRSBIN_DIR/$daemon";
706	}
707	unlink "$USRBIN_DIR/fwknop" if -e "$USRBIN_DIR/fwknop";
708	unlink "$INIT_DIR/fwknop" if -e "$INIT_DIR/fwknop";
709	rmtree $config{'FWKNOP_CONF_DIR'}, 1, 1 if -d $config{'FWKNOP_CONF_DIR'};
710	rmtree $config{'FWKNOP_LIB_DIR'}, 1, 1 if -d $config{'FWKNOP_LIB_DIR'};
711	rmtree $config{'FWKNOP_MOD_DIR'}, 1, 1 if -d $config{'FWKNOP_MOD_DIR'};
712
713	return;
714	}
715
716	sub get_init_dir() {
717	return if $client_install;
718
719	if ($os_type == $OS_DARWIN) {
720
721	### Mac OS X init directory for user programs
722	$INIT_DIR = '/Library/StartupItems';
723	die *"[] The $INIT_DIR directory does not exist."**
724	unless -d $INIT_DIR;
725	return;
726	}
727
728	### accommodates Linux and BSD systems
729	unless (-d $INIT_DIR) {
730	if (-d '/etc/rc.d/init.d') {
731	$INIT_DIR = '/etc/rc.d/init.d';
732	} elsif (-d '/etc/rc.d') {
733	$INIT_DIR = '/etc/rc.d';
734	} elsif (-d '/etc/init.d') {
735	$INIT_DIR = '/etc/init.d';
736	} else {
737	die *"[] Cannot find the init script directory, edit "**,
738	"the \$INIT_DIR variable.\n";
739	}
740	}
741	return;
742	}
743
744	### check paths to commands and attempt to correct if any are wrong.
745	sub check_commands() {
746
747	return if $client_install;
748
749	if ($os_type == $OS_LINUX or $os_type == $OS_CYGWIN) {
750