#!/bin/sh 
#
# /secure/tripwire/init_all                        Sean Boran, 11.Jan.2001
#
# Function: Initialise all remote Free Tripwire DB's and
#           the local (commercial) DB.
#
# By default, all tripwire clients, but not the master, are initialised.


##---------- initialise variables -------
ssh='ssh -x';
scp='scp -q';
arg1="$1";
arg2="$2";
errs=$0.err.$$;
interactive='FALSE';
init_master='FALSE';
init_clients='TRUE';
USAGE="USAGE: $0  [-q {quick init} ]  [-m {master only} | -all | -c {client only} | -help]   [-i {interactive}]  ";

## We expect only one argument, check that is is acceptable
if [ $# = 0 ] ; then
  ## No arguments, let's be interactive
  interactive='TRUE';
elif [ $# > 0 ] ; then
  if   [ "$arg1" = "-m" ]           ; then init_master='TRUE';init_clients='FALSE';
  elif [ "$arg1" = "-q" ]           ; then quick=".quick"; interactive='TRUE';
  elif [ "$arg1" = "-c" ]           ; then init_master='FALSE';init_clients='TRUE';
  elif [ "$arg1" = "-a" ]           ; then init_master='TRUE';init_clients='TRUE';
  elif [ "$arg1" = "-all" ]         ; then init_master='TRUE';init_clients='TRUE';
  elif [ "$arg1" = "-help" ]        ; then echo $USAGE; exit 1;
  elif [ "$arg1" = "-h" ]           ; then echo $USAGE; exit 1;
  else                                     echo $USAGE; exit 1;
  fi
fi
if [ $# = 2 ] ; then
  if [ "$arg1" = "-i" ]             ; then interactive='TRUE';       fi;
fi

## read in settings from config file
config="/secure/secure.conf"
group=`uname -n`
tool="tripwire${quick}"
# Free Tripwire clients
targets=`awk -F: '{if ($1==g && $2==t) print $3}' g=$group t=$tool $config`
# notification
user=`      awk -F: '{if ($1==g && $2==t) print $4}' g=$group t=$tool $config`
workdir="/secure/tripwire${quick}";
tw1="/secure/tripwire/trip_host.sh -init${quick}";

## Give the user some more explanations and help
if [ "$interactive" = "TRUE" ] ; then
  echo "  "
  echo "This script will allow you to re-initiaise tripwire:"
  if [ "$init_master" = "TRUE" ] ; then
    echo "- the local (commercial) tripwire master"
  fi
  if [ "$init_clients" = "TRUE" ] ; then
    echo "- the remote clients ($targets) with free tripwire"
    echo "    Note: if you are in a hurry, you can initialise all the remotes"
    echo "    in parallel by manually doing something like:"
    echo "    $tw1 HOSTNAME"
  fi
  echo "  "
  echo "To continue, press any key, or Control-C to abort...\c"
  stty -echo
  read pass;
  echo " ";
  stty echo
fi

if [ "$init_master" = "TRUE" ] ; then
  echo "To initialise this master tripwire DB, I need a passphrase: \c"
  stty -echo
  read pass;
  echo " ";
  stty echo
fi

if [ "$init_clients" = "TRUE" ] ; then
  # free tripwire version
  for host in $targets; do
    echo "Initialise $host, started at: \c"
    date
    $tw1 $host 2>$errs
    ## Inform of all errors except missing files (since we
    ## a general config for several machines)
    if [ -f $errs ] ; then cat $errs |egrep -v "No such file"; rm $errs; fi
  done
  date
fi

if [ "$init_master" = "TRUE" ] ; then
  # comercial tripwire version for master
  echo "\nNow initialise localhost.";
    expect -f - <<EOF
spawn $workdir/tripwire --init --quiet
log_user 0
expect "Please enter your local passphrase: could not set no echo mode";
send_user "calling tripwire...";
send "$pass\n";
expect "Exiting...";
set timeout -1;
expect;
send_user "done at ";
EOF
  date
fi

##---------- functions -------
check_err () {
    if [ $* -ne 0 ] ; then
        echo "SCRIPT ABORTED: error received."
        exit 1;
    fi
}