#!/bin/bash # # Author: Damian Myerscough # Date: 19/09/2007 # Purpose: Download the latest kernel source, ChangeLog and signature file # and sort them into the appropriate directories. # ########################### INSTALLATION NOTES ############################# # ** GPG IS REQUIRED ** # # Download the kernels gpg key (http://www.kernel.org/signature.html) # ############################################################################ export PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games # Path to store the kernel source ROOT_DIR=/home/damian/Desktop/kernel # Proxy Settings. If you are not using a proxy comment this out. Proxy=10.0.0.4:81 export http_proxy=$Proxy ftp_proxy=$Proxy HTTP_PROXY=$Proxy FTP_PROXY=$Proxy # Email addresses to be seperated with a comma (,) ADMIN=Damian.Myerscough@example.net # Available kernels URL0=http://www.kernel.org/pub/linux/kernel/v2.6 URL1=http://www.kernel.org/pub/linux/kernel/v2.4 URL2=http://www.kernel.org/pub/linux/kernel/v2.2 # Latest kernel banner ** DON'T MODIFY ** KERNEL_BANNER=http://www.kernel.org/kdist/finger_banner TEMP_FILE=$( mktemp ) # Check to make sure we get the kernel banner before attempting anything if [ $( wget -q $KERNEL_BANNER -O $TEMP_FILE ; echo $? ) -eq 1 ]; then echo "[-] Unable to receive kernel banner" exit -1; fi; # Check to make sure the kernel banner was saved successfully if [ -e $TEMP_FILE ]; then # Check to see if the kernel tree exsits if [ ! -d $ROOT_DIR ]; then mkdir $ROOT_DIR fi; # Get the latest kernels 2.6, 2.4 and 2.2 LATEST_KERNEL=$( grep -i "The latest stable version" $TEMP_FILE | awk -F: '{ print $2 }' | sed -e 's/ //g' ) LATEST_24_KERNEL=$( grep -i "The latest 2.4" $TEMP_FILE | awk -F: '{ print $2 }' | sed -e 's/ //g' ) LATEST_22_KERNEL=$( grep -i "The latest 2.2" $TEMP_FILE | awk -F: '{ print $2 }' | sed -e 's/ //g' ) # Create the appropriate directories if [ ! -d $ROOT_DIR"/"$LATEST_KERNEL ]; then mkdir $ROOT_DIR"/"$LATEST_KERNEL # Check to see if we have the latest version of the 2.6.x kernel if [ ! -e $ROOT_DIR"/"$LATEST_KERNEL"/linux-"$LATEST_KERNEL".tar.bz2" -o ! -e $ROOT_DIR"/"$LATEST_KERNEL"/ChangeLog-"$LATEST_KERNEL ]; then # Download the actual source code wget -q $URL0"/linux-"$LATEST_KERNEL".tar.bz2" -O $ROOT_DIR"/"$LATEST_KERNEL"/linux-"$LATEST_KERNEL".tar.bz2" # Download the Change logs wget -q $URL0"/ChangeLog-"$LATEST_KERNEL -O $ROOT_DIR"/"$LATEST_KERNEL"/ChangeLog-"$LATEST_KERNEL # Download source signature file wget -q $URL0"/linux-"$LATEST_KERNEL".tar.bz2.sign" -O $ROOT_DIR"/"$LATEST_KERNEL"/linux-"$LATEST_KERNEL".tar.bz2.sign" if [ $( gpg --verify $ROOT_DIR"/"$LATEST_KERNEL"/linux-"$LATEST_KERNEL".tar.bz2.sign" $ROOT_DIR"/"$LATEST_KERNEL"/linux-"$LATEST_KERNEL".tar.bz2" ; echo $? ) -eq 1 ]; then echo "The" $LATEST_KERNEL " kernel failed against a signature check" | mail $ADMIN -s "** ALERT ** KERNEL $LATEST_KERNEL HAS BEEN TAMPERED WITH ** ALERT **" # Delete bad source rm -rf $ROOT_DIR"/"$LATEST_KERNEL else echo "New" $LATEST_KERNEL "kernel added, signature successful" | mail $ADMIN -s "New $LATEST_KERNEL kernel downloaded" fi; fi; fi; if [ ! -d $ROOT_DIR"/"$LATEST_24_KERNEL ]; then mkdir $ROOT_DIR"/"$LATEST_24_KERNEL # Check to see if we have the latest version of the 2.4.x kernel if [ ! -e $ROOT_DIR"/"$LATEST_24_KERNEL"/linux-"$LATEST_24_KERNEL".tar.bz2" -o ! -e $ROOT_DIR"/"$LATEST_24_KERNEL"/ChangeLog-"$LATEST_24_KERNEL ]; then # Download the actual source code wget -q $URL1"/linux-"$LATEST_24_KERNEL".tar.bz2" -O $ROOT_DIR"/"$LATEST_24_KERNEL"/linux-"$LATEST_24_KERNEL".tar.bz2" # Download the Change logs wget -q $URL1"/ChangeLog-"$LATEST_24_KERNEL -O $ROOT_DIR"/"$LATEST_24_KERNEL"/ChangeLog-"$LATEST_24_KERNEL # Donload source signature file wget -q $URL1"/linux-"$LATEST_24_KERNEL".tar.bz2.sign" -O $ROOT_DIR"/"$LATEST_24_KERNEL"/linux-"$LATEST_24_KERNEL".tar.bz2.sign" if [ $( gpg --verify $ROOT_DIR"/"$LATEST_24_KERNEL"/linux-"$LATEST_24_KERNEL".tar.bz2.sign" $ROOT_DIR"/"$LATEST_24_KERNEL"/linux-"$LATEST_24_KERNEL".tar.bz2" ; echo $? ) -eq 1 ]; then echo "The" $LATEST_24_KERNEL " kernel failed against a signature check" | mail $ADMIN -s "** ALERT ** KERNEL $LATEST_24_KERNEL HAS BEEN TAMPERED WITH ** ALERT **" # Delete Bad source rm -rf $ROOT_DIR"/"$LATEST_24_KERNEL else echo "New" $LATEST_24_KERNEL "kernel added, signature successful" | mail $ADMIN -s "New $LATEST_24_KERNEL kernel downloaded" fi; fi; fi; if [ ! -d $ROOT_DIR"/"$LATEST_22_KERNEL ]; then mkdir $ROOT_DIR"/"$LATEST_22_KERNEL # Check to see if we have the latest version of the 2.2.x kernel if [ ! -e $ROOT_DIR"/"$LATEST_22_KERNEL"/linux-"$LATEST_22_KERNEL".tar.bz2" -o ! -e $ROOT_DIR"/"$LATEST_22_KERNEL"/ChangeLog-"$LATEST_22_KERNEL ]; then # Download the actual source code wget -q $URL2"/linux-"$LATEST_22_KERNEL".tar.bz2" -O $ROOT_DIR"/"$LATEST_22_KERNEL"/linux-"$LATEST_22_KERNEL".tar.bz2" # Download the change logs wget -q $URL2"/ChangeLog-"$LATEST_22_KERNEL -O $ROOT_DIR"/"$LATEST_22_KERNEL"/ChangeLog-"$LATEST_22_KERNEL # Download source signature file wget -q $URL2"/linux-"$LATEST_22_KERNEL".tar.bz2" -O $ROOT_DIR"/"$LATEST_22_KERNEL"/linux-"$LATEST_22_KERNEL".tar.bz2.sign" if [ $( gpg --verify $ROOT_DIR"/"$LATEST_22_KERNEL"/linux-"$LATEST_22_KERNEL".tar.bz2.sign" $ROOT_DIR"/"$LATEST_22_KERNEL"/linux-"$LATEST_22_KERNEL".tar.bz2" ; echo $? ) -eq 1 ]; then echo "The" $LATEST_22_KERNEL " kernel failed against a signature check" | mail $ADMIN -s "** ALERT ** KERNEL $LATEST_22_KERNEL HAS BEEN TAMPERED WITH ** ALERT **" # Delete bad source rm -rf $ROOT_DIR"/"$LATEST_22_KERNEL else echo "New" $LATEST_22_KERNEL "kernel added, signature successful" | mail $ADMIN -s "New $LATEST_22_KERNEL kernel downloaded" fi; fi; fi; else echo "[-] Kernel banner did NOT exist" exit -1; fi; # Clean up the kernel text file unlink $TEMP_FILE