<?php
/*
PTK - DFLabs
Copyright (C) 2008 - DFLabs srl - All rights reserved
hide@address.com
*/
// Report all errors except E_NOTICE
// This is the default value set in php.ini
error_reporting (E_ALL ^ E_NOTICE);
require('lib/sql_parse.php');
include('lib/sanitize.php');
// ---------------------------- TEST PREREQUIRED --------------------------- //
function test_ptk_tool()
{
global $errors, $DFLT;
$md5 = shell_exec("which md5sum");
$md5 = preg_replace("/\n/", "", $md5);
$sha1 = shell_exec("which sha1sum");
$sha1 = preg_replace("/\n/", "", $sha1);
$fsstat = shell_exec("which fsstat");
$fsstat = preg_replace("/\n/", "", $fsstat);
$mmls = shell_exec("which mmls");
$mmls = preg_replace("/\n/", "", $mmls);
$fls = shell_exec("which fls");
$fls = preg_replace("/\n/", "", $fls);
$istat = shell_exec("which istat");
$istat = preg_replace("/\n/", "", $istat);
$ils = shell_exec("which ils");
$ils = preg_replace("/\n/", "", $ils);
$icat = shell_exec("which icat");
$icat = preg_replace("/\n/", "", $icat);
$ifind = shell_exec("which ifind");
$ifind = preg_replace("/\n/", "", $ifind);
$mactime = shell_exec("which mactime");
$mactime = preg_replace("/\n/", "", $mactime);
$srch_strings = shell_exec("which srch_strings");
$srch_strings = preg_replace("/\n/", "", $srch_strings);
$hexdump = shell_exec("which hexdump");
$hexdump = preg_replace("/\n/", "", $hexdump);
$date = shell_exec("which date");
$date = preg_replace("/\n/", "", $date);
$ls = shell_exec("which ls");
$ls = preg_replace("/\n/", "", $ls);
$file = shell_exec("which file");
$file = preg_replace("/\n/", "", $file);
$du = shell_exec("which du");
$du = preg_replace("/\n/", "", $du);
$cp = shell_exec("which cp");
$cp = preg_replace("/\n/", "", $cp);
$ln = shell_exec("which ln");
$ln = preg_replace("/\n/", "", $ln);
$grep = shell_exec("which grep");
$grep = preg_replace("/\n/", "", $grep);
$dls = shell_exec("which blkls");
$dls = preg_replace("/\n/", "", $dls);
$dcat = shell_exec("which blkcat");
$dcat = preg_replace("/\n/", "", $dcat);
if ($md5 === ''){$errors .='<div id="box_error">md5 not found</div>';};
if ($sha1 === ''){$errors .='<div id="box_error">sha1 not found</div>';};
if ($fsstat === ''){$errors .='<div id="box_error">fsstat not found</div>';};
if ($mmls === ''){$errors .='<div id="box_error">mmls not found</div>';};
if ($fls === ''){$errors .='<div id="box_error">fls not found</div>';};
if ($istat === ''){$errors .='<div id="box_error">istat not found</div>';};
if ($ils === ''){$errors .='<div id="box_error">ils not found</div>';};
if ($icat === ''){$errors .='<div id="box_error">icat not found</div>';};
if ($ifind === ''){$errors .='<div id="box_error">ifind not found</div>';};
if ($mactime === ''){$errors .='<div id="box_error">mactime not found</div>';};
if ($srch_strings === ''){$errors .='<div id="box_error">srch_strings not found</div>';};
if ($hexdump === ''){$errors .='<div id="box_error">hexdump not found</div>';};
if ($date === ''){$errors .='<div id="box_error">date not found</div>';};
if ($ls === ''){$errors .='<div id="box_error">ls not found</div>';};
if ($file === ''){$errors .='<div id="box_error">file not found</div>';};
if ($du === ''){$errors .='<div id="box_error">du not found</div>';};
if ($cp === ''){$errors .='<div id="box_error">cp not found</div>';};
if ($ln === ''){$errors .='<div id="box_error">ln not found</div>';};
if ($grep === ''){$errors .='<div id="box_error">grep not found</div>';};
if ($dls === ''){$errors .='<div id="box_error">blkls not found</div>';};
if ($dcat === ''){$errors .='<div id="box_error">blkcat not found</div>';};
if ($fls !== ''){
$command = $fls ." \-V";
$txt = shell_exec("$command 2>&1");
if (preg_match("/ver\s3/", $txt) == 0){
$errors .='<div id="box_error">You have to update The Sleuth kit version to 3.0.0</div>';
};
};
if ($fls === '' || $mls === '' || $fsstat === ''){$errors ='<div id="box_error">Check if sleuthkit is installed</div>' . $errors;};
}
function test_ptk_folder()
{
global $errors, $DFLT;
// include must be writable to create config file
if (! is_dir($DFLT['ptk_c'])) {
$errors .= "<div id=\"box_error\">A subdirectory called '{$DFLT['ptk_c']}' should normally exist in the directory. The installer can't find this directory. Check that you have uploaded all PTK files to your server.</div>";
} elseif (! is_writable($DFLT['ptk_c'])) {
$errors .= "<div id=\"box_error\">The '{$DFLT['ptk_c']}' directory should be writable in order to save your configuration. Use your FTP program to change its mode to 777.</div>";
}
// albums must be writable to upload pictures
if (! is_dir($DFLT['ptk_i'])) {
$errors .= "<div id=\"box_error\">A subdirectory called '{$DFLT['ptk_i']}' should normally exist in the directory. The installer can't find this directory. Check that you have uploaded all PTK files to your server.</div>";
} elseif (! is_writable($DFLT['ptk_i'])) {
$errors .= "<div id=\"box_error\">The '{$DFLT['ptk_i']}' directory should be writable in order to save your images. Use your FTP program to change its mode to 777.</div>";
}
if (! is_dir($DFLT['ptk_l'])) {
$errors .= "<div id=\"box_error\">A subdirectory called '{$DFLT['ptk_l']}' should normally exist in the directory. The installer can't find this directory. Check that you have uploaded all PTK files to your server.</div>";
} elseif (! is_writable($DFLT['ptk_l'])) {
$errors .= "<div id=\"box_error\">The '{$DFLT['ptk_l']}' directory should be writable in order to save ptk log. Use your FTP program to change its mode to 777.</div>";
}
// edit must be writable to edit pictures
if (! is_dir($DFLT['ptk_t'])) {
$errors .= "<div id=\"box_error\">A subdirectory called '{$DFLT['ptk_t']}' should normally exist in the directory. The installer can't find this directory. Check that you have uploaded all PTK files to your server.</div>";
} elseif (! is_writable($DFLT['ptk_t'])) {
$errors .= "<div id=\"box_error\">The '{$DFLT['ptk_t']}' directory should be writable in order to write temporary data. Use your FTP program to change its mode to 777.</div>";
}
if (! is_dir($DFLT['ptk_f'])) {
$errors .= "<div id=\"box_error\">A subdirectory called '{$DFLT['ptk_f']}' should normally exist in the directory. The installer can't find this directory. Check that you have uploaded all PTK files to your server.</div>";
} elseif (! is_writable($DFLT['ptk_f'])) {
$errors .= "<div id=\"box_error\">The '{$DFLT['ptk_f']}' directory should be writable in order to write temporary data. Use your FTP program to change its mode to 777.</div>";
}
if (! is_dir($DFLT['ptk_r'])) {
$errors .= "<div id=\"box_error\">A subdirectory called '{$DFLT['ptk_r']}' should normally exist in the directory. The installer can't find this directory. Check that you have uploaded all PTK files to your server.</div>";
} elseif (! is_writable($DFLT['ptk_r'])) {
$errors .= "<div id=\"box_error\">The '{$DFLT['ptk_r']}' directory should be writable in order to write temporary data. Use your FTP program to change its mode to 777.</div>";
}
// sql directory must exist
if (! is_dir("{$DFLT['ptk_s']}")) {
$errors .= "<div id=\"box_error\">A subdirectory called '{$DFLT['ptk_s']}' should normally exist in the directory. The installer can't find this directory. Check that you have uploaded all PTK files to your server.</div>";
}
}
// ----------------------------- TEST FUNCTIONS ---------------------------- //
function test_sql_connection()
{
global $errors;
if (!function_exists('mysql_connect')){
$errors .= "<div id=\"box_error\">PHP does not have MySQL support enabled.</div>";
} elseif (! $connect_id = @mysql_connect($_POST['db_server'], $_POST['db_user'], $_POST['db_pass'])) {
$errors .= "<div id=\"box_error\">Could not create a MySQL connection, please check the SQL values entered<br /><br />MySQL error was : " . mysql_error() . "</div>";
}
}
function test_mysql_ptk_value()
{
global $errors;
if ($_POST['mysql_ptk_username'] == '' || $_POST['mysql_ptk_password'] == '')
$errors .= "<div id=\"box_warning\">It is much better for you to provide a 'username' and a 'password' for the MySQL PTK user.</div>";
if (!preg_match('/\A\w*\Z/', $_POST['mysql_ptk_username']) || !preg_match('/\A\w*\Z/', $_POST['mysql_ptk_password']))
$errors .= "<div id=\"box_warning\">MySQL PTK username and password must only contain alphanumeric characters.</div>";
}
function test_ptk_admin_value()
{
global $errors;
if ($_POST['ptk_admin_password'] == '')
$errors .= "<div id=\"box_warning\">It is much better for you to provide a 'username' and a 'password' for the PTK admin user.</div>";
if (!preg_match('/\A\w*\Z/', $_POST['ptk_admin_password']))
$errors .= "<div id=\"box_warning\">Admin PTK username and password must only contain alphanumeric characters.</div>";
}
// ------------------------- HTML OUTPUT FUNCTIONS ------------------------- //
function html_header()
{
?>
<html>
<head>
<title>PTK</title>
<link rel='stylesheet' href='css/installer.css' type='text/css'>
</head>
<body style="vertical-align: middle">
<div id="general_header">
<?php
}
function html_logo()
{
?>
<table width="100%" border="0" cellpadding="0" cellspacing="1">
<tr>
<td valign="top" style="background-color:#EFEFEF"><img src="img/ptk_logo_small.png" border="0" alt="" /><br />
</td>
</tr>
</table>
<?php
}
function html_installer_locked()
{
global $DFLT;
?>
<form action="index.php" method="post" style="margin:0px;padding:0px">
<div id="box_warning">The installer is locked<br />
The installer has already been run successfuly once and is now locked.
</div>
<br />
<input type="submit" value="Go to the main page" />
</form>
<?php
}
function html_prereq_errors($error_msg)
{
$continue = isset($_REQUEST['continue_anyway']) ? '?continue_anyway=1' : '';
?>
<form action="install.php<?php echo $continue ?>" method="post" style="margin:0px;padding:0px">
<div id="box">
<div id="header">
<a class="img" href="http://ptk.dflabs.com" target="_blank"><img class="left" src="img/ptk_logo.png"></a>
<a class="img" href="http://www.dflabs.com" target="_blank"><img class="right" src="img/dflogo.gif"></a>
</div>
<div id="title"> Welcome to PTK installation </div></br>
<div id="intro_error">Before you continue with PTK installation, there are some problems that need to be fixed. Once you are done, hit the "Try again" button.</div>
</div>
<?php echo $error_msg?>
<br />
<input type="submit" value="Try again!"/>
</form>
<?php
}
function html_input_config($error_msg = '')
{
global $im_installed;
$continue = isset($_REQUEST['continue_anyway']) ? '?continue_anyway=1' : '';
?>
<div id="box">
<div id="header">
<a class="img" href="http://ptk.dflabs.com" target="_blank"><img class="left" src="img/ptk_logo.png"></a>
<a class="img" href="http://www.dflabs.com" target="_blank"><img class="right" src="img/dflogo.gif"></a>
</div>
<div id="title"> Welcome to PTK installation </div></br>
<?php
if ($error_msg) {?>
<div id="intro_error">Before you continue with PTK installation, there are some problems that need to be fixed. Once you are done, hit the "Try again" button.</div>
<?php } ?>
</div>
<form action="install.php<?php echo $continue ?>" method="post">
<?php
//<table width="100%" border="0" cellpadding="0" cellspacing="1">
if ($error_msg) {
?>
<?php echo $error_msg ?>
<?php
}
?>
<div id="box_form">
<div id="box_title">Your distribution</div>
<div id="def">This section requires information on your distribution.</div>
<div id="box_entry">
<div style="float:left"><b>Distribution: </b> </div> <select name="dist" style="float:right">
<option value="ubuntu">Ubuntu/Kubuntu</option>
<option value="centos">CentOS</option>
<option value="gentoo">Gentoo</option>
<option value="redhat">RedHat</option>
<option value="bsd">BSD</option></select><br/>
</div>
</div>
<div id="box_form">
<div id="box_title">Your MySQL configuration</div>
<div id="def">This section requires information on how to access your MySQL database.</div>
<div id="box_entry">
<div style="float:left"><b>Host:</b> (127.0.0.1 is usually ok)</div> <input type="text" name="db_server" style="float:right" value="127.0.0.1" /></br>
<div style="float:left"><b>Username:</b> (with GRANT option, root is usually ok) </div><input type="text" style="float:right" name="db_user" value="root" /></br>
<div style="float:left"><b>Password:</b> </div> <input type="password" style="float:right" name="db_pass" value="" /></br></div>
</div>
<div id="box_form">
<div id="box_title">MySQL PTK account</div>
<div id="def">This section requires information to create mysql user in order to access to ptk.</div>
<div id="box_entry">
<div style="float:left">MySQL PTK username: </div><input type="text" style="float:right" name="mysql_ptk_username" value="investigator" readonly/></br>
<div style="float:left"><b>Password:</b> </div><input type="password" style="float:right" name="mysql_ptk_password" value="" /></br>
</div>
</div>
<div id="box_form">
<div id="box_title">PTK admin account</div>
<div id="def">This section requires information to create ptk admin user in order to create case, add new images.</div>
<div id="box_entry">
<div style="float:left"><b>Admin username:</b> </div><input style="float:right" type="text" name="ptk_admin_username" value="admin" readonly/></br>
<div style="float:left">Admin name: </div><input style="float:right" type="text" name="ptk_admin_name" value="" /></br>
<div style="float:left">Admin surname: </div><input style="float:right" type="text" name="ptk_admin_surname" value="" /></br>
<div style="float:left">Admin email: </div><input style="float:right" type="text" name="ptk_admin_email" value="" /></br>
<div style="float:left"><b>Admin Password:</b> </div><input style="float:right" type="password" name="ptk_admin_password" value="" /></br>
</div>
</div>
<br />
<input type="submit" value="Configure !" />
</form>
<?php
}
function html_install_success($notes)
{
global $DFLT;
?>
<form action="index.php" style="margin:0px;padding:0px">
<div id="box_success">
Installation completed
<a href="index.php">PTK</a> is now properly configured and ready to work.</a>
</div>
<div id="box_success" style="font-size:11px;">
<?php
$img_cat_bin = shell_exec("which img_cat");
$img_cat_bin = preg_replace("/\n/", "", $img_cat_bin);
$command = $img_cat_bin ." \-i \list";
$txt = shell_exec("$command 2>&1") ;
$txt_s = explode ("\n", $txt);
foreach($txt_s as $a){
echo $a."<br />";
}
if (preg_match("/ewf/", "$txt")===0) {
echo "In order to add the support to the images ewf it is necessary to download and build the ewf libraries and re-build the sleuthkit again.<br />";
}
if (preg_match("/aff/", "$txt")===0) {
echo "In order to add the support to the images aff it is necessary to download and build the aff libraries and re-build the sleuthkit again.";
}
?>
</div>
<br />
<input type="submit" name="submitted" value="Let's continue !" />
</form>
<?php
}
function html_footer()
{
?>
</div>
</body>
</html>
<noscript><plaintext>
<?php
}
// ------------------------- SQL QUERIES TO CREATE TABLES ------------------ //
function create_tables()
{
global $errors, $DFLT;
$db_schema = "{$DFLT['ptk_s']}/schema.sql";
$sql_query = "GRANT SELECT, INSERT, UPDATE, DELETE, ALTER ON ptk.* TO 'investigator'@'localhost' IDENTIFIED BY '{$_POST['mysql_ptk_password']}';";
if (($sch_open = fopen($db_schema, 'r')) === FALSE){
$errors .= "<div id=\"box_error\">The file '$db_schema' could not be found. Check that you have uploaded all PTK files to your server</div>";
return;
} else {
$sql_query .= fread($sch_open, filesize($db_schema));
}
// Insert the admin account
$sql_query .= "DELETE FROM users where username=\"admin\";\n";
$name = sanitize(RemoveXSS($_POST['ptk_admin_name']),PARANOID);
$surname = sanitize(RemoveXSS($_POST['ptk_admin_surname']),PARANOID);
$email = sanitize(RemoveXSS($_POST['ptk_admin_email']),PARANOID);
$sql_query .= "INSERT INTO users(name,surname,mail1,username,password) VALUES('{$name}','{$surname}','{$email}','admin',SHA1('{$_POST['ptk_admin_password']}'));\n";
$sql_query = remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, ';');
foreach($sql_query as $q) {
if (! mysql_query($q)) {
$errors .= "mySQL Error: " . mysql_error() . " on query '$q'<br /><br />";
return;
}
}
}
// ---------------------- CONFIGURATION FILE TEMPLATE ---------------------- //
function build_ptk_configuration_file()
{
global $errors, $DFLT;
$md5 = shell_exec("which md5sum");
$md5 = preg_replace("/\n/", "", $md5);
$sha1 = shell_exec("which sha1sum");
$sha1 = preg_replace("/\n/", "", $sha1);
$fsstat = shell_exec("which fsstat");
$fsstat = preg_replace("/\n/", "", $fsstat);
$mmls = shell_exec("which mmls");
$mmls = preg_replace("/\n/", "", $mmls);
$fls = shell_exec("which fls");
$fls = preg_replace("/\n/", "", $fls);
$istat = shell_exec("which istat");
$istat = preg_replace("/\n/", "", $istat);
$ils = shell_exec("which ils");
$ils = preg_replace("/\n/", "", $ils);
$icat = shell_exec("which icat");
$icat = preg_replace("/\n/", "", $icat);
$ifind = shell_exec("which ifind");
$ifind = preg_replace("/\n/", "", $ifind);
$mactime = shell_exec("which mactime");
$mactime = preg_replace("/\n/", "", $mactime);
$srch_strings = shell_exec("which srch_strings");
$srch_strings = preg_replace("/\n/", "", $srch_strings);
$hexdump = shell_exec("which hexdump");
$hexdump = preg_replace("/\n/", "", $hexdump);
$date = shell_exec("which date");
$date = preg_replace("/\n/", "", $date);
$ls = shell_exec("which ls");
$ls = preg_replace("/\n/", "", $ls);
$file = shell_exec("which file");
$file = preg_replace("/\n/", "", $file);
$du = shell_exec("which du");
$du = preg_replace("/\n/", "", $du);
$cp = shell_exec("which cp");
$cp = preg_replace("/\n/", "", $cp);
$ln = shell_exec("which ln");
$ln = preg_replace("/\n/", "", $ln);
$grep = shell_exec("which grep");
$grep = preg_replace("/\n/", "", $grep);
$dls = shell_exec("which blkls");
$dls = preg_replace("/\n/", "", $dls);
$dcat = shell_exec("which blkcat");
$dcat = preg_replace("/\n/", "", $dcat);
$install_dir = realpath('.');
return <<<EOT
<?php
\$INSTALLDIR = "{$install_dir}";
\$DISTRO = "{$_POST['dist']}";
\$md5_bin = "{$md5}";
\$sha1_bin = "{$sha1}";
\$fsstat_bin = "{$fsstat}";
\$mmls_bin = "{$mmls}";
\$fls_bin = "{$fls}";
\$istat_bin = "{$istat}";
\$ils_bin = "{$ils}";
\$icat_bin = "{$icat}";
\$ifind_bin = "{$ifind}";
\$mactime_bin = "{$mactime}";
\$srch_strings_bin = "{$srch_strings}";
\$hexdump_bin = "{$hexdump}";
\$date_bin = "{$date}";
\$ls_bin = "{$ls}";
\$file_bin = "{$file}";
\$du_bin = "{$du}";
\$cp_bin = "{$cp}";
\$ln_bin = "{$ln}";
\$grep_bin = "{$grep}";
\$dls_bin = "{$dls}";
\$dcat_bin = "{$dcat}";
?>
|
installdir => '{$install_dir}/',
md5_bin => '{$md5}',
sha1_bin => '{$sha1}',
fsstat_bin => '{$fsstat}',
mmls_bin => '{$mmls}',
fls_bin => '{$fls}',
istat_bin => '{$istat}',
ils_bin => '{$ils}',
icat_bin => '{$icat}',
ifind_bin => '{$ifind}',
mactime_bin => '{$mactime}',
srch_strings_bin => '{$srch_strings}',
hexdump_bin => '{$hexdump}',
date_bin => '{$date}',
ls_bin => '{$ls}',
file_bin => '{$file}',
du_bin => '{$du}',
cp_bin => '{$cp}',
ln_bin => '{$ln}',
grep_bin => '{$grep}',
dls_bin => '{$dls}',
dcat_bin => '{$dcat}',
EOT;
}
function build_ptk_mysql_configuration_file()
{
global $errors, $DFLT;
return <<<EOT
<?php
\$db_host = "{$_POST['db_server']}";
\$db_user = "{$_POST['mysql_ptk_username']}";
\$db_password = "{$_POST['mysql_ptk_password']}";
\$db_name = "ptk";
?>
EOT;
}
function write_config_file()
{
global $errors, $DFLT;
$config = build_ptk_configuration_file();
$config = explode("|", $config);
@unlink($DFLT['ptk_conf_php']);
if ($fd = @fopen($DFLT['ptk_conf_php'], 'wb')) {
fwrite($fd, $config[0]);
fclose($fd);
} else {
$errors .= "<hr /><br />Unable to write config file '{$DFLT['ptk_conf_php']}'<br /><br />";
}
@unlink($DFLT['ptk_conf_perl']);
if ($fd = @fopen($DFLT['ptk_conf_perl'], 'wb')) {
fwrite($fd, $config[1]);
fclose($fd);
} else {
$errors .= "<hr /><br />Unable to write config file '{$DFLT['ptk_conf_perl']}'<br /><br />";
}
$config = build_ptk_mysql_configuration_file();
@unlink($DFLT['ptk_conf_mysql_php']);
if ($fd = @fopen($DFLT['ptk_conf_mysql_php'], 'wb')){
fwrite($fd, $config);
fclose($fd);
} else {
$errors .= "<div id=\"box_error\">Unable to write config file '{$DFLT['ptk_conf_mysql_php']}'</div>";
}
}
function lock_install()
{
global $notes, $DFLT;
if ($fd = @fopen($DFLT['ptk_lock'], 'wb')) {
fwrite($fd, 'locked');
fclose($fd);
} else {
$notes .= "The installer could not create the '{$DFLT['ptk_lock']}' file. In order to secure your installation, you need to delete the 'install.php' file from your server !<br />";
}
}
// --------------------------------- MAIN CODE ----------------------------- //
// Disable magic_quotes_runtime if active to allow proper reading from .sql files.
set_magic_quotes_runtime(0);
// The defaults values
$DFLT = array('ptk_i' => 'images', // The image file dir
'ptk_c' => 'config', // The config dir
'ptk_l' => 'log', // The log dir
'ptk_t' => 'temp', // The temp dir
'ptk_s' => 'sql', //The sql dir
'ptk_f' => 'filter', //The filter dir
'ptk_r' => 'report', //The report dir
'ptk_lock' => 'config/install.lock', // Name of install lock file
'ptk_conf_php' => 'config/conf.php', // The tool config file name
'ptk_conf_perl' => 'config/conf.pl', // The tool config file name
'ptk_conf_mysql_php' => 'config/config.inc.php' // The tool config file name
);
$errors = '';
$notes = '';
html_header();
//html_logo();
if (file_exists($DFLT['ptk_lock'])) {
html_installer_locked();
} elseif (count($_POST)>1) {
test_ptk_folder();
test_sql_connection();
test_mysql_ptk_value();
test_ptk_admin_value();
write_config_file();
if ($errors == '')
create_tables();
if ($errors != '')
html_input_config($errors);
else {
lock_install();
html_install_success($notes);
unlink('config/force_update');
}
} else {
test_ptk_folder();
test_ptk_tool();
if ($errors != '')
html_prereq_errors($errors);
else {
html_input_config();
}
}
html_footer();
?>