#!/bin/sh

# Configuration script for the Autopsy Forensic Browser
#
# Brian Carrier [carrier@sleuthkit.org]
#
# Copyright (c) 2003 by Brian Carrier.  All rights reserved
#
# Copyright (c) 2001-2003 by Brian Carrier, @stake.  All rights reserved
#
# Copyright (c) 2001 by Brian Carrier.  All rights reserved
#
# This file is part of the Autopsy Forensic Browser (Autopsy)
#
# Autopsy is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# 
# Autopsy is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Autopsy; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA  
##
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE.
# IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, LOSS OF USE, DATA, OR PROFITS OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


# Directories to search in
dirs='/usr/local/bin/ /usr/bin/ /usr/ccs/bin/ /bin/ /usr/ucb/bin/ /sbin/ /usr/sbin/ /usr/local/sbin/'


echo ""
echo "   Autopsy Forensic Browser Installation"
echo ""

#############################################################################
# Setup Perl locations
#############################################################################

# Find perl
found=0;
for d in $dirs
  do if (test -x ${d}perl) then
    if (test -n "`${d}perl -v 2> /dev/null | awk '/This is perl/ {print $0}'`") then
      echo "perl found: ${d}perl";
      echo "#!${d}perl -wT" > ./config.tmp;
      found=1; 
      break; 
    fi;
  fi;
done

# If it wasn't found, then prompt for it.
if (test $found -eq 0) then
  echo 'ERROR: perl not found';
  while (test 1 -eq 1) 
    do echo 'Enter Location:';
    read perlexe;
    if (test -x "$perlexe") then
      if (test -n "`$perlexe -v 2> /dev/null | awk '/This is perl/ {print $0}'`")       then
        echo "#!$perlexe -wT" > ./config.tmp;
        break;
      else
        echo "Perl found, but is not working.  Try another";
      fi;
    else
      echo "file not found";
    fi
  done
fi

# Check if this version of Perl supports large files
if (test -z "`${d}perl -V 2> /dev/null | awk '/USE_LARGE_FILES/ {print $0}'`") then
  echo ''
  echo '    NOTE: It appears that your Perl does not support large files.';
  echo '    You therefore will not be able to analyze images larger than 2GB.';
  echo '    Download the source version from www.cpan.org and compile a new version.';
  echo ''
fi;

# Write autopsyfunc.pm
if (test -f ./autopsyfunc.pm) then
  echo "autopsyfunc.pm already exists, overwrite? (y/n):";
  read rep;
  if (test "$rep" = "y") then
    cat ./config.tmp base/autopsyfunc.pm.base > ./autopsyfunc.pm;
  else 
    echo '  original version was kept';
  fi
else
  cat ./config.tmp base/autopsyfunc.pm.base > ./autopsyfunc.pm;
fi


# Get current working directory for lib
echo "use lib '$PWD';" >> ./config.tmp

# Write autopsy
if (test -f ./autopsy) then
  echo "autopsy already exists, overwrite? (y/n):";
  read rep;
  if (test "$rep" = "y") then
    cat ./config.tmp base/autopsy.base > ./autopsy
  else 
    echo '  original version was kept';
  fi
else
  cat ./config.tmp base/autopsy.base > ./autopsy
fi
chmod 0755 ./autopsy

# cleanup
rm -f ./config.tmp


#############################################################################
# create conf.pl
#############################################################################


conf='conf.pl'

if (test -f $conf) then
  echo "$conf already exists, overwrite? (y/n):";
  read rep;
  if (test "$rep" = "n") then
    exit 0;
  fi
fi

# First add the variables that are static
#
# DEFAULT USER SETTINGS
#
echo '# Autopsy configuration settings' > $conf
echo '' >> $conf
echo '# when set to 1, the server will stop after it receives no' >> $conf
echo '# connections for STIMEOUT seconds. ' >> $conf
echo '$USE_STIMEOUT = 0;' >> $conf
echo '$STIMEOUT = 3600;'>> $conf    

echo '' >> $conf
echo '# number of seconds that child waits for input from client' >> $conf
echo '$CTIMEOUT = 15;' >> $conf

echo '' >> $conf
echo '# Set to 1 for cookie authentication' >> $conf
echo '$USE_COOKIE = 1;' >> $conf
echo '# set to 1 to save the cookie value in a file (for scripting)' >> $conf
echo '$SAVE_COOKIE = 1;' >> $conf

echo '' >> $conf
echo '# set to 1 to log errors and audit trail, 0 for none' >> $conf
echo '$USE_LOG = 1;' >> $conf
echo '# set to 1 to allow investigators to make notes, 0 to not' >> $conf
echo '$USE_NOTES = 1;' >> $conf


#############################################################################
# INSTALLATION DIRECTORY
#############################################################################
echo '' >> $conf;
echo \$INSTALLDIR = \'$PWD/\'\; >> $conf; 


#############################################################################
# Default dir names
#############################################################################
echo '' >> $conf
echo '# Default directory names' >> $conf
echo \$IMGDIR = \'images\'\; >> $conf
echo \$DATADIR =\'output\'\; >> $conf
echo \$LOGDIR = \'logs\'\; >> $conf
echo \$REPDIR = \'reports\'\; >> $conf




# Now add the variables that need user interaction

#
# FIND THE UTILITIES
#
echo '' >> $conf
echo '' >> $conf
echo '# System Utilities' >> $conf

#
# STRINGS
#
str_loc=nope
for d in $dirs 
  do if (test -x ${d}strings) then
    echo \$STRINGS_EXE = \'${d}strings\'\; >> $conf; 
    echo "strings found: ${d}strings";
	str_loc=${d}strings;
    found=1; 
    break; 
  fi;
done

# Prompt if not found
if (test "$str_loc" = "nope") then
  echo 'ERROR: strings utility not found';
  echo 'Enter location:';
  while (test 1 -eq 1) 
    do read str_loc;
    if (test -x "$str_loc") then
	  echo \$STRINGS_EXE = \'$str_loc\'\; >> $conf; 
      echo "strings found: $str_loc";
      break;
    else
      echo 'strings was not found (try again):';
    fi;
  done
fi

# The Mac OS X strings does not support the GNU flags
echo -n '  Testing decimal offset flag of strings: ';
if (test -z "`echo 1234567890 | $str_loc -t d 2> /dev/null`") then
  echo "FAIL";
  echo "    WARNING: Version of strings does not support the '-t d' option";
  echo '    Limited functionality will exist';
else
  echo 'PASS';
fi

# Some versions require a special flag for non-object files
echo -n '  Testing non-object file arguments: ';
echo "strings test" > ./.str_test
if (test -z "`$str_loc -a ./.str_test 2> /dev/null`") then
  echo 'FAIL';
  echo '    WARNING: Version of strings requires additional arguments for';
  echo '     non-object files';
  echo '    Limited functionality will exist';
else
  echo 'PASS';
fi
rm ./.str_test

#
# GREP
#
found=0
for d in $dirs 
  do if (test -x ${d}grep) then
    echo \$GREP_EXE = \'${d}grep\'\; >> $conf; 
    echo "grep found: ${d}grep";
    found=1; 
    break; 
  fi;
done

# Prompt if not found
if (test $found -eq 0) then
  echo 'ERROR: grep utility not found';
  echo 'Enter Location:';
  while (test 1 -eq 1) 
    do read grepexe;
    if (test -x "$grepexe") then
	  echo \$GREP_EXE = \'$grepexe\'\; >> $conf; 
      break;
    else
      echo 'grep was not found (try again):';
    fi;
  done
fi


#############################################################################
# The Sleuth Kit
#############################################################################

echo '' >> $conf
echo '' >> $conf
echo '# Directories' >> $conf

# The Sleuth Kit
echo ''
echo 'Enter The Sleuth Kit Directory:'
while (test 1 -eq 1) 
  do read taskdir;
  if (test -x "${taskdir}/bin/icat") then
    if (test -x "${taskdir}/bin/fls") then
      echo '  Sleuth Kit bin directory was found';
      echo \$TASKDIR = \'${taskdir}/bin/\'\; >> $conf;
      break;
    else
      echo 'The Sleuth Kit was not fully found (did you give me a TCT or TASK directory?) (try again):';
    fi
  else
    echo 'The Sleuth Kit was not found (try again):';
  fi;
done

if (test -x "${taskdir}/bin/hfind") then
  echo '  Required version found'
else
  echo 'Your version of The Sleuth Kit is not current enough - the hfind tool is needed';
  exit 1;
fi;


# NSRL
echo ''
echo 'Do you have the NIST National Software Reference Library (NSRL)? (y/n) [n]'
read rep;
if (test "$rep" = "y") then

  echo 'Enter the Directory where the NIST NSRL is located:'
  while (test 1 -eq 1) 
    do read nsrldir;
    if (test -f "${nsrldir}/NSRLFile.txt") then
      echo '  NSRL database was found (NSRLFile.txt)';
      echo \$NSRLDB = \'${nsrldir}/NSRLFile.txt\'\; >> $conf;

	  if (test -f "${nsrldir}/NSRLFile.txt-md5.idx") then
		echo '  NSRL Index file found (NSRLFile.txt-md5.idx)';
      else
        echo '  NSRL Index file not found, do you want it created? (y/n) [n]:'
        read rep;
        if (test "$rep" = "y") then
          echo ''
          echo '-------------- begin hfind output --------------'
          "${taskdir}/bin/hfind" -i nsrl-md5 "${nsrldir}/NSRLFile.txt";
          echo '--------------- end hfind output ---------------'
          echo ''
		fi;
	  fi;
      break;
    else
      echo 'NSRL database was not found (the directory should have NSRLFile.txt in it) - try again:';
    fi;
  done
else
  echo \$NSRLDB = \'\'\; >> $conf;
fi;

#############################################################################
# EVIDENCE LOCKER
#############################################################################
mdone=0
echo ''
echo 'Enter the Evidence Locker Directory (where cases will be saved):'
read locker;
if (test -d "${locker}") then
  echo "  $locker already exists"
else
  echo '';
  echo "WARNING: $locker does not exist"
  mdone=1
fi

echo \$LOCKDIR = \'${locker}\'\; >> $conf;


#############################################################################
# CLEANUP
#############################################################################
echo ''
echo "Settings saved to $conf"
echo ''

