pieces.sh 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107
  1. #!/bin/bash
  2. HTTP_HEADER='HTTP/1.1 200 OK
  3. Connection: close
  4. Content-Type: text/html; charset=utf-8
  5. '
  6. #<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  7. #<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
  8. HTML_HEADER='
  9. <html>
  10. <head>
  11. <title>TrustMiner</title>
  12. <link rel="stylesheet" title="nuclblog" type="text/css" href="'"$URL/html/aptsec.css"'"
  13. </head>
  14. <body>
  15. <br>
  16. <h1>TrustMiner - Mining Software for Trust</h1>
  17. <p /><br>
  18. '
  19. MAIN_NAVI='<div class="navi">
  20. <ul>
  21. <a href="'"$URL/intro"'"> <li>Introduction</li></a>
  22. <a href="'"$URL/sys"'"> <li>System Assessment</li></a>
  23. <a href="'"$URL/pkg"'"> <li>Database Query</li></a>
  24. <a href="'"$URL/hits"'"> <li>High Scores</li></a>
  25. <a href="'"$URL/about"'"> <li>About</li></a>
  26. </ul>
  27. </div>'
  28. HTML_FOOTER='
  29. <div class="footer">
  30. © 2011 Sven Bugiel, Lucas Davi, Ahmad-Reza Sadeghi, Steffen Schulz.
  31. <a href="http://www.trust.cased.de">System Security Lab, TU Darmstadt</a>, Germany. All rights reserved.<br>
  32. Published as "<a href="http://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/stc6032-bugiel.pdf"
  33. >Scalable Trust Establishment with Software Reputation</a>", ACM Workshop on Scalable Trusted Computing (STC), 2011
  34. </div>
  35. </body></html>'
  36. FILE_FORM='
  37. <form action="'"$URL"'/sys" method="post" enctype="multipart/form-data">
  38. <p>To evaluate a system, please upload a Debian DPKG status file (/var/lib/dpkg/status)
  39. or a IMA measurements file (/sys/kernel/security/ima/ascii_runtime_measurements).</p>
  40. <input name="file" type="file" size="50">
  41. <input type="submit">
  42. </form>'
  43. #You can manually query the database by entering binary or source package names,
  44. #a SHA-1 measurement of a package file or an CVE and DSA identifier:
  45. OBJECT_FORM='
  46. <form action="'"$URL"'/html/index.sh" method="get">
  47. Enter binary or source package names to manually query the database.
  48. Examples: mplayer, vlc, apache2, lighttpd, linux-2.6.
  49. <input name="action" value="pkg" type="hidden">
  50. <input name="object" type="text" size="50">
  51. <input type="submit">
  52. </form>'
  53. LAMBDA='<sub>&#955;</sub>'
  54. INTRO_MSG='
  55. TrustMiner is a tool for estimating the trustworthiness of software based on
  56. past security incidents. The current prototype uses the Debian GNU/Linux
  57. software repositories and security incidents database to provide security
  58. assessments for Debian software packages and systems.
  59. The purpose of this tool is to estimate the trustworthiness (or security
  60. failure rate) of a given computer system (prover), as shown in the figure
  61. below. This website implements the <em>verification</em> or <em>assessment</em> part of the
  62. figure, and the client (you) can submit information to be evaluated.
  63. <img width="600px" src='"$URL"'/html/debian_trustworthiness.png></img>
  64. '
  65. ABOUT_REF='
  66. The database is updated daily based on new Debian Security Announcements
  67. and Debian package repositories. We mirror the current stable, unstable and
  68. testing distributions for the official Debian package repository as well as
  69. debian-multimedia and security updates repositories. The SHA-1 hash sums of
  70. packages deleted from the official repositories are kept for one week.
  71. Note that we do not consider whether your system has all the current security
  72. patches installed, or if unpatched vulnerabilities are known for your system.
  73. This information is already provided by <a
  74. href="http://www.enyo.de/fw/software/debsecan/">debsecan</a> and on the Debian website:
  75. <ul>
  76. <li>Packages with available updates: <em>debsecan --only-fixed --suite sid</em>
  77. <li><a href="http://security-tracker.debian.org/tracker/status/release/unstable">Unpatched packages in the unstable suite</a>
  78. <li><a href="http://security-tracker.debian.org/tracker/status/release/testing">Unpatched packages in the testing suite</a>
  79. <li><a href="http://security-tracker.debian.org/tracker/status/release/stable">Unpatched packages in the stable suite</a>
  80. </ul>
  81. For further information, see:
  82. <ul><li><a href="http://www.trust.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_TRUST/PubsPDF/stc6032-bugiel.pdf">Scalable Trust Establishment with Software Reputation</a>, ACM STC, 2011
  83. <li><a href="http://www.debian.org/security/">Debian Security Information</a>
  84. <li><a href="http://security-tracker.debian.org/tracker/">Debian Security Tracker</a>
  85. </ul>
  86. '
  87. UPDATE_MSG='
  88. <h2>Sync in progress...</h2>
  89. TrustMiner is currently processing new advisories and packages.
  90. Sorry for the inconvenience.
  91. '