diff options
| author | Chris Friedhoff <chris@friedhoff.org> | 2008-03-30 22:20:11 -0700 |
|---|---|---|
| committer | Andrew G. Morgan <morgan@kernel.org> | 2008-03-30 22:20:11 -0700 |
| commit | 375f12c5d94f9344976a971571cd7828876c2173 (patch) | |
| tree | 3a7fa866cdc64ed3c1169be66657cbbd9b030938 | |
| parent | f9e06b4db930a690db046e10820d31a7d2e0ccc7 (diff) | |
| download | libcap2-375f12c5d94f9344976a971571cd7828876c2173.tar.gz | |
Chris' capability conversion scripts.
| -rw-r--r-- | contrib/pcaps4convenience | 209 | ||||
| -rw-r--r-- | contrib/pcaps4server | 369 | ||||
| -rw-r--r-- | contrib/pcaps4suid0 | 227 |
3 files changed, 805 insertions, 0 deletions
diff --git a/contrib/pcaps4convenience b/contrib/pcaps4convenience new file mode 100644 index 0000000..c46735d --- /dev/null +++ b/contrib/pcaps4convenience @@ -0,0 +1,209 @@ +#!/bin/bash +# vim:expandtab:tabstop=4 +# +# author: chris friedhoff - chris@friedhoff.org +# version: pcaps4convenience 2 Tue Mar 11 2008 +# +# +# changelog: +# 1 - initial release pcaps4convenience +# 2 - changed 'attr -S -r' to 'setcap -r' and removed attr code +# +# +# the user has the necessary POSIX Capabilities in his Inheritance +# set and the applications are accepting the needed PCaps through +# their Inheritance set. +# a user who has not the PCaps in his Inheritance set CAN NOT +# successfully execute the apps +# --> SET=ie +# (if SET=pe than you relax the security level of your machine) +# +# +# + + +##HERE WE ADD APPS +################## + +## these apps uses their POSIX Caps +################################### +# see /usr/include/linux/capability.h +# adjust - if needed and wanted - /etc/security/capability.conf +#eject=cap_dac_read_search,cap_sys_rawio +eject=2,17 +#killall=cap_kill +killall=5 +#modprobe=cap_sys_module +modprobe=16 +#ntpdate=cap_net_bind_service,cap_sys_time +ntpdate=10,25 +#qemu=cap_net_admin +qemu=12 +#route=cap_net_admin +route=12 + + +# this apps were converted/reverted +################################### +APPSARRAY=( eject killall modprobe ntpdate qemu route ) + + +# we put it into this set +######################### +SET=ie + + +##FROM HERE ONLY LOGIC +###################### + +#save assumption!? +export PATH=/sbin:/bin:/usr/sbin:/usr/bin/:usr/local/sbin:/usr/local/bin + +p4c_test(){ + # are we sane? + WICH=`which which 2>/dev/null` + if [ $WICH == "" ]; then + # thats bad + echo "Sorry, I haven't found which" + exit + fi + + # we needt his apps + SETCAP=`which setcap 2>/dev/null` + if [ "$SETCAP" == "" ]; then + echo "Sorry, I'm missing setcap !" + exit + fi + + # checking setcap for SET_SETFCAP PCap ? + # for now we stick to root + if [ "$( id -u )" != "0" ]; then + echo "Sorry, you must be root !" + exit 1 + fi +} + + + +p4c_app_convert(){ + # convert a single app + # $1 is app name; $2 is POSIX Caps + # well symlinks to apps, so we use -a ... + APP=`which -a $1 2>/dev/null` + if [ "$APP" != "" ]; then + FOUND=no + for i in $APP; do + # ... and are looking for symlinks + if [ -f "$i" -a ! -L $i -a "$FOUND"=="no" ]; then + echo "converting $i" + setcap $2=$SET $i + FOUND=yes + fi + done + if [ "$FOUND" == "no" ]; then + # 'which' found only symlinks + echo "1 haven't found $1" + fi + else + # 'which' hasn't anything given back + echo "haven't found $1" + fi +} + + + +p4c_app_revert(){ + # revert a singel app + # $1 is app name + APP=`which -a $1 2>/dev/null` + if [ "$APP" != "" ]; then + FOUND=no + for i in $APP; do + if [ -f "$i" -a ! -L $i -a "$FOUND"=="no" ]; then + echo "reverting $i" + setcap -r $i 2>/dev/null + FOUND=yes + fi + done + if [ "$FOUND" == "no" ]; then + echo "1 haven't found $1" + fi + else + echo "haven't found $1" + fi +} + + + +p4c_convert(){ + # we go throug the APPSARRAY and call s2p_app_convert to do the job + COUNTER=0 + let UPPER=${#APPSARRAY[*]}-1 + until [ $COUNTER == $UPPER ]; do + p4c_app_convert ${APPSARRAY[$COUNTER]} ${!APPSARRAY[$COUNTER]} + let COUNTER+=1 + done +} + + + +p4c_revert(){ + COUNTER=0 + let UPPER=${#APPSARRAY[*]}-1 + until [ $COUNTER == $UPPER ]; do + p4c_app_revert ${APPSARRAY[$COUNTER]} + let COUNTER+=1 + done + +} + + + +p4c_usage(){ + echo + echo "pcaps4convenience" + echo + echo "pcaps4convenience stores the needed POSIX Capabilities for binaries to" + echo "run successful into their Inheritance and Effective Set." + echo "The user who wants to execute this binaries successful has to have the" + echo "necessary POSIX Capabilities in his Inheritable Set. This might be done" + echo "through the PAM module pam_cap.so." + echo "A user who has not the needed PCaps in his Inheritance Set CAN NOT execute" + echo "these binaries successful." + echo "(well, still per sudo or su -c - but thats not the point here)" + echo + echo "You need and I will check fot the utilities which and setcap." + echo + echo "Your Filesystem has to support extended attributes and your kernel must have" + echo "support for POSIX File Capabilities (CONFIG_SECURITY_FILE_CAPABILITIES)." + echo + echo "Usage: pcaps4convenience [con(vert)|rev(ert)|help]" + echo + echo " con|convert - from setuid0 to POSIX Capabilities" + echo " rev|revert - from POSIX Capabilities back to setui0" + echo " help - this help message" + echo +} + + + +case "$1" in + con|convert) + p4c_test + p4c_convert + exit 0 + ;; + rev|revert) + p4c_test + p4c_revert + exit 0 + ;; + help) + p4c_usage + exit 0 + ;; + *) + echo "Try 'pcaps4convenience help' for more information" + exit 1 + ;; +esac diff --git a/contrib/pcaps4server b/contrib/pcaps4server new file mode 100644 index 0000000..af6f9ca --- /dev/null +++ b/contrib/pcaps4server @@ -0,0 +1,369 @@ +#!/bin/sh +# vim: tabstop=4 +# +# author: chris friedhoff - chris@friedhoff.org +# version: pcaps4server 5 Tue Mar 11 2008 +# +# +# changelog: +# 1 - initial release pcaps4convenience +# 1 - 2007.02.15 - initial release +# 2 - 2007.11.02 - changed to new setfcaps api; each app is now callable; supressed error of id +# 3 - 2007.12.28 - changed to libcap2 package setcap/getcap +# 4 - renamed to pcaps4server +# removed suid0 and convenience files, +# they are now in pcaps4suid0 resp. pcaps4convenience +# 5 - changed 'attr -S -r' to 'setcap -r' and removed attr code +# +# +########################################################################### +# change the installation of different server to be able not to run as root +# and have their own unpriviledged user. The binary has the needed POSIX +# Capabilities. +# to ensure that the server is really started as his respective user, we set +# the suid bit (BUT NOT 0)! +# paths are hard coded and derive from a slackware system +# change it to your needs !! +########################################################################### + + + +VERBOSE="-v" +#VERBOSE="" +APPS="" + +message(){ + printRedMessage "$1" +} + +printRedMessage(){ + # print message red and turn back to white + echo -e "\n\033[00;31m $1 ...\033[00;00m\n" +} + +printGreenMessage(){ + # print message red and turn back to white + echo -e "\033[00;32m $1 ...\033[00;00m\n" + sleep 0.5 +} + +checkReturnCode(){ + if [ "$?" != "0" ]; then + printRedMessage "!! I'M HAVING A PROBLEM !! THE RETURNCODE IS NOT 0 !! I STOP HERE !!" + exit 1 + else + printGreenMessage ":-)" + sleep 0.5 + fi +} + + + +p4r_test(){ + #for now, we work with root + if [ "$( id -u )" != "0" ]; then + echo "Sorry, you must be root !" + exit + fi +} + + + + +# apache 1.3 +######## +#APPS="$APPS apache1" +apache1_convert(){ + message "converting apache1" + if [ "$( id -g apache 2>/dev/null )" == "" ]; then + groupadd -g 60 apache + fi + if [ "$( id -u apache 2>/dev/null )" == "" ]; then + useradd -g apache -d / -u 600 apache + fi + sed -i -e "{s|^\(User\).*|\1 apache|; s|^\(Group\) .*|\1 apache|}" /etc/apache/httpd.conf + chown $VERBOSE -R apache:apache /var/run/apache/ + chown $VERBOSE -R apache:apache /etc/apache/ + chown $VERBOSE -R apache:apache /var/log/apache/ + chown $VERBOSE apache:apache /usr/sbin/httpd + chmod $VERBOSE u+s /usr/sbin/httpd + setcap cap_net_bind_service=ep /usr/sbin/httpd + checkReturnCode +} +apache1_revert(){ + message "reverting apache1" + chown $VERBOSE -R root:root /var/run/apache/ + chown $VERBOSE -R root:root /etc/apache/ + chown $VERBOSE -R root:root /var/log/apache/ + chown $VERBOSE root:root /usr/sbin/httpd + chmod $VERBOSE u-s /usr/sbin/httpd + setcap -r /usr/sbin/httpd + checkReturnCode + sed -i -e "{s|^\(User\).*|\1 nobody|; s|^\(Group\).*|\1 nogroup|}" /etc/apache/httpd.conf + userdel apache + groupdel apache +} + + +# apache 2.x +######## +APPS="$APPS apache2" +apache2_convert(){ + message "converting apache2" + if [ "$( id -g apache 2>/dev/null )" == "" ]; then + groupadd -g 60 apache + fi + if [ "$( id -u apache 2>/dev/null )" == "" ]; then + useradd -g apache -d / -u 600 apache + fi + sed -i -e "{s|^\(User\).*|\1 apache|; s|^\(Group\) .*|\1 apache|}" /etc/httpd/httpd.conf + chown $VERBOSE -R apache:apache /var/run/httpd/ + chown $VERBOSE -R apache:apache /etc/httpd/ + chown $VERBOSE -R apache:apache /var/log/httpd/ + chown $VERBOSE apache:apache /usr/sbin/httpd + chmod $VERBOSE u+s /usr/sbin/httpd + #setfcaps -c cap_net_bind_service=p -e /usr/sbin/httpd + setcap cap_net_bind_service=ep /usr/sbin/httpd + checkReturnCode +} +apache2_revert(){ + message "reverting apache2" + chown $VERBOSE -R root:root /var/run/httpd/ + chown $VERBOSE -R root:root /etc/httpd/ + chown $VERBOSE -R root:root /var/log/httpd/ + chown $VERBOSE root:root /usr/sbin/httpd + chmod $VERBOSE u-s /usr/sbin/httpd + setcap -r /usr/sbin/httpd + checkReturnCode + sed -i -e "{s|^\(User\).*|\1 nobody|; s|^\(Group\).*|\1 nogroup|}" /etc/httpd/httpd.conf + userdel apache + groupdel apache +} + + +# samba +####### +APPS="$APPS samba" +samba_convert(){ + message "converting samba" + if [ "$( id -g samba 2>/dev/null )" == "" ]; then + groupadd -g 61 samba + fi + if [ "$( id -u samba 2>/dev/null )" == "" ]; then + useradd -g samba -d / -u 610 samba + fi + chown $VERBOSE -R samba:samba /var/log/samba + chown $VERBOSE -R samba:samba /etc/samba + chown $VERBOSE -R samba:samba /var/run/samba + chown $VERBOSE -R samba:samba /var/cache/samba + chown $VERBOSE samba:samba /usr/sbin/smbd /usr/sbin/nmbd + chmod $VERBOSE u+s /usr/sbin/smbd /usr/sbin/nmbd + setcap cap_net_bind_service,cap_sys_resource,cap_dac_override=ep /usr/sbin/smbd + checkReturnCode + setcap cap_net_bind_service=ep /usr/sbin/nmbd + checkReturnCode +} + +samba_revert(){ + message "reverting samba" + chown $VERBOSE -R root:root /var/log/samba + chown $VERBOSE -R root:root /etc/samba + chown $VERBOSE -R root:root /var/run/samba + chown $VERBOSE -R root:root /var/cache/samba + chown $VERBOSE root:root /usr/sbin/smbd /usr/sbin/nmbd + chmod $VERBOSE u-s /usr/sbin/smbd /usr/sbin/nmbd + setcap -r /usr/sbin/smbd + checkReturnCode + setcap -r /usr/sbin/nmbd + checkReturnCode + userdel samba + groupdel samba +} + + +# bind +###### +APPS="$APPS bind" +bind_convert(){ + message "converting bind" + if [ "$( id -g bind 2>/dev/null )" == "" ]; then + groupadd -g 62 bind + fi + if [ "$( id -u bind 2>/dev/null )" == "" ]; then + useradd -g bind -d / -u 620 bind + fi + chown $VERBOSE -R bind:bind /var/run/named + chown $VERBOSE -R bind:bind /var/named + chown $VERBOSE bind:bind /etc/rndc.key + chown $VERBOSE bind:bind /usr/sbin/named + chmod $VERBOSE u+s /usr/sbin/named + setcap cap_net_bind_service=ep /usr/sbin/named + checkReturnCode +} +bind_revert(){ + message "reverting bind" + chown $VERBOSE -R root:root /var/run/named + chown $VERBOSE -R root:root /var/named + chown $VERBOSE root:root /etc/rndc.key + chown $VERBOSE root:root /usr/sbin/named + chmod $VERBOSE u-s /usr/sbin/named + setcap -r /usr/sbin/named + checkReturnCode + userdel bind + groupdel bind +} + + +# dhcpd +####### +APPS="$APPS dhcpd" +dhcpd_convert(){ + message "converting dhcpd" + if [ "$( id -g dhcpd 2>/dev/null )" == "" ]; then + groupadd -g 63 dhcpd + fi + if [ "$( id -u dhcpd 2>/dev/null )" == "" ]; then + useradd -g dhcpd -d / -u 630 dhcpd + fi + chown $VERBOSE dhcpd:dhcpd /var/run/dhcpd + chown $VERBOSE dhcpd:dhcpd /etc/dhcpd.conf + chown $VERBOSE -R dhcpd:dhcpd /var/state/dhcp/ + chown $VERBOSE dhcpd:dhcpd /usr/sbin/dhcpd + chmod $VERBOSE u+s /usr/sbin/dhcpd + setcap cap_net_bind_service,cap_net_raw=ep /usr/sbin/dhcpd + checkReturnCode +} +dhcpd_revert(){ + message "reverting dhcpd" + chown $VERBOSE root:root /var/run/dhcpd + chown $VERBOSE root:root /etc/dhcpd.conf + chown $VERBOSE -R root:root /var/state/dhcp/ + chown $VERBOSE root:root /usr/sbin/dhcpd + chmod $VERBOSE u-s /usr/sbin/dhcpd + setcap -r /usr/sbin/dhcpd + checkReturnCode + userdel dhcpd + groupdel dhcpd +} + + +# cupsd +####### +APPS="$APPS cupsd" +cupsd_convert(){ + message "converting cupsd" + if [ "$( id -g cupsd 2>/dev/null )" == "" ]; then + groupadd -g 64 cupsd + fi + if [ "$( id -u cupsd 2>/dev/null )" == "" ]; then + useradd -g cupsd -d / -u 640 cupsd + fi + sed -i -e "{s|^\(User\).*|\1 cupsd|; s|^\(Group\) .*|\1 cupsd|}" /etc/cups/cupsd.conf + chown $VERBOSE -R cupsd:cupsd /etc/cups + chown $VERBOSE -R cupsd:cupsd /var/cache/cups + chown $VERBOSE -R cupsd:cupsd /var/log/cups + chown $VERBOSE -R cupsd:cupsd /var/spool/cups + chown $VERBOSE -R cupsd:cupsd /var/run/cups + chown $VERBOSE cupsd:cupsd /usr/sbin/cupsd + chmod $VERBOSE u+s /usr/sbin/cupsd + setcap cap_net_bind_service,cap_dac_read_search=ep /usr/sbin/cupsd + checkReturnCode +} +cupsd_revert(){ + message "reverting cupsd" + chown $VERBOSE -R root:root /etc/cups + chown $VERBOSE -R root:lp /var/cache/cups + chown $VERBOSE -R root:root /var/log/cups + chown $VERBOSE -R root:root /var/spool/cups + chown $VERBOSE root:lp /var/run/cups + chown $VERBOSE lp:sys /var/run/cups/certs + chmod $VERBOSE 750 /var/run/cups/certs + chown $VERBOSE root:root /usr/sbin/cupsd + chmod $VERBOSE u-s /usr/sbin/cupsd + setcap -r /usr/sbin/cupsd + checkReturnCode + sed -i -e "{s|^\(User\).*|\1 lp|; s|^\(Group\) .*|\1 sys|}" /etc/cups/cupsd.conf + userdel cupsd + groupdel cupsd +} + + +usage_message(){ + echo "Try 'pcaps4server help' for more information" +} + + +p4r_usage(){ + echo + echo "pcaps4server" + echo + echo "pcaps4server stores the needed POSIX Capabilities for server binaries to" + echo "run successful into their Permitted and Effective Set." + echo "The server are now able to run as an unpriviledged user." + echo "For each server software an unpriviledged user is added the system." + echo "The ownership of all the respective paths are changed to this user." + echo "To ensure that the server is starting as this unpriviledgesd user, the" + echo "suid bit (NOT 0) is set." + echo "Effectively this means every user can start this server daemons (for now)." + echo "All paths are hard coded!" + echo "You have been warned. Enjoy!" + echo + echo "Your Filesystem has to support extended attributes and your kernel must have" + echo "support for POSIX File Capabilities (CONFIG_SECURITY_FILE_CAPABILITIES)." + echo + echo "Usage: pcaps4server [PROG] [con(vert)|rev(ert)|help]" + echo + echo " con|convert - from setuid0 to POSIX Capabilities" + echo " rev|revert - from POSIX Capabilities back to setui0" + echo " help - this help message" + echo + echo " PROG: $APPS" + echo +} + + + + +case "$1" in + con|convert) + p4r_test + for j in $APPS; do + ${j}_convert + done + exit + ;; + rev|renvert) + p4r_test + for j in $APPS; do + ${j}_revert + done + exit + ;; + help) + p4r_usage + exit + ;; +esac + +for i in ${APPS}; do + if [ "$1" == "$i" ]; then + case "$2" in + con|convert) + p4r_test + ${i}_convert + exit + ;; + rev|revert) + p4r_test + ${i}_revert + exit + ;; + *) + usage_message + exit 1 + ;; + esac + fi +done + +usage_message diff --git a/contrib/pcaps4suid0 b/contrib/pcaps4suid0 new file mode 100644 index 0000000..799df28 --- /dev/null +++ b/contrib/pcaps4suid0 @@ -0,0 +1,227 @@ +#!/bin/bash +# vim:expandtab:tabstop=4 +# +# author: chris friedhoff - chris@friedhoff.org +# version: pcaps4suid0 3 Tue Mar 11 2008 +# +# +# changelog: +# 1 - initial release suid02pcaps +# 2 - renamend to pcaps4suid0 +# implement idea of change between permitted/effective set +# or iherited/effective set (pam_cap.so) +# 3 - changed 'attr -S -r' to 'setcap -r' and removed attr code +# +# +# +# change different suid-0 binaries away from suid-0 to using +# POSIX Capabilities through their Permitted and Effective Set +# --> legacy support +# --> use SET=pe +# +# +# OR change different suid-0 binaries away from suid-0 to using +# POSIX Capabilities through their Inherited and Effective Set +# --> PAM support to set Inheritance set through pam_cap.so +# --> use SET=ie +# +# +# +# +############################################################### +# for example use this find call: +# find {,/usr}{/bin,/sbin} -perm -4000 -uid 0 -exec ls -l {} \; +############################################################### + + + +##HERE WE ADD APPS +################## + +## these apps uses their POSIX Caps +################################### +# see /usr/include/linux/capability.h +#ping=cap_net_raw +ping=13 +#traceroute=cap_net_raw +traceroute=13 +chsh=0,2,4,7 +chfn=0,2,4,7 +Xorg=1,6,7,17,21,26 +chage=2 +#passwd=0,2,4,7 +#passwd 0,1 +passwd=0,1,3 #PAM +unix_chkpwd=1 +mount=1,21 +umount=1,21 + +# this apps were converted/reverted +################################### +APPSARRAY=( ping traceroute chsh chfn Xorg chage passwd unix_chkpwd mount umount ) + + +# we put it into this set +######################### +#SET=pe +SET=ie + + +##FROM HERE ONLY LOGIC +###################### + +#save assumption!? +export PATH=/sbin:/bin:/usr/sbin:/usr/bin/:usr/local/sbin:/usr/local/bin + +p4s_test(){ + # are we sane? + WICH=`which which 2>/dev/null` + if [ $WICH == "" ]; then + # thats bad + echo "Sorry, I haven't found which" + exit + fi + + # we needt his apps + CHMOD=`which chmod 2>/dev/null` + SETCAP=`which setcap 2>/dev/null` + if [ "$CHMOD" == "" -o "$SETCAP" == "" ]; then + echo "Sorry, I'm missing chmod or setcap !" + exit + fi + + # checking setcap for SET_SETFCAP PCap ? + # for now we stick to root + if [ "$( id -u )" != "0" ]; then + echo "Sorry, you must be root !" + exit 1 + fi +} + + + +p4s_app_convert(){ + # convert a single app + # $1 is app name; $2 is POSIX Caps + # well symlinks to apps, so we use -a ... + APP=`which -a $1 2>/dev/null` + if [ "$APP" != "" ]; then + FOUND=no + for i in $APP; do + # ... and are looking for symlinks + if [ -f "$i" -a ! -L $i -a "$FOUND"=="no" ]; then + echo "converting $i" + chmod u-s $i + setcap $2=$SET $i + FOUND=yes + fi + done + if [ "$FOUND" == "no" ]; then + # 'which' found only symlinks + echo "1 haven't found $1" + fi + else + # 'which' hasn't anything given back + echo "haven't found $1" + fi +} + + + +p4s_app_revert(){ + # revert a singel app + # $1 is app name + APP=`which -a $1 2>/dev/null` + if [ "$APP" != "" ]; then + FOUND=no + for i in $APP; do + if [ -f "$i" -a ! -L $i -a "$FOUND"=="no" ]; then + echo "reverting $i" + chmod u+s $i + setcap -r $i 2>/dev/null + FOUND=yes + fi + done + if [ "$FOUND" == "no" ]; then + echo "1 haven't found $1" + fi + else + echo "haven't found $1" + fi +} + + + +p4s_convert(){ + # we go throug the APPSARRAY and call s2p_app_convert to do the job + COUNTER=0 + let UPPER=${#APPSARRAY[*]}-1 + until [ $COUNTER == $UPPER ]; do + p4s_app_convert ${APPSARRAY[$COUNTER]} ${!APPSARRAY[$COUNTER]} + let COUNTER+=1 + done +} + + + +p4s_revert(){ + COUNTER=0 + let UPPER=${#APPSARRAY[*]}-1 + until [ $COUNTER == $UPPER ]; do + p4s_app_revert ${APPSARRAY[$COUNTER]} + let COUNTER+=1 + done + +} + + + +p4s_usage(){ + echo + echo "pcaps4suid0" + echo + echo "pcaps4suid0 changes the file system entry of binaries from using setuid-0" + echo "to using POSIX Capabilities by granting the necessary Privileges" + echo "This is done by storing the needed POSIX Capabilities into the extended" + echo "attribute capability through setcap." + echo "Following the idea of setuid - granting a binary the privilege regardless" + echo "of the user, the POSIX Capabilities are stored into the Permitted and" + echo "Effective set." + echo "If you are using pam_cap.so, you might want to change the set into the" + echo "Inherited and Effective set (check for the SET var)." + echo + echo "You need and I will check fot the utilities which, chmod and setcap." + echo + echo "Your Filesystem has to support extended attributes and your kernel must have" + echo "support for POSIX File Capabilities (CONFIG_SECURITY_FILE_CAPABILITIES)." + echo + echo "Usage: pcaps4suid0 [con(vert)|rev(ert)|help]" + echo + echo " con|convert - from setuid0 to POSIX Capabilities" + echo " rev|revert - from POSIX Capabilities back to setui0" + echo " help - this help message" + echo +} + + + +case "$1" in + con|convert) + p4s_test + p4s_convert + exit 0 + ;; + rev|revert) + p4s_test + p4s_revert + exit 0 + ;; + help) + p4s_usage + exit 0 + ;; + *) + echo "Try 'pcaps4suid0 help' for more information" + exit 1 + ;; +esac |