-
Notifications
You must be signed in to change notification settings - Fork 1
/
build-volatility.oracle.el7.sh
executable file
·66 lines (57 loc) · 1.99 KB
/
build-volatility.oracle.el7.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/bash
#
# Ponzu lime & volatilty build script
# Dannen Harris 2017 v. 3.0
# +uek for Oracle Unbreakable Linux Kernel
OSVER=el7uek
ARCH=x86_64
KVER1=$1.${OSVER}.noarch
KVER=$1.${OSVER}.${ARCH}
export KVER
# enable all repos
sed -i 's/enabled=0/enabled=1/' /etc/yum.repos.d/uek-ol7.repo
# clear yum cache
yum clean all
# import KVER into bash environment
# this is used to override the default value in LiME build
if [[ ! -z "${KVER}" ]]; then
echo "export KVER=${KVER}" >> /tmp/.bashrc
source /tmp/.bashrc;
else
exit 0
fi
# look for local copies of rpms and install from vault if missing
if [ ! -f "/rpms/kernel-${KVER}.rpm" ]; then
echo "No local rpms found, pulling from vault..."
yum -y -q -e 0 install kernel-uek-${KVER} kernel-uek-devel-${KVER} kernel-firmware-${KVER1}.${OSVER}.noarch
else
echo "Local rpms found, installing..."
yum install -y -q -e 0 /rpms/kernel-uek-${KVER}.rpm /rpms/kernel-uek-devel-${KVER}.rpm /rpms/kernel-firmware-${KVER1}.rpm
fi
# build basic volatility paths
mkdir -p /lime-module/${KVER}/boot
mkdir -p /lime-module/${KVER}/volatility/tools/linux/
# build lime kernel module
cd /LiME/src
patch < oracle_tcp_patch.txt
echo "Building lime module..."
make > /tmp/log-file 2>&1
cp lime-${KVER}.ko /lime-module/${KVER}
cp /boot/System.map-${KVER} /lime-module/${KVER}/boot
# build dwarfdump module
cd /volatility/tools/linux
echo "Building dwarf module..."
make > /tmp/log-file 2>&1
cp module.dwarf /lime-module/${KVER}/volatility/tools/linux/
# zip up results into a volatility formatted file
cd /
echo "Building ${KVER} volatility zip file..."
for f in /lime-module/${KVER}/*; do
[ -e "$f" ] && rm -f /rpms/${KVER}_ponzu.zip && zip -9 -q -r /rpms/${KVER}_ponzu.zip /lime-module/${KVER}/
done
# future: parse all files in /YourPath/rpms at once
# kernels=( $(ls -1 /YourPath/kernel-2*rpm |awk -F\/ '{print $2}' |sed 's/kernel-//' |sed 's/.rpm//' | sed 's/.x86_64//' | sed 's/.i386//' |sed 's/.el[5,6,7]//' |sort -V) )
#
# for kernel in ${kernels[@]}; do
# # echo "${kernel}: blah"
# done