diff --git a/setup/so-functions b/setup/so-functions index 40c1127de..4410e7443 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -905,9 +905,10 @@ detect_cloud() { } detect_os() { + local log=${1:-${setup_log}} # Detect Base OS - echo "Detecting Base OS" >> "$setup_log" 2>&1 + echo "Detecting Base OS" >> "$log" 2>&1 if [ -f /etc/redhat-release ]; then OS=centos if grep -q "CentOS Linux release 7" /etc/redhat-release; then @@ -937,7 +938,7 @@ detect_os() { exit 1 fi - echo "Found OS: $OS $OSVER" >> "$setup_log" 2>&1 + echo "Found OS: $OS $OSVER" >> "$log" 2>&1 } diff --git a/setup/so-preflight b/setup/so-preflight new file mode 100644 index 000000000..c2bbb7988 --- /dev/null +++ b/setup/so-preflight @@ -0,0 +1,135 @@ +#!/bin/bash + +# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +source ../salt/common/tools/sbin/so-common +source ./so-functions + +preflight_log='/root/preflight.log' + +check_default_repos() { + local ret_code=0 + + printf ' Checking OS default repos with ' | tee -a "$preflight_log" + if [[ $OS == 'centos' ]]; then + printf '%s' 'yum update.' | tee -a "$preflight_log" + echo "" >> "$preflight_log" + yum -y update >> $preflight_log 2>&1 + ret_code=$? + else + printf '%s' 'apt update.' | tee -a "$preflight_log" + echo "" >> "$preflight_log" + retry 50 10 "apt-get -y update" >> $preflight_log 2>&1 + ret_code=$? + fi + + [[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE' + return $ret_code +} + +check_new_repos() { + printf ' Checking repo URLs added by setup.' | tee -a "$preflight_log" + + if [[ $OS == 'centos' ]]; then + local repo_arr=( + "https://download.docker.com/linux/centos/docker-ce.repo" + "https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.2/SALTSTACK-GPG-KEY.pub" + "https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub" + "https://download.docker.com/linux/ubuntu/gpg" + "https://packages.wazuh.com/key/GPG-KEY-WAZUH" + "https://packages.wazuh.com/3.x/yum/" + ) + else + local ubuntu_version + ubuntu_version=$(grep -q VERSION_ID /etc/os-release 2> /dev/null | awk -F '[ "]' '{print $2}') + if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi + local repo_arr=( + "https://download.docker.com/linux/ubuntu/gpg" + "https://download.docker.com/linux/ubuntu" + "https://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub" + "https://packages.wazuh.com/key/GPG-KEY-WAZUH" + "https://packages.wazuh.com" + ) + fi + + __check_url_arr "${repo_arr[@]}" + local ret_code=$? + [[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE' + return $ret_code +} + +check_misc_urls() { + printf ' Checking various other URLs used by setup.' | tee -a "$preflight_log" + + local so_version=$(cat ../VERSION) + local url_arr=( + "https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS" + "https://github.com/Neo23x0/signature-base" + "https://sigs.securityonion.net/$so_version/securityonion-$so_version.iso.sig" + "https://ghcr.io/" + ) + + __check_url_arr "${url_arr[@]}" + local ret_code=$? + [[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE' + return $ret_code +} + +__check_url_arr() { + local ret_code=0 + echo "" >> "$preflight_log" + for url in "$@"; do + local status + status=$(curl -s -o /dev/null -w "%{http_code}" -L "$url" 2> /dev/null) + local ret=$? + if [[ $ret == 0 ]]; then + printf '%s' " - Successfully reached $url" >> "$preflight_log" + if [[ $status -ge 400 ]]; then + printf '%s\n' " but server responded with error code $status" >> "$preflight_log" + else + printf '\n' >> "$preflight_log" + fi + else + ret_code=1 + echo " - [ERROR]: Could not reach $url" >> "$preflight_log" + fi + done + echo "" >> "$preflight_log" + return $ret_code +} + +main() { + detect_os "$preflight_log" + + [[ -f $preflight_log ]] || touch "$preflight_log" + echo "Beginning pre-flight checks." | tee "$preflight_log" + check_default_repos &&\ + check_new_repos &&\ + check_misc_urls + + local success=$? + + echo "" + if [[ $success == 0 ]]; then + echo -e "Pre-flight checks completed successfully!\n" | tee -a "$preflight_log" + else + echo -e "Pre-flight checks could not complete." | tee -a "$preflight_log" + echo -e " Check $preflight_log for details.\n" + exit 1 + fi +} + +main