mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
138 lines
4.3 KiB
Bash
138 lines
4.3 KiB
Bash
#!/bin/bash
|
|
|
|
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
source ../salt/common/tools/sbin/so-common
|
|
source ./so-functions
|
|
|
|
preflight_log='/root/preflight.log'
|
|
|
|
check_default_repos() {
|
|
local ret_code=0
|
|
|
|
printf ' Checking OS default repos with ' | tee -a "$preflight_log"
|
|
if [[ $OS == 'centos' ]]; then
|
|
printf '%s' 'yum update.' | tee -a "$preflight_log"
|
|
echo "" >> "$preflight_log"
|
|
yum -y update >> $preflight_log 2>&1
|
|
ret_code=$?
|
|
else
|
|
printf '%s' 'apt update.' | tee -a "$preflight_log"
|
|
echo "" >> "$preflight_log"
|
|
retry 50 10 "apt-get -y update" >> $preflight_log 2>&1
|
|
ret_code=$?
|
|
fi
|
|
|
|
[[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE'
|
|
return $ret_code
|
|
}
|
|
|
|
check_new_repos() {
|
|
printf ' Checking repo URLs added by setup.' | tee -a "$preflight_log"
|
|
|
|
if [[ $OS == 'centos' ]]; then
|
|
local repo_arr=(
|
|
"https://download.docker.com/linux/centos/docker-ce.repo"
|
|
"https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.5/SALTSTACK-GPG-KEY.pub"
|
|
"https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3002.5/SALTSTACK-GPG-KEY.pub"
|
|
"https://download.docker.com/linux/ubuntu/gpg"
|
|
"https://packages.wazuh.com/key/GPG-KEY-WAZUH"
|
|
"https://packages.wazuh.com/3.x/yum/"
|
|
)
|
|
else
|
|
local ubuntu_version
|
|
ubuntu_version=$(grep VERSION_ID /etc/os-release 2> /dev/null | awk -F '[ "]' '{print $2}')
|
|
if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi
|
|
local repo_arr=(
|
|
"https://download.docker.com/linux/ubuntu/gpg"
|
|
"https://download.docker.com/linux/ubuntu"
|
|
"https://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.5/SALTSTACK-GPG-KEY.pub"
|
|
"https://packages.wazuh.com/key/GPG-KEY-WAZUH"
|
|
"https://packages.wazuh.com"
|
|
)
|
|
fi
|
|
|
|
__check_url_arr "${repo_arr[@]}"
|
|
local ret_code=$?
|
|
[[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE'
|
|
return $ret_code
|
|
}
|
|
|
|
check_misc_urls() {
|
|
printf ' Checking various other URLs used by setup.' | tee -a "$preflight_log"
|
|
|
|
local so_version=$(cat ../VERSION)
|
|
local url_arr=(
|
|
"https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS"
|
|
"https://github.com/Neo23x0/signature-base"
|
|
"https://sigs.securityonion.net/$so_version/securityonion-$so_version.iso.sig"
|
|
"https://ghcr.io/"
|
|
"https://rules.emergingthreats.net/open/"
|
|
"https://rules.emergingthreatspro.com/"
|
|
)
|
|
|
|
__check_url_arr "${url_arr[@]}"
|
|
local ret_code=$?
|
|
[[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE'
|
|
return $ret_code
|
|
}
|
|
|
|
__check_url_arr() {
|
|
local ret_code=0
|
|
echo "" >> "$preflight_log"
|
|
for url in "$@"; do
|
|
local status
|
|
status=$(curl -s -o /dev/null -w "%{http_code}" -L "$url" 2> /dev/null)
|
|
local ret=$?
|
|
if [[ $ret == 0 ]]; then
|
|
printf '%s' " - Successfully reached $url" >> "$preflight_log"
|
|
if [[ $status -ge 400 ]]; then
|
|
printf '%s\n' " but server responded with error code $status" >> "$preflight_log"
|
|
else
|
|
printf '\n' >> "$preflight_log"
|
|
fi
|
|
else
|
|
ret_code=1
|
|
echo " - [ERROR]: Could not reach $url" >> "$preflight_log"
|
|
fi
|
|
done
|
|
echo "" >> "$preflight_log"
|
|
return $ret_code
|
|
}
|
|
|
|
main() {
|
|
detect_os "$preflight_log"
|
|
|
|
[[ -f $preflight_log ]] || touch "$preflight_log"
|
|
echo "Beginning pre-flight checks." | tee "$preflight_log"
|
|
check_default_repos &&\
|
|
check_new_repos &&\
|
|
check_misc_urls
|
|
|
|
local success=$?
|
|
|
|
echo ""
|
|
if [[ $success == 0 ]]; then
|
|
echo -e "Pre-flight checks completed successfully!\n" | tee -a "$preflight_log"
|
|
else
|
|
echo -e "Pre-flight checks could not complete." | tee -a "$preflight_log"
|
|
echo -e " Check $preflight_log for details.\n"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
main
|