mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
202 lines
5.2 KiB
Bash
Executable File
202 lines
5.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
|
# Elastic License 2.0.
|
|
|
|
default_salt_dir=/opt/so/saltstack/default
|
|
VERBOSE=0
|
|
VERY_VERBOSE=0
|
|
TEST_MODE=0
|
|
|
|
clone_to_tmp() {
|
|
# TODO Need to add a air gap option
|
|
# Make a temp location for the files
|
|
mkdir /tmp/sogh
|
|
cd /tmp/sogh
|
|
#git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git
|
|
git clone https://github.com/Security-Onion-Solutions/securityonion.git
|
|
cd /tmp
|
|
}
|
|
|
|
show_file_changes() {
|
|
local source_dir="$1"
|
|
local dest_dir="$2"
|
|
local dir_type="$3" # "salt" or "pillar"
|
|
|
|
if [ $VERBOSE -eq 0 ]; then
|
|
return
|
|
fi
|
|
|
|
echo "=== Changes for $dir_type directory ==="
|
|
|
|
# Find all files in source directory
|
|
if [ -d "$source_dir" ]; then
|
|
find "$source_dir" -type f | while read -r source_file; do
|
|
# Get relative path
|
|
rel_path="${source_file#$source_dir/}"
|
|
dest_file="$dest_dir/$rel_path"
|
|
|
|
if [ ! -f "$dest_file" ]; then
|
|
echo "ADDED: $dest_file"
|
|
if [ $VERY_VERBOSE -eq 1 ]; then
|
|
echo " (New file - showing first 20 lines)"
|
|
head -n 20 "$source_file" | sed 's/^/ + /'
|
|
echo ""
|
|
fi
|
|
elif ! cmp -s "$source_file" "$dest_file"; then
|
|
echo "MODIFIED: $dest_file"
|
|
if [ $VERY_VERBOSE -eq 1 ]; then
|
|
echo " (Changes:)"
|
|
diff -u "$dest_file" "$source_file" | sed 's/^/ /'
|
|
echo ""
|
|
fi
|
|
fi
|
|
done
|
|
fi
|
|
|
|
# Find deleted files (exist in dest but not in source)
|
|
if [ -d "$dest_dir" ]; then
|
|
find "$dest_dir" -type f | while read -r dest_file; do
|
|
# Get relative path
|
|
rel_path="${dest_file#$dest_dir/}"
|
|
source_file="$source_dir/$rel_path"
|
|
|
|
if [ ! -f "$source_file" ]; then
|
|
echo "DELETED: $dest_file"
|
|
if [ $VERY_VERBOSE -eq 1 ]; then
|
|
echo " (File was deleted)"
|
|
echo ""
|
|
fi
|
|
fi
|
|
done
|
|
fi
|
|
|
|
echo ""
|
|
}
|
|
|
|
copy_new_files() {
|
|
# Copy new files over to the salt dir
|
|
cd /tmp/sogh/securityonion
|
|
git checkout $BRANCH
|
|
VERSION=$(cat VERSION)
|
|
|
|
if [ $TEST_MODE -eq 1 ]; then
|
|
echo "=== TEST MODE: Showing what would change without making changes ==="
|
|
echo "Branch: $BRANCH"
|
|
echo "Version: $VERSION"
|
|
echo ""
|
|
fi
|
|
|
|
# Show changes before copying if verbose mode is enabled OR if in test mode
|
|
if [ $VERBOSE -eq 1 ] || [ $TEST_MODE -eq 1 ]; then
|
|
if [ $TEST_MODE -eq 1 ]; then
|
|
# In test mode, force at least basic verbose output
|
|
local old_verbose=$VERBOSE
|
|
if [ $VERBOSE -eq 0 ]; then
|
|
VERBOSE=1
|
|
fi
|
|
fi
|
|
|
|
echo "Analyzing file changes..."
|
|
show_file_changes "$(pwd)/salt" "$default_salt_dir/salt" "salt"
|
|
show_file_changes "$(pwd)/pillar" "$default_salt_dir/pillar" "pillar"
|
|
|
|
if [ $TEST_MODE -eq 1 ] && [ $old_verbose -eq 0 ]; then
|
|
# Restore original verbose setting
|
|
VERBOSE=$old_verbose
|
|
fi
|
|
fi
|
|
|
|
# If in test mode, don't copy files
|
|
if [ $TEST_MODE -eq 1 ]; then
|
|
echo "=== TEST MODE: No files were modified ==="
|
|
echo "To apply these changes, run without --test option"
|
|
rm -rf /tmp/sogh
|
|
return
|
|
fi
|
|
|
|
# We need to overwrite if there is a repo file
|
|
if [ -d /opt/so/repo ]; then
|
|
tar -czf /opt/so/repo/"$VERSION".tar.gz -C "$(pwd)/.." .
|
|
fi
|
|
|
|
rsync -a salt $default_salt_dir/
|
|
rsync -a pillar $default_salt_dir/
|
|
chown -R socore:socore $default_salt_dir/salt
|
|
chown -R socore:socore $default_salt_dir/pillar
|
|
chmod 755 $default_salt_dir/pillar/firewall/addfirewall.sh
|
|
|
|
rm -rf /tmp/sogh
|
|
}
|
|
|
|
got_root(){
|
|
if [ "$(id -u)" -ne 0 ]; then
|
|
echo "This script must be run using sudo!"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
show_usage() {
|
|
echo "Usage: $0 [-v] [-vv] [--test] [branch]"
|
|
echo " -v Show verbose output (files changed/added/deleted)"
|
|
echo " -vv Show very verbose output (includes file diffs)"
|
|
echo " --test Test mode - show what would change without making changes"
|
|
echo " branch Git branch to checkout (default: 2.4/main)"
|
|
echo ""
|
|
echo "Examples:"
|
|
echo " $0 # Normal operation"
|
|
echo " $0 -v # Show which files change"
|
|
echo " $0 -vv # Show files and their diffs"
|
|
echo " $0 --test # See what would change (dry run)"
|
|
echo " $0 --test -vv # Test mode with detailed diffs"
|
|
echo " $0 -v dev-branch # Use specific branch with verbose output"
|
|
exit 1
|
|
}
|
|
|
|
# Parse command line arguments
|
|
while [[ $# -gt 0 ]]; do
|
|
case $1 in
|
|
-v)
|
|
VERBOSE=1
|
|
shift
|
|
;;
|
|
-vv)
|
|
VERBOSE=1
|
|
VERY_VERBOSE=1
|
|
shift
|
|
;;
|
|
--test)
|
|
TEST_MODE=1
|
|
shift
|
|
;;
|
|
-h|--help)
|
|
show_usage
|
|
;;
|
|
-*)
|
|
echo "Unknown option $1"
|
|
show_usage
|
|
;;
|
|
*)
|
|
# This should be the branch name
|
|
if [ -z "$BRANCH" ]; then
|
|
BRANCH="$1"
|
|
else
|
|
echo "Too many arguments"
|
|
show_usage
|
|
fi
|
|
shift
|
|
;;
|
|
esac
|
|
done
|
|
|
|
# Set default branch if not provided
|
|
if [ -z "$BRANCH" ]; then
|
|
BRANCH=2.4/main
|
|
fi
|
|
|
|
got_root
|
|
clone_to_tmp
|
|
copy_new_files
|