mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
192 lines
5.1 KiB
Bash
Executable File
192 lines
5.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
source ../salt/common/tools/sbin/so-common
|
|
source ./so-functions
|
|
|
|
script_run="$1"
|
|
|
|
if [[ $script_run == true ]]; then
|
|
preflight_log="${2:-'/root/preflight.log'}"
|
|
else
|
|
preflight_log='/root/preflight.log'
|
|
fi
|
|
|
|
check_default_repos() {
|
|
local ret_code=0
|
|
local repo_str=' Checking OS default repos with '
|
|
if [[ $script_run == true ]]; then
|
|
printf '%s' "$repo_str"
|
|
else
|
|
printf '%s' "$repo_str" | tee -a "$preflight_log"
|
|
fi
|
|
|
|
if [[ $OS == 'centos' ]]; then
|
|
if [[ $script_run == true ]]; then
|
|
printf '%s' 'yum update.'
|
|
else
|
|
printf '%s' 'yum update.' | tee -a "$preflight_log"
|
|
fi
|
|
echo "" >> "$preflight_log"
|
|
yum -y check-update >> $preflight_log 2>&1
|
|
ret_code=$?
|
|
if [[ $ret_code == 0 || $ret_code == 100 ]]; then
|
|
printf '%s\n' ' SUCCESS'
|
|
ret_code=0
|
|
else
|
|
printf '%s\n' ' FAILURE'
|
|
fi
|
|
else
|
|
if [[ $script_run == true ]]; then
|
|
printf '%s' 'apt update.'
|
|
else
|
|
printf '%s' 'apt update.' | tee -a "$preflight_log"
|
|
fi
|
|
echo "" >> "$preflight_log"
|
|
retry 50 10 "apt-get -y update" >> $preflight_log 2>&1
|
|
ret_code=$?
|
|
[[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE'
|
|
|
|
fi
|
|
|
|
return $ret_code
|
|
}
|
|
|
|
check_new_repos() {
|
|
local repo_url_str=' Checking repo URLs added by setup.'
|
|
if [[ $script_run == true ]]; then
|
|
printf '%s' "$repo_url_str"
|
|
else
|
|
printf '%s' "$repo_url_str" | tee -a "$preflight_log"
|
|
fi
|
|
|
|
if [[ $OS == 'centos' ]]; then
|
|
local repo_arr=(
|
|
"https://download.docker.com/linux/centos/docker-ce.repo"
|
|
"https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub"
|
|
"https://download.docker.com/linux/ubuntu/gpg"
|
|
"https://packages.wazuh.com/key/GPG-KEY-WAZUH"
|
|
"https://packages.wazuh.com/3.x/yum/"
|
|
)
|
|
else
|
|
local ubuntu_version
|
|
ubuntu_version=$(grep VERSION_ID /etc/os-release 2> /dev/null | awk -F '[ "]' '{print $2}')
|
|
local repo_arr=(
|
|
"https://download.docker.com/linux/ubuntu/gpg"
|
|
"https://download.docker.com/linux/ubuntu"
|
|
"https://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3003/SALTSTACK-GPG-KEY.pub"
|
|
"https://packages.wazuh.com/key/GPG-KEY-WAZUH"
|
|
"https://packages.wazuh.com"
|
|
)
|
|
fi
|
|
|
|
__check_url_arr "${repo_arr[@]}"
|
|
local ret_code=$?
|
|
[[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE'
|
|
return $ret_code
|
|
}
|
|
|
|
check_misc_urls() {
|
|
local misc_url_str=' Checking various other URLs used by setup.'
|
|
if [[ $script_run == true ]]; then
|
|
printf '%s' "$misc_url_str"
|
|
else
|
|
printf '%s' "$misc_url_str" | tee -a "$preflight_log"
|
|
fi
|
|
|
|
local so_version
|
|
so_version=$(cat ../VERSION)
|
|
local url_arr=(
|
|
"https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS"
|
|
"https://github.com/Neo23x0/signature-base"
|
|
"https://sigs.securityonion.net/$so_version/securityonion-$so_version.iso.sig"
|
|
"https://ghcr.io/"
|
|
"https://rules.emergingthreats.net/open/"
|
|
"https://rules.emergingthreatspro.com/"
|
|
)
|
|
|
|
__check_url_arr "${url_arr[@]}"
|
|
local ret_code=$?
|
|
[[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE'
|
|
return $ret_code
|
|
}
|
|
|
|
__check_url_arr() {
|
|
local ret_code=0
|
|
echo "" >> "$preflight_log"
|
|
for url in "$@"; do
|
|
local status
|
|
status=$(curl -s -o /dev/null -w "%{http_code}" -L "$url" 2> /dev/null)
|
|
local ret=$?
|
|
if [[ $ret == 0 ]]; then
|
|
printf '%s' " - Successfully reached $url" >> "$preflight_log"
|
|
if [[ $status -ge 400 ]]; then
|
|
printf '%s\n' " but server responded with error code $status" >> "$preflight_log"
|
|
else
|
|
printf '\n' >> "$preflight_log"
|
|
fi
|
|
else
|
|
ret_code=1
|
|
echo " - [ERROR]: Could not reach $url" >> "$preflight_log"
|
|
fi
|
|
done
|
|
echo "" >> "$preflight_log"
|
|
return $ret_code
|
|
}
|
|
|
|
main() {
|
|
local intro_str="Beginning pre-flight checks."
|
|
local success_str="Pre-flight checks completed successfully!"
|
|
local fail_str="Pre-flight checks could not complete."
|
|
|
|
detect_os "$preflight_log"
|
|
|
|
[[ -f $preflight_log ]] || touch "$preflight_log"
|
|
if [[ $script_run == true ]]; then
|
|
echo "$intro_str"
|
|
else
|
|
echo "$intro_str" | tee "$preflight_log"
|
|
fi
|
|
check_default_repos &&\
|
|
check_new_repos &&\
|
|
check_misc_urls
|
|
|
|
local success=$?
|
|
|
|
echo ""
|
|
if [[ $success == 0 ]]; then
|
|
if [[ $script_run == true ]]; then
|
|
echo "$success_str"
|
|
else
|
|
echo "$success_str" | tee -a "$preflight_log"
|
|
echo ""
|
|
fi
|
|
else
|
|
if [[ $script_run == true ]]; then
|
|
echo "$fail_str"
|
|
else
|
|
echo "$fail_str" | tee -a "$preflight_log"
|
|
echo "Check $preflight_log for details."
|
|
echo ""
|
|
fi
|
|
fi
|
|
|
|
exit $success
|
|
}
|
|
|
|
main
|