From 7cb3a6fffb7045c109ba4d90d536850747f7a1ca Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Tue, 1 Feb 2022 00:03:40 -0300 Subject: [PATCH 01/12] Add function checkFirewalls --- .../install_functions/checks.sh | 56 +++++++++++++++++++ unattended_installer/wazuh_install.sh | 5 ++ 2 files changed, 61 insertions(+) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index 5c3390948f..ab2cf14f06 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -147,6 +147,62 @@ function checkArguments() { } +function checkFirewalls() { + + + firewallsList=( "iptables" + "nft" + "firewall-cmd") + + portsTCPLists=( "1514" + "1515" + "1516" + "514" + "55000" + "9200" + "9300" + "9400" + "443") + + for command in "${firewallsList[@]}"; do + + if [ -n "$(command -v $command)" ]; then + logger_cert -w "The $command command is present on this system. This could affect the correct communication between Wazuh components. We will proceed to try to validate firewall rules that may affect the processes and report what is found." + firewallstatus='true' + + if [ $command == "iptables" ]; then + logger -w "iptables report:" + for port in "${portsTCPLists[@]}"; do + if [ -n "$($command -L -n | grep DROP | grep $port)" ]; then + logger -w " ...port $port must be open in your firewall rules." + fi + done + + elif [ $command == "nft" ]; then + logger -w "nft report:" + for port in "${portsTCPLists[@]}"; do + if [ -n "$($command list ruleset | grep drop | grep $port)" ]; then + logger -w " ...port $port must be open in your firewall rules." + fi + done + + elif [ $command == "firewall-cmd" ]; then + logger -w "firewall-cmd report:" + for port in "${portsTCPLists[@]}"; do + if [ -n "$($command --list-all | grep $port)" ]; then + logger -w " ...port $port must be open in your firewall rules." + fi + done + fi + fi + done + + if [ -n "${firewallstatus}" ]; then + logger -w "Please check your firewall. And make the recommended fixes. To then repeat the installation of Wazuh." + exit 1 + fi +} + function checkHealth() { checkSpecs diff --git a/unattended_installer/wazuh_install.sh b/unattended_installer/wazuh_install.sh index 0c86dc9126..edfc133e4f 100755 --- a/unattended_installer/wazuh_install.sh +++ b/unattended_installer/wazuh_install.sh @@ -358,6 +358,11 @@ function main() { fi checkArguments + if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then + logger "---------------------------------- Check firewalls -----------------------------------" + checkFirewalls + fi + # -------------- Configuration creation case ----------------------- # Creation certificate case: Only AIO and -c option can create certificates. From ce106c46c18f4a711fb1ec37ad0dd8d8575f14ef Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Tue, 1 Feb 2022 21:02:18 -0300 Subject: [PATCH 02/12] Fix logger --- unattended_installer/install_functions/checks.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index ab2cf14f06..f12e8aa58c 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -171,7 +171,7 @@ function checkFirewalls() { firewallstatus='true' if [ $command == "iptables" ]; then - logger -w "iptables report:" + logger "iptables report:" for port in "${portsTCPLists[@]}"; do if [ -n "$($command -L -n | grep DROP | grep $port)" ]; then logger -w " ...port $port must be open in your firewall rules." @@ -179,7 +179,7 @@ function checkFirewalls() { done elif [ $command == "nft" ]; then - logger -w "nft report:" + logger "nft report:" for port in "${portsTCPLists[@]}"; do if [ -n "$($command list ruleset | grep drop | grep $port)" ]; then logger -w " ...port $port must be open in your firewall rules." @@ -187,7 +187,7 @@ function checkFirewalls() { done elif [ $command == "firewall-cmd" ]; then - logger -w "firewall-cmd report:" + logger "firewall-cmd report:" for port in "${portsTCPLists[@]}"; do if [ -n "$($command --list-all | grep $port)" ]; then logger -w " ...port $port must be open in your firewall rules." From 1b4141093a171e465e0ba24796b0343600ec7c7b Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Tue, 1 Feb 2022 21:03:23 -0300 Subject: [PATCH 03/12] Fix logger --- unattended_installer/install_functions/checks.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index f12e8aa58c..9f35dc762e 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -174,7 +174,7 @@ function checkFirewalls() { logger "iptables report:" for port in "${portsTCPLists[@]}"; do if [ -n "$($command -L -n | grep DROP | grep $port)" ]; then - logger -w " ...port $port must be open in your firewall rules." + logger " ...port $port must be open in your firewall rules." fi done @@ -182,7 +182,7 @@ function checkFirewalls() { logger "nft report:" for port in "${portsTCPLists[@]}"; do if [ -n "$($command list ruleset | grep drop | grep $port)" ]; then - logger -w " ...port $port must be open in your firewall rules." + logger " ...port $port must be open in your firewall rules." fi done @@ -190,7 +190,7 @@ function checkFirewalls() { logger "firewall-cmd report:" for port in "${portsTCPLists[@]}"; do if [ -n "$($command --list-all | grep $port)" ]; then - logger -w " ...port $port must be open in your firewall rules." + logger " ...port $port must be open in your firewall rules." fi done fi From 3a718a50afb18006b16b3417c4838c4db2c74e85 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Tue, 1 Feb 2022 21:04:00 -0300 Subject: [PATCH 04/12] Fix logger --- unattended_installer/install_functions/checks.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index 9f35dc762e..b74ca4c4b4 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -167,7 +167,7 @@ function checkFirewalls() { for command in "${firewallsList[@]}"; do if [ -n "$(command -v $command)" ]; then - logger_cert -w "The $command command is present on this system. This could affect the correct communication between Wazuh components. We will proceed to try to validate firewall rules that may affect the processes and report what is found." + logger_cert "The $command command is present on this system. This could affect the correct communication between Wazuh components. We will proceed to try to validate firewall rules that may affect the processes and report what is found." firewallstatus='true' if [ $command == "iptables" ]; then From 9615fcb81cc9e75a982612dbec2f1d2d7a512b00 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Tue, 1 Feb 2022 21:15:15 -0300 Subject: [PATCH 05/12] Fix check firewalls stage flow, and if(condition) --- unattended_installer/wazuh_install.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/unattended_installer/wazuh_install.sh b/unattended_installer/wazuh_install.sh index edfc133e4f..d3e4982667 100755 --- a/unattended_installer/wazuh_install.sh +++ b/unattended_installer/wazuh_install.sh @@ -330,6 +330,11 @@ function main() { logger "Starting Wazuh unattended installer. Wazuh version: ${wazuh_version}. Wazuh installer version: ${wazuh_install_vesion}" + if [ -z "${configurations}" ] && [ -z "${start_elastic_cluster}" ] ; then + logger "---------------------------------- Check firewalls -----------------------------------" + checkFirewalls + fi + # -------------- Uninstall case ------------------------------------ checkIfInstalled @@ -358,11 +363,6 @@ function main() { fi checkArguments - if [ -n "${AIO}" ] || [ -n "${indexer}" ] || [ -n "${dashboard}" ] || [ -n "${wazuh}" ]; then - logger "---------------------------------- Check firewalls -----------------------------------" - checkFirewalls - fi - # -------------- Configuration creation case ----------------------- # Creation certificate case: Only AIO and -c option can create certificates. From 34b4c13de6abbda5dbdb80a82ecdfc545a0d1cc4 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Tue, 1 Feb 2022 21:27:03 -0300 Subject: [PATCH 06/12] Add ufw to function checkFirewalls --- unattended_installer/install_functions/checks.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index b74ca4c4b4..5f0981b661 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -152,6 +152,7 @@ function checkFirewalls() { firewallsList=( "iptables" "nft" + "ufw" "firewall-cmd") portsTCPLists=( "1514" @@ -186,6 +187,14 @@ function checkFirewalls() { fi done + elif [ $command == "ufw" ]; then + logger "ufw report:" + for port in "${portsTCPLists[@]}"; do + if [ -n "$(cat /etc/ufw/user.rules | grep DROP | grep $port)" ]; then + logger " ...port $port must be open in your firewall rules." + fi + done + elif [ $command == "firewall-cmd" ]; then logger "firewall-cmd report:" for port in "${portsTCPLists[@]}"; do From b85494a3cb96c5ee70fee8da83da2eea35271410 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Fri, 4 Feb 2022 18:54:21 -0300 Subject: [PATCH 07/12] Re work in checkFirewalls --- .../install_functions/checks.sh | 66 +++++++++++-------- 1 file changed, 39 insertions(+), 27 deletions(-) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index 5f0981b661..a5f1fbc68e 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -1,4 +1,4 @@ -# Wazuh installer - checks.sh functions. +# Wazuh installer - checks.sh functions. # Copyright (C) 2015, Wazuh Inc. # # This program is a free software; you can redistribute it @@ -32,7 +32,7 @@ function checkArguments() { # -------------- Overwrite -------------------------------------- - if [ -n "${overwrite}" ] && [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboard}" ] && [ -z "${wazuh}" ]; then + if [ -n "${overwrite}" ] && [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboard}" ] && [ -z "${wazuh}" ]; then logger -e "The argument -o|--overwrite must be used with -a, -k, -e or -w. If you want to uninstall all the components use -u|--uninstall" exit 1 fi @@ -89,7 +89,7 @@ function checkArguments() { if [ -n "${indexerchinstalled}" ] || [ -n "${indexer_remaining_files}" ]; then if [ -n "${overwrite}" ]; then rollBack - else + else logger -e "Elasticsearch is already installed in this node or some of its files haven't been erased. Use option -o|--overwrite to overwrite all components." exit 1 fi @@ -102,7 +102,7 @@ function checkArguments() { if [ -n "${dashboardinstalled}" ] || [ -n "${dashboard_remaining_files}" ]; then if [ -n "${overwrite}" ]; then rollBack - else + else logger -e "Kibana is already installed in this node or some of its files haven't been erased. Use option -o|--overwrite to overwrite all components." exit 1 fi @@ -115,7 +115,7 @@ function checkArguments() { if [ -n "${wazuhinstalled}" ] || [ -n "${wazuh_remaining_files}" ]; then if [ -n "${overwrite}" ]; then rollBack - else + else logger -e "Wazuh is already installed in this node or some of its files haven't been erased. Use option -o|--overwrite to overwrite all components." exit 1 fi @@ -143,7 +143,7 @@ function checkArguments() { if [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboard}" ] && [ -z "${wazuh}" ] && [ -z "${start_elastic_cluster}" ] && [ -z "${configurations}" ] && [ -z "${uninstall}"]; then logger -e "At least one of these arguments is necessary -a|--all-in-one, -c|--create-configurations, -e|--elasticsearch , -k|--kibana , -s|--start-cluster, -w|--wazuh-server , -u|--uninstall" exit 1 - fi + fi } @@ -154,60 +154,72 @@ function checkFirewalls() { "nft" "ufw" "firewall-cmd") - + portsTCPLists=( "1514" "1515" "1516" - "514" "55000" "9200" "9300" "9400" "443") + iptablesBlockedPortList=() + nftBlockedPortList=() + ufwBlockedPortList=() + firewall_cmdBlockedPortList=() + for command in "${firewallsList[@]}"; do - if [ -n "$(command -v $command)" ]; then - logger_cert "The $command command is present on this system. This could affect the correct communication between Wazuh components. We will proceed to try to validate firewall rules that may affect the processes and report what is found." - firewallstatus='true' + if [ -n "$(command -v ${command})" ]; then + logger -d "The $command command is present on this system. This could affect the correct communication between Wazuh components. We will proceed to try to validate firewall rules that may affect the processes and report what is found." if [ $command == "iptables" ]; then - logger "iptables report:" for port in "${portsTCPLists[@]}"; do - if [ -n "$($command -L -n | grep DROP | grep $port)" ]; then - logger " ...port $port must be open in your firewall rules." + if [ -n "$($command -L -n) | grep DROP | grep "^$port$" )" ]; then + iptablesBlockedPortList+="${port}, " fi done elif [ $command == "nft" ]; then - logger "nft report:" for port in "${portsTCPLists[@]}"; do - if [ -n "$($command list ruleset | grep drop | grep $port)" ]; then - logger " ...port $port must be open in your firewall rules." + if [ -n "$($command list ruleset) | grep drop | grep "^$port$" )" ]; then + nftBlockedPortList+="${port}, " fi done elif [ $command == "ufw" ]; then - logger "ufw report:" for port in "${portsTCPLists[@]}"; do - if [ -n "$(cat /etc/ufw/user.rules | grep DROP | grep $port)" ]; then - logger " ...port $port must be open in your firewall rules." + if [ -n "$(cat /etc/ufw/user.rules) | grep DROP | grep "^$port$" )" ]; then + ufwBlockedPortList+="${port}, " fi done elif [ $command == "firewall-cmd" ]; then - logger "firewall-cmd report:" for port in "${portsTCPLists[@]}"; do - if [ -n "$($command --list-all | grep $port)" ]; then - logger " ...port $port must be open in your firewall rules." + if [ -n "$($command --list-all) | grep "^$port$" )" ]; then + firewall_cmdBlockedPortList+="${port}, " fi done fi fi done - if [ -n "${firewallstatus}" ]; then - logger -w "Please check your firewall. And make the recommended fixes. To then repeat the installation of Wazuh." + if [ -n "${iptablesBlockedPortList}" ]; then + logger "iptables blocked port report: ${iptablesBlockedPortList} open the recommended ports." + fi + if [ -n "${nftBlockedPortList}" ]; then + logger "nft blocked port report: ${nftBlockedPortList} open the recommended ports." + fi + if [ -n "${ufwBlockedPortList}" ]; then + logger "ufw blocked port report: ${ufwBlockedPortList} open the recommended ports." + fi + if [ -n "${firewall_cmdBlockedPortList}" ]; then + logger "firewall-cmd blocked port report: ${firewall_cmdBlockedPortList} open the recommended ports." + fi + + if [ -n "${iptablesBlockedPortList}" ] || [ -n "${firewallstatus}" ] || [ -n "${firewallstatus}" ] || [ -n "${firewallstatus}" ]; then + logger -w "Please check your firewall. To then repeat the installation of Wazuh." exit 1 fi } @@ -305,7 +317,7 @@ function checkIfInstalled() { } -# This function ensures different names in the config.yml file. +# This function ensures different names in the config.yml file. function checkNames() { if [ -n "${indxname}" ] && [ -n "${dashname}" ] && [ "${indxname}" == "${dashname}" ]; then @@ -326,7 +338,7 @@ function checkNames() { if [ -n "${winame}" ] && [ -z "$(echo "${wazuh_servers_node_names[@]}" | grep -w "${winame}")" ]; then logger -e "The Wazuh server node name ${winame} does not appear on the configuration file." exit 1 - fi + fi if [ -n "${indxname}" ] && [ -z "$(echo "${indexer_node_names[@]}" | grep -w "${indxname}")" ]; then logger -e "The Elasticsearch node name ${indxname} does not appear on the configuration file." From 7ea004d233e4aff8c67a523c65f01fb2c964e927 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Fri, 4 Feb 2022 18:56:43 -0300 Subject: [PATCH 08/12] Fix logger --- unattended_installer/install_functions/checks.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index a5f1fbc68e..bdb4c9ecbd 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -206,16 +206,16 @@ function checkFirewalls() { done if [ -n "${iptablesBlockedPortList}" ]; then - logger "iptables blocked port report: ${iptablesBlockedPortList} open the recommended ports." + logger "iptables blocked port report: ${iptablesBlockedPortList} this ports must be open." fi if [ -n "${nftBlockedPortList}" ]; then - logger "nft blocked port report: ${nftBlockedPortList} open the recommended ports." + logger "nft blocked port report: ${nftBlockedPortList} this ports must be open." fi if [ -n "${ufwBlockedPortList}" ]; then - logger "ufw blocked port report: ${ufwBlockedPortList} open the recommended ports." + logger "ufw blocked port report: ${ufwBlockedPortList} this ports must be open." fi if [ -n "${firewall_cmdBlockedPortList}" ]; then - logger "firewall-cmd blocked port report: ${firewall_cmdBlockedPortList} open the recommended ports." + logger "firewall-cmd blocked port report: ${firewall_cmdBlockedPortList} this ports must be open." fi if [ -n "${iptablesBlockedPortList}" ] || [ -n "${firewallstatus}" ] || [ -n "${firewallstatus}" ] || [ -n "${firewallstatus}" ]; then From e2bc053018d21881583313a5cce7a4d79a412430 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Fri, 4 Feb 2022 18:57:36 -0300 Subject: [PATCH 09/12] Fix logger --- unattended_installer/install_functions/checks.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index bdb4c9ecbd..f6b1caf0c5 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -206,16 +206,16 @@ function checkFirewalls() { done if [ -n "${iptablesBlockedPortList}" ]; then - logger "iptables blocked port report: ${iptablesBlockedPortList} this ports must be open." + logger "iptables blocked port report: ${iptablesBlockedPortList} this ports must be opened." fi if [ -n "${nftBlockedPortList}" ]; then - logger "nft blocked port report: ${nftBlockedPortList} this ports must be open." + logger "nft blocked port report: ${nftBlockedPortList} this ports must be opened." fi if [ -n "${ufwBlockedPortList}" ]; then - logger "ufw blocked port report: ${ufwBlockedPortList} this ports must be open." + logger "ufw blocked port report: ${ufwBlockedPortList} this ports must be opened." fi if [ -n "${firewall_cmdBlockedPortList}" ]; then - logger "firewall-cmd blocked port report: ${firewall_cmdBlockedPortList} this ports must be open." + logger "firewall-cmd blocked port report: ${firewall_cmdBlockedPortList} this ports must be opened." fi if [ -n "${iptablesBlockedPortList}" ] || [ -n "${firewallstatus}" ] || [ -n "${firewallstatus}" ] || [ -n "${firewallstatus}" ]; then From 1299bd807b7795c1f9c37230133b758ab049e3d3 Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Fri, 11 Feb 2022 20:01:40 -0300 Subject: [PATCH 10/12] Fix logger level, and change if to case --- .../install_functions/checks.sh | 61 ++++++++++--------- 1 file changed, 32 insertions(+), 29 deletions(-) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index f6b1caf0c5..257e59b1a3 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -174,34 +174,37 @@ function checkFirewalls() { if [ -n "$(command -v ${command})" ]; then logger -d "The $command command is present on this system. This could affect the correct communication between Wazuh components. We will proceed to try to validate firewall rules that may affect the processes and report what is found." - if [ $command == "iptables" ]; then - for port in "${portsTCPLists[@]}"; do - if [ -n "$($command -L -n) | grep DROP | grep "^$port$" )" ]; then - iptablesBlockedPortList+="${port}, " - fi - done - - elif [ $command == "nft" ]; then - for port in "${portsTCPLists[@]}"; do - if [ -n "$($command list ruleset) | grep drop | grep "^$port$" )" ]; then - nftBlockedPortList+="${port}, " - fi - done - - elif [ $command == "ufw" ]; then - for port in "${portsTCPLists[@]}"; do - if [ -n "$(cat /etc/ufw/user.rules) | grep DROP | grep "^$port$" )" ]; then - ufwBlockedPortList+="${port}, " - fi - done - - elif [ $command == "firewall-cmd" ]; then - for port in "${portsTCPLists[@]}"; do - if [ -n "$($command --list-all) | grep "^$port$" )" ]; then - firewall_cmdBlockedPortList+="${port}, " - fi - done - fi + case ${command} in + iptables ) + for port in "${portsTCPLists[@]}"; do + if [ -n "$(${command} -L -n | grep DROP | grep "^$port$" )" ]; then + iptablesBlockedPortList+="${port}, " + fi + done + ;; + nft ) + for port in "${portsTCPLists[@]}"; do + if [ -n "$(${command} list ruleset | grep drop | grep "^$port$" )" ]; then + nftBlockedPortList+="${port}, " + fi + done + ;; + ufw ) + for port in "${portsTCPLists[@]}"; do + if [ -n "$(cat /etc/ufw/user.rules | grep DROP | grep "^$port$" )" ]; then + ufwBlockedPortList+="${port}, " + fi + done + ;; + firewall-cmd ) + for port in "${portsTCPLists[@]}"; do + if [ -n "$(${command} --list-all | grep "^$port$" )" ]; then + firewall_cmdBlockedPortList+="${port}, " + fi + done + ;; + esac + fi done @@ -219,7 +222,7 @@ function checkFirewalls() { fi if [ -n "${iptablesBlockedPortList}" ] || [ -n "${firewallstatus}" ] || [ -n "${firewallstatus}" ] || [ -n "${firewallstatus}" ]; then - logger -w "Please check your firewall. To then repeat the installation of Wazuh." + logger -e "Please check your firewall. To then repeat the installation of Wazuh." exit 1 fi } From 50b194b7bffaa23327c580850dc9f0f6204d019c Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Fri, 11 Feb 2022 20:06:36 -0300 Subject: [PATCH 11/12] Fix resolve conflic with unify-unattended --- .../install_functions/checks.sh | 49 ++++++++++--------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index 257e59b1a3..fd195d1517 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -6,7 +6,7 @@ # License (version 2) as published by the FSF - Free Software # Foundation. -function checkArch() { +function checks_arch() { arch=$(uname -m) @@ -16,7 +16,7 @@ function checkArch() { fi } -function checkArguments() { +function checks_arguments() { # -------------- Configurations --------------------------------- @@ -25,7 +25,7 @@ function checkArguments() { exit 1 fi - if [[ -n "${configurations}" && ( -n "${AIO}" || -n "${indexer}" || -n "${dashboard}" || -n "${wazuh}" || -n "${overwrite}" || -n "${start_elastic_cluster}" || -n "${tar_conf}" || -n "${uninstall}" ) ]]; then + if [[ -n "${configurations}" && ( -n "${AIO}" || -n "${indexer}" || -n "${dashboards}" || -n "${wazuh}" || -n "${overwrite}" || -n "${start_elastic_cluster}" || -n "${tar_conf}" || -n "${uninstall}" ) ]]; then logger -e "The argument -c|--create-configurations can't be used with -a, -k, -e, -u or -w arguments." exit 1 fi @@ -53,7 +53,7 @@ function checkArguments() { logger "Elasticsearch components were not found on the system so it was not uninstalled." fi - if [ -z "${dashboardinstalled}" ] && [ -z "${dashboard_remaining_files}" ]; then + if [ -z "${dashboardsinstalled}" ] && [ -z "${dashboards_remaining_files}" ]; then logger "Kibana components were found on the system so it was not uninstalled." fi @@ -72,7 +72,7 @@ function checkArguments() { exit 1 fi - if [ -n "${wazuhinstalled}" ] || [ -n "${wazuh_remaining_files}" ] || [ -n "${indexerchinstalled}" ] || [ -n "${indexer_remaining_files}" ] || [ -n "${filebeatinstalled}" ] || [ -n "${filebeat_remaining_files}" ] || [ -n "${dashboardinstalled}" ] || [ -n "${dashboard_remaining_files}" ]; then + if [ -n "${wazuhinstalled}" ] || [ -n "${wazuh_remaining_files}" ] || [ -n "${indexerchinstalled}" ] || [ -n "${indexer_remaining_files}" ] || [ -n "${filebeatinstalled}" ] || [ -n "${filebeat_remaining_files}" ] || [ -n "${dashboardsinstalled}" ] || [ -n "${dashboards_remaining_files}" ]; then if [ -n "${overwrite}" ]; then rollBack else @@ -98,8 +98,8 @@ function checkArguments() { # -------------- Kibana ----------------------------------------- - if [ -n "${dashboard}" ]; then - if [ -n "${dashboardinstalled}" ] || [ -n "${dashboard_remaining_files}" ]; then + if [ -n "${dashboards}" ]; then + if [ -n "${dashboardsinstalled}" ] || [ -n "${dashboards_remaining_files}" ]; then if [ -n "${overwrite}" ]; then rollBack else @@ -133,20 +133,21 @@ function checkArguments() { # -------------- Cluster start ---------------------------------- - if [[ -n "${start_elastic_cluster}" && ( -n "${AIO}" || -n "${indexer}" || -n "${dashboard}" || -n "${wazuh}" || -n "${overwrite}" || -n "${configurations}" || -n "${tar_conf}" || -n "${uninstall}") ]]; then + if [[ -n "${start_elastic_cluster}" && ( -n "${AIO}" || -n "${indexer}" || -n "${dashboards}" || -n "${wazuh}" || -n "${overwrite}" || -n "${configurations}" || -n "${tar_conf}" || -n "${uninstall}") ]]; then logger -e "The argument -s|--start-cluster can't be used with -a, -k, -e or -w arguments." exit 1 fi # -------------- Global ----------------------------------------- - if [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboard}" ] && [ -z "${wazuh}" ] && [ -z "${start_elastic_cluster}" ] && [ -z "${configurations}" ] && [ -z "${uninstall}"]; then + if [ -z "${AIO}" ] && [ -z "${indexer}" ] && [ -z "${dashboards}" ] && [ -z "${wazuh}" ] && [ -z "${start_elastic_cluster}" ] && [ -z "${configurations}" ] && [ -z "${uninstall}"]; then logger -e "At least one of these arguments is necessary -a|--all-in-one, -c|--create-configurations, -e|--elasticsearch , -k|--kibana , -s|--start-cluster, -w|--wazuh-server , -u|--uninstall" exit 1 fi } +<<<<<<< unify-unatteded-check-firewalls function checkFirewalls() { @@ -227,9 +228,9 @@ function checkFirewalls() { fi } -function checkHealth() { +function checks_health() { - checkSpecs + checks_specifications if [ -n "${indexer}" ]; then if [ "${cores}" -lt 2 ] || [ "${ram_gb}" -lt 3700 ]; then logger -e "Your system does not meet the recommended minimum hardware requirements of 4Gb of RAM and 2 CPU cores. If you want to proceed with the installation use the -i option to ignore these requirements." @@ -239,7 +240,7 @@ function checkHealth() { fi fi - if [ -n "${dashboard}" ]; then + if [ -n "${dashboards}" ]; then if [ "${cores}" -lt 2 ] || [ "${ram_gb}" -lt 3700 ]; then logger -e "Your system does not meet the recommended minimum hardware requirements of 4Gb of RAM and 2 CPU cores. If you want to proceed with the installation use the -i option to ignore these requirements." exit 1 @@ -257,7 +258,7 @@ function checkHealth() { fi fi - if [ -n "${aio}" ]; then + if [ -n "${AIO}" ]; then if [ "${cores}" -lt 2 ] || [ "${ram_gb}" -lt 3700 ]; then logger -e "Your system does not meet the recommended minimum hardware requirements of 4Gb of RAM and 2 CPU cores. If you want to proceed with the installation use the -i option to ignore these requirements." exit 1 @@ -268,7 +269,7 @@ function checkHealth() { } -function checkIfInstalled() { +function checks_installed() { if [ "${sys_type}" == "yum" ]; then wazuhinstalled=$(yum list installed 2>/dev/null | grep wazuh-manager) @@ -307,21 +308,21 @@ function checkIfInstalled() { fi if [ "${sys_type}" == "yum" ]; then - dashboardinstalled=$(yum list installed 2>/dev/null | grep wazuh-dashboard) + dashboardsinstalled=$(yum list installed 2>/dev/null | grep wazuh-dashboards) elif [ "${sys_type}" == "zypper" ]; then - dashboardinstalled=$(zypper packages | grep wazuh-dashboard | grep i+) + dashboardsinstalled=$(zypper packages | grep wazuh-dashboards | grep i+) elif [ "${sys_type}" == "apt-get" ]; then - dashboardinstalled=$(apt list --installed 2>/dev/null | grep wazuh-dashboard) + dashboardsinstalled=$(apt list --installed 2>/dev/null | grep wazuh-dashboards) fi - if [ -d "/var/lib/wazuh-dashboard/" ] || [ -d "/usr/share/wazuh-dashboard" ] || [ -d "/etc/wazuh-dashboard" ]; then - dashboard_remaining_files=1 + if [ -d "/var/lib/wazuh-dashboards/" ] || [ -d "/usr/share/wazuh-dashboards" ] || [ -d "/etc/wazuh-dashboards" ] || [ -d "/run/wazuh-dashboards/" ]; then + dashboards_remaining_files=1 fi } # This function ensures different names in the config.yml file. -function checkNames() { +function checks_names() { if [ -n "${indxname}" ] && [ -n "${dashname}" ] && [ "${indxname}" == "${dashname}" ]; then logger -e "The node names for Elastisearch and Kibana must be different." @@ -348,7 +349,7 @@ function checkNames() { exit 1 fi - if [ -n "${dashname}" ] && [ -z "$(echo "${dashboard_node_names[@]}" | grep -w "${dashname}")" ]; then + if [ -n "${dashname}" ] && [ -z "$(echo "${dashboards_node_names[@]}" | grep -w "${dashname}")" ]; then logger -e "The Kibana node name ${dashname} does not appear on the configuration file." exit 1 fi @@ -356,7 +357,7 @@ function checkNames() { } # This function checks if the target certificates are created before to start the installation. -function checkPreviousCertificates() { +function checks_previousCertificate() { if [ ! -f "${tar_file}" ]; then logger -e "No certificates file found (${tar_file}). Run the script with the option -c|--certificates to create automatically or copy them from the node where they were created." @@ -386,14 +387,14 @@ function checkPreviousCertificates() { } -function checkSpecs() { +function checks_specifications() { cores=$(cat /proc/cpuinfo | grep -c processor ) ram_gb=$(free -m | awk '/^Mem:/{print $2}') } -function checkSystem() { +function checks_system() { if [ -n "$(command -v yum)" ]; then sys_type="yum" From 0324b6f70abbbddb47381f31378a1222c2ce736e Mon Sep 17 00:00:00 2001 From: Nicolas Lastra Date: Fri, 11 Feb 2022 20:07:48 -0300 Subject: [PATCH 12/12] Fix resolve conflic with unify-unattended --- unattended_installer/install_functions/checks.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/unattended_installer/install_functions/checks.sh b/unattended_installer/install_functions/checks.sh index fd195d1517..c06770680b 100644 --- a/unattended_installer/install_functions/checks.sh +++ b/unattended_installer/install_functions/checks.sh @@ -147,7 +147,6 @@ function checks_arguments() { } -<<<<<<< unify-unatteded-check-firewalls function checkFirewalls() {