diff --git a/wizard.sh b/wizard.sh index da15b2aa3..f9622cd1b 100755 --- a/wizard.sh +++ b/wizard.sh @@ -102,7 +102,7 @@ log_info() { log_fatal() { msg=$1 date=$(date "+%Y-%m-%d %H:%M:%S") - echo -e "${RED}FATA${NC}[${date}] crowdsec_wizard: ${msg}" 1>&2 + echo -e "${RED}FATA${NC}[${date}] crowdsec_wizard: ${msg}" 1>&2 exit 1 } @@ -129,16 +129,16 @@ log_dbg() { detect_services () { DETECTED_SERVICES=() HMENU=() - #list systemd services + # list systemd services SYSTEMD_SERVICES=`systemctl --state=enabled list-unit-files '*.service' | cut -d ' ' -f1` - #raw ps + # raw ps PSAX=`ps ax -o comm=` for SVC in ${SUPPORTED_SERVICES} ; do log_dbg "Checking if service '${SVC}' is running (ps+systemd)" for SRC in "${SYSTEMD_SERVICES}" "${PSAX}" ; do echo ${SRC} | grep ${SVC} >/dev/null if [ $? -eq 0 ]; then - #on centos, apache2 is named httpd + # on centos, apache2 is named httpd if [[ ${SVC} == "httpd" ]] ; then SVC="apache2"; fi @@ -152,12 +152,12 @@ detect_services () { if [[ ${OSTYPE} == "linux-gnu" ]] || [[ ${OSTYPE} == "linux-gnueabihf" ]]; then DETECTED_SERVICES+=("linux") HMENU+=("linux" "on") - else + else log_info "NOT A LINUX" fi; if [[ ${SILENT} == "false" ]]; then - #we put whiptail results in an array, notice the dark magic fd redirection + # we put whiptail results in an array, notice the dark magic fd redirection DETECTED_SERVICES=($(whiptail --separate-output --noitem --ok-button Continue --title "Services to monitor" --checklist "Detected services, uncheck to ignore. Ignored services won't be monitored." 18 70 10 ${HMENU[@]} 3>&1 1>&2 2>&3)) if [ $? -eq 1 ]; then log_err "user bailed out at services selection" @@ -189,28 +189,28 @@ log_locations[mysql]='/var/log/mysql/error.log' log_locations[smb]='/var/log/samba*.log' log_locations[linux]='/var/log/syslog,/var/log/kern.log,/var/log/messages' -#$1 is service name, such those in SUPPORTED_SERVICES +# $1 is service name, such those in SUPPORTED_SERVICES find_logs_for() { ret="" x=${1} - #we have trailing and starting quotes because of whiptail + # we have trailing and starting quotes because of whiptail SVC="${x%\"}" SVC="${SVC#\"}" DETECTED_LOGFILES=() HMENU=() - #log_info "Searching logs for ${SVC} : ${log_locations[${SVC}]}" + # log_info "Searching logs for ${SVC} : ${log_locations[${SVC}]}" - #split the line into an array with ',' separator + # split the line into an array with ',' separator OIFS=${IFS} IFS=',' read -r -a a <<< "${log_locations[${SVC}]}," IFS=${OIFS} - #readarray -td, a <<<"${log_locations[${SVC}]},"; unset 'a[-1]'; + # readarray -td, a <<<"${log_locations[${SVC}]},"; unset 'a[-1]'; for poss_path in "${a[@]}"; do - #Split /var/log/nginx/*.log into '/var/log/nginx' and '*.log' so we can use find + # Split /var/log/nginx/*.log into '/var/log/nginx' and '*.log' so we can use find path=${poss_path%/*} fname=${poss_path##*/} candidates=`find "${path}" -type f -mtime -5 -ctime -5 -name "$fname"` - #We have some candidates, add them + # We have some candidates, add them for final_file in ${candidates} ; do log_dbg "Found logs file for '${SVC}': ${final_file}" DETECTED_LOGFILES+=(${final_file}) @@ -249,12 +249,12 @@ install_collection() { in_array $collection "${DETECTED_SERVICES[@]}" if [[ $? == 0 ]]; then HMENU+=("${collection}" "${description}" "ON") - #in case we're not in interactive mode, assume defaults + # in case we're not in interactive mode, assume defaults COLLECTION_TO_INSTALL+=(${collection}) else if [[ ${collection} == "linux" ]]; then HMENU+=("${collection}" "${description}" "ON") - #in case we're not in interactive mode, assume defaults + # in case we're not in interactive mode, assume defaults COLLECTION_TO_INSTALL+=(${collection}) else HMENU+=("${collection}" "${description}" "OFF") @@ -272,10 +272,10 @@ install_collection() { for collection in "${COLLECTION_TO_INSTALL[@]}"; do log_info "Installing collection '${collection}'" - ${CSCLI_BIN_INSTALLED} collections install "${collection}" > /dev/null 2>&1 || log_err "fail to install collection ${collection}" + ${CSCLI_BIN_INSTALLED} collections install "${collection}" --error done - ${CSCLI_BIN_INSTALLED} parsers install "crowdsecurity/whitelists" > /dev/null 2>&1 || log_err "fail to install collection crowdsec/whitelists" + ${CSCLI_BIN_INSTALLED} parsers install "crowdsecurity/whitelists" --error if [[ ${SILENT} == "false" ]]; then whiptail --msgbox "Out of safety, I installed a parser called 'crowdsecurity/whitelists'. This one will prevent private IP addresses from being banned, feel free to remove it any time." 20 50 fi @@ -285,14 +285,14 @@ install_collection() { fi } -#$1 is the service name, $... is the list of candidate logs (from find_logs_for) +# $1 is the service name, $... is the list of candidate logs (from find_logs_for) genyamllog() { local service="${1}" shift local files=("${@}") - + echo "#Generated acquisition file - wizard.sh (service: ${service}) / files : ${files[@]}" >> ${TMP_ACQUIS_FILE} - + echo "filenames:" >> ${TMP_ACQUIS_FILE} for fd in ${files[@]}; do echo " - ${fd}" >> ${TMP_ACQUIS_FILE} @@ -306,9 +306,9 @@ genyamllog() { genyamljournal() { local service="${1}" shift - + echo "#Generated acquisition file - wizard.sh (service: ${service}) / files : ${files[@]}" >> ${TMP_ACQUIS_FILE} - + echo "journalctl_filter:" >> ${TMP_ACQUIS_FILE} echo " - _SYSTEMD_UNIT="${service}".service" >> ${TMP_ACQUIS_FILE} echo "labels:" >> ${TMP_ACQUIS_FILE} @@ -318,7 +318,7 @@ genyamljournal() { } genacquisition() { - if skip_tmp_acquis; then + if skip_tmp_acquis; then TMP_ACQUIS_FILE="${ACQUIS_TARGET}" ACQUIS_FILE_MSG="acquisition file generated to: ${TMP_ACQUIS_FILE}" else @@ -336,7 +336,7 @@ genacquisition() { log_info "using journald for '${PSVG}'" genyamljournal ${PSVG} fi; - done + done } detect_cs_install () { @@ -371,7 +371,7 @@ check_cs_version () { fi elif [[ $NEW_MINOR_VERSION -gt $CURRENT_MINOR_VERSION ]] ; then log_warn "new version ($NEW_CS_VERSION) is a minor upgrade !" - if [[ $ACTION != "upgrade" ]] ; then + if [[ $ACTION != "upgrade" ]] ; then if [[ ${FORCE_MODE} == "false" ]]; then echo "" echo "We recommend to upgrade with : sudo ./wizard.sh --upgrade " @@ -383,7 +383,7 @@ check_cs_version () { fi elif [[ $NEW_PATCH_VERSION -gt $CURRENT_PATCH_VERSION ]] ; then log_warn "new version ($NEW_CS_VERSION) is a patch !" - if [[ $ACTION != "binupgrade" ]] ; then + if [[ $ACTION != "binupgrade" ]] ; then if [[ ${FORCE_MODE} == "false" ]]; then echo "" echo "We recommend to upgrade binaries only : sudo ./wizard.sh --binupgrade " @@ -406,7 +406,7 @@ check_cs_version () { fi } -#install crowdsec and cscli +# install crowdsec and cscli install_crowdsec() { mkdir -p "${CROWDSEC_DATA_DIR}" (cd config && find patterns -type f -exec install -Dm 644 "{}" "${CROWDSEC_CONFIG_PATH}/{}" \; && cd ../) || exit @@ -418,7 +418,7 @@ install_crowdsec() { mkdir -p "${CROWDSEC_CONFIG_PATH}/appsec-rules" || exit mkdir -p "${CROWDSEC_CONSOLE_DIR}" || exit - #tmp + # tmp mkdir -p /tmp/data mkdir -p /etc/crowdsec/hub/ install -v -m 600 -D "./config/${CLIENT_SECRETS}" "${CROWDSEC_CONFIG_PATH}" 1> /dev/null || exit @@ -490,7 +490,7 @@ install_bins() { install -v -m 755 -D "${CSCLI_BIN}" "${CSCLI_BIN_INSTALLED}" 1> /dev/null || exit which systemctl && systemctl is-active --quiet crowdsec if [ $? -eq 0 ]; then - systemctl stop crowdsec + systemctl stop crowdsec fi install_plugins symlink_bins @@ -508,7 +508,7 @@ symlink_bins() { delete_bins() { log_info "Removing crowdsec binaries" rm -f ${CROWDSEC_BIN_INSTALLED} - rm -f ${CSCLI_BIN_INSTALLED} + rm -f ${CSCLI_BIN_INSTALLED} } delete_plugins() { @@ -535,7 +535,7 @@ install_plugins(){ } check_running_bouncers() { - #when uninstalling, check if user still has bouncers + # when uninstalling, check if user still has bouncers BOUNCERS_COUNT=$(${CSCLI_BIN} bouncers list -o=raw | tail -n +2 | wc -l) if [[ ${BOUNCERS_COUNT} -gt 0 ]] ; then if [[ ${FORCE_MODE} == "false" ]]; then @@ -646,7 +646,7 @@ main() { then return fi - + if [[ "$1" == "uninstall" ]]; then if ! [ $(id -u) = 0 ]; then @@ -685,11 +685,11 @@ main() { log_info "installing crowdsec" install_crowdsec log_dbg "configuring ${CSCLI_BIN_INSTALLED}" - ${CSCLI_BIN_INSTALLED} hub update > /dev/null 2>&1 || (log_err "fail to update crowdsec hub. exiting" && exit 1) + ${CSCLI_BIN_INSTALLED} hub update --error || (log_err "fail to update crowdsec hub. exiting" && exit 1) # detect running services detect_services - if ! [ ${#DETECTED_SERVICES[@]} -gt 0 ] ; then + if ! [ ${#DETECTED_SERVICES[@]} -gt 0 ] ; then log_err "No detected or selected services, stopping." exit 1 fi; @@ -711,11 +711,11 @@ main() { # api register ${CSCLI_BIN_INSTALLED} machines add --force "$(cat /etc/machine-id)" -a -f "${CROWDSEC_CONFIG_PATH}/${CLIENT_SECRETS}" || log_fatal "unable to add machine to the local API" - log_dbg "Crowdsec LAPI registered" - + log_dbg "Crowdsec LAPI registered" + ${CSCLI_BIN_INSTALLED} capi register || log_fatal "unable to register to the Central API" - log_dbg "Crowdsec CAPI registered" - + log_dbg "Crowdsec CAPI registered" + systemctl enable -q crowdsec >/dev/null || log_fatal "unable to enable crowdsec" systemctl start crowdsec >/dev/null || log_fatal "unable to start crowdsec" log_info "enabling and starting crowdsec daemon" @@ -729,7 +729,7 @@ main() { rm -f "${TMP_ACQUIS_FILE}" fi detect_services - if [[ ${DETECTED_SERVICES} == "" ]] ; then + if [[ ${DETECTED_SERVICES} == "" ]] ; then log_err "No detected or selected services, stopping." exit fi; @@ -757,7 +757,7 @@ usage() { echo " ./wizard.sh --docker-mode Will install crowdsec without systemd and generate random machine-id" echo " ./wizard.sh -n|--noop Do nothing" - exit 0 + exit 0 } if [[ $# -eq 0 ]]; then @@ -770,15 +770,15 @@ do case ${key} in --uninstall) ACTION="uninstall" - shift #past argument + shift # past argument ;; --binupgrade) ACTION="binupgrade" - shift #past argument + shift # past argument ;; --upgrade) ACTION="upgrade" - shift #past argument + shift # past argument ;; -i|--install) ACTION="install" @@ -813,11 +813,11 @@ do -f|--force) FORCE_MODE="true" shift - ;; + ;; -v|--verbose) DEBUG_MODE="true" shift - ;; + ;; -h|--help) usage exit 0