beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

wizard: while installing, don't hide hub download/timeout errors (#2710)

Browse source 
* wizard: while installing, don't hide hub download/timeout errors
* lint, whitespace
This commit is contained in:
mmetc 2024-01-11 16:30:42 +01:00 committed by GitHub
parent 260f5a7992
commit aa4f02c798
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 45 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
wizard.sh
View file

@ -129,16 +129,16 @@ log_dbg() {
detect_services () { detect_services () {
DETECTED_SERVICES=() DETECTED_SERVICES=()
HMENU=() HMENU=()
#list systemd services # list systemd services
SYSTEMD_SERVICES=`systemctl --state=enabled list-unit-files '*.service' | cut -d ' ' -f1` SYSTEMD_SERVICES=`systemctl --state=enabled list-unit-files '*.service' | cut -d ' ' -f1`
#raw ps # raw ps
PSAX=`ps ax -o comm=` PSAX=`ps ax -o comm=`
for SVC in ${SUPPORTED_SERVICES} ; do for SVC in ${SUPPORTED_SERVICES} ; do
log_dbg "Checking if service '${SVC}' is running (ps+systemd)" log_dbg "Checking if service '${SVC}' is running (ps+systemd)"
for SRC in "${SYSTEMD_SERVICES}" "${PSAX}" ; do for SRC in "${SYSTEMD_SERVICES}" "${PSAX}" ; do
echo ${SRC} | grep ${SVC} >/dev/null echo ${SRC} | grep ${SVC} >/dev/null
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
#on centos, apache2 is named httpd # on centos, apache2 is named httpd
if [[ ${SVC} == "httpd" ]] ; then if [[ ${SVC} == "httpd" ]] ; then
SVC="apache2"; SVC="apache2";
fi fi
@ -157,7 +157,7 @@ detect_services () {
fi; fi;
if [[ ${SILENT} == "false" ]]; then if [[ ${SILENT} == "false" ]]; then
#we put whiptail results in an array, notice the dark magic fd redirection # we put whiptail results in an array, notice the dark magic fd redirection
DETECTED_SERVICES=($(whiptail --separate-output --noitem --ok-button Continue --title "Services to monitor" --checklist "Detected services, uncheck to ignore. Ignored services won't be monitored." 18 70 10 ${HMENU[@]} 3>&1 1>&2 2>&3)) DETECTED_SERVICES=($(whiptail --separate-output --noitem --ok-button Continue --title "Services to monitor" --checklist "Detected services, uncheck to ignore. Ignored services won't be monitored." 18 70 10 ${HMENU[@]} 3>&1 1>&2 2>&3))
if [ $? -eq 1 ]; then if [ $? -eq 1 ]; then
log_err "user bailed out at services selection" log_err "user bailed out at services selection"
@ -189,28 +189,28 @@ log_locations[mysql]='/var/log/mysql/error.log'
log_locations[smb]='/var/log/samba*.log' log_locations[smb]='/var/log/samba*.log'
log_locations[linux]='/var/log/syslog,/var/log/kern.log,/var/log/messages' log_locations[linux]='/var/log/syslog,/var/log/kern.log,/var/log/messages'
#$1 is service name, such those in SUPPORTED_SERVICES # $1 is service name, such those in SUPPORTED_SERVICES
find_logs_for() { find_logs_for() {
ret="" ret=""
x=${1} x=${1}
#we have trailing and starting quotes because of whiptail # we have trailing and starting quotes because of whiptail
SVC="${x%\"}" SVC="${x%\"}"
SVC="${SVC#\"}" SVC="${SVC#\"}"
DETECTED_LOGFILES=() DETECTED_LOGFILES=()
HMENU=() HMENU=()
#log_info "Searching logs for ${SVC} : ${log_locations[${SVC}]}" # log_info "Searching logs for ${SVC} : ${log_locations[${SVC}]}"
#split the line into an array with ',' separator # split the line into an array with ',' separator
OIFS=${IFS} OIFS=${IFS}
IFS=',' read -r -a a <<< "${log_locations[${SVC}]}," IFS=',' read -r -a a <<< "${log_locations[${SVC}]},"
IFS=${OIFS} IFS=${OIFS}
#readarray -td, a <<<"${log_locations[${SVC}]},"; unset 'a[-1]'; # readarray -td, a <<<"${log_locations[${SVC}]},"; unset 'a[-1]';
for poss_path in "${a[@]}"; do for poss_path in "${a[@]}"; do
#Split /var/log/nginx/*.log into '/var/log/nginx' and '*.log' so we can use find # Split /var/log/nginx/*.log into '/var/log/nginx' and '*.log' so we can use find
path=${poss_path%/*} path=${poss_path%/*}
fname=${poss_path##*/} fname=${poss_path##*/}
candidates=`find "${path}" -type f -mtime -5 -ctime -5 -name "$fname"` candidates=`find "${path}" -type f -mtime -5 -ctime -5 -name "$fname"`
#We have some candidates, add them # We have some candidates, add them
for final_file in ${candidates} ; do for final_file in ${candidates} ; do
log_dbg "Found logs file for '${SVC}': ${final_file}" log_dbg "Found logs file for '${SVC}': ${final_file}"
DETECTED_LOGFILES+=(${final_file}) DETECTED_LOGFILES+=(${final_file})
@ -249,12 +249,12 @@ install_collection() {
in_array $collection "${DETECTED_SERVICES[@]}" in_array $collection "${DETECTED_SERVICES[@]}"
if [[ $? == 0 ]]; then if [[ $? == 0 ]]; then
HMENU+=("${collection}" "${description}" "ON") HMENU+=("${collection}" "${description}" "ON")
#in case we're not in interactive mode, assume defaults # in case we're not in interactive mode, assume defaults
COLLECTION_TO_INSTALL+=(${collection}) COLLECTION_TO_INSTALL+=(${collection})
else else
if [[ ${collection} == "linux" ]]; then if [[ ${collection} == "linux" ]]; then
HMENU+=("${collection}" "${description}" "ON") HMENU+=("${collection}" "${description}" "ON")
#in case we're not in interactive mode, assume defaults # in case we're not in interactive mode, assume defaults
COLLECTION_TO_INSTALL+=(${collection}) COLLECTION_TO_INSTALL+=(${collection})
else else
HMENU+=("${collection}" "${description}" "OFF") HMENU+=("${collection}" "${description}" "OFF")
@ -272,10 +272,10 @@ install_collection() {
for collection in "${COLLECTION_TO_INSTALL[@]}"; do for collection in "${COLLECTION_TO_INSTALL[@]}"; do
log_info "Installing collection '${collection}'" log_info "Installing collection '${collection}'"
${CSCLI_BIN_INSTALLED} collections install "${collection}" > /dev/null 2>&1 || log_err "fail to install collection ${collection}" ${CSCLI_BIN_INSTALLED} collections install "${collection}" --error
done done
${CSCLI_BIN_INSTALLED} parsers install "crowdsecurity/whitelists" > /dev/null 2>&1 || log_err "fail to install collection crowdsec/whitelists" ${CSCLI_BIN_INSTALLED} parsers install "crowdsecurity/whitelists" --error
if [[ ${SILENT} == "false" ]]; then if [[ ${SILENT} == "false" ]]; then
whiptail --msgbox "Out of safety, I installed a parser called 'crowdsecurity/whitelists'. This one will prevent private IP addresses from being banned, feel free to remove it any time." 20 50 whiptail --msgbox "Out of safety, I installed a parser called 'crowdsecurity/whitelists'. This one will prevent private IP addresses from being banned, feel free to remove it any time." 20 50
fi fi
@ -285,7 +285,7 @@ install_collection() {
fi fi
} }
#$1 is the service name, $... is the list of candidate logs (from find_logs_for) # $1 is the service name, $... is the list of candidate logs (from find_logs_for)
genyamllog() { genyamllog() {
local service="${1}" local service="${1}"
shift shift
@ -406,7 +406,7 @@ check_cs_version () {
fi fi
} }
#install crowdsec and cscli # install crowdsec and cscli
install_crowdsec() { install_crowdsec() {
mkdir -p "${CROWDSEC_DATA_DIR}" mkdir -p "${CROWDSEC_DATA_DIR}"
(cd config && find patterns -type f -exec install -Dm 644 "{}" "${CROWDSEC_CONFIG_PATH}/{}" \; && cd ../) || exit (cd config && find patterns -type f -exec install -Dm 644 "{}" "${CROWDSEC_CONFIG_PATH}/{}" \; && cd ../) || exit
@ -418,7 +418,7 @@ install_crowdsec() {
mkdir -p "${CROWDSEC_CONFIG_PATH}/appsec-rules" || exit mkdir -p "${CROWDSEC_CONFIG_PATH}/appsec-rules" || exit
mkdir -p "${CROWDSEC_CONSOLE_DIR}" || exit mkdir -p "${CROWDSEC_CONSOLE_DIR}" || exit
#tmp # tmp
mkdir -p /tmp/data mkdir -p /tmp/data
mkdir -p /etc/crowdsec/hub/ mkdir -p /etc/crowdsec/hub/
install -v -m 600 -D "./config/${CLIENT_SECRETS}" "${CROWDSEC_CONFIG_PATH}" 1> /dev/null || exit install -v -m 600 -D "./config/${CLIENT_SECRETS}" "${CROWDSEC_CONFIG_PATH}" 1> /dev/null || exit
@ -535,7 +535,7 @@ install_plugins(){
} }
check_running_bouncers() { check_running_bouncers() {
#when uninstalling, check if user still has bouncers # when uninstalling, check if user still has bouncers
BOUNCERS_COUNT=$(${CSCLI_BIN} bouncers list -o=raw | tail -n +2 | wc -l) BOUNCERS_COUNT=$(${CSCLI_BIN} bouncers list -o=raw | tail -n +2 | wc -l)
if [[ ${BOUNCERS_COUNT} -gt 0 ]] ; then if [[ ${BOUNCERS_COUNT} -gt 0 ]] ; then
if [[ ${FORCE_MODE} == "false" ]]; then if [[ ${FORCE_MODE} == "false" ]]; then
@ -685,7 +685,7 @@ main() {
log_info "installing crowdsec" log_info "installing crowdsec"
install_crowdsec install_crowdsec
log_dbg "configuring ${CSCLI_BIN_INSTALLED}" log_dbg "configuring ${CSCLI_BIN_INSTALLED}"
${CSCLI_BIN_INSTALLED} hub update > /dev/null 2>&1 || (log_err "fail to update crowdsec hub. exiting" && exit 1) ${CSCLI_BIN_INSTALLED} hub update --error || (log_err "fail to update crowdsec hub. exiting" && exit 1)
# detect running services # detect running services
detect_services detect_services
@ -770,15 +770,15 @@ do
case ${key} in case ${key} in
--uninstall) --uninstall)
ACTION="uninstall" ACTION="uninstall"
shift #past argument shift # past argument
;; ;;
--binupgrade) --binupgrade)
ACTION="binupgrade" ACTION="binupgrade"
shift #past argument shift # past argument
;; ;;
--upgrade) --upgrade)
ACTION="upgrade" ACTION="upgrade"
shift #past argument shift # past argument
;; ;;
-i|--install) -i|--install)
ACTION="install" ACTION="install"