Select Git revision
fullhub.yaml
install.sh 10.43 KiB
#!/bin/bash
#
# install.sh
#
# Copyright (C) 2011-2012 Cesnet z.s.p.o
#
# Use of this source is governed by a BSD-style license, see LICENSE file.
VERSION="2.1"
#-------------------------------------------------------------------------------
# FUNCTIONS
#-------------------------------------------------------------------------------
usage()
{
echo "Usage: `basename $0` [-d <directory>] [-k <ssl_key_file>] [-c <ssl_cert_file>] [-a <ssl_ca_file>] [-hV]"
echo "-d <directory> installation directory (default: /opt)"
echo "-k <ssl_key_file> path to SSL certificate key file"
echo "-c <ssl_cert_file> path to SSL certificate file"
echo "-a <ssl_ca_file> path to CA certificate file"
echo "-h print this help"
echo "-V print script version number and exit"
echo
echo "Example: # ./`basename $0` -d /opt -k /etc/ssl/private/server.key -c /etc/ssl/certs/server.pem -a /etc/ssl/certs/tcs-ca-bundle.pem"
echo
echo "Note: You must be root for running this script."
echo " For more information about installation process, see README file (section Installation)."
echo
exit 0
}
version()
{
echo "`basename ${0}` - current version is $VERSION"
exit 0
}
err()
{
echo "FAILED!"
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
err_clean()
{
echo "FAILED!"
echo " -> Uninstalling server package ... OK"
rm -rf $server_path > /dev/null 2>&1
cat $err
rm -rf $err
echo
echo "Installation of $package_version package FAILED!!!"
exit 1
}
root_chck()
{
if [ $UID -ne 0 ]; then
echo "You must be root for running this script!"
exit 1
fi
}
params_chck()
{
if [ -z $prefix ]; then
prefix=/opt
echo "Warning: parameter -d <directory> is not set - default installation directory is ${prefix}!"
fi
if [ -z $key ]; then
echo "Parameter -k <ssl_key_file> is not set!"
exit 1
fi
if [ -z $cert ]; then
echo "Parameter -c <ssl_cert_file> is not set!"
exit 1
fi
if [ -z $ca_file ]; then
echo "Parameter -a <ssl_ca_file> is not set!"
exit 1
fi
}
old_package_chck()
{
old_package_version_file="${etc}/package_version"
if [ -f $old_package_version_file ]; then
old_package_version=`cat $old_package_version_file`
echo "Sorry, but $old_package_version package is installed!"
echo "For update of warden server package please use update.sh"
exit 1
fi
}
perl_chck()
{
echo -n "Checking Perl interpreter ... "
if which perl 1> /dev/null; then
echo "OK"
else
echo "FAILED!"
echo "Error: Perl interpreter is not installed!"
exit 1
fi
}
modules_chck()
{
for module in ${modules[@]};
do
echo -n "Checking $module module ... "
if perl -e "use $module" 2> $err; then
echo "OK"
else
err
fi
done
}
make_warden_dir()
{
echo -n "Creating Warden server directory ... "
test -d $prefix || mkdir -p $prefix
if cp -R ${dirname}/warden-server $prefix 2> $err; then
echo "OK"
else
err_clean
fi
cp ${dirname}/uninstall.sh $server_path
}
make_client_conf()
{
echo -n "Creating client configuration file ... "
echo "#
# warden-client.conf - configuration file for the warden sender/receiver client
#
#-------------------------------------------------------------------------------
# URI - URI address of Warden server
#-------------------------------------------------------------------------------
\$URI = \"https://${hostname}:443/Warden\";
#-------------------------------------------------------------------------------
# SSL_KEY_FILE - path to client SSL certificate key file
#-------------------------------------------------------------------------------
\$SSL_KEY_FILE = \"${key}\";
#-------------------------------------------------------------------------------
# SSL_CERT_FILE - path to client SSL certificate file
#-------------------------------------------------------------------------------
\$SSL_CERT_FILE = \"${cert}\";
#-------------------------------------------------------------------------------
# SSL_CA_FILE - path to CA certificate file
#-------------------------------------------------------------------------------
\$SSL_CA_FILE = \"${ca_file}\";" > $client_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
make_server_conf()
{
echo -n "Creating server configuration file ... "
echo "#
# warden-server.conf - configuration file for Warden server
#
#-------------------------------------------------------------------------------
# BASEDIR - base directory of Warden server
#-------------------------------------------------------------------------------
\$BASEDIR = \"${server_path}\";
#-------------------------------------------------------------------------------
# SYSLOG - enable/disable syslog logging
#-------------------------------------------------------------------------------
\$SYSLOG = 1;
#-------------------------------------------------------------------------------
# SYSLOG_VERBOSE - enable/disable logging in verbose mode (stack info added)
#-------------------------------------------------------------------------------
\$SYSLOG_VERBOSE = 1;
#-------------------------------------------------------------------------------
# SYSLOG_FACILITY - syslog facility
#-------------------------------------------------------------------------------
\$SYSLOG_FACILITY = \"local7\";
#-------------------------------------------------------------------------------
# DB_NAME - MySQL database name of Warden server
#-------------------------------------------------------------------------------
\$DB_NAME = \"warden\";
#-------------------------------------------------------------------------------
# DB_USER - MySQL database user of Warden server
#-------------------------------------------------------------------------------
\$DB_USER = \"warden\";
#-------------------------------------------------------------------------------
# DB_PASS - MySQL database password of Warden server
#-------------------------------------------------------------------------------
\$DB_PASS = \"\";
#-------------------------------------------------------------------------------
# DB_HOST - MySQL database host
#-------------------------------------------------------------------------------
\$DB_HOST = \"localhost\";
#-------------------------------------------------------------------------------
# MAX_EVENTS_LIMIT - server limit of maximum number of events that can be
# delivered to one client in one batch
#-------------------------------------------------------------------------------
\$MAX_EVENTS_LIMIT = 1000000;
#-------------------------------------------------------------------------------
# VALID_STRINGS - validation hash containing allowed event attributes
#-------------------------------------------------------------------------------
%VALID_STRINGS = (
\"type\" => [\"portscan\", \"bruteforce\", \"probe\", \"spam\", \"phishing\", \"botnet_c_c\", \"dos\", \"malware\", \"copyright\", \"webattack\", \"test\", \"other\", \"_any_\"],
\"source_type\" => [\"IP\", \"URL\", \"Reply-To:\"]
);" > $server_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
make_apache_conf()
{
echo -n "Creating Apache configuration file ... "
echo "#
#
# warden-apache.conf - configuration file for the Apache server
#
SSLEngine on
SSLVerifyDepth 3
SSLVerifyClient require
SSLOptions +StdEnvVars +ExportCertData
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile $cert
SSLCertificateKeyFile $key
SSLCACertificateFile $ca_file
PerlOptions +Parent
PerlSwitches -I $lib
<Location /Warden>
SetHandler perl-script
PerlHandler Warden::ApacheDispatch
SSLOptions +StdEnvVars
</Location>" > $apache_conf 2> $err; ret_val=`echo $?`
if [ $ret_val -eq 0 ]; then
echo "OK"
else
err_clean
fi
}
changeServerPath()
{
echo "Update server path ...";
for file in `ls -1 $bin`
do
echo "- update server path: ${bin}/$file"
perl -pi -e "s#/opt#${prefix}#" ${bin}/$file
done
echo "- update server path: ${lib}/Warden.pm"
perl -pi -e "s#/opt#${prefix}#" ${lib}/Warden.pm
}
create_symlinks()
{
echo "Creating symbolic links ..."
for file in `ls -1 $bin`
do
echo "- making symlink: ${local_bin}/$file -> ${bin}/$file"
ln -s ${bin}/$file ${local_bin}/$file
done
}
#-------------------------------------------------------------------------------
# MAIN
#-------------------------------------------------------------------------------
# list of used Perl modules
modules=(SOAP::Lite SOAP::Transport::HTTP DBI DBD::mysql Format::Human::Bytes Sys::Syslog File::Basename Net::CIDR::Lite DateTime Getopt::Std Switch IO::Socket::SSL MIME::Base64 Crypt::X509 Carp)
# read input
while getopts "d:k:c:a:Vh" options; do
case $options in
d ) prefix=$OPTARG;;
k ) key=$OPTARG;;
c ) cert=$OPTARG;;
a ) ca_file=$OPTARG;;
h ) usage;;
V ) version;;
* ) usage;;
esac
done
# root test
root_chck
# params test
params_chck
# create variables
dirname=`dirname $0`
hostname=`hostname -f`
key_file=`basename $key`
cert_file=`basename $cert`
package_version=`cat ${dirname}/warden-server/etc/package_version`
[[ $prefix == */ ]] && prefix="${prefix%?}" # remove last char (slash) from prefix
server_path="${prefix}/warden-server"
bin="${server_path}/bin"
local_bin="/usr/local/bin"
etc="${server_path}/etc"
client_conf="${etc}/warden-client.conf"
server_conf="${etc}/warden-server.conf"
apache_conf="${etc}/warden-apache.conf"
var="${server_path}/var"
lib="${server_path}/lib"
doc="${server_path}/doc"
err="/tmp/warden-err"
# check if warden-server is installed
old_package_chck
echo
echo "------------------------- Dependencies check-in -------------------------"
# Perl interpreter test
perl_chck
# Perl modules test
modules_chck
echo
echo "------------------------- Installation process --------------------------"
# make warden client directory
make_warden_dir
# create client configuration file
make_client_conf
# create server configuration file
make_server_conf
# create Apache configuration file
make_apache_conf
#update paths in utilities
changeServerPath
# crate symlinks from warden server bin directory to /usr/local/bin
create_symlinks
echo
echo "Please check configuration files:"
echo " - ${client_conf}"
echo " - ${server_conf}"
echo " - ${apache_conf}"
echo
echo "Warden server directory: $server_path"
echo
echo "Please follow post-installation steps in ${doc}/INSTALL!"
echo
echo "Installation of $package_version package was SUCCESSFUL!!!"
echo
# cleanup section
rm -rf $err
exit 0