From 3c2e7d82b6d2574889a26dc70bfe40be3cbefae7 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 18 Sep 2017 12:43:40 +0000 Subject: [PATCH 1/4] Check and switch existing logging mode --- Linux Script/configure-linux.sh | 106 ++++++++++++++++++++++++-------- 1 file changed, 79 insertions(+), 27 deletions(-) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index 588a999..21a646e 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -40,6 +40,9 @@ MIN_RSYSLOG_VERSION=5.8.0 #this variable will hold the users syslog version RSYSLOG_VERSION= +#this variable will hold the existing syslog port of 22-loggly.conf +EXISTING_SYSLOG_PORT= + #this variable will hold the host name HOST_NAME= #this variable will hold the name of the linux distribution @@ -659,8 +662,8 @@ fi #write the contents to 22-loggly.conf file writeContents() { -checkIfTLS confString +checkScriptRunningMode installTLSDependencies switchToInsecureModeIfTLSNotFound WRITE_SCRIPT_CONTENTS="false" @@ -924,33 +927,82 @@ getPassword() echo } -#Change TLS settings -checkIfTLS() +#function to switch system logging to insecure mode if user runs the modular script in insecure mode +switchSystemLoggingToInsecure() { - if [[ $LOGGLY_SYSLOG_PORT == 514 ]]; then - - if [ "$SUPPRESS_PROMPT" == "false" ]; then - while true; - do - read -p "Hey you are going to setup system logs in insecure mode. Do you want to overwrite this with secure mode? (yes/no)" yn - case $yn in - [Yy]* ) - logMsgToConfigSysLog "INFO" "INFO: Going to overwrite the conf file: $LOGGLY_RSYSLOG_CONFFILE with secure configuration"; - LOGGLY_TLS_SENDING="true" - LOGGLY_SYSLOG_PORT=6514 - break;; - [Nn]* ) - break;; - * ) echo "Please answer yes or no.";; - esac - done - else - logMsgToConfigSysLog "WARN" "WARN: Your system logs are being send insecurely. We prefer to send system logs securely so switching to secure configuration." - LOGGLY_TLS_SENDING="true" - LOGGLY_SYSLOG_PORT=6514 - - fi - fi + if [ -f $LOGGLY_RSYSLOG_CONFFILE ]; then + if [[ $RSYSLOG_VERSION_TMP -le "7" ]]; then + EXISTING_SYSLOG_PORT=$(grep 6514 $LOGGLY_RSYSLOG_CONFFILE | awk {'print $2'} | cut -d':' -f2 | cut -d';' -f1) + elif [[ "$RSYSLOG_VERSION_TMP" -ge "8" ]]; then + EXISTING_SYSLOG_PORT=$(grep 6514 $LOGGLY_RSYSLOG_CONFFILE | awk {'print $4'} | cut -d'"' -f2) + fi + if [[ $EXISTING_SYSLOG_PORT == 6514 ]]; then + if [ "$SUPPRESS_PROMPT" == "false" ]; then + while true; + do + read -p "You are running the script using insecure mode, but your system logs are using secure mode. The script only supports a single mode for both, so would you like to switch your system logs to insecure mode? (yes/no)" yn + case $yn in + [Yy]* ) + logMsgToConfigSysLog "INFO" "INFO: Going to overwrite the conf file: $LOGGLY_RSYSLOG_CONFFILE with insecure configuration"; + LOGGLY_TLS_SENDING="false" + LOGGLY_SYSLOG_PORT=514 + break;; + [Nn]* ) + logMsgToConfigSysLog "INFO" "INFO: Please re-run the script in secure mode if you want to setup secure logging" + exit 1;; + * ) echo "Please answer yes or no.";; + esac + done + else + logMsgToConfigSysLog "WARN" "WARNING: You are running the script using insecure mode, but your system logs are using secure mode. The script only supports a single mode for both, so we are switching the system logs to insecure mode as well." + LOGGLY_TLS_SENDING="false" + LOGGLY_SYSLOG_PORT=514 + fi + fi + fi +} + +#function to switch system logging to secure mode if user runs the modular script in secure mode +switchSystemLoggingToSecure() +{ + if [ -f $LOGGLY_RSYSLOG_CONFFILE ]; then + EXISTING_SYSLOG_PORT=$(grep 514 $LOGGLY_RSYSLOG_CONFFILE | awk {'print $2'} | cut -d':' -f2 | cut -d';' -f1) + if [[ $EXISTING_SYSLOG_PORT == 514 ]]; then + if [ "$SUPPRESS_PROMPT" == "false" ]; then + while true; + do + read -p "You are running the script using secure mode, but your system logs are using insecure mode. The script only supports a single mode for both, so would you like to switch your system logs to secure mode? (yes/no)" yn + case $yn in + [Yy]* ) + logMsgToConfigSysLog "INFO" "INFO: Going to overwrite the conf file: $LOGGLY_RSYSLOG_CONFFILE with secure configuration"; + LOGGLY_TLS_SENDING="true" + LOGGLY_SYSLOG_PORT=6514 + break;; + [Nn]* ) + logMsgToConfigSysLog "INFO" "INFO: Please re-run the script in insecure mode if you want to setup insecure logging" + exit 1;; + * ) echo "Please answer yes or no.";; + esac + done + else + logMsgToConfigSysLog "WARN" "WARNING: You are running the script using secure mode, but your system logs are using insecure mode. The script only supports a single mode for both, so we are switching the system logs to secure mode as well." + LOGGLY_TLS_SENDING="true" + LOGGLY_SYSLOG_PORT=6514 + fi + fi + fi +} + +#check whether the user is running the script in secure or insecure mode and then switch system logging accordingly. +checkScriptRunningMode() +{ + if [ "$FORCE_SECURE" == "false" ]; then + if [[ $LOGGLY_SYSLOG_PORT == 514 ]]; then + switchSystemLoggingToInsecure + else + switchSystemLoggingToSecure + fi + fi } #display usage syntax From 592084c0297767d3e418f6d17cf9c39a8a5e4a88 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 21 Sep 2017 11:08:54 +0000 Subject: [PATCH 2/4] Correct ping error message and modify grep command --- Linux Script/configure-linux.sh | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index 21a646e..97f34d6 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -325,8 +325,15 @@ checkIfCurlIsNotInstalled() #checks if all the various endpoints used for configuring loggly are accessible checkIfLogglyServersAccessible() { + echo "INFO: Checking if $LOGS_01_HOST can be pinged." + if [ $(ping -c 1 $LOGS_01_HOST | grep "1 packets transmitted, 1 received, 0% packet loss" | wc -l) == 1 ]; then + echo "INFO: $LOGS_01_HOST can be pinged." + else + logMsgToConfigSysLog "WARNING" "WARNING: $LOGS_01_HOST cannot be pinged. Please check your network and firewall settings." + fi + echo "INFO: Checking if $LOGS_01_HOST is reachable." - if [ $(ping -c 1 $LOGS_01_HOST | grep "1 packets transmitted, 1 received, 0% packet loss" | wc -l) == 1 ] || [ $(sleep 1 | telnet $LOGS_01_HOST $LOGGLY_SYSLOG_PORT | grep Connected | wc -l) == 1 ]; then + if [ $(sleep 1 | telnet $LOGS_01_HOST $LOGGLY_SYSLOG_PORT 2>/dev/null | grep Connected | wc -l) == 1 ]; then echo "INFO: $LOGS_01_HOST is reachable." else logMsgToConfigSysLog "ERROR" "ERROR: $LOGS_01_HOST is not reachable. Please check your network and firewall settings." @@ -931,11 +938,7 @@ getPassword() switchSystemLoggingToInsecure() { if [ -f $LOGGLY_RSYSLOG_CONFFILE ]; then - if [[ $RSYSLOG_VERSION_TMP -le "7" ]]; then - EXISTING_SYSLOG_PORT=$(grep 6514 $LOGGLY_RSYSLOG_CONFFILE | awk {'print $2'} | cut -d':' -f2 | cut -d';' -f1) - elif [[ "$RSYSLOG_VERSION_TMP" -ge "8" ]]; then - EXISTING_SYSLOG_PORT=$(grep 6514 $LOGGLY_RSYSLOG_CONFFILE | awk {'print $4'} | cut -d'"' -f2) - fi + EXISTING_SYSLOG_PORT=$(egrep -ow 6514 $LOGGLY_RSYSLOG_CONFFILE) if [[ $EXISTING_SYSLOG_PORT == 6514 ]]; then if [ "$SUPPRESS_PROMPT" == "false" ]; then while true; @@ -959,14 +962,14 @@ switchSystemLoggingToInsecure() LOGGLY_SYSLOG_PORT=514 fi fi - fi + fi } #function to switch system logging to secure mode if user runs the modular script in secure mode switchSystemLoggingToSecure() { if [ -f $LOGGLY_RSYSLOG_CONFFILE ]; then - EXISTING_SYSLOG_PORT=$(grep 514 $LOGGLY_RSYSLOG_CONFFILE | awk {'print $2'} | cut -d':' -f2 | cut -d';' -f1) + EXISTING_SYSLOG_PORT=$(egrep -ow 514 $LOGGLY_RSYSLOG_CONFFILE) if [[ $EXISTING_SYSLOG_PORT == 514 ]]; then if [ "$SUPPRESS_PROMPT" == "false" ]; then while true; From cd1f7a01d54a2e3d61648c1f4c2cfa85062cf6e2 Mon Sep 17 00:00:00 2001 From: Shwetajain148 Date: Wed, 27 Sep 2017 14:49:58 +0530 Subject: [PATCH 3/4] Change grep command --- Linux Script/configure-linux.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index 97f34d6..a5ac003 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -938,7 +938,7 @@ getPassword() switchSystemLoggingToInsecure() { if [ -f $LOGGLY_RSYSLOG_CONFFILE ]; then - EXISTING_SYSLOG_PORT=$(egrep -ow 6514 $LOGGLY_RSYSLOG_CONFFILE) + EXISTING_SYSLOG_PORT=$(grep -Eow 6514 $LOGGLY_RSYSLOG_CONFFILE) if [[ $EXISTING_SYSLOG_PORT == 6514 ]]; then if [ "$SUPPRESS_PROMPT" == "false" ]; then while true; @@ -969,7 +969,7 @@ switchSystemLoggingToInsecure() switchSystemLoggingToSecure() { if [ -f $LOGGLY_RSYSLOG_CONFFILE ]; then - EXISTING_SYSLOG_PORT=$(egrep -ow 514 $LOGGLY_RSYSLOG_CONFFILE) + EXISTING_SYSLOG_PORT=$(grep -Eow 514 $LOGGLY_RSYSLOG_CONFFILE) if [[ $EXISTING_SYSLOG_PORT == 514 ]]; then if [ "$SUPPRESS_PROMPT" == "false" ]; then while true; From e4a43909e4b0a5c5ab129ffd2047ef6d4e51e426 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 3 Oct 2017 12:33:47 +0000 Subject: [PATCH 4/4] Modified telnet command --- Linux Script/configure-linux.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index a5ac003..22e181a 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -333,7 +333,8 @@ checkIfLogglyServersAccessible() fi echo "INFO: Checking if $LOGS_01_HOST is reachable." - if [ $(sleep 1 | telnet $LOGS_01_HOST $LOGGLY_SYSLOG_PORT 2>/dev/null | grep Connected | wc -l) == 1 ]; then + ( /dev/null 2>&1 + if [ $? -eq 0 ]; then echo "INFO: $LOGS_01_HOST is reachable." else logMsgToConfigSysLog "ERROR" "ERROR: $LOGS_01_HOST is not reachable. Please check your network and firewall settings."