From 8822c1b94189022a38bfbf6720f9ebf02ef70946 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 14 Jun 2017 13:12:26 +0000 Subject: [PATCH 1/7] switch-to-insecure-mode-if-tlsdownload-fails --- Linux Script/configure-linux.sh | 81 ++++++++++++++++++++++++--------- 1 file changed, 60 insertions(+), 21 deletions(-) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index 340ac5d..2a0f0b4 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -102,7 +102,7 @@ checkLinuxLogglyCompatibility() checkIfUserHasRootPrivileges #check if the OS is supported by the script. If no, then exit - checkIfSupportedOS + checkIfSupportedOS #check if package-manager is installed checkIfPackageManagerIsInstalled @@ -215,15 +215,11 @@ checkIfUserHasRootPrivileges() checkIfPackageManagerIsInstalled() { if [ -x "$(command -v apt-get)" ]; then - PKG_MGR="apt-get" - else - if [ -x "$(command -v yum)" ]; then - + if [ -x "$(command -v yum)" ]; then PKG_MGR="yum" fi - fi } @@ -238,7 +234,7 @@ checkIfSupportedOS() *"ubuntu"* ) echo "INFO: Operating system is Ubuntu." ;; - *"redhat"* ) + *"red"* ) echo "INFO: Operating system is Red Hat." ;; *"centos"* ) @@ -582,32 +578,71 @@ elif [ "$RSYSLOG_VERSION_TMP" -ge "8" ]; then inputStrTls=$inputStr_TLS_RSYS_8 fi inputStr=$inputStr_NO_TLS +} + +#install the certificate and check if gnutls package is installed +installTLSDependencies() +{ if [ $LOGGLY_TLS_SENDING == "true" ]; then downloadTlsCerts - /bin/bash -c "sudo $PKG_MGR install rsyslog-gnutls" + if [ "$SUPPRESS_PROMPT" == "true" ]; then + /bin/bash -c "sudo $PKG_MGR install -y rsyslog-gnutls" + else + /bin/bash -c "sudo $PKG_MGR install rsyslog-gnutls" + fi if [ "$PKG_MGR" == "yum" ]; then if [ $(rpm -qa | grep -c "rsyslog-gnutls") -eq 0 ]; then logMsgToConfigSysLog "ERROR" "ERROR: The rsyslog-gnutls package could not be installed automatically. Please install it and then run the script again. Manual instructions to configure rsyslog are available at https://www.loggly.com/docs/rsyslog-tls-configuration/. Rsyslog troubleshooting instructions are available at https://www.loggly.com/docs/troubleshooting-rsyslog/." - exit 1 + exit 1 fi - elif [ "$PKG_MGR" == "apt-get" ]; then + elif [ "$PKG_MGR" == "apt-get" ]; then if [ $(dpkg-query -W -f='${Status}' rsyslog-gnutls 2>/dev/null | grep -c "ok installed") -eq 0 ]; then - logMsgToConfigSysLog "ERROR" "ERROR: The rsyslog-gnutls package could not be installed automatically. Please install it and then run the script again. Manual instructions to configure rsyslog are available at https://www.loggly.com/docs/rsyslog-tls-configuration/. Rsyslog troubleshooting instructions are available at https://www.loggly.com/docs/troubleshooting-rsyslog/." + logMsgToConfigSysLog "ERROR" "ERROR: The rsyslog-gnutls package could not be installed automatically. Please install it and then run the script again. Manual instructions to configure rsyslog are available at https://www.loggly.com/docs/rsyslog-tls-configuration/. Rsyslog troubleshooting instructions are available at https://www.loggly.com/docs/troubleshooting-rsyslog/." exit 1 - fi - - else + fi + elif [ "$FORCE_SECURE" == "true" ]; then + + logMsgToConfigSysLog "WARN" "WARN: The rsyslog-gnutls package could not be download automatically because your package manager could not be found. Please install it and restart the rsyslog service to send logs to Loggly." + else + DEPENDENCIES_INSTALLED="false"; + fi + inputStr=$inputStrTls +fi +} - logMsgToConfigSysLog "WARN" "WARN: The rsyslog-gnutls package could not be download automatically because your package manager couldn't be found. Please download it manually for your distribution and then run the script again." - - fi - inputStr=$inputStrTls +#prompt users if they want to switch to insecure mode on gnutls-package download failure +switchToInsecureModeIfTLSNotFound() +{ +if [ "$DEPENDENCIES_INSTALLED" == "false" ]; then + + if [ "$SUPPRESS_PROMPT" == "false" ]; then + + logMsgToConfigSysLog "WARN" "WARN: The rsyslog-gnutls package could not be download automatically because your package manager could not be found." + + while true; + do + read -p "Do you wish to continue with insecure mode? (yes/no)" yn + case $yn in + [Yy]* ) + logMsgToConfigSysLog "INFO" "INFO: Going to overwrite the conf file: $LOGGLY_RSYSLOG_CONFFILE with insecure configuration"; + LOGGLY_SYSLOG_PORT=514 + break;; + [Nn]* ) + break;; + * ) echo "Please answer yes or no.";; + esac + done + else + logMsgToConfigSysLog "WARN" "WARN: The rsyslog-gnutls package could not be download automatically because your package manager could not be found, continuing with insecure mode." + LOGGLY_SYSLOG_PORT=514 + fi + confString fi } @@ -616,6 +651,8 @@ writeContents() { checkIfTLS confString +installTLSDependencies +switchToInsecureModeIfTLSNotFound WRITE_SCRIPT_CONTENTS="false" if [ -f "$LOGGLY_RSYSLOG_CONFFILE" ]; then @@ -949,6 +986,11 @@ if [ "$1" != "being-invoked" ]; then LOGGLY_TLS_SENDING="false" LOGGLY_SYSLOG_PORT=514 ;; + --force-secure ) + FORCE_SECURE="true" + LOGGLY_TLS_SENDING="true" + LOGGLY_SYSLOG_PORT=6514 + ;; -h | --help) usage exit @@ -978,6 +1020,3 @@ fi ########## Get Inputs from User - End ########## ------------------------------------------------------- # End of Syslog Logging Directives for Loggly # - - - From 3a0d9226c9d94a45a31994f69717753ffee97b7a Mon Sep 17 00:00:00 2001 From: root Date: Thu, 15 Jun 2017 12:54:45 +0000 Subject: [PATCH 2/7] handled some other conditions and modified message --- Linux Script/configure-linux.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index 2a0f0b4..594683d 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -102,7 +102,7 @@ checkLinuxLogglyCompatibility() checkIfUserHasRootPrivileges #check if the OS is supported by the script. If no, then exit - checkIfSupportedOS + checkIfSupportedOS #check if package-manager is installed checkIfPackageManagerIsInstalled @@ -596,14 +596,14 @@ if [ $LOGGLY_TLS_SENDING == "true" ]; then if [ $(rpm -qa | grep -c "rsyslog-gnutls") -eq 0 ]; then logMsgToConfigSysLog "ERROR" "ERROR: The rsyslog-gnutls package could not be installed automatically. Please install it and then run the script again. Manual instructions to configure rsyslog are available at https://www.loggly.com/docs/rsyslog-tls-configuration/. Rsyslog troubleshooting instructions are available at https://www.loggly.com/docs/troubleshooting-rsyslog/." - exit 1 + exit 1 fi elif [ "$PKG_MGR" == "apt-get" ]; then if [ $(dpkg-query -W -f='${Status}' rsyslog-gnutls 2>/dev/null | grep -c "ok installed") -eq 0 ]; then - logMsgToConfigSysLog "ERROR" "ERROR: The rsyslog-gnutls package could not be installed automatically. Please install it and then run the script again. Manual instructions to configure rsyslog are available at https://www.loggly.com/docs/rsyslog-tls-configuration/. Rsyslog troubleshooting instructions are available at https://www.loggly.com/docs/troubleshooting-rsyslog/." + logMsgToConfigSysLog "ERROR" "ERROR: The rsyslog-gnutls package could not be installed automatically. Please install it and then run the script again. Manual instructions to configure rsyslog are available at https://www.loggly.com/docs/rsyslog-tls-configuration/. Rsyslog troubleshooting instructions are available at https://www.loggly.com/docs/troubleshooting-rsyslog/." exit 1 fi elif [ "$FORCE_SECURE" == "true" ]; then @@ -634,7 +634,8 @@ if [ "$DEPENDENCIES_INSTALLED" == "false" ]; then LOGGLY_SYSLOG_PORT=514 break;; [Nn]* ) - break;; + logMsgToConfigSysLog "INFO" "INFO: Since the rsyslog-gnutls package could not be installed automatically, please install it yourself and then re-run the script using the --force-secure flag. This option will force the secure TLS configuration instead of falling back on insecure mode. It is useful for Linux distributions where this script cannot automatically detect the dependency using yum or apt-get."; + exit 1;; * ) echo "Please answer yes or no.";; esac done @@ -947,7 +948,7 @@ checkIfTLS() usage() { cat << EOF -usage: configure-linux [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-s suppress prompts {optional)] [--insecure {to send logs without TLS} (optional)] +usage: configure-linux [-a loggly auth account or subdomain] [-t loggly token (optional)] [-u username] [-p password (optional)] [-s suppress prompts {optional)] [--insecure {to send logs without TLS} (optional)[--force-secure {optional} ] usage: configure-linux [-a loggly auth account or subdomain] [-r to remove] usage: configure-linux [-h for help] EOF @@ -1020,3 +1021,4 @@ fi ########## Get Inputs from User - End ########## ------------------------------------------------------- # End of Syslog Logging Directives for Loggly # + From e1e10bdf93b40ee2b6a83dbca0dcda1d91db4a4e Mon Sep 17 00:00:00 2001 From: root Date: Fri, 23 Jun 2017 12:16:44 +0000 Subject: [PATCH 3/7] switch from wget to curl and handle selinux error --- Linux Script/configure-linux.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index 594683d..592e180 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -458,8 +458,9 @@ checkIfSelinuxServiceEnforced() if [ $? -ne 0 ]; then logMsgToConfigSysLog "INFO" "INFO: selinux status is not enforced." elif [ $(getenforce | grep "Enforcing" | wc -l) -gt 0 ]; then - logMsgToConfigSysLog "ERROR" "ERROR: selinux status is 'Enforcing'. Please disable it and start the rsyslog daemon manually." - exit 1 + logMsgToConfigSysLog "Info" "Info: selinux status is 'Enforcing'. Setting it to the permissive mode and restarting the rsyslog daemon." + setenforce 0 + restartRsyslog fi } @@ -875,7 +876,7 @@ searchAndFetch() { url=$2 - result=$(wget -qO- /dev/null --user "$LOGGLY_USERNAME" --password "$LOGGLY_PASSWORD" "$url") + result=$(curl -s -u $LOGGLY_USERNAME:$LOGGLY_PASSWORD $url) if [ -z "$result" ]; then logMsgToConfigSysLog "ERROR" "ERROR: Please check your network/firewall settings & ensure Loggly subdomain, username and password is specified correctly." @@ -889,7 +890,7 @@ searchAndFetch() url="$LOGGLY_ACCOUNT_URL/apiv2/events?rsid=$id" # retrieve the data - result=$(wget -qO- /dev/null --user "$LOGGLY_USERNAME" --password "$LOGGLY_PASSWORD" "$url") + result=$(curl -s -u $LOGGLY_USERNAME:$LOGGLY_PASSWORD $url) count=$(echo "$result" | grep total_events | awk '{print $2}') count="${count%\,}" eval $1="'$count'" @@ -1021,4 +1022,3 @@ fi ########## Get Inputs from User - End ########## ------------------------------------------------------- # End of Syslog Logging Directives for Loggly # - From 62d63026baae7770316e3c03d2c36460accc14fc Mon Sep 17 00:00:00 2001 From: Shwetajain148 Date: Wed, 28 Jun 2017 13:37:18 +0530 Subject: [PATCH 4/7] Update SELinux Error message I have updated the SELinux error message and removed the code that was changing the security settings. --- Linux Script/configure-linux.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index 592e180..9f95760 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -458,9 +458,8 @@ checkIfSelinuxServiceEnforced() if [ $? -ne 0 ]; then logMsgToConfigSysLog "INFO" "INFO: selinux status is not enforced." elif [ $(getenforce | grep "Enforcing" | wc -l) -gt 0 ]; then - logMsgToConfigSysLog "Info" "Info: selinux status is 'Enforcing'. Setting it to the permissive mode and restarting the rsyslog daemon." - setenforce 0 - restartRsyslog + logMsgToConfigSysLog "ERROR" "ERROR: selinux status is 'Enforcing'. Please manually restart the rsyslog daemon or turn off selinux by running `setenforce 0` and then rerun the script." + exit 1 fi } From f382bba8183c93dc23b593522d0a30cd21a1dca6 Mon Sep 17 00:00:00 2001 From: Shwetajain148 Date: Wed, 28 Jun 2017 15:46:26 +0530 Subject: [PATCH 5/7] Updated SELinux error message --- Linux Script/configure-linux.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index 9f95760..7ccdaaf 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -458,7 +458,7 @@ checkIfSelinuxServiceEnforced() if [ $? -ne 0 ]; then logMsgToConfigSysLog "INFO" "INFO: selinux status is not enforced." elif [ $(getenforce | grep "Enforcing" | wc -l) -gt 0 ]; then - logMsgToConfigSysLog "ERROR" "ERROR: selinux status is 'Enforcing'. Please manually restart the rsyslog daemon or turn off selinux by running `setenforce 0` and then rerun the script." + logMsgToConfigSysLog "ERROR" "ERROR: selinux status is 'Enforcing'. Please manually restart the rsyslog daemon or turn off selinux by running 'setenforce 0' and then rerun the script." exit 1 fi } From 3f7db5c3c6c7cbbc9f62a0c47e6432189e2b85f1 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 30 Jun 2017 08:09:04 +0000 Subject: [PATCH 6/7] check if curl is not installed --- Linux Script/configure-linux.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index 7ccdaaf..aec6d0f 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -110,6 +110,9 @@ checkLinuxLogglyCompatibility() #set the basic variables needed by this script setLinuxVariables + #check if curl is not installed. If yes, ask user to install it manually and run the script again. + checkIfCurlIsNotInstalled + #check if the Loggly servers are accessible. If no, ask user to check network connectivity & exit checkIfLogglyServersAccessible @@ -304,6 +307,15 @@ setLinuxVariables() LOGGLY_ACCOUNT_URL=https://$LOGGLY_ACCOUNT.loggly.com } +#check if curl is not installed +checkIfCurlIsNotInstalled() +{ + if ! [ -x "$(command -v curl)" ]; then + logMsgToConfigSysLog "ERROR" "ERROR: 'Curl' is not installed on your machine, please install it manually and then run the script again."; + exit 1 + fi +} + #checks if all the various endpoints used for configuring loggly are accessible checkIfLogglyServersAccessible() { From 3443d256669ef24c72ab646a7d42776df6eff43b Mon Sep 17 00:00:00 2001 From: Shwetajain148 Date: Tue, 18 Jul 2017 22:27:42 +0530 Subject: [PATCH 7/7] Upgrade the script version --- Linux Script/configure-linux.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Linux Script/configure-linux.sh b/Linux Script/configure-linux.sh index aec6d0f..3407305 100644 --- a/Linux Script/configure-linux.sh +++ b/Linux Script/configure-linux.sh @@ -15,7 +15,7 @@ function ctrl_c() { #name of the current script. This will get overwritten by the child script which calls this SCRIPT_NAME=configure-linux.sh #version of the current script. This will get overwritten by the child script which calls this -SCRIPT_VERSION=1.17 +SCRIPT_VERSION=1.18 #application tag. This will get overwritten by the child script which calls this APP_TAG=