#!/bin/bash # Copyright Atomicorp, Inc # 2022 export LANG=en_US.UTF-8 INSTALLER_VERSION=4.0.0 if [[ ! $BETA ]]; then BETA=0 fi # set the default values for the proxy arguments HTTPS_PROXY="" HTTPS_PROXY_USERNAME="" HTTPS_PROXY_PASSWORD="" # create a show_help function function show_help() { echo echo "Atomic Inspector Installer" echo " Version: $INSTALLER_VERSION" echo " Usage: $0 [options]" echo echo " Options:" echo " --https-proxy= will set the https_proxy environment variable" echo " --https-proxy-username= will set the https_proxy_username environment variable" echo " --https-proxy-password= will set the https_proxy_password environment variable" echo " --beta will install from the beta repository" echo } # Parse command line arguments for arg in "$@"; do case $arg in --https-proxy=*) HTTPS_PROXY="${arg#*=}" shift # Remove --https-proxy from processing ;; --https-proxy-username=*) HTTPS_PROXY_USERNAME="${arg#*=}" shift # Remove --https-proxy-username from processing ;; --https-proxy-password=*) HTTPS_PROXY_PASSWORD="${arg#*=}" shift # Remove --https-proxy-password from processing ;; --beta) BETA=1 shift # Remove --beta from processing ;; -h|--help) show_help exit ;; *) # unknown option ;; esac done # If the HTTPS_PROXY environment variable is set then set the https_proxy environment variable if [ ! -z "$HTTPS_PROXY" ]; then export https_proxy=$HTTPS_PROXY export HTTPS_PROXY=$HTTPS_PROXY export http_proxy=$HTTPS_PROXY export HTTP_PROXY=$HTTPS_PROXY # Set wget-specific environment variables export use_proxy=yes export http_proxy=$HTTPS_PROXY export https_proxy=$HTTPS_PROXY # Extract protocol - if https was specified, convert to http for some tools if [[ "$HTTPS_PROXY" == https://* ]]; then HTTP_VERSION=$(echo $HTTPS_PROXY | sed 's|^https://|http://|') export http_proxy=$HTTP_VERSION export HTTP_PROXY=$HTTP_VERSION export https_proxy=$HTTP_VERSION export HTTPS_PROXY=$HTTP_VERSION echo "Note: Converting https proxy URL to http for compatibility: $HTTP_VERSION" | tee -a $LOG fi fi # If the HTTPS_PROXY_USERNAME environment variable is set then set the https_proxy_username environment variable if [ ! -z "$HTTPS_PROXY_USERNAME" ]; then export https_proxy_username=$HTTPS_PROXY_USERNAME export http_proxy_username=$HTTPS_PROXY_USERNAME fi # If the HTTPS_PROXY_PASSWORD environment variable is set then set the https_proxy_password environment variable if [ ! -z "$HTTPS_PROXY_PASSWORD" ]; then export https_proxy_password=$HTTPS_PROXY_PASSWORD export http_proxy_password=$HTTPS_PROXY_PASSWORD fi LOG=/root/awp-install.log ARCH=$(uname -i) ALT_REPO_DISABLED=0 TC_TARGET="updates.atomicorp.com/channels/asl-3.0/README" echo "`date -u` --------------------------------------------------" >> $LOG echo "`date -u` AP installation started" >> $LOG echo echo echo "Atomic Inspector installer (v$INSTALLER_VERSION)" echo " By Atomicorp: https://www.atomicorp.com" echo " Documentation: https://docs.atomicorp.com/AEO/index.html" echo if [ ! $SSH_TTY ]; then INSTALL_TTY="/dev/$(ps -p$$ --no-heading | awk '{print $2}')" else INSTALL_TTY=$SSH_TTY fi function app_exit { EXIT_CODE=$1 # re-enable disabled repos if [ $ALT_REPO_DISABLED -ge 1 ]; then for reponame in $ALT_REPO; do /usr/bin/yum-config-manager --enable $reponame > /dev/null done fi # remove lock file rm -f /awp-installer.lock # exit echo echo "`date -u` ERROR: abnormal exit $EXIT_CODE" | tee -a $LOG echo exit $EXIT_CODE } function check_input { message=$1 validate=$2 default=$3 while [ $? -ne 1 ]; do echo -n "$message " read INPUTTEXT < $INSTALL_TTY if [ "$INPUTTEXT" == "" -a "$default" != "" ]; then INPUTTEXT=$default return 1 fi echo $INPUTTEXT | egrep -q "$validate" && return 1 echo "Invalid input" done } rawurlencode() { local string="${1}" local strlen=${#string} local encoded="" for (( pos=0 ; pos /dev/null done fi else echo "PASS" fi } function check_ram { echo -n " `date -u` MEM: " ram=$(free |awk '/Mem:/ {print $2}') swap=$(free |awk '/Swap:/ {print $2}') if [ $ram -lt 3700000 ]; then echo "FAIL - A minimuim of 4G of memory is required" | tee -a $LOG app_exit 1 else echo "PASS" fi } function check_swap { echo -n " `date -u` SWAP: " if [ $swap -lt 2090000 ]; then echo "FAIL - A minimum swap size of 2G is required for AWP." | tee -a $LOG # app_exit 1 else echo "PASS" fi } function check_ports { PORT_INFO_WEBD=$(ss -tulwnp | grep -e "tcp.*:30001" | awk '{print $7}') re="users:.*\"(.*)\",pid=([0-9]+),fd=([0-9]+).*" echo -n " `date -u` PORT-CHECK-1: " if [[ $PORT_INFO_WEBD =~ $re ]]; then echo "FAIL - ${BASH_REMATCH[1]} running on 30001." | tee -a $LOG app_exit 1 else echo "PASS" fi #Tortixd port check PORT_INFO_TORTIXD=$(ss -tulwnp | grep -e "tcp.*:30000" | awk '{print $7}') re="users:.*\"(.*)\",pid=([0-9]+),fd=([0-9]+).*" echo -n " `date -u` PORT-CHECK-2: " if [[ $PORT_INFO_TORTIXD =~ $re ]]; then echo "FAIL - ${BASH_REMATCH[1]} running on 30000." | tee -a $LOG app_exit 1 else echo "PASS" fi } function check_cores { CORES=$(nproc) echo -n " `date -u` CPU Cores ($CORES): " | tee -a $LOG if [[ $CORES -ge 2 ]]; then echo "PASS" | tee -a $LOG else echo "FAIL - A minimum of 2 cores needed, $CORES available." | tee -a $LOG app_exit 1 fi } function check_ssl { echo -n " `date -u` SSL: " | tee -a $LOG # Try with curl first if command -v curl &> /dev/null; then curl -s -m 10 https://google.com >/dev/null RETVAL=$? # Fall back to wget if curl is not available elif command -v wget &> /dev/null; then wget -q -T 10 -t 1 -O /dev/null https://google.com >/dev/null 2>&1 RETVAL=$? else echo "FAILED: Neither curl nor wget is available" | tee -a $LOG app_exit 1 fi if [ $RETVAL -eq 60 ]; then echo "FAILED: SSL Network failure (google.com): CA invalid" | tee -a $LOG app_exit 1 elif [ $RETVAL -ne 0 ] ; then echo "FAILED: SSL Network failure (google.com): connection failed (Error code: $RETVAL)" | tee -a $LOG # If proxy is set, give more specific error message if [ ! -z "$HTTPS_PROXY" ] || [ ! -z "$https_proxy" ]; then echo " Note: This may be a proxy connection issue. Current proxy settings:" | tee -a $LOG echo " HTTPS_PROXY=$HTTPS_PROXY" | tee -a $LOG echo " https_proxy=$https_proxy" | tee -a $LOG # Try testing the proxy directly echo " Testing proxy connectivity directly:" | tee -a $LOG if command -v curl &> /dev/null; then curl -s -m 5 -x $HTTPS_PROXY http://www.google.com -I >/dev/null if [ $? -eq 0 ]; then echo " Proxy connection test: SUCCESSFUL" | tee -a $LOG echo " This suggests an issue with HTTPS connections through the proxy" | tee -a $LOG else echo " Proxy connection test: FAILED" | tee -a $LOG echo " This suggests the proxy itself may not be accessible" | tee -a $LOG fi fi fi app_exit 1 else echo "PASS" | tee -a $LOG fi } function check_release { if [ -f /etc/system-release ]; then RELEASE_FILE=/etc/system-release elif [ -f /etc/redhat-release ] ; then RELEASE_FILE=/etc/redhat-release else echo | tee -a $LOG echo "Error: /etc/redhat-release was not detected" | tee -a $LOG echo echo "`date -u` ERROR: could not determine release file" | tee -a $LOG app_exit 1 fi #EL5 if egrep -q "release 7" $RELEASE_FILE ; then DIST="el7" DIR=centos/7 SUGGESTS="tortixd tortixd-mod_ssl tortix-waf tortix-mod_evasive" #EL8 elif egrep -q "release 8" $RELEASE_FILE ; then DIST="el8" DIR=centos/8 SUGGESTS="" elif egrep -q "release 9" $RELEASE_FILE ; then DIST="el9" DIR=rocky/9 SUGGESTS="" else echo "Error: Unable to determine distribution type. Please send the contents of $RELEASE_FILE to support@atomicorp.com" | tee -a $LOG echo "`date -u` ERROR: unable to determine distribution type" | tee -a $LOG echo echo "Supported platforms are:" echo " * Centos 7" echo " * RHEL 7/8" echo " * Rocky 8" echo app_exit 1 fi echo " `date -u` distribution determined as $DIST" | tee -a $LOG } function check_selinux { if [ -x /usr/sbin/setenforce ]; then /usr/sbin/setenforce 0 >/dev/null 2>&1 if [ -f /etc/sysconfig/selinux ]; then /usr/bin/sed -i "s/SELINUX=.*/SELINUX=permissive/g" /etc/sysconfig/selinux fi if [ -f /etc/selinux/config ]; then /usr/bin/sed -i 's/SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config fi fi } function check_package_conflicts() { COUNT=0 CONFLICTS="MFEcma MFErt MFEhiplsm-kernel MFEhiplsm-apache cphalo cb cb-enterprise csf psa elasticsearch opensearch kibana opensearch-dashboards" for package in $CONFLICTS; do if rpm -q $package >/dev/null; then ((COUNT++)) ARRAY+=(" Incompatible package: $package ") fi done if [ $COUNT -ge 1 ]; then echo "Environment incompatiblity score: $COUNT" printf ' %s\n' "${ARRAY[@]}" app_exit 1 fi } function check_package_awp { echo -n " Verifying Atomic OSSEC Hub installation: " if rpm -q awp-hub-utils >/dev/null; then echo "PASS" else echo "FAIL" echo " Atomic OSSEC hub installation is required for Atomic Inspector" app_exit 1 fi } function preflight_installation { echo -n "Starting Preflight Installation Checks:" | tee -a $LOG echo # check_package_awp #Remove asl and awp repos if they exist. check_prexisting_reps #package conflicts check_package_conflicts if [[ ! $DEBUG ]]; then #Check Disk check_diskspace /var 40 100 #Check Ram. check_ram #Check Swap space. #check_swap #Checking ports #check_ports #CPU Core check check_cores fi #SSL check check_ssl #OS release check check_release #SE Linux check check_selinux } #Run Preflight installation checks. preflight_installation / 3 30 # is this unattended if [ -f awp.cfg ]; then source ./awp.cfg AUTO=1 echo "`date -u` awp.cfg detected, running in unattended mode" >> $LOG fi # if not unattended, force CONFIGURED to no if [ ! $AUTO ]; then CONFIGURED=no echo "`date -u` CONFIGURED forced to no" >> $LOG fi # if not unattended if [ ! $AUTO ]; then # source existing v5 config if present if [ -f /etc/asl/config ] ; then source /etc/asl/config echo "`date -u` sourced /etc/asl/config" >> $LOG # Hub install upgrades, inherit ASL config cp /etc/asl/config /root/awp.cfg if [ ! -d /root/v5tmp ] ; then mkdir -p /root/v5tmp cp -a /etc/asl/* /root/v5tmp/ fi # Check for v5 configuration_setup stuck in loop and remove it. echo "`date -u` Checking for v5 configuration setup..." >> $LOG ps -ax | grep -e "[c]onfiguration_setup.sh" | xargs | awk '{print $1}' | xargs kill > /dev/null 2>&1 echo "`date -u` configuration setup removal exited with code: ${?}" >> $LOG fi # source existing v6 config if present if [ -f /var/awp/etc/config ] ; then source /var/awp/etc/config echo "`date -u` sourced /var/awp/etc/config" >> $LOG fi fi # ask for credentials, determine TC_TARGET if [ "$CONFIGURED" != "yes" ]; then echo echo # --------- from tortix.key if [ -f /var/awp/etc/tortix.key ] && [ -s /var/awp/etc/tortix.key ]; then if [ ! -f /usr/bin/php ]; then yum -y install php fi echo "`date -u` credentials derived from /var/awp/etc/tortix.key " >> $LOG TC_TARGET="updates.atomicorp.com/channels/rules/plesk/README" STEXT=`base64 -d /var/awp/etc/tortix.key` USERNAME=$(php -r "\$z = unserialize('"$STEXT"'); echo \$z[\"login\"] ; ") PASSWORD=$(php -r "\$z = unserialize('"$STEXT"'); echo \$z[\"pass\"] ; ") if [ "$USERNAME" == "" ]; then echo "`date -u` ERROR: username was empty (encoding error)" >> $LOG app_exit 1 fi if [ "$PASSWORD" == "" ]; then echo "`date -u` ERROR: password was empty (encoding error)" >> $LOG app_exit 1 fi export USERNAME echo "`date -u` username: $USERNAME" >> $LOG # --------- from stdin else echo "`date -u` fetching credentials from stdin" >> $LOG TC_TARGET="updates.atomicorp.com/channels/asl-3.0/README" echo -n "Enter subscription Username: " read USERNAME < $INSTALL_TTY export USERNAME if [ "$USERNAME" == "" ]; then echo "Exiting: Username is blank. " echo echo "`date -u` ERROR: empty username provided" >> $LOG app_exit 1 fi PASSCONFIRMED=0 failed=0 while [ $PASSCONFIRMED -lt 1 ]; do if [ $failed -gt 2 ]; then echo "Exiting: too many failed attempts." echo echo "`date -u` ERROR: too many failed attempts" >> $LOG app_exit 1 fi echo -n "Enter Subscription Password: " unset PASSWORD read -sr PASSWORD < $INSTALL_TTY echo if [ "$PASSWORD" == "" ]; then echo "Exiting: Password is blank..." echo "`date -u` ERROR: empty password provided" >> $LOG app_exit 1 fi unset PASSWORD2 echo -n "Re-Enter Subscription Password: " read -sr PASSWORD2 < $INSTALL_TTY echo if [ "$PASSWORD" == "$PASSWORD2" ]; then PASSCONFIRMED=1 else failed=$(( $failed + 1 )) echo "Sorry, passwords do not match." echo echo "`date -u` ERROR: password mismatch" >> $LOG fi done fi fi ENCPASSWORD=$(rawurlencode $PASSWORD) echo "$(date -u) testing credentials" >>$LOG TEST_CREDENTIALS=$(curl -s https://$USERNAME:$ENCPASSWORD@$TC_TARGET) echo echo -n "Verifying account: " if [[ "$TEST_CREDENTIALS" != "Atomicorp, Inc." ]]; then echo "Failed" echo echo " ERROR: AP Username/Password credentials are incorrect or this license has expired." echo " For more information, please see this FAQ:" echo " https://wiki.atomicorp.com/wiki/index.php/ASL_FAQ#HTTP_Error_401:_Authorization_Required_Trying_other_mirror " echo echo "$(date -u) ERROR: authorization failed" >>$LOG app_exit 1 else echo " Passed" echo "$(date -u) authorization test passed" >>$LOG fi echo -n "Installing the Atomic GPG key: " if [ ! -f /etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt ]; then if [ ! -d /etc/pki/rpm-gpg ]; then mkdir -p /etc/pki/rpm-gpg/ fi curl -s https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt -o /etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt RETVAL=$? if [ ! "$RETVAL" = 0 ]; then echo FAIL curl https://www.atomicorp.com/RPM-GPG-KEY.atomicorp.txt echo echo " Could not download the Atomicorp gpg key" echo echo "`date -u` ERROR: failed to download the Atomicorp GPG key" >> $LOG app_exit 1 fi fi /bin/rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt echo "`date -u` Atomicorp GPG key imported" >> $LOG if [ ! -d /var/awp/etc ]; then mkdir -p /var/awp/etc echo "`date -u` created /var/awp/etc" >> $LOG fi # repo files #--------------------------------------------------------- # asl6.repo cat << EOF > /etc/yum.repos.d/awp.repo [asl-6.0] name=Atomicorp - $releasever - Atomic Web Protection 6.0 mirrorlist=file:///var/awp/etc/asl-6.0-mirrorlist priority=1 enabled=1 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt gpgcheck=1 $KERNEL [asl-6.0-testing] name=Atomicorp - $releasever - Atomic Web Protection 6.0 (Testing) mirrorlist=file:///var/awp/etc/asl-6.0-testing-mirrorlist priority=1 enabled=$BETA gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY.atomicorp.txt gpgcheck=1 $KERNEL EOF #--------------------------------------------------------- echo "`date -u` created .repo files" >> $LOG # mirrorlist files #--------------------------------------------------------- cat << EOF > /var/awp/etc/asl-6.0-mirrorlist https://$USERNAME:$ENCPASSWORD@updates.atomicorp.com/channels/asl-6.0/$DIR/$ARCH EOF cat << EOF > /var/awp/etc/asl-6.0-testing-mirrorlist https://$USERNAME:$ENCPASSWORD@updates.atomicorp.com/channels/asl-6.0-testing/$DIR/$ARCH EOF # Docker repo if [ ! -f /etc/yum.repos.d/docker-ce.repo ]; then if [[ $DIST == "el7" ]]; then yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo elif [[ $DIST == "el8" ]]; then dnf -y install 'dnf-command(config-manager)' dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo if ! grep -q "module_hotfixes=true" /etc/dnf/dnf.conf ; then echo "module_hotfixes=true" >> /etc/dnf/dnf.conf fi elif [[ $DIST == "el9" ]]; then dnf -y install 'dnf-command(config-manager)' dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo if ! grep -q "module_hotfixes=true" /etc/dnf/dnf.conf ; then echo "module_hotfixes=true" >> /etc/dnf/dnf.conf fi fi fi #--------------------------------------------------------- # DB Installation #--------------------------------------------------------- # is this unattended if [ ! -f awp.cfg ]; then echo "USERNAME=\"$USERNAME\"" >> awp.cfg echo "PASSWORD=\"${PASSWORD}\"" >> awp.cfg # Add proxy settings to awp.cfg if specified if [ ! -z "$HTTPS_PROXY" ]; then echo "HTTP_PROXY=\"$HTTPS_PROXY\"" >> awp.cfg fi if [ ! -z "$HTTPS_PROXY_USERNAME" ] && [ ! -z "$HTTPS_PROXY_PASSWORD" ]; then echo "HTTP_PROXY_USERNAME=\"$HTTPS_PROXY_USERNAME\"" >> awp.cfg echo "HTTP_PROXY_PASSWORD=\"$HTTPS_PROXY_PASSWORD\"" >> awp.cfg fi fi source ./awp.cfg # Configure Docker proxy settings if proxy is specified if [ ! -z "$HTTPS_PROXY" ]; then echo "Configuring Docker proxy settings..." # Create Docker config directory if it doesn't exist if [ ! -d /etc/systemd/system/docker.service.d ]; then mkdir -p /etc/systemd/system/docker.service.d fi # Create http-proxy.conf with proxy settings cat << EOF > /etc/systemd/system/docker.service.d/http-proxy.conf [Service] Environment="HTTP_PROXY=$HTTPS_PROXY" Environment="HTTPS_PROXY=$HTTPS_PROXY" Environment="NO_PROXY=localhost,127.0.0.1,::1" EOF # Add proxy credentials if provided if [ ! -z "$HTTPS_PROXY_USERNAME" ] && [ ! -z "$HTTPS_PROXY_PASSWORD" ]; then # Extract the proxy URL parts PROXY_PROTO=$(echo $HTTPS_PROXY | cut -d: -f1) PROXY_HOST=$(echo $HTTPS_PROXY | sed -E 's|^[^:]+://([^:/]+)(:[0-9]+)?.*|\1|') PROXY_PORT=$(echo $HTTPS_PROXY | sed -E 's|^[^:]+://[^:]+:([0-9]+).*|\1|') # If no port was found, use default based on protocol if [ "$PROXY_PORT" = "$HTTPS_PROXY" ]; then if [ "$PROXY_PROTO" = "https" ]; then PROXY_PORT=443 else PROXY_PORT=80 fi fi # Create proxy URL with credentials PROXY_WITH_CREDS="${PROXY_PROTO}://${HTTPS_PROXY_USERNAME}:${HTTPS_PROXY_PASSWORD}@${PROXY_HOST}:${PROXY_PORT}" # Update the proxy config sed -i "s|HTTP_PROXY=.*|HTTP_PROXY=$PROXY_WITH_CREDS|" /etc/systemd/system/docker.service.d/http-proxy.conf sed -i "s|HTTPS_PROXY=.*|HTTPS_PROXY=$PROXY_WITH_CREDS|" /etc/systemd/system/docker.service.d/http-proxy.conf fi # Also create /root/.docker/config.json with proxy settings for docker pull/push mkdir -p /root/.docker cat << EOF > /root/.docker/config.json { "proxies": { "default": { "httpProxy": "$HTTPS_PROXY", "httpsProxy": "$HTTPS_PROXY", "noProxy": "localhost,127.0.0.1,::1" } } } EOF echo "Docker proxy configured with: $HTTPS_PROXY" | tee -a $LOG fi # Remove conflicts if rpm -q podman >/dev/null; then yum -y remove podman fi if rpm -q buildah >/dev/null; then yum -y remove buildah fi echo "Installing Docker" PACKAGES="docker-ce docker-compose-plugin /usr/bin/htpasswd" yum install -y $PACKAGES | tee -a $LOG if [ $? -ne 0 ]; then echo "ERROR: Could not install docker" echo echo app_exit 1 fi systemctl enable docker systemctl start docker echo "Verifying Docker Login: " # Keep proxy for Docker login and image pulling echo ${PASSWORD} | docker login -u ${USERNAME} --password-stdin updates.atomicorp.com if [ $? -ne 0 ];then echo "ERROR: Could not connect to registry. Exiting..." echo echo app_exit 1 else echo "PASS" fi echo "Verifying Docker Image Download:" docker pull updates.atomicorp.com/atomic-nginx:7.0.0 if [ $? -ne 0 ];then echo "ERROR: Could not to registry. Exiting..." echo echo app_exit 1 fi echo "`date -u` installing the awp package" >> $LOG PACKAGES="awp-db" yum install -y $PACKAGES | tee -a $LOG if [ $? -eq 0 ]; then sysctl -w vm.max_map_count=262144 echo "vm.max_map_count=262144" > /etc/sysctl.d/99-opensearch.conf systemctl disable httpd systemctl stop httpd systemctl enable awp-db pushd /var/awp/contrib/db >/dev/null echo echo "#########################################" echo "Configure Admin Console login" echo "#########################################" echo PASSCONFIRMED=0 failed=0 while [ $PASSCONFIRMED -lt 1 ]; do if [ $failed -gt 2 ]; then echo "Exiting: too many failed attempts." echo echo "`date -u` ERROR: too many failed attempts" >> $LOG app_exit 1 fi echo -n "Enter Admin Password: " unset PASSWORD read -sr PASSWORD < $INSTALL_TTY echo if [ "$PASSWORD" == "" ]; then echo "Exiting: Password is blank..." echo "`date -u` ERROR: empty password provided" >> $LOG app_exit 1 fi unset PASSWORD2 echo -n "Re-Enter Admin Password: " read -sr PASSWORD2 < $INSTALL_TTY echo if [ "$PASSWORD" == "$PASSWORD2" ]; then PASSCONFIRMED=1 else failed=$(( $failed + 1 )) echo "Sorry, passwords do not match." echo echo "`date -u` ERROR: password mismatch" >> $LOG fi done ADMIN_PASSWORD_HASH=$(htpasswd -bnBC 10 "" ${PASSWORD} | tr -d ':\n') sed "s ADMIN_PASSWORD_HASH ${ADMIN_PASSWORD_HASH} g" config/opensearch/internal_users.yml.template > config/opensearch/internal_users.yml sed "s ADMIN_PASSWORD ${PASSWORD} g" config/atomic-connector/calyptia-fluentd.conf.template > config/atomic-connector/calyptia-fluentd.conf if [ ! -f docker-compose.yml ]; then cp templates/docker-compose.yml . fi # Keep proxy for downloading container images docker compose pull if [ $? -ne 0 ];then echo "ERROR: could not pull containers" app_exit 1 fi # Unset proxy environment variables before starting containers # This ensures containers don't inherit proxy settings echo "Clearing proxy settings for containers..." unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY export http_proxy="" export https_proxy="" export HTTP_PROXY="" export HTTPS_PROXY="" export no_proxy="" export NO_PROXY="" if [ ! -f /var/awp/contrib/db/pki/root-ca-key.pem ]; then ./OpenSearch-SSL-gen.sh fi systemctl enable awp-db systemctl start awp-db popd >/dev/null sed -i "s/FW_ENABLE=.*/FW_ENABLE=\"no\"/g" /var/awp/etc/config sed -i "s/FW_IPV4_FORWARD=.*/FW_IPV4_FORWARD=\"yes\"/g" /var/awp/etc/config sed -i "s/ALLOW_kmod_loading=.*/ALLOW_kmod_loading=\"yes\"/g" /var/awp/etc/config echo -n "Waiting for Atomic inspector to start: " USERNAME=admin n=0 while true; do /var/awp/contrib/db/import-objects.sh ${USERNAME} ${PASSWORD} /var/awp/contrib/db/config/opensearch-dashboards/export.ndjson | grep -q successResults RETVAL=$? if [ $RETVAL -eq 0 ]; then echo " OK" break fi n=$[$n+1] echo -n "." sleep 15 if [[ $n -ge 20 ]]; then echo " ERROR: Startup time exceeded... " break fi done umask 077 if [ ! -f /var/awp/contrib/db/awp-db.conf ]; then echo "USERNAME=\"${USERNAME}\"" > /var/awp/contrib/db/awp-db.conf echo "PASSWORD=\"${PASSWORD}\"" >> /var/awp/contrib/db/awp-db.conf fi CONSOLE_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src $[0-9.]\+$.*/\1/p') echo echo "#########################################" echo "https://${CONSOLE_IP}/inspector" echo " Username: admin" echo " Password: ${PASSWORD}" echo "#########################################" echo else echo echo "ERROR: There was a problem with the Yum installation" echo "`date -u` ERROR: base package installation failed" >> $LOG echo echo app_exit 1 fi # Re-enable disabled repos if [ $ALT_REPO_DISABLED -ge 1 ]; then for reponame in $ALT_REPO; do /usr/bin/yum-config-manager --enable $reponame > /dev/null done fi echo "`date -u` installation complete" >> $LOG