ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-25 15:41:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Some initial changes to the rpm scripts

Browse Source
This commit is contained in:
Cyrus 2022-09-06 08:02:00 -04:00
parent 0e9fd56842
commit 41bd22cbce
5 changed files with 57 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/rpm/HIRS.spec
View File

@ -133,12 +133,12 @@ Group : System Environment/Base
%if 0%{?build6} %if 0%{?build6}
Requires : mysql-server, openssl, tomcat6, java-1.8.0, rpmdevtools, coreutils, initscripts, chkconfig, sed, grep, iptables Requires : mysql-server, openssl, tomcat6, java-1.8.0, rpmdevtools, coreutils, initscripts, chkconfig, sed, grep, iptables
Prefix : /usr/share/tomcat6 Prefix : /opt/tomcat6
%endif %endif
%if 0%{?build7} %if 0%{?build7}
Requires : mariadb-server, openssl, tomcat, java-1.8.0, rpmdevtools, coreutils, initscripts, chkconfig, sed, grep, firewalld, policycoreutils Requires : mariadb-server, openssl, tomcat, java-1.8.0, rpmdevtools, coreutils, initscripts, chkconfig, sed, grep, firewalld, policycoreutils
Prefix : /usr/share/tomcat Prefix : /opt/tomcat
%endif %endif
%description -n HIRS_AttestationCA %description -n HIRS_AttestationCA

14
package/scripts/aca/certificate_generate.sh
View File

@ -60,14 +60,14 @@ cp ${CA_KEYSTORE} /etc/hirs/aca/client-files/
# start up the tomcat service # start up the tomcat service
# Guess where Tomcat is installed and what it's called: # Guess where Tomcat is installed and what it's called:
if [ -d /usr/share/tomcat6 ] ; then #if [ -d /usr/share/tomcat6 ] ; then
TOMCAT_SERVICE=tomcat6 # TOMCAT_SERVICE=tomcat6
elif [ -d /usr/share/tomcat ] ; then #elif [ -d /usr/share/tomcat ] ; then
TOMCAT_SERVICE=tomcat TOMCAT_SERVICE=tomcat
else #else
echo "Can't find Tomcat installation" # echo "Can't find Tomcat installation"
exit 1 # exit 1
fi #fi
# restart tomcat after updating the trust store. # restart tomcat after updating the trust store.
if [ $DOCKER_CONTAINER = true ]; then if [ $DOCKER_CONTAINER = true ]; then

44
package/scripts/common/db_create.sh
View File

@ -1,15 +1,15 @@
#!/bin/bash #!/bin/bash
# Check if we're in a Docker container # Check if we're in a Docker container
if [ -f /.dockerenv ]; then #if [ -f /.dockerenv ]; then
DOCKER_CONTAINER=true DOCKER_CONTAINER=true
else #else
DOCKER_CONTAINER=false # DOCKER_CONTAINER=false
fi #fi
echo "Creating HIRS Database..." echo "Creating HIRS Database..."
if [ $DOCKER_CONTAINER = true ]; then #if [ $DOCKER_CONTAINER = true ]; then
# If in Docker container, avoid services that invoke the D-Bus # If in Docker container, avoid services that invoke the D-Bus
if [[ $(pgrep -c -u mysql mysqld) -eq 0 ]]; then if [[ $(pgrep -c -u mysql mysqld) -eq 0 ]]; then
/usr/libexec/mariadb-prepare-db-dir /usr/libexec/mariadb-prepare-db-dir
@ -17,24 +17,24 @@ if [ $DOCKER_CONTAINER = true ]; then
MYSQLD_PID=$(pgrep -u mysql mysqld) MYSQLD_PID=$(pgrep -u mysql mysqld)
/usr/libexec/mariadb-wait-ready $MYSQLD_PID /usr/libexec/mariadb-wait-ready $MYSQLD_PID
fi fi
else #else
SQL_SERVICE=`/opt/hirs/scripts/common/get_db_service.sh` # SQL_SERVICE=`mariadb`#`/opt/hirs/scripts/common/get_db_service.sh`
chkconfig $SQL_SERVICE on # chkconfig $SQL_SERVICE on
service $SQL_SERVICE start # service $SQL_SERVICE start
fi #fi
if [[ -f /etc/redhat-release ]] ; then #if [[ -f /etc/redhat-release ]] ; then
CENTOS_VER=`/opt/hirs/scripts/common/get_centos_major_version.sh` # CENTOS_VER=`/opt/hirs/scripts/common/get_centos_major_version.sh`
elif [[ -f /etc/os-release ]] ; then #elif [[ -f /etc/os-release ]] ; then
AMAZON_VER=`/opt/hirs/scripts/common/get_amazon_linux_major_version.sh` # AMAZON_VER=`/opt/hirs/scripts/common/get_amazon_linux_major_version.sh`
fi #fi
if [ $CENTOS_VER -eq "6" ] ; then #if [ $CENTOS_VER -eq "6" ] ; then
DB_CREATE_SCRIPT=/opt/hirs/scripts/common/db_create.sql.el6 # DB_CREATE_SCRIPT=/opt/hirs/scripts/common/db_create.sql.el6
elif [ $CENTOS_VER -eq "7" ] || [ $AMAZON_VER -eq "2" ] ; then #elif [ $CENTOS_VER -eq "7" ] || [ $AMAZON_VER -eq "2" ] ; then
DB_CREATE_SCRIPT=/opt/hirs/scripts/common/db_create.sql.el7 DB_CREATE_SCRIPT=/opt/hirs/scripts/common/db_create.sql.el7
else #else
echo "Unsupported Linux detected" # echo "Unsupported Linux detected"
exit 1 # exit 1
fi #fi
mysql -u root < $DB_CREATE_SCRIPT mysql -u root < $DB_CREATE_SCRIPT

24
package/scripts/common/firewall_configure_tomcat.sh
View File

@ -9,18 +9,18 @@ elif [[ -f /etc/os-release ]] ; then
AMAZON_VER=`/opt/hirs/scripts/common/get_amazon_linux_major_version.sh` AMAZON_VER=`/opt/hirs/scripts/common/get_amazon_linux_major_version.sh`
fi fi
if [ $CENTOS_VER -eq "6" ] ; then #if [ $CENTOS_VER -eq "6" ] ; then
checkHTTPS=`iptables-save | grep -- "--dport 8443 -j ACCEPT"` # checkHTTPS=`iptables-save | grep -- "--dport 8443 -j ACCEPT"`
if [[ $checkHTTPS == "" ]]; then # if [[ $checkHTTPS == "" ]]; then
echo "Tomcat HTTPS firewall rule doesn't exist, adding now" # echo "Tomcat HTTPS firewall rule doesn't exist, adding now"
iptables -I INPUT 1 -p tcp -m tcp --dport 8443 -j ACCEPT #iptables -I INPUT 1 -p tcp -m tcp --dport 8443 -j ACCEPT
service iptables save # service iptables save
fi # fi
elif [ $CENTOS_VER -eq "7" ] || [ $AMAZON_VER -eq "2" ] ; then #elif [ $CENTOS_VER -eq "7" ] || [ $AMAZON_VER -eq "2" ] ; then
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 -p tcp --dport 8443 -j ACCEPT firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 -p tcp --dport 8443 -j ACCEPT
firewall-cmd --reload firewall-cmd --reload
else #else
echo "Unsupported Linux detected" # echo "Unsupported Linux detected"
exit 1 # exit 1
fi #fi

27
package/scripts/common/ssl_configure.sh
View File

@ -23,7 +23,7 @@ fi
################# #################
# Key Generation # Key Generation
################# #################d
# if the CA PEM file does not exist, generate the HIRS CA file and associated keystore and truststores # if the CA PEM file does not exist, generate the HIRS CA file and associated keystore and truststores
if ! [ -f $CA_PEM ]; then if ! [ -f $CA_PEM ]; then
@ -96,18 +96,18 @@ if [[ $1 = "server" ]]; then
TOMCAT_MAJOR_VERSION=`echo $TOMCAT_VERSION | head -c 1` TOMCAT_MAJOR_VERSION=`echo $TOMCAT_VERSION | head -c 1`
if [[ $TOMCAT_MAJOR_VERSION = '6' ]]; then # if [[ $TOMCAT_MAJOR_VERSION = '6' ]]; then
CATALINA_HOME=/usr/share/tomcat6 # CATALINA_HOME=/usr/share/tomcat6
TOMCAT_SERVICE=tomcat6 # TOMCAT_SERVICE=tomcat6
TOMCAT_CONF=${CATALINA_HOME}/conf/tomcat6.conf # TOMCAT_CONF=${CATALINA_HOME}/conf/tomcat6.conf
elif [[ $TOMCAT_MAJOR_VERSION = '7' ]] ; then # elif [[ $TOMCAT_MAJOR_VERSION = '7' ]] ; then
CATALINA_HOME=/usr/share/tomcat CATALINA_HOME=/opt/tomcat
TOMCAT_SERVICE=tomcat TOMCAT_SERVICE=tomcat
TOMCAT_CONF=${CATALINA_HOME}/conf/tomcat.conf TOMCAT_CONF=${CATALINA_HOME}/conf/tomcat.conf
else # else
echo "Unsupported Tomcat version: ${TOMCAT_MAJOR_VERSION}" # echo "Unsupported Tomcat version: ${TOMCAT_MAJOR_VERSION}"
exit 1 # exit 1
fi # fi
if [[ -z `grep -o "keystoreFile=\"${CA_CERT_DIR_ESCAPED}\/keyStore.jks\"" $CATALINA_HOME/conf/server.xml` ]]; then if [[ -z `grep -o "keystoreFile=\"${CA_CERT_DIR_ESCAPED}\/keyStore.jks\"" $CATALINA_HOME/conf/server.xml` ]]; then
echo "Configuring Tomcat SSL" echo "Configuring Tomcat SSL"
@ -124,7 +124,7 @@ if [[ $1 = "server" ]]; then
# Configure the server.xml file such that it uses our key store and trust store # Configure the server.xml file such that it uses our key store and trust store
if [ $DOCKER_CONTAINER = true ]; then if [ $DOCKER_CONTAINER = true ]; then
# If in Docker container, avoid services that invoke the D-Bus # If in Docker container, avoid services that invoke the D-Bus
if [[ $(pgrep -c -f /usr/share/tomcat) -ne 0 ]]; then if [[ $(pgrep -c -f /opt/tomcat) -ne 0 ]]; then
echo "Tomcat is running, so we stop it." echo "Tomcat is running, so we stop it."
/usr/libexec/tomcat/server stop /usr/libexec/tomcat/server stop
fi fi
@ -160,7 +160,8 @@ EOF
if [ $DOCKER_CONTAINER = true ]; then if [ $DOCKER_CONTAINER = true ]; then
# If in Docker container, avoid services that invoke the D-Bus # If in Docker container, avoid services that invoke the D-Bus
(/usr/libexec/tomcat/server start) & #(/usr/libexec/tomcat/server start) &
(/opt/tomcat/bin/catalina.sh start) &
# Wait for Tomcat to boot completely # Wait for Tomcat to boot completely
until [ "`curl --silent --connect-timeout 1 -I http://localhost:8080 | grep 'Coyote'`" != "" ]; do until [ "`curl --silent --connect-timeout 1 -I http://localhost:8080 | grep 'Coyote'`" != "" ]; do
: :