From 674564b79e1bd5b12f60f365d1073b8e6f6137d4 Mon Sep 17 00:00:00 2001
From: iadgovuser26 <iadgovuser26@empire.eclipse.ncsc.mil>
Date: Mon, 18 Mar 2024 12:32:30 -0400
Subject: [PATCH] Added the hirs-aca service

---
 HIRS_AttestationCAPortal/build.gradle        |  9 +++++---
 package/linux/aca/aca_bootRun.sh             |  3 ++-
 package/linux/aca/aca_stop.sh                |  9 ++++++++
 package/linux/db/mysql_util.sh               |  2 ++
 package/linux/systemd/aca_disable_service.sh | 19 +++++++++++++++++
 package/linux/systemd/aca_enable_service.sh  | 22 ++++++++++++++++++++
 package/linux/systemd/hirs-aca.service       | 18 ++++++++++++++++
 7 files changed, 78 insertions(+), 4 deletions(-)
 create mode 100644 package/linux/aca/aca_stop.sh
 create mode 100644 package/linux/systemd/aca_disable_service.sh
 create mode 100644 package/linux/systemd/aca_enable_service.sh
 create mode 100644 package/linux/systemd/hirs-aca.service

diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle
index e039d2e0..be8edfcb 100644
--- a/HIRS_AttestationCAPortal/build.gradle
+++ b/HIRS_AttestationCAPortal/build.gradle
@@ -130,6 +130,7 @@ ospackage {
 
     // Uninstall
     preUninstall 'bash /opt/hirs/aca/scripts/aca/aca_remove_setup.sh'
+    preUninstall 'bash /opt/hirs/aca/scripts/systemd/aca_disable_service.sh'
     postUninstall 'if [ -d /etc/hirs ]; then rm -rf /etc/hirs; fi;'
     
     buildRpm {
@@ -147,9 +148,10 @@ ospackage {
         postTrans 'firewall-cmd --add-port=8443/tcp --permanent'
         postTrans 'firewall-cmd --reload'
         postTrans 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
-        postTrans 'bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
+        postTrans 'bash /opt/hirs/aca/scripts/systemd/aca_enable_service.sh'
+     // postTrans 'bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
         // add chrontab to run ACA at boot
-        postTrans 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
+        //postTrans 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
         postTrans 'chmod +x /opt/hirs/aca/scripts/aca/*'
         postTrans 'if [ -f /opt/hirs/aca/VERSION ]; then rm /opt/hirs/aca/VERSION; fi;'
         // Wait for ACA to start up before finishing the install
@@ -166,7 +168,8 @@ ospackage {
         requires('curl')
         // Install after required packages
         postInstall 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
-        postInstall '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
+        //postInstall '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
+        postInstall 'bash /opt/hirs/aca/scripts/systemd/aca_enable_service.sh'
         postInstall 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
         postInstall 'chmod +x /opt/hirs/aca/scripts/aca/*'
         postInstall 'if [ -f /opt/hirs/aca/VERSION ]; then rm /opt/hirs/aca/VERSION; fi;'
diff --git a/package/linux/aca/aca_bootRun.sh b/package/linux/aca/aca_bootRun.sh
index 2dfa0dda..3fea17f7 100755
--- a/package/linux/aca/aca_bootRun.sh
+++ b/package/linux/aca/aca_bootRun.sh
@@ -132,5 +132,6 @@ if [ -z "$USE_WAR" ]; then
 else
   echo "Booting the ACA from a war file..."
  # java -jar $WAR_PATH $CONNECTOR_PARAMS$WEB_TLS_PARAMS &
-java -jar  $WAR_PATH --spring.config.location=$SPRING_PROP_FILE & disown -h
+java -jar  $WAR_PATH --spring.config.location=$SPRING_PROP_FILE &
+exit 0
 fi
diff --git a/package/linux/aca/aca_stop.sh b/package/linux/aca/aca_stop.sh
new file mode 100644
index 00000000..c1af1586
--- /dev/null
+++ b/package/linux/aca/aca_stop.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+#####################################################################################
+#
+# Script to stop the ACA when running
+#
+#####################################################################################
+
+
+kill -15 $(pgrep -f HIRS_AttestationCAPortal)
diff --git a/package/linux/db/mysql_util.sh b/package/linux/db/mysql_util.sh
index eb214e2c..f5eb7caa 100755
--- a/package/linux/db/mysql_util.sh
+++ b/package/linux/db/mysql_util.sh
@@ -11,9 +11,11 @@ SQL_SERVICE="mariadb"
 # -p to print status
 check_systemd () {
   DB_SERVICE=false
+  SYSD_SERVICE=false
   PRINT_STATUS=$1
   # Check if systemctl is present (not present in a Docker container)
   if [[ $(ps --no-headers -o comm 1) == "systemd" ]]; then
+    SYSD_SERVICE=true
     systemctl is-active --quiet mariadb
     if [[ $? -eq 0 ]]; then
        DB_SERVICE=true
diff --git a/package/linux/systemd/aca_disable_service.sh b/package/linux/systemd/aca_disable_service.sh
new file mode 100644
index 00000000..34bdd508
--- /dev/null
+++ b/package/linux/systemd/aca_disable_service.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#####################################################################################
+#
+# Script to remove the ACA service when running as a service if not running in a container
+#
+#####################################################################################
+
+SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
+pushd $SCRIPT_DIR > /dev/null
+source ../db/mysql_util.sh
+
+check_systemd
+ if [ $SYSD_SERVICE = true ]; then
+    systemctl stop hirs-aca
+    systemctl disable hirs-aca.service
+    systemctl reset-failed hirs-aca
+ fi
+
+ popd > /dev/null
\ No newline at end of file
diff --git a/package/linux/systemd/aca_enable_service.sh b/package/linux/systemd/aca_enable_service.sh
new file mode 100644
index 00000000..b72b3cd8
--- /dev/null
+++ b/package/linux/systemd/aca_enable_service.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+#####################################################################################
+#
+# Script to add the ACA service when running as a service if not running in a container
+#
+#####################################################################################
+
+SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
+pushd $SCRIPT_DIR > /dev/nill
+source ../db/mysql_util.sh
+
+check_systemd
+ if [ $SYSD_SERVICE = true ]; then
+    echo "Starting the ACA as a service..."
+    systemctl enable /opt/hirs/aca/scripts/systemd/hirs-aca.service
+    systemctl start hirs-aca
+ else 
+    echo "Starting the ACA via Springboot..."
+    bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &
+ fi
+
+ popd > /dev/null
\ No newline at end of file
diff --git a/package/linux/systemd/hirs-aca.service b/package/linux/systemd/hirs-aca.service
new file mode 100644
index 00000000..023e89f8
--- /dev/null
+++ b/package/linux/systemd/hirs-aca.service
@@ -0,0 +1,18 @@
+[Unit]
+Description=Host Integrity at Runtime and Startup (HIRS) Attestation CA service
+After=network.target
+
+[Service]
+User=root
+Group=root
+ExecStart=/usr/bin/bash /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w
+SuccessExitStatus=0
+Restart=always
+RestartSec=60
+Environment="JAVA_HOME=/usr/bin/java"
+
+ExecStop=/usr/bin/bash /opt/hirs/aca/scripts/aca/aca_stop.sh
+Type=forking
+
+[Install]
+WantedBy=multi-user.target