mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-18 02:39:56 +00:00
added checks for previous installs
This commit is contained in:
iadgovuser26 iadgovuser26@empire.eclipse.ncsc.mil
parent
8d035ed50c
commit
93805e4d3e
@ -130,9 +130,8 @@ ospackage {
|
||||
|
||||
// Uninstall
|
||||
preUninstall 'bash /opt/hirs/aca/scripts/aca/aca_remove_setup.sh'
|
||||
//postUninstall 'rm -rf /etc/hirs'
|
||||
//postUninstall 'rm -rf /opt/hirs'
|
||||
|
||||
postUninstall 'if [ -d /etc/hirs ]; then rm -rf /etc/hirs; fi;'
|
||||
|
||||
buildRpm {
|
||||
dependsOn ':HIRS_AttestationCAPortal:buildVersion'
|
||||
dependsOn ':HIRS_AttestationCAPortal:bootWar'
|
||||
@ -145,6 +144,8 @@ ospackage {
|
||||
// Post Trans stage (Occurs after required app and postInstall stage)
|
||||
// Note postInstall wont wait forrequired apps
|
||||
postTrans 'update-alternatives --set java java-17-openjdk.x86_64'
|
||||
postTrans 'firewall-cmd --add-port=8443/tcp --permanent'
|
||||
postTrans 'firewall-cmd --reload'
|
||||
postTrans 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
|
||||
postTrans '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &'
|
||||
// add chrontab to run ACA at boot
|
||||
|
||||
@ -8,16 +8,26 @@
|
||||
|
||||
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
|
||||
LOG_FILE=/dev/null
|
||||
|
||||
LOG_DIR="/var/log/hirs/"
|
||||
# Check for Admin privileges
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "This script requires root. ACA setup not removed. Please run as root."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -d "/etc/hirs" ]; then
|
||||
echo "/etc/hirs does not exist, aborting removal."
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -d "/opt/hirs" ]; then
|
||||
echo "/opt/hirs does not exist, aborting removal."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
source $SCRIPT_DIR/../db/mysql_util.sh
|
||||
|
||||
# Make sure mysql root password is available and set $DB_ADIM_PWD before continuing...
|
||||
# Make sure mysql root password is available before continuing...
|
||||
check_mariadb_install
|
||||
|
||||
check_mysql_root
|
||||
@ -30,8 +40,8 @@ popd &>/dev/null
|
||||
# remove pki files and config files if not installed by rpm
|
||||
echo "Removing certificates and config files..."
|
||||
|
||||
# Remove /opt/hirs only if not configured by a package basedd install:
|
||||
if [ ! -f /etc/hirs/aca/VERSION ]; then
|
||||
# Remove /opt/hirs only if not configured by a package based install:
|
||||
if [ -f /opt/hirs/aca/VERSION ]; then
|
||||
if [ -d "/etc/hirs" ]; then
|
||||
rm -rf /etc/hirs >/dev/null 2>&1
|
||||
fi
|
||||
@ -40,6 +50,10 @@ if [ ! -f /etc/hirs/aca/VERSION ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -d $LOG_DIR ]; then
|
||||
rm -rf $LOG_DIR;
|
||||
fi
|
||||
|
||||
# Remove crontab and current ACA process
|
||||
echo "Removing the ACA crontab"
|
||||
sed -i '/aca_bootRun.sh/d' /etc/crontab
|
||||
|
||||
@ -67,6 +67,18 @@ done
|
||||
|
||||
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
|
||||
|
||||
# Check for existing installation folders and exist if found
|
||||
if [ -z $ARG_UNATTEND ]; then
|
||||
if [ -d "/etc/hirs" ]; then
|
||||
echo "/etc/hirs exists, aborting install."
|
||||
exit 1
|
||||
fi
|
||||
if [ -d "/opt/hirs" ]; then
|
||||
echo "/opt/hirs exists, aborting install."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
mkdir -p $HIRS_CONF_DIR $LOG_DIR $HIRS_JSON_DIR $ACA_OPT_DIR
|
||||
touch "$LOG_FILE"
|
||||
|
||||
|
||||
@ -74,7 +74,7 @@ check_mysql_root_pwd () {
|
||||
DB_ADMIN_PWD=$(head -c 64 /dev/urandom | md5sum | tr -dc 'a-zA-Z0-9')
|
||||
echo "DB Admin will be set to $DB_ADMIN_PWD , please make note for next mysql use."
|
||||
# Check UNATTENDED flag set m if not then prompt user for permission ot store mysql root password
|
||||
if [ -z $UNATTEmariadb-serverNDED ]; then
|
||||
if [ -z $UNATTENDED ]; then
|
||||
read -p "Do you wish to save this password to the aca.properties file? " confirm
|
||||
if [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]]; then
|
||||
echo "mysql_admin_password=$DB_ADMIN_PWD" >> $ACA_PROP_FILE
|
||||
@ -159,16 +159,16 @@ set_hirs_db_pwd () {
|
||||
HIRS_DB_PWD=$(head -c 64 /dev/urandom | md5sum | tr -dc 'a-zA-Z0-9')
|
||||
fi
|
||||
# Add key/values only if they dont exist
|
||||
if [[ $(sudo grep -c "hirs_db_username" $ACA_PROP_FILE) -eq 0 ]]; then
|
||||
if [[ $(grep -c "hirs_db_username" $ACA_PROP_FILE) -eq 0 ]]; then
|
||||
echo "hirs_db_username=hirs_db" >> $ACA_PROP_FILE
|
||||
fi
|
||||
if [[ $(sudo grep -c "hirs_db_password" $ACA_PROP_FILE) -eq 0 ]]; then
|
||||
if [[ $(grep -c "hirs_db_password" $ACA_PROP_FILE) -eq 0 ]]; then
|
||||
echo "hirs_db_password=$HIRS_DB_PWD" >> $ACA_PROP_FILE
|
||||
fi
|
||||
if [[ $(sudo grep -c "hibernate.connection.username" $SPRING_PROP_FILE) -eq 0 ]]; then
|
||||
if [[ $(grep -c "hibernate.connection.username" $SPRING_PROP_FILE) -eq 0 ]]; then
|
||||
echo "hibernate.connection.username=hirs_db" >> $SPRING_PROP_FILE
|
||||
fi
|
||||
if [[ $(sudo grep -c "hibernate.connection.password" $SPRING_PROP_FILE) -eq 0 ]]; then
|
||||
if [[ $(grep -c "hibernate.connection.password" $SPRING_PROP_FILE) -eq 0 ]]; then
|
||||
echo "hibernate.connection.password=$HIRS_DB_PWD" >> $SPRING_PROP_FILE
|
||||
fi
|
||||
fi
|
||||
@ -183,7 +183,6 @@ create_hirs_db_with_tls () {
|
||||
else
|
||||
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/db_create.sql
|
||||
mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/secure_mysql.sql
|
||||
# mysql -u root --password=$DB_ADMIN_PWD -e "ALTER USER 'hirs_db'@'localhost' IDENTIFIED BY '"$HIRS_DB_PWD"'; FLUSH PRIVILEGES;";
|
||||
mysql -u root --password=$DB_ADMIN_PWD -e "SET PASSWORD FOR 'hirs_db'@'localhost' = PASSWORD('"$HIRS_DB_PWD"'); FLUSH PRIVILEGES;";
|
||||
fi
|
||||
}
|
||||
@ -214,7 +213,7 @@ keyStoreType=PKCS12&\
|
||||
keyStorePassword=$PKI_PASS&\
|
||||
keyStore="$CLIENT_DB_P12" "
|
||||
|
||||
if [[ $(sudo grep -c "hibernate.connection.url" $SPRING_PROP_FILE) -eq 0 ]]; then
|
||||
if [[ $(grep -c "hibernate.connection.url" $SPRING_PROP_FILE) -eq 0 ]]; then
|
||||
echo $CONNECTOR_URL >> $SPRING_PROP_FILE
|
||||
fi
|
||||
|
||||
@ -227,6 +226,8 @@ set_mysql_client_tls
|
||||
start_mysqlsd
|
||||
check_mysql
|
||||
check_mysql_root_pwd
|
||||
clear_hirs_user
|
||||
|
||||
set_hirs_db_pwd
|
||||
create_hirs_db_with_tls
|
||||
create_hibernate_url "RSA" "hirs_db"
|
||||
|
||||
@ -30,14 +30,11 @@ fi
|
||||
|
||||
echo "dropping hirs_db database"
|
||||
|
||||
#if pgrep mysqld >/dev/null 2>&1; then
|
||||
mysql -u root --password=$DB_ADMIN_PWD -e "FLUSH HOSTS; FLUSH LOGS; FLUSH STATUS; FLUSH PRIVILEGES; FLUSH USER_RESOURCES"
|
||||
mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
|
||||
mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
|
||||
echo "hirs_db database and hirs_db user removed"
|
||||
# else
|
||||
# echo "mysql is not running. DB was not removed."
|
||||
#fi
|
||||
|
||||
|
||||
# reset the mysql root if the password was left in the properties fiel
|
||||
if [ ! -z $DB_ADMIN_PWD ]; then
|
||||
|
||||
@ -174,6 +174,23 @@ check_db_cleared () {
|
||||
fi
|
||||
}
|
||||
|
||||
clear_hirs_user () {
|
||||
$(mysql -u root -e 'quit' &> /dev/null);
|
||||
if [ $? -eq 0 ]; then
|
||||
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
|
||||
if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then
|
||||
mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
|
||||
echo "hirs_db user found and deleted"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
clear_hirs_db () {
|
||||
$(mysql -u root -e 'quit' &> /dev/null);
|
||||
if [ $? -eq 0 ]; then
|
||||
mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
|
||||
fi
|
||||
}
|
||||
# restart maraidb
|
||||
mysqld_reboot () {
|
||||
# reboot mysql server
|
||||
|
||||
Loading…
Reference in New Issue
Block a user