From 93805e4d3efa9b628a16b38a1bac9f4245d68329 Mon Sep 17 00:00:00 2001 From: "iadgovuser26 iadgovuser26@empire.eclipse.ncsc.mil" Date: Fri, 23 Feb 2024 15:19:02 -0500 Subject: [PATCH] added checks for previous installs --- HIRS_AttestationCAPortal/build.gradle | 7 ++++--- package/scripts/aca/aca_remove_setup.sh | 22 ++++++++++++++++++---- package/scripts/aca/aca_setup.sh | 12 ++++++++++++ package/scripts/db/db_create.sh | 15 ++++++++------- package/scripts/db/db_drop.sh | 5 +---- package/scripts/db/mysql_util.sh | 17 +++++++++++++++++ 6 files changed, 60 insertions(+), 18 deletions(-) diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index 2d274675..17714b05 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -130,9 +130,8 @@ ospackage { // Uninstall preUninstall 'bash /opt/hirs/aca/scripts/aca/aca_remove_setup.sh' - //postUninstall 'rm -rf /etc/hirs' - //postUninstall 'rm -rf /opt/hirs' - + postUninstall 'if [ -d /etc/hirs ]; then rm -rf /etc/hirs; fi;' + buildRpm { dependsOn ':HIRS_AttestationCAPortal:buildVersion' dependsOn ':HIRS_AttestationCAPortal:bootWar' @@ -145,6 +144,8 @@ ospackage { // Post Trans stage (Occurs after required app and postInstall stage) // Note postInstall wont wait forrequired apps postTrans 'update-alternatives --set java java-17-openjdk.x86_64' + postTrans 'firewall-cmd --add-port=8443/tcp --permanent' + postTrans 'firewall-cmd --reload' postTrans 'bash /opt/hirs/aca/scripts/aca/aca_setup.sh -u' postTrans '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w &' // add chrontab to run ACA at boot diff --git a/package/scripts/aca/aca_remove_setup.sh b/package/scripts/aca/aca_remove_setup.sh index 4aee212b..ce701792 100755 --- a/package/scripts/aca/aca_remove_setup.sh +++ b/package/scripts/aca/aca_remove_setup.sh @@ -8,16 +8,26 @@ SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; ) LOG_FILE=/dev/null - +LOG_DIR="/var/log/hirs/" # Check for Admin privileges if [ "$EUID" -ne 0 ]; then echo "This script requires root. ACA setup not removed. Please run as root." exit 1 fi +if [ ! -d "/etc/hirs" ]; then + echo "/etc/hirs does not exist, aborting removal." + exit 1 +fi +if [ ! -d "/opt/hirs" ]; then + echo "/opt/hirs does not exist, aborting removal." + exit 1 +fi + + source $SCRIPT_DIR/../db/mysql_util.sh -# Make sure mysql root password is available and set $DB_ADIM_PWD before continuing... +# Make sure mysql root password is available before continuing... check_mariadb_install check_mysql_root @@ -30,8 +40,8 @@ popd &>/dev/null # remove pki files and config files if not installed by rpm echo "Removing certificates and config files..." -# Remove /opt/hirs only if not configured by a package basedd install: -if [ ! -f /etc/hirs/aca/VERSION ]; then +# Remove /opt/hirs only if not configured by a package based install: +if [ -f /opt/hirs/aca/VERSION ]; then if [ -d "/etc/hirs" ]; then rm -rf /etc/hirs >/dev/null 2>&1 fi @@ -40,6 +50,10 @@ if [ ! -f /etc/hirs/aca/VERSION ]; then fi fi +if [ -d $LOG_DIR ]; then + rm -rf $LOG_DIR; +fi + # Remove crontab and current ACA process echo "Removing the ACA crontab" sed -i '/aca_bootRun.sh/d' /etc/crontab diff --git a/package/scripts/aca/aca_setup.sh b/package/scripts/aca/aca_setup.sh index 339c106e..778e7aaf 100755 --- a/package/scripts/aca/aca_setup.sh +++ b/package/scripts/aca/aca_setup.sh @@ -67,6 +67,18 @@ done set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters +# Check for existing installation folders and exist if found +if [ -z $ARG_UNATTEND ]; then + if [ -d "/etc/hirs" ]; then + echo "/etc/hirs exists, aborting install." + exit 1 + fi + if [ -d "/opt/hirs" ]; then + echo "/opt/hirs exists, aborting install." + exit 1 + fi +fi + mkdir -p $HIRS_CONF_DIR $LOG_DIR $HIRS_JSON_DIR $ACA_OPT_DIR touch "$LOG_FILE" diff --git a/package/scripts/db/db_create.sh b/package/scripts/db/db_create.sh index a51254b0..e1ad8d66 100755 --- a/package/scripts/db/db_create.sh +++ b/package/scripts/db/db_create.sh @@ -74,7 +74,7 @@ check_mysql_root_pwd () { DB_ADMIN_PWD=$(head -c 64 /dev/urandom | md5sum | tr -dc 'a-zA-Z0-9') echo "DB Admin will be set to $DB_ADMIN_PWD , please make note for next mysql use." # Check UNATTENDED flag set m if not then prompt user for permission ot store mysql root password - if [ -z $UNATTEmariadb-serverNDED ]; then + if [ -z $UNATTENDED ]; then read -p "Do you wish to save this password to the aca.properties file? " confirm if [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]]; then echo "mysql_admin_password=$DB_ADMIN_PWD" >> $ACA_PROP_FILE @@ -159,16 +159,16 @@ set_hirs_db_pwd () { HIRS_DB_PWD=$(head -c 64 /dev/urandom | md5sum | tr -dc 'a-zA-Z0-9') fi # Add key/values only if they dont exist - if [[ $(sudo grep -c "hirs_db_username" $ACA_PROP_FILE) -eq 0 ]]; then + if [[ $(grep -c "hirs_db_username" $ACA_PROP_FILE) -eq 0 ]]; then echo "hirs_db_username=hirs_db" >> $ACA_PROP_FILE fi - if [[ $(sudo grep -c "hirs_db_password" $ACA_PROP_FILE) -eq 0 ]]; then + if [[ $(grep -c "hirs_db_password" $ACA_PROP_FILE) -eq 0 ]]; then echo "hirs_db_password=$HIRS_DB_PWD" >> $ACA_PROP_FILE fi - if [[ $(sudo grep -c "hibernate.connection.username" $SPRING_PROP_FILE) -eq 0 ]]; then + if [[ $(grep -c "hibernate.connection.username" $SPRING_PROP_FILE) -eq 0 ]]; then echo "hibernate.connection.username=hirs_db" >> $SPRING_PROP_FILE fi - if [[ $(sudo grep -c "hibernate.connection.password" $SPRING_PROP_FILE) -eq 0 ]]; then + if [[ $(grep -c "hibernate.connection.password" $SPRING_PROP_FILE) -eq 0 ]]; then echo "hibernate.connection.password=$HIRS_DB_PWD" >> $SPRING_PROP_FILE fi fi @@ -183,7 +183,6 @@ create_hirs_db_with_tls () { else mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/db_create.sql mysql -u root --password=$DB_ADMIN_PWD < $MYSQL_DIR/secure_mysql.sql -# mysql -u root --password=$DB_ADMIN_PWD -e "ALTER USER 'hirs_db'@'localhost' IDENTIFIED BY '"$HIRS_DB_PWD"'; FLUSH PRIVILEGES;"; mysql -u root --password=$DB_ADMIN_PWD -e "SET PASSWORD FOR 'hirs_db'@'localhost' = PASSWORD('"$HIRS_DB_PWD"'); FLUSH PRIVILEGES;"; fi } @@ -214,7 +213,7 @@ keyStoreType=PKCS12&\ keyStorePassword=$PKI_PASS&\ keyStore="$CLIENT_DB_P12" " -if [[ $(sudo grep -c "hibernate.connection.url" $SPRING_PROP_FILE) -eq 0 ]]; then +if [[ $(grep -c "hibernate.connection.url" $SPRING_PROP_FILE) -eq 0 ]]; then echo $CONNECTOR_URL >> $SPRING_PROP_FILE fi @@ -227,6 +226,8 @@ set_mysql_client_tls start_mysqlsd check_mysql check_mysql_root_pwd +clear_hirs_user + set_hirs_db_pwd create_hirs_db_with_tls create_hibernate_url "RSA" "hirs_db" diff --git a/package/scripts/db/db_drop.sh b/package/scripts/db/db_drop.sh index dfde33f5..2edc3f21 100755 --- a/package/scripts/db/db_drop.sh +++ b/package/scripts/db/db_drop.sh @@ -30,14 +30,11 @@ fi echo "dropping hirs_db database" -#if pgrep mysqld >/dev/null 2>&1; then mysql -u root --password=$DB_ADMIN_PWD -e "FLUSH HOSTS; FLUSH LOGS; FLUSH STATUS; FLUSH PRIVILEGES; FLUSH USER_RESOURCES" mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';" mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;" echo "hirs_db database and hirs_db user removed" -# else -# echo "mysql is not running. DB was not removed." -#fi + # reset the mysql root if the password was left in the properties fiel if [ ! -z $DB_ADMIN_PWD ]; then diff --git a/package/scripts/db/mysql_util.sh b/package/scripts/db/mysql_util.sh index c422b8cb..ded950cd 100755 --- a/package/scripts/db/mysql_util.sh +++ b/package/scripts/db/mysql_util.sh @@ -174,6 +174,23 @@ check_db_cleared () { fi } +clear_hirs_user () { +$(mysql -u root -e 'quit' &> /dev/null); + if [ $? -eq 0 ]; then + HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")" + if [[ $HIRS_DB_USER_EXISTS == 1 ]]; then + mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';" + echo "hirs_db user found and deleted" + fi + fi +} + +clear_hirs_db () { +$(mysql -u root -e 'quit' &> /dev/null); + if [ $? -eq 0 ]; then + mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;" + fi +} # restart maraidb mysqld_reboot () { # reboot mysql server