#!/bin/sh # Copyright Atomicorp Inc # All Rights reserved # Version: 1.0 #TODO # Check if /var/ossec, /var/ossec/logs, /var/ossec/alerts and any subdirectories are symlinks # Check if any third party repos exist, if they do report the platform is not supported #hubs are not not allowed to be monkeyed with # Check that firewalld is disabled # Check that 1515/TCP and 1514/UDP are open (unless specifically ACLed) # Check that selinux isnt restricting AEO/AWP - we probably cant disable it, but did they mess with selinux so AWP/AEO wont work? # Add plain english to the score, for example: # # Installation readiness score: 30% - NOT SUPPORTED # Fix the following to reach 100%: # Add at leasy 16GB of memory # Filesystem /var/ossec to small, add 1TB # etc. LOG=preflight.log COUNT=0 ARRAY=() # Functions function freespace_check { FILESYSTEM=$1 MINIMUM=$2 SIZES=($(stat -L -f -c "%a %S" ${FILESYSTEM})) FREES=$((${SIZES[0]}*${SIZES[1]})) FREESMB=$(($FREES/1024/1024)) echo -n " Freespace on $FILESYSTEM is ($FREESMB): " if [ $FREESMB -lt $MINIMUM ]; then echo "FAIL" echo " WARNING: in order to complete installation $FILESYSTEM will need at least $MINIMUM MB free." echo " Currently: $FREESMB MB free" ((COUNT++)) ARRAY+=(" Filesystem $FILESYSTEM is too small (expect: $MINIMUM MB free)") else echo PASS fi } # main echo echo "Beginning requirements testing" echo # OS # get os release file if [ -f /etc/system-release ]; then RELEASE_FILE=/etc/system-release elif [ -f /etc/redhat-release ] ; then RELEASE_FILE=/etc/redhat-release else echo echo "Error: /etc/redhat-release was not detected" echo echo "`date -u` ERROR: could not determine release file" >> $LOG exit 1 fi if egrep -q "release 7" $RELEASE_FILE ; then RELEASE=centos/7 else echo echo "WARNING: unsupported platform detected. AWP may not work for this type of system" cat /etc/redhat-release echo read -p ' If you wish to continue on an unsupported platform, type yes: ' INPUTVAL if [[ $INPUTVAL != "yes" ]]; then echo echo Exiting... echo exit 1 fi ((COUNT++)) ARRAY+=(" Operating system not supported (expect: RHEL/Centos 7)") fi echo echo "Verifying system resources" echo # Memory MEMORY=$(free |grep Mem |awk '{print $2}') echo -n " Memory $MEMORY: " if [[ $MEMORY -lt 8000000 ]]; then echo "FAIL < 8G" ((COUNT++)) ARRAY+=(" Insufficient Memory (expect: 8000000 minimum)") else echo "PASS" fi # CPU CORES=$(nproc) echo -n " CPU Cores $CORES: " if [[ $CORES < 4 ]]; then echo "FAIL < 4" ((COUNT++)) ARRAY+=(" Insufficient CPU cores (expect: 4 minimum)") else echo "PASS" fi # Disk space if [ ! -d /var/www/html ]; then mkdir -p /var/www/html fi freespace_check "/var/www/html" "2000" if [ ! -d /var/ossec ]; then mkdir -p /var/ossec fi freespace_check "/var/ossec" "900000" # Disk IO # TODO ####################### # System health ####################### echo echo "Verifying system health" echo # SSH echo -n " SSHD configuration: " sshd -t >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "FAIL" ((COUNT++)) ARRAY+=(" SSH is non functional (expect: sshd -t exit 0)") else echo "PASS" fi # Sudo echo -n " SUDO configuration: " /usr/bin/sudo true >/dev/null 2>&1 if [ $? -eq 0 ]; then echo PASS else echo FAIL ((COUNT++)) ARRAY+=(" Sudo is non functional (expect: sudo true exit 0)") fi # Basic yum test echo -n " Testing yum: " yum repolist >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "FAIL" ((COUNT++)) ARRAY+=(" yum repolist returned an error (expect: yum repolist exit 0)") else # Repos echo -n " Checking yum repositories: " ALT_REPO=$(yum -v -C repolist |awk -F: '/Repo-id/ {print $2}' |egrep -iv "^ (asl-|atomic|base|extras|updates|tortix|epel|rhel-7|rhel-server|rhel-ha|rhel-rs|rhel-sjis)" >/dev/null 2>&1) RETVAL=$? if [ $RETVAL -lt 1 ]; then echo FAIL echo " WARNING: 3rd party yum repositories detected. This could conflict during configuration/installation" echo echo $ALT_REPO echo ((COUNT++)) ARRAY+=(" Untested yum repositories (expect: known repos)") else echo PASS fi fi ###################### # Conflicts ###################### echo echo "Checking for package conflicts" echo CONFLICTS="MFEcma MFErt MFEhiplsm-kernel MFEhiplsm-apache cphalo cb cb-enterprise csf" for package in $CONFLICTS; do if rpm -q $package >/dev/null; then echo "Found conflict: $package" ((COUNT++)) ARRAY+=(" Incompatible package: $package ") fi done echo "Complete" ##################### # Process Anomalies ##################### #Ex: /opt/McAfee/agent/bin/macompatsvc #Ex: /opt/McAfee/hip/HipClient-bin ##################### # Customization detection ##################### ######## # Final ####### echo echo echo "Environment incompatiblity score: $COUNT" echo printf '%s\n' "${ARRAY[@]}" echo echo