From 38a0fd9ad5dae85c1c05d4db2539991016146b94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20M=C3=BCnch?= Date: Sun, 16 Jul 2023 16:04:28 +0200 Subject: [PATCH 1/2] add configuration to enable Linux/macOS service MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Patrick Münch --- install.sh | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 125 insertions(+), 7 deletions(-) diff --git a/install.sh b/install.sh index 65204258..98676091 100755 --- a/install.sh +++ b/install.sh @@ -45,6 +45,7 @@ MONDOO_BINARY="cnspec" # binary that we search for # read bash flags MONDOO_INSTALLER='' +MONDOO_SERVICE='' MONDOO_REGISTRATION_TOKEN='' print_usage() { @@ -52,14 +53,20 @@ print_usage() { echo " Options: " >&2 echo " -i : Select a specific installer, options are:" >&2 echo " macOS: brew, pkg" >&2 + echo " -s : Enables the cnspec service for the system." >&2 + echo " options are: enable" >&2 echo " -t : Registration Token to authenticate with" >&2 echo " Mondoo Platform" >&2 + echo " -u : Enables the Mondoo auto updater for the system." >&2 + echo " options are: enable" >&2 } -while getopts 'i:vt:v' flag; do +while getopts 'i:s:u:vt:v' flag; do case "${flag}" in i) MONDOO_INSTALLER="${OPTARG}" ;; + s) MONDOO_SERVICE="${OPTARG}" ;; t) MONDOO_REGISTRATION_TOKEN="${OPTARG}" ;; + u) MONDOO_AUTOUPDATER="${OPTARG}" ;; *) print_usage exit 1 ;; esac @@ -121,7 +128,15 @@ This installer is licensed under the Apache License, Version 2.0 " if [ "${MONDOO_INSTALLER}" != '' ]; then - echo "User defined package type: $MONDOO_INSTALLER"; + echo -e "\nUser defined package type: $MONDOO_INSTALLER"; +fi + +if [ "${MONDOO_SERVICE}" != '' ]; then + echo -e "\nMondoo Service creation enabled"; +fi + +if [ "${MONDOO_AUTOUPDATER}" != '' ]; then + echo -e "\nMondoo auto updater creation enabled"; fi # Detect operating system @@ -300,13 +315,13 @@ configure_macos_installer() { URL="https://releases.mondoo.com/${MONDOO_PKG_NAME}/${MONDOO_LATEST_VERSION}/${FILE}" purple_bold "\n* Downloading ${MONDOO_PRODUCT_NAME} Universal Package for Mac" - curl -A "${UserAgent}" -sO "${URL}" + curl -A "${UserAgent}" -s "${URL}" -o "/tmp/${FILE}" purple_bold "\n* Installing ${MONDOO_PRODUCT_NAME} via 'installer -pkg'" - sudo_cmd /usr/sbin/installer -pkg "${FILE}" -target / + sudo_cmd /usr/sbin/installer -pkg "/tmp/${FILE}" -target / purple_bold "\n* Cleaning up downloaded package" - rm "${FILE}" + rm "/tmp/${FILE}" } mondoo_update() { mondoo_install "$@"; } fi @@ -393,7 +408,7 @@ configure_debian_installer() { mondoo_install() { purple_bold "\n* Installing prerequisites for Debian" sudo_cmd apt update -y - sudo_cmd apt install -y apt-transport-https ca-certificates gnupg + sudo_cmd apt install -y apt-transport-https ca-certificates gnupg curl apt_update purple_bold "\n* Installing ${MONDOO_PRODUCT_NAME}" @@ -498,6 +513,10 @@ configure_token() { if [ "$MONDOO_IS_REGISTERED" = true ]; then purple_bold "\n* ${MONDOO_PRODUCT_NAME} is already logged-in. Skipping login" purple_bold "(you can manually run '${MONDOO_BINARY} login' to re-authenticate)." + config_path="$HOME/.config/mondoo" + if [ "$MONDOO_SERVICE" = "enable" ] && [ "$OS" = "macOS" ]; then + sudo_cmd cp "$config_path/mondoo.yml" /Library/Mondoo/etc/mondoo.yml + fi return fi @@ -521,6 +540,9 @@ configure_macos_token() { config_path="$HOME/.config/mondoo" mkdir -p "$config_path" ${MONDOO_BINARY_PATH} login --config "$config_path/mondoo.yml" --token "$MONDOO_REGISTRATION_TOKEN" + if [ "$MONDOO_SERVICE" = "enable" ]; then + sudo_cmd cp "$config_path/mondoo.yml" /Library/Mondoo/etc/mondoo.yml + fi } configure_linux_token() { @@ -534,7 +556,7 @@ configure_linux_token() { sudo_cmd start mondoo || true elif [ "$(cat /proc/1/comm)" = "systemd" ]; then purple_bold "\n* Restart systemd service" - sudo_cmd systemctl restart mondoo.service + sudo_cmd systemctl restart cnspec.service else red "\nWe could not detect your process supervisor. If ${MONDOO_PRODUCT_NAME} is running as a service, you will need to restart it manually." fi @@ -550,11 +572,107 @@ postinstall_check() { echo "${MONDOO_PRODUCT_NAME} installation completed." } +service() { + if [ "$OS" = "macOS" ]; then + purple_bold "\n* Enable and start the mondoo service" + # Remove old launchd plists + sudo_cmd launchctl bootout system/com.mondoo.client + sudo_cmd rm -f /Library/LaunchDaemons/com.mondoo.client.plist + + # Create the new launchd Mondoo service to run cnspec every hour + sudo_cmd tee /Library/LaunchDaemons/com.mondoo.client.plist < + + + + Label + com.mondoo.client + ProgramArguments + + /Library/Mondoo/bin/cnspec + serve + --config + /Library/Mondoo/etc/mondoo.yml + + RunAtLoad + + StandardOutPath + /var/log/mondoo.log + StandardErrorPath + /var/log/mondoo.log + + +EOL + + sleep 5 + sudo_cmd launchctl load /Library/LaunchDaemons/com.mondoo.client.plist + sudo_cmd launchctl start /Library/LaunchDaemons/com.mondoo.client.plist + elif [ "$OS" = "Arch" ]; then + purple_bold "\n* Enable and start the mondoo service" + sudo_cmd systemctl enable mondoo.service + sudo_cmd systemctl start mondoo.service + sudo_cmd systemctl daemon-reload + else + purple_bold "\n* Enable and start the cnspec service" + sudo_cmd systemctl enable cnspec.service + sudo_cmd systemctl start cnspec.service + sudo_cmd systemctl daemon-reload + fi +} + +autoupdater() { + purple_bold "\n* Enable and start the mondoo auto updater service" + if [ "$OS" = "macOS" ]; then + ## Remove old launchd plists + sudo_cmd launchctl bootout system/com.mondoo.autoupdater + sudo_cmd rm -f /Library/LaunchDaemons/com.mondoo.autoupdater.plist + + sudo_cmd curl -sSL https://install.mondoo.com/sh -o /Library/Mondoo/bin/mondoo-updater.sh + + sudo_cmd tee /Library/LaunchDaemons/com.mondoo.autoupdater.plist < + + + + Label + com.mondoo.autoupdater + ProgramArguments + + bash + /Library/Mondoo/bin/mondoo-updater.sh + + StartInterval + 518400 + StandardOutPath + /var/log/mondoo-updater.log + StandardErrorPath + /var/log/mondoo-updater.log + + +EOL + sleep 5 + sudo_cmd launchctl load /Library/LaunchDaemons/com.mondoo.autoupdater.plist + sudo_cmd launchctl start /Library/LaunchDaemons/com.mondoo.autoupdater.plist + else + echo $'#!/bin/sh\nbash -c "$(curl -sSL https://install.mondoo.com/sh)"' > /etc/cron.weekly/mondoo-update + fi +} + finalize_setup() { # Authenticate with Mondoo platform if a registration token is provided configure_token + # Enable Service + if [ "$MONDOO_SERVICE" = "enable" ]; then + service + fi + + # Enable Mondoo auto updater + if [ "$MONDOO_AUTOUPDATER" = "enable" ]; then + autoupdater + fi + # Display final message purple_bold "\n${MONDOO_PRODUCT_NAME} is ready to go!" From 7a083678eb54986b012eb733ea4d4a97f84ad022 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20M=C3=BCnch?= Date: Thu, 20 Jul 2023 21:58:27 +0200 Subject: [PATCH 2/2] Update install.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Scott Ford <49754039+scottford-io@users.noreply.github.com> Signed-off-by: Patrick Münch --- install.sh | 42 +++++++++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 11 deletions(-) diff --git a/install.sh b/install.sh index 98676091..cbe2c9a4 100755 --- a/install.sh +++ b/install.sh @@ -53,7 +53,7 @@ print_usage() { echo " Options: " >&2 echo " -i : Select a specific installer, options are:" >&2 echo " macOS: brew, pkg" >&2 - echo " -s : Enables the cnspec service for the system." >&2 + echo " -s : Enables the cnspec service for the system. This option requires a registration token" >&2 echo " options are: enable" >&2 echo " -t : Registration Token to authenticate with" >&2 echo " Mondoo Platform" >&2 @@ -182,6 +182,7 @@ detect_mondoo() { MONDOO_EXECUTABLE="$(command -v "$MONDOO_BINARY")" if [ -x "$MONDOO_EXECUTABLE" ]; then MONDOO_INSTALLED=true + CURRENT_VERSION=$(cnspec version 2>/dev/null | cut -d' ' -f2) else MONDOO_INSTALLED=false fi @@ -311,17 +312,23 @@ configure_macos_installer() { elif [ "${MONDOO_INSTALLER}" == "pkg" ]; then mondoo_install() { detect_latest_version - FILE="${MONDOO_PKG_NAME}_${MONDOO_LATEST_VERSION}_darwin_universal.pkg" - URL="https://releases.mondoo.com/${MONDOO_PKG_NAME}/${MONDOO_LATEST_VERSION}/${FILE}" + if [[ "${CURRENT_VERSION}" != "${MONDOO_LATEST_VERSION}" ]] + then + echo "${CURRENT_VERSION} == ${MONDOO_LATEST_VERSION}" + FILE="${MONDOO_PKG_NAME}_${MONDOO_LATEST_VERSION}_darwin_universal.pkg" + URL="https://releases.mondoo.com/${MONDOO_PKG_NAME}/${MONDOO_LATEST_VERSION}/${FILE}" - purple_bold "\n* Downloading ${MONDOO_PRODUCT_NAME} Universal Package for Mac" - curl -A "${UserAgent}" -s "${URL}" -o "/tmp/${FILE}" + purple_bold "\n* Downloading ${MONDOO_PRODUCT_NAME} Universal Package for Mac" + curl -A "${UserAgent}" -s "${URL}" -o "/tmp/${FILE}" - purple_bold "\n* Installing ${MONDOO_PRODUCT_NAME} via 'installer -pkg'" - sudo_cmd /usr/sbin/installer -pkg "/tmp/${FILE}" -target / + purple_bold "\n* Installing ${MONDOO_PRODUCT_NAME} via 'installer -pkg'" + sudo_cmd /usr/sbin/installer -pkg "/tmp/${FILE}" -target / - purple_bold "\n* Cleaning up downloaded package" - rm "/tmp/${FILE}" + purple_bold "\n* Cleaning up downloaded package" + rm "/tmp/${FILE}" + else + purple_bold "\n* Latest ${MONDOO_PRODUCT_NAME} is already installed." + fi } mondoo_update() { mondoo_install "$@"; } fi @@ -572,6 +579,9 @@ postinstall_check() { echo "${MONDOO_PRODUCT_NAME} installation completed." } +# Service config action +# --------------------- + service() { if [ "$OS" = "macOS" ]; then purple_bold "\n* Enable and start the mondoo service" @@ -620,6 +630,9 @@ EOL fi } +# Auto updater config action +# -------------------------- + autoupdater() { purple_bold "\n* Enable and start the mondoo auto updater service" if [ "$OS" = "macOS" ]; then @@ -628,6 +641,7 @@ autoupdater() { sudo_cmd rm -f /Library/LaunchDaemons/com.mondoo.autoupdater.plist sudo_cmd curl -sSL https://install.mondoo.com/sh -o /Library/Mondoo/bin/mondoo-updater.sh + sudo_cmd chmod a+x /Library/Mondoo/bin/mondoo-updater.sh sudo_cmd tee /Library/LaunchDaemons/com.mondoo.autoupdater.plist < @@ -636,13 +650,19 @@ autoupdater() { Label com.mondoo.autoupdater + EnvironmentVariables + + PATH + /bin:/usr/bin:/usr/local/bin + ProgramArguments - bash /Library/Mondoo/bin/mondoo-updater.sh + -i + pkg StartInterval - 518400 + 86400 StandardOutPath /var/log/mondoo-updater.log StandardErrorPath