Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⭐️ add configuration to enable Linux/macOS service #317

Merged
merged 2 commits into from
Aug 2, 2023
Merged

⭐️ add configuration to enable Linux/macOS service #317

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
38a0fd9
add configuration to enable Linux/macOS service
atomic111 Jul 16, 2023
7a08367
Update install.sh
atomic111 Jul 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
162 changes: 150 additions & 12 deletions install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,21 +45,28 @@ MONDOO_BINARY="cnspec" # binary that we search for

# read bash flags
MONDOO_INSTALLER=''
MONDOO_SERVICE=''
MONDOO_REGISTRATION_TOKEN=''

print_usage() {
echo "usage: [-i]" >&2
echo " Options: " >&2
echo " -i <installer>: Select a specific installer, options are:" >&2
echo " macOS: brew, pkg" >&2
echo " -s <service>: Enables the cnspec service for the system. This option requires a registration token" >&2
echo " options are: enable" >&2
echo " -t <token>: Registration Token to authenticate with" >&2
echo " Mondoo Platform" >&2
echo " -u <updater>: Enables the Mondoo auto updater for the system." >&2
echo " options are: enable" >&2
chris-rock marked this conversation as resolved.
Show resolved Hide resolved
}

while getopts 'i:vt:v' flag; do
while getopts 'i:s:u:vt:v' flag; do
case "${flag}" in
i) MONDOO_INSTALLER="${OPTARG}" ;;
s) MONDOO_SERVICE="${OPTARG}" ;;
t) MONDOO_REGISTRATION_TOKEN="${OPTARG}" ;;
u) MONDOO_AUTOUPDATER="${OPTARG}" ;;
*) print_usage
exit 1 ;;
esac
Expand Down Expand Up @@ -121,7 +128,15 @@ This installer is licensed under the Apache License, Version 2.0
"

if [ "${MONDOO_INSTALLER}" != '' ]; then
echo "User defined package type: $MONDOO_INSTALLER";
echo -e "\nUser defined package type: $MONDOO_INSTALLER";
fi

if [ "${MONDOO_SERVICE}" != '' ]; then
echo -e "\nMondoo Service creation enabled";
fi

if [ "${MONDOO_AUTOUPDATER}" != '' ]; then
echo -e "\nMondoo auto updater creation enabled";
fi

# Detect operating system
Expand Down Expand Up @@ -167,6 +182,7 @@ detect_mondoo() {
MONDOO_EXECUTABLE="$(command -v "$MONDOO_BINARY")"
if [ -x "$MONDOO_EXECUTABLE" ]; then
MONDOO_INSTALLED=true
CURRENT_VERSION=$(cnspec version 2>/dev/null | cut -d' ' -f2)
else
MONDOO_INSTALLED=false
fi
Expand Down Expand Up @@ -296,17 +312,23 @@ configure_macos_installer() {
elif [ "${MONDOO_INSTALLER}" == "pkg" ]; then
mondoo_install() {
detect_latest_version
FILE="${MONDOO_PKG_NAME}_${MONDOO_LATEST_VERSION}_darwin_universal.pkg"
URL="https://releases.mondoo.com/${MONDOO_PKG_NAME}/${MONDOO_LATEST_VERSION}/${FILE}"
if [[ "${CURRENT_VERSION}" != "${MONDOO_LATEST_VERSION}" ]]
then
echo "${CURRENT_VERSION} == ${MONDOO_LATEST_VERSION}"
FILE="${MONDOO_PKG_NAME}_${MONDOO_LATEST_VERSION}_darwin_universal.pkg"
URL="https://releases.mondoo.com/${MONDOO_PKG_NAME}/${MONDOO_LATEST_VERSION}/${FILE}"

purple_bold "\n* Downloading ${MONDOO_PRODUCT_NAME} Universal Package for Mac"
curl -A "${UserAgent}" -sO "${URL}"
purple_bold "\n* Downloading ${MONDOO_PRODUCT_NAME} Universal Package for Mac"
curl -A "${UserAgent}" -s "${URL}" -o "/tmp/${FILE}"

purple_bold "\n* Installing ${MONDOO_PRODUCT_NAME} via 'installer -pkg'"
sudo_cmd /usr/sbin/installer -pkg "${FILE}" -target /
purple_bold "\n* Installing ${MONDOO_PRODUCT_NAME} via 'installer -pkg'"
sudo_cmd /usr/sbin/installer -pkg "/tmp/${FILE}" -target /

purple_bold "\n* Cleaning up downloaded package"
rm "${FILE}"
purple_bold "\n* Cleaning up downloaded package"
rm "/tmp/${FILE}"
else
purple_bold "\n* Latest ${MONDOO_PRODUCT_NAME} is already installed."
fi
}
mondoo_update() { mondoo_install "$@"; }
fi
Expand Down Expand Up @@ -393,7 +415,7 @@ configure_debian_installer() {
mondoo_install() {
purple_bold "\n* Installing prerequisites for Debian"
sudo_cmd apt update -y
sudo_cmd apt install -y apt-transport-https ca-certificates gnupg
sudo_cmd apt install -y apt-transport-https ca-certificates gnupg curl
apt_update

purple_bold "\n* Installing ${MONDOO_PRODUCT_NAME}"
Expand Down Expand Up @@ -498,6 +520,10 @@ configure_token() {
if [ "$MONDOO_IS_REGISTERED" = true ]; then
purple_bold "\n* ${MONDOO_PRODUCT_NAME} is already logged-in. Skipping login"
purple_bold "(you can manually run '${MONDOO_BINARY} login' to re-authenticate)."
config_path="$HOME/.config/mondoo"
if [ "$MONDOO_SERVICE" = "enable" ] && [ "$OS" = "macOS" ]; then
sudo_cmd cp "$config_path/mondoo.yml" /Library/Mondoo/etc/mondoo.yml
fi
return
fi

Expand All @@ -521,6 +547,9 @@ configure_macos_token() {
config_path="$HOME/.config/mondoo"
mkdir -p "$config_path"
${MONDOO_BINARY_PATH} login --config "$config_path/mondoo.yml" --token "$MONDOO_REGISTRATION_TOKEN"
if [ "$MONDOO_SERVICE" = "enable" ]; then
sudo_cmd cp "$config_path/mondoo.yml" /Library/Mondoo/etc/mondoo.yml
fi
}

configure_linux_token() {
Expand All @@ -534,7 +563,7 @@ configure_linux_token() {
sudo_cmd start mondoo || true
elif [ "$(cat /proc/1/comm)" = "systemd" ]; then
purple_bold "\n* Restart systemd service"
sudo_cmd systemctl restart mondoo.service
sudo_cmd systemctl restart cnspec.service
else
red "\nWe could not detect your process supervisor. If ${MONDOO_PRODUCT_NAME} is running as a service, you will need to restart it manually."
fi
Expand All @@ -550,11 +579,120 @@ postinstall_check() {
echo "${MONDOO_PRODUCT_NAME} installation completed."
}

# Service config action
# ---------------------

service() {
if [ "$OS" = "macOS" ]; then
purple_bold "\n* Enable and start the mondoo service"
# Remove old launchd plists
sudo_cmd launchctl bootout system/com.mondoo.client
sudo_cmd rm -f /Library/LaunchDaemons/com.mondoo.client.plist

# Create the new launchd Mondoo service to run cnspec every hour
sudo_cmd tee /Library/LaunchDaemons/com.mondoo.client.plist <<EOL
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.mondoo.client</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Mondoo/bin/cnspec</string>
<string>serve</string>
<string>--config</string>
<string>/Library/Mondoo/etc/mondoo.yml</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardOutPath</key>
<string>/var/log/mondoo.log</string>
<key>StandardErrorPath</key>
<string>/var/log/mondoo.log</string>
</dict>
</plist>
EOL

sleep 5
sudo_cmd launchctl load /Library/LaunchDaemons/com.mondoo.client.plist
sudo_cmd launchctl start /Library/LaunchDaemons/com.mondoo.client.plist
elif [ "$OS" = "Arch" ]; then
purple_bold "\n* Enable and start the mondoo service"
sudo_cmd systemctl enable mondoo.service
sudo_cmd systemctl start mondoo.service
sudo_cmd systemctl daemon-reload
else
purple_bold "\n* Enable and start the cnspec service"
sudo_cmd systemctl enable cnspec.service
sudo_cmd systemctl start cnspec.service
sudo_cmd systemctl daemon-reload
fi
}

# Auto updater config action
# --------------------------

autoupdater() {
purple_bold "\n* Enable and start the mondoo auto updater service"
if [ "$OS" = "macOS" ]; then
## Remove old launchd plists
sudo_cmd launchctl bootout system/com.mondoo.autoupdater
sudo_cmd rm -f /Library/LaunchDaemons/com.mondoo.autoupdater.plist

sudo_cmd curl -sSL https://install.mondoo.com/sh -o /Library/Mondoo/bin/mondoo-updater.sh
sudo_cmd chmod a+x /Library/Mondoo/bin/mondoo-updater.sh

sudo_cmd tee /Library/LaunchDaemons/com.mondoo.autoupdater.plist <<EOL
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.mondoo.autoupdater</string>
<key>EnvironmentVariables</key>
<dict>
<key>PATH</key>
<string>/bin:/usr/bin:/usr/local/bin</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Library/Mondoo/bin/mondoo-updater.sh</string>
<string>-i</string>
<string>pkg</string>
</array>
<key>StartInterval</key>
<integer>86400</integer>
<key>StandardOutPath</key>
<string>/var/log/mondoo-updater.log</string>
<key>StandardErrorPath</key>
<string>/var/log/mondoo-updater.log</string>
</dict>
</plist>
EOL
sleep 5
sudo_cmd launchctl load /Library/LaunchDaemons/com.mondoo.autoupdater.plist
sudo_cmd launchctl start /Library/LaunchDaemons/com.mondoo.autoupdater.plist
else
echo $'#!/bin/sh\nbash -c "$(curl -sSL https://install.mondoo.com/sh)"' > /etc/cron.weekly/mondoo-update
fi
}

finalize_setup() {

# Authenticate with Mondoo platform if a registration token is provided
configure_token

# Enable Service
if [ "$MONDOO_SERVICE" = "enable" ]; then
service
fi

# Enable Mondoo auto updater
if [ "$MONDOO_AUTOUPDATER" = "enable" ]; then
autoupdater
fi

# Display final message
purple_bold "\n${MONDOO_PRODUCT_NAME} is ready to go!"

Expand Down