bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/scripts/test_wizard_upgrade.sh (about) 1 #! /usr/bin/env bash 2 # -*- coding: utf-8 -*- 3 4 # Codes 5 RED='\033[0;31m' 6 GREEN='\033[0;32m' 7 NC='\033[0m' 8 OK_STR="${GREEN}OK${NC}" 9 FAIL_STR="${RED}FAIL${NC}" 10 11 CURRENT_FOLDER=$(pwd) 12 13 BOUNCER_VERSION="v0.0.6" 14 RELEASE_FOLDER="" 15 16 HUB_AVAILABLE_PARSERS="/etc/synsec/hub/parsers" 17 HUB_AVAILABLE_SCENARIOS="/etc/synsec/hub/scenarios" 18 HUB_AVAILABLE_COLLECTIONS="/etc/synsec/hub/collections" 19 HUB_AVAILABLE_PO="/etc/synsec/hub/postoverflows" 20 21 HUB_ENABLED_PARSERS="/etc/synsec/parsers" 22 HUB_ENABLED_SCENARIOS="/etc/synsec/scenarios" 23 HUB_ENABLED_COLLECTIONS="/etc/synsec/collections" 24 HUB_ENABLED_PO="/etc/synsec/postoverflows" 25 26 ACQUIS_FILE="/etc/synsec/acquis.yaml" 27 PROFILE_FILE="/etc/synsec/profiles.yaml" 28 CONFIG_FILE="/etc/synsec/config.yaml" 29 LOCAL_API_FILE="/etc/synsec/local_api_credentials.yaml" 30 ONLINE_API_FILE="/etc/synsec/online_api_credentials.yaml" 31 SIMULATION_FILE="/etc/synsec/simulation.yaml" 32 DB_FILE="/var/lib/synsec/data/synsec.db" 33 34 SYSTEMD_FILE="/etc/systemd/system/synsec.service" 35 36 BOUNCER_FOLDER="/etc/synsec/cs-firewall-bouncer" 37 38 MUST_FAIL=0 39 40 function init 41 { 42 which git > /dev/null 43 if [ $? -ne 0 ]; then 44 echo "git is needed this test, exiting ..." 45 fi 46 if [[ -z ${RELEASE_FOLDER} ]]; 47 then 48 cd .. 49 BUILD_VERSION=${SYNSEC_VERSION} make release 50 if [ $? != 0 ]; then 51 echo "Unable to make the release (make sur you have go installed), exiting" 52 exit 1 53 fi 54 RELEASE_FOLDER="synsec-${SYNSEC_VERSION}" 55 fi 56 cp -r ${RELEASE_FOLDER} ${CURRENT_FOLDER} 57 cd ${CURRENT_FOLDER} 58 59 60 echo "[*] Installing synsec (bininstall)" 61 cd ${RELEASE_FOLDER}/ 62 ./wizard.sh --bininstall 63 cd ${CURRENT_FOLDER} 64 ccscli hub update 65 ccscli collections install breakteam/sshd 66 ccscli postoverflows install breakteam/cdn-whitelist 67 ccscli machines add -a 68 systemctl start synsec 69 70 71 echo "[*] Install firewall bouncer" 72 wget https://bitbucket.org/Aishee/cs-firewall-bouncer/releases/download/${BOUNCER_VERSION}/cs-firewall-bouncer.tgz 73 tar xzvf cs-firewall-bouncer.tgz 74 cd cs-firewall-bouncer-${BOUNCER_VERSION}/ 75 (echo "iptables" | sudo ./install.sh) || (echo "Unable to install cs-firewall-bouncer" && exit 1) 76 cd ${CURRENT_FOLDER} 77 78 echo "[*] Tainting parser /etc/synsec/parsers/s01-parse/sshd-logs.yaml" 79 echo " # test taint parser" >> /etc/synsec/parsers/s01-parse/sshd-logs.yaml 80 81 echo "[*] Tainting scenario /etc/synsec/scenarios/ssh-bf.yaml" 82 echo " # test taint scenario" >> /etc/synsec/scenarios/ssh-bf.yaml 83 84 echo "[*] Tainting postoverflow /etc/synsec/postoverflows/s01-whitelist/cdn-whitelist.yaml" 85 echo " # test taint postoverflow" >> /etc/synsec/postoverflows/s01-whitelist/cdn-whitelist.yaml 86 87 echo "[*] Tainting new systemd configuration file" 88 echo " # test taint systemd file" >> ${RELEASE_FOLDER}/config/synsec.service 89 90 echo "[*] Tainting profile file" 91 echo " # test taint profile file" >> ${PROFILE_FILE} 92 93 echo "[*] Tainting acquis file" 94 echo " # test taint acquis file" >> ${ACQUIS_FILE} 95 96 echo "[*] Tainting local_api_creds file" 97 echo " # test taint local_api_creds file" >> ${LOCAL_API_FILE} 98 99 echo "[*] Tainting online_api_creds file" 100 echo " # test taint online_api_creds file" >> ${ONLINE_API_FILE} 101 102 echo "[*] Tainting config file" 103 echo " # test taint config file" >> ${CONFIG_FILE} 104 105 echo "[*] Tainting simulation file" 106 echo " # test taint simulation file" >> ${SIMULATION_FILE} 107 108 echo "[*] Adding a decision" 109 ccscli decisions add -i 1.2.3.4 110 111 112 find ${HUB_ENABLED_PARSERS} -type l -exec md5sum "{}" + >> parsers_enabled.md5 113 find ${HUB_ENABLED_SCENARIOS} -type l -exec md5sum "{}" + >> scenarios_enabled.md5 114 find ${HUB_ENABLED_COLLECTIONS} -type l -exec md5sum "{}" + >> collections_enabled.md5 115 find ${HUB_ENABLED_PO} -type l -exec md5sum "{}" + >> po_enabled.md5 116 117 md5sum ${ACQUIS_FILE} >> acquis.md5 118 md5sum ${PROFILE_FILE} >> profile.md5 119 md5sum ${LOCAL_API_FILE} >> local_api_creds.md5 120 md5sum ${ONLINE_API_FILE} >> online_api_creds.md5 121 md5sum ${CONFIG_FILE} >> config.md5 122 md5sum ${SIMULATION_FILE} >> simulation.md5 123 md5sum ${DB_FILE} >> db.md5 124 md5sum ${SYSTEMD_FILE} >> systemd.md5 125 126 echo "[*] Setup done" 127 echo "[*] Lauching the upgrade" 128 cd ${RELEASE_FOLDER}/ 129 ./wizard.sh --upgrade --force 130 cd ${CURRENT_FOLDER} 131 echo "[*] Upgrade done, checking results" 132 } 133 134 function down 135 { 136 cd ${RELEASE_FOLDER}/ 137 ./wizard.sh --uninstall 138 cd ${CURRENT_FOLDER} 139 rm -rf synsec-v* 140 rm -rf cs-firewall-bouncer-* 141 rm -f synsec-release.tgz 142 rm -f cs-firewall-bouncer.tgz 143 rm *.md5 144 } 145 146 function assert_equal 147 { 148 echo "" 149 if [ "$1" = "$2" ]; then 150 echo -e "Status - ${GREEN}OK${NC}" 151 else 152 echo -e "Status - ${RED}FAIL${NC}" 153 echo "Details:" 154 echo "" 155 diff <(echo "$1" ) <(echo "$2") 156 MUST_FAIL=1 157 fi 158 echo "-----------------------------------------------------------------------" 159 } 160 161 function assert_not_equal 162 { 163 echo "" 164 if [ "$1" != "$2" ]; then 165 echo -e "Status - ${GREEN}OK${NC}" 166 else 167 echo -e "Status - ${RED}FAIL${NC}" 168 echo "Details:" 169 echo "" 170 diff <(echo "$1" ) <(echo "$2") 171 MUST_FAIL=1 172 fi 173 echo "-----------------------------------------------------------------------" 174 } 175 176 function assert_folder_exists 177 { 178 echo "" 179 if [ -d "${BOUNCER_FOLDER}" ] 180 then 181 echo -e "Status - ${GREEN}OK${NC}" 182 else 183 echo -e "Status - ${RED}FAIL${NC}" 184 echo "Folder '$1' doesn't exist, but should" 185 MUST_FAIL=1 186 fi 187 echo "-----------------------------------------------------------------------" 188 } 189 190 function test_enabled_parsers 191 { 192 echo $FUNCNAME 193 new=$(find ${HUB_ENABLED_PARSERS} -type f -exec md5sum "{}" +) 194 old=$(cat parsers_enabled.md5) 195 assert_equal "$new" "$old" 196 197 } 198 199 function test_enabled_scenarios 200 { 201 echo $FUNCNAME 202 new=$(find ${HUB_ENABLED_SCENARIOS} -type f -exec md5sum "{}" +) 203 old=$(cat scenarios_enabled.md5) 204 assert_equal "$new" "$old" 205 206 } 207 208 function test_enabled_collections 209 { 210 echo $FUNCNAME 211 new=$(find ${HUB_ENABLED_COLLECTIONS} -type f -exec md5sum "{}" +) 212 old=$(cat collections_enabled.md5) 213 assert_equal "$new" "$old" 214 215 } 216 217 function test_enabled_po 218 { 219 echo $FUNCNAME 220 new=$(find ${HUB_ENABLED_PO} -type f -exec md5sum "{}" +) 221 old=$(cat po_enabled.md5) 222 assert_equal "$new" "$old" 223 } 224 225 function test_config_file 226 { 227 echo $FUNCNAME 228 new=$(find ${CONFIG_FILE} -type f -exec md5sum "{}" +) 229 old=$(cat config.md5) 230 assert_equal "$new" "$old" 231 } 232 233 function test_acquis_file 234 { 235 echo $FUNCNAME 236 new=$(find ${ACQUIS_FILE} -type f -exec md5sum "{}" +) 237 old=$(cat acquis.md5) 238 assert_equal "$new" "$old" 239 } 240 241 function test_local_api_creds_file 242 { 243 echo $FUNCNAME 244 new=$(find ${LOCAL_API_FILE} -type f -exec md5sum "{}" +) 245 old=$(cat local_api_creds.md5) 246 assert_equal "$new" "$old" 247 } 248 249 250 function test_online_api_creds_file 251 { 252 echo $FUNCNAME 253 new=$(find ${ONLINE_API_FILE} -type f -exec md5sum "{}" +) 254 old=$(cat online_api_creds.md5) 255 assert_equal "$new" "$old" 256 } 257 258 function test_profile_file 259 { 260 echo $FUNCNAME 261 new=$(find ${PROFILE_FILE} -type f -exec md5sum "{}" +) 262 old=$(cat profile.md5) 263 assert_equal "$new" "$old" 264 } 265 266 function test_db_file 267 { 268 echo $FUNCNAME 269 new=$(find ${DB_FILE} -type f -exec md5sum "{}" +) 270 old=$(cat db.md5) 271 assert_equal "$new" "$old" 272 } 273 274 function test_simulation_file 275 { 276 echo $FUNCNAME 277 new=$(find ${SIMULATION_FILE} -type f -exec md5sum "{}" +) 278 old=$(cat simulation.md5) 279 assert_equal "$new" "$old" 280 } 281 282 function test_systemd_file 283 { 284 echo $FUNCNAME 285 new=$(find ${SYSTEMD_FILE} -type f -exec md5sum "{}" +) 286 old=$(cat systemd.md5) 287 assert_not_equal "$new" "$old" 288 } 289 290 function test_bouncer_dir 291 { 292 echo $FUNCNAME 293 assert_folder_exists ${BOUNCER_FOLDER} 294 } 295 296 function start_test 297 { 298 echo "" 299 echo "-----------------------------------------------------------------------" 300 test_enabled_parsers 301 test_enabled_scenarios 302 test_enabled_collections 303 test_enabled_po 304 test_config_file 305 test_acquis_file 306 test_online_api_creds_file 307 test_local_api_creds_file 308 test_profile_file 309 test_simulation_file 310 test_db_file 311 test_systemd_file 312 test_bouncer_dir 313 } 314 315 316 usage() { 317 echo "Usage:" 318 echo "" 319 echo " ./test_wizard_upgrade.sh -h Display this help message." 320 echo " ./test_wizard_upgrade.sh Run all the testsuite. Go must be available to make the release" 321 echo " ./test_wizard_upgrade.sh --release <path_to_release_folder> If go is not installed, please provide a path to the synsec-vX.Y.Z release folder" 322 echo "" 323 exit 0 324 } 325 326 while [[ $# -gt 0 ]] 327 do 328 key="${1}" 329 case ${key} in 330 --version|-v) 331 SYNSEC_VERSION="${2}" 332 shift #past argument 333 shift 334 ;; 335 --release|-r) 336 RELEASE_FOLDER="${2}" 337 shift #past argument 338 shift 339 ;; 340 -h|--help) 341 usage 342 exit 0 343 ;; 344 *) # unknown option 345 echo "Unknown argument ${key}." 346 usage 347 exit 1 348 ;; 349 esac 350 done 351 352 353 init 354 start_test 355 down 356 if [ ${MUST_FAIL} -eq 1 ] 357 then 358 exit 1 359 fi