tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Code cleanups and removed 'lynis update release' command

This commit is contained in:
Michael Boelen 2017-03-01 15:27:02 +01:00
parent b7c2faf4e2
commit 03fd94aafa
3 changed files with 5 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/helper_show
View File

@ -93,7 +93,7 @@ AUDIT_HELP="
"
UPDATE_ARGS="info release"
UPDATE_ARGS="check info"
UPDATE_HELP="
${CYAN}update info${NORMAL}

198
include/helper_update
View File

@ -25,24 +25,10 @@
# Options:
# ---------
# 1) lynis update info - Show version information (external)
# 2) lynis update release - Check and install new release (internal)
#
# How to use:
# ------------
# Run option 1 to know about current and latest release information.
# Run option 2 to query internal server for possible upgrade of Lynis.
#
# Steps for updating to new release:
# 1) Run Lynis with: lynis update release
# 2) Lynis will use this helper and check the profile
# 3) The configured web server will be queried (lynis-latest-version)
# 4) The contents of this file will be compared with a local file
# 5) If there is a difference, download package
# 6) Check paths and extract files
# 7) Quit program
#
# Suggested documentation if you want to use this functionality:
# https://cisofy.com/documentation/lynis/upgrading/
#
######################################################################
@ -52,190 +38,14 @@ SERVER_VERSION=""
PERFORM_UPGRADE=0
QUIET=0
WGET_EXISTS=`which wget 2> /dev/null`
CURL_EXISTS=`which curl 2> /dev/null`
FETCH_EXISTS=`which fetch 2> /dev/null`
WGET_EXISTS=$(which wget 2> /dev/null)
CURL_EXISTS=$(which curl 2> /dev/null)
FETCH_EXISTS=$(which fetch 2> /dev/null)
# Update version
if [ "$1" = "release" ]; then
if [ "${UPDATE_SERVER_PROTOCOL}" = "" ] ; then
${ECHOCMD} "Error: Unknown protocol, please specify (http, https) in profile (update_server_protocol)"
ExitFatal
fi
if [ "${UPDATE_SERVER_ADDRESS}" = "" ] ; then
${ECHOCMD} "Error: Unknown download address, please specify in profile (update_server_address)"
ExitFatal
fi
if [ "${UPDATE_LATEST_VERSION_DOWNLOAD}" = "" ] ; then
${ECHOCMD} "Error: No URL to latest download has been specifiedrsion on the server, please specify in profile (update_latest_version_download)"
ExitFatal
fi
if [ "${UPDATE_LATEST_VERSION_INFO}" = "" ] ; then
${ECHOCMD} "Error: No URL has been specified to know the latest version on the server, please specify in profile (update_latest_version_info)"
ExitFatal
fi
if [ "${UPDATE_LOCAL_DIRECTORY}" = "" ] ; then
${ECHOCMD} "Error: No local directory has been specified to store Lynis files. Please specify in profile (update_local_directory)"
ExitFatal
else
if [ ! -d ${UPDATE_LOCAL_DIRECTORY} ]; then
${ECHOCMD} "Error: Directory ${UPDATE_LOCAL_DIRECTORY} does not exist"
ExitFatal
fi
fi
if [ "${UPDATE_LOCAL_VERSION_INFO}" = "" ] ; then
${ECHOCMD} "Error: No data file has been specified to determine local Lynis version, please specify in profile (update_local_version_info)"
ExitFatal
fi
if [ ! -f ${UPDATE_LOCAL_VERSION_INFO} ]; then
${ECHOCMD} "Note: local data file ${UPDATE_LOCAL_VERSION_INFO} does not exist. It will be created after updating. (update_local_version_info)"
else
LOCAL_VERSION=`cat ${UPDATE_LOCAL_VERSION_INFO}`
fi
# Normal update
FULLPATH="${UPDATE_SERVER_PROTOCOL}://${UPDATE_SERVER_ADDRESS}${UPDATE_LATEST_VERSION_INFO}"
# Create temporary file
CreateTempFile
TMP_FILE="${TEMP_FILE}"
if [ "${TMP_FILE}" = "" ]; then ${ECHOCMD} "Could not create a temporary file. Exiting..."; ExitFatal; fi
${ECHOCMD} "${CYAN}[Phase 1] Downloading details${NORMAL}"
if [ ! "${WGET_EXISTS}" = "" ]; then
LogText "Using wget to download release information"
LAST_COMMAND_HELP="wget --output-document ${TMP_FILE} ${FULLPATH}"
wget --output-document ${TMP_FILE} ${FULLPATH} 2> /dev/null
EXIT_CODE=$?
elif [ ! "${CURL_EXISTS}" = "" ]; then
LogText "Using curl to download release information"
LAST_COMMAND_HELP="curl --fail -o ${TMP_FILE} ${FULLPATH}"
curl --fail -o ${TMP_FILE} ${FULLPATH} 2> /dev/null
EXIT_CODE=$?
else
${ECHOCMD} "No download tool available to perform download"
ExitFatal
fi
if [ ! "${TMP_FILE}" = "" ]; then
if [ -f ${TMP_FILE} ]; then
SERVER_VERSION=`cat ${TMP_FILE}`
rm -f ${TMP_FILE}
fi
else
${ECHOCMD} "Temporary file variable is empty, which is unexpected. Aborting.."
ExitFatal
fi
# Determine if downloading meta data was successful
if [ ${EXIT_CODE} -eq 0 ]; then
if [ "${SERVER_VERSION}" = "" ]; then
${ECHOCMD} "No version found on the server. Aborting.."
ExitFatal
else
${ECHOCMD} "Version found on server: ${SERVER_VERSION}"
${ECHOCMD} "Local version found: ${LOCAL_VERSION}"
fi
else
${ECHOCMD} "${RED}Error: ${WHITE}Download utility returned an unexpected error code.${NORMAL} Aborting.."
${ECHOCMD} "Error code: ${EXIT_CODE}"
${ECHOCMD} "Suggested command: ${LAST_COMMAND_HELP}"
ExitFatal
fi
#==========================================================================================================================================
${ECHOCMD} " "
${ECHOCMD} "${CYAN}[Phase 2] Compare results${NORMAL}"
if [ ! "${LOCAL_VERSION}" = "${SERVER_VERSION}" ]; then
${ECHOCMD} "Different version available, moving to upgrade phase"
PERFORM_UPGRADE=1
else
${ECHOCMD} "${GREEN}No upgrade needed${NORMAL}"
fi
# Go to phase 3 if upgrade is needed
if [ ${PERFORM_UPGRADE} -eq 1 ]; then
FULLPATH="${UPDATE_SERVER_PROTOCOL}://${UPDATE_SERVER_ADDRESS}${UPDATE_LATEST_VERSION_DOWNLOAD}"
${ECHOCMD} " "
${ECHOCMD} "[Phase 3] Downloading latest release"
${ECHOCMD} "Download location: ${FULLPATH}"
if [ ! "${WGET_EXISTS}" = "" ]; then
LogText "Using wget to download latest release"
LAST_COMMAND_HELP="wget --output-document ${TMP_FILE} ${FULLPATH}"
wget --output-document ${TMP_FILE} ${FULLPATH} 2> /dev/null
EXIT_CODE=$?
elif [ ! "${CURL_EXISTS}" = "" ]; then
LogText "Using curl to download latest release"
LAST_COMMAND_HELP="curl --fail -o ${TMP_FILE} ${FULLPATH}"
curl --fail -o ${TMP_FILE} ${FULLPATH} 2> /dev/null
EXIT_CODE=$?
fi
if [ ${EXIT_CODE} -eq 0 ]; then
if [ -f ${TMP_FILE} ]; then
${ECHOCMD} "Download successful"
# Extract the file to the related path, with 'lynis' appended
# Note: by default the tarball includes 'lynis' as directory
if [ ! -d ${UPDATE_LOCAL_DIRECTORY} ]; then
${ECHOCMD} "Error: directory ${UPDATE_LOCAL_DIRECTORY} does not exist"
ExitFatal
fi
${ECHOCMD} "Extracting latest version to path ${UPDATE_LOCAL_DIRECTORY}"
if [ ! -d ${UPDATE_LOCAL_DIRECTORY}/lynis ]; then
${ECHOCMD} "Creating 'lynis' directory in ${UPDATE_LOCAL_DIRECTORY}"
mkdir ${UPDATE_LOCAL_DIRECTORY}/lynis
if [ $? -gt 0 ]; then
${ECHOCMD} "Error: could not create directory ${UPDATE_LOCAL_DIRECTORY}/lynis"
ExitFatal
fi
fi
if [ -d ${UPDATE_LOCAL_DIRECTORY}/lynis ]; then
${ECHOCMD} "Extracting files to ${UPDATE_LOCAL_DIRECTORY}"
tar xzf ${TMP_FILE} -C ${UPDATE_LOCAL_DIRECTORY}
if [ $? -eq 0 ]; then
# Check if we can find the Lynis binary (in the created 'lynis' directory)
if [ -f ${UPDATE_LOCAL_DIRECTORY}/lynis/lynis ]; then
# If version was downloaded, update local version
echo ${SERVER_VERSION} > ${UPDATE_LOCAL_VERSION_INFO}
else
${ECHOCMD} "Error: could not find downloaded file on disk"
fi
else
${ECHOCMD} "Error: File extraction failed"
ExitFatal
fi
else
${ECHOCMD} "Error: could not find lynis directory"
fi
else
${ECHOCMD} "Error: could not find downloaded file on disk"
ExitFatal
fi
else
${ECHOCMD} "Error: could not download latest release"
${ECHOCMD} "Suggestion: ${LAST_COMMAND_HELP}"
ExitFatal
fi
fi
# Removing temp file
LogText "Action: Removing temporary file ${TMP_FILE}"
if [ "${TMP_FILE}" = "" ]; then
if [ -f ${TMP_FILE} ]; then
rm -f ${TMP_FILE}
fi
fi
${ECHOCMD} " "
${ECHOCMD} "Done"
${ECHOCMD} " "
${ECHOCMD} "Deprecated: this function is no longer available. Use a package (https://packages.cisofy.com), or deploy via a custom package or script."
# Update check
elif [ "$1" = "info" ]; then

1
include/parameters
View File

@ -148,7 +148,6 @@
echo "Examples:"
echo "lynis update check"
echo "lynis update info"
echo "lynis update release"
ExitFatal
fi
;;