From 03fd94aafa4dfaa07428723df5208fd824809a94 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Wed, 1 Mar 2017 15:27:02 +0100 Subject: [PATCH] Code cleanups and removed 'lynis update release' command --- include/helper_show | 2 +- include/helper_update | 198 +----------------------------------------- include/parameters | 1 - 3 files changed, 5 insertions(+), 196 deletions(-) diff --git a/include/helper_show b/include/helper_show index f492d85b..b543ba3b 100644 --- a/include/helper_show +++ b/include/helper_show @@ -93,7 +93,7 @@ AUDIT_HELP=" " -UPDATE_ARGS="info release" +UPDATE_ARGS="check info" UPDATE_HELP=" ${CYAN}update info${NORMAL} diff --git a/include/helper_update b/include/helper_update index 3666871e..092d3369 100644 --- a/include/helper_update +++ b/include/helper_update @@ -25,24 +25,10 @@ # Options: # --------- # 1) lynis update info - Show version information (external) -# 2) lynis update release - Check and install new release (internal) # # How to use: # ------------ # Run option 1 to know about current and latest release information. -# Run option 2 to query internal server for possible upgrade of Lynis. -# -# Steps for updating to new release: -# 1) Run Lynis with: lynis update release -# 2) Lynis will use this helper and check the profile -# 3) The configured web server will be queried (lynis-latest-version) -# 4) The contents of this file will be compared with a local file -# 5) If there is a difference, download package -# 6) Check paths and extract files -# 7) Quit program -# -# Suggested documentation if you want to use this functionality: -# https://cisofy.com/documentation/lynis/upgrading/ # ###################################################################### @@ -52,190 +38,14 @@ SERVER_VERSION="" PERFORM_UPGRADE=0 QUIET=0 -WGET_EXISTS=`which wget 2> /dev/null` -CURL_EXISTS=`which curl 2> /dev/null` -FETCH_EXISTS=`which fetch 2> /dev/null` +WGET_EXISTS=$(which wget 2> /dev/null) +CURL_EXISTS=$(which curl 2> /dev/null) +FETCH_EXISTS=$(which fetch 2> /dev/null) # Update version if [ "$1" = "release" ]; then - if [ "${UPDATE_SERVER_PROTOCOL}" = "" ] ; then - ${ECHOCMD} "Error: Unknown protocol, please specify (http, https) in profile (update_server_protocol)" - ExitFatal - fi - - if [ "${UPDATE_SERVER_ADDRESS}" = "" ] ; then - ${ECHOCMD} "Error: Unknown download address, please specify in profile (update_server_address)" - ExitFatal - fi - - if [ "${UPDATE_LATEST_VERSION_DOWNLOAD}" = "" ] ; then - ${ECHOCMD} "Error: No URL to latest download has been specifiedrsion on the server, please specify in profile (update_latest_version_download)" - ExitFatal - fi - - if [ "${UPDATE_LATEST_VERSION_INFO}" = "" ] ; then - ${ECHOCMD} "Error: No URL has been specified to know the latest version on the server, please specify in profile (update_latest_version_info)" - ExitFatal - fi - - if [ "${UPDATE_LOCAL_DIRECTORY}" = "" ] ; then - ${ECHOCMD} "Error: No local directory has been specified to store Lynis files. Please specify in profile (update_local_directory)" - ExitFatal - else - if [ ! -d ${UPDATE_LOCAL_DIRECTORY} ]; then - ${ECHOCMD} "Error: Directory ${UPDATE_LOCAL_DIRECTORY} does not exist" - ExitFatal - fi - fi - - if [ "${UPDATE_LOCAL_VERSION_INFO}" = "" ] ; then - ${ECHOCMD} "Error: No data file has been specified to determine local Lynis version, please specify in profile (update_local_version_info)" - ExitFatal - fi - - if [ ! -f ${UPDATE_LOCAL_VERSION_INFO} ]; then - ${ECHOCMD} "Note: local data file ${UPDATE_LOCAL_VERSION_INFO} does not exist. It will be created after updating. (update_local_version_info)" - else - LOCAL_VERSION=`cat ${UPDATE_LOCAL_VERSION_INFO}` - fi - - # Normal update - FULLPATH="${UPDATE_SERVER_PROTOCOL}://${UPDATE_SERVER_ADDRESS}${UPDATE_LATEST_VERSION_INFO}" - - # Create temporary file - CreateTempFile - TMP_FILE="${TEMP_FILE}" - if [ "${TMP_FILE}" = "" ]; then ${ECHOCMD} "Could not create a temporary file. Exiting..."; ExitFatal; fi - - ${ECHOCMD} "${CYAN}[Phase 1] Downloading details${NORMAL}" - if [ ! "${WGET_EXISTS}" = "" ]; then - LogText "Using wget to download release information" - LAST_COMMAND_HELP="wget --output-document ${TMP_FILE} ${FULLPATH}" - wget --output-document ${TMP_FILE} ${FULLPATH} 2> /dev/null - EXIT_CODE=$? - elif [ ! "${CURL_EXISTS}" = "" ]; then - LogText "Using curl to download release information" - LAST_COMMAND_HELP="curl --fail -o ${TMP_FILE} ${FULLPATH}" - curl --fail -o ${TMP_FILE} ${FULLPATH} 2> /dev/null - EXIT_CODE=$? - else - ${ECHOCMD} "No download tool available to perform download" - ExitFatal - fi - - if [ ! "${TMP_FILE}" = "" ]; then - if [ -f ${TMP_FILE} ]; then - SERVER_VERSION=`cat ${TMP_FILE}` - rm -f ${TMP_FILE} - fi - else - ${ECHOCMD} "Temporary file variable is empty, which is unexpected. Aborting.." - ExitFatal - fi - - # Determine if downloading meta data was successful - if [ ${EXIT_CODE} -eq 0 ]; then - if [ "${SERVER_VERSION}" = "" ]; then - ${ECHOCMD} "No version found on the server. Aborting.." - ExitFatal - else - ${ECHOCMD} "Version found on server: ${SERVER_VERSION}" - ${ECHOCMD} "Local version found: ${LOCAL_VERSION}" - fi - else - ${ECHOCMD} "${RED}Error: ${WHITE}Download utility returned an unexpected error code.${NORMAL} Aborting.." - ${ECHOCMD} "Error code: ${EXIT_CODE}" - ${ECHOCMD} "Suggested command: ${LAST_COMMAND_HELP}" - ExitFatal - fi - -#========================================================================================================================================== - - ${ECHOCMD} " " - ${ECHOCMD} "${CYAN}[Phase 2] Compare results${NORMAL}" - if [ ! "${LOCAL_VERSION}" = "${SERVER_VERSION}" ]; then - ${ECHOCMD} "Different version available, moving to upgrade phase" - PERFORM_UPGRADE=1 - else - ${ECHOCMD} "${GREEN}No upgrade needed${NORMAL}" - fi - - # Go to phase 3 if upgrade is needed - if [ ${PERFORM_UPGRADE} -eq 1 ]; then - FULLPATH="${UPDATE_SERVER_PROTOCOL}://${UPDATE_SERVER_ADDRESS}${UPDATE_LATEST_VERSION_DOWNLOAD}" - ${ECHOCMD} " " - ${ECHOCMD} "[Phase 3] Downloading latest release" - ${ECHOCMD} "Download location: ${FULLPATH}" - if [ ! "${WGET_EXISTS}" = "" ]; then - LogText "Using wget to download latest release" - LAST_COMMAND_HELP="wget --output-document ${TMP_FILE} ${FULLPATH}" - wget --output-document ${TMP_FILE} ${FULLPATH} 2> /dev/null - EXIT_CODE=$? - elif [ ! "${CURL_EXISTS}" = "" ]; then - LogText "Using curl to download latest release" - LAST_COMMAND_HELP="curl --fail -o ${TMP_FILE} ${FULLPATH}" - curl --fail -o ${TMP_FILE} ${FULLPATH} 2> /dev/null - EXIT_CODE=$? - fi - if [ ${EXIT_CODE} -eq 0 ]; then - if [ -f ${TMP_FILE} ]; then - ${ECHOCMD} "Download successful" - # Extract the file to the related path, with 'lynis' appended - # Note: by default the tarball includes 'lynis' as directory - if [ ! -d ${UPDATE_LOCAL_DIRECTORY} ]; then - ${ECHOCMD} "Error: directory ${UPDATE_LOCAL_DIRECTORY} does not exist" - ExitFatal - fi - ${ECHOCMD} "Extracting latest version to path ${UPDATE_LOCAL_DIRECTORY}" - if [ ! -d ${UPDATE_LOCAL_DIRECTORY}/lynis ]; then - ${ECHOCMD} "Creating 'lynis' directory in ${UPDATE_LOCAL_DIRECTORY}" - mkdir ${UPDATE_LOCAL_DIRECTORY}/lynis - if [ $? -gt 0 ]; then - ${ECHOCMD} "Error: could not create directory ${UPDATE_LOCAL_DIRECTORY}/lynis" - ExitFatal - fi - fi - if [ -d ${UPDATE_LOCAL_DIRECTORY}/lynis ]; then - ${ECHOCMD} "Extracting files to ${UPDATE_LOCAL_DIRECTORY}" - tar xzf ${TMP_FILE} -C ${UPDATE_LOCAL_DIRECTORY} - if [ $? -eq 0 ]; then - # Check if we can find the Lynis binary (in the created 'lynis' directory) - if [ -f ${UPDATE_LOCAL_DIRECTORY}/lynis/lynis ]; then - # If version was downloaded, update local version - echo ${SERVER_VERSION} > ${UPDATE_LOCAL_VERSION_INFO} - else - ${ECHOCMD} "Error: could not find downloaded file on disk" - fi - else - ${ECHOCMD} "Error: File extraction failed" - ExitFatal - fi - else - ${ECHOCMD} "Error: could not find lynis directory" - fi - else - ${ECHOCMD} "Error: could not find downloaded file on disk" - ExitFatal - fi - else - ${ECHOCMD} "Error: could not download latest release" - ${ECHOCMD} "Suggestion: ${LAST_COMMAND_HELP}" - ExitFatal - fi - fi - - # Removing temp file - LogText "Action: Removing temporary file ${TMP_FILE}" - if [ "${TMP_FILE}" = "" ]; then - if [ -f ${TMP_FILE} ]; then - rm -f ${TMP_FILE} - fi - fi - - ${ECHOCMD} " " - ${ECHOCMD} "Done" - ${ECHOCMD} " " + ${ECHOCMD} "Deprecated: this function is no longer available. Use a package (https://packages.cisofy.com), or deploy via a custom package or script." # Update check elif [ "$1" = "info" ]; then diff --git a/include/parameters b/include/parameters index bb5c4e64..878fa63f 100644 --- a/include/parameters +++ b/include/parameters @@ -148,7 +148,6 @@ echo "Examples:" echo "lynis update check" echo "lynis update info" - echo "lynis update release" ExitFatal fi ;;