def _install_jdk(): ''' Installation of the java sdk. ''' if (not os.access(JDK_INSTALL_PATH, os.F_OK)): os.chdir(app.INSTALL_DIR) if (not os.access(JDK_INSTALL_FILE, os.F_OK)): general.download_file(JDK_REPO_URL) x("chmod u+rx " + JDK_INSTALL_FILE) if (os.access(JDK_INSTALL_FILE, os.F_OK)): x("tar -zxvf "+JDK_INSTALL_FILE ) x("mkdir /usr/java") x("mv "+JDK_VERSION+" /usr/java") x("rm -f /usr/java/default") x("rm -f /usr/java/latest") x("ln -s /usr/java/"+JDK_VERSION+" /usr/java/default") x("ln -s /usr/java/default /usr/java/latest") x("chown root:glassfish -R /usr/java/"+JDK_VERSION) x("chmod 774 -R /usr/java/"+JDK_VERSION) x("chmod 701 /usr/java") x("alternatives --install /usr/bin/javac javac /usr/java/latest/bin/javac 20000") x("alternatives --install /usr/bin/jar jar /usr/java/latest/bin/jar 20000") x("alternatives --install /usr/bin/java java /usr/java/latest/jre/bin/java 20000") x("alternatives --install /usr/bin/javaws javaws /usr/java/latest/jre/bin/javaws 20000") else: raise Exception("Not able to download " + JDK_INSTALL_FILE)
def _install_mysql_connector(domain_name): ''' Install mysql connector http://www.mysql.com/downloads/connector/j/ ''' os.chdir(app.INSTALL_DIR) if (not os.access(MYSQL_CONNECTOR_INTALL_FILE, os.F_OK)): general.download_file(MYSQL_CONNECTOR_REPO_URL, user="******") general.download_file(MYSQL_CONNECTOR_REPO_URL + ".asc", user="******") x("gpg --keyserver keyserver.ubuntu.com --recv-keys 5072E1F5", user="******") signature = x("gpg --verify " + MYSQL_CONNECTOR_INTALL_FILE + ".asc", user="******") if (r'Good signature from "MySQL Release Engineering <*****@*****.**>"' not in signature): raise Exception("Invalid signature.") # TODO: Should it be under /ext/? x("tar zxf " + MYSQL_CONNECTOR_INTALL_FILE, user="******") x("cp " + MYSQL_CONNECTOR_VERSION + "/" + MYSQL_CONNECTOR_VERSION + "-bin.jar " + GLASSFISH_DOMAINS_PATH + domain_name + "/lib/ext/", user="******")
def _install_mysql_connect(): """Install the mysql connect""" os.chdir(app.INSTALL_DIR) general.download_file(MYSQL_CONNECTOR_REPO_URL) x("tar -zxvf "+MYSQL_FILE_NAME+".tar.gz") x("\cp -f "+MYSQL_FILE_NAME+"/"+MYSQL_FILE_NAME+"-bin.jar /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/") x("chown glassfish:glassfish -R /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/*")
def _install_glassfish(): ''' Installation of the glassfish application server. ''' x("yum install zip -y") if (not os.access(GLASSFISH_INSTALL_PATH + "/glassfish", os.F_OK)): os.chdir(app.INSTALL_DIR) if (not os.access(GLASSFISH_INSTALL_FILE, os.F_OK)): general.download_file(GLASSFISH_REPO_URL, user="******") # Set executeion permissions and run the installation. if ".zip" in GLASSFISH_INSTALL_FILE: install.package("unzip") x("unzip " + GLASSFISH_INSTALL_FILE + " -d /usr/local/") x("chown glassfish:glassfish -R "+GLASSFISH_INSTALL_PATH) else: raise Exception("Only installing zip version of glassfish") # Install the start script # It's possible to do this from glassfish with "asadmin create-service", # but our own script is a little bit better. It creates startup log files # and has a better "start user" functionality. x(GLASSFISH_INSTALL_PATH+"/bin/asadmin create-service") x("su glassfish " + GLASSFISH_INSTALL_PATH + "/bin/asadmin start-domain")
def _install_mariadb_connect(): """Install the mariadb connect""" os.chdir(app.INSTALL_DIR) general.download_file(MARIADB_CONNECTOR_REPO_URL) x("\cp -f %s /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/" % MARIADB_FILE_NAME) x("chown glassfish5:glassfish5 -R /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/*") x("chmod 444 /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/*")
def install_es(args): ''' Install setup Elasticsearch ''' if not os.path.isfile('/usr/bin/java'): raise Exception("No Java stopping") if (len(args) != 2): raise Exception("syco install-es VERSION [syco install-es 1.5.2]") ES_VERSION = args[1] #getting and setting up md5 sha1ES_got = urllib2.urlopen( 'https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-' + ES_VERSION + '.noarch.rpm.sha1.txt') sha1ES = sha1ES_got.read().split(' ')[0] x('yum install wget -y') download_file( 'https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-' + ES_VERSION + '.noarch.rpm', sha1=sha1ES) x('yum localinstall /opt/syco/installtemp/elasticsearch-' + ES_VERSION + '.noarch.rpm -y') x('/etc/init.d/elasticsearch restart') x('chkconfig elasticsearch on')
def _install_google_guice(domain_name): ''' Install google guice http://code.google.com/p/google-guice/ http://code.google.com/p/google-guice/downloads/list ''' os.chdir(app.INSTALL_DIR) if (not os.access("guice-3.0.zip", os.F_OK)): general.download_file( "http://google-guice.googlecode.com/files/guice-3.0.zip", user="******") x("unzip -oq guice-3.0.zip", user="******") x("cp guice-3.0/guice-3.0.jar " + GLASSFISH_DOMAINS_PATH + domain_name + "/lib/ext/", user="******") x("cp guice-3.0/guice-assistedinject-3.0.jar " + GLASSFISH_DOMAINS_PATH + domain_name + "/lib/ext/", user="******") x("cp guice-3.0/aopalliance.jar " + GLASSFISH_DOMAINS_PATH + domain_name + "/lib/ext/", user="******") x("cp guice-3.0/javax.inject.jar " + GLASSFISH_DOMAINS_PATH + domain_name + "/lib/ext/", user="******")
def _install_jdk(): ''' Installation of the java sdk. ''' if (not os.access(JDK_INSTALL_PATH, os.F_OK)): os.chdir(app.INSTALL_DIR) if (not os.access(JDK_INSTALL_FILE, os.F_OK)): general.download_file(JDK_REPO_URL, user="******") x("chmod u+rx " + JDK_INSTALL_FILE) if (os.access(JDK_INSTALL_FILE, os.F_OK)): x("tar -zxvf "+JDK_INSTALL_FILE ) x("mkdir /usr/java") x("mv "+JDK_VERSION+" /usr/java") x("rm -f /usr/java/default") x("rm -f /usr/java/latest") x("ln -s /usr/java/"+JDK_VERSION+" /usr/java/default") x("ln -s /usr/java/default /usr/java/latest") x("chown root:glassfish -R /usr/java/"+JDK_VERSION) x("chmod 774 -R /usr/java/"+JDK_VERSION) x("chmod 701 /usr/java") x("alternatives --install /usr/bin/javac javac /usr/java/latest/bin/javac 20000") x("alternatives --install /usr/bin/jar jar /usr/java/latest/bin/jar 20000") x("alternatives --install /usr/bin/java java /usr/java/latest/jre/bin/java 20000") x("alternatives --install /usr/bin/javaws javaws /usr/java/latest/jre/bin/javaws 20000") else: raise Exception("Not able to download " + JDK_INSTALL_FILE)
def copy_easy_rsa(): # Downloading and md5 checking download_file('https://github.com/OpenVPN/easy-rsa/archive/release/2.x.zip') x('unzip /opt/syco/installtemp/2.x.zip') x('mv /opt/syco/installtemp/easy-rsa-release-2.x/easy-rsa/2.0/ /etc/openvpn/easy-rsa') x('chmod 700 /etc/openvpn/easy-rsa/*')
def copy_easy_rsa(): # Downloading and md5 checking download_file( 'https://github.com/OpenVPN/easy-rsa/archive/release/2.x.zip') x('unzip /opt/syco/installtemp/2.x.zip') x('mv /opt/syco/installtemp/easy-rsa-release-2.x/easy-rsa/2.0/ /etc/openvpn/easy-rsa' ) x('chmod 700 /etc/openvpn/easy-rsa/*')
def _install_mysql_connect(): ''' Install the mysql connect ''' os.chdir(app.INSTALL_DIR) general.download_file(MYSQL_CONNECTOR_REPO_URL) x("tar -zxvf "+MYSQL_FILE_NAME+".tar.gz") x("\cp -f "+MYSQL_FILE_NAME+"/"+MYSQL_FILE_NAME+"-bin.jar "+GLASSFISH_INSTALL_PATH+"/glassfish/domains/domain1/lib/ext/") x("chown glassfish:glassfish -R "+GLASSFISH_INSTALL_PATH+"/glassfish/domains/domain1/lib/ext/*")
def _install_mariadb_connect(): """Install the mariadb connect""" os.chdir(app.INSTALL_DIR) general.download_file(MARIADB_CONNECTOR_REPO_URL) x("\cp -f %s /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/" % MARIADB_FILE_NAME) x("chown glassfish5:glassfish5 -R /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/*" ) x("chmod 444 /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/*")
def install_logstash(version): """ Download and install logstash """ download_file("https://download.elasticsearch.org/logstash/logstash/logstash-{0}.tar.gz".format(version)) x("mv /opt/syco/installtemp/logstash-{0}.tar.gz /opt/logstash.tar.gz".format(version)) x("tar -zxvf /opt/logstash.tar.gz -C /opt/") x("rm /opt/logstash.tar.gz") x("rm -rf /opt/logstash") x("ln -s /opt/logstash-1* /opt/logstash")
def _install_guice(): """Installing guice to glassfish""" os.chdir(app.INSTALL_DIR) general.download_file(GUICE_URL) x("unzip -o %s.zip" % GUICE_NAME) x("cp %s/%s.jar /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/" % (GUICE_NAME, GUICE_NAME)) x("cp %s/guice-assistedinject* /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/" % GUICE_NAME) x("cp %s/aopalliance* /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/" % GUICE_NAME) x("cp %s/javax.inject* /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/" % GUICE_NAME) x("chown glassfish5:glassfish5 -R /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/*")
def _install_guice(): """Installing guice to glassfish""" os.chdir(app.INSTALL_DIR) general.download_file(GUICE_URL) x("unzip -o "+GUICE_NAME+".zip") x("cp "+GUICE_NAME+ "/" +GUICE_NAME+ ".jar /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/") x("cp "+GUICE_NAME+ "/guice-assistedinject* /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/") x("cp "+GUICE_NAME+ "/aopalliance* /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/") x("cp "+GUICE_NAME+ "/javax.inject* /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/") x("chown glassfish:glassfish -R /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/*")
def install_logstash(version): """ Download and install logstash """ download_file("https://download.elasticsearch.org/logstash/logstash/logstash-{0}.tar.gz".format(version)) x('mv /opt/syco/installtemp/logstash-{0}.tar.gz /opt/logstash.tar.gz'.format(version)) x('tar -zxvf /opt/logstash.tar.gz -C /opt/') x('rm /opt/logstash.tar.gz') x('rm -rf /opt/logstash') x('ln -s /opt/logstash-1* /opt/logstash')
def _install_glassfish(): ''' Installation of the glassfish application server. ''' if (not os.access(GLASSFISH_INSTALL_PATH + "/glassfish", os.F_OK)): os.chdir(app.INSTALL_DIR) if (not os.access(GLASSFISH_INSTALL_FILE, os.F_OK)): general.download_file(GLASSFISH_REPO_URL, user="******") # Create installation dir if (not os.access(GLASSFISH_INSTALL_PATH, os.F_OK)): x("mkdir -p " + GLASSFISH_INSTALL_PATH) x("chmod 770 " + GLASSFISH_INSTALL_PATH) x("chown 200:200 " + GLASSFISH_INSTALL_PATH) # Set executeion permissions and run the installation. if ".zip" in GLASSFISH_INSTALL_FILE: install.package("unzip") x("unzip " + GLASSFISH_INSTALL_FILE + " -d " + GLASSFISH_INSTALL_PATH, user="******") x("mv " + GLASSFISH_INSTALL_PATH + "glassfish3/* " + GLASSFISH_INSTALL_PATH, user="******") x("rm -rf " + GLASSFISH_INSTALL_PATH + "glassfish3", user="******") else: raise Exception("Only installing zip version of glassfish") # Install the start script # It's possible to do this from glassfish with "asadmin create-service", # but our own script is a little bit better. It creates startup log files # and has a better "start user" functionality. if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)): x("cp " + app.SYCO_PATH + "var/glassfish/" + GLASSFISH_VERSION + " /etc/init.d/" + GLASSFISH_VERSION) x("chmod 0755 " + "/etc/init.d/" + GLASSFISH_VERSION) x("/sbin/chkconfig --add " + GLASSFISH_VERSION) x("/sbin/chkconfig --level 3 " + GLASSFISH_VERSION + " on") scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace( "${MYSQL_PRIMARY}", config.general.get_mysql_primary_master_ip()) scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace( "${MYSQL_SECONDARY}", config.general.get_mysql_secondary_master_ip()) if (not os.access(GLASSFISH_DOMAINS_PATH + "domain1/config/domain.xml", os.F_OK)): raise Exception("Failed to install " + GLASSFISH_INSTALL_PATH) if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)): raise Exception("Failed to install /etc/init.d/" + GLASSFISH_VERSION)
def install_logstash(version): ''' Download and install logstash ''' #x("curl -O https://download.elasticsearch.org/logstash/logstash/logstash-{0}.tar.gz".format(version)) download_file("https://download.elasticsearch.org/logstash/logstash/logstash-{0}.tar.gz".format(version)) x('mv /opt/syco/installtemp/logstash-{0}.tar.gz /opt/logstash.tar.gz'.format(version)) x('tar -zxvf /opt/logstash.tar.gz -C /opt/') x('rm /opt/logstash.tar.gz') x('rm -rf /opt/logstash') x('ln -s /opt/logstash-1* /opt/logstash')
def _update_modsec_rules(): general.download_file(MODSEC_RULES_URL, MODSEC_RULES_FILE + ".tar.gz") os.chdir(app.INSTALL_DIR) x("rm -fR /etc/httpd/modsecurity.d") x("mkdir -p /etc/httpd/rules_tmp") x("tar -xvf " + MODSEC_RULES_FILE + ".tar.gz -C /etc/httpd/rules_tmp") x("mv /etc/httpd/rules_tmp/*/ /etc/httpd/modsecurity.d") x("rm -rf /etc/httpd/rules_tmp") # Install customized rules. x("cp " + app.SYCO_PATH + "var/httpd/modsecurity.d/* /etc/httpd/modsecurity.d")
def copy_easy_rsa(): # Downloading and md5 checking download_file(EASY_RSA_DOWNLOAD, "v2.2.0.zip",md5=EASY_RSA_MD5) # Unzipping and moving easy-rsa files install_dir = get_install_dir() x("yum -y install unzip") x("unzip {0}{1} -d {0}".format(install_dir,"v2.2.0.zip")) x("mv {0}easy-rsa-2.2.0/easy-rsa/2.0 /etc/openvpn/easy-rsa".format(install_dir)) x("yum -y remove unzip")
def _install_guice(): ''' Installing guice to glassfish ''' os.chdir(app.INSTALL_DIR) general.download_file(GUICE_URL) x("unzip "+GUICE_NAME+".zip") x("cp "+GUICE_NAME+ "/" +GUICE_NAME+ ".jar "+GLASSFISH_INSTALL_PATH+"/glassfish/domains/domain1/lib/ext/") x("cp "+GUICE_NAME+ "/guice-assistedinject* "+GLASSFISH_INSTALL_PATH+"/glassfish/domains/domain1/lib/ext/") x("cp "+GUICE_NAME+ "/aopalliance* "+GLASSFISH_INSTALL_PATH+"/glassfish/domains/domain1/lib/ext/") x("cp "+GUICE_NAME+ "/javax.inject* "+GLASSFISH_INSTALL_PATH+"/glassfish/domains/domain1/lib/ext/") x("chown glassfish:glassfish -R "+GLASSFISH_INSTALL_PATH+"/glassfish/domains/domain1/lib/ext/*")
def copy_easy_rsa(): # Downloading and md5 checking download_file(EASY_RSA_DOWNLOAD, "v2.2.0.zip", md5=EASY_RSA_MD5) # Unzipping and moving easy-rsa files install_dir = get_install_dir() x("yum -y install unzip") x("unzip {0}{1} -d {0}".format(install_dir, "v2.2.0.zip")) x("mv {0}easy-rsa-2.2.0/easy-rsa/2.0 /etc/openvpn/easy-rsa".format( install_dir)) x("yum -y remove unzip")
def _download_loganalyzer(): ''' Download loganalyzer tar.gz and extract files in httpd folder. ''' # Remove old installation x("rm -rf /var/www/html/loganalyzer") general.download_file(LOGANALYZER_URL) x("tar zxf {0}/{1}.tar.gz -C {2}".format(app.INSTALL_DIR, LOGANALYZER_FILE, app.INSTALL_DIR)) x("cp -rp /{0}/{1}/src /var/www/html/loganalyzer".format( app.INSTALL_DIR, LOGANALYZER_FILE))
def _install_nrpe_plugins_dependencies(): ''' Install libraries/binaries that the NRPE-plugins depend on. ''' # Dependency for check_rsyslog x("yum install -y MySQL-python") # Dependency for check_clamav x("yum install -y nagios-plugins-perl perl-Net-DNS-Resolver-Programmable sudo yum install perl-suidperl") nrpe_sudoers_file = scopen.scOpen("/etc/sudoers.d/nrpe") nrpe_sudoers_file.add("Defaults:nrpe !requiretty") nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}check_clamav".format(PLG_PATH)) nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}check_clamscan".format(PLG_PATH)) nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}check_disk".format(PLG_PATH)) nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}get_services".format(PLG_PATH)) nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-deleted-files".format(PLG_PATH)) nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}mysql/pmp-check-mysql-file-privs".format(PLG_PATH)) # Dependency for check_clamscan x("yum install -y perl-Proc-ProcessTable perl-Date-Calc") # Dependency for check_ldap x("yum install -y php-ldap php-cli") # Dependency for hosts/firewall hardware checks host_config_object = config.host(net.get_hostname()) if host_config_object.is_host() or host_config_object.is_firewall(): # Create an installname and filenames install_dir = general.get_install_dir() # Download and install HP health monitoring package general.download_file( HP_HEALTH_URL, HP_HEALTH_FILENAME, md5=HP_HEALTH_MD5 ) x("yum install {0} -y".format(HP_HEALTH_FILENAME)) # Remove their evil crontab x("rm -f /etc/cron.d/hp-health") # Let nrpe run hpasmcli nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:/sbin/hpasmcli") nrpe_sudoers_file.add("nrpe ALL=NOPASSWD:{0}check_hpasm".format(PLG_PATH)) x("service hp-health start") # Kernel wont parse anything but read-only in sudoers. So chmod it. x("chmod 0440 /etc/sudoers.d/nrpe")
def _install_guice(): """Installing guice to glassfish""" os.chdir(app.INSTALL_DIR) general.download_file(GUICE_URL) x("unzip -o %s.zip" % GUICE_NAME) x("cp %s/%s.jar /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/" % (GUICE_NAME, GUICE_NAME)) x("cp %s/guice-assistedinject* /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/" % GUICE_NAME) x("cp %s/aopalliance* /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/" % GUICE_NAME) x("cp %s/javax.inject* /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/" % GUICE_NAME) x("chown glassfish5:glassfish5 -R /usr/local/glassfish5/glassfish/domains/domain1/lib/ext/*" )
def _download_loganalyzer(): ''' Download loganalyzer tar.gz and extract files in httpd folder. ''' # Remove old installation x("rm -rf /var/www/html/loganalyzer") general.download_file(LOGANALYZER_URL) x("tar zxf {0}/{1}.tar.gz -C {2}".format( app.INSTALL_DIR, LOGANALYZER_FILE, app.INSTALL_DIR) ) x("cp -rp /{0}/{1}/src /var/www/html/loganalyzer".format( app.INSTALL_DIR, LOGANALYZER_FILE ))
def _update_modsec_rules(): general.download_file("http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/" + MODSEC_RULES_FILE + ".tar.gz/download", MODSEC_RULES_FILE + ".tar.gz") general.download_file("http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/" + MODSEC_RULES_FILE + ".tar.gz.asc/download", MODSEC_RULES_FILE + ".tar.gz.asc") os.chdir(app.INSTALL_DIR) x("gpg --keyserver keyserver.ubuntu.com --recv-keys 9624FCD2") signature = x("gpg " + MODSEC_RULES_FILE + ".tar.gz.asc") if (r'Good signature from "Ryan Barnett (OWASP Core Rule Set Project Leader) <*****@*****.**>"' not in signature): raise Exception("Invalid signature.") x("rm -fR /etc/httpd/modsecurity.d") x("tar zxvf " + MODSEC_RULES_FILE + ".tar.gz -C /etc/httpd") x("mv /etc/httpd/" + MODSEC_RULES_FILE + " /etc/httpd/modsecurity.d") # Install customized rules. x("cp " + app.SYCO_PATH + "var/httpd/modsecurity.d/* /etc/httpd/modsecurity.d")
def _install_google_guice(domain_name): ''' Install google guice http://code.google.com/p/google-guice/ http://code.google.com/p/google-guice/downloads/list ''' os.chdir(app.INSTALL_DIR) if (not os.access("guice-3.0.zip", os.F_OK)): general.download_file("http://google-guice.googlecode.com/files/guice-3.0.zip", user="******") x("unzip -oq guice-3.0.zip", user="******") x("cp guice-3.0/guice-3.0.jar " + GLASSFISH_DOMAINS_PATH + domain_name + "/lib/ext/", user="******") x("cp guice-3.0/guice-assistedinject-3.0.jar " + GLASSFISH_DOMAINS_PATH + domain_name + "/lib/ext/", user="******") x("cp guice-3.0/aopalliance.jar " + GLASSFISH_DOMAINS_PATH + domain_name + "/lib/ext/", user="******") x("cp guice-3.0/javax.inject.jar " + GLASSFISH_DOMAINS_PATH + domain_name + "/lib/ext/", user="******")
def _install_guice(): """Installing guice to glassfish""" os.chdir(app.INSTALL_DIR) general.download_file(GUICE_URL) x("unzip -o " + GUICE_NAME + ".zip") x("cp " + GUICE_NAME + "/" + GUICE_NAME + ".jar /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/") x("cp " + GUICE_NAME + "/guice-assistedinject* /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/" ) x("cp " + GUICE_NAME + "/aopalliance* /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/") x("cp " + GUICE_NAME + "/javax.inject* /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/" ) x("chown glassfish:glassfish -R /usr/local/glassfish4/glassfish/domains/domain1/lib/ext/*" )
def download(): ''' Download all files required by snort. Note: Should be modified to download files to install server. ''' general.download_file(SNORT_URL, SNORT_FILENAME, md5=SNORT_MD5) general.download_file(DAQ_URL, DAQ_FILENAME, md5=DAQ_MD5) general.download_file(LIBNET_URL, LIBNET_FILENAME, md5=LIBNET_MD5) general.download_file(RULE_URL, RULE_FILENAME, md5=RULE_MD5)
def build_ossec(preloaded_conf): x('yum install gcc make perl-Time-HiRes -y') # Downloading and md5 checking download_file(OSSEC_DOWNLOAD, "ossec-hids.tar.gz",md5=OSSEC_MD5) # Preparing OSSEC for building install_dir = get_install_dir() x("tar -C {0} -zxf {0}ossec-hids.tar.gz".format(install_dir)) x("mv {0}ossec-hids-* {0}ossecbuild".format(install_dir)) # Coping in ossec settings before build x('\cp -f /opt/syco/var/ossec/osseconf/{0} {1}ossecbuild/etc/preloaded-vars.conf'.format(preloaded_conf, install_dir)) # Building OSSEC x('{0}ossecbuild/install.sh'.format(install_dir)) # Autostart ossec. x("chkconfig ossec on")
def install_es(args): ''' Install setup Elasticsearch ''' if not os.path.isfile('/usr/bin/java'): raise Exception("No Java stopping") if (len(args) != 2): raise Exception("syco install-es VERSION [syco install-es 1.5.2]") ES_VERSION=args[1] #getting and setting up md5 sha1ES_got=urllib2.urlopen('https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-'+ES_VERSION +'.noarch.rpm.sha1.txt') sha1ES= sha1ES_got.read().split(' ')[0] x('yum install wget -y') download_file('https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-'+ES_VERSION +'.noarch.rpm',sha1=sha1ES) x('yum localinstall /opt/syco/installtemp/elasticsearch-'+ES_VERSION +'.noarch.rpm -y') x('/etc/init.d/elasticsearch restart') x('chkconfig elasticsearch on')
def _install_glassfish(): ''' Installation of the glassfish application server. ''' if (not os.access(GLASSFISH_INSTALL_PATH + "/glassfish", os.F_OK)): os.chdir(app.INSTALL_DIR) if (not os.access(GLASSFISH_INSTALL_FILE, os.F_OK)): general.download_file(GLASSFISH_REPO_URL, user="******") # Create installation dir if (not os.access(GLASSFISH_INSTALL_PATH, os.F_OK)): x("mkdir -p " + GLASSFISH_INSTALL_PATH) x("chmod 770 " + GLASSFISH_INSTALL_PATH) x("chown 200:200 " + GLASSFISH_INSTALL_PATH) # Set executeion permissions and run the installation. if ".zip" in GLASSFISH_INSTALL_FILE: install.package("unzip") x("unzip " + GLASSFISH_INSTALL_FILE + " -d " + GLASSFISH_INSTALL_PATH, user="******") x("mv " + GLASSFISH_INSTALL_PATH + "glassfish3/* " + GLASSFISH_INSTALL_PATH, user="******") x("rm -rf " + GLASSFISH_INSTALL_PATH + "glassfish3", user="******") else: raise Exception("Only installing zip version of glassfish") # Install the start script # It's possible to do this from glassfish with "asadmin create-service", # but our own script is a little bit better. It creates startup log files # and has a better "start user" functionality. if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)): x("cp " + app.SYCO_PATH + "var/glassfish/" + GLASSFISH_VERSION + " /etc/init.d/" + GLASSFISH_VERSION) x("chmod 0755 " + "/etc/init.d/" + GLASSFISH_VERSION) x("/sbin/chkconfig --add " + GLASSFISH_VERSION) x("/sbin/chkconfig --level 3 " + GLASSFISH_VERSION + " on") scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace("${MYSQL_PRIMARY}", config.general.get_mysql_primary_master_ip()) scOpen("/etc/init.d/" + GLASSFISH_VERSION).replace("${MYSQL_SECONDARY}", config.general.get_mysql_secondary_master_ip()) if (not os.access(GLASSFISH_DOMAINS_PATH + "domain1/config/domain.xml", os.F_OK)): raise Exception("Failed to install " + GLASSFISH_INSTALL_PATH) if (not os.access("/etc/init.d/" + GLASSFISH_VERSION, os.F_OK)): raise Exception("Failed to install /etc/init.d/" + GLASSFISH_VERSION)
def _install_jdk(): ''' Installation of the java sdk. ''' if (not os.access(JDK_INSTALL_PATH, os.F_OK)): os.chdir(app.INSTALL_DIR) if (not os.access(JDK_INSTALL_FILE, os.F_OK)): general.download_file(JDK_REPO_URL, user="******") x("chmod u+rx " + JDK_INSTALL_FILE) if (os.access(JDK_INSTALL_FILE, os.F_OK)): general.shell_run("./" + JDK_INSTALL_FILE, events={ "ename: ": "A\r\n", "Press Enter to continue.....": "\r\n\r\n", "timeout": "-1" }) else: raise Exception("Not able to download " + JDK_INSTALL_FILE)
def install_sonar(args): ''' Install and configure sonar on the local host. ''' if (len(args) != 2): raise Exception("syco install-espower Logstash Version [syco install-sonare 5.0]") if os.path.isfile("/bin/java"): ''' Is Java installed ? ''' x('yum install wget unzip -y') x('rm -rf /opt/sonarqube') download_file('http://dist.sonar.codehaus.org/sonarqube-{0}.zip'.format(args[1])) x('mv /opt/syco/installtemp/sonarqube-{0}.zip /opt/sonarqube.zip'.format(args[1])) x('unzip /opt/sonarqube.zip') x('/opt/sonarqube/bin/linux-x86-64/sonar.sh start') x('rm /opt/sonarqube-5.0.zip') else: print("No java is installed")
def build_ossec(preloaded_conf): x('yum install gcc make perl-Time-HiRes -y') # Downloading and md5 checking download_file(OSSEC_DOWNLOAD, "ossec-hids.tar.gz", md5=OSSEC_MD5) # Preparing OSSEC for building install_dir = get_install_dir() x("tar -C {0} -zxf {0}ossec-hids.tar.gz".format(install_dir)) x("mv {0}ossec-hids-* {0}ossecbuild".format(install_dir)) # Coping in ossec settings before build x('\cp -f /opt/syco/var/ossec/osseconf/{0} {1}ossecbuild/etc/preloaded-vars.conf' .format(preloaded_conf, install_dir)) # Building OSSEC x('{0}ossecbuild/install.sh'.format(install_dir)) # Autostart ossec. x("chkconfig ossec on")
def _install_jdk(): ''' Installation of the java sdk. ''' if (not os.access(JDK_INSTALL_PATH, os.F_OK)): os.chdir(app.INSTALL_DIR) if (not os.access(JDK_INSTALL_FILE, os.F_OK)): general.download_file(JDK_REPO_URL, user="******") x("chmod u+rx " + JDK_INSTALL_FILE) if (os.access(JDK_INSTALL_FILE, os.F_OK)): general.shell_run("./" + JDK_INSTALL_FILE, events={ "ename: ": "A\r\n", "Press Enter to continue.....": "\r\n\r\n", "timeout":"-1" } ) else: raise Exception("Not able to download " + JDK_INSTALL_FILE)
def _install_mysql_connector(domain_name): ''' Install mysql connector http://www.mysql.com/downloads/connector/j/ ''' os.chdir(app.INSTALL_DIR) if (not os.access(MYSQL_CONNECTOR_INTALL_FILE, os.F_OK)): general.download_file(MYSQL_CONNECTOR_REPO_URL, user="******") general.download_file(MYSQL_CONNECTOR_REPO_URL + ".asc", user="******") x("gpg --keyserver keyserver.ubuntu.com --recv-keys 5072E1F5", user="******") signature = x("gpg --verify " + MYSQL_CONNECTOR_INTALL_FILE + ".asc", user="******") if (r'Good signature from "MySQL Release Engineering <*****@*****.**>"' not in signature): raise Exception("Invalid signature.") # TODO: Should it be under /ext/? x("tar zxf " + MYSQL_CONNECTOR_INTALL_FILE, user="******") x("cp " + MYSQL_CONNECTOR_VERSION +"/" + MYSQL_CONNECTOR_VERSION + "-bin.jar " + GLASSFISH_DOMAINS_PATH + domain_name + "/lib/ext/", user="******")
def _install_glassfish(): """Installation of the glassfish application server.""" if not os.access("/usr/local/glassfish5/glassfish", os.F_OK): os.chdir(app.INSTALL_DIR) if not os.access(GLASSFISH_INSTALL_FILE, os.F_OK): general.download_file(GLASSFISH_REPO_URL) if os.access(GLASSFISH_INSTALL_FILE, os.F_OK): # Set execute permissions and run the installation. x("unzip %s -d /usr/local/" % GLASSFISH_INSTALL_FILE) x("chown glassfish5:glassfish5 -R /usr/local/glassfish5") else: raise Exception("Not able to download %s" % GLASSFISH_INSTALL_FILE) # Install the start script # It's possible to do this from glassfish with "asadmin create-service", # but our own script is a little bit better. It creates startup log # files and has a better "start user" functionality. x("cp %svar/glassfish/glassfish5 /etc/init.d/glassfish5" % app.SYCO_PATH) x("chown root:root /etc/init.d/glassfish5") x("chmod 0755 /etc/init.d/glassfish5") x("/sbin/chkconfig --add glassfish5") x("/sbin/chkconfig --level 3 glassfish5 on") scOpen("/etc/init.d/glassfish5").replace( "${MYSQL_PRIMARY}", config.general.get_mysql_primary_master_ip()) scOpen("/etc/init.d/glassfish5").replace( "${MYSQL_SECONDARY}", config.general.get_mysql_secondary_master_ip()) x("/etc/init.d/glassfish5 start -n") x("rm -f /etc/init.d/GlassFish_domain1") xml = "/usr/local/glassfish5/glassfish/domains/domain1/config/domain.xml" if not os.access(xml, os.F_OK): raise Exception("Failed to install glassfish ") if not os.access("/etc/init.d/glassfish5", os.F_OK): raise Exception("Failed to install /etc/init.d/glassfish5")
def _install_mod_security(): if (not os.access("/usr/lib64/httpd/modules/mod_security2.so", os.F_OK)): # Needed for running modsec. x("yum -y install pkgconfig libxml2 libxml2-devel curl lua") # Needed for compiling modsec x("yum -y install httpd-devel apr apr-util pcre make gcc pcre-devel curl-devel lua-devel") # Downloading and verify the pgp key for modsec. general.download_file(MODSEC_REPO_URL) general.download_file(MODSEC_ASC_REPO_URL) os.chdir(app.INSTALL_DIR) x("gpg --keyserver keyserver.ubuntu.com --recv-keys 6980F8B0") signature = x("gpg --verify " + MODSEC_ASC_FILE) if (r'Good signature from "Breno Silva Pinto <*****@*****.**>"' not in signature): raise Exception("Invalid signature.") # Compile and install modsec os.chdir(app.INSTALL_DIR) x("tar zxf " + MODSEC_INSTALL_FILE + ".tar.gz") os.chdir(app.INSTALL_DIR + MODSEC_INSTALL_FILE) x("./configure") x("make") x("make install") x("chmod 755 /usr/lib64/httpd/modules/mod_security2.so") x("chcon system_u:object_r:httpd_modules_t:s0 /usr/lib64/httpd/modules/mod_security2.so") # Remove needed packages for installation of modsec. # TODO: See if their is any other dependencies to thease packages. x( "yum -y erase httpd-devel apr-devel apr-util-devel cpp gcc" + " cyrus-sasl-devel db4-devel expat-devel glibc-devel glibc-headers" + " kernel-headers openldap-devel pcre-devel curl-devel" + " lua-devel libidn-devel" ) # Install mode-sec config files. x("cp " + app.SYCO_PATH + "var/httpd/conf.d/003-modsecurity.conf /etc/httpd/conf.d/")
def _install_mod_security(): if not os.access("/usr/lib64/httpd/modules/mod_security2.so", os.F_OK): # Needed for running modsec. x("yum -y install pkgconfig libxml2 libxml2-devel curl lua") # Needed for compiling modsec x("yum -y install httpd-devel apr apr-util pcre gcc gcc-c++ pcre-devel curl-devel") # Downloading and verify the pgp key for modsec. general.download_file(MODSEC_REPO_URL) general.download_file(MODSEC_MD5_REPO_URL) os.chdir(app.INSTALL_DIR) signature = x("sha256sum -c " + MODSEC_MD5_FILE) if MODSEC_INSTALL_FILE + '.tar.gz: OK' not in signature: raise Exception("Invalid signature.") # Compile and install modsec os.chdir(app.INSTALL_DIR) x("tar zxf " + MODSEC_INSTALL_FILE + ".tar.gz") os.chdir(app.INSTALL_DIR + MODSEC_INSTALL_FILE) x("./configure") x("make") x("make install") x("chmod 755 /usr/lib64/httpd/modules/mod_security2.so") x("chcon system_u:object_r:httpd_modules_t:s0 /usr/lib64/httpd/modules/mod_security2.so") # Remove needed packages for installation of modsec. # TODO: See if their is any other dependencies to these packages. x( "yum -y erase httpd-devel apr-devel apr-util-devel cpp gcc gcc-c++ pcre-devel curl-devel" + " cyrus-sasl-devel db4-devel expat-devel glibc-devel glibc-headers" + " kernel-headers openldap-devel pcre-devel curl-devel" + " lua-devel libidn-devel" ) # Install mode-sec config files. x("cp " + app.SYCO_PATH + "var/httpd/conf.d/003-modsecurity.conf /etc/httpd/conf.d/")
def _install_glassfish(): """Installation of the glassfish application server.""" if not os.access("/usr/local/glassfish4/glassfish", os.F_OK): os.chdir(app.INSTALL_DIR) if not os.access(GLASSFISH_INSTALL_FILE, os.F_OK): general.download_file(GLASSFISH_REPO_URL) if os.access(GLASSFISH_INSTALL_FILE, os.F_OK): # Set execute permissions and run the installation. x("unzip %s -d /usr/local/" % GLASSFISH_INSTALL_FILE) x("chown glassfish:glassfish -R /usr/local/glassfish4") else: raise Exception("Not able to download %s" % GLASSFISH_INSTALL_FILE) # Install the start script # It's possible to do this from glassfish with "asadmin create-service", # but our own script is a little bit better. It creates startup log # files and has a better "start user" functionality. x("cp " + app.SYCO_PATH + "var/glassfish/glassfish-4 /etc/init.d/glassfish-4") x("chown root:root /etc/init.d/glassfish-4") x("chmod 0755 " + "/etc/init.d/glassfish-4") x("/sbin/chkconfig --add glassfish-4") x("/sbin/chkconfig --level 3 glassfish-4 on") scOpen("/etc/init.d/glassfish-4").replace("${MYSQL_PRIMARY}", config.general.get_mysql_primary_master_ip()) scOpen("/etc/init.d/glassfish-4").replace("${MYSQL_SECONDARY}", config.general.get_mysql_secondary_master_ip()) x("/etc/init.d/glassfish-4 start -n") x("rm -f /etc/init.d/GlassFish_domain1") xml="/usr/local/glassfish4/glassfish/domains/domain1/config/domain.xml" if not os.access(xml, os.F_OK): raise Exception("Failed to install ") if (not os.access("/etc/init.d/glassfish-4", os.F_OK)): raise Exception("Failed to install /etc/init.d/glassfish-4")