mirror of https://github.com/MISP/MISP
219 lines
8.1 KiB
Bash
Executable File
219 lines
8.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# Update script for MISP via GitHub
|
|
|
|
### /!\ WARNING /!\ This is WiP and not useable as of now! /!\ We have been warned.
|
|
|
|
## TODO, FIX:
|
|
# Must be launch in the parent directoy of your MISP installation
|
|
|
|
# VAR AFFECTATION
|
|
ver="1.1-20181025"
|
|
day=$(date +%Y%m%d)
|
|
root_folder="/var/www/"
|
|
misp_folder="/var/www/MISP"
|
|
backup_folder="/var/www/MISP_$day"
|
|
logfile="/var/log/git/misp_$day.log"
|
|
git_misp="https://github.com/MISP/MISP.git"
|
|
# Permissions of web user for Debian flavoured and standard Apache installs
|
|
web_perms_deb_u="www-data"
|
|
web_perms_deb_g="www-data"
|
|
|
|
# Permissions of web user for RedHat flavoured and standard Apache installs
|
|
web_perms_rh_u="root"
|
|
web_perms_rh_g="apache"
|
|
|
|
if [ ! -d /var/log/git ]; then
|
|
mkdir -p /var/log/git/
|
|
cd ${misp_folder}
|
|
# The following git config is to be able to handle larger files, as per: https://stackoverflow.com/questions/2702731/git-fails-when-pushing-commit-to-github
|
|
git config http.postBuffer 524288000
|
|
fi
|
|
|
|
if [ -e "/usr/bin/lsb_release" ]; then
|
|
flavour="$(lsb_release -s -i)"
|
|
if [ "${flavour}" == "Debian" || "${flavour}" == "Ubuntu" ]; then
|
|
web_perms_u=${web_perms_deb_u}
|
|
web_perms_g=${web_perms_deb_g}
|
|
debian=1
|
|
fi
|
|
fi
|
|
|
|
if [ -e "/bin/rpm" ]; then
|
|
if [ ! -z $(rpm -qa centos-release) ]; then
|
|
flavour=$(rpm -q centos-release)
|
|
web_perms_u=${web_perms_rh_u}
|
|
web_perms_g=${web_perms_rh_g}
|
|
scl_rh="rh-php70"
|
|
redhat=1
|
|
elif [ ! -z $(rpm -qa redhat-release-server) ]; then
|
|
flavour=$(rpm -q redhat-release-server)
|
|
web_perms_u=${web_perms_rh_u}
|
|
web_perms_g=${web_perms_rh_g}
|
|
scl_rh="rh-php70"
|
|
redhat=1
|
|
else
|
|
echo "You have neither a RedHat or CentOS flavoured OS. Set the permissions of the web user by hand."
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# DEFINE FUNCTIONS
|
|
function log_date () {
|
|
date "+%Y-%m-%d %H:%M:%S [%z %Z]"
|
|
}
|
|
|
|
function apply_permissions () {
|
|
chown -R ${web_perms_u}:${web_perms_g} ${misp_folder}
|
|
find ${misp_folder} -type d -exec chmod g=rx {} \;
|
|
chmod -R g+r,o= ${misp_folder}
|
|
chown ${web_perms_g}:${web_perms_g} ${misp_folder}/app/Config/config.php
|
|
chown ${web_perms_g}:${web_perms_g} ${misp_folder}/app/files
|
|
chown ${web_perms_g}:${web_perms_g} ${misp_folder}/app/files/terms
|
|
chown ${web_perms_g}:${web_perms_g} ${misp_folder}/app/files/scripts/tmp
|
|
chown ${web_perms_g}:${web_perms_g} ${misp_folder}/app/Plugin/CakeResque/tmp
|
|
chown -R ${web_perms_g}:${web_perms_g} ${misp_folder}/app/tmp
|
|
chown -R ${web_perms_g}:${web_perms_g} ${misp_folder}/app/webroot/img/orgs
|
|
chown -R ${web_perms_g}:${web_perms_g} ${misp_folder}/app/webroot/img/custom
|
|
chown -R ${web_perms_g}:${web_perms_g} ${misp_folder}/.gnupg
|
|
chmod 755 ${misp_folder}/app/Console/worker/start.sh
|
|
chown ${web_perms_g}:${web_perms_g} ${misp_folder}/app/Console/worker/start.sh
|
|
chcon -t httpd_sys_rw_content_t ${misp_folder}/app/Config/config.php
|
|
chcon -t httpd_sys_rw_content_t ${misp_folder}/app/files
|
|
chcon -t httpd_sys_rw_content_t ${misp_folder}/app/files/terms
|
|
chcon -t httpd_sys_rw_content_t ${misp_folder}/app/files/scripts/tmp
|
|
chcon -t httpd_sys_rw_content_t ${misp_folder}/app/Plugin/CakeResque/tmp
|
|
chcon -R -t httpd_sys_rw_content_t ${misp_folder}/app/tmp
|
|
chcon -R -t httpd_sys_rw_content_t ${misp_folder}/app/webroot/img/orgs
|
|
chcon -R -t httpd_sys_rw_content_t ${misp_folder}/app/webroot/img/custom
|
|
}
|
|
|
|
# CHECKING PRIVILEGES
|
|
whoami=$(whoami)
|
|
if [[ $whoami != "root" ]]; then
|
|
echo "[ERROR] Please be sure you have root privileges to run the script."
|
|
exit 1
|
|
fi
|
|
|
|
# CHECKING SCRIPT INTEGRITY
|
|
md5=$(md5sum ${PWD}/$0 | grep -Eio "[a-f0-9]{32}")
|
|
sha1=$(sha1sum $PWD/$0 | grep -Eio "[a-f0-9]{40}")
|
|
echo "Script version is: $ver"
|
|
echo "Script MD5 is: $md5"
|
|
echo "Script SHA-1 is: $sha1"
|
|
echo -n "Do you want to continue [Y/n]"
|
|
read -e reply
|
|
if [[ $reply =~ ^[Nn]$ ]]; then
|
|
echo "Exiting..."
|
|
exit 0
|
|
elif [[ $reply =~ ^[YyOo]$ ]]; then
|
|
sleep 0
|
|
else
|
|
echo "[ERROR] Unexpected answer. Exiting..."
|
|
exit 1
|
|
fi
|
|
|
|
# STOP WORKERS
|
|
(
|
|
echo -n "Please, login to MISP interface (with admin privileges) and stop all workers (Administration / Server Settings / \"Workers\" tab then click the trash buttons): "; log_date
|
|
echo "Press a key to continue or CTRL+C to cancel..."
|
|
read -e wait
|
|
|
|
# CHECK GIT STATUS BEFORE RUNNING UPDATE
|
|
cd $misp_folder
|
|
echo -n "--> Checking for uncommited files: "; log_date
|
|
git status | grep "nothing to commit" >> /dev/null
|
|
OutStatus=$?
|
|
if [ $OutStatus == 0 ]; then
|
|
echo -n " Working directory is clean: "; log_date; echo -e "\r\n"
|
|
else
|
|
echo -n " [ERROR] It seems that your local repository isn't clean or is waiting for a commit. Try 'git status "; log_date; echo -e "\r\n"
|
|
exit 1
|
|
fi
|
|
|
|
# BACKUP EXISTANT CONFIGURATION
|
|
echo -n "--> Backuping existent files: "; log_date
|
|
echo -ne " Current release is: "; for verold in `cat $misp_folder/VERSION.json | grep -Po "\d{1,2},?" | sed -e 's/,/\./g'`; do echo -ne $verold; done; echo ""
|
|
echo -ne " Current commit is: "; cat $misp_folder/.git/refs/heads/*
|
|
mkdir -p $backup_folder
|
|
cp -rf $misp_folder $backup_folder
|
|
OutBackup=$?
|
|
if [ $OutBackup == 0 ]; then
|
|
echo -n " [*] Backup finished successfully: "; log_date; echo -e "\r\n"
|
|
else
|
|
echo -n " [ERROR] An error occurred during backup: "; log_date; echo -e "\r\n"
|
|
exit 1
|
|
fi
|
|
|
|
# PULL THE LAST COMMIT
|
|
echo -n "--> Retrieving last MISP release: "; log_date
|
|
git pull origin 2.4
|
|
OutPull=$?
|
|
if [ $OutPull != 0 ]; then
|
|
echo -n " [*] An error occurred during retrieving last release: "; log_date
|
|
echo -n " [*] Trying to find a workaround: "; log_date
|
|
git status | grep "both modified" >> /dev/null
|
|
OutWorkaround=$?
|
|
if [ $OutWorkaround == 0 ]; then
|
|
echo -n " A potential workaround has been found to resolve merge conflicts: "; log_date
|
|
git add PyMISP app/webroot/css/main.css app/Lib/cakephp app/files/misp-galaxy app/files/taxonomies app/files/warninglists
|
|
OutAdd=$?
|
|
if [ $OutAdd != 0 ]; then
|
|
echo -n " [*] Workaround failed: "; log_date
|
|
echo -n " [*] Rollback is in progress: "; log_date
|
|
rm -rf $misp_folder
|
|
cp -rf $backup_folder $root_folder/MISP
|
|
mv -f $misp_folder/MISP/* $misp_folder
|
|
mv -f $misp_folder/MISP/.* $misp_folder
|
|
rm -rf $misp_folder/MISP
|
|
echo -ne " [*] Rollback applied: "; log_date; echo -e "\r\n"
|
|
rm -rf $backup_folder
|
|
apply_permissions
|
|
fi
|
|
else
|
|
echo -n " [*] No workaround has been found: "; log_date
|
|
echo -n " [*] Rollback is in progress: "; log_date
|
|
rm -rf $misp_folder
|
|
cp -rf $backup_folder $root_folder/MISP
|
|
mv -f $misp_folder/MISP/* $misp_folder
|
|
mv -f $misp_folder/MISP/.* $misp_folder
|
|
rm -rf $misp_folder/MISP
|
|
echo -ne " [*] Rollback applied: "; log_date; echo -e "\r\n"
|
|
rm -rf $backup_folder
|
|
apply_permissions
|
|
fi
|
|
elif [ $OutPull == 0 ]; then
|
|
git submodule update --init --force
|
|
echo -ne " Release installed: "; for vernew in `cat $misp_folder/VERSION.json | grep -Po "\d{1,2},?" | sed -e 's/,/\./g'`; do echo -ne $vernew; done; echo ""
|
|
echo -ne " Commit installed: "; cat $misp_folder/.git/refs/heads/*
|
|
echo -n " [*] Last release successfully retrieve: "; log_date
|
|
tar -czvf /var/www/backup_MISP_$day.tar.gz $backup_folder
|
|
apply_permissions
|
|
cd $misp_folder/app && php composer.phar update
|
|
else
|
|
echo -n " [ERROR] An unexepected error occured: "; log_date
|
|
exit 1
|
|
fi
|
|
|
|
# RESTARTING SERVICES
|
|
if [ ${redhat} == "1" ]; then
|
|
echo -n "--> Restarting Database server: "; log_date
|
|
systemctl restart mariadb.service; systemctl status mariadb.service
|
|
echo -n "--> Restarting Apache server: "; log_date
|
|
systemctl restart httpd.service; systemctl status httpd.service
|
|
echo -n "--> Restarting PHP service: "; log_date
|
|
systemctl restart rh-php56-php-fpm.service; systemctl status rh-php56-php-fpm.service
|
|
echo -n "--> Restarting MISP Workers: "; log_date
|
|
su -s /bin/bash ${web_perms_g} -c '/usr/bin/scl enable ${rh-scl-php} ${misp_folder}/app/Console/worker/start.sh'
|
|
echo -n "--> Restarting firewalld service: "; log_date
|
|
systemctl restart firewalld.service; systemctl status firewalld.service
|
|
elif [ ${debian} == "1"]; then
|
|
echo "Restart Services"
|
|
fi
|
|
|
|
# RE-APPLYING PERMISSIONS DUE TO SOME BUGS SOMETIMES
|
|
apply_permissions
|
|
|
|
) 2>&1 | tee -a $logfile
|
|
git commit -m "Update $vernew ==> OK"
|
|
#EOF
|