From f4d4bbabf8afa8375fa8e590303597a9483a941d Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Thu, 20 Apr 2017 12:06:05 -0600 Subject: [PATCH] evebox - pre and post upgrade scripts The idea here is to do the best thing for the user. With EveBox, if the user choosed to install the maintainers configuration files, it will be wide open on port 5636. This is not what we want with SELKS, instead we want to lock it down to localhost so we get the authentication provided by SELKS/Scirius. So instead, include a copy of the desired /etc/default/evebox file in this package and make sure it gets installed after EveBox is upgraded. EveBox is also upgraded in its own step with options to prevent any prompting about configuration files. Additonally, use this as an opportunity to replace the EveBox repo with that of the stable version, which I believe has hit a state where it might make more sense to use, rather than the one built directly from git master on each commit. --- .../Evebox/etc/apt/sources.list.d/evebox.list | 1 + Scripts/Configs/Evebox/etc/default/evebox | 2 ++ Scripts/Setup/selks-upgrade_stamus.sh | 31 ++++++++++++++++++- 3 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 Scripts/Configs/Evebox/etc/apt/sources.list.d/evebox.list create mode 100644 Scripts/Configs/Evebox/etc/default/evebox diff --git a/Scripts/Configs/Evebox/etc/apt/sources.list.d/evebox.list b/Scripts/Configs/Evebox/etc/apt/sources.list.d/evebox.list new file mode 100644 index 0000000..8a933f3 --- /dev/null +++ b/Scripts/Configs/Evebox/etc/apt/sources.list.d/evebox.list @@ -0,0 +1 @@ +deb http://files.evebox.org/evebox/debian stable main diff --git a/Scripts/Configs/Evebox/etc/default/evebox b/Scripts/Configs/Evebox/etc/default/evebox new file mode 100644 index 0000000..a496c6a --- /dev/null +++ b/Scripts/Configs/Evebox/etc/default/evebox @@ -0,0 +1,2 @@ +ELASTICSEARCH_URL="-e http://localhost:9200" +EVEBOX_OPTS="--host localhost" diff --git a/Scripts/Setup/selks-upgrade_stamus.sh b/Scripts/Setup/selks-upgrade_stamus.sh index 0fe9c5c..f1b81dc 100755 --- a/Scripts/Setup/selks-upgrade_stamus.sh +++ b/Scripts/Setup/selks-upgrade_stamus.sh @@ -19,10 +19,38 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +set -e + +pre_upgrade_evebox() { + # Make sure repo URL is current and the key is installed. + cp /opt/selks/Scripts/Configs/Evebox/etc/apt/sources.list.d/evebox.list \ + /etc/apt/sources.list.d/ + if ! apt-key list | grep -q 8B15B19F; then + wget -O - -q https://evebox.org/files/GPG-KEY-evebox | apt-key add - + fi + /bin/systemctl stop evebox +} + +post_upgrade_evebox() { + # Copy in the SELKS specific default file. + cp /opt/selks/Scripts/Configs/Evebox/etc/default/evebox \ + /etc/default/evebox + /bin/systemctl start evebox +} + +upgrade_evebox() { + apt-get install -o Dpkg::Options::="--force-confdef" \ + -o Dpkg::Options::="--force-confold" evebox +} + /bin/systemctl stop kibana /usr/share/elasticsearch/bin/plugin remove delete-by-query -apt-get update && apt-get dist-upgrade +pre_upgrade_evebox + +apt-get update +upgrade_evebox +apt-get dist-upgrade chown -R kibana /opt/kibana/optimize/ /usr/share/elasticsearch/bin/plugin install delete-by-query @@ -30,3 +58,4 @@ chown -R kibana /opt/kibana/optimize/ /bin/systemctl restart elasticsearch /bin/systemctl restart kibana +post_upgrade_evebox