From 8fcbfe5ab4368a367cbbc363da8d4a244c16ef51 Mon Sep 17 00:00:00 2001 From: Ieuan Byers Date: Fri, 6 Sep 2024 08:38:52 +0100 Subject: [PATCH 01/18] Remove provider config from module --- providers.tf | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/providers.tf b/providers.tf index f78009e..4bb08bf 100644 --- a/providers.tf +++ b/providers.tf @@ -2,13 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - configuration_aliases = [azurerm.cnp, azurerm.soc] + configuration_aliases = [azurerm.cnp, azurerm.soc, azurerm.dcr] } } } - -provider "azurerm" { - alias = "dcr" - features {} - subscription_id = local.log_analytics_subscription -} From 03c4eda26b30e55d4dc38f5b624cc25d315e0195 Mon Sep 17 00:00:00 2001 From: Ieuan Byers Date: Fri, 6 Sep 2024 08:45:26 +0100 Subject: [PATCH 02/18] Remove locals that are no longer in use --- locals.tf | 3 --- 1 file changed, 3 deletions(-) diff --git a/locals.tf b/locals.tf index b04b9f1..5a92dba 100644 --- a/locals.tf +++ b/locals.tf @@ -32,9 +32,6 @@ locals { xdr_tags_list = var.xdr_tags != null ? join(",", [var.xdr_tags, "hmcts,server"]) : "hmcts,server" - log_analytics_workspace = var.log_analytics_workspace_names[var.env] - log_analytics_subscription = var.log_analytics_sub_id[local.log_analytics_workspace] - vm_name = var.virtual_machine_id != null ? regex("virtualMachines/([^/]+)", var.virtual_machine_id)[0] : null vmss_name = var.virtual_machine_scale_set_id != null ? regex("virtualMachineScaleSets/([^/]+)", var.virtual_machine_scale_set_id)[0] : null From c9f05ebd769b0a5a145efed4a64f3e9457205bfd Mon Sep 17 00:00:00 2001 From: Ieuan Byers Date: Fri, 6 Sep 2024 10:19:48 +0100 Subject: [PATCH 03/18] Remove unused variables --- variables.tf | 37 ------------------------------------- 1 file changed, 37 deletions(-) diff --git a/variables.tf b/variables.tf index 4d764ab..c16f655 100644 --- a/variables.tf +++ b/variables.tf @@ -354,40 +354,3 @@ variable "xdr_env" { type = string default = "prod" } - -variable "log_analytics_workspace_names" { - type = map(string) - default = { - "production" = "hmcts-prod" - "prod" = "hmcts-prod" - "ptl" = "hmcts-prod" - "nonprod" = "hmcts-nonprod" - "aat" = "hmcts-nonprod" - "staging" = "hmcts-nonprod" - "stg" = "hmcts-nonprod" - "demo" = "hmcts-nonprod" - "perftest" = "hmcts-nonprod" - "test" = "hmcts-nonprod" - "ithc" = "hmcts-nonprod" - "sandbox" = "hmcts-sandbox" - "sbox" = "hmcts-sandbox" - "ptlsbox" = "hmcts-sandbox" - } - description = "A map of environments and their corresponding log analytics workspace names." -} - -variable "log_analytics_sub_id" { - description = "A map of log analytics workspace names and their subscription IDs." - type = map(string) - default = { - "hmcts-prod" = "8999dec3-0104-4a27-94ee-6588559729d1" - "hmcts-nonprod" = "1c4f0704-a29e-403d-b719-b90c34ef14c9" - "hmcts-sandbox" = "bf308a5c-0624-4334-8ff8-8dca9fd43783" - } -} - -variable "location" { - description = "The region in Azure that the Data collection rule will be deployed to." - type = string - default = "UK South" -} From 85cce3eae23991f861ee62bc8734024f117943bf Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 6 Sep 2024 09:22:52 +0000 Subject: [PATCH 04/18] terraform-docs: automated action --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 5b70fe6..fefdf31 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,6 @@ A virtual machine or virtual machine scale set. | [install\_endpoint\_protection](#input\_install\_endpoint\_protection) | Install Endpoint Protection. | `bool` | `true` | no | | [install\_nessus\_agent](#input\_install\_nessus\_agent) | Install Nessus Agent. | `bool` | `true` | no | | [install\_splunk\_uf](#input\_install\_splunk\_uf) | Install Splunk UF. | `bool` | `true` | no | -| [location](#input\_location) | The region in Azure that the Data collection rule will be deployed to. | `string` | `"UK South"` | no | | [nessus\_groups](#input\_nessus\_groups) | Nessus group name. | `string` | `"Platform-Operation-Bastions"` | no | | [nessus\_key](#input\_nessus\_key) | Nessus linking key - read input from keyvault. | `string` | `null` | no | | [nessus\_server](#input\_nessus\_server) | Nessus server endpoint - read input from keyvault. | `string` | `""` | no | From 912a297f674d07e0826c1a229a935312fd24695f Mon Sep 17 00:00:00 2001 From: Ieuan Byers Date: Fri, 6 Sep 2024 10:28:44 +0100 Subject: [PATCH 05/18] uncomment --- azure_monitor.tf | 104 +++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 52 deletions(-) diff --git a/azure_monitor.tf b/azure_monitor.tf index 162ff7b..c818e95 100644 --- a/azure_monitor.tf +++ b/azure_monitor.tf @@ -26,55 +26,55 @@ resource "azurerm_virtual_machine_extension" "azure_monitor" { tags = var.common_tags } -# data "azurerm_resource_group" "la_rg" { -# name = "oms-automation" -# } - -# data "azurerm_monitor_data_collection_rule" "linux_data_collection_rule" { -# provider = azurerm.dcr -# name = "ama-linux-vm-logs" -# resource_group_name = data.azurerm_resource_group.la_rg.name -# } - -# data "azurerm_monitor_data_collection_rule" "windows_data_collection_rule" { -# provider = azurerm.dcr -# name = "ama-windows-vm-logs" -# resource_group_name = data.azurerm_resource_group.la_rg.name -# } - - -# resource "azurerm_monitor_data_collection_rule_association" "linux_vm_dcra" { -# count = var.install_azure_monitor == true && lower(var.os_type) == "linux" && var.virtual_machine_type == "vm" ? 1 : 0 - -# name = "vm-${local.vm_name}-dcra" -# target_resource_id = var.virtual_machine_id -# data_collection_rule_id = data.azurerm_monitor_data_collection_rule.linux_data_collection_rule.id -# description = "Association between a linux VM and the appropriate data collection rule." -# } - -# resource "azurerm_monitor_data_collection_rule_association" "linux_vmss_dcra" { -# count = var.install_azure_monitor == true && lower(var.os_type) == "linux" && var.virtual_machine_type == "vmss" ? 1 : 0 - -# name = "vmss-${local.vmss_name}-dcra" -# target_resource_id = var.virtual_machine_scale_set_id -# data_collection_rule_id = data.azurerm_monitor_data_collection_rule.linux_data_collection_rule.id -# description = "Association between a linux VMSS and the appropriate data collection rule." -# } - -# resource "azurerm_monitor_data_collection_rule_association" "windows_vm_dcra" { -# count = var.install_azure_monitor == true && lower(var.os_type) == "windows" && var.virtual_machine_type == "vm" ? 1 : 0 - -# name = "vm-${local.vm_name}-dcra" -# target_resource_id = var.virtual_machine_id -# data_collection_rule_id = data.azurerm_monitor_data_collection_rule.windows_data_collection_rule.id -# description = "Association between a windows VM and the appropriate data collection rule." -# } - -# resource "azurerm_monitor_data_collection_rule_association" "windows_vmss_dcra" { -# count = var.install_azure_monitor == true && lower(var.os_type) == "windows" && var.virtual_machine_type == "vmss" ? 1 : 0 - -# name = "vmss-${local.vmss_name}-dcra" -# target_resource_id = var.virtual_machine_scale_set_id -# data_collection_rule_id = data.azurerm_monitor_data_collection_rule.windows_data_collection_rule.id -# description = "Association between a windows VMSS and the appropriate data collection rule." -# } +data "azurerm_resource_group" "la_rg" { + name = "oms-automation" +} + +data "azurerm_monitor_data_collection_rule" "linux_data_collection_rule" { + provider = azurerm.dcr + name = "ama-linux-vm-logs" + resource_group_name = data.azurerm_resource_group.la_rg.name +} + +data "azurerm_monitor_data_collection_rule" "windows_data_collection_rule" { + provider = azurerm.dcr + name = "ama-windows-vm-logs" + resource_group_name = data.azurerm_resource_group.la_rg.name +} + + +resource "azurerm_monitor_data_collection_rule_association" "linux_vm_dcra" { + count = var.install_azure_monitor == true && lower(var.os_type) == "linux" && var.virtual_machine_type == "vm" ? 1 : 0 + + name = "vm-${local.vm_name}-dcra" + target_resource_id = var.virtual_machine_id + data_collection_rule_id = data.azurerm_monitor_data_collection_rule.linux_data_collection_rule.id + description = "Association between a linux VM and the appropriate data collection rule." +} + +resource "azurerm_monitor_data_collection_rule_association" "linux_vmss_dcra" { + count = var.install_azure_monitor == true && lower(var.os_type) == "linux" && var.virtual_machine_type == "vmss" ? 1 : 0 + + name = "vmss-${local.vmss_name}-dcra" + target_resource_id = var.virtual_machine_scale_set_id + data_collection_rule_id = data.azurerm_monitor_data_collection_rule.linux_data_collection_rule.id + description = "Association between a linux VMSS and the appropriate data collection rule." +} + +resource "azurerm_monitor_data_collection_rule_association" "windows_vm_dcra" { + count = var.install_azure_monitor == true && lower(var.os_type) == "windows" && var.virtual_machine_type == "vm" ? 1 : 0 + + name = "vm-${local.vm_name}-dcra" + target_resource_id = var.virtual_machine_id + data_collection_rule_id = data.azurerm_monitor_data_collection_rule.windows_data_collection_rule.id + description = "Association between a windows VM and the appropriate data collection rule." +} + +resource "azurerm_monitor_data_collection_rule_association" "windows_vmss_dcra" { + count = var.install_azure_monitor == true && lower(var.os_type) == "windows" && var.virtual_machine_type == "vmss" ? 1 : 0 + + name = "vmss-${local.vmss_name}-dcra" + target_resource_id = var.virtual_machine_scale_set_id + data_collection_rule_id = data.azurerm_monitor_data_collection_rule.windows_data_collection_rule.id + description = "Association between a windows VMSS and the appropriate data collection rule." +} From 3ebde29ae52827effb4a822c6a1a7ad91b99af7c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 6 Sep 2024 09:29:06 +0000 Subject: [PATCH 06/18] terraform-docs: automated action --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index fefdf31..2814b5a 100644 --- a/README.md +++ b/README.md @@ -28,12 +28,17 @@ A virtual machine or virtual machine scale set. |------|---------| | [azurerm](#provider\_azurerm) | n/a | | [azurerm.cnp](#provider\_azurerm.cnp) | n/a | +| [azurerm.dcr](#provider\_azurerm.dcr) | n/a | | [azurerm.soc](#provider\_azurerm.soc) | n/a | ## Resources | Name | Type | |------|------| +| [azurerm_monitor_data_collection_rule_association.linux_vm_dcra](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_data_collection_rule_association) | resource | +| [azurerm_monitor_data_collection_rule_association.linux_vmss_dcra](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_data_collection_rule_association) | resource | +| [azurerm_monitor_data_collection_rule_association.windows_vm_dcra](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_data_collection_rule_association) | resource | +| [azurerm_monitor_data_collection_rule_association.windows_vmss_dcra](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_data_collection_rule_association) | resource | | [azurerm_virtual_machine_extension.azure_monitor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | resource | | [azurerm_virtual_machine_extension.azure_vm_run_command](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | resource | | [azurerm_virtual_machine_extension.custom_script](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_extension) | resource | @@ -51,6 +56,9 @@ A virtual machine or virtual machine scale set. | [azurerm_key_vault_secret.splunk_password](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.splunk_username](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | | [azurerm_key_vault_secret.token](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/key_vault_secret) | data source | +| [azurerm_monitor_data_collection_rule.linux_data_collection_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_data_collection_rule) | data source | +| [azurerm_monitor_data_collection_rule.windows_data_collection_rule](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_data_collection_rule) | data source | +| [azurerm_resource_group.la_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source | ## Inputs From 1cd59a22d5620701718390ba69e3e5af2468d45a Mon Sep 17 00:00:00 2001 From: Ieuan Byers Date: Fri, 6 Sep 2024 10:39:41 +0100 Subject: [PATCH 07/18] Add provider alias to rg --- azure_monitor.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/azure_monitor.tf b/azure_monitor.tf index c818e95..49d4534 100644 --- a/azure_monitor.tf +++ b/azure_monitor.tf @@ -27,7 +27,8 @@ resource "azurerm_virtual_machine_extension" "azure_monitor" { } data "azurerm_resource_group" "la_rg" { - name = "oms-automation" + provider = azurerm.dcr + name = "oms-automation" } data "azurerm_monitor_data_collection_rule" "linux_data_collection_rule" { From 02e173f1f2f0b0db3b59c475c637d991fa7ed139 Mon Sep 17 00:00:00 2001 From: Ieuan Byers Date: Fri, 6 Sep 2024 11:22:19 +0100 Subject: [PATCH 08/18] Add provider to tests --- tests/linux_vm_extensions.tftest.hcl | 7 +++++++ tests/linux_vmss_extensions.tftest.hcl | 7 +++++++ tests/windows_vm_extensions.tftest.hcl | 7 +++++++ tests/windows_vmss_extensions.tftest.hcl | 7 +++++++ 4 files changed, 28 insertions(+) diff --git a/tests/linux_vm_extensions.tftest.hcl b/tests/linux_vm_extensions.tftest.hcl index fd0a46c..f5d1b82 100644 --- a/tests/linux_vm_extensions.tftest.hcl +++ b/tests/linux_vm_extensions.tftest.hcl @@ -17,6 +17,13 @@ provider "azurerm" { skip_provider_registration = true } +provider "azurerm" { + alias = "dcr" + features {} + subscription_id = var.env=="prod" || var.env=="production" ? "8999dec3-0104-4a27-94ee-6588559729d1" : var.env=="sbox" || var.env=="sandbox" ? "bf308a5c-0624-4334-8ff8-8dca9fd43783" : "1c4f0704-a29e-403d-b719-b90c34ef14c9" + skip_provider_registration = true +} + # Default variables for this test variables { env = "nonprod" diff --git a/tests/linux_vmss_extensions.tftest.hcl b/tests/linux_vmss_extensions.tftest.hcl index 876b78a..0a0012f 100644 --- a/tests/linux_vmss_extensions.tftest.hcl +++ b/tests/linux_vmss_extensions.tftest.hcl @@ -17,6 +17,13 @@ provider "azurerm" { skip_provider_registration = true } +provider "azurerm" { + alias = "dcr" + features {} + subscription_id = var.env=="prod" || var.env=="production" ? "8999dec3-0104-4a27-94ee-6588559729d1" : var.env=="sbox" || var.env=="sandbox" ? "bf308a5c-0624-4334-8ff8-8dca9fd43783" : "1c4f0704-a29e-403d-b719-b90c34ef14c9" + skip_provider_registration = true +} + # Default variables for this test variables { env = "nonprod" diff --git a/tests/windows_vm_extensions.tftest.hcl b/tests/windows_vm_extensions.tftest.hcl index db68e75..903eacd 100644 --- a/tests/windows_vm_extensions.tftest.hcl +++ b/tests/windows_vm_extensions.tftest.hcl @@ -17,6 +17,13 @@ provider "azurerm" { skip_provider_registration = true } +provider "azurerm" { + alias = "dcr" + features {} + subscription_id = var.env=="prod" || var.env=="production" ? "8999dec3-0104-4a27-94ee-6588559729d1" : var.env=="sbox" || var.env=="sandbox" ? "bf308a5c-0624-4334-8ff8-8dca9fd43783" : "1c4f0704-a29e-403d-b719-b90c34ef14c9" + skip_provider_registration = true +} + # Default variables for this test variables { env = "nonprod" diff --git a/tests/windows_vmss_extensions.tftest.hcl b/tests/windows_vmss_extensions.tftest.hcl index e1cf907..570fe31 100644 --- a/tests/windows_vmss_extensions.tftest.hcl +++ b/tests/windows_vmss_extensions.tftest.hcl @@ -17,6 +17,13 @@ provider "azurerm" { skip_provider_registration = true } +provider "azurerm" { + alias = "dcr" + features {} + subscription_id = var.env=="prod" || var.env=="production" ? "8999dec3-0104-4a27-94ee-6588559729d1" : var.env=="sbox" || var.env=="sandbox" ? "bf308a5c-0624-4334-8ff8-8dca9fd43783" : "1c4f0704-a29e-403d-b719-b90c34ef14c9" + skip_provider_registration = true +} + # Default variables for this test variables { env = "nonprod" From 605b15165a03ab409e1aa1f3c8f2869f382e1022 Mon Sep 17 00:00:00 2001 From: Marty Fox Date: Tue, 17 Sep 2024 15:59:10 +0100 Subject: [PATCH 09/18] Adding Docker install steps for Ubuntu to run command script --- run_command.tf | 1 + scripts/linux_run_script.sh | 82 ++++++++++++++++++++++++++----------- variables.tf | 7 +++- 3 files changed, 65 insertions(+), 25 deletions(-) diff --git a/run_command.tf b/run_command.tf index 8c04529..d694b4e 100644 --- a/run_command.tf +++ b/run_command.tf @@ -51,6 +51,7 @@ resource "azurerm_virtual_machine_extension" "azure_vm_run_command" { RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false" ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod" XDR_TAGS = local.xdr_tags_list + INSTALL_DOCKER = var.install_docker ? "true" : "false" })])) }) diff --git a/scripts/linux_run_script.sh b/scripts/linux_run_script.sh index a7fa5b6..47609f0 100755 --- a/scripts/linux_run_script.sh +++ b/scripts/linux_run_script.sh @@ -1,8 +1,8 @@ #!/bin/bash set -ex - - # Get OS type - + +# Get OS type + if [ -f /etc/os-release ]; then . /etc/os-release OS=$ID @@ -13,12 +13,12 @@ # Run the command only if the OS is not Ubuntu if [ "$OS" != "ubuntu" ]; then echo "Running command on $OS" - + sudo yum install redhat-lsb-core -y else echo "Skipping command on Ubuntu" fi - + if command -v lsb_release &> /dev/null then OS_TYPE=$(lsb_release -a | grep "Description" | cut -f2 -d: | sed -e 's/^[[:space:]]*//') @@ -26,12 +26,12 @@ echo "Operating System could not be determined." fi - STORAGE_ACCOUNT_NAME="cftptlintsvc" + STORAGE_ACCOUNT_NAME="cftptlintsvc" CONTAINER_NAME="xdr-collectors" install_azcli() { # Install Azure CLI (if not already installed) - + if ! command -v az &> /dev/null then @@ -48,23 +48,23 @@ enabled=1 gpgcheck=1 gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.repos.d/azure-cli.repo - sudo dnf clean all - sudo dnf -v install azure-cli -y + sudo dnf clean all + sudo dnf -v install azure-cli -y elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"8."* ]]; then sudo dnf install -y https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm sudo dnf install azure-cli elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"9."* ]]; then - sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm + sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm - sudo dnf install azure-cli + sudo dnf install azure-cli else curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash fi else echo "Azure CLI is already installed." fi - + } install_agent() { @@ -76,7 +76,7 @@ install_agent() { sudo apt-get update sudo apt-get install -y selinux-utils policycoreutils fi - + local SA_KEY="$1" local ENV="$2" local XDR_TAGS="$3" @@ -95,7 +95,7 @@ install_agent() { sudo echo "$STRING_TO_APPEND" >> $LOCAL_FILE_PATH sudo mkdir -p /etc/panw sudo cp $LOCAL_FILE_PATH /etc/panw/ - + # Install agent local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_rpm_8.5.0.125392/cortex-8.5.0.125392.rpm" local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.rpm" @@ -112,8 +112,8 @@ install_agent() { sudo echo "$STRING_TO_APPEND" >> $LOCAL_FILE_PATH sudo mkdir -p /etc/panw sudo cp $LOCAL_FILE_PATH /etc/panw/ - - # Install agent + + # Install agent local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_deb_8.5.0.125392/cortex-8.5.0.125392.deb" local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.deb" download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" @@ -126,7 +126,7 @@ install_agent() { install_collector() { echo "Info: Installing XDR Collectors" - + if [ "$OS" != "ubuntu" ]; then sudo yum install -y selinux-policy-devel else @@ -147,7 +147,7 @@ install_collector() { download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" sudo mkdir -p /etc/panw sudo cp $LOCAL_FILE_PATH /etc/panw/ - + # Install collector local BLOB_NAME="${ENV}/collector-1.4.1.1089.rpm/collector-1.4.1.1089.rpm" local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.rpm" @@ -163,8 +163,8 @@ install_collector() { download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" sudo mkdir -p /etc/panw sudo cp $LOCAL_FILE_PATH /etc/panw/ - - # Install collector + + # Install collector local BLOB_NAME="${ENV}/collector-1.4.1.1089.deb/collector-1.4.1.1089.deb" local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.deb" download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" @@ -184,16 +184,50 @@ download_blob(){ az storage blob download --account-name $STORAGE_ACCOUNT_NAME --account-key $SA_KEY --container-name $CONTAINER_NAME --name $BLOB_NAME --file $LOCAL_FILE_PATH } +install_docker(){ + + echo "Info: Installing Docker and Docker Compose" + + if [ "$OS" == "ubuntu" ]; then + + if ! command -v docker &>/dev/null; then + apt update + apt install -y apt-transport-https ca-certificates curl software-properties-common + + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list >/dev/null + + apt update + apt install -y docker-ce + fi + + DOCKER_PLUGINS_DIR="/usr/local/lib/docker/cli-plugins" + + if [ ! -d "$DOCKER_PLUGINS_DIR" ]; then + mkdir -p "$DOCKER_PLUGINS_DIR" + if [ ! -f "$DOCKER_PLUGINS_DIR/docker-compose" ]; then + curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose + chmod +x /usr/local/lib/docker/cli-plugins/docker-compose + fi + fi + fi +} if [ "${RUN_XDR_AGENT}" = "true" ] then - install_azcli - install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}" + install_azcli + install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}" fi if [ "${RUN_XDR_COLLECTOR}" = "true" ] then - install_azcli - install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}" + install_azcli + install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}" +fi + +if [ "${INSTALL_DOCKER}" = "true" ] +then + install_docker fi diff --git a/variables.tf b/variables.tf index b536c8b..5089040 100644 --- a/variables.tf +++ b/variables.tf @@ -341,7 +341,6 @@ variable "run_xdr_collector" { description = "Install XDR collectors using run command script?" } - variable "run_xdr_agent" { type = bool default = false @@ -354,6 +353,12 @@ variable "xdr_env" { default = "prod" } +variable "install_docker" { + description = "Should Docker and Docker Compose be installed -- Ubuntu only" + type = bool + default = false +} + variable "location" { description = "The region in Azure that the Data collection rule will be deployed to." type = string From 2d6f58bcfe08568c043defe9dabc4a1abf78a9f2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 17 Sep 2024 15:01:26 +0000 Subject: [PATCH 10/18] terraform-docs: automated action --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5b70fe6..1996c12 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,7 @@ A virtual machine or virtual machine scale set. | [endpoint\_protection\_upgrade\_minor\_version](#input\_endpoint\_protection\_upgrade\_minor\_version) | Specifies if the platform deploys the latest minor version Endpoint Protection update to the type\_handler\_version specified. | `bool` | `true` | no | | [env](#input\_env) | Environment name. | `string` | n/a | yes | | [install\_azure\_monitor](#input\_install\_azure\_monitor) | Install Azure Monitor Agent. | `bool` | `true` | no | +| [install\_docker](#input\_install\_docker) | Should Docker and Docker Compose be installed -- Ubuntu only | `bool` | `false` | no | | [install\_dynatrace\_oneagent](#input\_install\_dynatrace\_oneagent) | Install Dynatrace OneAgent. | `bool` | `true` | no | | [install\_endpoint\_protection](#input\_install\_endpoint\_protection) | Install Endpoint Protection. | `bool` | `true` | no | | [install\_nessus\_agent](#input\_install\_nessus\_agent) | Install Nessus Agent. | `bool` | `true` | no | From 58752a31c72ece7826c61283c518267e1d708eb4 Mon Sep 17 00:00:00 2001 From: Marty Fox Date: Tue, 17 Sep 2024 16:06:15 +0100 Subject: [PATCH 11/18] formatting --- variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/variables.tf b/variables.tf index 5089040..da0613d 100644 --- a/variables.tf +++ b/variables.tf @@ -355,8 +355,8 @@ variable "xdr_env" { variable "install_docker" { description = "Should Docker and Docker Compose be installed -- Ubuntu only" - type = bool - default = false + type = bool + default = false } variable "location" { From 9d63fd929397ab255ad314a5e4b96a4daae0f51a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 17 Sep 2024 15:30:36 +0000 Subject: [PATCH 12/18] terraform-docs: automated action --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cb4bed5..ff55e25 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,7 @@ A virtual machine or virtual machine scale set. | [install\_endpoint\_protection](#input\_install\_endpoint\_protection) | Install Endpoint Protection. | `bool` | `true` | no | | [install\_nessus\_agent](#input\_install\_nessus\_agent) | Install Nessus Agent. | `bool` | `true` | no | | [install\_splunk\_uf](#input\_install\_splunk\_uf) | Install Splunk UF. | `bool` | `true` | no | +| [location](#input\_location) | The region in Azure that the Data collection rule will be deployed to. | `string` | `"UK South"` | no | | [nessus\_groups](#input\_nessus\_groups) | Nessus group name. | `string` | `"Platform-Operation-Bastions"` | no | | [nessus\_key](#input\_nessus\_key) | Nessus linking key - read input from keyvault. | `string` | `null` | no | | [nessus\_server](#input\_nessus\_server) | Nessus server endpoint - read input from keyvault. | `string` | `""` | no | From 9edac10733281d8ec0e22866410db4be885ce57f Mon Sep 17 00:00:00 2001 From: Marty Fox Date: Tue, 17 Sep 2024 16:34:30 +0100 Subject: [PATCH 13/18] adding remaining docker install vars --- run_command.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/run_command.tf b/run_command.tf index d694b4e..95ac447 100644 --- a/run_command.tf +++ b/run_command.tf @@ -14,6 +14,7 @@ resource "azurerm_virtual_machine_scale_set_extension" "azure_vmss_run_command" RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false" ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod" XDR_TAGS = local.xdr_tags_list + INSTALL_DOCKER = var.install_docker ? "true" : "false" })) }) : jsonencode({ script = compact(tolist([templatefile("${path.module}/scripts/windows_run_script.ps1", { STORAGE_ACCOUNT_KEY = var.run_command_sa_key RUN_CIS = var.rc_script_file == "scripts/windows_cis.ps1" || var.run_cis ? "true" : "false" @@ -21,6 +22,7 @@ resource "azurerm_virtual_machine_scale_set_extension" "azure_vmss_run_command" RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false" ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod" XDR_TAGS = local.xdr_tags_list + INSTALL_DOCKER = var.install_docker ? "true" : "false" })])) }) @@ -44,6 +46,7 @@ resource "azurerm_virtual_machine_extension" "azure_vm_run_command" { RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false" ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod" XDR_TAGS = local.xdr_tags_list + INSTALL_DOCKER = var.install_docker ? "true" : "false" })) }) : jsonencode({ script = compact(tolist([templatefile("${path.module}/scripts/windows_run_script.ps1", { STORAGE_ACCOUNT_KEY = var.run_command_sa_key RUN_CIS = var.rc_script_file == "scripts/windows_cis.ps1" || var.run_cis ? "true" : "false" From 11821a31b8c5adc6cf38f075d452ece90f8b6231 Mon Sep 17 00:00:00 2001 From: Marty Fox Date: Tue, 17 Sep 2024 16:42:34 +0100 Subject: [PATCH 14/18] docker install unnecessary on windows script --- run_command.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/run_command.tf b/run_command.tf index 95ac447..b5b1b37 100644 --- a/run_command.tf +++ b/run_command.tf @@ -22,7 +22,6 @@ resource "azurerm_virtual_machine_scale_set_extension" "azure_vmss_run_command" RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false" ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod" XDR_TAGS = local.xdr_tags_list - INSTALL_DOCKER = var.install_docker ? "true" : "false" })])) }) @@ -54,7 +53,6 @@ resource "azurerm_virtual_machine_extension" "azure_vm_run_command" { RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false" ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod" XDR_TAGS = local.xdr_tags_list - INSTALL_DOCKER = var.install_docker ? "true" : "false" })])) }) From 6ff953eb7b3436c3e43a24eeb8156dda009d9190 Mon Sep 17 00:00:00 2001 From: Jordan Hoey <125922012+JordanHoey96@users.noreply.github.com> Date: Thu, 19 Sep 2024 14:51:45 +0100 Subject: [PATCH 15/18] Adding lower function to xdr_tags --- run_command.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/run_command.tf b/run_command.tf index b5b1b37..7c4784e 100644 --- a/run_command.tf +++ b/run_command.tf @@ -13,7 +13,7 @@ resource "azurerm_virtual_machine_scale_set_extension" "azure_vmss_run_command" RUN_XDR_COLLECTOR = var.run_xdr_collector ? "true" : "false" RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false" ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod" - XDR_TAGS = local.xdr_tags_list + XDR_TAGS = lower(local.xdr_tags_list) INSTALL_DOCKER = var.install_docker ? "true" : "false" })) }) : jsonencode({ script = compact(tolist([templatefile("${path.module}/scripts/windows_run_script.ps1", { STORAGE_ACCOUNT_KEY = var.run_command_sa_key @@ -21,7 +21,7 @@ resource "azurerm_virtual_machine_scale_set_extension" "azure_vmss_run_command" RUN_XDR_COLLECTOR = var.run_xdr_collector ? "true" : "false" RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false" ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod" - XDR_TAGS = local.xdr_tags_list + XDR_TAGS = lower(local.xdr_tags_list) })])) }) @@ -44,7 +44,7 @@ resource "azurerm_virtual_machine_extension" "azure_vm_run_command" { RUN_XDR_COLLECTOR = var.run_xdr_collector ? "true" : "false" RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false" ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod" - XDR_TAGS = local.xdr_tags_list + XDR_TAGS = lower(local.xdr_tags_list) INSTALL_DOCKER = var.install_docker ? "true" : "false" })) }) : jsonencode({ script = compact(tolist([templatefile("${path.module}/scripts/windows_run_script.ps1", { STORAGE_ACCOUNT_KEY = var.run_command_sa_key @@ -52,7 +52,7 @@ resource "azurerm_virtual_machine_extension" "azure_vm_run_command" { RUN_XDR_COLLECTOR = var.run_xdr_collector ? "true" : "false" RUN_XDR_AGENT = var.run_xdr_agent ? "true" : "false" ENV = var.xdr_env == "prod" ? var.xdr_env : "nonprod" - XDR_TAGS = local.xdr_tags_list + XDR_TAGS = lower(local.xdr_tags_list) })])) }) From d2738498dfdb14669e9e32965a71dfdb5c921e39 Mon Sep 17 00:00:00 2001 From: Ieuan Byers Date: Wed, 25 Sep 2024 15:59:51 +0100 Subject: [PATCH 16/18] Update linux_run_script --- scripts/linux_run_script.sh | 91 +++++++++++++++++++++++++++---------- 1 file changed, 68 insertions(+), 23 deletions(-) diff --git a/scripts/linux_run_script.sh b/scripts/linux_run_script.sh index 47609f0..a60cd12 100755 --- a/scripts/linux_run_script.sh +++ b/scripts/linux_run_script.sh @@ -1,33 +1,63 @@ #!/bin/bash set -ex -# Get OS type - +# Get OS type/version/name +check_os_version() { if [ -f /etc/os-release ]; then . /etc/os-release OS=$ID + OS_TYPE=$NAME + VERSION=$VERSION_ID + elif type lsb_release >/dev/null 2>&1; then + OS=$(lsb_release -si) + OS_TYPE=$(lsb_release -sd | sed 's/"//g') + VERSION=$(lsb_release -sr) + elif [ -f /etc/redhat-release ]; then + OS=$(awk '{print $1$2$3$5}' /etc/redhat-release) + OS_TYPE=$(awk '{print $1, $2, $3, $4, $5}' /etc/redhat-release) + VERSION=$(cat /etc/redhat-release | sed 's/[^0-9.]*//g') else echo "Cannot determine the operating system." fi - # Run the command only if the OS is not Ubuntu - if [ "$OS" != "ubuntu" ]; then - echo "Running command on $OS" + echo "Operating System: $OS" + echo "Version: $VERSION" +} - sudo yum install redhat-lsb-core -y - else - echo "Skipping command on Ubuntu" - fi +check_os_version + +# Run the command only if the OS is not Ubuntu +if [ "$OS" != "ubuntu" ]; then + echo "Running command on $OS" - if command -v lsb_release &> /dev/null + sudo yum install redhat-lsb-core -y +else + echo "Skipping command on Ubuntu" +fi + +STORAGE_ACCOUNT_NAME="cftptlintsvc" +CONTAINER_NAME="xdr-collectors" + +install_azcopy() { + # Install Azure CLI (if not already installed) + if ! command -v azcopy &> /dev/null then - OS_TYPE=$(lsb_release -a | grep "Description" | cut -f2 -d: | sed -e 's/^[[:space:]]*//') + if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then + echo "Downloading AzCopy" + sudo wget https://aka.ms/downloadazcopy-v10-linux + sudo tar -xvf downloadazcopy-v10-linux + echo "Adding AzCopy to path" + sudo rm -f /usr/bin/azcopy + sudo cp ./azcopy_linux_amd64_*/azcopy /usr/bin/ + sudo chmod 755 /usr/bin/azcopy + echo "Completing cleanup" + sudo rm -f downloadazcopy-v10-linux + sudo rm -rf ./azcopy_linux_amd64_*/ + fi else - echo "Operating System could not be determined." + echo "AzCopy is already installed." fi - - STORAGE_ACCOUNT_NAME="cftptlintsvc" - CONTAINER_NAME="xdr-collectors" +} install_azcli() { # Install Azure CLI (if not already installed) @@ -41,7 +71,7 @@ install_azcli() { fi if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then - echo -e "[azure-cli] + echo -e "[azure-cli] name=Azure CLI baseurl=https://packages.microsoft.com/yumrepos/azure-cli enabled=1 @@ -50,14 +80,15 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.re sudo dnf clean all sudo dnf -v install azure-cli -y + elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"8."* ]]; then sudo dnf install -y https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm - sudo dnf install azure-cli + elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"9."* ]]; then sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm - sudo dnf install azure-cli + else curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash fi @@ -100,7 +131,7 @@ install_agent() { local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_rpm_8.5.0.125392/cortex-8.5.0.125392.rpm" local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.rpm" download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" - rpm -qa | grep -i cortex-agent || rpm -Uh $LOCAL_FILE_PATH + rpm -qa | grep -i cortex-agent || sudo rpm -Uh $LOCAL_FILE_PATH rm -rf $LOCAL_FILE_PATH echo "Installation of Agents on RedHat VM completed" else @@ -152,7 +183,7 @@ install_collector() { local BLOB_NAME="${ENV}/collector-1.4.1.1089.rpm/collector-1.4.1.1089.rpm" local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.rpm" download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" - rpm -qa | grep -i xdr-collector || rpm -Uh $LOCAL_FILE_PATH + rpm -qa | grep -i xdr-collector || sudo rpm -Uh $LOCAL_FILE_PATH rm -rf $LOCAL_FILE_PATH echo "Installation of collectors on RedHat VM completed" else @@ -181,7 +212,13 @@ download_blob(){ local CONTAINER_NAME="$3" local BLOB_NAME="$4" local LOCAL_FILE_PATH="$5" - az storage blob download --account-name $STORAGE_ACCOUNT_NAME --account-key $SA_KEY --container-name $CONTAINER_NAME --name $BLOB_NAME --file $LOCAL_FILE_PATH + + if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then + # This command uses SA_KEY as a variable but it should be a SAS Token for RHEL 6 VMs + azcopy copy "https://$STORAGE_ACCOUNT_NAME.blob.core.windows.net/$CONTAINER_NAME/$BLOB_NAME?$SA_KEY" "$LOCAL_FILE_PATH" + else + az storage blob download --account-name $STORAGE_ACCOUNT_NAME --account-key $SA_KEY --container-name $CONTAINER_NAME --name $BLOB_NAME --file $LOCAL_FILE_PATH + fi } install_docker(){ @@ -217,13 +254,21 @@ install_docker(){ if [ "${RUN_XDR_AGENT}" = "true" ] then - install_azcli + if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then + install_azcopy + else + install_azcli + fi install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}" fi if [ "${RUN_XDR_COLLECTOR}" = "true" ] then - install_azcli + if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then + install_azcopy + else + install_azcli + fi install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}" fi From ff0414c983fa00cb9f56dd84f0729ade3d2cf65e Mon Sep 17 00:00:00 2001 From: Daniel Wilson Date: Wed, 25 Sep 2024 16:28:29 +0100 Subject: [PATCH 17/18] VERSION in logic, OS_TYPE not guarunteed to contain vers num --- scripts/linux_run_script.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/linux_run_script.sh b/scripts/linux_run_script.sh index a44a0bc..17c13c0 100755 --- a/scripts/linux_run_script.sh +++ b/scripts/linux_run_script.sh @@ -72,7 +72,7 @@ install_azcli() { rpm -q dnf || sudo yum install dnf -y fi - if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"7."* ]]; then + if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"7."* ]]; then echo -e "[azure-cli] name=Azure CLI baseurl=https://packages.microsoft.com/yumrepos/azure-cli @@ -83,11 +83,11 @@ gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.re sudo dnf clean all sudo dnf -v install azure-cli -y - elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"8."* ]]; then + elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"8."* ]]; then sudo dnf install -y https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm sudo dnf install azure-cli - elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$OS_TYPE" == *"9."* ]]; then + elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"9."* ]]; then sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm sudo dnf install azure-cli From 93e2555880c726675eb575a27e2b05296fa36b22 Mon Sep 17 00:00:00 2001 From: Daniel Wilson Date: Thu, 26 Sep 2024 16:31:27 +0100 Subject: [PATCH 18/18] fix mismerged script --- scripts/linux_run_script.sh | 427 +++++++++++++++++------------------- 1 file changed, 207 insertions(+), 220 deletions(-) diff --git a/scripts/linux_run_script.sh b/scripts/linux_run_script.sh index 17c13c0..bebfedf 100755 --- a/scripts/linux_run_script.sh +++ b/scripts/linux_run_script.sh @@ -1,285 +1,272 @@ #!/bin/bash - set -ex +set -ex # Get OS type/version/name check_os_version() { - if [ -f /etc/os-release ]; then - . /etc/os-release - OS=$ID - OS_TYPE=$NAME - VERSION=$VERSION_ID - elif type lsb_release >/dev/null 2>&1; then - OS=$(lsb_release -si) - OS_TYPE=$(lsb_release -sd | sed 's/"//g') - VERSION=$(lsb_release -sr) - elif [ -f /etc/redhat-release ]; then - OS=$(awk '{print $1$2$3$5}' /etc/redhat-release) - OS_TYPE=$(awk '{print $1, $2, $3, $4, $5}' /etc/redhat-release) - VERSION=$(cat /etc/redhat-release | sed 's/[^0-9.]*//g') - else - echo "Cannot determine the operating system." - fi - - echo "Operating System: $OS" - echo "Version: $VERSION" + if [ -f /etc/os-release ]; then + . /etc/os-release + OS=$ID + OS_TYPE=$NAME + VERSION=$VERSION_ID + elif type lsb_release >/dev/null 2>&1; then + OS=$(lsb_release -si) + OS_TYPE=$(lsb_release -sd | sed 's/"//g') + VERSION=$(lsb_release -sr) + elif [ -f /etc/redhat-release ]; then + OS=$(awk '{print $1$2$3$5}' /etc/redhat-release) + OS_TYPE=$(awk '{print $1, $2, $3, $4, $5}' /etc/redhat-release) + VERSION=$(cat /etc/redhat-release | sed 's/[^0-9.]*//g') + else + echo "Cannot determine the operating system." + fi + + echo "Operating System: $OS" + echo "Version: $VERSION" } check_os_version # Run the command only if the OS is not Ubuntu if [ "$OS" != "ubuntu" ]; then - echo "Running command on $OS" - - sudo yum install redhat-lsb-core -y + echo "Running command on $OS" + sudo yum install redhat-lsb-core -y else - echo "Skipping command on Ubuntu" + echo "Skipping command on Ubuntu" fi STORAGE_ACCOUNT_NAME="cftptlintsvc" CONTAINER_NAME="xdr-collectors" install_azcopy() { - # Install Azure CLI (if not already installed) - if ! command -v azcopy &> /dev/null - then - if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then - echo "Downloading AzCopy" - sudo wget https://aka.ms/downloadazcopy-v10-linux - sudo tar -xvf downloadazcopy-v10-linux - - echo "Adding AzCopy to path" - sudo rm -f /usr/bin/azcopy - sudo cp ./azcopy_linux_amd64_*/azcopy /usr/bin/ - sudo chmod 755 /usr/bin/azcopy - - echo "Completing cleanup" - sudo rm -f downloadazcopy-v10-linux - sudo rm -rf ./azcopy_linux_amd64_*/ - fi - else - echo "AzCopy is already installed." + # Install Azure CLI (if not already installed) + + if ! command -v azcopy &>/dev/null; then + if [[ $OS_TYPE == *"Red Hat Enterprise"* && $VERSION == *"6."* ]]; then + echo "Downloading AzCopy" + sudo wget https://aka.ms/downloadazcopy-v10-linux + sudo tar -xvf downloadazcopy-v10-linux + + echo "Adding AzCopy to path" + sudo rm -f /usr/bin/azcopy + sudo cp ./azcopy_linux_amd64_*/azcopy /usr/bin/ + sudo chmod 755 /usr/bin/azcopy + + echo "Completing cleanup" + sudo rm -f downloadazcopy-v10-linux + sudo rm -rf ./azcopy_linux_amd64_*/ fi + else + echo "AzCopy is already installed." + fi + } install_azcli() { - # Install Azure CLI (if not already installed) - - if ! command -v az &> /dev/null - then + # Install Azure CLI (if not already installed) - if [ "$OS" != "ubuntu" ]; then - sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc - rpm -q dnf || sudo yum install dnf -y - fi + if ! command -v az &>/dev/null; then - if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"7."* ]]; then - echo -e "[azure-cli] + if [ "$OS" != "ubuntu" ]; then + sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc + rpm -q dnf || sudo yum install dnf -y + fi + if [[ $OS_TYPE == *"Red Hat Enterprise"* && $VERSION == *"7."* ]]; then + echo -e "[azure-cli] name=Azure CLI baseurl=https://packages.microsoft.com/yumrepos/azure-cli enabled=1 gpgcheck=1 gpgkey=https://packages.microsoft.com/keys/microsoft.asc" | sudo tee /etc/yum.repos.d/azure-cli.repo - sudo dnf clean all - sudo dnf -v install azure-cli -y + sudo dnf clean all + sudo dnf -v install azure-cli -y - elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"8."* ]]; then - sudo dnf install -y https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm - sudo dnf install azure-cli + elif [[ $OS_TYPE == *"Red Hat Enterprise"* && $VERSION == *"8."* ]]; then + sudo dnf install -y https://packages.microsoft.com/config/rhel/8/packages-microsoft-prod.rpm + sudo dnf install azure-cli - elif [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"9."* ]]; then - sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm - sudo dnf install azure-cli + elif [[ $OS_TYPE == *"Red Hat Enterprise"* && $VERSION == *"9."* ]]; then + sudo dnf install -y https://packages.microsoft.com/config/rhel/9.0/packages-microsoft-prod.rpm + sudo dnf install azure-cli - else - curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash - fi else - echo "Azure CLI is already installed." + curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash fi + else + echo "Azure CLI is already installed." + fi } install_agent() { - echo "Info: Installing XDR Agents" + echo "Info: Installing XDR Agents" - if [ "$OS" != "ubuntu" ]; then - sudo yum install -y selinux-policy-devel - else - sudo apt-get update - sudo apt-get install -y selinux-utils policycoreutils - fi + if [ "$OS" != "ubuntu" ]; then + sudo yum install -y selinux-policy-devel + else + sudo apt-get update + sudo apt-get install -y selinux-utils policycoreutils + fi - local SA_KEY="$1" - local ENV="$2" - local XDR_TAGS="$3" + local SA_KEY="$1" + local ENV="$2" + local XDR_TAGS="$3" - local STRING_TO_APPEND=" + local STRING_TO_APPEND=" --endpoint-tags ${XDR_TAGS}" - mkdir -p XDR_DOWNLOAD - - if [[ "$OS_TYPE" == *"Red Hat Enterprise Linux"* ]]; then - # Download conf file - local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_rpm_8.5.0.125392/cortex.conf" - local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortex.conf" - download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" - sudo echo "$STRING_TO_APPEND" >> $LOCAL_FILE_PATH - sudo mkdir -p /etc/panw - sudo cp $LOCAL_FILE_PATH /etc/panw/ - - # Install agent - local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_rpm_8.5.0.125392/cortex-8.5.0.125392.rpm" - local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.rpm" - download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" - rpm -qa | grep -i cortex-agent || sudo rpm -Uh $LOCAL_FILE_PATH - rm -rf $LOCAL_FILE_PATH - echo "Installation of Agents on RedHat VM completed" - else - - # Download conf file - local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_deb_8.5.0.125392/cortex.conf" - local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortex.conf" - download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" - sudo echo "$STRING_TO_APPEND" >> $LOCAL_FILE_PATH - sudo mkdir -p /etc/panw - sudo cp $LOCAL_FILE_PATH /etc/panw/ - - # Install agent - local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_deb_8.5.0.125392/cortex-8.5.0.125392.deb" - local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.deb" - download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" - dpkg -l | grep -i cortex-agent || dpkg -i $LOCAL_FILE_PATH - rm -rf $LOCAL_FILE_PATH - - echo "Installation of Agents on Ubuntu VM completed" - fi + mkdir -p XDR_DOWNLOAD + + if [[ $OS_TYPE == *"Red Hat Enterprise Linux"* ]]; then + # Download conf file + local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_rpm_8.5.0.125392/cortex.conf" + local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortex.conf" + download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" + sudo echo "$STRING_TO_APPEND" >>$LOCAL_FILE_PATH + sudo mkdir -p /etc/panw + sudo cp $LOCAL_FILE_PATH /etc/panw/ + + # Install agent + local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_rpm_8.5.0.125392/cortex-8.5.0.125392.rpm" + local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.rpm" + download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" + rpm -qa | grep -i cortex-agent || sudo rpm -Uh $LOCAL_FILE_PATH + rm -rf $LOCAL_FILE_PATH + echo "Installation of Agents on RedHat VM completed" + else + + # Download conf file + local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_deb_8.5.0.125392/cortex.conf" + local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortex.conf" + download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" + sudo echo "$STRING_TO_APPEND" >>$LOCAL_FILE_PATH + sudo mkdir -p /etc/panw + sudo cp $LOCAL_FILE_PATH /etc/panw/ + + # Install agent + local BLOB_NAME="${ENV}/${ENV}_agent-HMCTS_Linux_deb_8.5.0.125392/cortex-8.5.0.125392.deb" + local LOCAL_FILE_PATH="XDR_DOWNLOAD/cortexagent.deb" + download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" + dpkg -l | grep -i cortex-agent || dpkg -i $LOCAL_FILE_PATH + rm -rf $LOCAL_FILE_PATH + + echo "Installation of Agents on Ubuntu VM completed" + fi } install_collector() { - echo "Info: Installing XDR Collectors" - - if [ "$OS" != "ubuntu" ]; then - sudo yum install -y selinux-policy-devel - else - sudo apt-get update - sudo apt-get install -y selinux-utils policycoreutils - fi - - local SA_KEY="$1" - local ENV="$2" - - mkdir -p XDR_DOWNLOAD - - if [[ "$OS_TYPE" == *"Red Hat Enterprise Linux"* ]]; then - - # Download collector file - local BLOB_NAME="${ENV}/collector-1.4.1.1089.rpm/collector.conf" - local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.conf" - download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" - sudo mkdir -p /etc/panw - sudo cp $LOCAL_FILE_PATH /etc/panw/ - - # Install collector - local BLOB_NAME="${ENV}/collector-1.4.1.1089.rpm/collector-1.4.1.1089.rpm" - local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.rpm" - download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" - rpm -qa | grep -i xdr-collector || sudo rpm -Uh $LOCAL_FILE_PATH - rm -rf $LOCAL_FILE_PATH - echo "Installation of collectors on RedHat VM completed" - else - - # Download collector file - local BLOB_NAME="${ENV}/collector-1.4.1.1089.deb/collector.conf" - local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.conf" - download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" - sudo mkdir -p /etc/panw - sudo cp $LOCAL_FILE_PATH /etc/panw/ - - # Install collector - local BLOB_NAME="${ENV}/collector-1.4.1.1089.deb/collector-1.4.1.1089.deb" - local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.deb" - download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" - dpkg -l | grep -i xdr-collector || dpkg -i $LOCAL_FILE_PATH - rm -rf $LOCAL_FILE_PATH - - echo "Installation of collectors on Ubuntu VM completed" - fi + echo "Info: Installing XDR Collectors" + + if [ "$OS" != "ubuntu" ]; then + sudo yum install -y selinux-policy-devel + else + sudo apt-get update + sudo apt-get install -y selinux-utils policycoreutils + fi + + local SA_KEY="$1" + local ENV="$2" + + mkdir -p XDR_DOWNLOAD + + if [[ $OS_TYPE == *"Red Hat Enterprise Linux"* ]]; then + + # Download collector file + local BLOB_NAME="${ENV}/collector-1.4.1.1089.rpm/collector.conf" + local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.conf" + download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" + sudo mkdir -p /etc/panw + sudo cp $LOCAL_FILE_PATH /etc/panw/ + + # Install collector + local BLOB_NAME="${ENV}/collector-1.4.1.1089.rpm/collector-1.4.1.1089.rpm" + local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.rpm" + download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" + rpm -qa | grep -i xdr-collector || sudo rpm -Uh $LOCAL_FILE_PATH + rm -rf $LOCAL_FILE_PATH + echo "Installation of collectors on RedHat VM completed" + else + + # Download collector file + local BLOB_NAME="${ENV}/collector-1.4.1.1089.deb/collector.conf" + local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.conf" + download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" + sudo mkdir -p /etc/panw + sudo cp $LOCAL_FILE_PATH /etc/panw/ + + # Install collector + local BLOB_NAME="${ENV}/collector-1.4.1.1089.deb/collector-1.4.1.1089.deb" + local LOCAL_FILE_PATH="XDR_DOWNLOAD/collector.deb" + download_blob "$STORAGE_ACCOUNT_NAME" "$SA_KEY" "$CONTAINER_NAME" "$BLOB_NAME" "$LOCAL_FILE_PATH" + dpkg -l | grep -i xdr-collector || dpkg -i $LOCAL_FILE_PATH + rm -rf $LOCAL_FILE_PATH + + echo "Installation of collectors on Ubuntu VM completed" + fi } -download_blob(){ - local STORAGE_ACCOUNT_NAME="$1" - local SA_KEY="$2" - local CONTAINER_NAME="$3" - local BLOB_NAME="$4" - local LOCAL_FILE_PATH="$5" - - if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then - # This command uses SA_KEY as a variable but it should be a SAS Token for RHEL 6 VMs - azcopy copy "https://$STORAGE_ACCOUNT_NAME.blob.core.windows.net/$CONTAINER_NAME/$BLOB_NAME?$SA_KEY" "$LOCAL_FILE_PATH" - else - az storage blob download --account-name $STORAGE_ACCOUNT_NAME --account-key $SA_KEY --container-name $CONTAINER_NAME --name $BLOB_NAME --file $LOCAL_FILE_PATH - fi +download_blob() { + local STORAGE_ACCOUNT_NAME="$1" + local SA_KEY="$2" + local CONTAINER_NAME="$3" + local BLOB_NAME="$4" + local LOCAL_FILE_PATH="$5" + + if [[ $OS_TYPE == *"Red Hat Enterprise"* && $VERSION == *"6."* ]]; then + # This command uses SA_KEY as a variable but it should be a SAS Token for RHEL 6 VMs + azcopy copy "https://$STORAGE_ACCOUNT_NAME.blob.core.windows.net/$CONTAINER_NAME/$BLOB_NAME?$SA_KEY" "$LOCAL_FILE_PATH" + else + az storage blob download --account-name $STORAGE_ACCOUNT_NAME --account-key $SA_KEY --container-name $CONTAINER_NAME --name $BLOB_NAME --file $LOCAL_FILE_PATH + fi } -install_docker(){ +install_docker() { - echo "Info: Installing Docker and Docker Compose" + echo "Info: Installing Docker and Docker Compose" - if [ "$OS" == "ubuntu" ]; then + if [ "$OS" == "ubuntu" ]; then - if ! command -v docker &>/dev/null; then - apt update - apt install -y apt-transport-https ca-certificates curl software-properties-common + if ! command -v docker &>/dev/null; then + apt update + apt install -y apt-transport-https ca-certificates curl software-properties-common - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg - echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list >/dev/null + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list >/dev/null - apt update - apt install -y docker-ce - fi - - DOCKER_PLUGINS_DIR="/usr/local/lib/docker/cli-plugins" - - if [ ! -d "$DOCKER_PLUGINS_DIR" ]; then - mkdir -p "$DOCKER_PLUGINS_DIR" - if [ ! -f "$DOCKER_PLUGINS_DIR/docker-compose" ]; then - curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose - chmod +x /usr/local/lib/docker/cli-plugins/docker-compose - fi - fi + apt update + apt install -y docker-ce fi -} - if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then - # This command uses SA_KEY as a variable but it should be a SAS Token for RHEL 6 VMs - azcopy copy "https://$STORAGE_ACCOUNT_NAME.blob.core.windows.net/$CONTAINER_NAME/$BLOB_NAME?$SA_KEY" "$LOCAL_FILE_PATH" - else - az storage blob download --account-name $STORAGE_ACCOUNT_NAME --account-key $SA_KEY --container-name $CONTAINER_NAME --name $BLOB_NAME --file $LOCAL_FILE_PATH + DOCKER_PLUGINS_DIR="/usr/local/lib/docker/cli-plugins" + + if [ ! -d "$DOCKER_PLUGINS_DIR" ]; then + mkdir -p "$DOCKER_PLUGINS_DIR" + if [ ! -f "$DOCKER_PLUGINS_DIR/docker-compose" ]; then + curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose + chmod +x /usr/local/lib/docker/cli-plugins/docker-compose + fi fi + fi } -if [ "${RUN_XDR_AGENT}" = "true" ] -then - if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then - install_azcopy - else - install_azcli - fi - install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}" +if [ "${RUN_XDR_AGENT}" = "true" ]; then + if [[ $OS_TYPE == *"Red Hat Enterprise"* && $VERSION == *"6."* ]]; then + install_azcopy + else + install_azcli + fi + install_agent "${STORAGE_ACCOUNT_KEY}" "${ENV}" "${XDR_TAGS}" fi -if [ "${RUN_XDR_COLLECTOR}" = "true" ] -then - if [[ "$OS_TYPE" == *"Red Hat Enterprise"* && "$VERSION" == *"6."* ]]; then - install_azcopy - else - install_azcli - fi - install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}" +if [ "${RUN_XDR_COLLECTOR}" = "true" ]; then + if [[ $OS_TYPE == *"Red Hat Enterprise"* && $VERSION == *"6."* ]]; then + install_azcopy + else + install_azcli + fi + install_collector "${STORAGE_ACCOUNT_KEY}" "${ENV}" fi -if [ "${INSTALL_DOCKER}" = "true" ] -then - install_docker +if [ "${INSTALL_DOCKER}" = "true" ]; then + install_docker fi