Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
switch-to-insecure-mode-if-tlsdownload-fails #97
Conversation
| @@ -102,7 +102,7 @@ checkLinuxLogglyCompatibility() | |||
| checkIfUserHasRootPrivileges | |||
|
|
|||
| #check if the OS is supported by the script. If no, then exit | |||
| checkIfSupportedOS | |||
| checkIfSupportedOS | |||
mostlyjason
Jun 14, 2017
Contributor
Did you change the spacing here?
Did you change the spacing here?
| read -p "Do you wish to continue with insecure mode? (yes/no)" yn | ||
| case $yn in | ||
| [Yy]* ) | ||
| logMsgToConfigSysLog "INFO" "INFO: Going to overwrite the conf file: $LOGGLY_RSYSLOG_CONFFILE with insecure configuration"; |
mostlyjason
Jun 14, 2017
•
Contributor
Does it display this if they are installing for the first time?
Does it display this if they are installing for the first time?
Shwetajain148
Jun 15, 2017
Author
Contributor
@mostlyjason This code will be executed whenever rsyslog-gnutls package couldn't be download or package manager is not found in the system. It will prompt the user to switch to insecure mode. For example, if I am in SUSE environment where the package manager is different from yum and apt-get so the rsyslog-gnutls package will not be downloaded. In that case, the script will prompt the user to switch to insecure mode.
@mostlyjason This code will be executed whenever rsyslog-gnutls package couldn't be download or package manager is not found in the system. It will prompt the user to switch to insecure mode. For example, if I am in SUSE environment where the package manager is different from yum and apt-get so the rsyslog-gnutls package will not be downloaded. In that case, the script will prompt the user to switch to insecure mode.
Shwetajain148
force-pushed the
Shwetajain148:switch-mode
branch
from
2a2527e
to
3a0d922
| exit 1 | ||
| logMsgToConfigSysLog "Info" "Info: selinux status is 'Enforcing'. Setting it to the permissive mode and restarting the rsyslog daemon." | ||
| setenforce 0 | ||
| restartRsyslog | ||
| fi |
Shwetajain148
Jun 23, 2017
Author
Contributor
@mchaudhary and @mostlyjason, while running our script on different distributions, I found one more thing that was breaking our script execution(on RedHat) i.e. if SELinux status is enforcing in the system then the script exits by showing the above error message which I thought should not happen so if SELinux status is set to enforcing then I am showing an info message and setting the SELinux status to permissive mode by setting its value to 0 and restarting the rsyslog service so that changes take effect. In this way, our script will not exit in between and will run smoothly.
@mchaudhary and @mostlyjason, while running our script on different distributions, I found one more thing that was breaking our script execution(on RedHat) i.e. if SELinux status is enforcing in the system then the script exits by showing the above error message which I thought should not happen so if SELinux status is set to enforcing then I am showing an info message and setting the SELinux status to permissive mode by setting its value to 0 and restarting the rsyslog service so that changes take effect. In this way, our script will not exit in between and will run smoothly.
| @@ -875,7 +876,7 @@ searchAndFetch() | |||
| { | |||
| url=$2 | |||
|
|
|||
| result=$(wget -qO- /dev/null --user "$LOGGLY_USERNAME" --password "$LOGGLY_PASSWORD" "$url") | |||
| result=$(curl -s -u $LOGGLY_USERNAME:$LOGGLY_PASSWORD $url) | |||
Shwetajain148
Jun 23, 2017
Author
Contributor
@mchaudhary and @mostlyjason, Here I have replaced the wget command wth curl. I looked in differents environments to check if curl is present or not and I found it installed in almost each distribution listed below
Amazon AMI 2017.03
Ubuntu 14
RedHat
SUSE
Fedora
CentOS
I have also tested the configure-linux.sh script with this updated code and everything looked fine to me.
@mchaudhary and @mostlyjason, Here I have replaced the wget command wth curl. I looked in differents environments to check if curl is present or not and I found it installed in almost each distribution listed below
Amazon AMI 2017.03
Ubuntu 14
RedHat
SUSE
Fedora
CentOS
I have also tested the configure-linux.sh script with this updated code and everything looked fine to me.
mchaudhary
Jul 19, 2017
Contributor
@Shwetajain148 Can we try this on Ubuntu 12.04. I am almost certain that 12.04 doesn't have curl in it
@Shwetajain148 Can we try this on Ubuntu 12.04. I am almost certain that 12.04 doesn't have curl in it
Shwetajain148
Jul 19, 2017
Author
Contributor
@mchaudhary I just created a new Ubuntu 12.04 instance on Amazon and I could see that curl is pre-installed on it and there is no need to install it manually.
@mchaudhary I just created a new Ubuntu 12.04 instance on Amazon and I could see that curl is pre-installed on it and there is no need to install it manually.
mostlyjason
Jul 19, 2017
Contributor
We have had curl built into our script for a long time and haven't heard any complaints. I'm guessing it's common or easy to install.
We have had curl built into our script for a long time and haven't heard any complaints. I'm guessing it's common or easy to install.
I have updated the SELinux error message and removed the code that was changing the security settings.
|
@mchaudhary @mostlyjason I have fixed the merge conflicts and upgraded the script version to 1.18. Kindly review. |
@mchaudhary @mostlyjason, I have modified code to implement below requirements in the script:
The --force-secure parameter will set the TLS configuration and when the user installs the rsyslog-gnutls package manually and restart the rsyslog service, logs will reach to Loggly. I tested this functionality.
Please review.
I have started working on testing part of the script and updating a sheet accordingly.