forked from devopstales/wazuh-trivy
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall.sh
More file actions
executable file
·226 lines (189 loc) · 7.34 KB
/
install.sh
File metadata and controls
executable file
·226 lines (189 loc) · 7.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
#!/bin/bash
# Check if we're running in bash; if not, adjust behavior
if [ -n "$BASH_VERSION" ]; then
set -euo pipefail
else
set -eu
fi
LOG_LEVEL=${LOG_LEVEL:-"INFO"}
TRIVY_VERSION=${TRIVY_VERSION:-"0.69.3"}
if [ "$(uname)" = "Darwin" ]; then
OSSEC_WODLES_DIR=${OSSEC_WODLES_DIR:-"/Library/Ossec/wodles"}
OSSEC_CONF_DIR=${OSSEC_CONF_DIR:-"/Library/Ossec/etc"}
OSSEC_LOG_DIR=${OSSEC_LOG_DIR:-"/Library/Ossec/logs"}
TRIVY_BIN_DIR=${TRIVY_BIN_DIR:-"/usr/local/bin"}
else
OSSEC_WODLES_DIR=${OSSEC_WODLES_DIR:-"/var/ossec/wodles"}
OSSEC_CONF_DIR=${OSSEC_CONF_DIR:-"/var/ossec/etc"}
OSSEC_LOG_DIR=${OSSEC_LOG_DIR:-"/var/ossec/logs"}
TRIVY_BIN_DIR=${TRIVY_BIN_DIR:-"/usr/bin"}
fi
OSSEC_USER=${OSSEC_USER:-"root"}
OSSEC_GROUP=${OSSEC_GROUP:-"wazuh"}
TRIVY_SCAN_SCRIPT_PATH=${TRIVY_SCAN_SCRIPT_PATH:-"$OSSEC_WODLES_DIR/trivy-scan.sh"}
TRIVY_SCAN_LOG_PATH=${TRIVY_SCAN_LOG_PATH:-"$OSSEC_LOG_DIR/trivy-scan.log"}
TRIVY_SCAN_SCRIPT_URL=${TRIVY_SCAN_SCRIPT_URL:-"https://raw.githubusercontent.com/ADORSYS-GIS/wazuh-trivy/main/trivy-scan.sh"}
LOCAL_INTERNAL_OPTIONS_CONF=${LOCAL_INTERNAL_OPTIONS_CONF:-"$OSSEC_CONF_DIR/local_internal_options.conf"}
REMOTE_COMMANDS_CONFIG=${REMOTE_COMMANDS_CONFIG:-"wazuh_command.remote_commands=1"}
# Define text formatting
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[1;34m'
BOLD='\033[1m'
NORMAL='\033[0m'
# Function for logging with timestamp
log() {
local LEVEL="$1"
shift
local MESSAGE="$*"
local TIMESTAMP
TIMESTAMP=$(date +"%Y-%m-%d %H:%M:%S")
echo -e "${TIMESTAMP} ${LEVEL} ${MESSAGE}"
}
# Logging helpers
info_message() {
log "${BLUE}${BOLD}[===========> INFO]${NORMAL}" "$*"
}
warning_message() {
log "${YELLOW}${BOLD}[ERROR]${NORMAL}" "$*"
}
error_message() {
log "${RED}${BOLD}[ERROR]${NORMAL}" "$*"
}
success_message() {
log "${GREEN}${BOLD}[SUCCESS]${NORMAL}" "$*"
}
# Check if a command exists
command_exists() {
command -v "$1" >/dev/null 2>&1
}
# Ensure root privileges, either directly or through sudo
maybe_sudo() {
if [ "$(id -u)" -ne 0 ]; then
if command_exists sudo; then
sudo "$@"
else
error_message "This script requires root privileges. Please run with sudo or as root."
exit 1
fi
else
"$@"
fi
}
# Check if a container engine (Docker or Podman or Containerd) is installed
has_container_engine() {
if command_exists docker || command_exists podman || command_exists ctr; then
return 0
else
return 1
fi
}
# Install Trivy if it doesn't exist
install_trivy() {
local installed_version=""
if command_exists trivy; then
installed_version="$(trivy --version 2>/dev/null | awk '/Version:/ {print $2}')"
if [ "$installed_version" = "$TRIVY_VERSION" ]; then
info_message "Trivy $TRIVY_VERSION is already installed, skipping installation."
return
else
info_message "Trivy is installed but version $installed_version does not match required $TRIVY_VERSION. Installing correct version..."
fi
else
info_message "Trivy not found. Installing Trivy $TRIVY_VERSION..."
fi
if has_container_engine; then
info_message "Determining system architecture for direct download..."
local OS_TYPE ARCH_TYPE
OS_TYPE=$(uname -s)
ARCH_TYPE=$(uname -m)
local TRIVY_OS TRIVY_ARCH
# Map OS
case "$OS_TYPE" in
Linux) TRIVY_OS="Linux" ;;
Darwin) TRIVY_OS="macOS" ;;
*) error_message "Unsupported OS: $OS_TYPE"; exit 1 ;;
esac
# Map Architecture
case "$ARCH_TYPE" in
x86_64) TRIVY_ARCH="64bit" ;;
aarch64) TRIVY_ARCH="ARM64" ;;
arm64) TRIVY_ARCH="ARM64" ;;
*) error_message "Unsupported architecture: $ARCH_TYPE"; exit 1 ;;
esac
local BINARY_NAME="trivy_${TRIVY_VERSION}_${TRIVY_OS}-${TRIVY_ARCH}.tar.gz"
local DOWNLOAD_URL="https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/${BINARY_NAME}"
info_message "Downloading Trivy from: $DOWNLOAD_URL"
local TMP_DIR
TMP_DIR=$(mktemp -d /tmp/trivy_download.XXXXXX)
if ! curl -sSLf "$DOWNLOAD_URL" -o "$TMP_DIR/$BINARY_NAME"; then
error_message "Failed to download Trivy binary from GitHub Releases (404 or network error)."
rm -rf "$TMP_DIR"
exit 1
fi
info_message "Extracting and installing Trivy..."
if ! (cd "$TMP_DIR" && tar -xzf "$BINARY_NAME"); then
error_message "Failed to extract Trivy tarball."
rm -rf "$TMP_DIR"
exit 1
fi
if ! maybe_sudo install -m 755 "$TMP_DIR/trivy" "$TRIVY_BIN_DIR/trivy"; then
error_message "Failed to install Trivy binary to $TRIVY_BIN_DIR"
rm -rf "$TMP_DIR"
exit 1
fi
rm -rf "$TMP_DIR"
success_message "Trivy $TRIVY_VERSION installed successfully from direct download."
else
error_message "No container engine (Docker or Podman or Containerd) found. Trivy requires a container engine to function."
exit 1
fi
}
# Download and configure the trivy-scan.sh script
setup_trivy_scan_script() {
info_message "Downloading trivy-scan.sh script..."
if ! (maybe_sudo curl -SL -s "$TRIVY_SCAN_SCRIPT_URL" -o "$TRIVY_SCAN_SCRIPT_PATH"); then
error_message "Failed to download trivy-scan.sh script."
exit 1
fi
info_message "Setting permissions for trivy-scan.sh..."
maybe_sudo chown "$OSSEC_USER:$OSSEC_GROUP" "$TRIVY_SCAN_SCRIPT_PATH"
maybe_sudo chmod 750 "$TRIVY_SCAN_SCRIPT_PATH"
success_message "trivy-scan.sh script downloaded and configured successfully."
}
# Ensure the remote_commands configuration is present in local_internal_options.conf
configure_remote_commands() {
info_message "Checking if remote_commands configuration is present in $LOCAL_INTERNAL_OPTIONS_CONF..."
if ! maybe_sudo grep -q "^$REMOTE_COMMANDS_CONFIG" "$LOCAL_INTERNAL_OPTIONS_CONF"; then
info_message "Adding remote_commands configuration to $LOCAL_INTERNAL_OPTIONS_CONF..."
echo "$REMOTE_COMMANDS_CONFIG" | maybe_sudo tee -a "$LOCAL_INTERNAL_OPTIONS_CONF" > /dev/null
success_message "Remote commands configuration added successfully."
else
info_message "Remote commands configuration is already present."
fi
}
create_trivy_log_file() {
if [ ! -f "$TRIVY_SCAN_LOG_PATH" ]; then
info_message "Creating trivy log file..."
maybe_sudo touch "$TRIVY_SCAN_LOG_PATH"
maybe_sudo chown "$OSSEC_USER:$OSSEC_GROUP" "$TRIVY_SCAN_LOG_PATH"
success_message "Trivy log file created successfully."
else
info_message "Trivy log file already exists, skipping."
fi
}
# Main script execution
info_message "Starting Trivy installation check."
# Check for container engine
if has_container_engine; then
info_message "Container engine found. Proceeding with Trivy installation check."
install_trivy
setup_trivy_scan_script
configure_remote_commands
create_trivy_log_file
else
error_message "No container engine (Docker or Podman) detected. Trivy cannot be installed."
exit 1
fi
success_message "Trivy setup completed."