Skip to content

G1C-1773 add amazon linux 2023 support #147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
zdenek-machek-swi merged 4 commits into from
Nov 6, 2023
Merged

G1C-1773 add amazon linux 2023 support #147

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8ee4305
G1C-1773 Switch for TLS packages
zdenek-machek-swi Nov 1, 2023
133d63f
G1C-1773 Switch for TLS packages
zdenek-machek-swi Nov 1, 2023
3c79ab6
G1C-1773 Adjust behaviour for different Amazon linux versions
zdenek-machek-swi Nov 2, 2023
6cb6ad2
G1C-1773 Make check futureproof
zdenek-machek-swi Nov 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 30 additions & 11 deletions Linux Script/configure-linux.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,9 @@ checkLinuxLogglyCompatibility() {
#set the basic variables needed by this script
setLinuxVariables

#set TLS package
setTlsPackage

#check if the Loggly servers are accessible. If no, ask user to check network connectivity & exit
checkIfLogglyServersAccessible

Expand Down Expand Up @@ -162,6 +165,7 @@ checkLinuxLogglyCompatibility() {
#update rsyslog.conf and adds $MaxMessageSize in it
modifyMaxMessageSize


LINUX_ENV_VALIDATED="true"
}

Expand Down Expand Up @@ -238,6 +242,20 @@ checkIfPackageManagerIsPresent() {
fi
}

#set tls package
setTlsPackage() {
TLS_PACKAGE="rsyslog-gnutls"
TLS_DRIVER="gtls"

if [ "$LINUX_DIST_IN_LOWER_CASE" == "amazon" ]; then
LINUX_DIST_VERSION=$(cat /etc/system-release | cut -f 4 -d " ")
if [ "$LINUX_DIST_VERSION" -ge 2023 ]; then
TLS_PACKAGE="rsyslog-openssl"
TLS_DRIVER="ossl"
fi
fi
}

#check if required dependencies to run the script are not installed, If yes then ask user to install them manually and run the script again
checkIfRequiredDependenciesAreNotInstalled() {
if ! [ -x "$(command -v curl)" ]; then
Expand Down Expand Up @@ -537,7 +555,7 @@ confString() {

#RsyslogGnuTLS
\$DefaultNetstreamDriverCAFile $CA_FILE_PATH
\$ActionSendStreamDriver gtls
\$ActionSendStreamDriver $TLS_DRIVER
\$ActionSendStreamDriverMode 1
\$ActionSendStreamDriverAuthMode x509/name
\$ActionSendStreamDriverPermittedPeer *.loggly.com
Expand Down Expand Up @@ -566,7 +584,7 @@ string=\"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-na
)

# Send messages to Loggly over TCP using the template.
action(type=\"omfwd\" protocol=\"tcp\" target=\"$LOGS_01_HOST\" port=\"$LOGGLY_SYSLOG_PORT\" template=\"LogglyFormat\" StreamDriver=\"gtls\" StreamDriverMode=\"1\" StreamDriverAuthMode=\"x509/name\" StreamDriverPermittedPeers=\"*.loggly.com\")
action(type=\"omfwd\" protocol=\"tcp\" target=\"$LOGS_01_HOST\" port=\"$LOGGLY_SYSLOG_PORT\" template=\"LogglyFormat\" StreamDriver=\"$TLS_DRIVER\" StreamDriverMode=\"1\" StreamDriverAuthMode=\"x509/name\" StreamDriverPermittedPeers=\"*.loggly.com\")
"

inputStr_NO_TLS="
Expand Down Expand Up @@ -597,24 +615,25 @@ action(type=\"omfwd\" protocol=\"tcp\" target=\"$LOGS_01_HOST\" port=\"$LOGGLY_S

#install the certificate and check if gnutls package is installed
installTLSDependencies() {

if [ $LOGGLY_TLS_SENDING == "true" ]; then
if [ "$SUPPRESS_PROMPT" == "true" ]; then
/bin/bash -c "sudo $PKG_MGR install -y rsyslog-gnutls"
/bin/bash -c "sudo $PKG_MGR install -y $TLS_PACKAGE"
else
/bin/bash -c "sudo $PKG_MGR install rsyslog-gnutls"
/bin/bash -c "sudo $PKG_MGR install $TLS_PACKAGE"
fi
if [ "$PKG_MGR" == "yum" ]; then
if [ $(rpm -qa | grep -c "rsyslog-gnutls") -eq 0 ]; then
if [ $(rpm -qa | grep -c "$TLS_PACKAGE") -eq 0 ]; then
DEPENDENCIES_INSTALLED="false"
if [ "$FORCE_SECURE" == "true" ]; then
logMsgToConfigSysLog "WARN" "WARN: The rsyslog-gnutls package could not be download automatically because your package manager could not be found. Please install it and restart the rsyslog service to send logs to Loggly."
logMsgToConfigSysLog "WARN" "WARN: The $TLS_PACKAGE package could not be download automatically because your package manager could not be found. Please install it and restart the rsyslog service to send logs to Loggly."
fi
fi
elif [ "$PKG_MGR" == "apt-get" ]; then
if [ $(dpkg-query -W -f='${Status}' rsyslog-gnutls 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
if [ $(dpkg-query -W -f='${Status}' $TLS_PACKAGE 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
DEPENDENCIES_INSTALLED="false"
if [ "$FORCE_SECURE" == "true" ]; then
logMsgToConfigSysLog "WARN" "WARN: The rsyslog-gnutls package could not be download automatically because your package manager could not be found. Please install it and restart the rsyslog service to send logs to Loggly."
logMsgToConfigSysLog "WARN" "WARN: The $TLS_PACKAGE package could not be download automatically because your package manager could not be found. Please install it and restart the rsyslog service to send logs to Loggly."
fi
fi
else
Expand All @@ -629,7 +648,7 @@ switchToInsecureModeIfTLSNotFound() {
if [ "$FORCE_SECURE" == "false" ]; then
if [ "$DEPENDENCIES_INSTALLED" == "false" ]; then
if [ "$SUPPRESS_PROMPT" == "false" ]; then
logMsgToConfigSysLog "WARN" "WARN: The rsyslog-gnutls package could not download automatically either because of your package manager could not be found or due to some other reason."
logMsgToConfigSysLog "WARN" "WARN: The $TLS_PACKAGE package could not download automatically either because of your package manager could not be found or due to some other reason."
while true; do
read -p "Do you wish to continue with insecure mode? (yes/no)" yn
case $yn in
Expand All @@ -639,14 +658,14 @@ switchToInsecureModeIfTLSNotFound() {
break
;;
[Nn]*)
logMsgToConfigSysLog "INFO" "INFO: Since the rsyslog-gnutls package could not be installed automatically, please install it yourself and then re-run the script using the --force-secure flag. This option will force the secure TLS configuration instead of falling back on insecure mode. It is useful for Linux distributions where this script cannot automatically detect the dependency using yum or apt-get."
logMsgToConfigSysLog "INFO" "INFO: Since the $TLS_PACKAGE package could not be installed automatically, please install it yourself and then re-run the script using the --force-secure flag. This option will force the secure TLS configuration instead of falling back on insecure mode. It is useful for Linux distributions where this script cannot automatically detect the dependency using yum or apt-get."
exit 1
;;
*) echo "Please answer yes or no." ;;
esac
done
else
logMsgToConfigSysLog "WARN" "WARN: The rsyslog-gnutls package could not download automatically either because of your package manager could not be found or due to some other reason, continuing with insecure mode."
logMsgToConfigSysLog "WARN" "WARN: The $TLS_PACKAGE package could not download automatically either because of your package manager could not be found or due to some other reason, continuing with insecure mode."
LOGGLY_SYSLOG_PORT=514

fi
Expand Down