include/data_upload


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

#!/bin/sh

#################################################################################
#
#   Lynis
# ------------------
#
# Copyright 2007-2016, Michael Boelen (michael.boelen@cisofy.com), CISOfy
# Web site: https://cisofy.com
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Data upload
#
#################################################################################
#
#    logtextbreak
PROGRAM_VERSION="101"


    # Data upload destination
    if [ "${UPLOAD_SERVER}" = "" ]; then
        UPLOAD_SERVER="cisofy.com"
    fi
    UPLOAD_URL="https://${UPLOAD_SERVER}/upload/"

logtext "Upload server: ${UPLOAD_SERVER}"
logtext "URL to upload to: ${UPLOAD_URL}"

    # License server (set to upload server if not configured)
    if [ "${LICENSE_SERVER}" = "" ]; then
        LICENSE_SERVER="${UPLOAD_SERVER}"
    fi
    LICENSE_SERVER_URL="https://${LICENSE_SERVER}/license/"

logtext "License server: ${LICENSE_SERVER}"


# Additional options to curl
if [ "${UPLOAD_OPTIONS}" = "" ]; then
    CURL_OPTIONS=""
  else
    CURL_OPTIONS="${UPLOAD_OPTIONS}"
fi
SETTINGS_FILE="${PROFILE}"

# Only output text to stdout if DEBUG mode is not used
output()
  {
    if [ ${DEBUG} -eq 1 ]; then echo "$1"; fi
  }

#####################################################################################
#
# SYSTEM CHECKS
#
#####################################################################################

output "Lynis Enterprise data uploader starting"
output "Settings file: ${SETTINGS_FILE}"

    # Check if we can find curl
    # Suggestion: If you want to keep the system hardened, copying the binary from a trusted source is a good alternative.
    #             Restrict access to this binary to the user who is running this script.
    if [ "${CURLBINARY}" = "" ]; then
        echo "Fatal: can't find curl binary. Please install the related package or put the binary in the PATH. Quitting.."
        exit 1
    fi

    # Extra the license key from the settings file
    if [ "${LICENSE_KEY}" = "" ]; then
        echo "Fatal: no license key found. Quitting.."
        ExitFatal
      else
        output "License key = ${LICENSE_KEY}"
    fi


#####################################################################################
#
# JOB CONTROL
#
#####################################################################################

    # Check report file
    if [ -f ${REPORTFILE} ]; then
        output "${WHITE}Report file found.${NORMAL} Starting with connectivity check.."
        # Quit if license is not valid, to reduce load on both client and server.
        UPLOAD=`${CURLBINARY} ${CURL_OPTIONS} -s -S --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "collector_version=${PROGRAM_VERSION}" ${LICENSE_SERVER_URL} 2> /dev/null`
        EXITCODE=$?
        if [ ${EXITCODE} -gt 0 ]; then
            if [ ${EXITCODE} -eq 7 ]; then
                logtext "Result: could not contact license server."
                logtext "Details: used URL ${LICENSE_SERVER_URL}"
                logtext "Suggestion: check if the upload host is correctly configured."
                echo "${RED}Error${NORMAL}: license server not available. See ${LOGFILE} for details."
            elif [ ${EXITCODE} -eq 60 ]; then
                echo "${RED}Self-signed certificate used on Lynis Enterprise node${NORMAL}"
                echo "If you want to accept a self-signed certificate, use the -k option in the profile."
                echo "Example: ${WHITE}config:upload_options:-k:${NORMAL}"
                logtext "Result: found self-signed certificate, however cURL -k option not used."
              else
                echo "${RED}Upload Error: ${NORMAL}cURL exited with code ${EXITCODE}. See ${LOGFILE} for details."
                logtext "Result: cURL exited with code ${EXITCODE}."
            fi
            logtext "Result: quitting, can't check license"
            ExitFatal
        fi
        UPLOAD_CODE=`echo ${UPLOAD} | head -n 1 | awk '{ if ($1=="Response") { print $2 }}'`
        if [ "${UPLOAD_CODE}" = "100" ]; then
            output "${WHITE}License is valid${NORMAL}"
            logtext "Result: License is valid"
          else
            echo "${RED}Fatal error: ${WHITE}Error while checking the license.${NORMAL}"
            echo ""
            echo "Possible causes and steps you can take:"
            echo "- Connection with license server could not be established (try address in your web browser)"
            echo "- Incorrect server has been configured in profile"
            echo "- License is expired (listed in Configuration screen) or No credits left (listed in Configuration screen)"
            echo "- Collector version of Lynis version outdated (upgrade to latest version of Lynis and/or Lynis Collector)"
            echo ""
            echo "If you need support in solving this, please contact support@cisofy.com and include this screen output."
            echo ""
            echo "URL: ${LICENSE_SERVER_URL}"
            echo "Key: ${LICENSE_KEY}"
            output "Debug information: ${UPLOAD}"
            # Quit
            ExitFatal
        fi
        # Extract the hostid from the parse file
        HOSTID=`awk -F= '/^hostid=/ { print $2 }' ${REPORTFILE}`
        if [ ! "${HOSTID}" = "" ]; then
            output "${WHITE}Found hostid: ${HOSTID}${NORMAL}"
            # Try to connect
            output "Uploading data.."
            # Add a space
            CURL_OPTIONS=" ${CURL_OPTIONS}"
            # Currently compressed uploads are not supported yet on central node. Therefore default value is set to 0.
            if [ ${COMPRESSED_UPLOADS} -eq 1 ]; then
                CURL_OPTIONS="${CURL_OPTIONS} --compressed -H 'Content-Encoding: gzip'"
            fi
            logtext "Command used: ${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode \"data@${REPORTFILE}\" --data-urlencode \"licensekey=${LICENSE_KEY}\" --data-urlencode \"hostid=${HOSTID}\" ${UPLOAD_URL}"
            UPLOAD=`${CURLBINARY}${CURL_OPTIONS} -s -S --data-urlencode "data@${REPORTFILE}" --data-urlencode "licensekey=${LICENSE_KEY}" --data-urlencode "hostid=${HOSTID}" ${UPLOAD_URL} 2> /dev/null`
            EXITCODE=$?
            if [ ${EXITCODE} -gt 0 ]; then
                echo "${RED}Error: ${NORMAL}Error occurred, cURL ended during the upload of the report data."
                echo "Related exit code: ${EXITCODE}"
                echo "Check the last section of the log file for the exact command used, for further troubleshooting"
                echo "Debug:"
                echo ${UPLOAD}
                echo "${RED}Upload Error${NORMAL}: cURL could not upload data. See ${LOGFILE} for details."
                # Quit
                ExitClean
            fi
          else
            echo "${RED}Error${NORMAL}: No hostid found in report file. Can not upload report file."
            # Quit
            ExitFatal
        fi
      else
         output "${YELLOW}No report file found to upload.${NORMAL}"
         ExitFatal
    fi

#
#================================================================================
# Lynis - Copyright 2007-2016, Michael Boelen, CISOfy - https://cisofy.com