This repository has been archived by the owner on Jul 18, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathinstall.sh
executable file
·261 lines (221 loc) · 8.65 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
#!/bin/sh
# default splunk install directory
SPLUNK=/opt/splunk
AKEY=`python -c "import hashlib, os; print hashlib.sha1(os.urandom(32)).hexdigest()"`
FAILOPEN="False"
TIMEOUT="15"
while getopts d:i:s:h:f:t: o
do
case "$o" in
d) SPLUNK="$OPTARG";;
i) IKEY="$OPTARG";;
s) SKEY="$OPTARG";;
h) HOST="$OPTARG";;
f) FAILOPEN="$OPTARG";;
t) TIMEOUT="$OPTARG";;
[?]) printf >&2 "Usage: $0 [-d splunk directory] -i ikey -s skey -h host [-f (True|False)] [-t seconds] \n"
printf >&2 "ikey, skey, and host can be found in Duo account's administration panel at admin.duosecurity.com\n"
printf >&2 'Failopen (-f) should be set to '\''True'\'' or '\''False'\'', default to '\''False'\''\n'
printf >&2 'Timeout (-t) is number of seconds to wait to see if Duo is available before invoking failmode.\n'
exit 1;;
esac
done
SPLUNK_ERROR="The directory ($SPLUNK) does not look like a Splunk installation. Use the -d option to specify where Splunk is installed."
# Input validation - normalize the Failmode argument to
# begin with an uppercase letter, and make the rest lowercase.
if [ -n "$FAILOPEN" ]; then
FAILOPEN=$(echo ${FAILOPEN} | awk '
BEGIN { IGNORECASE=1 }
{ if ($0 ~ /^true$/) {
print "True"
exit 0
}
if ($0 ~ /^false$/) {
print "False"
exit 0
}
}
END {
exit 1
}')
fi
if [ "$FAILOPEN" != 'True' -a "$FAILOPEN" != 'False' ]; then
echo 'Invalid argument: -f (True | False)'
exit 1
fi
# Input validation - timeout must be a whole non-negative number
if [ "$TIMEOUT" -ge 0 ] 2>/dev/null; then
:
else
echo "Invalid argument: -t must specify a number, not '$TIMEOUT'"
exit 1
fi
if [ ! -d $SPLUNK ]; then
echo "$SPLUNK_ERROR"
exit 1
fi
if [ ! -e $SPLUNK/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/account.py ]; then
echo "$SPLUNK_ERROR"
exit 1
fi
if [ ! -d $SPLUNK/share/splunk/search_mrsparkle/templates/account/ ]; then
echo "$SPLUNK_ERROR"
exit 1
fi
if [ ! -d $SPLUNK/share/splunk/search_mrsparkle/exposed/js/contrib/ ]; then
echo "$SPLUNK_ERROR"
exit 1
fi
if [ ! -d $SPLUNK/lib/python2.7/site-packages/ ]; then
echo "$SPLUNK_ERROR"
exit 1
fi
# make sure it looks like Splunk has not been patched before
# Check for current patched version
if grep -q 'DUO SECURITY MODIFICATIONS VER 2' "$SPLUNK/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/account.py"; then
echo 'It looks like Splunk has already been patched to integrate with Duo.'
echo 'Please contact support@duosecurity.com if you are having trouble'
echo 'exiting'
exit 1
fi
UPGRADE=0
# Check for upgrade
if grep -q 'DUO SECURITY MODIFICATIONS' "$SPLUNK/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/account.py"; then
echo 'It looks like Splunk has already been patched to integrate with Duo.'
echo 'Upgrading existing installation.'
UPGRADE=1
# Read configuration items out of the existing patched account.py file, if the user didn't specify them already.
ACCOUNT_PYTHON="${SPLUNK}/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/account.py"
if [ -z "$IKEY" ]; then
IKEY=$(sed -n 's/^DUO_IKEY *= *'\''\(.*\)'\''$/\1/ ; T ; p; q' "$ACCOUNT_PYTHON")
fi
if [ -z "$SKEY" ]; then
SKEY=$(sed -n 's/^DUO_SKEY *= *'\''\(.*\)'\''$/\1/ ; T ; p; q' "$ACCOUNT_PYTHON")
fi
if [ -z "$HOST" ]; then
HOST=$(sed -n 's/^DUO_HOST *= *'\''\(.*\)'\''$/\1/ ; T ; p; q' "$ACCOUNT_PYTHON")
fi
fi
if [ -z "$IKEY" ]; then echo 'Missing -i (Duo integration key)'; exit 1; fi
if [ -z "$SKEY" ]; then echo 'Missing -s (Duo secret key)'; exit 1; fi
if [ -z "$HOST" ]; then echo 'Missing -h (Duo API hostname)'; exit 1; fi
echo "Installing Duo integration to $SPLUNK..."
# Figure out what version to patch
if grep -q 'VERSION=4' "$SPLUNK/etc/splunk.version" ; then
if [ $UPGRADE -eq 1 ] ; then
echo 'Duo is already installed, and no upgrade exists for splunk version 4.'
echo 'Exiting.'
exit 0
fi
echo "Using patch for version 4..."
PATCH="account.py.4.diff"
fi
if grep -q 'VERSION=5' "$SPLUNK/etc/splunk.version" ; then
echo "Using patch for version 5..."
PATCH="account.py.5.diff"
fi
if grep -q 'VERSION=6' "$SPLUNK/etc/splunk.version" ; then
echo "Using patch for version 6..."
PATCH="account.py.6.diff"
fi
if [ -z "$PATCH" ]; then
echo 'Patching this version of Splunk will not work, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
# Running account python file
ACCOUNT_PY_FILE="$SPLUNK/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/account.py"
# Splunk's original file
OLD_ACCOUNT_PY_FILE="$SPLUNK/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/.old_account.py"
# Duo's version 1 patched file
OLD_ACCOUNT_PY_FILE_PATCHED="$SPLUNK/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/.old_account.py.duo_patched"
# Store a command to either restore the original account.py file, or do nothing, depending on
# whether Duo has patched this splunk install already or not.
COPY_ACCOUNT_PY_FILE=""
# Remember which file we want to test the patch against
PATCH_TEST_ACCOUNT_PY_FILE="$ACCOUNT_PY_FILE"
# Remember which file to restore from in case of failure
ACCOUNT_PY_BACKUP_FILE="$OLD_ACCOUNT_PY_FILE"
if [ -f "$OLD_ACCOUNT_PY_FILE" ]; then
# Keep a copy of the patched account.py file
cp -f "$ACCOUNT_PY_FILE" "$OLD_ACCOUNT_PY_FILE_PATCHED"
# Update the variables to handle version 2 update case.
COPY_ACCOUNT_PY_FILE="cp -f $OLD_ACCOUNT_PY_FILE $ACCOUNT_PY_FILE"
PATCH_TEST_ACCOUNT_PY_FILE="$OLD_ACCOUNT_PY_FILE"
ACCOUNT_PY_BACKUP_FILE="$OLD_ACCOUNT_PY_FILE_PATCHED"
fi
# test patch against splunk's unmodified file.
if ! patch --dry-run "$PATCH_TEST_ACCOUNT_PY_FILE" "$PATCH" > /dev/null; then
echo 'Patching Splunk will not work, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
# Make a backup and actually patch if the dry run was successful
cp -f "$ACCOUNT_PY_FILE" "$ACCOUNT_PY_BACKUP_FILE"
# Copy back the unmodified account.py if needed, and proceed with install.
if ! ${COPY_ACCOUNT_PY_FILE}; then
echo 'Failed to copy the unmodified account.py for patching. Please contact support@duosecurity.com'
exit 1
fi
if ! patch "$ACCOUNT_PY_FILE" "$PATCH"; then
mv "$ACCOUNT_PY_BACKUP_FILE" "$ACCOUNT_PY_FILE"
echo 'Patching Splunk failed, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
echo "Copying in Duo client python..."
cp -r ./duo_client_python/duo_client "$SPLUNK/lib/python2.7/site-packages/"
echo "Copying in Duo integration files..."
# install duoauth template
if ! cp duoauth.html "$SPLUNK/share/splunk/search_mrsparkle/templates/account/"; then
echo 'Patching Splunk failed, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
# install Duo javascript
if ! cp duo.web.bundled.min.js "$SPLUNK/share/splunk/search_mrsparkle/exposed/js/contrib/"; then
echo 'Patching Splunk failed, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
# install Duo Web SDK
if ! cp duo_web.py "$SPLUNK/lib/python2.7/site-packages/"; then
echo 'Patching Splunk failed, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
# configure account.py
if ! sed -i -e "s/YOUR_DUO_IKEY/$IKEY/g" "$ACCOUNT_PY_FILE"; then
echo 'Configuring duo_splunk failed, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
if ! sed -i -e "s/YOUR_DUO_SKEY/$SKEY/g" "$ACCOUNT_PY_FILE"; then
echo 'Configuring duo_splunk failed, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
if ! sed -i -e "s/YOUR_DUO_AKEY/$AKEY/g" "$ACCOUNT_PY_FILE"; then
echo 'Configuring duo_splunk failed, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
if ! sed -i -e "s/YOUR_DUO_HOST/$HOST/g" "$ACCOUNT_PY_FILE"; then
echo 'Configuring duo_splunk failed, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
if ! sed -i -e "s/YOUR_DUO_TIMEOUT/$TIMEOUT/g" "$ACCOUNT_PY_FILE"; then
echo 'Configuring duo_splunk failed, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
if ! sed -i -e "s/YOUR_DUO_FAILOPEN/$FAILOPEN/g" "$SPLUNK/lib/python2.7/site-packages/splunk/appserver/mrsparkle/controllers/account.py"; then
echo 'Configuring duo_splunk failed, please contact support@duosecurity.com'
echo 'exiting'
exit 1
fi
# restart splunk web
echo 'Restarting splunkweb...'
$SPLUNK/bin/splunk restart splunkweb
echo "Done installing duo_splunk!"