forked from freedomofpress/securedrop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathproduction_installation.sh
executable file
·130 lines (114 loc) · 4.13 KB
/
production_installation.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/bin/bash
#
# Usage: ./production_installation.sh
#securedrop.git
#securedrop/production_installation.sh (installation script)
#securedrop/securedrop/ (web app code)
#securedrop/CONFIG_OPTIONS (user provided input)
#securedrop/securedrop/requirements.txt (pip requirements)
#securedrop/install_files/ (config files and install scripts)
#securedrop/install_files/SecureDrop.asc (the app pub gpg key)
#securedrop/install_files/source_requirements.txt (source chroot jail package dependencies)
#securedrop/install_files/journalist_requirements.txt (journalist interface chroot package dependencies)#
#
CWD="$(dirname $0)"
umask 077
source CONFIG_OPTIONS
source $CWD/install_files/validate_CONFIG_OPTIONS
#Error handling function
catch_error() {
if [ $1 -ne "0" ]; then
echo "ERROR encountered $2"
exit 1
fi
}
#Check that user is root
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
#Check release
if [ -f /etc/redhat-release ]; then
DISTRO="fedora"
# Debian/Ubuntu
elif [ -r /lib/lsb/init-functions ]; then
if [ "$( lsb_release -is )" == "Debian" ]; then
DISTRO="debian"
DISTRO_VERSION="$( lsb_release -c )"
else
DISTRO="ubuntu"
DISTRO_VERSION="$( lsb_release -c | cut -f 2 )"
fi
fi
echo "Performing installation on $DISTRO - $DISTRO_VERSION"
if [ $DISTRO != 'ubuntu' ]; then
echo ""
echo "You are installing SecureDrop on an unsupported system."
echo "Do you wish to continue at your own risk [Y|N]? "
read DISTRO_ANS
if [ $DISTRO_ANS = y -o $DISTRO_ANS = Y ]
then
echo "Use at your own risk"
else
echo "Use ubuntu precise x64"
exit 1
fi
fi
#Validate the user provided options in the CONFIG_OPTIONS file
validate_CONFIG_OPTIONS
# Start installation scripts specific for each role
if [ "$ROLE" = 'monitor' ]; then
echo "Starting ossec server install..."
$CWD/install_files/ossec_install.sh
catch_error $? "installing ossec server"
echo "OSSEC server installed."
echo "Starting base install..."
$CWD/install_files/base_install.sh
catch_error $? "installing base."
echo "The base is installed."
echo ""
echo "##################################################"
echo "# The Monitor Server's installation is complete. #"
echo "# The Monitor Server's SSH address is below. #"
echo "##################################################"
echo ""
echo "The Monitor Server's SSH onion address and auth values are:"
cat /var/lib/tor/hidden_service/hostname
echo "The Monitor Server's installation is complete."
elif [ $ROLE = 'app' ]; then
echo "Starting interface_install.sh"
$CWD/install_files/interface_install.sh
catch_error $? "interface install."
echo "Interface install complete."
echo "Starting ossec agent install..."
$CWD/install_files/ossec_install.sh
catch_error $? "ossec agent installation."
echo "OSSEC agent installation complete."
echo "Starting base installation..."
$CWD/install_files/base_install.sh
catch_error $? "base installation."
echo "The base is installed."
echo "The installation is complete."
#Output access information for the source role
echo ""
echo "#############################################################"
echo "# The App Server's installation is complete. #"
echo "# Please finish the installation on the Monitor Server. #"
echo "# The App Server's SSH address and interface URLs are below #"
echo "#############################################################"
echo ""
echo "The Source Interfaces's Tor URL is:"
cat /var/chroot/source/var/lib/tor/hidden_service/hostname
echo ""
echo "The Document Interface listens on port 8080"
echo "You will need to append :8080 to the end of the Document Interface's URLs."
echo "The Document Interface's Tor URL and auth values are:"
cat /var/chroot/document/var/lib/tor/hidden_service/hostname
echo ""
echo "The App Server's SSH onion address and auth values are:"
cat /var/lib/tor/hidden_service/hostname
else
echo "A valid ROLE is not defined in ~/securedrop/CONFIG_OPTIONS file"
exit 1
fi
exit 0