-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Copy pathupdate.sh
executable file
·220 lines (203 loc) · 6.57 KB
/
update.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
#!/bin/bash
# Some global vars
myCOMPOSEFILE="~/tpotce/docker-compose.yml"
myDATE=$(date +%Y%m%d%H%M)
myRED="[0;31m"
myGREEN="[0;32m"
myWHITE="[0;0m"
myBLUE="[0;34m"
myUPDATER=$(cat << "EOF"
_____ ____ _ _ _ _ _
|_ _| | _ \ ___ | |_ | | | |_ __ __| | __ _| |_ ___ _ __
| |_____| |_) / _ \| __| | | | | '_ \ / _` |/ _` | __/ _ \ '__|
| |_____| __/ (_) | |_ | |_| | |_) | (_| | (_| | || __/ |
|_| |_| \___/ \__| \___/| .__/ \__,_|\__,_|\__\___|_|
|_|
EOF
)
# Check if running with root privileges
if [ ${EUID} -eq 0 ];
then
echo "This script should not be run as root. Please run it as a regular user."
echo
exit 1
fi
# Let's test the internet connection
function fuCHECKINET () {
mySITES=$1
echo
echo "### Now checking availability of ..."
for i in $mySITES;
do
echo -n "###### $myBLUE$i$myWHITE "
curl --connect-timeout 5 -IsS $i >/dev/null 2>&1
if [ $? -ne 0 ];
then
echo
echo "###### $myBLUE""Error - Internet connection test failed.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
echo "Exiting.""$myWHITE"
echo
exit 1
else
echo "[ $myGREEN"OK"$myWHITE ]"
fi
done;
echo
}
# Update
function fuSELFUPDATE () {
echo
echo "### Now checking for newer files in repository ..."
git fetch --all
myREMOTESTAT=$(git status | grep -c "up-to-date")
if [ "$myREMOTESTAT" != "0" ];
then
echo "###### $myBLUE""No updates found in repository.""$myWHITE"
return
fi
### DEV
myRESULT=$(git diff --name-only origin/master | grep "^update.sh")
if [ "$myRESULT" == "update.sh" ];
then
echo "###### $myBLUE""Found newer version, will be pulling updates and restart myself.""$myWHITE"
git reset --hard
git pull --force
exec ./update.sh -y
exit 1
else
echo "###### $myBLUE""Pulling updates from repository.""$myWHITE"
git reset --hard
git pull --force
fi
echo
}
function fuCHECK_VERSION () {
local myMINVERSION="24.04.0"
local myMASTERVERSION="24.04.1"
echo
echo "### Checking for version tag ..."
if [ -f "version" ];
then
myVERSION=$(cat version)
if [[ "$myVERSION" > "$myMINVERSION" || "$myVERSION" == "$myMINVERSION" ]] && [[ "$myVERSION" < "$myMASTERVERSION" || "$myVERSION" == "$myMASTERVERSION" ]]
then
echo "###### $myBLUE$myVERSION is eligible for the update procedure.$myWHITE"" [ $myGREEN""OK""$myWHITE ]"
else
echo "###### $myBLUE $myVERSION cannot be upgraded automatically. Please run a fresh install.$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
exit
fi
else
echo "###### $myBLUE""Unable to determine version. Please run 'update.sh' from within 'tpotce/'.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
exit
fi
echo
}
# Stop T-Pot to avoid race conditions with running containers with regard to the current T-Pot config
function fuSTOP_TPOT () {
echo
echo "### Need to stop T-Pot ..."
echo -n "###### $myBLUE Now stopping T-Pot.$myWHITE "
sudo systemctl stop tpot.service
if [ $? -ne 0 ];
then
echo " [ $myRED""NOT OK""$myWHITE ]"
echo "###### $myBLUE""Could not stop T-Pot.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
echo "Exiting.""$myWHITE"
echo
exit 1
else
echo "[ $myGREEN"OK"$myWHITE ]"
echo -n "###### $myBLUE Now cleaning up containers.$myWHITE "
if [ "$(docker ps -aq)" != "" ];
then
docker stop $(docker ps -aq)
docker container prune -f && docker image prune -f && docker volume prune -f
fi
echo "[ $myGREEN"OK"$myWHITE ]"
fi
echo
}
# Backup
function fuBACKUP () {
myARCHIVE="$HOME/${myDATE}_tpot_backup.tgz"
local myPATH=$PWD
echo
echo "### Create a backup, just in case ... "
echo -n "###### $myBLUE Building archive in $myARCHIVE $myWHITE"
cd $HOME/tpotce
sudo tar cvf $myARCHIVE * .env >/dev/null 2>&1
sudo chown $LOGNAME:$LOGNAME $myARCHIVE
if [ $? -ne 0 ];
then
echo " [ $myRED""NOT OK""$myWHITE ]"
echo "###### $myBLUE""Something went wrong.""$myWHITE"" [ $myRED""NOT OK""$myWHITE ]"
echo "Exiting.""$myWHITE"
echo
cd $myPATH
exit 1
else
echo "[ $myGREEN"OK"$myWHITE ]"
cd $myPATH
fi
echo
}
# Remove old images for specific tag
function fuREMOVEOLDIMAGES () {
local myOLDTAG=$1
echo "### Removing old docker images."
docker rmi $(docker images -q "$myOLDTAG") >/dev/null 2>&1
}
function fuPULLIMAGES {
docker compose -f ~/tpotce/docker-compose.yml pull
}
function fuUPDATER () {
echo "### Now pulling latest docker images ..."
echo "######$myBLUE This might take a while, please be patient!$myWHITE"
fuPULLIMAGES
fuREMOVEOLDIMAGES "dtagdevsec/*:dev"
fuREMOVEOLDIMAGES "ghcr.io/telekom-security/*:dev"
fuREMOVEOLDIMAGES "dtagdevsec/*:24.04"
fuREMOVEOLDIMAGES "ghcr.io/telekom-security/*:24.04"
echo
echo "### If you made changes to docker-compose.yml please ensure to add them again."
echo "### We stored the previous version as backup in $myARCHIVE."
echo "### Some updates may need an import of the latest Kibana objects as well."
echo "### Download the latest objects here if they recently changed:"
echo "### https://raw.githubusercontent.com/telekom-security/tpotce/master/etc/objects/kibana_export.ndjson.zip"
echo "### Export and import the objects easily through the Kibana WebUI:"
echo "### Go to Kibana > Management > Saved Objects > Export / Import"
echo
}
function fuRESTORE () {
if [ -f '~/tpotce/data/ews/conf/ews.cfg' ] && ! grep 'ews.cfg' $myCOMPOSEFILE > /dev/null; then
echo
echo "### Restoring volume mount for ews.cfg in tpot.yml"
sed -i '/- ${TPOT_DATA_PATH}:\/data/a \ \ \ \ \ - ${TPOT_DATA_PATH}/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg' $myCOMPOSEFILE
fi
echo "### Restoring T-Pot config file .env"
tar xvf $myARCHIVE .env -C $HOME/tpotce >/dev/null 2>&1
}
################
# Main section #
################
# Only run with command switch
sudo echo "$myUPDATER"
if [ "$1" != "-y" ]; then
echo
echo "This script will update T-Pot to the latest version."
echo "A backup of ~/tpotce will be written to $HOME. If you are unsure, you should save your work."
echo "This tool might break things and therefore only recommended for experienced users."
echo "If you understand the involved risks feel free to run this script with the '-y' switch."
echo
exit
fi
fuCHECK_VERSION
fuCHECKINET "https://index.docker.io https://github.com"
fuSTOP_TPOT
fuBACKUP
fuSELFUPDATE "$0" "$@"
fuUPDATER
fuRESTORE
echo
echo "### Done. You can now start T-Pot using 'systemctl start tpot' or 'docker compose up -d'."
echo