Mercurialopensecurity / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
OpenSecurity/bin/initial_vm.sh
author Oliver Maurhart <oliver.maurhart@ait.ac.at>
Wed, 29 Oct 2014 15:18:22 +0100
changeset 240 d7ef04254e9c
parent 225 e68561e69f86
permissions -rwxr-xr-x
lizenz fixed in all files 
     1 #!/bin/bash

     2 

     3 # ------------------------------------------------------------

     4 # install the initial VM for 

     5 #

     6 # This has been originally a Windows only BAT file.

     7 #

     8 # ... but coding this makes your head hurt and

     9 # supporting this "technology" any further by adding

    10 # software to the world relying on CMD.exe is an act

    11 # against humanity and should be punished by jail.

    12 #

    13 # Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology

    14 # 

    15 # 

    16 #     X-Net Services GmbH

    17 #     Elisabethstrasse 1

    18 #     4020 Linz

    19 #     AUSTRIA

    20 #     https://www.x-net.at

    21 # 

    22 #     AIT Austrian Institute of Technology

    23 #     Donau City Strasse 1

    24 #     1220 Wien

    25 #     AUSTRIA

    26 #     http://www.ait.ac.at

    27 # 

    28 # 

    29 # Licensed under the Apache License, Version 2.0 (the "License");

    30 # you may not use this file except in compliance with the License.

    31 # You may obtain a copy of the License at

    32 # 

    33 #    http://www.apache.org/licenses/LICENSE-2.0

    34 # 

    35 # Unless required by applicable law or agreed to in writing, software

    36 # distributed under the License is distributed on an "AS IS" BASIS,

    37 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

    38 # See the License for the specific language governing permissions and

    39 # limitations under the License.

    40 # ------------------------------------------------------------

    41 

    42 

    43 # ------------------------------------------------------------

    44 # code

    45 

    46 # install the initial VM given by ${1}

    47 

    48 

    49 # ------------------------------

    50 # turns a windows path into a cygwin path

    51 #

    52 #   $1  ...     windows path

    53 #   stdout      the value found

    54 #

    55 function sanitize_path() {

    56     test -z "${1}" && return

    57     echo $(cygpath -u "${1}") 

    58 }

    59 

    60 

    61 # ------------------------------

    62 # main ...

    63 #

    64 

    65 # check if we do have elevated rights

    66 # that is "Run as Administrator" invocation

    67 echo 'checking privileges...'

    68 id -G | grep 544 &> /dev/null

    69 if [ "${?}" != 0 ]; then

    70     echo "Insufficient privileges. Is this script executed with 'Run As Administrator'?"

    71     echo "I'll try anyway..."

    72 fi

    73 

    74 # check OpenSecurity Initial VM Image

    75 #

    76 echo "looking for VM image: ${1}..."

    77 OSECVM_IMAGE=$(cygpath -u "${1}")

    78 echo "looking for VM image: ${1}"

    79 if [ ! -f "${OSECVM_IMAGE}" ]; then

    80     echo "Warning: no OpenSecurity Initial Image found."

    81     echo "Please download using the OpenSecurity download tool."

    82     exit 1

    83 fi

    84 echo "initial VM image: ${1} found"

    85 

    86 # look up VirtulBox installation

    87 #

    88 echo "looking up VirtualBox installation..."

    89 VBOX_MANAGER="$(cat /proc/registry/HKEY_LOCAL_MACHINE/SOFTWARE/Oracle/VirtualBox/InstallDir)/VBoxManage.exe"

    90 VBOX_MANAGER=$(sanitize_path "${VBOX_MANAGER}")

    91 if [ ! -x "${VBOX_MANAGER}" ]; then

    92     echo "can't execute VBoxManage.exe - is VirtualBox installed?"

    93     echo "looked at: "$(cygpath -w ${VBOX_MANAGER})""

    94     exit 1

    95 fi

    96 echo "VirtualBox found at: ${VBOX_MANAGER}"

    97 

    98 # enforce VirtualBox to "feel good" by calling a function

    99 # (that is to "warm up" VirtualBox DCOM server ...)

   100 #

   101 echo "grabing VBox machine folder..."

   102 MACHINE_FOLDER=$("${VBOX_MANAGER}" list systemproperties | grep '^Default machine folder:' | sed 's/^Default machine folder: *//')

   103 MACHINE_FOLDER=$(cygpath -u "${MACHINE_FOLDER}")

   104 echo "machine folder: ${MACHINE_FOLDER}"

   105 

   106 # we have to stop the OpenSecurity service now

   107 # the VMManger does lock the SecurityDVMs so we can't

   108 # change them when he's on

   109 echo "stopping OpenSecurity service..."

   110 net stop "OpenSecurity Service"

   111 echo "OpenSecurity service stopped."

   112 

   113 echo "After stopping we'll wait some time to let VirtualBox calm itself"

   114 sleep 1

   115 

   116 # do all stuff relativ to the given machinefolder

   117 mkdir -p "${MACHINE_FOLDER}" &> /dev/null

   118 pushd "${MACHINE_FOLDER}" &> /dev/null

   119 if [ "$?" != "0" ]; then

   120     echo "Failed to switch into machine folder."

   121     exit 1

   122 fi    

   123 

   124 # the Security VM disk image

   125 VDISK_IMAGE="SecurityDVM/SecurityDVM.vmdk"

   126 

   127 # import VM 

   128 #

   129 "${VBOX_MANAGER}" list vms | grep SecurityDVM &> /dev/null

   130 if [ ! "${?}" = "0" ]; then

   131     echo "importing VM: ${OSECVM_IMAGE}"

   132     "${VBOX_MANAGER}" import "$(cygpath -w "${OSECVM_IMAGE}")" --vsys 0 --vmname SecurityDVM --unit 12 --disk "${VDISK_IMAGE}"

   133 else

   134     echo "found SecurityDVM already present in VBox reusing it."

   135     echo "if you want a complete new import please remove the VM first."

   136     echo "starting OpenSecurity service..."

   137     net start "OpenSecurity Service"

   138     echo "OpenSecurity service started"

   139     exit 1

   140 fi

   141 

   142 # kick useless IDE controller

   143 "${VBOX_MANAGER}" storagectl SecurityDVM --name IDE --remove

   144  

   145 # grab VM storage controller and port 

   146 #

   147 VDISK_SETUP=$("${VBOX_MANAGER}" showvminfo SecurityDVM | grep SecurityDVM.vmdk | cut -d ':' -f 1 | tr '(),' '   ')

   148 VDISK_CONTROLLER=$(echo ${VDISK_SETUP} | gawk '{print $1;}')

   149 VDISK_PORT=$(echo ${VDISK_SETUP} | gawk '{print $2;}')

   150 VDISK_DEVICE=$(echo ${VDISK_SETUP} | gawk '{print $3;}')

   151 if [ -z "${VDISK_CONTROLLER}" ]; then

   152     echo "unable to grab virtual disk controller in VM."

   153     echo "this shouldn't happen. It's a bug."

   154     echo "starting OpenSecurity service..."

   155     net start "OpenSecurity Service"

   156     echo "OpenSecurity service started"

   157     exit 1

   158 fi

   159 

   160 # detach disk image

   161 #

   162 echo "detaching disk image ..."

   163 "${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --medium none

   164 

   165 # turn disk image into normal

   166 #

   167 VDISK_PORT=0

   168 VDISK_DEVICE=0

   169 echo "turning disk image into normal ..."

   170 "${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --device ${VDISK_DEVICE} --type hdd --mtype normal --medium "${VDISK_IMAGE}" 

   171 

   172 # detach disk image

   173 #

   174 echo "detach disk image ..."

   175 "${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --medium none

   176 

   177 # immutablize disk

   178 #

   179 echo "reattach immutable disk image ..."

   180 "${VBOX_MANAGER}" storageattach SecurityDVM --storagectl ${VDISK_CONTROLLER} --port ${VDISK_PORT} --device ${VDISK_DEVICE} --type hdd --mtype immutable --medium "${VDISK_IMAGE}"

   181 

   182 echo "imported initial OsecVM.ova image"

   183 

   184 "${VBOX_MANAGER}" list vms

   185 

   186 echo "starting OpenSecurity service..."

   187 net start "OpenSecurity Service"

   188 echo "OpenSecurity service started"

   189 

   190 # run 1st update on image

   191 sleep 1

   192 wget -q http://localhost:8080/update_template

   193
opensecurity