#!/bin/sh # Copyright Check Point Software Technologies LTD CP_DIR=/etc/cp ORCH_INSTALL_PACKAGE=$CP_DIR/packages/orchestration/orchestration AGENT_NAME=`hostname` AGENT_TYPE=Embedded ARCHITECTURE=`arch` CP_NANO_DOWNLOAD_PATH=/tmp/install-cp-nano-agent.sh EGG_ENDPOINT=/resource/agentInstallation/download DEFAULT_FOG_ADDRESS=https://i2-agents.cloud.ngen.checkpoint.com PLATFORM= GEM_FOG=https://inext-agents.cloud.ngen.checkpoint.com US_FOG=https://inext-agents-us.cloud.ngen.checkpoint.com AU_FOG=https://inext-agents-aus1.cloud.ngen.checkpoint.com IN_FOG=https://inext-agents-ind1.cloud.ngen.checkpoint.com AE_FOG=https://inext-agents-ae.cloud.ngen.checkpoint.com VERSION="1.2139.226133" var_fog_address= var_run_mode= var_token= var_proxy= var_installation_flags= # Prerequisites for installation cur_uid=`id -u` if [ $cur_uid -ne 0 ]; then echo "Error: Check Point Nano Egg installation requires root permissions, please re-run as root" exit 1 fi init_platfrom() { PLATFORM=`cat /etc/*-release | grep -i "PRETTY_NAME\|Gaia\|Multi-Domain Security Management" | cut -d"\"" -f2` if test "${PLATFORM#*Gaia}" != "$PLATFORM" -o "${PLATFORM#*'Multi-Domain Security Management'}" != "$PLATFORM"; then PLATFORM=gaia elif test "$ARCHITECTURE" = "x86_64"; then PLATFORM=linux fi } validate_flags() { if [ -z $var_run_mode ] || [ -z $var_token ]; then usage exit 1 fi } handle_fog_url() { if [ -z "$var_fog_address" ]; then local gem_prefix="cp-" local gem_prefix_uppercase="CP-" local us_prefix="cp-us-" local us_prefix_uppercase="CP-US-" local au_prefix="cp-au-" local au_prefix_uppercase="CP-AU-" local in_prefix="cp-in-" local in_prefix_uppercase="CP-IN-" local ae_prefix="cp-ae-" local ae_prefix_uppercase="CP-AE-" if [ "${var_token#$us_prefix}" != "${var_token}" ] || [ "${var_token#$us_prefix_uppercase}" != "${var_token}" ]; then var_fog_address="$US_FOG" elif [ "${var_token#$au_prefix}" != "${var_token}" ] || [ "${var_token#$au_prefix_uppercase}" != "${var_token}" ]; then var_fog_address="$AU_FOG" elif [ "${var_token#$in_prefix}" != "${var_token}" ] || [ "${var_token#$in_prefix_uppercase}" != "${var_token}" ]; then var_fog_address="$IN_FOG" elif [ "${var_token#$ae_prefix}" != "${var_token}" ] || [ "${var_token#$ae_prefix_uppercase}" != "${var_token}" ]; then var_fog_address="$AE_FOG" elif [ "${var_token#$gem_prefix}" != "${var_token}" ] || [ "${var_token#$gem_prefix_uppercase}" != "${var_token}" ]; then var_fog_address="$GEM_FOG" else var_fog_address="$DEFAULT_FOG_ADDRESS" fi fi local backslash_suffix="/" local fog_address_backslash_suffix_trim="${var_fog_address%$backslash_suffix}" if [ "${fog_address_backslash_suffix_trim}" != "${var_fog_address}" ]; then var_fog_address="${fog_address_backslash_suffix_trim}" fi var_installation_flags="${var_installation_flags} --fog ${var_fog_address}" } usage() { echo "Usage: $0 [--uninstall] | [--install --token [options...] ]" echo " --uninstall : Uninstall Nano Agent" echo " --install : Install Nano Agent" echo " --token : Registration token" echo "Options:" echo " --fog : Fog Address" echo " --proxy [user:pass@]: : Proxy Address" } download_cp_nano() { if test -z ${var_token}; then echo "Cannot install Check Point Nano Agent without a token. Use --token flag " usage exit 1 fi local curl_cmd=curl local correlation_id=`cat /proc/sys/kernel/random/uuid` local curl_flags= if test "$PLATFORM" = "gaia"; then curl_cmd=curl_cli curl_flags=-k fi if test "$($curl_cmd -V >/dev/null; echo ${?})" != "0"; then echo "Error: curl is not installed" exit 1 fi echo "Downloading Check Point Nano Agent (trace ID ${correlation_id})..." local request_data="{ \ \"authenticationData\": [ \ { \ \"authenticationMethod\": \"token\", \ \"data\": \"${var_token}\" \ } \ ], \ \"metaData\": { \ \"agentName\": \"${AGENT_NAME}\", \ \"agentType\": \"${AGENT_TYPE}\", \ \"platform\": \"${PLATFORM}\", \ \"architecture\": \"${ARCHITECTURE}\" \ } \ }" local proxy_flag="--noproxy" local proxy_val="" local curl_time_out=60 curl_flags="${curl_flags} -m ${curl_time_out}" if ! [ -z $var_proxy ]; then if test "$var_proxy" = "none"; then proxy_val="*" else proxy_flag="--proxy" proxy_val=$var_proxy fi else if test "$PLATFORM" = "gaia"; then local gaia_proxy_address=$(dbget proxy:ip-address| tr -d '\n') local gaia_proxy_ip=$(dbget proxy:port| tr -d '\n') if [ ! -z $gaia_proxy_address ] && [ ! -z $gaia_proxy_ip ]; then proxy_flag="--proxy" proxy_val="http://${gaia_proxy_address}:${gaia_proxy_ip}" fi fi fi # remove whitespaces local curl_request_data=`echo ${request_data} | tr -d '\040\011\012\015'` curl_flags="${curl_flags} ${var_fog_address}${EGG_ENDPOINT}" curl_output=`$curl_cmd -g -s -S \ --max-time 300 \ -w "%{http_code}" \ ${curl_flags} \ ${proxy_flag} "${proxy_val}" \ -H "Content-Type:application/json" \ -H "User-Agent:Infinity Next (a7030abf93a4c13)" \ -H "X-Correlation-Id:${correlation_id}" \ -d "${curl_request_data}" \ --output ${CP_NANO_DOWNLOAD_PATH}` curl_rc=$? if test "$curl_rc" != "0"; then echo "Failed to download Check Point Nano Agent" exit 1 fi if test "$curl_output" != "200"; then echo "Failed to download Check Point Nano Agent" echo "HTTP status code: ${curl_output}" if [ -s ${CP_NANO_DOWNLOAD_PATH} ]; then local error_msg="$(cat ${CP_NANO_DOWNLOAD_PATH} | sed -n 's|.*"message":"\([^"]*\)".*|\1|p')" local error_id="$(cat ${CP_NANO_DOWNLOAD_PATH} | sed -n 's|.*"messageId":"\([^"]*\)".*|\1|p')" if [ ! -z "$error_msg" ] && [ ! -z "$error_id" ]; then echo "Error: ${error_msg} (Error ID: ${error_id})" fi fi echo "Please check provided details or contact Check Point support for assistance" exit 1 fi echo "Check Point Nano Agent successfully downloaded to: ${CP_NANO_DOWNLOAD_PATH}" } install_cp_nano() { if [ -d "$CP_DIR" ]; then echo "Check Point Nano Agent is already installed" exit 1 fi rm -f ${CP_NANO_DOWNLOAD_PATH} download_cp_nano echo "Installing Check Point Nano Agent" chmod +x ${CP_NANO_DOWNLOAD_PATH} ${CP_NANO_DOWNLOAD_PATH} ${var_installation_flags} if test "$?" = "0"; then echo "Check Point Nano Agent successfully installed" else echo "Check Point Nano Agent installation failed" exit 1 fi } uninstall_cp_nano() { local log_dir=/var/log/nano_agent mkdir -p $log_dir local log_file=$log_dir/cp-nano-egg.log if [ ! -d "$CP_DIR" ]; then echo "Check Point Nano Agent is not installed" | tee -a $log_file exit 1 fi AGENT_SCRIPTS_PATH="/etc/cp/scripts" AGENT_UNINSTALL="cp-agent-uninstall.sh" local uninstall_script="$AGENT_SCRIPTS_PATH/$AGENT_UNINSTALL" if [ ! -f "$uninstall_script" ]; then echo "Uninstall script was not found in: $uninstall_script " | tee $log_file local install_package="$ORCH_INSTALL_PACKAGE" if [ ! -f "$install_package" ]; then install_package="$CP_NANO_DOWNLOAD_PATH" if [ ! -f "$install_package" ]; then echo "Failed to uninstall Orchestration Nano Service, install package was not found" | tee $log_file exit 1 fi fi echo "Uninstalling Check Point Nano Agent (using ${install_package})" | tee -a $log_file chmod +x ${install_package} ${install_package} ${var_run_mode} else ${uninstall_script} fi if test "$?" = "0"; then echo "Check Point Nano Agent successfully uninstalled" | tee -a $log_file else echo "Check Point Nano Agent failed to uninstall" | tee -a $log_file exit 1 fi exit 0 } validate_arg_value_exists() { if test "$2" = "1"; then echo "Error: Check Point Nano Egg installation missing value for '$1'" usage exit 1 fi } while true do if test "$1" = "--help"; then usage exit 0 elif test "$1" = "--version"; then echo "Check Point Nano Agent version $VERSION" exit 0 elif test "$1" = "--install"; then var_run_mode="$1" var_installation_flags="${var_installation_flags} ${var_run_mode}" elif test "$1" = "--uninstall"; then var_run_mode="$1" uninstall_cp_nano elif test "$1" = "--fog"; then validate_arg_value_exists "$1" "$#" shift var_fog_address="$1" elif test "$1" = "--token"; then validate_arg_value_exists "$1" "$#" shift var_token="$1" var_installation_flags="${var_installation_flags} --token ${var_token}" elif test "$1" = "--proxy"; then validate_arg_value_exists "$1" "$#" shift var_proxy="$1" var_installation_flags="${var_installation_flags} --proxy ${var_proxy}" elif test -z $1; then break else var_installation_flags="${var_installation_flags} $1" fi shift done validate_flags handle_fog_url init_platfrom install_cp_nano exit 0