update
This commit is contained in:
SechPoint
parent
673b8d914f
commit
159e6e33e0
1 changed files with 51 additions and 25 deletions
|
|
@ -6,51 +6,77 @@ GREEN='\033[0;32m'
|
||||||
RED='\033[0;31m'
|
RED='\033[0;31m'
|
||||||
NC='\033[0m'
|
NC='\033[0m'
|
||||||
|
|
||||||
echo -e "${YELLOW}=== Wallarm Pre-Deployment Connectivity Test ===${NC}"
|
echo -e "${YELLOW}=== Sechpoint Wallarm Pre-Flight Diagnostic ===${NC}"
|
||||||
|
|
||||||
# --- INTERACTIVE INPUT (FORCED TO TTY) ---
|
# --- 1. INTERACTIVE INPUT ---
|
||||||
read -p "Enter Application Server IP [127.0.0.1]: " APP_HOST </dev/tty
|
read -p "Enter Application Server IP [127.0.0.1]: " APP_HOST </dev/tty
|
||||||
APP_HOST=${APP_HOST:-127.0.0.1}
|
APP_HOST=${APP_HOST:-127.0.0.1}
|
||||||
|
|
||||||
read -p "Enter Application Server Port [8080]: " APP_PORT </dev/tty
|
read -p "Enter Application Server Port [8080]: " APP_PORT </dev/tty
|
||||||
APP_PORT=${APP_PORT:-8080}
|
APP_PORT=${APP_PORT:-8080}
|
||||||
|
|
||||||
echo -e "\n${YELLOW}[1/3] Testing Wallarm Cloud Connectivity...${NC}"
|
# --- 2. SUDO & SYSTEM CHECK ---
|
||||||
|
echo -e "\n${YELLOW}[1/4] Checking Sudo & OS Status...${NC}"
|
||||||
|
if sudo -n true 2>/dev/null; then
|
||||||
|
echo -e "${GREEN}[PASS]${NC} Sudo is active/passwordless."
|
||||||
|
else
|
||||||
|
echo -e "${RED}[FAIL]${NC} Sudo requires a password or user is not in sudoers."
|
||||||
|
fi
|
||||||
|
|
||||||
# Function to test IP/Port
|
# Detect OS and try to update/install basics
|
||||||
test_connection() {
|
if [ -f /etc/debian_version ]; then
|
||||||
local target=$1
|
echo "OS: Debian/Ubuntu detected. Checking packages..."
|
||||||
local description=$2
|
sudo apt-get update -qq && sudo apt-get install -y curl wget git netcat-openbsd -qq > /dev/null
|
||||||
# Using timeout to prevent hanging on bank firewalls
|
elif [ -f /etc/redhat-release ]; then
|
||||||
if timeout 3 bash -c "cat < /dev/null > /dev/tcp/$target/443" 2>/dev/null; then
|
echo "OS: RHEL/CentOS detected. Checking packages..."
|
||||||
echo -e "${GREEN}[PASS]${NC} $description ($target)"
|
sudo yum makecache -q && sudo yum install -y curl wget git nc -q > /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
# --- 3. TOOL VERIFICATION ---
|
||||||
|
echo -e "\n${YELLOW}[2/4] Verifying Required Tools...${NC}"
|
||||||
|
for tool in curl wget git; do
|
||||||
|
if command -v $tool &> /dev/null; then
|
||||||
|
echo -e "${GREEN}[PASS]${NC} $tool is installed."
|
||||||
else
|
else
|
||||||
echo -e "${RED}[FAIL]${NC} $description ($target) - BLOCKED"
|
echo -e "${RED}[FAIL]${NC} $tool is MISSING."
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# --- 4. WALLARM CLOUD CONNECTIVITY ---
|
||||||
|
echo -e "\n${YELLOW}[3/4] Testing Wallarm Cloud Connectivity (Port 443)...${NC}"
|
||||||
|
|
||||||
|
test_conn() {
|
||||||
|
local target=$1
|
||||||
|
local desc=$2
|
||||||
|
# Linux-native check. Note: Won't work on default macOS Bash, but perfect for Linux VMs.
|
||||||
|
if timeout 3 bash -c "cat < /dev/null > /dev/tcp/$target/443" 2>/dev/null; then
|
||||||
|
echo -e "${GREEN}[PASS]${NC} $desc ($target)"
|
||||||
|
else
|
||||||
|
echo -e "${RED}[FAIL]${NC} $desc ($target) - BLOCKED"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# --- EU ENDPOINTS ---
|
|
||||||
echo "--- EU Cloud ---"
|
echo "--- EU Cloud ---"
|
||||||
test_connection "34.160.38.183" "node-data1.eu1"
|
test_conn "34.160.38.183" "node-data1.eu1"
|
||||||
test_connection "34.144.227.90" "node-data0.eu1"
|
test_conn "34.144.227.90" "node-data0.eu1"
|
||||||
test_connection "34.90.110.226" "api.wallarm.com"
|
test_conn "34.90.110.226" "api.wallarm.com"
|
||||||
|
|
||||||
# --- US ENDPOINTS ---
|
|
||||||
echo -e "\n--- US Cloud ---"
|
echo -e "\n--- US Cloud ---"
|
||||||
test_connection "34.96.64.17" "node-data0.us1"
|
test_conn "34.96.64.17" "node-data0.us1"
|
||||||
test_connection "34.110.183.149" "node-data1.us1"
|
test_conn "34.110.183.149" "node-data1.us1"
|
||||||
test_connection "35.235.66.155" "us1.api.wallarm.com"
|
test_conn "35.235.66.155" "us1.api.wallarm.com"
|
||||||
test_connection "34.102.90.100" "Extra US-1"
|
test_conn "34.102.90.100" "Extra US-1"
|
||||||
test_connection "34.94.156.115" "Extra US-2"
|
test_conn "34.94.156.115" "Extra US-2"
|
||||||
test_connection "35.235.115.105" "Extra US-3"
|
test_conn "35.235.115.105" "Extra US-3"
|
||||||
|
|
||||||
echo -e "\n${YELLOW}[2/3] Testing Internal App Connectivity...${NC}"
|
# --- 5. INTERNAL APP CHECK ---
|
||||||
|
echo -e "\n${YELLOW}[4/4] Testing Internal App Connectivity...${NC}"
|
||||||
if timeout 3 bash -c "cat < /dev/null > /dev/tcp/$APP_HOST/$APP_PORT" 2>/dev/null; then
|
if timeout 3 bash -c "cat < /dev/null > /dev/tcp/$APP_HOST/$APP_PORT" 2>/dev/null; then
|
||||||
echo -e "${GREEN}[PASS]${NC} Reached App at $APP_HOST:$APP_PORT"
|
echo -e "${GREEN}[PASS]${NC} Reached App at $APP_HOST:$APP_PORT"
|
||||||
else
|
else
|
||||||
echo -e "${RED}[FAIL]${NC} Cannot reach $APP_HOST on port $APP_PORT"
|
echo -e "${RED}[FAIL]${NC} CANNOT REACH $APP_HOST on port $APP_PORT"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -e "\n${YELLOW}-------------------------------------------------------"
|
echo -e "\n${YELLOW}-------------------------------------------------------"
|
||||||
echo -e "SCREENSHOT THIS RESULT AND SEND TO SECHPOINT SUPPORT"
|
echo -e "PRE-FLIGHT COMPLETE. PLEASE SCREENSHOT THIS OUTPUT."
|
||||||
echo -e "-------------------------------------------------------${NC}"
|
echo -e "-------------------------------------------------------${NC}"
|
||||||
Loading…
Reference in a new issue