update
This commit is contained in:
SechPoint
parent
b94ddfad47
commit
673b8d914f
1 changed files with 36 additions and 53 deletions
|
|
@ -2,72 +2,55 @@
|
|||
|
||||
# --- Styling ---
|
||||
YELLOW='\033[1;33m'
|
||||
GREEN='\033[0;32m'
|
||||
RED='\033[0;31m'
|
||||
NC='\033[0m'
|
||||
|
||||
echo -e "${YELLOW}=== Wallarm Pre-Deployment Diagnostic ===${NC}"
|
||||
echo -e "${YELLOW}=== Wallarm Pre-Deployment Connectivity Test ===${NC}"
|
||||
|
||||
# --- THIS IS THE INTERACTIVE PART ---
|
||||
# The '-p' flag stands for 'prompt'
|
||||
read -p "Enter the Application Server IP or Hostname: " APP_HOST
|
||||
read -p "Enter the Application Server Port (e.g., 80 or 8080): " APP_PORT
|
||||
# --- INTERACTIVE INPUT (FORCED TO TTY) ---
|
||||
read -p "Enter Application Server IP [127.0.0.1]: " APP_HOST </dev/tty
|
||||
APP_HOST=${APP_HOST:-127.0.0.1}
|
||||
|
||||
# Check if they actually typed something
|
||||
if [ -z "$APP_HOST" ] || [ -z "$APP_PORT" ]; then
|
||||
echo "❌ Error: Application Server and Port are required."
|
||||
exit 1
|
||||
fi
|
||||
read -p "Enter Application Server Port [8080]: " APP_PORT </dev/tty
|
||||
APP_PORT=${APP_PORT:-8080}
|
||||
|
||||
echo -e "Testing connection to ${APP_HOST} on port ${APP_PORT}...\n"
|
||||
# --- End of Interactive Part ---
|
||||
echo -e "\n${YELLOW}[1/3] Testing Wallarm Cloud Connectivity...${NC}"
|
||||
|
||||
# 2. Check Sudo & Update Packages
|
||||
echo -e "${YELLOW}[1/4] Checking Sudo & Updating Package Lists...${NC}"
|
||||
if sudo -n true 2>/dev/null; then
|
||||
echo -e "${GREEN}[PASS]${NC} Sudo is active/passwordless."
|
||||
else
|
||||
echo -e "${RED}[FAIL]${NC} Sudo requires a password or user is not in sudoers."
|
||||
echo " Please ensure 'su -' or passwordless sudo is configured."
|
||||
fi
|
||||
|
||||
# Detect OS and install basics
|
||||
if [ -f /etc/debian_version ]; then
|
||||
sudo apt-get update -y && sudo apt-get install -y nano curl wget git netcat-openbsd
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
sudo yum makecache && sudo yum install -y nano curl wget git nc
|
||||
fi
|
||||
|
||||
# 3. Check Required Tools
|
||||
echo -e "\n${YELLOW}[2/4] Verifying Installed Tools...${NC}"
|
||||
for tool in nano curl wget git nc; do
|
||||
if command -v $tool &> /dev/null; then
|
||||
echo -e "${GREEN}[PASS]${NC} $tool is installed."
|
||||
# Function to test IP/Port
|
||||
test_connection() {
|
||||
local target=$1
|
||||
local description=$2
|
||||
# Using timeout to prevent hanging on bank firewalls
|
||||
if timeout 3 bash -c "cat < /dev/null > /dev/tcp/$target/443" 2>/dev/null; then
|
||||
echo -e "${GREEN}[PASS]${NC} $description ($target)"
|
||||
else
|
||||
echo -e "${RED}[FAIL]${NC} $tool failed to install."
|
||||
fi
|
||||
done
|
||||
|
||||
# 4. Check Wallarm Cloud Connectivity
|
||||
echo -e "\n${YELLOW}[3/4] Checking Wallarm Cloud Connections...${NC}"
|
||||
check_conn() {
|
||||
curl -Is --connect-timeout 5 "$1" | head -n 1 | grep -q "200\|301\|302\|404\|401"
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -e "${GREEN}[PASS]${NC} Reachable: $1"
|
||||
else
|
||||
echo -e "${RED}[FAIL]${NC} UNREACHABLE: $1"
|
||||
echo -e "${RED}[FAIL]${NC} $description ($target) - BLOCKED"
|
||||
fi
|
||||
}
|
||||
|
||||
check_conn "https://api.wallarm.com" # US Cloud
|
||||
check_conn "https://api.wallarm.eu" # EU Cloud
|
||||
# --- EU ENDPOINTS ---
|
||||
echo "--- EU Cloud ---"
|
||||
test_connection "34.160.38.183" "node-data1.eu1"
|
||||
test_connection "34.144.227.90" "node-data0.eu1"
|
||||
test_connection "34.90.110.226" "api.wallarm.com"
|
||||
|
||||
# 5. Check Backend Application Connectivity
|
||||
echo -e "\n${YELLOW}[4/4] Checking Backend App Connectivity...${NC}"
|
||||
if nc -zv -w 5 "$APP_HOST" "$APP_PORT" 2>&1 | grep -q "succeeded\|open"; then
|
||||
echo -e "${GREEN}[PASS]${NC} Connection to $APP_HOST:$APP_PORT successful."
|
||||
# --- US ENDPOINTS ---
|
||||
echo -e "\n--- US Cloud ---"
|
||||
test_connection "34.96.64.17" "node-data0.us1"
|
||||
test_connection "34.110.183.149" "node-data1.us1"
|
||||
test_connection "35.235.66.155" "us1.api.wallarm.com"
|
||||
test_connection "34.102.90.100" "Extra US-1"
|
||||
test_connection "34.94.156.115" "Extra US-2"
|
||||
test_connection "35.235.115.105" "Extra US-3"
|
||||
|
||||
echo -e "\n${YELLOW}[2/3] Testing Internal App Connectivity...${NC}"
|
||||
if timeout 3 bash -c "cat < /dev/null > /dev/tcp/$APP_HOST/$APP_PORT" 2>/dev/null; then
|
||||
echo -e "${GREEN}[PASS]${NC} Reached App at $APP_HOST:$APP_PORT"
|
||||
else
|
||||
echo -e "${RED}[FAIL]${NC} CANNOT REACH $APP_HOST on port $APP_PORT."
|
||||
echo -e "${RED}[FAIL]${NC} Cannot reach $APP_HOST on port $APP_PORT"
|
||||
fi
|
||||
|
||||
echo -e "\n${YELLOW}-------------------------------------------------------"
|
||||
echo -e "PRE-DEPLOYMENT-TEST COMPLETE. PLEASE TAKE A SCREENSHOT OF THIS OUTPUT."
|
||||
echo -e "SCREENSHOT THIS RESULT AND SEND TO SECHPOINT SUPPORT"
|
||||
echo -e "-------------------------------------------------------${NC}"
|
||||
Loading…
Reference in a new issue