From 9005d8c79e129250583f051e395426a7f8513009 Mon Sep 17 00:00:00 2001
From: cclohmar <claus@sechpoint.com>
Date: Wed, 18 Mar 2026 20:54:45 +0000
Subject: [PATCH] chore: auto-commit 2026-03-18 20:54

---
 wallarm-deploy-ct.sh | 78 ++++++++++++++++++++++++++------------------
 1 file changed, 46 insertions(+), 32 deletions(-)

diff --git a/wallarm-deploy-ct.sh b/wallarm-deploy-ct.sh
index 7d05361..6e5e998 100644
--- a/wallarm-deploy-ct.sh
+++ b/wallarm-deploy-ct.sh
@@ -1,16 +1,15 @@
 #!/bin/bash
 # ==============================================================================
-# WALLARM NODE DEPLOYMENT SCRIPT - V1.1 (STEALTH PROXY EDITION)
+# WALLARM NODE DEPLOYMENT SCRIPT - V1.4 (CENTOS COMPATIBILITY)
 # ==============================================================================
 # Features:
+# - Added: Dependency check for 'tar' and 'gzip'
+# - Fixed: Extraction failure handling (prevents false 'Live' status)
 # - Stealth Binary Pull via ct.sechpoint.app (Proxy to download.docker.com)
 # - Stealth Image Pull via hub.ct.sechpoint.app (Proxy to registry-1.docker.io)
-# - Automatic Architecture Detection & Path Mapping
-# - Image Normalization (Re-tagging for internal compatibility)
-# - OS-agnostic deployment (Ubuntu, Debian, CentOS, RHEL, Alpine, etc.)
 # ==============================================================================
 
-# Color definitions for better UX
+# Color definitions
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
@@ -22,12 +21,7 @@ NC='\033[0m'
 # SECHPOINT STEALTH CONFIGURATION
 BASE_DOMAIN="ct.sechpoint.app"
 HUB_DOMAIN="hub.ct.sechpoint.app"
-DOCKER_VERSION="29.2.1" # Verified stable via Proxy
-
-# Cloud endpoints (from Wallarm documentation)
-EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com")
-US_DATA_NODES=("us1.api.wallarm.com" "node-data.us1.wallarm.com")
-
+DOCKER_VERSION="29.2.1"
 LOG_FILE="/var/log/wallarm-deployment.log"
 
 # --- HELPER FUNCTIONS ---
@@ -59,23 +53,34 @@ fail_with_remediation() {
 check_pre_flight() {
     log_message "INFO" "Starting pre-flight checks..."
     
-    # Root check
     if [[ $EUID -ne 0 ]]; then
         fail_with_remediation "Script must be run as root/sudo" "Try: sudo ./$(basename "$0")"
     fi
 
-    # Architecture check & mapping
+    # Check for core utilities (tar/gzip)
+    for cmd in tar gzip curl; do
+        if ! command -v $cmd >/dev/null 2>&1; then
+            log_message "WARNING" "Missing core dependency: $cmd. Attempting auto-fix..."
+            if command -v yum >/dev/null 2>&1; then
+                sudo yum install -y $cmd
+            elif command -v dnf >/dev/null 2>&1; then
+                sudo dnf install -y $cmd
+            else
+                fail_with_remediation "Missing $cmd" "Install $cmd manually (yum install $cmd)"
+            fi
+        fi
+    done
+
     ARCH=$(uname -m)
     case "$ARCH" in
         x86_64)  D_ARCH="x86_64" ;;
         aarch64) D_ARCH="aarch64" ;;
-        *) fail_with_remediation "Unsupported architecture: $ARCH" "Contact Sechpoint Support for custom binaries." ;;
+        *) fail_with_remediation "Unsupported architecture: $ARCH" "Contact Sechpoint Support." ;;
     esac
     
-    # Internet / Proxy check
-    log_message "INFO" "Checking connectivity to Stealth Proxy ($BASE_DOMAIN)..."
-    if ! curl -Is --connect-timeout 5 "https://$BASE_DOMAIN" > /dev/null; then
-        fail_with_remediation "Proxy Unreachable" "Check firewall rules for outbound HTTPS to $BASE_DOMAIN"
+    log_message "INFO" "Verifying connectivity to Stealth Proxy ($BASE_DOMAIN)..."
+    if ! curl -IsL --connect-timeout 10 "https://$BASE_DOMAIN" > /dev/null; then
+        fail_with_remediation "Proxy Unreachable" "Check LXC resolver for $BASE_DOMAIN"
     fi
 }
 
@@ -90,21 +95,27 @@ setup_docker_engine() {
     fi
 
     local binary_file="docker-$DOCKER_VERSION.tgz"
-    # Target Path on Zoraxy maps /linux/ to download.docker.com/linux/
     local download_url="https://$BASE_DOMAIN/linux/static/stable/$D_ARCH/$binary_file"
 
     log_message "INFO" "Fetching binaries from $download_url"
     
     curl -fL "$download_url" -o "/tmp/$binary_file"
     if [[ $? -ne 0 ]]; then
-        fail_with_remediation "Binary download failed" "Verify Zoraxy mapping for /linux/ to download.docker.com"
+        fail_with_remediation "Binary download failed" "Verify Zoraxy mapping for /linux/"
+    fi
+
+    log_message "INFO" "Extracting binaries..."
+    if ! tar xzvf "/tmp/$binary_file" -C /tmp/ > /dev/null 2>&1; then
+        fail_with_remediation "Extraction failed" "Tar command failed. Ensure 'tar' is installed and working."
+    fi
+
+    if [[ ! -d "/tmp/docker" ]]; then
+        fail_with_remediation "Binary folder missing" "Extraction did not produce /tmp/docker folder."
     fi
 
-    tar xzvf "/tmp/$binary_file" -C /tmp/ > /dev/null
     sudo cp /tmp/docker/* /usr/bin/
     rm -rf /tmp/docker "/tmp/$binary_file"
 
-    # Create stealth systemd service
     sudo tee /etc/systemd/system/docker.service > /dev/null <<EOF
 [Unit]
 Description=Docker Engine
@@ -118,6 +129,17 @@ EOF
 
     sudo systemctl daemon-reload
     sudo systemctl enable --now docker
+    
+    # Wait for daemon to be ready
+    local counter=0
+    while ! docker info >/dev/null 2>&1; do
+        if [ $counter -gt 10 ]; then
+            fail_with_remediation "Docker Timeout" "Daemon failed to start. Check 'journalctl -u docker'"
+        fi
+        sleep 1
+        ((counter++))
+    done
+
     log_message "SUCCESS" "Docker Engine is live."
 }
 
@@ -126,17 +148,14 @@ EOF
 deploy_wallarm_node() {
     log_message "INFO" "Fetching Wallarm Filtering Node via Stealth Registry..."
 
-    # Source through our proxy subdomain
     local proxy_img="$HUB_DOMAIN/wallarm/node:latest"
-    # Destination name expected by standard configs
     local local_img="wallarm/node:latest"
 
     log_message "INFO" "Pulling $proxy_img..."
     if ! sudo docker pull "$proxy_img"; then
-        fail_with_remediation "Image Pull Failed" "Verify hub.ct.sechpoint.app points to registry-1.docker.io"
+        fail_with_remediation "Image Pull Failed" "Verify hub.ct.sechpoint.app is reachable."
     fi
 
-    # Normalize Image Tag
     log_message "INFO" "Normalizing image tags..."
     sudo docker tag "$proxy_img" "$local_img"
     sudo docker rmi "$proxy_img"
@@ -149,18 +168,13 @@ deploy_wallarm_node() {
 main() {
     clear
     echo -e "${CYAN}${BOLD}╔══════════════════════════════════════════════════════════════╗${NC}"
-    echo -e "${CYAN}${BOLD}║           SECHPOINT WALLARM STEALTH DEPLOYER V1.1          ║${NC}"
+    echo -e "${CYAN}${BOLD}║           SECHPOINT WALLARM STEALTH DEPLOYER V1.4          ║${NC}"
     echo -e "${CYAN}${BOLD}╚══════════════════════════════════════════════════════════════╝${NC}\n"
 
     check_pre_flight
     setup_docker_engine
     deploy_wallarm_node
 
-    log_message "INFO" "Deployment complete. Finalizing environment..."
-    
-    # Create the persistent start script (Optional logic based on your previous file)
-    # Ensure it uses the normalized 'wallarm/node:latest' name
-    
     echo -e "\n${GREEN}${BOLD}STEALTH DEPLOYMENT SUCCESSFUL${NC}"
     echo -e "Docker: $(docker --version)"
     echo -e "Image:  $(docker images wallarm/node --format '{{.Repository}}:{{.Tag}}')"