#!/bin/bash # ============================================================================== # WALLARM BULLETPROOF STEALTH DEPLOYER - V1.9.1 (LXC & NETWORK DIAGNOSTIC) # ============================================================================== # Recent Fixes: # - Added Network Diagnostics (Phase 0) to verify manual host fixes # - Relaxed connectivity checks to allow for manual /etc/hosts intervention # - Improved CentOS 9 AppStream dependency resolution # ============================================================================== # Color definitions RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' CYAN='\033[0;36m' MAGENTA='\033[0;35m' BOLD='\033[1m' NC='\033[0m' # STEALTH TARGETS BASE_DOMAIN="ct.sechpoint.app" HUB_DOMAIN="hub.ct.sechpoint.app" DOCKER_VERSION="29.2.1" LOG_FILE="/var/log/wallarm-deployment.log" log_message() { local level="$1" local message="$2" echo -e "$(date '+%H:%M:%S') [${level}] ${message}" | sudo tee -a "$LOG_FILE" > /dev/null case "$level" in "INFO") echo -e "${BLUE}${BOLD}[INFO]${NC} ${message}" ;; "SUCCESS") echo -e "${GREEN}${BOLD}[SUCCESS]${NC} ${message}" ;; "WARNING") echo -e "${YELLOW}${BOLD}[WARNING]${NC} ${message}" ;; "ERROR") echo -e "${RED}${BOLD}[ERROR]${NC} ${message}" ;; "DIAG") echo -e "${MAGENTA}${BOLD}[DIAG]${NC} ${message}" ;; esac } # --- PHASE 0: NETWORK DIAGNOSTICS --- run_network_diagnostics() { log_message "INFO" "=== PHASE 0: NETWORK DIAGNOSTICS ===" local domains=("$BASE_DOMAIN" "$HUB_DOMAIN" "sechpoint.app") for dom in "${domains[@]}"; do local ip=$(getent hosts "$dom" | awk '{ print $1 }') if [ -n "$ip" ]; then log_message "DIAG" "$dom resolves to: ${CYAN}$ip${NC}" else log_message "WARNING" "$dom: ${RED}Unresolved${NC} (Check /etc/hosts)" fi done } # --- PHASE 1: PRE-FLIGHT & DEPENDENCIES --- check_pre_flight() { log_message "INFO" "=== PHASE 1: PRE-FLIGHT CHECKS ===" [[ $EUID -ne 0 ]] && { log_message "ERROR" "Run as sudo"; exit 1; } log_message "INFO" "Ensuring core tools (tar, iptables, curl)..." # Ensure dnf is used for CentOS 9 sudo dnf install -y tar iptables-legacy curl procps-ng > /dev/null 2>&1 # Final connectivity check before proceeding to downloads if ! curl -IsL --connect-timeout 3 "https://$BASE_DOMAIN" > /dev/null 2>&1; then echo -e "\n${RED}${BOLD}STOP:${NC} Cannot reach https://$BASE_DOMAIN" echo -e "Please ensure your /etc/hosts contains:" echo -e "${CYAN} $BASE_DOMAIN $HUB_DOMAIN${NC}\n" exit 1 fi log_message "SUCCESS" "Stealth Proxy connectivity verified." } # --- PHASE 2: DOCKER ENGINE --- setup_docker_engine() { log_message "INFO" "=== PHASE 2: DOCKER ENGINE SETUP ===" if command -v docker >/dev/null 2>&1; then log_message "SUCCESS" "Docker already installed." return 0 fi ARCH=$(uname -m) [[ "$ARCH" == "x86_64" ]] && D_ARCH="x86_64" || D_ARCH="aarch64" local binary_file="docker-$DOCKER_VERSION.tgz" local download_url="https://$BASE_DOMAIN/linux/static/stable/$D_ARCH/$binary_file" log_message "INFO" "Downloading binaries: $download_url" curl -fL "$download_url" -o "/tmp/$binary_file" || { log_message "ERROR" "Download failed"; exit 1; } tar xzvf "/tmp/$binary_file" -C /tmp/ > /dev/null sudo cp /tmp/docker/* /usr/bin/ # LXC Optimization sudo mkdir -p /etc/docker echo '{"storage-driver":"vfs","iptables":false}' | sudo tee /etc/docker/daemon.json > /dev/null sudo tee /etc/systemd/system/docker.service > /dev/null <