customer-engineering/wallarm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wallarm/pre-deployment-test.sh
SechPoint 68136a7e26 update
2026-03-13 08:55:55 +00:00

117 lines
3.9 KiB
Bash
Raw Blame History

#!/bin/bash
# --- Styling ---
YELLOW='\033[1;33m'
GREEN='\033[0;32m'
RED='\033[0;31m'
NC='\033[0m'
# --- Configuration & Globals ---
EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com")
US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com" "node-data1.us1.wallarm.com")
# --- Functions ---
print_header() {
echo -e "${YELLOW}=== Sechpoint Wallarm Pre-Flight Diagnostic ===${NC}"
echo "Use this tool to verify environment readiness before deployment."
echo "-------------------------------------------------------"
}
check_proxy() {
echo -e "${YELLOW}[1/5] Checking Environment Proxies...${NC}"
if [ -n "$https_proxy" ] || [ -n "$HTTPS_PROXY" ]; then
echo -e "${GREEN}[INFO]${NC} Proxy detected: ${https_proxy:-$HTTPS_PROXY}"
else
echo -e "[INFO] No system proxy detected."
fi
}
get_user_input() {
read -p "Enter Application Server IP (to be protected) [127.0.0.1]: " APP_HOST </dev/tty
APP_HOST=${APP_HOST:-127.0.0.1}
read -p "Enter Application Server Port [8080]: " APP_PORT </dev/tty
APP_PORT=${APP_PORT:-8080}
}
check_sudo() {
echo -e "\n${YELLOW}[2/5] Checking Sudo & OS Status...${NC}"
echo "Verifying sudo permissions (you may be prompted for your password)..."
if sudo -v; then
echo -e "${GREEN}[PASS]${NC} Sudo access confirmed."
else
echo -e "${RED}[FAIL]${NC} Sudo access DENIED. You must be a sudoer to install Wallarm."
fi
if [ -f /etc/os-release ]; then
( . /etc/os-release; echo "OS: $PRETTY_NAME" )
fi
}
check_tools() {
echo -e "\n${YELLOW}[3/5] Verifying Required Tools...${NC}"
local tools=("curl" "wget" "gpg" "grep")
for tool in "${tools[@]}"; do
if command -v "$tool" &> /dev/null; then
echo -e "${GREEN}[PASS]${NC} $tool is installed."
else
echo -e "${RED}[FAIL]${NC} $tool is MISSING."
fi
done
}
# The core connectivity logic
test_endpoint() {
local target=$1
# -skI = silent, insecure (ignore certs), head-only
if curl -skI --connect-timeout 5 "https://$target" > /dev/null 2>&1 || [ $? -eq 45 ] || [ $? -eq 52 ]; then
echo -e "${GREEN}[PASS]${NC} Reached $target"
else
echo -e "${RED}[FAIL]${NC} BLOCKED: $target"
fi
}
check_wallarm_cloud() {
echo -e "\n${YELLOW}[4/5] Testing Wallarm Cloud Connectivity (Port 443)...${NC}"
echo "--- EU Cloud ---"
for node in "${EU_DATA_NODES[@]}"; do test_endpoint "$node"; done
echo -e "\n--- US Cloud ---"
for node in "${US_DATA_NODES[@]}"; do test_endpoint "$node"; done
}
check_internal_app() {
echo -e "\n${YELLOW}[5/5] Testing Internal App Connectivity...${NC}"
# We test TCP handshake only.
# Curl exit 7 (Refused) and 28 (Timeout) are the main failure triggers.
curl -vsk --connect-timeout 5 "http://$APP_HOST:$APP_PORT" > /dev/null 2>&1
local exit_code=$?
# Exit codes 0, 52 (empty reply), 22 (4xx/5xx), 56 (reset) all imply the port is OPEN.
if [[ "$exit_code" =~ ^(0|52|22|56|35)$ ]]; then
echo -e "${GREEN}[PASS]${NC} TCP Connection established to $APP_HOST:$APP_PORT"
else
echo -e "${RED}[FAIL]${NC} CANNOT REACH App at $APP_HOST:$APP_PORT (Error: $exit_code)"
echo " Check firewalls or verify if the service is running on the app server."
fi
}
# --- Execution ---
print_header
check_proxy
get_user_input
check_sudo
check_tools
check_wallarm_cloud
check_internal_app
if [[ "$SUDO_RESULT" == "PASS" ]] && [[ "$CLOUD_RESULT" == "PASS" ]]; then
echo "$(date +%Y-%m-%d %H:%M:%S)" > /tmp/.wallarm_preflight_pass
echo -e "${GREEN}Environment verified. Readiness flag created.${NC}"
fi
echo -e "\n${YELLOW}-------------------------------------------------------"
echo -e "PRE-FLIGHT COMPLETE. PLEASE SCREENSHOT THIS OUTPUT."
echo -e "-------------------------------------------------------${NC}"
Reference in a new issue View git blame Copy permalink