From 3b804fe47f9de5a4a7964f8cdbad27e199cebd74 Mon Sep 17 00:00:00 2001 From: Kris Nova Date: Thu, 20 Feb 2020 07:43:47 -0800 Subject: [PATCH] Adding falco script from install docs Signed-off-by: Kris Nova --- scripts/install-falco.sh | 200 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 200 insertions(+) create mode 100644 scripts/install-falco.sh diff --git a/scripts/install-falco.sh b/scripts/install-falco.sh new file mode 100644 index 00000000..5a7de278 --- /dev/null +++ b/scripts/install-falco.sh @@ -0,0 +1,200 @@ +#!/bin/bash +# +# Copyright (C) 2013-2018 Draios Inc dba Sysdig. +# +# This file is part of falco . +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +set -e + +function install_rpm { + if ! hash curl > /dev/null 2>&1; then + echo "* Installing curl" + yum -q -y install curl + fi + + if ! yum -q list dkms > /dev/null 2>&1; then + echo "* Installing EPEL repository (for DKMS)" + if [ $VERSION -eq 8 ]; then + rpm --quiet -i https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm + elif [ $VERSION -eq 7 ]; then + rpm --quiet -i https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + else + rpm --quiet -i https://mirrors.kernel.org/fedora-epel/6/i386/epel-release-6-8.noarch.rpm + fi + fi + + echo "* Installing falco public key" + rpm --quiet --import https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public + echo "* Installing falco repository" + curl -s -o /etc/yum.repos.d/draios.repo https://s3.amazonaws.com/download.draios.com/stable/rpm/draios.repo + echo "* Installing kernel headers" + KERNEL_VERSION=$(uname -r) + if [[ $KERNEL_VERSION == *PAE* ]]; then + yum -q -y install kernel-PAE-devel-${KERNEL_VERSION%.PAE} || kernel_warning + elif [[ $KERNEL_VERSION == *stab* ]]; then + # It's OpenVZ kernel and we should install another package + yum -q -y install vzkernel-devel-$KERNEL_VERSION || kernel_warning + elif [[ $KERNEL_VERSION == *uek* ]]; then + yum -q -y install kernel-uek-devel-$KERNEL_VERSION || kernel_warning + else + yum -q -y install kernel-devel-$KERNEL_VERSION || kernel_warning + fi + echo "* Installing falco" + yum -q -y install falco +} + +function install_deb { + export DEBIAN_FRONTEND=noninteractive + + if ! hash curl > /dev/null 2>&1; then + echo "* Installing curl" + apt-get -qq -y install curl < /dev/null + fi + + echo "* Installing Sysdig public key" + curl -s https://s3.amazonaws.com/download.draios.com/DRAIOS-GPG-KEY.public | apt-key add - + echo "* Installing falco repository" + curl -s -o /etc/apt/sources.list.d/draios.list https://s3.amazonaws.com/download.draios.com/stable/deb/draios.list + apt-get -qq update < /dev/null + echo "* Installing kernel headers" + apt-get -qq -y install linux-headers-$(uname -r) < /dev/null || kernel_warning + echo "* Installing falco" + apt-get -qq -y install falco < /dev/null +} + +function unsupported { + echo 'Unsupported operating system. Please consider writing to the mailing list at' + echo 'https://groups.google.com/forum/#!forum/sysdig or trying the manual' + echo 'installation.' + exit 1 +} + +function kernel_warning { + echo "Unable to find kernel development files for the current kernel version" $(uname -r) + echo "This usually means that your system is not up-to-date or you installed a custom kernel version." + echo "The installation will continue but you'll need to install these yourself in order to use falco." + echo 'Please write to the mailing list at https://groups.google.com/forum/#!forum/sysdig' + echo "if you need further assistance." +} + +if [ $(id -u) != 0 ]; then + echo "Installer must be run as root (or with sudo)." + exit 1 +fi + +echo "* Detecting operating system" + +ARCH=$(uname -m) +if [[ ! $ARCH = *86 ]] && [ ! $ARCH = "x86_64" ] && [ ! $ARCH = "s390x" ]; then + unsupported +fi + +if [ $ARCH = "s390x" ]; then + echo "------------" + echo "WARNING: A Docker container is the only officially supported platform on s390x" + echo "------------" +fi + +if [ -f /etc/debian_version ]; then + if [ -f /etc/lsb-release ]; then + . /etc/lsb-release + DISTRO=$DISTRIB_ID + VERSION=${DISTRIB_RELEASE%%.*} + else + DISTRO="Debian" + VERSION=$(cat /etc/debian_version | cut -d'.' -f1) + fi + + case "$DISTRO" in + + "Ubuntu") + if [ $VERSION -ge 10 ]; then + install_deb + else + unsupported + fi + ;; + + "LinuxMint") + if [ $VERSION -ge 9 ]; then + install_deb + else + unsupported + fi + ;; + + "Debian") + if [ $VERSION -ge 6 ]; then + install_deb + elif [[ $VERSION == *sid* ]]; then + install_deb + else + unsupported + fi + ;; + + *) + unsupported + ;; + + esac + +elif [ -f /etc/system-release-cpe ]; then + DISTRO=$(cat /etc/system-release-cpe | cut -d':' -f3) + + # New Amazon Linux 2 distro + if [[ -f /etc/image-id ]]; then + AMZ_AMI_VERSION=$(cat /etc/image-id | grep 'image_name' | cut -d"=" -f2 | tr -d "\"") + fi + + if [[ "${DISTRO}" == "o" ]] && [[ ${AMZ_AMI_VERSION} = *"amzn2"* ]]; then + DISTRO=$(cat /etc/system-release-cpe | cut -d':' -f4) + fi + + VERSION=$(cat /etc/system-release-cpe | cut -d':' -f5 | cut -d'.' -f1 | sed 's/[^0-9]*//g') + + case "$DISTRO" in + + "oracle" | "centos" | "redhat") + if [ $VERSION -ge 6 ]; then + install_rpm + else + unsupported + fi + ;; + + "amazon") + install_rpm + ;; + + "fedoraproject") + if [ $VERSION -ge 13 ]; then + install_rpm + else + unsupported + fi + ;; + + *) + unsupported + ;; + + esac + +else + unsupported +fi + +modprobe -r falco_probe