From 765b968d9cdba253bf8371fdfe70ffea1e61231c Mon Sep 17 00:00:00 2001 From: Anubhuti Shruti Date: Thu, 3 Oct 2024 13:14:29 +0530 Subject: [PATCH 01/11] first --- setup.sh | 40 ++++++++++++++++++++++++++++++++++++++++ test.sh | 11 +++++++++++ 2 files changed, 51 insertions(+) create mode 100755 setup.sh create mode 100644 test.sh diff --git a/setup.sh b/setup.sh new file mode 100755 index 000000000..f5f057325 --- /dev/null +++ b/setup.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# Run the go_installer script with the parent directory as an argument +# ./go_installer.sh ../ +# echo "Installed go" +# go version +# sudo apt update -y +# sudo apt install openssh-server -y +# sudo apt install net-tools -y +# sudo apt install git -y +# sudo apt install gcc -y +# sudo apt install libfuse-dev -y +# sudo apt install fuse -y +# sudo apt install fuse3 -y +# sudo apt install libfuse3-dev -y +# echo "Installed all dependencies" -y + +# # Open the file /etc/fuse.conf and uncomment the line user_allow_other +# sudo sed -i 's/#user_allow_other/user_allow_other/' /etc/fuse.conf +# echo "Uncommented user_allow_other in /etc/fuse.conf" + +# For not entering password every time on running sudo command, add this line at the end of the +# /etc/sudoers file, +# ALL=(ALL:ALL) NOPASSWD:ALL + +mkdir ~/mntdir ~/tempcache +chmod 777 ~/mntdir ~/tempcache +echo "Created directories mntdir and tempcache" + +cat < ./fio_temp.cfg +[global] +ioengine=sync +size=10GB +bs=16M +rw=read +filename=~/mntdir/new10 +numjobs=8 +[job] +name=seq_read +EOL diff --git a/test.sh b/test.sh new file mode 100644 index 000000000..3a147f8c2 --- /dev/null +++ b/test.sh @@ -0,0 +1,11 @@ +./blobfuse2 unmount all +./blobfuse2 ~/mntdir && dd if=/dev/urandom of=~/mntdir/new10 bs=1M count=10000 +echo "--------------------------------------------------------------------------------" +echo "File created in mntdir" +echo "--------------------------------------------------------------------------------" +./blobfuse2 unmount all +./blobfuse2 ~/mntdir && fio fio_temp.cfg +echo "--------------------------------------------------------------------------------" +echo "FIO test completed" +echo "--------------------------------------------------------------------------------" +./blobfuse2 unmount all \ No newline at end of file From 4282d3c1200497ebf67242fca9022e3dcf7de6f2 Mon Sep 17 00:00:00 2001 From: Anubhuti Shruti Date: Fri, 4 Oct 2024 15:51:08 +0530 Subject: [PATCH 02/11] add --- test.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test.sh b/test.sh index 3a147f8c2..3948c8130 100644 --- a/test.sh +++ b/test.sh @@ -1,9 +1,11 @@ ./blobfuse2 unmount all +echo "Mount blobfuse and create 10GB file" ./blobfuse2 ~/mntdir && dd if=/dev/urandom of=~/mntdir/new10 bs=1M count=10000 echo "--------------------------------------------------------------------------------" echo "File created in mntdir" echo "--------------------------------------------------------------------------------" ./blobfuse2 unmount all +echo "Mount and Run FIO test" ./blobfuse2 ~/mntdir && fio fio_temp.cfg echo "--------------------------------------------------------------------------------" echo "FIO test completed" From d90d5ad55a8673094fb1c3159d819f42ad58d259 Mon Sep 17 00:00:00 2001 From: Anubhuti Shruti Date: Fri, 22 Nov 2024 15:58:07 +0530 Subject: [PATCH 03/11] setup blobfuse in new vm --- setup.sh | 51 ++++++++++++++++++--------------------------------- test.sh | 13 ------------- 2 files changed, 18 insertions(+), 46 deletions(-) delete mode 100644 test.sh diff --git a/setup.sh b/setup.sh index f5f057325..59b64a97a 100755 --- a/setup.sh +++ b/setup.sh @@ -1,40 +1,25 @@ -#!/bin/bash +!/bin/bash -# Run the go_installer script with the parent directory as an argument -# ./go_installer.sh ../ -# echo "Installed go" -# go version -# sudo apt update -y -# sudo apt install openssh-server -y -# sudo apt install net-tools -y -# sudo apt install git -y -# sudo apt install gcc -y -# sudo apt install libfuse-dev -y -# sudo apt install fuse -y -# sudo apt install fuse3 -y -# sudo apt install libfuse3-dev -y -# echo "Installed all dependencies" -y +Run the go_installer script with the parent directory as an argument +./go_installer.sh ../ +echo "Installed go" +go version +sudo apt update -y +sudo apt install openssh-server -y +sudo apt install net-tools -y +sudo apt install git -y +sudo apt install gcc -y +sudo apt install libfuse-dev -y +sudo apt install fuse -y +sudo apt install fuse3 -y +sudo apt install libfuse3-dev -y +echo "Installed all dependencies" -y -# # Open the file /etc/fuse.conf and uncomment the line user_allow_other -# sudo sed -i 's/#user_allow_other/user_allow_other/' /etc/fuse.conf -# echo "Uncommented user_allow_other in /etc/fuse.conf" +# Open the file /etc/fuse.conf and uncomment the line user_allow_other +sudo sed -i 's/#user_allow_other/user_allow_other/' /etc/fuse.conf +echo "Uncommented user_allow_other in /etc/fuse.conf" # For not entering password every time on running sudo command, add this line at the end of the # /etc/sudoers file, # ALL=(ALL:ALL) NOPASSWD:ALL -mkdir ~/mntdir ~/tempcache -chmod 777 ~/mntdir ~/tempcache -echo "Created directories mntdir and tempcache" - -cat < ./fio_temp.cfg -[global] -ioengine=sync -size=10GB -bs=16M -rw=read -filename=~/mntdir/new10 -numjobs=8 -[job] -name=seq_read -EOL diff --git a/test.sh b/test.sh deleted file mode 100644 index 3948c8130..000000000 --- a/test.sh +++ /dev/null @@ -1,13 +0,0 @@ -./blobfuse2 unmount all -echo "Mount blobfuse and create 10GB file" -./blobfuse2 ~/mntdir && dd if=/dev/urandom of=~/mntdir/new10 bs=1M count=10000 -echo "--------------------------------------------------------------------------------" -echo "File created in mntdir" -echo "--------------------------------------------------------------------------------" -./blobfuse2 unmount all -echo "Mount and Run FIO test" -./blobfuse2 ~/mntdir && fio fio_temp.cfg -echo "--------------------------------------------------------------------------------" -echo "FIO test completed" -echo "--------------------------------------------------------------------------------" -./blobfuse2 unmount all \ No newline at end of file From af11a81cae2391fbd589c4ffff2ca05a4b655d8f Mon Sep 17 00:00:00 2001 From: Anubhuti Shruti Date: Sat, 23 Nov 2024 19:01:00 +0530 Subject: [PATCH 04/11] mentioned script is for ubn machines --- setup.sh => setupUBN.sh | 2 ++ 1 file changed, 2 insertions(+) rename setup.sh => setupUBN.sh (86%) diff --git a/setup.sh b/setupUBN.sh similarity index 86% rename from setup.sh rename to setupUBN.sh index 59b64a97a..8e4808d76 100755 --- a/setup.sh +++ b/setupUBN.sh @@ -1,3 +1,5 @@ +# This setup script can be used to install all the dependencies required to clone and run the project on Ubuntu machines + !/bin/bash Run the go_installer script with the parent directory as an argument From 992659822b17cab4e1208a0c1cb5a92c735c78fa Mon Sep 17 00:00:00 2001 From: Anubhuti Shruti Date: Thu, 16 Jan 2025 17:07:01 +0530 Subject: [PATCH 05/11] Added steps for blobfuse2 installation --- setupUBN.sh => setup/setupUBN.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) rename setupUBN.sh => setup/setupUBN.sh (65%) diff --git a/setupUBN.sh b/setup/setupUBN.sh similarity index 65% rename from setupUBN.sh rename to setup/setupUBN.sh index 8e4808d76..480b007f2 100755 --- a/setupUBN.sh +++ b/setup/setupUBN.sh @@ -21,7 +21,25 @@ echo "Installed all dependencies" -y sudo sed -i 's/#user_allow_other/user_allow_other/' /etc/fuse.conf echo "Uncommented user_allow_other in /etc/fuse.conf" +# Add Microsoft Linux repository for Ubuntu +wget -qO- https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add - +sudo add-apt-repository "$(wget -qO- https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/prod.list)" +sudo apt update + +# Install Blobfuse2 +sudo apt install blobfuse2 -y +echo "Installed Blobfuse2" + +#Blobfuse2 version +blobfuse2 --version + +#Build blobfuse2 from repo +#Navigate to the parent directory of the project and run +#./build.sh + # For not entering password every time on running sudo command, add this line at the end of the # /etc/sudoers file, # ALL=(ALL:ALL) NOPASSWD:ALL + + From fe0cf71068503d972e430ce10d1a344fe6826f2c Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 16 Jan 2025 11:39:41 +0000 Subject: [PATCH 06/11] VM Azsecpack installation --- setup/vmSetupAzSecPack.sh | 98 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100755 setup/vmSetupAzSecPack.sh diff --git a/setup/vmSetupAzSecPack.sh b/setup/vmSetupAzSecPack.sh new file mode 100755 index 000000000..211856ad8 --- /dev/null +++ b/setup/vmSetupAzSecPack.sh @@ -0,0 +1,98 @@ +# Install Azure CLI +curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash + +# Update package lists +sudo apt-get update + +# Install required packages +sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y + +# Create directory for Microsoft GPG key +sudo mkdir -p /etc/apt/keyrings + +# Download and install Microsoft GPG key +curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null + +# Set permissions for the GPG key +sudo chmod go+r /etc/apt/keyrings/microsoft.gpg + +# Get the distribution codename +AZ_DIST=$(lsb_release -cs) + +# Add Azure CLI repository to sources list +echo "Types: deb +URIs: https://packages.microsoft.com/repos/azure-cli/ +Suites: ${AZ_DIST} +Components: main +Architectures: $(dpkg --print-architecture) +Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources + +# Install Azure CLI +sudo apt-get install azure-cli -y + +# Update package lists again +sudo apt-get update + +# Install Azure CLI again to ensure it's up to date +sudo apt-get install azure-cli -y + +# Remove unnecessary packages +sudo apt autoremove + +# Upgrade Azure CLI to the latest version +az upgrade + +#------------------------------------------------------------------------------------------------------- + +# Log in to Azure +# You will get a pop-up here select your account and login +echo "You will get a pop-up here select your account and login" +echo "PLEASE NOTE: After az login you should select the Subscription you are on and enter that Subscription ID : +\\n For Example: XCLient 116 is shown in the list of subscriptions, you should then enter 116" +az login --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47 + +# Extracting VM name from hostname +vm_name=$(hostname) + +# Extracting resource group name from Azure Instance Metadata Service +resource_group=$(curl -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2021-02-01" -s | jq -r '.compute.resourceGroupName') + +# Check if VM name and resource group are not empty +if [ -z "$vm_name" ] || [ -z "$resource_group" ]; then + echo "Failed to retrieve VM name or resource group. You will have to manually insert these values in the upcoming commands" + exit 1 +fi + +# Install Azure Monitor Linux Agent extension +# az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}' +az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name $vm_name --resource-group $resource_group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}' + +# Install Azure Security Linux Agent extension +# az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}' +az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name $vm_name --resource-group $resource_group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}' + +# Check the status of Azure Security Pack +status_output=$(sudo /usr/local/bin/azsecd status) + +# Check if AutoConfig is enabled +autoconfig_enabled=$(echo "$status_output" | grep -q 'AutoConfig:\s*Enabled(true)' && echo "true" || echo "false") + +# Check if AzSecPack is present in ResourceTags +azsecpack_present=$(echo "$status_output" | grep -q 'AzSecPack:\s*IsPresent(true)' && echo "true" || echo "false") + +if [ "$autoconfig_enabled" = "true" ]; then + echo "AutoConfig is enabled." +else + echo "AutoConfig is not enabled. Please manually check if any installation step has failed." +fi + +if [ "$azsecpack_present" = "true" ]; then + echo "AzSecPack is present in ResourceTags." +else + echo "AzSecPack is not present in ResourceTags.Please manually check if any installation step has failed." +fi + +#------------------------------------------------------------------------------------------------------- +# Check for pending updates, assess and install patches +#az vm assess-patches --resource-group --name +#az vm install-patches --resource-group --name --maximum-duration PT2H --reboot-setting IfRequired --classifications-to-include-linux Critical Security \ No newline at end of file From 444d4b734ef560d95bc3b3af8e3df8e3765c99cd Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 16 Jan 2025 12:26:22 +0000 Subject: [PATCH 07/11] fix installation --- setup/vmSetupAzSecPack.sh | 112 ++++++++++++++++++++------------------ 1 file changed, 58 insertions(+), 54 deletions(-) diff --git a/setup/vmSetupAzSecPack.sh b/setup/vmSetupAzSecPack.sh index 211856ad8..4c1a28b63 100755 --- a/setup/vmSetupAzSecPack.sh +++ b/setup/vmSetupAzSecPack.sh @@ -1,81 +1,85 @@ -# Install Azure CLI -curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash +# # Install Azure CLI +# curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash -# Update package lists -sudo apt-get update +# # Update package lists +# sudo apt-get update -y -# Install required packages -sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y +# # Install required packages +# sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y -# Create directory for Microsoft GPG key -sudo mkdir -p /etc/apt/keyrings +# # Create directory for Microsoft GPG key +# sudo mkdir -p /etc/apt/keyrings -# Download and install Microsoft GPG key -curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null +# # Download and install Microsoft GPG key +# curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null -# Set permissions for the GPG key -sudo chmod go+r /etc/apt/keyrings/microsoft.gpg +# # Set permissions for the GPG key +# sudo chmod go+r /etc/apt/keyrings/microsoft.gpg -# Get the distribution codename -AZ_DIST=$(lsb_release -cs) +# # Get the distribution codename +# AZ_DIST=$(lsb_release -cs) -# Add Azure CLI repository to sources list -echo "Types: deb -URIs: https://packages.microsoft.com/repos/azure-cli/ -Suites: ${AZ_DIST} -Components: main -Architectures: $(dpkg --print-architecture) -Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources +# # Add Azure CLI repository to sources list +# echo "Types: deb +# URIs: https://packages.microsoft.com/repos/azure-cli/ +# Suites: ${AZ_DIST} +# Components: main +# Architectures: $(dpkg --print-architecture) +# Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources -# Install Azure CLI -sudo apt-get install azure-cli -y +# # Install Azure CLI +# sudo apt-get install azure-cli -y -# Update package lists again -sudo apt-get update +# # Update package lists again +# sudo apt-get update -# Install Azure CLI again to ensure it's up to date -sudo apt-get install azure-cli -y +# # Install Azure CLI again to ensure it's up to date +# sudo apt-get install azure-cli -y -# Remove unnecessary packages -sudo apt autoremove +# # Remove unnecessary packages +# sudo apt autoremove -y -# Upgrade Azure CLI to the latest version -az upgrade +# # Upgrade Azure CLI to the latest version +# az upgrade -y -#------------------------------------------------------------------------------------------------------- +# #------------------------------------------------------------------------------------------------------- -# Log in to Azure -# You will get a pop-up here select your account and login -echo "You will get a pop-up here select your account and login" -echo "PLEASE NOTE: After az login you should select the Subscription you are on and enter that Subscription ID : -\\n For Example: XCLient 116 is shown in the list of subscriptions, you should then enter 116" -az login --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47 +# # Log in to Azure +# # You will get a pop-up here select your account and login +# echo "You will get a pop-up here select your account and login" +# echo "PLEASE NOTE: After az login you should select the Subscription you are on and enter that Subscription ID : +# \\n For Example: XCLient 116 is shown in the list of subscriptions, you should then enter 116" +# az login --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47 -# Extracting VM name from hostname -vm_name=$(hostname) +# # Extracting VM name from hostname +# vm_name=$(hostname) -# Extracting resource group name from Azure Instance Metadata Service -resource_group=$(curl -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2021-02-01" -s | jq -r '.compute.resourceGroupName') +# # Extracting resource group name from Azure Instance Metadata Service +# resource_group=$(curl -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2021-02-01" -s | jq -r '.compute.resourceGroupName') -# Check if VM name and resource group are not empty -if [ -z "$vm_name" ] || [ -z "$resource_group" ]; then - echo "Failed to retrieve VM name or resource group. You will have to manually insert these values in the upcoming commands" - exit 1 -fi +# # Check if VM name and resource group are not empty +# if [ -z "$vm_name" ] || [ -z "$resource_group" ]; then +# echo "Failed to retrieve VM name or resource group. You will have to manually insert these values in the upcoming commands" +# exit 1 +# fi -# Install Azure Monitor Linux Agent extension -# az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}' -az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name $vm_name --resource-group $resource_group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}' +# # Install Azure Monitor Linux Agent extension +# # az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}' +# az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name $vm_name --resource-group $resource_group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}' -# Install Azure Security Linux Agent extension -# az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}' -az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name $vm_name --resource-group $resource_group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}' +# # Install Azure Security Linux Agent extension +# # az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}' +# az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name $vm_name --resource-group $resource_group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}' # Check the status of Azure Security Pack status_output=$(sudo /usr/local/bin/azsecd status) # Check if AutoConfig is enabled -autoconfig_enabled=$(echo "$status_output" | grep -q 'AutoConfig:\s*Enabled(true)' && echo "true" || echo "false") +if echo "$status_output" | grep -Pzo "AutoConfig:\n\s+Enabled\(true\)" > /dev/null; then + autoconfig_enabled="true" +else + autoconfig_enabled="false" +fi # Check if AzSecPack is present in ResourceTags azsecpack_present=$(echo "$status_output" | grep -q 'AzSecPack:\s*IsPresent(true)' && echo "true" || echo "false") From 103761b74f9fef6faba5726a25c5b645a6a57584 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 16 Jan 2025 12:28:38 +0000 Subject: [PATCH 08/11] finish --- setup/vmSetupAzSecPack.sh | 109 +++++++++++++++++++------------------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/setup/vmSetupAzSecPack.sh b/setup/vmSetupAzSecPack.sh index 4c1a28b63..47f4325f4 100755 --- a/setup/vmSetupAzSecPack.sh +++ b/setup/vmSetupAzSecPack.sh @@ -1,75 +1,75 @@ -# # Install Azure CLI -# curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash +# Install Azure CLI +curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash -# # Update package lists -# sudo apt-get update -y +# Update package lists +sudo apt-get update -y -# # Install required packages -# sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y +# Install required packages +sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release -y -# # Create directory for Microsoft GPG key -# sudo mkdir -p /etc/apt/keyrings +# Create directory for Microsoft GPG key +sudo mkdir -p /etc/apt/keyrings -# # Download and install Microsoft GPG key -# curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null +# Download and install Microsoft GPG key +curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/microsoft.gpg > /dev/null -# # Set permissions for the GPG key -# sudo chmod go+r /etc/apt/keyrings/microsoft.gpg +# Set permissions for the GPG key +sudo chmod go+r /etc/apt/keyrings/microsoft.gpg -# # Get the distribution codename -# AZ_DIST=$(lsb_release -cs) +# Get the distribution codename +AZ_DIST=$(lsb_release -cs) -# # Add Azure CLI repository to sources list -# echo "Types: deb -# URIs: https://packages.microsoft.com/repos/azure-cli/ -# Suites: ${AZ_DIST} -# Components: main -# Architectures: $(dpkg --print-architecture) -# Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources +# Add Azure CLI repository to sources list +echo "Types: deb +URIs: https://packages.microsoft.com/repos/azure-cli/ +Suites: ${AZ_DIST} +Components: main +Architectures: $(dpkg --print-architecture) +Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources -# # Install Azure CLI -# sudo apt-get install azure-cli -y +# Install Azure CLI +sudo apt-get install azure-cli -y -# # Update package lists again -# sudo apt-get update +# Update package lists again +sudo apt-get update -# # Install Azure CLI again to ensure it's up to date -# sudo apt-get install azure-cli -y +# Install Azure CLI again to ensure it's up to date +sudo apt-get install azure-cli -y -# # Remove unnecessary packages -# sudo apt autoremove -y +# Remove unnecessary packages +sudo apt autoremove -y -# # Upgrade Azure CLI to the latest version -# az upgrade -y +# Upgrade Azure CLI to the latest version +az upgrade -y -# #------------------------------------------------------------------------------------------------------- +#------------------------------------------------------------------------------------------------------- -# # Log in to Azure -# # You will get a pop-up here select your account and login -# echo "You will get a pop-up here select your account and login" -# echo "PLEASE NOTE: After az login you should select the Subscription you are on and enter that Subscription ID : -# \\n For Example: XCLient 116 is shown in the list of subscriptions, you should then enter 116" -# az login --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47 +# Log in to Azure +# You will get a pop-up here select your account and login +echo "You will get a pop-up here select your account and login" +echo "PLEASE NOTE: After az login you should select the Subscription you are on and enter that Subscription ID : +\\n For Example: XCLient 116 is shown in the list of subscriptions, you should then enter 116" +az login --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47 -# # Extracting VM name from hostname -# vm_name=$(hostname) +# Extracting VM name from hostname +vm_name=$(hostname) -# # Extracting resource group name from Azure Instance Metadata Service -# resource_group=$(curl -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2021-02-01" -s | jq -r '.compute.resourceGroupName') +# Extracting resource group name from Azure Instance Metadata Service +resource_group=$(curl -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2021-02-01" -s | jq -r '.compute.resourceGroupName') -# # Check if VM name and resource group are not empty -# if [ -z "$vm_name" ] || [ -z "$resource_group" ]; then -# echo "Failed to retrieve VM name or resource group. You will have to manually insert these values in the upcoming commands" -# exit 1 -# fi +# Check if VM name and resource group are not empty +if [ -z "$vm_name" ] || [ -z "$resource_group" ]; then + echo "Failed to retrieve VM name or resource group. You will have to manually insert these values in the upcoming commands" + exit 1 +fi -# # Install Azure Monitor Linux Agent extension -# # az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}' -# az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name $vm_name --resource-group $resource_group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}' +# Install Azure Monitor Linux Agent extension +# az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}' +az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name $vm_name --resource-group $resource_group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}' -# # Install Azure Security Linux Agent extension -# # az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}' -# az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name $vm_name --resource-group $resource_group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}' +# Install Azure Security Linux Agent extension +# az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}' +az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name $vm_name --resource-group $resource_group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}' # Check the status of Azure Security Pack status_output=$(sudo /usr/local/bin/azsecd status) @@ -80,7 +80,6 @@ if echo "$status_output" | grep -Pzo "AutoConfig:\n\s+Enabled\(true\)" > /dev/nu else autoconfig_enabled="false" fi - # Check if AzSecPack is present in ResourceTags azsecpack_present=$(echo "$status_output" | grep -q 'AzSecPack:\s*IsPresent(true)' && echo "true" || echo "false") @@ -96,6 +95,8 @@ else echo "AzSecPack is not present in ResourceTags.Please manually check if any installation step has failed." fi +echo "Please check the status of Azure Security Pack by running 'sudo /usr/local/bin/azsecd status'" +echo "Installation of Azure Security Pack is complete.If you found any errors please manually check the installation steps." #------------------------------------------------------------------------------------------------------- # Check for pending updates, assess and install patches #az vm assess-patches --resource-group --name From 6b83fabc589bc974d8cb59916238bdd509f0ff6d Mon Sep 17 00:00:00 2001 From: Anubhuti Shruti Date: Mon, 20 Jan 2025 11:25:48 +0530 Subject: [PATCH 09/11] called azsecpack script from blobfuse setup --- setup/setupUBN.sh | 3 +++ setup/vmSetupAzSecPack.sh | 3 +++ 2 files changed, 6 insertions(+) diff --git a/setup/setupUBN.sh b/setup/setupUBN.sh index 480b007f2..85ba0efcf 100755 --- a/setup/setupUBN.sh +++ b/setup/setupUBN.sh @@ -41,5 +41,8 @@ blobfuse2 --version # /etc/sudoers file, # ALL=(ALL:ALL) NOPASSWD:ALL +# Calling the setup script for AzSecPack setup +echo "Calling the setup script for AzSecPack setup" +setup/vmSetupAzSecPack.sh diff --git a/setup/vmSetupAzSecPack.sh b/setup/vmSetupAzSecPack.sh index 47f4325f4..326506c5f 100755 --- a/setup/vmSetupAzSecPack.sh +++ b/setup/vmSetupAzSecPack.sh @@ -1,3 +1,6 @@ +# Script to setup Azsecpack on Ubuntu VM as per recent SFI guidelines +!/bin/bash + # Install Azure CLI curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash From e5389c0d360ac9eb1e1662e074f3dc9cf5904a15 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 23 Jan 2025 07:06:07 +0000 Subject: [PATCH 10/11] fixed comments --- setup/vmSetupAzSecPack.sh | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/setup/vmSetupAzSecPack.sh b/setup/vmSetupAzSecPack.sh index 326506c5f..6947add49 100755 --- a/setup/vmSetupAzSecPack.sh +++ b/setup/vmSetupAzSecPack.sh @@ -50,7 +50,7 @@ az upgrade -y # Log in to Azure # You will get a pop-up here select your account and login echo "You will get a pop-up here select your account and login" -echo "PLEASE NOTE: After az login you should select the Subscription you are on and enter that Subscription ID : +echo "PLEASE NOTE: After az login you should select the Subscription you are on and enter that Subscription ID : \\n For Example: XCLient 116 is shown in the list of subscriptions, you should then enter 116" az login --tenant 72f988bf-86f1-41af-91ab-2d7cd011db47 @@ -101,6 +101,37 @@ fi echo "Please check the status of Azure Security Pack by running 'sudo /usr/local/bin/azsecd status'" echo "Installation of Azure Security Pack is complete.If you found any errors please manually check the installation steps." #------------------------------------------------------------------------------------------------------- +# Define the command you want to run +COMMAND="az vm assess-patches --resource-group $resource_group --name $vm_name" + +# Initialize variables +attempt=0 +start_time=$(date +%s) + +# Loop until the command is successful +while true; do + attempt=$((attempt + 1)) + echo "Attempt $attempt: Trying to run the command..." + + # Run the command + $COMMAND + + # Check if the command was successful + if [ $? -eq 0 ]; then + echo "Command executed successfully on attempt $attempt." + break + else + echo "Command failed. Retrying..." + fi + + # Optional: Add a sleep interval between attempts + sleep 1 +done + +# Measure the end time +end_time=$(date +%s) +elapsed_time=$((end_time - start_time)) + # Check for pending updates, assess and install patches #az vm assess-patches --resource-group --name -#az vm install-patches --resource-group --name --maximum-duration PT2H --reboot-setting IfRequired --classifications-to-include-linux Critical Security \ No newline at end of file +az vm install-patches --resource-group $resource_group --name $vm_name --maximum-duration PT2H --reboot-setting IfRequired --classifications-to-include-linux Critical Security \ No newline at end of file From 8595aec6a8e0dac01ebdf84161731d6f4c122035 Mon Sep 17 00:00:00 2001 From: Anubhuti Shruti Date: Thu, 23 Jan 2025 12:43:34 +0530 Subject: [PATCH 11/11] resolve --- setup/vmSetupAzSecPack.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/setup/vmSetupAzSecPack.sh b/setup/vmSetupAzSecPack.sh index 326506c5f..de9c9c4d6 100755 --- a/setup/vmSetupAzSecPack.sh +++ b/setup/vmSetupAzSecPack.sh @@ -30,9 +30,6 @@ Components: main Architectures: $(dpkg --print-architecture) Signed-by: /etc/apt/keyrings/microsoft.gpg" | sudo tee /etc/apt/sources.list.d/azure-cli.sources -# Install Azure CLI -sudo apt-get install azure-cli -y - # Update package lists again sudo apt-get update @@ -63,6 +60,8 @@ resource_group=$(curl -H Metadata:true "http://169.254.169.254/metadata/instance # Check if VM name and resource group are not empty if [ -z "$vm_name" ] || [ -z "$resource_group" ]; then echo "Failed to retrieve VM name or resource group. You will have to manually insert these values in the upcoming commands" + echo "az vm extension set -n AzureMonitorLinuxAgent --publisher Microsoft.Azure.Monitor --version 1.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"GCS_AUTO_CONFIG": true}'" + echo "az vm extension set -n AzureSecurityLinuxAgent --publisher Microsoft.Azure.Security.Monitoring --version 2.0 --vm-name --resource-group --enable-auto-upgrade true --settings '{"enableGenevaUpload":true,"enableAutoConfig":true}'" exit 1 fi @@ -101,6 +100,9 @@ fi echo "Please check the status of Azure Security Pack by running 'sudo /usr/local/bin/azsecd status'" echo "Installation of Azure Security Pack is complete.If you found any errors please manually check the installation steps." #------------------------------------------------------------------------------------------------------- + + +sleep 100 # Check for pending updates, assess and install patches -#az vm assess-patches --resource-group --name -#az vm install-patches --resource-group --name --maximum-duration PT2H --reboot-setting IfRequired --classifications-to-include-linux Critical Security \ No newline at end of file +az vm assess-patches --resource-group $resource_group --name $vm_name +az vm install-patches --resource-group $resource_group --name $vm_name --maximum-duration PT2H --reboot-setting IfRequired --classifications-to-include-linux Critical Security \ No newline at end of file