mike/TA-unix
1
0
Fork 0
Code Issues Pull requests Projects Releases 15 Packages Wiki Activity Actions

Fix Darwin Scripts and Document Sudo

Browse source 
Changes:

* Use sudo in service.sh for Darwin to find user services if not running as root
* Fix parsing the output of softwareupdate command on Darwin in update.sh
* Better document usage of sudo in docs/Sudo.md
This commit is contained in:
Michael Erdely 2025-01-25 15:11:30 -05:00
parent a24e4c8ee5
commit 653ee79a67
Signed by: mike
SSH key fingerprint: SHA256:ukbnfrRMaRYlBZXENtBTyO2jLnql5AA5m+SzZCfYQe0
7 changed files with 84 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
VERSION
View file

@ -1,2 +1,2 @@
9.2.0.10 9.2.0.11
9.2.0.10 9.2.0.11

2
app.manifest
View file

@ -29,7 +29,7 @@
"id": { "id": {
"group": null, "group": null,
"name": "TA-nix", "name": "TA-nix",
"version": "9.2.0.10" "version": "9.2.0.11"
}, },
"license": { "license": {
"name": "Splunk Software License Agreement", "name": "Splunk Software License Agreement",

15
bin/service.sh
View file

@ -128,9 +128,18 @@ elif [ "$KERNEL" = "Darwin" ] ; then
CMD='eval date ; ls -1 /System/Library/StartupItems/ /Library/StartupItems/' CMD='eval date ; ls -1 /System/Library/StartupItems/ /Library/StartupItems/'
# Get per-user startup items # Get per-user startup items
# shellcheck disable=SC2044 # shellcheck disable=SC2044
for PLIST_FILE in $(find /Users -name "loginwindow.plist") ; do # For this to work properly when run as non-root, add a line to
CMD=$CMD' ; echo '$PLIST_FILE': ; defaults read '$PLIST_FILE # an /etc/sudoers.d file (eg - /etc/sudoers.d/splunk) like this:
done # splunk ALL=(root) NOPASSWD: /usr/bin/find /Users -name loginwindow.plist
if [ $(id -u) != 0 ]; then
for PLIST_FILE in $(sudo -n /usr/bin/find /Users -name loginwindow.plist) ; do
CMD=$CMD' ; echo '$PLIST_FILE': ; defaults read '$PLIST_FILE
done
else
for PLIST_FILE in $(/usr/bin/find /Users -name loginwindow.plist) ; do
CMD=$CMD' ; echo '$PLIST_FILE': ; defaults read '$PLIST_FILE
done
fi
# shellcheck disable=SC2016 # shellcheck disable=SC2016
PARSE_0='NR==1 {DATE=$0}' PARSE_0='NR==1 {DATE=$0}'
# Retrieve path for system startup items # Retrieve path for system startup items

22
bin/update.sh
View file

@ -21,9 +21,9 @@ if [ "$KERNEL" = "Linux" ] ; then
# Without the above line, 'apt list --upgradable' will not show updated packages unless the package databases were updated outside of this script # Without the above line, 'apt list --upgradable' will not show updated packages unless the package databases were updated outside of this script
# sed command here replaces '/, [, ]' with ' ' # sed command here replaces '/, [, ]' with ' '
if [ $(id -u) != 0 ]; then if [ $(id -u) != 0 ]; then
CMD='eval date ; sudo -n apt update > /dev/null 2>&1 ; eval apt list --upgradable | sed "s/\// /; s/\[/ /; s/\]/ /"' CMD='eval date ; sudo -n /usr/bin/apt update > /dev/null 2>&1 ; eval apt list --upgradable | sed "s/\// /; s/\[/ /; s/\]/ /"'
else else
CMD='eval date ; apt update > /dev/null 2>&1 ; eval apt list --upgradable | sed "s/\// /; s/\[/ /; s/\]/ /"' CMD='eval date ; /usr/bin/apt update > /dev/null 2>&1 ; eval apt list --upgradable | sed "s/\// /; s/\[/ /; s/\]/ /"'
fi fi
# shellcheck disable=SC2016 # shellcheck disable=SC2016
PARSE_0='NR==1 {DATE=$0}' PARSE_0='NR==1 {DATE=$0}'
@ -48,9 +48,9 @@ if [ "$KERNEL" = "Linux" ] ; then
# splunk ALL=(root) NOPASSWD: /usr/bin/pacman -Syy # splunk ALL=(root) NOPASSWD: /usr/bin/pacman -Syy
# Without the above line, checkupdates will not show updated packages unless the package databases were updated outside of this script (similar to Debian's apt update) # Without the above line, checkupdates will not show updated packages unless the package databases were updated outside of this script (similar to Debian's apt update)
if [ $(id -u) != 0 ]; then if [ $(id -u) != 0 ]; then
CMD='eval date ; eval uname -m | sed -r "s/(armv7l|aarch64)/arm64/;s/x86_64/amd64/"; sudo -n pacman -Syy > /dev/null 2>&1 ; eval checkupdates' CMD='eval date ; eval uname -m | sed -r "s/(armv7l|aarch64)/arm64/;s/x86_64/amd64/"; sudo -n /usr/bin/pacman -Syy > /dev/null 2>&1 ; eval checkupdates'
else else
CMD='eval date ; eval uname -m | sed -r "s/(armv7l|aarch64)/arm64/;s/x86_64/amd64/"; pacman -Syy > /dev/null 2>&1 ; eval checkupdates' CMD='eval date ; eval uname -m | sed -r "s/(armv7l|aarch64)/arm64/;s/x86_64/amd64/"; /usr/bin/pacman -Syy > /dev/null 2>&1 ; eval checkupdates'
fi fi
# shellcheck disable=SC2016 # shellcheck disable=SC2016
PARSE_0='NR==1 {DATE=$0}' PARSE_0='NR==1 {DATE=$0}'
@ -103,7 +103,7 @@ elif [ "$KERNEL" = "Darwin" ] ; then
assertHaveCommand date assertHaveCommand date
assertHaveCommand softwareupdate assertHaveCommand softwareupdate
CMD='eval date ; softwareupdate -l' CMD='eval date ; softwareupdate -l 2>&1 | grep -v "XType: Using static font registry"'
# shellcheck disable=SC2016 # shellcheck disable=SC2016
PARSE_0='NR==1 { PARSE_0='NR==1 {
DATE=$0 DATE=$0
@ -115,14 +115,16 @@ elif [ "$KERNEL" = "Darwin" ] ; then
# of the update. Otherwise, print the update. # of the update. Otherwise, print the update.
# shellcheck disable=SC2016 # shellcheck disable=SC2016
PARSE_1='NR>1 && PROCESS==1 && $0 !~ /^[[:blank:]]*$/ { PARSE_1='NR>1 && PROCESS==1 && $0 !~ /^[[:blank:]]*$/ {
if ( $0 ~ /^[[:blank:]]*\*/ ) { if ( $1 == "Title:" ) {
PACKAGE="package=\"" $2 "\"" line = $0;
gsub(/^.*Title: /, "", line);
gsub(/, Version:.*$/, "", line);
PACKAGE="package=\"" line "\""
RECOMMENDED="" RECOMMENDED=""
RESTART="" RESTART=""
TOTAL=TOTAL+1 TOTAL=TOTAL+1
} else { if ( $0 ~ /Recommended: YES/ ) { RECOMMENDED="is_recommended=\"true\"" }
if ( $0 ~ /recommended/ ) { RECOMMENDED="is_recommended=\"true\"" } if ( $0 ~ /Action: restart/ ) { RESTART="restart_required=\"true\"" }
if ( $0 ~ /restart/ ) { RESTART="restart_required=\"true\"" }
printf "%s %s %s %s\n", DATE, PACKAGE, RECOMMENDED, RESTART printf "%s %s %s %s\n", DATE, PACKAGE, RECOMMENDED, RESTART
} }
}' }'

4
default/app.conf
View file

@ -17,7 +17,7 @@ docs_section_override = AddOns:released
[launcher] [launcher]
author = Michael Erdely author = Michael Erdely
version = 9.2.0.10 version = 9.2.0.11
description = Technical Add-on for Unix and Linux description = Technical Add-on for Unix and Linux
#[package] #[package]
@ -26,5 +26,5 @@ description = Technical Add-on for Unix and Linux
[id] [id]
name = TA-unix name = TA-unix
version = 9.2.0.10 version = 9.2.0.11

10
docs/ReleaseNotes.md
View file

@ -1,5 +1,15 @@
# Technical Add-on for Unix and Linux # Technical Add-on for Unix and Linux
## Version 9.2.0.11 (2025-01-25)
Fix Darwin Scripts and Document Sudo
Changes:
* Use sudo in service.sh for Darwin to find user services if not running as root
* Fix parsing the output of softwareupdate command on Darwin in update.sh
* Better document usage of sudo in docs/Sudo.md
## Version 9.2.0.10 (2025-01-25) ## Version 9.2.0.10 (2025-01-25)
Fix OpenBSD Support and Other Bugs Fix OpenBSD Support and Other Bugs

45
docs/Sudo.md Normal file
View file

@ -0,0 +1,45 @@
# Sudo Usage
Some commands may need to use sudo or doas to execute. Below is documentation
for those cases.
## MacOS/Darwin service.sh
The service.sh script searches users' home directories and a splunk user does
not have rights to do that.
Create a file like /etc/sudoers.d/splunk and add:
```
splunk ALL=(root) NOPASSWD: /usr/bin/find /Users -name loginwindow.plist
```
## Docker
Either add the splunk user to the docker group or run the command with sudo.
To make sudo work, create a file like /etc/sudoers.d/splunk and add:
```
splunk ALL=(root) NOPASSWD: /usr/bin/docker stats --no-stream --no-trunc --all
splunk ALL=(root) NOPASSWD: /usr/bin/docker ps --all --no-trunc --format *
splunk ALL=(root) NOPASSWD: /usr/bin/docker inspect -f *
```
## Debian/Ubuntu apt update
A splunk user does not have the ability to update the package cache.
To make sudo work, create a file like /etc/sudoers.d/splunk and add:
```
splunk ALL=(root) NOPASSWD: /usr/bin/apt update
```
## Arch Linux pacman update cache
A splunk user does not have the ability to update the package cache.
To make sudo work, create a file like /etc/sudoers.d/splunk and add:
```
splunk ALL=(root) NOPASSWD: /usr/bin/pacman -Syy
```