Inicio Explorar Ayuda
Registro Iniciar sesión
AFS
/
infrastructure-notes
2
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: 883a468866
Ramas Etiquetas
infrastructure-...
/
Reposerver Notes.md

Reposerver Notes.md 3.4 KB
Histórico Raw

Reposerver Notes

How to add a new package to the reposerver (which we want to move to S3)

Conduct security checks on packages:

#GPGKey check can be two types of GPG keyrings used on RPM-based systems; RPM or YUM GPG keyring - we use RPM
#Import GPG Pub keys to verify signatures in lieu of SHA (if necessary): https://www.redhat.com/sysadmin/rpm-gpg-verify-packages

# Upload the file to the reposerver via tsh scp or Web UI
tsh --proxy=teleport.xdrtest.accenturefederalcyber.com scp Nessus-10.2.0-es7.x86_64.rpm reposerver.pvt.xdrtest.accenturefederalcyber.com:

tsh --proxy=teleport.xdr.accenturefederalcyber.com scp Nessus-10.2.0-es7.x86_64.rpm reposerver.pvt.xdr.accenturefederalcyber.com:

cd /var/www/html/redhat/msoc/Packages/

# example of verifying Sensu upgrade
wget https://packagecloud.io/sensu/stable/gpgkey

# view public gpg key downloaded
cat 'name of key'

# import the gpgkey into the RPM database for use
rpm --import 'name of key'

# list the gpg key in the RPM database
rpm -qa 'name of key'*

# visit site to view original hash of package via URL in this example for Sensu Go Agent 6.8; then download package
wget --content-disposition https://packagecloud.io/sensu/stable/packages/el/7/sensu-go-cli-6.8.0-6692.x86_64.rpm/download.rpm

# validate package signature with name of the package downloaded
rpm -K 'name of package'

# validate SHA256 integrity hash and match hash with vendor
sha256sum 'name of package'

# cleanup old GPGKey associated with package after SHA256 passed and previous version of package - keep the current package version in Repo
rm -rf 'name of key' && rm -rf 'name of package'

msoc-repo

Drop the package(s) that need upgraded into /var/www/html/redhat/msoc/Packages and ensure they're owned by apache

# Multiple Lines
sudo -u apache /bin/bash
cd /var/www/html/redhat && createrepo msoc
exit
restorecon -R /var/www/html/redhat/

# Oneliner
chown -R apache:apache /var/www/html/redhat/msoc/Packages/ && cd /var/www/html/redhat/ && sudo -u apache createrepo msoc && restorecon -R /var/www/html/redhat/

# Splunk Repo uses the version
chown -R apache:apache /var/www/html/splunk/8.2/ && cd /var/www/html/splunk/ && sudo -u apache createrepo 8.2 && restorecon -R /var/www/html/splunk/8.2

# Tenable Repo 
chown -R apache:apache /var/www/html/tenable/ && cd /var/www/html/ && sudo -u apache createrepo tenable && restorecon -R /var/www/html/tenable

# From target server; clean out the cache
yum clean all && yum makecache fast

# From target server; view the available packages
yum --disablerepo="*" --enablerepo="msoc" list available
yum --disablerepo="*" --enablerepo="tenable" list available
yum --disablerepo="*" --enablerepo="splunk" list available

# From target server
yum install 'name of package'

splunk repo

05/06/2020

Defined in salt/fileroots/splunk/new_install.sls /etc/yum.repos.d/splunk.repo http://reposerver.msoc.defpoint.local/splunk

New Splunk Version Splunk 7.2 needs to be created for PROD moose

cd /var/www/html/splunk
mkdir 7.2
chown -R apache: .
cd 7.2
wget -O splunk-7.2.5.1-962d9a8e1586-linux-2.6-x86_64.rpm 'https://www.splunk.com/page/download_track?file=7.2.5.1/linux/splunk-7.2.5.1-962d9a8e1586-linux-2.6-x86_64.rpm&ac=&wget=true&name=wget&platform=Linux&architecture=x86_64&version=7.2.5.1&product=splunk&typed=release'
chown -R apache: .
cd /var/www/html/splunk/7.2
sudo -u apache createrepo `pwd`
restorecon -R /var/www/html/splunk