#!/bin/bash

D9_PAIRKEY=''
D9_SECGROUPS=''
D9_SERVERNAME=''
INSTALL_TYPE="FRESH"

# Make sure only root can run our script
if [ "$(id -u)" != "0" ]; then
   echo "Dome9 installer must be run as root" 1>&2
   exit 1
fi

# check if this is an upgrade, or fresh installation
if [ -f /usr/sbin/dome9d ]; then
    INSTALL_TYPE="UPGRADE"
fi

# Determine OS platform
UNAME=$(uname | tr "[:upper:]" "[:lower:]")
# If Linux, try to determine specific distribution
if [ "$UNAME" = "linux" ]; then
    # If available, use LSB to identify distribution
    if [ -f /etc/lsb-release -o -d /etc/lsb-release.d ]; then
        export DISTRO=$(lsb_release -i | cut -d: -f2 | sed s/'^\t'//)
    # For everything else (or if above failed), just use generic identifier
    else 
        if [ "${DISTRO}" = "" ] ; then
			if [ -f /etc/redhat-release ] ; then
						DISTRO='RedHat'
			elif [ -f /etc/system-release ] ; then
						DISTRO='AmazonAMI'
			elif [ -f /etc/debian_version ] ; then
						DISTRO='Debian'
			elif [ -f /etc/lsb-release ] ; then
						DISTRO='Ubuntu'
			fi
		fi
    fi
fi

INSTALLFOR=$DISTRO
# echo $DISTRO

# Printing Found OS and Distribution
echo "OS Found : " $UNAME
echo "Linux Distribution Found : " $DISTRO

# Unsetting used Vars
unset UNAME
unset DISTRO

# remove old ossec init file if left after uninstall
if [ "${INSTALLFOR}" != "" ] ; then
        OSSEC_INIT_FILE="/etc/ossec-init-dome9.conf"
        if [ -f $OSSEC_INIT_FILE ] ; then
                rm -f $OSSEC_INIT_FILE
        fi
fi

if [ "${INSTALLFOR}" = "RedHat" -o "${INSTALLFOR}" = "AmazonAMI" -o "${INSTALLFOR}" = "CentOS" ] ; then
    if [ "${INSTALL_TYPE}" = "FRESH" ] ; then
        echo '[*] Installing Dome9 Repository'
        
              rpm -Uvh https://s3.amazonaws.com/repository.dome9.com/centos/5/noarch/dome9-0.1.0-1.noarch.rpm > /dev/null || true
           

        echo '[*] Updating Repository Metadata'
        PROD=/etc/yum.repos.d/Dome9.repo
        STG=/etc/yum.repos.d/Dome9-Staging.repo
        if [ -d "/var/elasticbeanstalk" ]; then
            if [ -f $PROD ] || [ -f $STG ]; then
                echo '[*] Setting secondary repo in repo file'
                if [ -f $PROD ]; then
                    echo "" >> $PROD
                    echo "[Dome9]" >> $PROD
                    echo "name=Dome9 Repository" >> $PROD
                    echo "baseurl=https://s3.amazonaws.com/repository.dome9.com/centos/latest/" >> $PROD
                    echo "enabled=1" >> $PROD
                    echo "gpgcheck=1" >> $PROD
                    echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dome9.com" >> $PROD

                    echo 'Repo file updated'
                fi
                if [ -f $STG ]; then
                    echo "" >> $STG
                    echo "[Dome9Staging]" >> $STG
                    echo "name=Dome9 Repository" >> $STG
                    echo "baseurl=http://repo-stage.dome9.com/centos/latest/" >> $STG
                    echo "enabled=1" >> $STG
                    echo "gpgcheck=1" >> $STG
                    echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dome9.com" >> $STG

                    echo 'Staging repo file updated'
                fi
            fi
        fi

        # Running Yum update command

        yum check-update > /dev/null || true
        
        if [ "${centosVersion}" = "7" ] ; then
            echo '[*] Installing Centos 7 dependencies'
            yum -y install iptables-services > /dev/null 2>&1 || true
        fi
        
        echo '[*] Installing Dome9 Agent'
        yum -y install Dome9Agent > /dev/null 2>&1 || true
        if [ "${INSTALLFOR}" = "AmazonAMI" -a -d "/usr/lib/python2.7/site-packages" ] ; then
            echo '[*] Updating Python 2.7 packages'
            cd /usr/lib/python2.7/site-packages
            ln -s /usr/lib/python2.6/site-packages/dome9 dome9
        fi
    else
        echo '[*] Upgrading Dome9 Agent'
        yum -y update Dome9Agent
    fi	
        
elif [ "${INSTALLFOR}" = "Ubuntu" -o "${INSTALLFOR}" = "Debian" ] ; then
    if [ "${INSTALL_TYPE}" = "FRESH" ] ; then
        # Checking Distribution Version
		echo '[*] Checking' "${INSTALLFOR}" 'version'
        export DISTVER=$(lsb_release -r | cut -d: -f2 | sed s/'^\t'//)
        echo 'Version found: ' $DISTVER
        MINDISTVERSION="14.04"
        if [ "${INSTALLFOR}" = "Ubuntu" -a "${DISTVER%.*}" -gt "${MINDISTVERSION%.*}" ] ; then
            echo '[*] Installing Dome9 Pre-requisite'
            echo '[*] Installing Python 2.7'
            apt-get -qq install python2.7
            echo '[*] Downloading Python support'
            wget --quiet http://launchpadlibrarian.net/109052632/python-support_1.0.15_all.deb
            echo '[*] Deploying Python support Package'
            dpkg -i python-support_1.0.15_all.deb
        fi

        echo '[*] Installing Dome9 Repository'
        echo 'deb https://s3.amazonaws.com/repository.dome9.com/ubuntu lucid main' > /etc/apt/sources.list.d/dome9.list 
        echo -n '[*] Installing Dome9 Public Key '
        wget --quiet -O - https://s3.amazonaws.com/repository.dome9.com/ubuntu/dome9-key.asc | apt-key add -
        echo '[*] Updating Repository Metadata'
        export DEBIAN_FRONTEND=noninteractive
        apt-get -qq update
        echo '[*] Installing Dome9 Agent'
        
        apt-get -qq -y install dome9agent > /dev/null 2>&1;
        
    else
        echo '[*] Upgrading Dome9 Agent'
        apt-get update
        apt-get -y install dome9agent
    fi

else
        echo "Unsupported Linux Distribution"
        exit 1
fi

if [ "${INSTALL_TYPE}" = "UPGRADE" ] ; then
    echo "[*] Dome9 Agent Upgrade Completed Successfully"
    exit 0
fi

if [ "${D9_PAIRKEY}" = "" ] ; then
     echo "No Pairing Key Supplied"
     exit 1
fi


#  Added Certificate update
echo '[*] Updating Certificates file'
echo '
-----BEGIN CERTIFICATE-----
MIIGajCCBVKgAwIBAgIQAliga6nKYTcVf6Tgs+79uTANBgkqhkiG9w0BAQsFADBe
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRUaGF3dGUgVExTIFJTQSBDQSBHMTAe
Fw0yNDAzMjcwMDAwMDBaFw0yNTA0MjcyMzU5NTlaMGsxCzAJBgNVBAYTAklMMRYw
FAYDVQQHEw1UZWwgQXZpdi1ZYWZvMS4wLAYDVQQKEyVDSEVDSyBQT0lOVCBQVUJM
SUMgQ0xPVUQgU0VDVVJJVFkgTFREMRQwEgYDVQQDDAsqLmRvbWU5LmNvbTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALA/U127JaFMEA8JaMilpMslAviN
wob7q6le9sksq8aNyokWBwZsI45V2i1cKBUu1Ei3bEo9rB2rJ92JsGxFT8AP0J2l
X21jLMSUvRo3AlMQz+EaaO8pUwNgSML/+8XNIuATy9uk/eQu08+vbX5sim9yBNuJ
QCt3pjH0dlHXEzRJWz9ix0dlI37w57GRJFZ25VQ1zXM2v4q0qF57cJmujH1IwT6R
4SsTdmHxlDvGaekuV3hxwA02YznCnZpQRiV7E39JhS32BYakM1u8N5Bo5Hb054Xv
+1LHgEFQrZPaNRSrmqirsaHAH8LVMbRLOTxzeFcuOQHGeKweXbuhDFxm8A0CAwEA
AaOCAxUwggMRMB8GA1UdIwQYMBaAFKWM/jLM6w8s1BnGCLgAJIhdw8W3MB0GA1Ud
DgQWBBTMpx22ZZe4TT58+V2BObPHNqIQ2jAhBgNVHREEGjAYggsqLmRvbWU5LmNv
bYIJZG9tZTkuY29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEW
G2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIwMKAuoCyGKmh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVUTFNSU0FDQUcxLmNybDBwBggrBgEF
BQcBAQRkMGIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9zdGF0dXMudGhhd3RlLmNvbTA6
BggrBgEFBQcwAoYuaHR0cDovL2NhY2VydHMudGhhd3RlLmNvbS9UaGF3dGVUTFNS
U0FDQUcxLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFq
AWgAdQBOdaMnXJoQwzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAY6AZXlLAAAE
AwBGMEQCID7wFqv4k3qGFhduT38+vHmzAGe9qZJs5d7tgciBdR4uAiAVwchlnOfL
XB6+BcBK1JtQdFkLpPTPsFRyTUIi1afypgB2AH1ZHhLheCp7HGFnfF79+NCHXBSg
TpWeuQMv2Q6MLnm4AAABjoBlefYAAAQDAEcwRQIhAOCH6R0viMLUv1R/Z03S4GBw
Ky5YtUrQB51qKwQ2jcKDAiA+nwytb8P0djG+ksm872qa+uFvQETYcKBsBUHMp971
xAB3AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABjoBleZoAAAQD
AEgwRgIhAJ/kygWkRF4Hny2/DrK4nvHXUQl1W2lp9fG6+zuHBAKAAiEAmwGXb3VL
6Ob0D4id7E9ofX+9UWHOmFFFbXg1RWSpHeQwDQYJKoZIhvcNAQELBQADggEBAKPh
P6/cisz89Sj3Pl+ITgNwx9SZHuKYFBdE0y4W4UkMKTlUSHwtpIBoJXIyKwXaYwrt
P0h0Wawn9mCWkkFFueKyonaIxnWaZW7wmt0ttiSRkrcYiW6MM5N1XJVTJTDuORbS
urAsR5DpyLkMmeaLURk/PaX17B5Gxq5DHcqiWHuqQCuKUP36gn5BO+QRXxZyh3xn
VXR4DYHarDwAw4zHtc8Orpm6322RImJ7r28+IDbIRgCjzlHjmpNSHgYeEWHwzwqX
ibUyLE/4/aCS1s6Yd3B11Esg+pATIvnpy4WLoh5CezSXK1qylhby9kTqNQ74tyef
4n8o75GwwAw7N/nj8IY=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEizCCA3OgAwIBAgIQCQ7oxd5b+mLSri/3CXxIVzANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xNzExMDIxMjI0MjVaFw0yNzExMDIxMjI0MjVaMF4xCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xHTAbBgNVBAMTFFRoYXd0ZSBUTFMgUlNBIENBIEcxMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAxjngmPhVetC0b/ozbYJdzOBUA1sMog47030cAP+P
23ANUN8grXECL8NhDEF4F1R9tL0wY0mczHaR0a7lYanlxtwWo1s2uGnnyDs6mOCs
66ew2w3YETr6Tb14xgjpu1gGFtAeewaikO9Fud8hxGJTSwn8xeNkfKVWpD2L4vFN
36FNgxeilK6aE4ykgGAzNlokTp6hNOLAYpDySdLAPKzuJSQ7JCEZ6O+SDKywIdXL
oMTnpxuBKGSG88NWTo3CHCOGmQECia2yqdPDjgLqnEiYNjwQL8uMqj8rOvlMgviB
cHA7xty+7/uYLN6ZS7Vq1/F/lVhVOf5ej6jZdmB85szFbQIDAQABo4IBQDCCATww
HQYDVR0OBBYEFKWM/jLM6w8s1BnGCLgAJIhdw8W3MB8GA1UdIwQYMBaAFE4iVCAY
lebjbuYP+vq5Eu0GF485MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADA0BggrBgEFBQcBAQQo
MCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBCBgNVHR8E
OzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9i
YWxSb290RzIuY3JsMD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxo
dHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA0GCSqGSIb3DQEBCwUAA4IBAQC6
km0KA4sTb2VYpEBm/uL2HL/pZX9B7L/hbJ4NcoBe7V56oCnt7aeIo8sMjCRWTCWZ
D1dY0+2KZOC1dKj8d1VXXAtnjytDDuPPf6/iow0mYQTO/GAg/MLyL6CDm3FzDB8V
tsH/aeMgP6pgD1XQqz+haDnfnJTKBuxhcpnx3Adbleue/QnPf1hHYa8L+Rv8Pi5U
h4V9FwHOfphdMXOxi14OqmsiTbc5cOs9/uukH+YVsuFdWTna6IVw1qh+tEtyH16R
vmi7pkqyZYULOPMIE7avrljVVBZuikwARtY8tCVV6Pp9l3VeagBqb2ffgqNJt3C0
TYNYQI+BXG1R1cABlold
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH
MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI
2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx
1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ
q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz
tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ
vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV
5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY
1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4
NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG
Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91
8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe
pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
MrY=
-----END CERTIFICATE-----
' > /etc/dome9/ca-certs.pem



echo '[*] Pairing And Starting Dome9 Agent'
if [ "$D9_SECGROUPS" != "" ] && [ "$D9_SERVERNAME" != "" ]; then
        dome9d pair -k $D9_PAIRKEY -g "$D9_SECGROUPS" -s "$D9_SERVERNAME"
elif [ "$D9_SECGROUPS" != "" ]; then
        dome9d pair -k $D9_PAIRKEY -g "$D9_SECGROUPS"
elif [ "$D9_SERVERNAME" != "" ]; then
        dome9d pair -k $D9_PAIRKEY -s "$D9_SERVERNAME"
else
        dome9d pair -k $D9_PAIRKEY
fi

if [ $? -eq 0 ]; then
    echo "[*] Dome9 Agent Installation Completed Successfully"
else
    echo "[!] Installation Failed."
fi