Search code examples
linuxamazon-web-servicesamazon-s3operating-systemrhel

AWS - Differentiate OSTYPE in Linux


I'm trying to write up a script to install tenable agents. It runs through a maintenance window every hour and will skip the install if the agent already exists. I currently have 2 tasks, one for RHEL and one for Amazon Linux 2, but RHEL for some reason keeps failing, so I wanted to swap the script for the linux one to just include RHEL.

The problem is, Amazon Linux and RHEL both spit back VERY similar information when using uname (Linux) and $OSTYPE (linux-gnu) But each needs a different Nessus file:

Amazon Linux 2 requires - "NessusAgent-8.2.0-amzn.x86_64.rpm"
Redhat EL 8 requires - "NessusAgent-8.2.0-es8.x86_64.rpm"

Does anyone know of a good way to differentiate?

Here is what I have so far. I swapped the OSTYPE value to show what I need in place:

serviceName="nessusagent"

if systemctl --all --type service | grep -q "$serviceName";then
    echo "$serviceName exists."
else
    if [[ "$OSTYPE" == "Amazon Linux 2"* ]]; then
        wget "https://lmi-infosec-tenable.s3.amazonaws.com/NessusAgent-8.2.0-amzn.x86_64.rpm" -P /tmp/nessus/
        sudo rpm -ivh /tmp/nessus/NessusAgent-8.2.0-amzn.x86_64.rpm
        sudo /sbin/service nessusagent start
        sudo /opt/nessus_agent/sbin/nessuscli agent link --key=<key_value>--groups=<groups> --cloud
    else [[ "$OSTYPE" == "Redhat Enterprise Linux 8"* ]]; then
        mkdir /tmp/nessus/
        curl "https://lmi-infosec-tenable.s3.amazonaws.com/NessusAgent-8.2.0-es8.x86_64.rpm" --output /tmp/nessus/NessusAgent-8.2.0-es8.x86_64.rpm --silent
        sudo rpm -ivh /tmp/nessus/NessusAgent-8.2.0-es8.x86_64.rpm
        sudo /sbin/service nessusagent start
        sudo /opt/nessus_agent/sbin/nessuscli agent link --key=<key_value>--groups=<groups> --cloud
    fi
fi


Solution

  • As an update. I found that the simplest way to differentiate was actually with the wget tool. It's native on AL2 but on RHEL 8 you have to install it, so I modified the script to essentially attempt to retrieve a file with wget, if it fails, then it proceeds with curl and downloads the RHEL agent file. The finished script looks like this:

    serviceName="nessusagent"
    
    if systemctl --all --type service | grep -q "$serviceName";then
        echo "$serviceName exists."
    else
    
        wget "https://<bucket-name>/NessusAgent-8.2.0-amzn.x86_64.rpm" -P /tmp/nessus/
    
        if [ $? -ne 0 ] then
    
            mkdir /tmp/nessus/
    
            curl "https://<bucket-name>/NessusAgent-8.2.0-es8.x86_64.rpm" --output /tmp/nessus/NessusAgent-8.2.0-es8.x86_64.rpm --silent
    
            sudo rpm -ivh /tmp/nessus/NessusAgent-8.2.0-es8.x86_64.rpm
    
            sudo /sbin/service nessusagent start
    
            sudo /opt/nessus_agent/sbin/nessuscli agent link --key=<key>--groups=<groups> --cloud
       
        else
    
            sudo rpm -ivh /tmp/nessus/NessusAgent-8.2.0-amzn.x86_64.rpm
    
            sudo /sbin/service nessusagent start
    
            sudo /opt/nessus_agent/sbin/nessuscli agent link --key=<key>--groups=<groups> --cloud
    
        fi
    fi
    
    

    I know it's a relatively rudimentary way to accomplish this, but it suits my needs for the time crunch. I will evaluate more efficient options later down the road!

    Thanks for the help!