Content Replication Script for Unix

Summary:

This document describes a Unix shell script used for replicating ArcSight content between two managers primarily for the use of ArcSight Professional Services. The script was developed in 2011 and has not been significantly updated since then. It includes dependencies detailed in a presentation by Aaron Wilson available at a specific URL. The script is designed to automate the process of exporting and importing packages from a primary Elastic Security Manager (ESM) to a secondary ESM, but cannot be set up as a cron job due to the need for user input, which poses security risks. The script must be manually tested and troubleshot after adding automatic replication functionality. To use the script: 1. Save it in a file named `replication.sh` under `/home/arcsight`. 2. Change ownership and permissions to ensure only the ArcSight user can execute it. 3. Modify variables such as `arcpath`, `primary`, and `secondary` according to your specific setup for export locations on the primary manager. The script performs a series of operations to replicate content: deleting old `.arb` files, exporting packages from the primary ESM, uninstalling existing packages on the secondary ESM, importing new `.arb` files into the secondary ESM, and installing these packages. It uses a while loop with incrementing and decrementing values for iteration over package names in the `PKG[]` array. The script iterates through a list of package names to import each package from the primary ESM to the secondary ESM using `arcsight package -action import`, then installs them sequentially on the secondary ESM with conflict resolution.

Details:

This script is designed for content replication on Unix systems, primarily intended for use by ArcSight Professional Services. It was initially developed in 2011 and has undergone no significant updates since then. The script includes dependencies that are detailed in a presentation by Aaron Wilson available at a specific URL. The script cannot be set up as a cron job due to the need to input credentials, which poses a security risk. Instead, it should be manually tested and troubleshot after adding automatic replication functionality. To use this script: 1. Save the script code in a file named `replication.sh` under `/home/arcsight`. 2. Change ownership and permissions of the file to ensure only the ArcSight user can execute it: ```bash chown arcsight:arcsight replication.sh chmod +x replication.sh ``` 3. Modify several variables within the script, such as `arcpath`, `primary`, and `secondary`. These should be updated according to your specific setup for export locations on the primary manager. The script is intended to automate the process of replicating ArcSight content between two managers and includes provisions for paths and credentials that need manual intervention due to security concerns. The script performs a series of operations to export and import packages from a primary Elastic Security Manager (ESM) to a secondary ESM. Here's a summary of the steps it follows: 1. **Delete Old .ARB Files**: It starts by deleting all existing `.arb` files in the `/tmp/replication` directory. 2. **Export Packages from Primary ESM**: The script exports each package listed in `PKG[]` array from the primary ESM to the `/tmp/replication` directory, using credentials provided by the user. 3. **Set Counter Back to Initial Value**: After exporting all packages, it resets a counter variable `n` back to its initial value (1). 4. **Uninstall Old Packages on Secondary ESM**: It uninstalls each package listed in the `PKG[]` array from the secondary ESM using the provided credentials. 5. **Set Counter Back to Initial Value Again**: The script resets the counter `n` again, this time back to 22. 6. **Import New .ARB Packages into Secondary ESM**: Finally, it imports the `.arb` files from the `/tmp/replication` directory into the secondary ESM. The script uses a while loop with incrementing and decrementing values of `n` to iterate over the package names in the `PKG[]` array for exporting, uninstalling, and importing operations. This script performs the following actions in sequence: 1. **Import .ARB Packages from Primary ESM**: It iterates through a list of package names (`${PKG<$n>

}`), constructs file paths, and uses `arcsight package -action import` to import each package from the primary ESM to the secondary ESM. The script then decreases the counter `$n` by 1 for the next iteration. 2. **Set Value of Counter Back to 22**: After completing the loop, the script sets the counter `n` back to 22 and clears the screen. 3. **Install .ARB Packages into Secondary ESM**: The script then enters a while-loop that continues as long as `$n` is greater than 0. It uses `arcsight package -action install` to install each package from the list onto the secondary ESM, resolving conflicts by default (`-conflict default`). After each installation, it decreases the counter `$n` and waits for 60 seconds before proceeding to the next package. 4. **Completion Message**: Once all packages are installed, the script clears the screen again and displays a completion message, then exits after waiting for 2 seconds. This script is designed to replicate a set of network management packages from a primary Enterprise Security Manager (ESM) to a secondary ESM, ensuring that each package is imported and installed correctly across both systems.