| #!/bin/env bash |
| # Copyright (c) HashiCorp, Inc. |
| # SPDX-License-Identifier: BUSL-1.1 |
| |
| set -exo pipefail |
| |
| # Run nc to listen on port 9090 for the socket auditor. We spawn nc |
| # with nohup to ensure that the listener doesn't expect a SIGHUP and |
| # thus block the SSH session from exiting or terminating on exit. |
| # We immediately write to STDIN from /dev/null to give nc an |
| # immediate EOF so as to not block on expecting STDIN. |
| nohup nc -kl 9090 &> /dev/null < /dev/null & |
| |
| # Wait for nc to be listening before we attempt to enable the socket auditor. |
| attempts=3 |
| count=0 |
| until nc -zv 127.0.0.1 9090 &> /dev/null < /dev/null; do |
| wait=$((2 ** count)) |
| count=$((count + 1)) |
| |
| if [ "$count" -le "$attempts" ]; then |
| sleep "$wait" |
| if ! pgrep -x nc; then |
| nohup nc -kl 9090 &> /dev/null < /dev/null & |
| fi |
| else |
| |
| echo "Timed out waiting for nc to listen on 127.0.0.1:9090" 1>&2 |
| exit 1 |
| fi |
| done |
| |
| sleep 1 |
| |
| # Enable the auditors. |
| $VAULT_BIN_PATH audit enable file file_path="$LOG_FILE_PATH" |
| $VAULT_BIN_PATH audit enable syslog tag="vault" facility="AUTH" |
| $VAULT_BIN_PATH audit enable socket address="127.0.0.1:9090" || true |
