mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-26 10:53:07 +01:00
Merge branch 'dev' into feature/rotate-logs
# Conflicts: # setup/so-functions
This commit is contained in:
William Wernert
177
setup/so-analyst
177
setup/so-analyst
@@ -1,177 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright 2014-2020 Security Onion Solutions, LLC
|
||||
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
if [ "$(id -u)" -ne 0 ]; then
|
||||
echo "This script must be run using sudo!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Install a GUI text editor
|
||||
yum -y install gedit
|
||||
|
||||
# Install misc utils
|
||||
yum -y install wget curl unzip epel-release;
|
||||
|
||||
# Install xWindows
|
||||
yum -y groupinstall "X Window System";
|
||||
yum -y install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts;
|
||||
unlink /etc/systemd/system/default.target;
|
||||
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target;
|
||||
yum -y install file-roller
|
||||
|
||||
# NetworkMiner has a compatibility issue with Mono 6 right now
|
||||
if ! grep -q "NetworkMiner has a compatibility issue with Mono 6 right now" /etc/yum/pluginconf.d/versionlock.list; then
|
||||
|
||||
cat << EOF >> /etc/yum/pluginconf.d/versionlock.list
|
||||
|
||||
# NetworkMiner has a compatibility issue with Mono 6 right now
|
||||
0:mono-complete-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-core-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-data-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-data-oracle-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-data-sqlite-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-devel-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-extras-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-locale-extras-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-mvc-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-nunit-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-reactive-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-wcf-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-web-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-winforms-4.2.1.102-0.xamarin.1.*
|
||||
0:mono-winfxcore-4.2.1.102-0.xamarin.1.*
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
# Install Mono - prereq for NetworkMiner
|
||||
rpmkeys --import "http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x3fa7e0328081bff6a14da29aa6a19b38d3d831ef";
|
||||
curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo;
|
||||
yum -y install mono-core mono-basic mono-winforms expect
|
||||
|
||||
# Install NetworkMiner
|
||||
yum -y install libcanberra-gtk2;
|
||||
wget https://www.netresec.com/?download=NetworkMiner_2-4 -O /tmp/nm.zip;
|
||||
mkdir -p /opt/networkminer/
|
||||
unzip /tmp/nm.zip -d /opt/networkminer/;
|
||||
rm /tmp/nm.zip;
|
||||
mv /opt/networkminer/NetworkMiner_*/* /opt/networkminer/
|
||||
chmod +x /opt/networkminer/NetworkMiner.exe;
|
||||
chmod -R go+w /opt/networkminer/AssembledFiles/;
|
||||
chmod -R go+w /opt/networkminer/Captures/;
|
||||
# Create networkminer shim
|
||||
cat << EOF >> /bin/networkminer
|
||||
#!/bin/bash
|
||||
/bin/mono /opt/networkminer/NetworkMiner.exe --noupdatecheck "\$@"
|
||||
EOF
|
||||
chmod +x /bin/networkminer
|
||||
# Convert networkminer ico file to png format
|
||||
yum -y install ImageMagick
|
||||
convert /opt/networkminer/networkminericon.ico /opt/networkminer/networkminericon.png
|
||||
# Create menu entry
|
||||
cat << EOF >> /usr/share/applications/networkminer.desktop
|
||||
[Desktop Entry]
|
||||
Name=NetworkMiner
|
||||
Comment=NetworkMiner
|
||||
Encoding=UTF-8
|
||||
Exec=/bin/networkminer %f
|
||||
Icon=/opt/networkminer/networkminericon-4.png
|
||||
StartupNotify=true
|
||||
Terminal=false
|
||||
X-MultipleArgs=false
|
||||
Type=Application
|
||||
MimeType=application/x-pcap;
|
||||
Categories=Network;
|
||||
EOF
|
||||
|
||||
# Set default monospace font to Liberation
|
||||
cat << EOF >> /etc/fonts/local.conf
|
||||
<match target="pattern">
|
||||
<test name="family" qual="any">
|
||||
<string>monospace</string>
|
||||
</test>
|
||||
<edit binding="strong" mode="prepend" name="family">
|
||||
<string>Liberation Mono</string>
|
||||
</edit>
|
||||
</match>
|
||||
EOF
|
||||
|
||||
# Install Wireshark for Gnome
|
||||
yum -y install wireshark-gnome;
|
||||
|
||||
# Install dnsiff
|
||||
yum -y install dsniff;
|
||||
|
||||
# Install hping3
|
||||
yum -y install hping3;
|
||||
|
||||
# Install netsed
|
||||
yum -y install netsed;
|
||||
|
||||
# Install ngrep
|
||||
yum -y install ngrep;
|
||||
|
||||
# Install scapy
|
||||
yum -y install python36-scapy;
|
||||
|
||||
# Install ssldump
|
||||
yum -y install ssldump;
|
||||
|
||||
# Install tcpdump
|
||||
yum -y install tcpdump;
|
||||
|
||||
# Install tcpflow
|
||||
yum -y install tcpflow;
|
||||
|
||||
# Install tcpxtract
|
||||
yum -y install tcpxtract;
|
||||
|
||||
# Install whois
|
||||
yum -y install whois;
|
||||
|
||||
# Install foremost
|
||||
yum -y install https://forensics.cert.org/centos/cert/7/x86_64//foremost-1.5.7-13.1.el7.x86_64.rpm;
|
||||
|
||||
# Install chromium
|
||||
yum -y install chromium;
|
||||
|
||||
# Install tcpstat
|
||||
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcpstat-1.5.0/securityonion-tcpstat-1.5.0.rpm;
|
||||
|
||||
# Install tcptrace
|
||||
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcptrace-6.6.7/securityonion-tcptrace-6.6.7.rpm;
|
||||
|
||||
# Install sslsplit
|
||||
yum -y install libevent;
|
||||
yum -y install sslsplit;
|
||||
|
||||
# Install Bit-Twist
|
||||
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-bittwist-2.0.0/securityonion-bittwist-2.0.0.rpm;
|
||||
|
||||
# Install chaosreader
|
||||
yum -y install perl-IO-Compress perl-Net-DNS;
|
||||
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-chaosreader-0.95.10/securityonion-chaosreader-0.95.10.rpm;
|
||||
chmod +x /bin/chaosreader;
|
||||
|
||||
cp ../files/analyst/README /;
|
||||
|
||||
echo
|
||||
echo "Analyst workstation has been installed!"
|
||||
echo "Press ENTER to reboot or Ctrl-C to cancel."
|
||||
read pause
|
||||
|
||||
reboot;
|
||||
@@ -1104,7 +1104,6 @@ manager_pillar() {
|
||||
"logstash_settings:"\
|
||||
" ls_pipeline_batch_size: 125"\
|
||||
" ls_input_threads: 1"\
|
||||
" ls_batch_count: 125"\
|
||||
" lsheap: $LS_HEAP_SIZE"\
|
||||
" ls_pipeline_workers: $num_cpu_cores"\
|
||||
""\
|
||||
@@ -1333,8 +1332,8 @@ elasticsearch_pillar() {
|
||||
"logstash_settings:"\
|
||||
" ls_pipeline_batch_size: $LSPIPELINEBATCH"\
|
||||
" ls_input_threads: $LSINPUTTHREADS"\
|
||||
" ls_batch_count: $LSINPUTBATCHCOUNT"\
|
||||
" lsheap: $NODE_LS_HEAP_SIZE"\
|
||||
" ls_pipeline_workers: $num_cpu_cores"\
|
||||
"" >> "$pillar_file"
|
||||
|
||||
}
|
||||
|
||||
@@ -272,7 +272,7 @@ if [[ $is_manager && $is_node ]]; then
|
||||
LSPIPELINEWORKERS=1
|
||||
LSPIPELINEBATCH=125
|
||||
LSINPUTTHREADS=1
|
||||
LSINPUTBATCHCOUNT=125
|
||||
LSPIPELINEBATCH=125
|
||||
NIDS=Suricata
|
||||
ZEEKVERSION=ZEEK
|
||||
fi
|
||||
@@ -387,7 +387,6 @@ if [[ $is_node && ! $is_eval ]]; then
|
||||
whiptail_node_ls_pipeline_worker
|
||||
whiptail_node_ls_pipline_batchsize
|
||||
whiptail_node_ls_input_threads
|
||||
whiptail_node_ls_input_batch_count
|
||||
whiptail_cur_close_days
|
||||
whiptail_log_size_limit
|
||||
else
|
||||
@@ -396,7 +395,7 @@ if [[ $is_node && ! $is_eval ]]; then
|
||||
LSPIPELINEWORKERS=$num_cpu_cores
|
||||
LSPIPELINEBATCH=125
|
||||
LSINPUTTHREADS=1
|
||||
LSINPUTBATCHCOUNT=125
|
||||
LSPIPELINEBATCH=125
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -519,14 +518,9 @@ fi
|
||||
|
||||
set_progress_str 12 'Generating manager pillar'
|
||||
manager_pillar >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
if [[ $is_sensor || $is_import ]]; then
|
||||
set_progress_str 13 'Generating zeeklogs pillar'
|
||||
zeek_logs_enabled >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
|
||||
|
||||
set_progress_str 16 'Running first Salt checkin'
|
||||
salt_firstcheckin >> $setup_log 2>&1
|
||||
|
||||
@@ -623,7 +617,6 @@ fi
|
||||
salt-call state.apply -l info suricata >> $setup_log 2>&1
|
||||
|
||||
set_progress_str 67 "$(print_salt_state_apply 'zeek')"
|
||||
zeek_logs_enabled >> $setup_log 2>&1
|
||||
salt-call state.apply -l info zeek >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
|
||||
@@ -896,19 +896,6 @@ whiptail_node_ls_input_threads() {
|
||||
|
||||
}
|
||||
|
||||
whiptail_node_ls_input_batch_count() {
|
||||
|
||||
[ -n "$TESTING" ] && return
|
||||
|
||||
LSINPUTBATCHCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
|
||||
"\nEnter LogStash Input Batch Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
|
||||
|
||||
local exitstatus=$?
|
||||
whiptail_check_exitstatus $exitstatus
|
||||
|
||||
}
|
||||
|
||||
|
||||
#TODO: helper function to display error message or exit if batch mode
|
||||
# exit_if_batch <"Error string"> <Error code (int)>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user