CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Setup Changes

Browse Source
This commit is contained in:
Mike Reeves
2019-12-02 11:16:24 -05:00
parent ffaadcf1ca
commit 130eceab14
3 changed files with 143 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
setup/functions.sh
View File

@@ -1,3 +1,5 @@
#!/bin/bash
# Functions # Functions
accept_salt_key_local() { accept_salt_key_local() {
@@ -16,6 +18,14 @@ accept_salt_key_remote() {
} }
add_admin_user() {
# Add an admin user with full sudo rights if this is an ISO install.
useradd $ADMINUSER && echo $ADMINUSER:$ADMINPASS1 | chpasswd --crypt-method=SHA512
usermod -aG wheel $ADMINUSER
}
add_master_hostfile() { add_master_hostfile() {
echo "Checking if I can resolve master. If not add to hosts file" >> $SETUPLOG 2>&1 echo "Checking if I can resolve master. If not add to hosts file" >> $SETUPLOG 2>&1
# Pop up an input to get the IP address # Pop up an input to get the IP address
@@ -49,7 +59,7 @@ add_socore_user_notmaster() {
} }
# Create an auth pillar so that passwords survive re-install # Create an auth pillar so that passwords survive re-install
auth_pillar(){ auth_pillar() {
if [ ! -f /opt/so/saltstack/pillar/auth.sls ]; then if [ ! -f /opt/so/saltstack/pillar/auth.sls ]; then
echo "Creating Auth Pillar" >> $SETUPLOG 2>&1 echo "Creating Auth Pillar" >> $SETUPLOG 2>&1
@@ -128,9 +138,14 @@ calculate_useable_cores() {
} }
checkin_at_boot() { check_admin_pass() {
echo "Enabling checkin at boot" >> $SETUPLOG 2>&1
echo "startup_states: highstate" >> /etc/salt/minion if [ $ADMINPASS1 == $ADMINPASS2 ]; then
APMATCH=yes
else
whiptail_passwords_dont_match
fi
} }
check_hive_init_then_reboot() { check_hive_init_then_reboot() {
@@ -160,6 +175,13 @@ check_socore_pass() {
} }
checkin_at_boot() {
echo "Enabling checkin at boot" >> $SETUPLOG 2>&1
echo "startup_states: highstate" >> /etc/salt/minion
}
chown_salt_master() { chown_salt_master() {
echo "Chown the salt dirs on the master for socore" >> $SETUPLOG 2>&1 echo "Chown the salt dirs on the master for socore" >> $SETUPLOG 2>&1
@@ -168,6 +190,7 @@ chown_salt_master() {
} }
clear_master() { clear_master() {
# Clear out the old master public key in case this is a re-install. # Clear out the old master public key in case this is a re-install.
# This only happens if you re-install the master. # This only happens if you re-install the master.
if [ -f /etc/salt/pki/minion/minion_master.pub ]; then if [ -f /etc/salt/pki/minion/minion_master.pub ]; then
@@ -213,7 +236,12 @@ configure_minion() {
copy_master_config() { copy_master_config() {
# Copy the master config template to the proper directory # Copy the master config template to the proper directory
cp files/master /etc/salt/master if [ $ISOINSTALL == '1' ]; then
cp /root/SecurityOnion/files/master /etc/salt/master
else
cp ../files/master /etc/salt/master
fi
# Restart the service so it picks up the changes -TODO Enable service on CentOS # Restart the service so it picks up the changes -TODO Enable service on CentOS
service salt-master restart service salt-master restart
@@ -229,7 +257,7 @@ copy_minion_tmp_files() {
scp -prv -i /root/.ssh/so.key $TMP/* socore@$MSRV:/opt/so/saltstack >> $SETUPLOG 2>&1 scp -prv -i /root/.ssh/so.key $TMP/* socore@$MSRV:/opt/so/saltstack >> $SETUPLOG 2>&1
fi fi
} }
copy_ssh_key() { copy_ssh_key() {
@@ -242,50 +270,40 @@ copy_ssh_key() {
} }
network_setup() {
echo "Setting up Bond" >> $SETUPLOG 2>&1
# Set the MTU
if [ "$NSMSETUP" != 'ADVANCED' ]; then
MTU=1500
fi
# Create the bond interface
nmcli con add ifname bond0 con-name "bond0" type bond mode 0 -- \
ipv4.method disabled \
ipv6.method link-local \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1
for BNIC in ${BNICS[@]}; do
# Strip the quotes from the NIC names
BONDNIC="$(echo -e "${BNIC}" | tr -d '"')"
# Turn off various offloading settings for the interface
for i in rx tx sg tso ufo gso gro lro; do
ethtool -K $BONDNIC $i off >> $SETUPLOG 2>&1
done
# Create the slave interface and assign it to the bond
nmcli con add type ethernet ifname $BONDNIC con-name "bond0-slave-$BONDNIC" master bond0 -- \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1
# Bring the slave interface up
nmcli con up bond0-slave-$BONDNIC >> $SETUPLOG 2>&1
done
# Replace the variable string in the network script
sed -i "s/\$MAININT/${MAININT}/g" ./install_scripts/disable-checksum-offload.sh >> $SETUPLOG 2>&1
# Copy the checksum offload script to prevent issues with packet capture
cp ./install_scripts/disable-checksum-offload.sh /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh >> $SETUPLOG 2>&1
}
detect_os() { detect_os() {
# Detect Base OS # Detect Base OS
echo "Detecting Base OS" >> $SETUPLOG 2>&1 echo "Detecting Base OS" >> $SETUPLOG 2>&1
if [ -f /etc/redhat-release ]; then if [ -f /etc/redhat-release ]; then
OS=centos OS=centos
if grep -q "CentOS Linux release 7" /etc/redhat-release; then
OSVER=7
elif grep -q "CentOS Linux release 8" /etc/redhat-release; then
OSVER=8
echo "We currently do not support CentOS $OSVER but we are working on it!"
exit
else
echo "We do not support the version of CentOS you are trying to use"
exit
fi
# Install bind-utils so the host command exists
yum -y install bind-utils yum -y install bind-utils
elif [ -f /etc/os-release ]; then elif [ -f /etc/os-release ]; then
OS=ubuntu OS=ubuntu
if grep -q "UBUNTU_CODENAME=bionic" /etc/os-release; then
OSVER=bionic
echo "We currently don't support Ubuntu $OSVER but we are working on it!"
exit
elif grep -q "UBUNTU_CODENAME=xenial" /etc/os-release; then
OSVER=xenial
else
echo "We do not support your current version of Ubuntu"
exit
fi
# Install netowrk manager so we can do interface stuff
apt install -y network-manager apt install -y network-manager
/bin/systemctl enable network-manager /bin/systemctl enable network-manager
/bin/systemctl start network-manager /bin/systemctl start network-manager
@@ -296,6 +314,15 @@ detect_os() {
} }
disable_onion_user() {
# Disable the default account cause security.
usermod -L onion
}
docker_install() { docker_install() {
if [ $OS == 'centos' ]; then if [ $OS == 'centos' ]; then
@@ -363,12 +390,6 @@ es_heapsize() {
} }
eval_mode_hostsfile() {
echo "127.0.0.1 $HOSTNAME" >> /etc/hosts
}
filter_nics() { filter_nics() {
# Filter the NICs that we don't want to see in setup # Filter the NICs that we don't want to see in setup
@@ -567,6 +588,41 @@ minio_generate_keys() {
} }
network_setup() {
echo "Setting up Bond" >> $SETUPLOG 2>&1
# Set the MTU
if [ "$NSMSETUP" != 'ADVANCED' ]; then
MTU=1500
fi
# Create the bond interface
nmcli con add ifname bond0 con-name "bond0" type bond mode 0 -- \
ipv4.method disabled \
ipv6.method link-local \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1
for BNIC in ${BNICS[@]}; do
# Strip the quotes from the NIC names
BONDNIC="$(echo -e "${BNIC}" | tr -d '"')"
# Turn off various offloading settings for the interface
for i in rx tx sg tso ufo gso gro lro; do
ethtool -K $BONDNIC $i off >> $SETUPLOG 2>&1
done
# Create the slave interface and assign it to the bond
nmcli con add type ethernet ifname $BONDNIC con-name "bond0-slave-$BONDNIC" master bond0 -- \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1
# Bring the slave interface up
nmcli con up bond0-slave-$BONDNIC >> $SETUPLOG 2>&1
done
# Replace the variable string in the network script
sed -i "s/\$MAININT/${MAININT}/g" ./install_scripts/disable-checksum-offload.sh >> $SETUPLOG 2>&1
# Copy the checksum offload script to prevent issues with packet capture
cp ../install_scripts/disable-checksum-offload.sh /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh >> $SETUPLOG 2>&1
}
node_pillar() { node_pillar() {
NODEPILLARPATH=$TMP/pillar/nodes NODEPILLARPATH=$TMP/pillar/nodes
@@ -923,18 +979,6 @@ salt_checkin() {
} }
salt_checkin_message() {
# Warn the user that this might take a while
echo "####################################################"
echo "## ##"
echo "## Applying and Installing everything ##"
echo "## (This will take a while) ##"
echo "## ##"
echo "####################################################"
}
salt_firstcheckin() { salt_firstcheckin() {
#First Checkin #First Checkin
@@ -949,10 +993,17 @@ salt_master_directories() {
mkdir -p /opt/so/saltstack/pillar mkdir -p /opt/so/saltstack/pillar
# Copy over the salt code and templates # Copy over the salt code and templates
cp -R pillar/* /opt/so/saltstack/pillar/ if [ $ISOINSTALL == '1' ]; then
cp /root/SecurityOnion/pillar/* /opt/so/saltstack/pillar/
cp /root/SecurityOnion/salt/* /opt/so/saltstack/salt/
else
# if ISO /root/SecurityOnion/blah
cp -R ../pillar/* /opt/so/saltstack/pillar/
cp -R ../salt/* /opt/so/saltstack/salt/
fi
chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh
chmod +x /opt/so/saltstack/pillar/data/addtotab.sh chmod +x /opt/so/saltstack/pillar/data/addtotab.sh
cp -R salt/* /opt/so/saltstack/salt/
} }
@@ -1075,6 +1126,22 @@ set_initial_firewall_policy() {
} }
# Set up the management interface on the ISO
set_management_interface() {
if [ $ADDRESSTYPE == 'DHCP' ]; then
/usr/bin/nmcli con up $MNIC
/usr/bin/nmcli con mod $MNIC connection.autoconnect yes
else
# Set Static IP
/usr/bin/nmcli con mod $MNIC ipv4.addresses $MIP/$MMASK ipv4.gateway $MGATEWAY \
ipv4.dns $MDNS ipv4.dns-search $MSEARCH ipv4.method manual
/usr/bin/nmcli con up $MNIC
/usr/bin/nmcli con mod $MNIC connection.autoconnect yes
fi
}
set_node_type() { set_node_type() {
# Determine the node type based on whiplash choice # Determine the node type based on whiplash choice

13
setup/so-setup.sh
View File

@@ -17,7 +17,16 @@
# Source the other pieces of the setup # Source the other pieces of the setup
source functions.sh source functions.sh
source whiplash.sh source whiptail.sh
# See if this is an ISO install
OPTIONS=$1
if [[ $OPTIONS = 'iso' ]]; then
ISOINSTALL=1
else
ISOINSTALL=0
fi
# Global Variables # Global Variables
HOSTNAME=$(cat /etc/hostname) HOSTNAME=$(cat /etc/hostname)
@@ -49,8 +58,6 @@ if (whiptail_you_sure); then
# Create a temp dir to get started # Create a temp dir to get started
install_prep install_prep
# Determine if this is a network install or ISO install
# Let folks know they need their management interface already set up. # Let folks know they need their management interface already set up.
whiptail_network_notice whiptail_network_notice

8
setup/whiplash.sh → setup/whiptail.sh
View File

@@ -36,8 +36,10 @@ whiptail_bro_pins() {
whiptail_bro_version() { whiptail_bro_version() {
BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 78 4 "ZEEK" "Install Zeek (aka Bro)" ON \ BROVERSION=$(whiptail --title "Security Onion Setup" \
"COMMUNITY" "Install Community NSM" OFF "SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3) --radiolist "What tool would you like to use to generate meta data?" 20 78 4 \
"ZEEK" "Install Zeek (aka Bro)" ON \
"SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -170,10 +172,10 @@ whiptail_install_type() {
"SENSORONLY" "Create a forward only sensor" ON \ "SENSORONLY" "Create a forward only sensor" ON \
"STORAGENODE" "Add a Storage Hot Node with parsing" OFF \ "STORAGENODE" "Add a Storage Hot Node with parsing" OFF \
"MASTERONLY" "Start a new grid" OFF \ "MASTERONLY" "Start a new grid" OFF \
"EVALMODE" "Evaluate all the things" OFF \
"PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF \ "PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF \
"HOTNODE" "TODO Add a Hot Node (Storage Node without Parsing)" OFF \ "HOTNODE" "TODO Add a Hot Node (Storage Node without Parsing)" OFF \
"WARMNODE" "TODO Add a Warm Node to an existing Hot or Storage node" OFF \ "WARMNODE" "TODO Add a Warm Node to an existing Hot or Storage node" OFF \
"EVALMODE" "Evaluate all the things" OFF \
"WAZUH" "TODO Stand Alone Wazuh Node" OFF \ "WAZUH" "TODO Stand Alone Wazuh Node" OFF \
"STRELKA" "TODO Stand Alone Strelka Node" OFF \ "STRELKA" "TODO Stand Alone Strelka Node" OFF \
"FLEET" "TODO Stand Alone Fleet OSQuery Node" OFF 3>&1 1>&2 2>&3 ) "FLEET" "TODO Stand Alone Fleet OSQuery Node" OFF 3>&1 1>&2 2>&3 )