CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7784 from Security-Onion-Solutions/workstation_script

Browse Source 
modify so-analyst-install to work with new states and install on managers
This commit is contained in:
Josh Patterson
2022-04-13 14:37:24 -04:00
committed by GitHub
parent ecc29b586d 371fda09db
commit 2d094a3bfc
5 changed files with 112 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

307
salt/common/tools/sbin/so-analyst-install
View File

@@ -15,69 +15,21 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
if [ "$(id -u)" -ne 0 ]; then doc_workstation_url="https://docs.securityonion.net/en/2.3/analyst-vm.html"
echo "This script must be run using sudo!" {# we only want the script to install the workstation if it is CentOS -#}
exit 1 {% if grains.os == 'CentOS' -%}
fi {# if this is a manager -#}
{% if grains.master == grains.id.split('_')|first -%}
INSTALL_LOG=/root/so-analyst-install.log source /usr/sbin/so-common
exec &> >(tee -a "$INSTALL_LOG") pillar_file="/opt/so/saltstack/local/pillar/minions/{{grains.id}}.sls"
log() { if [ -f "$pillar_file" ]; then
msg=$1 if ! grep -q "^workstation:$" "$pillar_file"; then
level=${2:-I}
now=$(TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ")
echo -e "$now | $level | $msg" >> "$INSTALL_LOG" 2>&1
}
error() { FIRSTPASS=yes
log "$1" "E" while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do
}
info() {
log "$1" "I"
}
title() {
echo -e "\n-----------------------------\n $1\n-----------------------------\n" >> "$INSTALL_LOG" 2>&1
}
logCmd() {
cmd=$1
info "Executing command: $cmd"
$cmd >> "$INSTALL_LOG" 2>&1
}
analyze_system() {
title "System Characteristics"
logCmd "uptime"
logCmd "uname -a"
logCmd "free -h"
logCmd "lscpu"
logCmd "df -h"
logCmd "ip a"
}
analyze_system
OS=$(grep PRETTY_NAME /etc/os-release | grep 'CentOS Linux 7')
if [ $? -ne 0 ]; then
echo "This is an unsupported OS. Please use CentOS 7 to install the analyst node."
exit 1
fi
if [[ "$manufacturer" == "Security Onion Solutions" && "$family" == "Automated" ]]; then
INSTALL=yes
CURLCONTINUE=no
else
INSTALL=''
CURLCONTINUE=''
fi
FIRSTPASS=yes
while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do
if [[ "$FIRSTPASS" == "yes" ]]; then if [[ "$FIRSTPASS" == "yes" ]]; then
clear
echo "###########################################" echo "###########################################"
echo "## ** W A R N I N G ** ##" echo "## ** W A R N I N G ** ##"
echo "## _______________________________ ##" echo "## _______________________________ ##"
@@ -86,6 +38,8 @@ while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do
echo "## analyst node on this device will ##" echo "## analyst node on this device will ##"
echo "## make permanent changes to ##" echo "## make permanent changes to ##"
echo "## the system. ##" echo "## the system. ##"
echo "## A system reboot will be required ##"
echo "## to complete the install. ##"
echo "## ##" echo "## ##"
echo "###########################################" echo "###########################################"
echo "Do you wish to continue? (Type the entire word 'yes' to proceed or 'no' to exit)" echo "Do you wish to continue? (Type the entire word 'yes' to proceed or 'no' to exit)"
@@ -94,216 +48,53 @@ while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do
echo "Please type 'yes' to continue or 'no' to exit." echo "Please type 'yes' to continue or 'no' to exit."
fi fi
read INSTALL read INSTALL
done
if [[ $INSTALL == "no" ]]; then
echo "Exiting analyst node installation."
exit 0
fi
echo "Testing for internet connection with curl https://securityonionsolutions.com/"
CANCURL=$(curl -sI https://securityonionsolutions.com/ | grep "200 OK")
if [ $? -ne 0 ]; then
FIRSTPASS=yes
while [[ $CURLCONTINUE != "yes" ]] && [[ $CURLCONTINUE != "no" ]]; do
if [[ "$FIRSTPASS" == "yes" ]]; then
echo "We could not access https://securityonionsolutions.com/."
echo "Since packages are downloaded from the internet, internet access is required."
echo "If you would like to ignore this warning and continue anyway, please type 'yes'."
echo "Otherwise, type 'no' to exit."
FIRSTPASS=no
else
echo "Please type 'yes' to continue or 'no' to exit."
fi
read CURLCONTINUE
done done
if [[ "$CURLCONTINUE" == "no" ]]; then
if [[ $INSTALL == "no" ]]; then
echo "Exiting analyst node installation." echo "Exiting analyst node installation."
exit 0 exit 0
fi fi
# Add workstation pillar to the minion's pillar file
printf '%s\n'\
"workstation:"\
" gui:"\
" enabled: true"\
"" >> "$pillar_file"
echo "Applying the workstation state. This could take some time since there are many packages that need to be installed."
if salt-call state.apply workstation -linfo queue=True; then # make sure the state ran successfully
echo ""
echo "Analyst workstation has been installed!"
echo "Press ENTER to reboot or Ctrl-C to cancel."
read pause
reboot;
else else
echo "We were able to curl https://securityonionsolutions.com/." echo "There was an issue applying the workstation state. Please review the log above or at /opt/so/logs/salt/minion."
sleep 3
fi fi
else # workstation is already added
# Install a GUI text editor echo "The workstation pillar already exists in $pillar_file."
yum -y install gedit echo "To enable/disable the gui, set 'workstation:gui:enabled' to true or false in $pillar_file."
echo "Additional documentation can be found at $doc_workstation_url."
# Install misc utils fi
yum -y install wget curl unzip epel-release yum-plugin-versionlock; else # if the pillar file doesn't exist
echo "Could not find $pillar_file and add the workstation pillar."
# Install xWindows
yum -y groupinstall "X Window System";
yum -y install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts;
unlink /etc/systemd/system/default.target;
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target;
yum -y install file-roller
# Install Mono - prereq for NetworkMiner
yum -y install mono-core mono-basic mono-winforms expect
# Install NetworkMiner
yum -y install libcanberra-gtk2;
wget https://www.netresec.com/?download=NetworkMiner -O /tmp/nm.zip;
mkdir -p /opt/networkminer/
unzip /tmp/nm.zip -d /opt/networkminer/;
rm /tmp/nm.zip;
mv /opt/networkminer/NetworkMiner_*/* /opt/networkminer/
chmod +x /opt/networkminer/NetworkMiner.exe;
chmod -R go+w /opt/networkminer/AssembledFiles/;
chmod -R go+w /opt/networkminer/Captures/;
# Create networkminer shim
cat << EOF >> /bin/networkminer
#!/bin/bash
/bin/mono /opt/networkminer/NetworkMiner.exe --noupdatecheck "\$@"
EOF
chmod +x /bin/networkminer
# Convert networkminer ico file to png format
yum -y install ImageMagick
convert /opt/networkminer/networkminericon.ico /opt/networkminer/networkminericon.png
# Create menu entry
cat << EOF >> /usr/share/applications/networkminer.desktop
[Desktop Entry]
Name=NetworkMiner
Comment=NetworkMiner
Encoding=UTF-8
Exec=/bin/networkminer %f
Icon=/opt/networkminer/networkminericon-4.png
StartupNotify=true
Terminal=false
X-MultipleArgs=false
Type=Application
MimeType=application/x-pcap;
Categories=Network;
EOF
# Set default monospace font to Liberation
cat << EOF >> /etc/fonts/local.conf
<match target="pattern">
<test name="family" qual="any">
<string>monospace</string>
</test>
<edit binding="strong" mode="prepend" name="family">
<string>Liberation Mono</string>
</edit>
</match>
EOF
# Install Wireshark for Gnome
yum -y install wireshark-gnome;
# Install dnsiff
yum -y install dsniff;
# Install hping3
yum -y install hping3;
# Install netsed
yum -y install netsed;
# Install ngrep
yum -y install ngrep;
# Install scapy
yum -y install python36-scapy;
# Install ssldump
yum -y install ssldump;
# Install tcpdump
yum -y install tcpdump;
# Install tcpflow
yum -y install tcpflow;
# Install tcpxtract
yum -y install tcpxtract;
# Install whois
yum -y install whois;
# Install foremost
yum -y install https://forensics.cert.org/centos/cert/7/x86_64//foremost-1.5.7-13.1.el7.x86_64.rpm;
# Install chromium
yum -y install chromium;
# Install tcpstat
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcpstat-1.5.0/securityonion-tcpstat-1.5.0.rpm;
# Install tcptrace
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcptrace-6.6.7/securityonion-tcptrace-6.6.7.rpm;
# Install sslsplit
yum -y install libevent;
yum -y install sslsplit;
# Install Bit-Twist
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-bittwist-2.0.0/securityonion-bittwist-2.0.0.rpm;
# Install chaosreader
yum -y install perl-IO-Compress perl-Net-DNS;
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-chaosreader-0.95.10/securityonion-chaosreader-0.95.10.rpm;
chmod +x /bin/chaosreader;
if [ -f ../../files/analyst/README ]; then
cp ../../files/analyst/README /;
cp ../../files/analyst/so-wallpaper.jpg /usr/share/backgrounds/;
cp ../../files/analyst/so-lockscreen.jpg /usr/share/backgrounds/;
cp ../../files/analyst/so-login-logo-dark.svg /usr/share/pixmaps/;
else
cp /opt/so/saltstack/default/salt/common/files/analyst/README /;
cp /opt/so/saltstack/default/salt/common/files/analyst/so-wallpaper.jpg /usr/share/backgrounds/;
cp /opt/so/saltstack/default/salt/common/files/analyst/so-lockscreen.jpg /usr/share/backgrounds/;
cp /opt/so/saltstack/default/salt/common/files/analyst/so-login-logo-dark.svg /usr/share/pixmaps/;
fi fi
# Set background wallpaper {#- if this is not a manager #}
cat << EOF >> /etc/dconf/db/local.d/00-background {% else -%}
# Specify the dconf path
[org/gnome/desktop/background]
# Specify the path to the desktop background image file echo "Since this is not a manager, the pillar values to enable analyst workstation must be set manually. Please view the documentation at $doc_workstation_url."
picture-uri='file:///usr/share/backgrounds/so-wallpaper.jpg'
# Specify one of the rendering options for the background image:
# 'none', 'wallpaper', 'centered', 'scaled', 'stretched', 'zoom', 'spanned'
picture-options='zoom'
# Specify the left or top color when drawing gradients or the solid color
primary-color='000000'
# Specify the right or bottom color when drawing gradients
secondary-color='FFFFFF'
EOF
# Set lock screen {#- endif if this is a manager #}
cat << EOF >> /etc/dconf/db/local.d/00-screensaver {% endif -%}
[org/gnome/desktop/session]
idle-delay=uint32 180
[org/gnome/desktop/screensaver] {#- if not CentOS #}
lock-enabled=true {%- else %}
lock-delay=uint32 120
picture-options='zoom'
picture-uri='file:///usr/share/backgrounds/so-lockscreen.jpg'
EOF
cat << EOF >> /etc/dconf/db/local.d/locks/screensaver echo "The Analyst Workstation can only be installed on CentOS. Please view the documentation at $doc_workstation_url."
/org/gnome/desktop/session/idle-delay
/org/gnome/desktop/screensaver/lock-enabled
/org/gnome/desktop/screensaver/lock-delay
EOF
# Do not show the user list at login screen {#- endif grains.os == CentOS #}
cat << EOF >> /etc/dconf/db/local.d/00-login-screen {% endif -%}
[org/gnome/login-screen]
logo='/usr/share/pixmaps/so-login-logo-dark.svg'
disable-user-list=true
EOF
dconf update; exit 0
echo
echo "Analyst workstation has been installed!"
echo "Press ENTER to reboot or Ctrl-C to cancel."
read pause
reboot;

11
salt/workstation/packages.sls
View File

@@ -1,3 +1,6 @@
{# we only want this state to run it is CentOS #}
{% if grains.os == 'CentOS' %}
xwindows_group: xwindows_group:
pkg.group_installed: pkg.group_installed:
- name: X Window System - name: X Window System
@@ -45,3 +48,11 @@ workstation_packages:
- perl-Net-DNS - perl-Net-DNS
- securityonion-chaosreader - securityonion-chaosreader
- securityonion-analyst-extras - securityonion-analyst-extras
{% else %}
workstation_packages_os_fail:
test.fail_without_changes:
- comment: 'SO Analyst Workstation can only be installed on CentOS'
{% endif %}

10
salt/workstation/remove_gui.sls
View File

@@ -1,5 +1,15 @@
{# we only want this state to run it is CentOS #}
{% if grains.os == 'CentOS' %}
remove_graphical_target: remove_graphical_target:
file.symlink: file.symlink:
- name: /etc/systemd/system/default.target - name: /etc/systemd/system/default.target
- target: /lib/systemd/system/multi-user.target - target: /lib/systemd/system/multi-user.target
- force: True - force: True
{% else %}
workstation_trusted-ca_os_fail:
test.fail_without_changes:
- comment: 'SO Analyst Workstation can only be installed on CentOS'
{% endif %}

11
salt/workstation/trusted-ca.sls
View File

@@ -1,4 +1,7 @@
{# we only want this state to run it is CentOS #}
{% if grains.os == 'CentOS' %}
{% set global_ca_text = [] %} {% set global_ca_text = [] %}
{% set global_ca_server = [] %} {% set global_ca_server = [] %}
{% set manager = salt['grains.get']('master') %} {% set manager = salt['grains.get']('master') %}
@@ -22,3 +25,11 @@ update_ca_certs:
- name: update-ca-trust - name: update-ca-trust
- onchanges: - onchanges:
- x509: trusted_ca - x509: trusted_ca
{% else %}
workstation_trusted-ca_os_fail:
test.fail_without_changes:
- comment: 'SO Analyst Workstation can only be installed on CentOS'
{% endif %}

12
salt/workstation/xwindows.sls
View File

@@ -1,3 +1,7 @@
{# we only want this state to run it is CentOS #}
{% if grains.os == 'CentOS' %}
include: include:
- workstation.packages - workstation.packages
@@ -9,3 +13,11 @@ graphical_target:
- require: - require:
- pkg: X Window System - pkg: X Window System
- pkg: graphical_extras - pkg: graphical_extras
{% else %}
workstation_xwindows_os_fail:
test.fail_without_changes:
- comment: 'SO Analyst Workstation can only be installed on CentOS'
{% endif %}