Initial Commit

so-setup-network.sh

@@ -0,0 +1,103 @@
+#!/bin/bash
+
+# Check for prerequisites
+if [ "$(id -u)" -ne 0 ]; then
+        echo "This script must be run using sudo!"
+        exit 1
+fi
+
+if (whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 78) then
+
+	# Let folks know they need their management interface already set up.
+	whiptail --title "Security Onion Setup" --msgbox "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. You must hit OK to continue." 8 78
+
+  # What kind of install are we doing?
+  INSTALLTYPE=$(whiptail --title "Security Onion Setup" --radiolist \
+  "Choose Install Type:" 20 78 4 \
+  "EVALMODE" "Evaluate all the things" ON \
+  "SENSORONLY" "Sensor join existing grid" OFF \
+  "MASTERONLY" "Start a new grid with no sensor running on it" OFF \
+  "MASTERSENSOR" "Start a new grid with a sensor" OFF 3>&1 1>&2 2>&3 )
+
+  # Get list of NICS if it isn't master only
+  if [ $INSTALLTYPE != 'MASTERONLY' ]; then
+
+    NICS=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \"" "Interface" "\"" " OFF"}')
+
+    # Pick which interface you want to use as the Management
+  	MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 78 12 ${NICS[@]} 3>&1 1>&2 2>&3 )
+
+    # Filter out the management NIC from the monitor NICs
+    FNICS=$(ip link | grep -vw $MNIC | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \"" "Interface" "\"" " OFF"}')
+	  BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interfave" 20 78 12 ${FNICS[@]} 3>&1 1>&2 2>&3 )
+  fi
+  if [ $INSTALLTYPE == 'SENSORONLY' ]; then
+    # Get the master server for the install
+    MASTERSRV=$(whiptail --title "Enter your Master Server IP Address")
+  fi
+
+  # Time to get asnwers to questions so we can fill out the pillar file
+  if [ $INSTALLTYPE != 'MASTERONLY' ]; then
+    # Ask what IDS to use
+    # Ask how many CPUs to use for bro
+  fi
+
+  if [ $INSTALLTYPE != 'SENSORONLY' ]; then
+    # Get pulled pork info
+  fi
+
+  #########################
+  ## Do all the things!! ##
+  #########################
+
+  # Detect Base OS
+  if [ -f /etc/redhat-release ]; then
+    OS=centos
+  elif [ -f /etc/os-release ]; then
+    OS=ubuntu
+  else
+    echo "We were unable to determine if you are using a supported OS."
+    exit
+  fi
+
+  # Create bond interface
+  if [ $INSTALLTYPE != 'MASTERONLY' ]; then
+    echo "Setting up Bond"
+  fi
+
+  # Install Updates and the Docker Package
+  if [ $OS == 'centos']; then
+    ADDUSER=adduser
+    yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
+    yum clean expire-cache
+    yum -y install salt-minion
+    if [ $INSTALLTYPE != 'SENSORONLY' ]; then
+      yum -y install salt-master
+    fi
+  else
+    ADDUSER=useradd
+    apt-get -y upgrade
+    wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add -
+    apt-get update
+    apt-get install salt-minion
+  fi
+
+  # Create so-core user
+  mkdir -p /opt/so/conf
+  mkdir -p /opt/so/saltstack/salt
+  mkdir -p /opt/so/saltstack/pillar
+  groupadd --gid 939 socore
+  $ADDUSER --uid 939 --gid 939 --home-dir /opt/so --no-create-home socore
+
+  chown -R 939:939 /opt/so
+
+  if [ $INSTALLTYPE == 'SENSORONLY' ]; then
+    service salt-minion start
+    salt-call state.highstate
+    # Script to accept key on the master
+
+
+# They did not want to do the install
+else
+    exit
+fi