CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

New Setup Script Layout

Browse Source
This commit is contained in:
Mike Reeves
2019-12-03 16:05:35 -05:00
parent 8ca168a73d
commit 67e7fa19c2
4 changed files with 185 additions and 2523 deletions
Download Patch File Download Diff File Expand all files Collapse all files

176
setup/functions.sh
View File

@@ -1,6 +1,19 @@
#!/bin/bash #!/bin/bash
# Functions # Copyright 2014,2015,2016,2017,2018,2019 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
accept_salt_key_local() { accept_salt_key_local() {
echo "Accept the key locally on the master" >> $SETUPLOG 2>&1 echo "Accept the key locally on the master" >> $SETUPLOG 2>&1
@@ -59,7 +72,7 @@ add_socore_user_notmaster() {
} }
# Create an auth pillar so that passwords survive re-install # Create an auth pillar so that passwords survive re-install
auth_pillar() { auth_pillar(){
if [ ! -f /opt/so/saltstack/pillar/auth.sls ]; then if [ ! -f /opt/so/saltstack/pillar/auth.sls ]; then
echo "Creating Auth Pillar" >> $SETUPLOG 2>&1 echo "Creating Auth Pillar" >> $SETUPLOG 2>&1
@@ -176,10 +189,8 @@ check_socore_pass() {
} }
checkin_at_boot() { checkin_at_boot() {
echo "Enabling checkin at boot" >> $SETUPLOG 2>&1 echo "Enabling checkin at boot" >> $SETUPLOG 2>&1
echo "startup_states: highstate" >> /etc/salt/minion echo "startup_states: highstate" >> /etc/salt/minion
} }
chown_salt_master() { chown_salt_master() {
@@ -190,7 +201,6 @@ chown_salt_master() {
} }
clear_master() { clear_master() {
# Clear out the old master public key in case this is a re-install. # Clear out the old master public key in case this is a re-install.
# This only happens if you re-install the master. # This only happens if you re-install the master.
if [ -f /etc/salt/pki/minion/minion_master.pub ]; then if [ -f /etc/salt/pki/minion/minion_master.pub ]; then
@@ -250,26 +260,61 @@ copy_master_config() {
copy_minion_tmp_files() { copy_minion_tmp_files() {
if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
echo "rsyncing all files in $TMP to /opt/so/saltstack" >> $SETUPLOG 2>&1 echo "rsyncing pillar and salt files in $TMP to /opt/so/saltstack"
rsync -a -v $TMP/ /opt/so/saltstack/ >> $SETUPLOG 2>&1 rsync -a -v $TMP/pillar/ /opt/so/saltstack/pillar/ >> $SETUPLOG 2>&1
rsync -a -v $TMP/salt/ /opt/so/saltstack/salt/ >> $SETUPLOG 2>&1
else else
echo "scp all files in $TMP to master /opt/so/saltstack" >> $SETUPLOG 2>&1 echo "scp pillar and salt files in $TMP to master /opt/so/saltstack"
scp -prv -i /root/.ssh/so.key $TMP/* socore@$MSRV:/opt/so/saltstack >> $SETUPLOG 2>&1 scp -prv -i /root/.ssh/so.key $TMP/pillar/* socore@$MSRV:/opt/so/saltstack/pillar >> $SETUPLOG 2>&1
scp -prv -i /root/.ssh/so.key $TMP/salt/* socore@$MSRV:/opt/so/saltstack/salt >> $SETUPLOG 2>&1
fi fi
} }
copy_ssh_key() { copy_ssh_key() {
echo "Generating SSH key"
# Generate SSH key # Generate SSH key
mkdir -p /root/.ssh mkdir -p /root/.ssh
cat /dev/zero | ssh-keygen -f /root/.ssh/so.key -t rsa -q -N "" cat /dev/zero | ssh-keygen -f /root/.ssh/so.key -t rsa -q -N ""
chown -R $SUDO_USER:$SUDO_USER /root/.ssh chown -R $SUDO_USER:$SUDO_USER /root/.ssh
echo "Copying the SSH key to the master"
#Copy the key over to the master #Copy the key over to the master
ssh-copy-id -f -i /root/.ssh/so.key socore@$MSRV ssh-copy-id -f -i /root/.ssh/so.key socore@$MSRV
} }
create_sensor_bond() {
echo "Setting up sensor bond" >> $SETUPLOG 2>&1
# Set the MTU
if [[ $NSMSETUP != 'ADVANCED' ]]; then
MTU=1500
fi
# Create the bond interface
nmcli con add ifname bond0 con-name "bond0" type bond mode 0 -- \
ipv4.method disabled \
ipv6.method link-local \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1
for BNIC in ${BNICS[@]}; do
# Strip the quotes from the NIC names
BONDNIC="$(echo -e "${BNIC}" | tr -d '"')"
# Turn off various offloading settings for the interface
for i in rx tx sg tso ufo gso gro lro; do
ethtool -K $BONDNIC $i off >> $SETUPLOG 2>&1
done
# Create the slave interface and assign it to the bond
nmcli con add type ethernet ifname $BONDNIC con-name "bond0-slave-$BONDNIC" master bond0 -- \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1
# Bring the slave interface up
nmcli con up bond0-slave-$BONDNIC >> $SETUPLOG 2>&1
done
}
detect_os() { detect_os() {
# Detect Base OS # Detect Base OS
@@ -303,7 +348,7 @@ detect_os() {
echo "We do not support your current version of Ubuntu" echo "We do not support your current version of Ubuntu"
exit exit
fi fi
# Install netowrk manager so we can do interface stuff # Install network manager so we can do interface stuff
apt install -y network-manager apt install -y network-manager
/bin/systemctl enable network-manager /bin/systemctl enable network-manager
/bin/systemctl start network-manager /bin/systemctl start network-manager
@@ -314,6 +359,14 @@ detect_os() {
} }
#disable_dnsmasq() {
# if [ -f /etc/NetworkManager/NetworkManager.conf ]; then
# echo "Disabling dnsmasq in /etc/NetworkManager/NetworkManager.conf"
# sed -e 's/^dns=dnsmasq/#dns=dnsmasq/g' -i /etc/NetworkManager/NetworkManager.conf
# fi
#}
disable_onion_user() { disable_onion_user() {
@@ -322,6 +375,18 @@ disable_onion_user() {
} }
disable_unused_nics() {
for UNUSED_NIC in ${FNICS[@]}; do
# Disable DHCPv4/v6 and autoconnect
nmcli con mod $UNUSED_NIC \
ipv4.method disabled \
ipv6.method link-local \
connection.autoconnect "no" >> $SETUPLOG 2>&1
# Flush any existing IPs
ip addr flush $UNUSED_NIC >> $SETUPLOG 2>&1
done
}
docker_install() { docker_install() {
@@ -341,7 +406,7 @@ docker_install() {
else else
if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
apt-get update >> $SETUPLOG 2>&1 apt-get update >> $SETUPLOG 2>&1
apt-get -y install docker-ce >> $SETUPLOG 2>&1 apt-get -y install docker-ce python3-docker >> $SETUPLOG 2>&1
if [ $INSTALLTYPE != 'EVALMODE' ]; then if [ $INSTALLTYPE != 'EVALMODE' ]; then
docker_registry >> $SETUPLOG 2>&1 docker_registry >> $SETUPLOG 2>&1
fi fi
@@ -351,13 +416,11 @@ docker_install() {
apt-key add $TMP/gpg/docker.pub >> $SETUPLOG 2>&1 apt-key add $TMP/gpg/docker.pub >> $SETUPLOG 2>&1
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> $SETUPLOG 2>&1 add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> $SETUPLOG 2>&1
apt-get update >> $SETUPLOG 2>&1 apt-get update >> $SETUPLOG 2>&1
apt-get -y install docker-ce >> $SETUPLOG 2>&1 apt-get -y install docker-ce python3-docker >> $SETUPLOG 2>&1
docker_registry >> $SETUPLOG 2>&1 docker_registry >> $SETUPLOG 2>&1
echo "Restarting Docker" >> $SETUPLOG 2>&1 echo "Restarting Docker" >> $SETUPLOG 2>&1
systemctl restart docker >> $SETUPLOG 2>&1 systemctl restart docker >> $SETUPLOG 2>&1
fi fi
echo "Using pip3 to install docker-py for salt"
pip3 install docker
fi fi
} }
@@ -390,11 +453,19 @@ es_heapsize() {
} }
filter_nics() { filter_unused_nics() {
# Set the main NIC as the default grep search string
grep_string=$MNIC
# Filter the NICs that we don't want to see in setup # If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string
FNICS=$(ip link | grep -vw $MNIC | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \"" "Interface" "\"" " OFF"}') if [[ $BNICS ]]; then
for BONDNIC in ${BNICS[@]}; do
grep_string="$grep_string\|$BONDNIC"
done
fi
# Finally, set FNICS to any NICs we aren't using (and ignore interfaces that aren't of use)
FNICS=$(ip link | grep -vwe $grep_string | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}')
} }
generate_passwords(){ generate_passwords(){
@@ -403,6 +474,7 @@ generate_passwords(){
FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
HIVEKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) HIVEKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
CORTEXKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) CORTEXKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
CORTEXORGUSERKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
SENSORONIKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) SENSORONIKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
} }
@@ -458,9 +530,9 @@ install_python3() {
echo "Installing Python3" echo "Installing Python3"
if [ $OS == 'ubuntu' ]; then if [ $OS == 'ubuntu' ]; then
apt-get -y install python3-pip gcc python3-dev apt-get -y install python3-pip python3-dev
elif [ $OS == 'centos' ]; then # elif [ $OS == 'centos' ]; then
yum -y install epel-release python3 # yum -y install epel-release python3
fi fi
} }
@@ -570,6 +642,9 @@ master_static() {
echo " cortexuser: cortexadmin" >> /opt/so/saltstack/pillar/static.sls echo " cortexuser: cortexadmin" >> /opt/so/saltstack/pillar/static.sls
echo " cortexpassword: cortexchangeme" >> /opt/so/saltstack/pillar/static.sls echo " cortexpassword: cortexchangeme" >> /opt/so/saltstack/pillar/static.sls
echo " cortexkey: $CORTEXKEY" >> /opt/so/saltstack/pillar/static.sls echo " cortexkey: $CORTEXKEY" >> /opt/so/saltstack/pillar/static.sls
echo " cortexorgname: SecurityOnion" >> /opt/so/saltstack/pillar/static.sls
echo " cortexorguser: soadmin" >> /opt/so/saltstack/pillar/static.sls
echo " cortexorguserkey: $CORTEXORGUSERKEY" >> /opt/so/saltstack/pillar/static.sls
echo " fleetsetup: 0" >> /opt/so/saltstack/pillar/static.sls echo " fleetsetup: 0" >> /opt/so/saltstack/pillar/static.sls
echo " sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls echo " sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls
if [[ $MASTERUPDATES == 'MASTER' ]]; then if [[ $MASTERUPDATES == 'MASTER' ]]; then
@@ -589,38 +664,19 @@ minio_generate_keys() {
} }
network_setup() { network_setup() {
echo "Setting up Bond" >> $SETUPLOG 2>&1 echo "Finishing up network setup" >> $SETUPLOG 2>&1
# Set the MTU echo "... Disabling unused NICs" >> $SETUPLOG 2>&1
if [ "$NSMSETUP" != 'ADVANCED' ]; then disable_unused_nics >> $SETUPLOG 2>&1
MTU=1500
fi
# Create the bond interface echo "... Setting ONBOOT for management interface" >> $SETUPLOG 2>&1
nmcli con add ifname bond0 con-name "bond0" type bond mode 0 -- \ nmcli con mod $MAININT connection.autoconnect "yes" >> $SETUPLOG 2>&1
ipv4.method disabled \
ipv6.method link-local \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1
for BNIC in ${BNICS[@]}; do echo "... Copying disable-checksum-offload.sh" >> $SETUPLOG 2>&1
# Strip the quotes from the NIC names cp ./install_scripts/disable-checksum-offload.sh /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh >> $SETUPLOG 2>&1
BONDNIC="$(echo -e "${BNIC}" | tr -d '"')"
# Turn off various offloading settings for the interface echo "... Modifying disable-checksum-offload.sh" >> $SETUPLOG 2>&1
for i in rx tx sg tso ufo gso gro lro; do sed -i "s/\$MAININT/${MAININT}/g" /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh >> $SETUPLOG 2>&1
ethtool -K $BONDNIC $i off >> $SETUPLOG 2>&1
done
# Create the slave interface and assign it to the bond
nmcli con add type ethernet ifname $BONDNIC con-name "bond0-slave-$BONDNIC" master bond0 -- \
ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1
# Bring the slave interface up
nmcli con up bond0-slave-$BONDNIC >> $SETUPLOG 2>&1
done
# Replace the variable string in the network script
sed -i "s/\$MAININT/${MAININT}/g" ./install_scripts/disable-checksum-offload.sh >> $SETUPLOG 2>&1
# Copy the checksum offload script to prevent issues with packet capture
cp ../install_scripts/disable-checksum-offload.sh /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh >> $SETUPLOG 2>&1
} }
node_pillar() { node_pillar() {
@@ -683,7 +739,7 @@ patch_schedule_os_new() {
mkdir -p $OSPATCHSCHEDULEDIR mkdir -p $OSPATCHSCHEDULEDIR
fi fi
echo "patch:" > $OSPATCHSCHEDULE echo "patch:" > $OSPATCHSCHEDULE
echo " os:" >> $OSPATCHSCHEDULE echo " os:" >> $OSPATCHSCHEDULE
echo " schedule:" >> $OSPATCHSCHEDULE echo " schedule:" >> $OSPATCHSCHEDULE
for psd in "${PATCHSCHEDULEDAYS[@]}" for psd in "${PATCHSCHEDULEDAYS[@]}"
@@ -722,8 +778,8 @@ saltify() {
if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
yum -y install wget https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm yum -y install wget https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2019-2.repo cp /etc/yum.repos.d/salt-py3-latest.repo /etc/yum.repos.d/salt-py3-2019-2.repo
sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-2019-2.repo sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-py3-2019-2.repo
# Download Ubuntu Keys in case master updates = 1 # Download Ubuntu Keys in case master updates = 1
mkdir -p /opt/so/gpg mkdir -p /opt/so/gpg
wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
@@ -934,13 +990,19 @@ EOF
# Copy down the gpg keys and install them from the master # Copy down the gpg keys and install them from the master
mkdir $TMP/gpg mkdir $TMP/gpg
scp socore@$MSRV:/opt/so/gpg/* $TMP/gpg echo "scp the gpg keys and install them from the master"
scp -v -i /root/.ssh/so.key socore@$MSRV:/opt/so/gpg/* $TMP/gpg
echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH"
apt-key add $TMP/gpg/SALTSTACK-GPG-KEY.pub apt-key add $TMP/gpg/SALTSTACK-GPG-KEY.pub
apt-key add $TMP/gpg/GPG-KEY-WAZUH apt-key add $TMP/gpg/GPG-KEY-WAZUH
echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list echo "deb http://repo.saltstack.com/py3/ubuntu/$UVER/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
# Initialize the new repos # Initialize the new repos
apt-get update >> $SETUPLOG 2>&1 apt-get update >> $SETUPLOG 2>&1
echo "Installing libssl-dev for M2Crypto"
apt-get -y install libssl-dev
echo "Using pip3 to install M2Crypto for Salt"
pip3 install M2Crypto
# Need to add python dateutil here # Need to add python dateutil here
apt-get -y install salt-minion=2019.2.2+ds-1 salt-common=2019.2.2+ds-1 >> $SETUPLOG 2>&1 apt-get -y install salt-minion=2019.2.2+ds-1 salt-common=2019.2.2+ds-1 >> $SETUPLOG 2>&1
apt-mark hold salt-minion salt-common apt-mark hold salt-minion salt-common
@@ -1012,7 +1074,9 @@ salt_install_mysql_deps() {
if [ $OS == 'centos' ]; then if [ $OS == 'centos' ]; then
yum -y install mariadb-devel yum -y install mariadb-devel
elif [ $OS == 'ubuntu' ]; then elif [ $OS == 'ubuntu' ]; then
apt-get -y install libmysqlclient-dev python3-mysqldb apt-get -y install libmysqlclient-dev gcc
echo "Using pip3 to install mysqlclient for salt"
pip3 install mysqlclient
fi fi
} }

63
setup/so-setup.sh
View File

@@ -48,7 +48,7 @@ got_root
detect_os detect_os
if [ $OS == ubuntu ]; then if [ $OS == ubuntu ]; then
# Override the Ubuntu whiptail color pallete # Override the horrible Ubuntu whiptail color pallete
update-alternatives --set newt-palette /etc/newt/palette.original update-alternatives --set newt-palette /etc/newt/palette.original
fi fi
@@ -151,7 +151,8 @@ if (whiptail_you_sure); then
get_filesystem_root get_filesystem_root
get_filesystem_nsm get_filesystem_nsm
# Enable Bro Logs # Enable Bro Logs
bro_logs_enabled # comment this out since we already copy this file to the destination that this function writes to
#bro_logs_enabled
# Figure out the main IP address # Figure out the main IP address
get_main_ip get_main_ip
@@ -165,10 +166,9 @@ if (whiptail_you_sure); then
# Install salt and dependencies # Install salt and dependencies
{ {
sleep 0.5 sleep 0.5
#install_pip3 >> $SETUPLOG 2>&1 install_python3 >> $SETUPLOG 2>&1
echo -e "XXX\n1\nInstalling and configuring Salt... \nXXX" echo -e "XXX\n1\nInstalling and configuring Salt... \nXXX"
echo " ** Installing Salt and Dependencies **" >> $SETUPLOG echo " ** Installing Salt and Dependencies **" >> $SETUPLOG
salt_install_mysql_deps >> $SETUPLOG 2>&1
saltify >> $SETUPLOG 2>&1 saltify >> $SETUPLOG 2>&1
echo -e "XXX\n5\nInstalling Docker... \nXXX" echo -e "XXX\n5\nInstalling Docker... \nXXX"
docker_install >> $SETUPLOG 2>&1 docker_install >> $SETUPLOG 2>&1
@@ -177,6 +177,7 @@ if (whiptail_you_sure); then
configure_minion master >> $SETUPLOG 2>&1 configure_minion master >> $SETUPLOG 2>&1
echo " ** Installing Salt Master **" >> $SETUPLOG echo " ** Installing Salt Master **" >> $SETUPLOG
install_master >> $SETUPLOG 2>&1 install_master >> $SETUPLOG 2>&1
salt_install_mysql_deps >> $SETUPLOG 2>&1
salt_master_directories >> $SETUPLOG 2>&1 salt_master_directories >> $SETUPLOG 2>&1
update_sudoers >> $SETUPLOG 2>&1 update_sudoers >> $SETUPLOG 2>&1
chown_salt_master >> $SETUPLOG 2>&1 chown_salt_master >> $SETUPLOG 2>&1
@@ -250,7 +251,9 @@ if (whiptail_you_sure); then
checkin_at_boot >> $SETUPLOG 2>&1 checkin_at_boot >> $SETUPLOG 2>&1
echo -e "XXX\n95\nVerifying Install... \nXXX" echo -e "XXX\n95\nVerifying Install... \nXXX"
salt-call state.highstate >> $SETUPLOG 2>&1 salt-call state.highstate >> $SETUPLOG 2>&1
echo -e "XX\n99\nFinishing touches... \nXXX"
filter_unused_nics >> $SETUPLOG 2>&1
network_setup >> $SETUPLOG 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0 } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}') GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
if [[ $GOODSETUP == '0' ]]; then if [[ $GOODSETUP == '0' ]]; then
@@ -273,7 +276,7 @@ if (whiptail_you_sure); then
if [ $INSTALLTYPE == 'SENSORONLY' ]; then if [ $INSTALLTYPE == 'SENSORONLY' ]; then
whiptail_management_nic whiptail_management_nic
filter_nics filter_unused_nics
whiptail_bond_nics whiptail_bond_nics
whiptail_management_server whiptail_management_server
whiptail_master_updates whiptail_master_updates
@@ -296,15 +299,15 @@ if (whiptail_you_sure); then
mkdir -p /nsm mkdir -p /nsm
get_filesystem_root get_filesystem_root
get_filesystem_nsm get_filesystem_nsm
copy_ssh_key copy_ssh_key >> $SETUPLOG 2>&1
{ {
sleep 0.5 sleep 0.5
echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX" echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
set_initial_firewall_policy >> $SETUPLOG 2>&1 set_initial_firewall_policy >> $SETUPLOG 2>&1
#echo -e "XXX\n1\nInstalling pip3... \nXXX" echo -e "XXX\n1\nInstalling pip3... \nXXX"
#install_pip3 >> $SETUPLOG 2>&1 install_python3 >> $SETUPLOG 2>&1
echo -e "XXX\n3\nCreating Bond Interface... \nXXX" echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
network_setup >> $SETUPLOG 2>&1 create_sensor_bond >> $SETUPLOG 2>&1
echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX" echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
sensor_pillar >> $SETUPLOG 2>&1 sensor_pillar >> $SETUPLOG 2>&1
echo "** Generating the patch pillar **" >> $SETUPLOG echo "** Generating the patch pillar **" >> $SETUPLOG
@@ -335,6 +338,9 @@ if (whiptail_you_sure); then
echo -e "XXX\n80\nVerifying Install... \nXXX" echo -e "XXX\n80\nVerifying Install... \nXXX"
salt-call state.highstate >> $SETUPLOG 2>&1 salt-call state.highstate >> $SETUPLOG 2>&1
checkin_at_boot >> $SETUPLOG 2>&1 checkin_at_boot >> $SETUPLOG 2>&1
echo -e "XX\n99\nFinishing touches... \nXXX"
filter_unused_nics >> $SETUPLOG 2>&1
network_setup >> $SETUPLOG 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0 } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}') GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
if [[ $GOODSETUP == '0' ]]; then if [[ $GOODSETUP == '0' ]]; then
@@ -355,7 +361,7 @@ if (whiptail_you_sure); then
whiptail_management_nic whiptail_management_nic
# Filter out the management NIC # Filter out the management NIC
filter_nics filter_unused_nics
# Select which NICs are in the bond # Select which NICs are in the bond
whiptail_bond_nics whiptail_bond_nics
@@ -402,16 +408,17 @@ if (whiptail_you_sure); then
{ {
sleep 0.5 sleep 0.5
echo -e "XXX\n0\nCreating Bond Interface... \nXXX" echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
network_setup >> $SETUPLOG 2>&1 create_sensor_bond >> $SETUPLOG 2>&1
#install_pip3 >> $SETUPLOG 2>&1 echo -e "XXX\n1\nInstalling Python 3... \nXXX"
echo -e "XXX\n1\nInstalling mysql dependencies for saltstack... \nXXX" install_python3 >> $SETUPLOG 2>&1
salt_install_mysql_deps >> $SETUPLOG 2>&1 echo -e "XXX\n2\nInstalling saltstack... \nXXX"
echo -e "XXX\n1\nInstalling saltstack... \nXXX"
saltify >> $SETUPLOG 2>&1 saltify >> $SETUPLOG 2>&1
echo -e "XXX\n3\nInstalling docker... \nXXX" echo -e "XXX\n3\nInstalling docker... \nXXX"
docker_install >> $SETUPLOG 2>&1 docker_install >> $SETUPLOG 2>&1
echo -e "XXX\n5\nInstalling master code... \nXXX" echo -e "XXX\n5\nInstalling master code... \nXXX"
install_master >> $SETUPLOG 2>&1 install_master >> $SETUPLOG 2>&1
echo -e "XXX\n5\nInstalling mysql dependencies for saltstack... \nXXX"
salt_install_mysql_deps >> $SETUPLOG 2>&1
echo -e "XXX\n6\nCopying salt code... \nXXX" echo -e "XXX\n6\nCopying salt code... \nXXX"
salt_master_directories >> $SETUPLOG 2>&1 salt_master_directories >> $SETUPLOG 2>&1
echo -e "XXX\n6\nupdating suduers... \nXXX" echo -e "XXX\n6\nupdating suduers... \nXXX"
@@ -481,22 +488,24 @@ if (whiptail_you_sure); then
echo -e "XXX\n85\nInstalling filebeat... \nXXX" echo -e "XXX\n85\nInstalling filebeat... \nXXX"
salt-call state.apply filebeat >> $SETUPLOG 2>&1 salt-call state.apply filebeat >> $SETUPLOG 2>&1
salt-call state.apply utility >> $SETUPLOG 2>&1 salt-call state.apply utility >> $SETUPLOG 2>&1
echo -e "XXX\n95\nInstalling misc components... \nXXX" echo -e "XXX\n90\nInstalling misc components... \nXXX"
salt-call state.apply schedule >> $SETUPLOG 2>&1 salt-call state.apply schedule >> $SETUPLOG 2>&1
salt-call state.apply soctopus >> $SETUPLOG 2>&1 salt-call state.apply soctopus >> $SETUPLOG 2>&1
if [[ $THEHIVE == '1' ]]; then if [[ $THEHIVE == '1' ]]; then
echo -e "XXX\n96\nInstalling The Hive... \nXXX" echo -e "XXX\n91\nInstalling The Hive... \nXXX"
salt-call state.apply hive >> $SETUPLOG 2>&1 salt-call state.apply hive >> $SETUPLOG 2>&1
fi fi
if [[ $PLAYBOOK == '1' ]]; then if [[ $PLAYBOOK == '1' ]]; then
echo -e "XXX\n97\nInstalling Playbook... \nXXX" echo -e "XXX\n93\nInstalling Playbook... \nXXX"
salt-call state.apply playbook >> $SETUPLOG 2>&1 salt-call state.apply playbook >> $SETUPLOG 2>&1
fi fi
echo -e "XXX\n98\nSetting checkin to run on boot... \nXXX" echo -e "XXX\n95\nSetting checkin to run on boot... \nXXX"
checkin_at_boot >> $SETUPLOG 2>&1 checkin_at_boot >> $SETUPLOG 2>&1
echo -e "XXX\n99\nVerifying Setup... \nXXX" echo -e "XXX\n98\nVerifying Setup... \nXXX"
salt-call state.highstate >> $SETUPLOG 2>&1 salt-call state.highstate >> $SETUPLOG 2>&1
echo -e "XX\n99\nFinishing touches... \nXXX"
filter_unused_nics >> $SETUPLOG 2>&1
network_setup >> $SETUPLOG 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0 } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}') GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
if [ $OS == 'centos' ]; then if [ $OS == 'centos' ]; then
@@ -563,13 +572,13 @@ if (whiptail_you_sure); then
mkdir -p /nsm mkdir -p /nsm
get_filesystem_root get_filesystem_root
get_filesystem_nsm get_filesystem_nsm
copy_ssh_key copy_ssh_key >> $SETUPLOG 2>&1
{ {
sleep 0.5 sleep 0.5
echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX" echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
set_initial_firewall_policy >> $SETUPLOG 2>&1 set_initial_firewall_policy >> $SETUPLOG 2>&1
#echo -e "XXX\n1\nInstalling pip3... \nXXX" echo -e "XXX\n1\nInstalling pip3... \nXXX"
#install_pip3 >> $SETUPLOG 2>&1 install_python3 >> $SETUPLOG 2>&1
echo -e "XXX\n5\nInstalling Salt Packages... \nXXX" echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"
saltify >> $SETUPLOG 2>&1 saltify >> $SETUPLOG 2>&1
echo -e "XXX\n20\nInstalling Docker... \nXXX" echo -e "XXX\n20\nInstalling Docker... \nXXX"
@@ -600,7 +609,9 @@ if (whiptail_you_sure); then
echo -e "XXX\n90\nVerifying Install... \nXXX" echo -e "XXX\n90\nVerifying Install... \nXXX"
salt-call state.highstate >> $SETUPLOG 2>&1 salt-call state.highstate >> $SETUPLOG 2>&1
checkin_at_boot >> $SETUPLOG 2>&1 checkin_at_boot >> $SETUPLOG 2>&1
echo -e "XX\n99\nFinishing touches... \nXXX"
filter_unused_nics >> $SETUPLOG 2>&1
network_setup >> $SETUPLOG 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0 } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}') GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
if [[ $GOODSETUP == '0' ]]; then if [[ $GOODSETUP == '0' ]]; then

38
setup/whiptail.sh
View File

@@ -1,8 +1,19 @@
########################################### #!/bin/bash
## ##
## Whiptail Menu Section ## # Copyright 2014,2015,2016,2017,2018,2019 Security Onion Solutions, LLC
## ##
########################################### # This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
whiptail_basic_bro() { whiptail_basic_bro() {
@@ -36,10 +47,8 @@ whiptail_bro_pins() {
whiptail_bro_version() { whiptail_bro_version() {
BROVERSION=$(whiptail --title "Security Onion Setup" \ BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 78 4 "ZEEK" "Install Zeek (aka Bro)" ON \
--radiolist "What tool would you like to use to generate meta data?" 20 78 4 \ "COMMUNITY" "Install Community NSM" OFF "SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3)
"ZEEK" "Install Zeek (aka Bro)" ON \
"SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -48,11 +57,16 @@ whiptail_bro_version() {
whiptail_bond_nics() { whiptail_bond_nics() {
BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 78 12 ${FNICS[@]} 3>&1 1>&2 2>&3 ) local nic_list=()
for FNIC in ${FNICS[@]}; do
nic_list+=($FNIC "Interface" "OFF")
done
BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 78 12 ${nic_list[@]} 3>&1 1>&2 2>&3 )
while [ -z "$BNICS" ] while [ -z "$BNICS" ]
do do
BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 78 12 ${FNICS[@]} 3>&1 1>&2 2>&3 ) BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 78 12 ${nic_list[@]} 3>&1 1>&2 2>&3 )
done done
local exitstatus=$? local exitstatus=$?
@@ -172,10 +186,10 @@ whiptail_install_type() {
"SENSORONLY" "Create a forward only sensor" ON \ "SENSORONLY" "Create a forward only sensor" ON \
"STORAGENODE" "Add a Storage Hot Node with parsing" OFF \ "STORAGENODE" "Add a Storage Hot Node with parsing" OFF \
"MASTERONLY" "Start a new grid" OFF \ "MASTERONLY" "Start a new grid" OFF \
"EVALMODE" "Evaluate all the things" OFF \
"PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF \ "PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF \
"HOTNODE" "TODO Add a Hot Node (Storage Node without Parsing)" OFF \ "HOTNODE" "TODO Add a Hot Node (Storage Node without Parsing)" OFF \
"WARMNODE" "TODO Add a Warm Node to an existing Hot or Storage node" OFF \ "WARMNODE" "TODO Add a Warm Node to an existing Hot or Storage node" OFF \
"EVALMODE" "Evaluate all the things" OFF \
"WAZUH" "TODO Stand Alone Wazuh Node" OFF \ "WAZUH" "TODO Stand Alone Wazuh Node" OFF \
"STRELKA" "TODO Stand Alone Strelka Node" OFF \ "STRELKA" "TODO Stand Alone Strelka Node" OFF \
"FLEET" "TODO Stand Alone Fleet OSQuery Node" OFF 3>&1 1>&2 2>&3 ) "FLEET" "TODO Stand Alone Fleet OSQuery Node" OFF 3>&1 1>&2 2>&3 )

2431
so-setup-network.sh
View File

File diff suppressed because it is too large Load Diff