CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Setup Script - Added all sensor types

Browse Source
This commit is contained in:
Mike Reeves
2018-03-21 13:46:15 -04:00
parent 84149fa8dc
commit e42ece2c93
1 changed files with 80 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
so-setup-network.sh
View File

@@ -25,6 +25,9 @@ CPUCORES=$(cat /proc/cpuinfo | grep processor | wc -l)
# Functions # Functions
bro_calculate_lbprocs () {
#Calculate total lbprocs for basic install
}
configure_minion () { configure_minion () {
local TYPE=$1 local TYPE=$1
@@ -41,7 +44,15 @@ copy_pillar () {
else else
PLOC="sensors" PLOC="sensors"
fi fi
# Make the minion check in so the key gets there
salt-call state.highstate
# Copy over the pillar
scp /tmp/$HOSTNAME.sls /opt/so/saltstack/pillar/$PLOC/ scp /tmp/$HOSTNAME.sls /opt/so/saltstack/pillar/$PLOC/
# Accept the key
ssh socore@$MASTERSRV 'sudo salt-key -ya $HOSTNAME'
} }
configure_sensor () { configure_sensor () {
@@ -53,11 +64,12 @@ configure_sensor () {
# Need to add pins loop # Need to add pins loop
} }
copy_ssh_key () { copy_ssh_key () {
# Generate and copy SSH key # Generate and copy SSH key
cat /dev/zero | ssh-keygen -t rsa -q -N "" cat /dev/zero | ssh-keygen -t rsa -q -N ""
#Copy the key over to the master #Copy the key over to the master
ssh-copy-id socore@MASTERSRV ssh-copy-id socore@$MASTER
} }
create_bond () { create_bond () {
@@ -176,10 +188,6 @@ node_pillar () {
} }
}
saltify_centos () {
# Install updates and Salt on CentOS
} }
saltify () { saltify () {
@@ -214,7 +222,7 @@ saltify () {
fi fi
} }
salt_directories () { salt_master_directories () {
# Create salt directories # Create salt directories
mkdir -p /opt/so/saltstack/salt mkdir -p /opt/so/saltstack/salt
mkdir -p /opt/so/saltstack/pillar mkdir -p /opt/so/saltstack/pillar
@@ -223,50 +231,68 @@ salt_directories () {
} }
update_sudoers () { update_sudoers () {
# Update Sudoers # Update Sudoers
echo "socore ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | sudo tee -a /etc/sudoers echo "socore ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | sudo tee -a /etc/sudoers
} }
whiptail_bro_pins () {
}
whiptail_bond_nics () { whiptail_bond_nics () {
BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 78 12 ${FNICS[@]} 3>&1 1>&2 2>&3 ) BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 78 12 ${FNICS[@]} 3>&1 1>&2 2>&3 )
} }
whiptail_install_type () { whiptail_install_type () {
# What kind of install are we doing? # What kind of install are we doing?
INSTALLTYPE=$(whiptail --title "Security Onion Setup" --radiolist \ INSTALLTYPE=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose Install Type:" 20 78 4 \ "Choose Install Type:" 20 78 4 \
"EVALMODE" "Evaluate all the things" ON \ "EVALMODE" "Evaluate all the things" ON \
"SENSORONLY" "Sensor join existing grid" OFF \ "SENSORONLY" "Create a forward only sensor" OFF \
"MASTERONLY" "Start a new grid with no sensor running on it" OFF \ "MASTERONLY" "Start a new grid" OFF \
"HEAVY" "Create a Heavy sensor. (Bad Idea)" OFF \ "STORAGENODE" "Add a Storage Node" OFF 3>&1 1>&2 2>&3 )
"STORAGENODE" "Add a node to the back end" OFF 3>&1 1>&2 2>&3 )
} }
whiptail_management_nic () { whiptail_management_nic () {
MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 78 12 ${NICS[@]} 3>&1 1>&2 2>&3 ) MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 78 12 ${NICS[@]} 3>&1 1>&2 2>&3 )
} }
whiptail_nids () { whiptail_nids () {
NIDS=$(whiptail --title "Security Onion Setup" --radiolist \ NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose which IDS to run:" 20 78 4 \ "Choose which IDS to run:" 20 78 4 \
"Suricata" "Evaluate all the things" ON 3>&1 1>&2 2>&3 ) "Suricata" "Evaluate all the things" ON 3>&1 1>&2 2>&3 )
} }
whiptail_oinkcode () { whiptail_oinkcode () {
OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \ OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your oinkcode" 10 60 XXXXXXX 3>&1 1>&2 2>&3) "Enter your oinkcode" 10 60 XXXXXXX 3>&1 1>&2 2>&3)
} }
whiptail_management_server () { whiptail_management_server () {
MASTERSRV=$(whiptail --title "Enter your Master Server IP Address" --inputbox 10 60 1.2.3.4 3>&1 1>&2 2>&3) MASTERSRV=$(whiptail --title "Enter your Master Server IP Address" --inputbox 10 60 1.2.3.4 3>&1 1>&2 2>&3)
} }
whiptail_network_notice () { whiptail_network_notice () {
whiptail --title "Security Onion Setup" --msgbox "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. You must hit OK to continue." 8 78 whiptail --title "Security Onion Setup" --msgbox "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. You must hit OK to continue." 8 78
} }
whiptail_rule_setup () { whiptail_rule_setup () {
# Get pulled pork info # Get pulled pork info
RULESETUP=$(whiptail --title "Security Onion Setup" --radiolist \ RULESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
"What IDS rules to use?:" 20 78 4 \ "What IDS rules to use?:" 20 78 4 \
@@ -276,11 +302,20 @@ whiptail_rule_setup () {
"TALOS" "Snort Subscriber (Talos) ruleset only and set a Snort Subscriber policy - requires Snort Subscriber oinkcode" OFF 3>&1 1>&2 2>&3 ) "TALOS" "Snort Subscriber (Talos) ruleset only and set a Snort Subscriber policy - requires Snort Subscriber oinkcode" OFF 3>&1 1>&2 2>&3 )
} }
whiptail_sensor_config () { whiptail_sensor_config () {
NSMSETUP=$(whiptail --title "Security Onion Setup" --radiolist \ NSMSETUP=$(whiptail --title "Security Onion Setup" --radiolist \
"What type of config would you like to use?:" 20 78 4 \ "What type of config would you like to use?:" 20 78 4 \
"BASIC" "Install NSM components with recommended settings" ON \ "BASIC" "Install NSM components with recommended settings" ON \
"ADVANCED" "Configure each component individually" OFF 3>&1 1>&2 2>&3 ) "ADVANCED" "Configure each component individually" OFF 3>&1 1>&2 2>&3 )
}
whiptail_you_sure() {
whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 78
} }
# End Functions # End Functions
@@ -290,7 +325,7 @@ detect_os
# Question Time # Question Time
if (whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 78) then if (whiptail_you_sure) then
# Let folks know they need their management interface already set up. # Let folks know they need their management interface already set up.
whiptail_network_notice whiptail_network_notice
@@ -298,15 +333,16 @@ if (whiptail --title "Security Onion Setup" --yesno "Are you sure you want to in
# What kind of install are we doing? # What kind of install are we doing?
whiptail_install_type whiptail_install_type
# Get list of NICS if it isn't master only # Configure NICs for boxes that will be running a sensor
if [ $INSTALLTYPE != 'MASTERONLY' ] || [ $INSTALLTYPE != 'STORAGENODE' ]; then if [ $INSTALLTYPE != 'MASTERONLY' ] || [ $INSTALLTYPE != 'STORAGENODE' ]; then
# Another option: cat /proc/net/dev | awk -F: '{print $1}' | grep -v 'lo\|veth\|br\|dock\|Inter\|byte'
# Pick which interface you want to use as the Management # Pick which interface you want to use as the Management
whiptail_management_nic whiptail_management_nic
# Filter out the management NIC from the monitor NICs # Filter out the management NIC from the monitor NICs
filter_nics filter_nics
# Choose what NICS to include in the bond
whiptail_bond_nics whiptail_bond_nics
fi fi
if [ $INSTALLTYPE == 'SENSORONLY' ] || [ $INSTALLTYPE == 'STORAGENODE' ]; then if [ $INSTALLTYPE == 'SENSORONLY' ] || [ $INSTALLTYPE == 'STORAGENODE' ]; then
@@ -318,25 +354,22 @@ if (whiptail --title "Security Onion Setup" --yesno "Are you sure you want to in
# Time to get asnwers to questions so we can fill out the pillar file # Time to get asnwers to questions so we can fill out the pillar file
if [ $INSTALLTYPE != 'MASTERONLY' ] || [ $INSTALLTYPE != 'STORAGENODE' ]; then if [ $INSTALLTYPE != 'MASTERONLY' ] || [ $INSTALLTYPE != 'STORAGENODE' ]; then
# Pick you NIDS. Currently on Suricata
whiptail_nids whiptail_nids
# Basic or Advanced setup?
# Commented out until Snort releases 3.x
#"Snort" "Sensor join existing grid" OFF 3>&1 1>&2 2>&3 )
whiptail_sensor_config whiptail_sensor_config
if [ $NSMSETUP == 'BASIC' ]; then if [ $NSMSETUP == 'BASIC' ]; then
# Calculate LB_Procs
$LBPROCS=some math
# Calculate Suricata stuff bro_calculate_lbprocs
fi fi
if [ $NSMSETUP == 'ADVANCED' ]; then if [ $NSMSETUP == 'ADVANCED' ]; then
# Ask if this is a VM
# Display CPU list for pinning # Display CPU list for pinning
$LBPROCS=Add the pins together that bro is using whiptail_bro_pins
# Pin steno # Pin steno
# Pin Bro
# Pin Suricata # Pin Suricata
fi fi
# Ask how many CPUs to use for bro # Ask how many CPUs to use for bro
@@ -358,21 +391,36 @@ if (whiptail --title "Security Onion Setup" --yesno "Are you sure you want to in
## Do all the things!! ## ## Do all the things!! ##
######################### #########################
if [ $INSTALLTYPE == 'SENSORONLY' ] || [ $INSTALLTYPE == 'STORAGENODE' ]; then # Need to ask if you are sure before proceeding
if [ $INSTALLTYPE == 'MASTERONLY']; then
fi
if [ $INSTALLTYPE == 'SENSORONLY' ]; then
# Make this a sensor
# Copy over the ssh key
copy_ssh_key copy_ssh_key
# Create the bond interface
fi
# Create bond interface
if [ $INSTALLTYPE != 'MASTERONLY' ] || [ $INSTALLTYPE != 'STORAGENODE' ]; then
create_bond create_bond
# Install Salt
saltify
fi fi
if [ $INSTALLTYPE == 'STORAGENODE' ]; then
# Make this a storage node
# Copy over the ssh key
copy_ssh_key
# Install Salt
saltify
fi
if [ $INSTALLTYPE == 'EVALMODE']; then
create_bond
fi
# Install Updates and the Salt Package
saltify
if [ $INSTALLTYPE != 'SENSORONLY' ] || [ $INSTALLTYPE != 'STORAGENODE' ]; then if [ $INSTALLTYPE != 'SENSORONLY' ] || [ $INSTALLTYPE != 'STORAGENODE' ]; then
install_master install_master