#!/bin/bash

# Copyright 2014-2020 Security Onion Solutions, LLC

#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.

if [ "$(id -u)" -ne 0 ]; then
	echo "This script must be run using sudo!"
	exit 1
fi

# Install a GUI text editor
yum -y install gedit

# Install misc utils
yum -y install wget curl unzip epel-release;

# Install xWindows
yum -y groupinstall "X Window System";
yum -y install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts;
unlink /etc/systemd/system/default.target;
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target;
yum -y install file-roller

# NetworkMiner has a compatibility issue with Mono 6 right now
if ! grep -q "NetworkMiner has a compatibility issue with Mono 6 right now" /etc/yum/pluginconf.d/versionlock.list; then

cat << EOF >> /etc/yum/pluginconf.d/versionlock.list

# NetworkMiner has a compatibility issue with Mono 6 right now
0:mono-complete-4.2.1.102-0.xamarin.1.*
0:mono-core-4.2.1.102-0.xamarin.1.*
0:mono-data-4.2.1.102-0.xamarin.1.*
0:mono-data-oracle-4.2.1.102-0.xamarin.1.*
0:mono-data-sqlite-4.2.1.102-0.xamarin.1.*
0:mono-devel-4.2.1.102-0.xamarin.1.*
0:mono-extras-4.2.1.102-0.xamarin.1.*
0:mono-locale-extras-4.2.1.102-0.xamarin.1.*
0:mono-mvc-4.2.1.102-0.xamarin.1.*
0:mono-nunit-4.2.1.102-0.xamarin.1.*
0:mono-reactive-4.2.1.102-0.xamarin.1.*
0:mono-wcf-4.2.1.102-0.xamarin.1.*
0:mono-web-4.2.1.102-0.xamarin.1.*
0:mono-winforms-4.2.1.102-0.xamarin.1.*
0:mono-winfxcore-4.2.1.102-0.xamarin.1.*
EOF

fi

# Install Mono - prereq for NetworkMiner
rpmkeys --import "http://pool.sks-keyservers.net/pks/lookup?op=get&search=0x3fa7e0328081bff6a14da29aa6a19b38d3d831ef";
curl https://download.mono-project.com/repo/centos7-stable.repo | tee /etc/yum.repos.d/mono-centos7-stable.repo;
yum -y install mono-core mono-basic mono-winforms expect

# Install NetworkMiner
yum -y install libcanberra-gtk2;
wget https://www.netresec.com/?download=NetworkMiner_2-4 -O /tmp/nm.zip;
mkdir -p /opt/networkminer/
unzip /tmp/nm.zip -d /opt/networkminer/;
rm /tmp/nm.zip;
mv /opt/networkminer/NetworkMiner_*/* /opt/networkminer/
chmod +x /opt/networkminer/NetworkMiner.exe;
chmod -R go+w /opt/networkminer/AssembledFiles/;
chmod -R go+w /opt/networkminer/Captures/;
# Create networkminer shim
cat << EOF >> /bin/networkminer
#!/bin/bash
/bin/mono /opt/networkminer/NetworkMiner.exe --noupdatecheck "\$@"
EOF
chmod +x /bin/networkminer
# Convert networkminer ico file to png format
yum -y install ImageMagick
convert /opt/networkminer/networkminericon.ico /opt/networkminer/networkminericon.png
# Create menu entry
cat << EOF >> /usr/share/applications/networkminer.desktop
[Desktop Entry]
Name=NetworkMiner
Comment=NetworkMiner
Encoding=UTF-8
Exec=/bin/networkminer %f
Icon=/opt/networkminer/networkminericon-4.png
StartupNotify=true
Terminal=false
X-MultipleArgs=false
Type=Application
MimeType=application/x-pcap;
Categories=Network;
EOF

# Set default monospace font to Liberation
cat << EOF >> /etc/fonts/local.conf
 <match target="pattern">
  <test name="family" qual="any">
   <string>monospace</string>
  </test>
  <edit binding="strong" mode="prepend" name="family">
   <string>Liberation Mono</string>
  </edit>
 </match>
EOF

# Install Wireshark for Gnome
yum -y install wireshark-gnome; 

# Install dnsiff
yum -y install dsniff;

# Install hping3
yum -y install hping3;

# Install netsed
yum -y install netsed;

# Install ngrep
yum -y install ngrep;

# Install scapy
yum -y install python36-scapy;

# Install ssldump
yum -y install ssldump;

# Install tcpdump
yum -y install tcpdump;

# Install tcpflow
yum -y install tcpflow;

# Install tcpxtract
yum -y install tcpxtract;

# Install whois
yum -y install whois;

# Install foremost
yum -y install https://forensics.cert.org/centos/cert/7/x86_64//foremost-1.5.7-13.1.el7.x86_64.rpm;

# Install chromium
yum -y install chromium;

# Install tcpstat
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcpstat-1.5.0/securityonion-tcpstat-1.5.0.rpm;

# Install tcptrace
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcptrace-6.6.7/securityonion-tcptrace-6.6.7.rpm;

# Install sslsplit
yum -y install libevent;
yum -y install sslsplit;

# Install Bit-Twist
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-bittwist-2.0.0/securityonion-bittwist-2.0.0.rpm;

# Install chaosreader
yum -y install perl-IO-Compress perl-Net-DNS;
yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-chaosreader-0.95.10/securityonion-chaosreader-0.95.10.rpm;
chmod +x /bin/chaosreader;

cp ../files/analyst/README /;

echo
echo "Analyst workstation has been installed!"
echo "Press ENTER to reboot or Ctrl-C to cancel."
read pause

reboot;