mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
184 lines
5.3 KiB
Bash
184 lines
5.3 KiB
Bash
#!/bin/bash
|
|
|
|
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
# Set the SO Version
|
|
VERSION=1.2.1
|
|
BUILD=HH
|
|
OLDVERSION=$(cat /etc/soversion)
|
|
|
|
clone_to_tmp() {
|
|
|
|
# TODO Need to add a air gap option
|
|
# Make a temp location for the files
|
|
mkdir /tmp/sogh
|
|
cd /tmp/sogh
|
|
#git clone -b dev https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
|
|
git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
|
|
|
|
}
|
|
|
|
detect_os() {
|
|
|
|
# Detect Base OS
|
|
echo "Detecting Base OS" >> $UPDATELOG 2>&1
|
|
if [ -f /etc/redhat-release ]; then
|
|
OS=centos
|
|
if grep -q "CentOS Linux release 7" /etc/redhat-release; then
|
|
OSVER=7
|
|
elif grep -q "CentOS Linux release 8" /etc/redhat-release; then
|
|
OSVER=8
|
|
echo "We currently do not support CentOS $OSVER but we are working on it!"
|
|
exit
|
|
else
|
|
echo "We do not support the version of CentOS you are trying to use"
|
|
exit
|
|
fi
|
|
|
|
elif [ -f /etc/os-release ]; then
|
|
OS=ubuntu
|
|
if grep -q "UBUNTU_CODENAME=bionic" /etc/os-release; then
|
|
OSVER=bionic
|
|
elif grep -q "UBUNTU_CODENAME=xenial" /etc/os-release; then
|
|
OSVER=xenial
|
|
else
|
|
echo "We do not support your current version of Ubuntu"
|
|
exit
|
|
fi
|
|
# Install network manager so we can do interface stuff
|
|
apt install -y network-manager
|
|
/bin/systemctl enable network-manager
|
|
/bin/systemctl start network-manager
|
|
else
|
|
echo "We were unable to determine if you are using a supported OS." >> $UPDATELOG 2>&1
|
|
exit
|
|
fi
|
|
|
|
echo "Found OS: $OS $OSVER" >> $UPDATELOG 2>&1
|
|
|
|
}
|
|
|
|
update_held_packages() {
|
|
|
|
if [ $OS == "centos" ]
|
|
SALTVER=2019.2.3
|
|
DOCKERVER=
|
|
yum -y --disableexcludes=all update salt-$SALTVER
|
|
yum -y --disableexcludes=all update docker-ce-$DOCKERVER
|
|
else
|
|
SALTVER=2019.2.3+ds-1
|
|
DOCKERVER=5:19.03.8~3-0~ubuntu-xenial
|
|
fi
|
|
|
|
}
|
|
|
|
update_all_packages() {
|
|
|
|
# Update all the things based on OS
|
|
if [ $OS == "centos" ]; then
|
|
yum -y update
|
|
else
|
|
apt -y update && apt -y upgrade
|
|
fi
|
|
|
|
}
|
|
|
|
update_docker_containers() {
|
|
if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then
|
|
TRUSTED_CONTAINERS=( \
|
|
"so-acng:$BUILD$VERSION" \
|
|
"so-auth-api:$BUILD$VERSION" \
|
|
"so-auth-ui:$BUILD$VERSION" \
|
|
"so-core:$BUILD$VERSION" \
|
|
"so-thehive-cortex:$BUILD$VERSION" \
|
|
"so-curator:$BUILD$VERSION" \
|
|
"so-domainstats:$BUILD$VERSION" \
|
|
"so-elastalert:$BUILD$VERSION" \
|
|
"so-elasticsearch:$BUILD$VERSION" \
|
|
"so-filebeat:$BUILD$VERSION" \
|
|
"so-fleet:$BUILD$VERSION" \
|
|
"so-fleet-launcher:$BUILD$VERSION" \
|
|
"so-freqserver:$BUILD$VERSION" \
|
|
"so-grafana:$BUILD$VERSION" \
|
|
"so-idstools:$BUILD$VERSION" \
|
|
"so-influxdb:$BUILD$VERSION" \
|
|
"so-kibana:$BUILD$VERSION" \
|
|
"so-logstash:$BUILD$VERSION" \
|
|
"so-mysql:$BUILD$VERSION" \
|
|
"so-navigator:$BUILD$VERSION" \
|
|
"so-playbook:$BUILD$VERSION" \
|
|
"so-redis:$BUILD$VERSION" \
|
|
"so-sensoroni:$BUILD$VERSION" \
|
|
"so-soctopus:$BUILD$VERSION" \
|
|
"so-steno:$BUILD$VERSION" \
|
|
#"so-strelka:$BUILD$VERSION" \
|
|
"so-suricata:$BUILD$VERSION" \
|
|
"so-telegraf:$BUILD$VERSION" \
|
|
"so-thehive:$BUILD$VERSION" \
|
|
"so-thehive-es:$BUILD$VERSION" \
|
|
"so-wazuh:$BUILD$VERSION" \
|
|
"so-zeek:$BUILD$VERSION" )
|
|
else
|
|
TRUSTED_CONTAINERS=( \
|
|
"so-core:$BUILD$VERSION" \
|
|
"so-filebeat:$BUILD$VERSION" \
|
|
"so-idstools:$BUILD$VERSION" \
|
|
"so-logstash:$BUILD$VERSION" \
|
|
"so-redis:$BUILD$VERSION" \
|
|
"so-sensoroni:$BUILD$VERSION" \
|
|
"so-steno:$BUILD$VERSION" \
|
|
"so-suricata:$BUILD$VERSION" \
|
|
"so-telegraf:$BUILD$VERSION" \
|
|
"so-zeek:$BUILD$VERSION" )
|
|
fi
|
|
|
|
# Download the container from the interwebs
|
|
for i in "${TRUSTED_CONTAINERS[@]}"
|
|
do
|
|
# Pull down the trusted docker image
|
|
echo "Downloading $i"
|
|
docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
|
|
# Tag it with the new registry destination
|
|
docker tag soshybridhunter/$i $HOSTNAME:5000/soshybridhunter/$i
|
|
docker push $HOSTNAME:5000/soshybridhunter/$i
|
|
done
|
|
|
|
for i in "${TRUSTED_CONTAINERS[@]}"
|
|
do
|
|
echo "Removing $i locally"
|
|
docker rmi soshybridhunter/$i
|
|
done
|
|
|
|
}
|
|
update_hh_version() {
|
|
# Change the version number in the static pillar
|
|
|
|
}
|
|
|
|
# Clone github
|
|
mkdir /tmp/sogh
|
|
cd /tmp/sogh
|
|
#git clone -b dev https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
|
|
git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack.git
|
|
cd securityonion-saltstack
|
|
rsync -a --exclude-from 'exclude-list.txt' salt /opt/so/saltstack/
|
|
chown -R socore:socore /opt/so/saltstack/salt
|
|
chmod 755 /opt/so/saltstack/pillar/firewall/addfirewall.sh
|
|
cd ~
|
|
rm -rf /tmp/sogh
|
|
# Run so-elastic-download here and call this soup with some magic
|
|
salt-call state.highstate
|