CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ceb46c4ecaec1c581a02c8f0a82567d37cbba998
securityonion/setup/so-setup
William Wernert 3ef3c157f3 [refactor][WIP] Setup changes part 6
2020-04-18 19:10:33 -04:00

996 lines
32 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Source the other pieces of the setup
cd "$(dirname "$0")" || exit 255
source "./so-functions"
source "./so-whiptail"
source "./so-variables"
source "./so-constants"
source "./so-common-functions"
# See if this is an ISO install
setup_type=$1
export setup_type
case "$install_type" in
iso | network) # Accepted values
true
;;
*)
echo "Invalid install type, must be 'iso' or 'network'"
exit 1
;;
esac
# Allow execution of SO tools during setup
export PATH=$PATH:"$SCRIPTDIR/../salt/common/tools/sbin"
init_common() {
date -u > $setup_log 2>&1
echo "stty size is: $(stty size)" >> $setup_log 2>&1
got_root
detect_os
if [ "$OS" == ubuntu ]; then
update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1
fi
setterm -blank 0
echo "Asking user if they are sure they want to proceed" >> $setup_log 2>&1
if whiptail_you_sure; then
true
else
echo "User not sure. Cancelling setup.">> $setup_log 2>&1
whiptail_cancel
fi
case "$setup_type" in
'iso')
whiptail_set_hostname
whiptail_management_nic
whiptail_dhcp_or_static
if [ "$address_type" != 'DHCP' ]; then
whiptail_management_interface_ip
whiptail_management_interface_mask
whiptail_management_interface_gateway
whiptail_management_interface_dns
whiptail_management_interface_dns_search
fi
# Init networking so rest of install works
set_hostname_iso
set_management_interface
whiptail_create_admin_user
add_admin_user
disable_onion_user
collect_adminuser_inputs
;;
'network')
whiptail_network_notice
whiptail_set_hostname
whiptail_management_nic
;;
esac
# What kind of install are we doing?
whiptail_install_type
local short_name
short_name=$(echo "$hostname" | awk -F. '{print $1}')
MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]')
export MINION_ID
echo "MINION_ID = $MINION_ID" >> $setup_log 2>&1
whiptail_patch_schedule
# TODO: figure out if this works
filter_unused_nics
minion_type=$(get_minion_type)
}
init_eval() {
whiptail_bond_nics
whiptail_homenet_master
whiptail_components_adv_warning
whiptail_enable_components
}
init_helix() {
whiptail_bond_nics
whiptail_homenet_master
whiptail_helix_apikey
set_base_heapsizes
calculate_usable_cores
set_hostname
set_version
clear_master
set_main_ip
# Set various constants
RULESETUP=ETOPEN
NSMSETUP=BASIC
home_network_sensor=inherit
MASTERUPDATES=0
{
progress_str_printer &
set_progress_str 1 create_bond_str
create_sensor_bond
set_progress_str 2 salt_install_str
saltify # finishes at progress=8
set_progress_str 10 docker_install_str
docker_install
set_progress_str 12 salt_minion_init_str
configure_minion "$minion_type"
set_progress_str 13 'Configuring salt master'
copy_master_config
setup_salt_master_dirs
set_progress_str 15 'Updating sudoers file for soremote user'
update_sudoers
set_progress_str 16 gen_static_pillar_str
master_static
set_progress_str 17 gen_master_pillar_str
master_pillar
set_progress_str 18 gen_patch_pillar_str
patch_pillar
set_progress_str 19 'Generating the FireEye pillar'
fireeye_pillar
} | whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
}
####################
## Helix ##
####################
if [ "$install_type" == 'HELIXSENSOR' ]; then
filter_unused_nics
whiptail_bond_nics
whiptail_homenet_master
whiptail_helix_apikey
RULESETUP=ETOPEN
NSMSETUP=BASIC
home_network_sensor=inherit
MASTERUPDATES=0
es_heapsize >> $setup_log 2>&1
ls_heapsize >> $setup_log 2>&1
calculate_useable_cores >> "$setup_log" 2>&1
whiptail_make_changes
{
set_hostname;
set_version;
clear_master;
} >> "$setup_log" 2>&1
get_main_ip
# Install salt and dependencies
{
sleep 0.5
echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
create_sensor_bond >> $setup_log 2>&1
echo -e "XXX\n1\nGenerating Sensor Pillar... \nXXX"
sensor_pillar >> $setup_log 2>&1
echo -e "XXX\n2\nInstalling and configuring Salt... \nXXX"
echo " ** Installing Salt and Dependencies **" >> $setup_log
saltify >> $setup_log 2>&1
echo -e "XXX\n5\nInstalling Docker... \nXXX"
docker_install >> $setup_log 2>&1
echo -e "XXX\n10\nConfiguring Salt Master... \nXXX"
echo " ** Configuring Minion **" >> $setup_log
configure_minion helix >> $setup_log 2>&1
echo " ** Installing Salt Master **" >> $setup_log
copy_master_config >> $setup_log 2>&1
setup_salt_master_dirs >> $setup_log 2>&1
update_sudoers >> $setup_log 2>&1
echo -e "XXX\n25\nConfiguring Default Pillars... \nXXX"
master_static >> $setup_log 2>&1
echo "** Generating the master pillar **" >> $setup_log
master_pillar >> $setup_log 2>&1
echo "** Generating the patch pillar **" >> $setup_log
patch_pillar >> $setup_log 2>&1
echo "** Generating the FireEye pillar **" >> $setup_log
fireeye_pillar >> $setup_log 2>&1
echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
copy_minion_tmp_files >> $setup_log 2>&1
# Do a checkin to push the key up
echo "** Pushing the key up to Master **" >> $setup_log
salt_firstcheckin >> $setup_log 2>&1
# Accept the Master Key
echo "** Accepting the key on the master **" >> $setup_log
accept_salt_key_local >> $setup_log 2>&1
echo -e "XXX\n35\nConfiguring Firewall... \nXXX"
# Open the firewall
echo "** Setting the initial firewall policy **" >> $setup_log
set_initial_firewall_policy >> $setup_log 2>&1
echo -e "XXX\n40\nGenerating CA... \nXXX"
salt_checkin >> $setup_log 2>&1
salt-call state.apply ca >> $setup_log 2>&1
salt-call state.apply ssl >> $setup_log 2>&1
echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
salt-call state.apply registry >> $setup_log 2>&1
docker_seed_registry >> $setup_log 2>&1
echo -e "XXX\n43\nInstalling Common Components... \nXXX"
salt-call state.apply common >> $setup_log 2>&1
echo -e "XXX\n45\nApplying firewall rules... \nXXX"
salt-call state.apply firewall >> $setup_log 2>&1
salt-call state.apply master >> $setup_log 2>&1
salt-call state.apply idstools >> $setup_log 2>&1
echo -e "XXX\n40\nInstalling Redis... \nXXX"
salt-call state.apply redis >> $setup_log 2>&1
echo -e "XXX\n60\nInstalling Redis... \nXXX"
salt-call state.apply logstash >> $setup_log 2>&1
echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
salt-call state.apply filebeat >> $setup_log 2>&1
salt-call state.apply utility >> $setup_log 2>&1
salt-call state.apply schedule >> $setup_log 2>&1
echo -e "XXX\n97\nFinishing touches... \nXXX"
filter_unused_nics >> $setup_log 2>&1
network_setup >> $setup_log 2>&1
echo -e "XXX\n98\nVerifying Setup... \nXXX"
salt-call state.highstate >> $setup_log 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
if [[ $GOODSETUP == '0' ]]; then
whiptail_setup_complete
shutdown -r now
else
whiptail_setup_failed
shutdown -r now
fi
fi
####################
## Master ##
####################
if [ "$install_type" == 'MASTER' ]; then
# Would you like to do an advanced install?
whiptail_master_adv
# Choose Zeek or Community NSM
whiptail_bro_version
# Select Snort or Suricata
whiptail_nids
# Snag the HOME_NET
whiptail_homenet_master
# Pick your Ruleset
whiptail_rule_setup
# Get the code if it isn't ET Open
if [ "$RULESETUP" != 'ETOPEN' ]; then
# Get the code
whiptail_oinkcode
fi
# Find out how to handle updates
whiptail_master_updates
whiptail_enable_components
# Do Advacned Setup if they chose it
if [ "$MASTERADV" == 'ADVANCED' ]; then
# Ask which bro logs to enable - Need to add Suricata check
if [ "$BROVERSION" != 'SURICATA' ]; then
whiptail_master_adv_service_brologs
fi
fi
# Get a password for the soremote user
whiptail_create_soremote_user
SCMATCH=no
while [ "$SCMATCH" != 'yes' ]; do
whiptail_create_soremote_user_password1
whiptail_create_soremote_user_password2
check_soremote_pass
done
collect_webuser_inputs
get_redirect
# Last Chance to back out
whiptail_make_changes
set_hostname
set_version
generate_passwords
secrets_pillar
clear_master
# Enable Bro Logs
# comment this out since we already copy this file to the destination that this function writes to
#bro_logs_enabled
# Figure out the main IP address
get_main_ip
# Add the user so we can sit back and relax
add_socore_user_master
add_soremote_user_master
# Install salt and dependencies
{
sleep 0.5
echo -e "XXX\n1\nInstalling and configuring Salt... \nXXX"
echo " ** Installing Salt and Dependencies **" >> $setup_log
saltify >> $setup_log 2>&1
echo -e "XXX\n5\nInstalling Docker... \nXXX"
docker_install >> $setup_log 2>&1
echo -e "XXX\n10\nConfiguring Salt Master... \nXXX"
echo " ** Configuring Minion **" >> $setup_log
configure_minion master >> $setup_log 2>&1
echo " ** Installing Salt Master **" >> $setup_log
copy_master_config >> $setup_log 2>&1
setup_salt_master_dirs >> $setup_log 2>&1
update_sudoers >> $setup_log 2>&1
es_heapsize >> $setup_log 2>&1
ls_heapsize >> $setup_log 2>&1
echo -e "XXX\n25\nConfiguring Default Pillars... \nXXX"
master_static >> $setup_log 2>&1
echo "** Generating the master pillar **" >> $setup_log
master_pillar >> $setup_log 2>&1
echo "** Generating the patch pillar **" >> $setup_log
patch_pillar >> $setup_log 2>&1
echo -e "XXX\n30\nAccepting Salt Keys... \nXXX"
echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
copy_minion_tmp_files >> $setup_log 2>&1
# Do a checkin to push the key up
echo "** Pushing the key up to Master **" >> $setup_log
salt_firstcheckin >> $setup_log 2>&1
# Accept the Master Key
echo "** Accepting the key on the master **" >> $setup_log
accept_salt_key_local >> $setup_log 2>&1
echo -e "XXX\n35\nConfiguring Firewall... \nXXX"
# Open the firewall
echo "** Setting the initial firewall policy **" >> $setup_log
set_initial_firewall_policy >> $setup_log 2>&1
# Do the big checkin but first let them know it will take a bit.
echo -e "XXX\n40\nGenerating CA... \nXXX"
salt_checkin >> $setup_log 2>&1
salt-call state.apply ca >> $setup_log 2>&1
salt-call state.apply ssl >> $setup_log 2>&1
salt-call state.apply firewall >> $setup_log 2>&1
salt-call state.apply registry >> $setup_log 2>&1
echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
docker_seed_registry >> $setup_log 2>&1
echo -e "XXX\n43\nInstalling Common Components... \nXXX"
salt-call state.apply common >> $setup_log 2>&1
echo -e "XXX\n44\nInstalling SOC... \nXXX"
salt-call state.apply soc >> $setup_log 2>&1
echo -e "XXX\n45\nApplying firewall rules... \nXXX"
salt-call state.apply firewall >> $setup_log 2>&1
salt-call state.apply master >> $setup_log 2>&1
salt-call state.apply idstools >> $setup_log 2>&1
echo -e "XXX\n46\nInstalling Redis... \nXXX"
salt-call state.apply redis >> $setup_log 2>&1
if [[ $OSQUERY == '1' ]]; then
echo -e "XXX\n48\nInstalling MySQL... \nXXX"
salt-call state.apply mysql >> $setup_log 2>&1
fi
if [[ $WAZUH == '1' ]]; then
echo -e "XXX\n48\nInstalling Wazuh... \nXXX"
salt-call state.apply wazuh >> $setup_log 2>&1
fi
echo -e "XXX\n49\nInstalling Elastic Components... \nXXX"
salt-call state.apply elasticsearch >> $setup_log 2>&1
salt-call state.apply logstash >> $setup_log 2>&1
salt-call state.apply kibana >> $setup_log 2>&1
salt-call state.apply elastalert >> $setup_log 2>&1
echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
salt-call state.apply filebeat >> $setup_log 2>&1
salt-call state.apply utility >> $setup_log 2>&1
salt-call state.apply schedule >> $setup_log 2>&1
if [[ $OSQUERY == '1' ]]; then
echo -e "XXX\n79\nInstalling Fleet... \nXXX"
salt-call state.apply fleet >> $setup_log 2>&1
salt-call state.apply launcher >> $setup_log 2>&1
fi
echo -e "XXX\n85\nConfiguring SOctopus... \nXXX"
salt-call state.apply soctopus >> $setup_log 2>&1
if [[ $THEHIVE == '1' ]]; then
echo -e "XXX\n87\nInstalling TheHive... \nXXX"
salt-call state.apply hive >> $setup_log 2>&1
fi
if [[ $PLAYBOOK == '1' ]]; then
echo -e "XXX\n89\nInstalling Playbook... \nXXX"
salt-call state.apply playbook >> $setup_log 2>&1
fi
echo -e "XXX\n97\nFinishing touches... \nXXX"
filter_unused_nics >> $setup_log 2>&1
network_setup >> $setup_log 2>&1
echo -e "XXX\n98\nAdding user to SOC... \nXXX"
add_web_user >> $setup_log 2>&1
echo -e "XXX\n99\nVerifying Setup... \nXXX"
salt-call state.highstate >> $setup_log 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
if [[ $GOODSETUP == '0' ]]; then
whiptail_setup_complete
if [[ $THEHIVE == '1' ]]; then
check_hive_init_then_reboot
else
shutdown -r now
fi
else
whiptail_setup_failed
shutdown -r now
fi
fi
####################
## Sensor ##
####################
if [ $install_type == 'SENSOR' ]; then
filter_unused_nics
whiptail_bond_nics
whiptail_management_server
whiptail_master_updates
whiptail_homenet_sensor
whiptail_sensor_config
# Calculate lbprocs so we can call it in the prompts
calculate_useable_cores
if [ $NSMSETUP == 'ADVANCED' ]; then
whiptail_bro_pins
whiptail_suricata_pins
whiptail_bond_nics_mtu
else
whiptail_basic_bro
whiptail_basic_suri
fi
whiptail_make_changes
set_updates
set_hostname
clear_master
copy_ssh_key >> $setup_log 2>&1
{
sleep 0.5
echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
set_initial_firewall_policy >> $setup_log 2>&1
echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
create_sensor_bond >> $setup_log 2>&1
echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
sensor_pillar >> $setup_log 2>&1
echo "** Generating the patch pillar **" >> $setup_log
patch_pillar >> $setup_log 2>&1
echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
saltify >> $setup_log 2>&1
echo -e "XXX\n20\nInstalling Docker... \nXXX"
docker_install >> $setup_log 2>&1
echo -e "XXX\n22\nConfiguring Salt Minion... \nXXX"
configure_minion sensor >> $setup_log 2>&1
echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
copy_minion_tmp_files >> $setup_log 2>&1
echo -e "XXX\n25\nSending Salt Key to Master... \nXXX"
salt_firstcheckin >> $setup_log 2>&1
echo -e "XXX\n26\nTelling the Master to Accept Key... \nXXX"
# Accept the Salt Key
accept_salt_key_remote >> $setup_log 2>&1
echo -e "XXX\n27\nApplying SSL Certificates... \nXXX"
salt-call state.apply ca >> $setup_log 2>&1
salt-call state.apply ssl >> $setup_log 2>&1
echo -e "XXX\n35\nInstalling Core Components... \nXXX"
salt-call state.apply common >> $setup_log 2>&1
salt-call state.apply firewall >> $setup_log 2>&1
echo -e "XXX\n50\nInstalling PCAP... \nXXX"
salt-call state.apply pcap >> $setup_log 2>&1
echo -e "XXX\n60\nInstalling IDS components... \nXXX"
salt-call state.apply suricata >> $setup_log 2>&1
echo -e "XXX\n70\nInstalling Strelka... \nXXX"
salt-call state.apply strelka >> $setup_log 2>&1
echo -e "XXX\n97\nFinishing touches... \nXXX"
filter_unused_nics >> $setup_log 2>&1
network_setup >> $setup_log 2>&1
echo -e "XXX\n98\nVerifying Setup... \nXXX"
salt-call state.highstate >> $setup_log 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
if [[ $GOODSETUP == '0' ]]; then
whiptail_setup_complete
shutdown -r now
else
whiptail_setup_failed
shutdown -r now
fi
fi
#######################################
## Eval Mode or Master Search ##
#######################################
if [ $install_type == 'EVAL' ] || [ $install_type == 'MASTERSEARCH' ]; then
# Filter out the management NIC
filter_unused_nics
if [ $install_type == 'EVAL' ]; then
TYPE='eval'
# Select which NICs are in the bond
whiptail_bond_nics
elif [ $install_type == 'MASTERSEARCH' ]; then
TYPE='mastersearch'
fi
# Snag the HOME_NET
whiptail_homenet_master
whiptail_eval_adv_warning
whiptail_enable_components
# Set a bunch of stuff since this is eval
es_heapsize
ls_heapsize
NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
LSPIPELINEWORKERS=1
LSPIPELINEBATCH=125
LSINPUTTHREADS=1
LSINPUTBATCHCOUNT=125
RULESETUP=ETOPEN
NSMSETUP=BASIC
NIDS=Suricata
BROVERSION=ZEEK
CURCLOSEDAYS=30
if [ $install_type == 'MASTERSEARCH' ]; then
# Find out how to handle updates
whiptail_master_updates
# Get a password for the soremote user
whiptail_create_soremote_user
SCMATCH=no
while [ $SCMATCH != yes ]; do
whiptail_create_soremote_user_password1
whiptail_create_soremote_user_password2
check_soremote_pass
done
fi
collect_webuser_inputs
get_redirect
whiptail_make_changes
set_hostname
set_version
generate_passwords
secrets_pillar
clear_master
set_defaul_log_size
get_main_ip
# Add the user so we can sit back and relax
add_socore_user_master
add_soremote_user_master
{
# Check progress in child process
progress_str_printer &
if [ "$install_type" = 'EVAL' ]; then
set_progress_str 1 "Creating bond interface..."
create_sensor_bond >> $setup_log 2>&1
fi
set_progress_str 2 "Installing Salt..."
} | whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
{
sleep 0.5
if [ $install_type == 'EVAL' ]; then
echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
create_sensor_bond >> $setup_log 2>&1
fi
echo -e "XXX\n2\nInstalling saltstack... \nXXX"
saltify >> $setup_log 2>&1
echo -e "XXX\n3\nInstalling docker... \nXXX"
docker_install >> $setup_log 2>&1
echo -e "XXX\n5\nInstalling master code... \nXXX"
copy_master_config >> $setup_log 2>&1
echo -e "XXX\n6\nCopying salt code... \nXXX"
setup_salt_master_dirs >> $setup_log 2>&1
echo -e "XXX\n6\nupdating suduers... \nXXX"
update_sudoers >> $setup_log 2>&1
echo -e "XXX\n7\nCreating the static pillar... \nXXX"
# Set the static values
master_static >> $setup_log 2>&1
echo -e "XXX\n7\nCreating the master pillar... \nXXX"
master_pillar >> $setup_log 2>&1
echo "** Generating the patch pillar **" >> $setup_log
patch_pillar >> $setup_log 2>&1
echo -e "XXX\n7\nConfiguring minion... \nXXX"
configure_minion $TYPE >> $setup_log 2>&1
echo -e "XXX\n7\nSetting the node type to $TYPE... \nXXX"
set_node_type >> $setup_log 2>&1
echo -e "XXX\n7\nSearch node pillar... \nXXX"
node_pillar >> $setup_log 2>&1
echo -e "XXX\n8\nCreating firewall policies... \nXXX"
set_initial_firewall_policy >> $setup_log 2>&1
echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
copy_minion_tmp_files >> $setup_log 2>&1
echo -e "XXX\n10\nRegistering agent... \nXXX"
salt_firstcheckin >> $setup_log 2>&1
echo -e "XXX\n11\nAccepting Agent... \nXXX"
accept_salt_key_local >> $setup_log 2>&1
echo -e "XXX\n12\nRunning the SSL states... \nXXX"
salt_checkin >> $setup_log 2>&1
salt-call state.apply ca >> $setup_log 2>&1
salt-call state.apply ssl >> $setup_log 2>&1
salt-call state.apply firewall >> $setup_log 2>&1
salt-call state.apply registry >> $setup_log 2>&1
echo -e "XXX\n14\nDownloading Containers from the Internet... \nXXX"
docker_seed_registry >> $setup_log 2>&1
salt-call state.apply master >> $setup_log 2>&1
echo -e "XXX\n15\nInstalling core components... \nXXX"
salt-call state.apply common >> $setup_log 2>&1
echo -e "XXX\n18\nInitializing firewall rules... \nXXX"
salt-call state.apply firewall >> $setup_log 2>&1
echo -e "XXX\n25\nInstalling master components... \nXXX"
salt-call state.apply master >> $setup_log 2>&1
salt-call state.apply idstools >> $setup_log 2>&1
echo -e "XXX\n26\nInstalling SOC... \nXXX"
salt-call state.apply soc >> $setup_log 2>&1
if [[ $OSQUERY == '1' ]]; then
salt-call state.apply mysql >> $setup_log 2>&1
fi
if [[ $WAZUH == '1' ]]; then
echo -e "XXX\n27\nInstalling Wazuh components... \nXXX"
salt-call state.apply wazuh >> $setup_log 2>&1
fi
echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX"
salt-call state.apply elasticsearch >> $setup_log 2>&1
echo -e "XXX\n40\nInstalling Logstash... \nXXX"
salt-call state.apply logstash >> $setup_log 2>&1
echo -e "XXX\n45\nInstalling Kibana... \nXXX"
salt-call state.apply kibana >> $setup_log 2>&1
if [ $install_type == 'EVAL' ]; then
echo -e "XXX\n50\nInstalling pcap... \nXXX"
salt-call state.apply pcap >> $setup_log 2>&1
echo -e "XXX\n52\nInstalling Suricata... \nXXX"
salt-call state.apply suricata >> $setup_log 2>&1
echo -e "XXX\n54\nInstalling Zeek... \nXXX"
salt-call state.apply bro >> $setup_log 2>&1
fi
echo -e "XXX\n56\nInstalling curator... \nXXX"
salt-call state.apply curator >> $setup_log 2>&1
echo -e "XXX\n58\nInstalling elastalert... \nXXX"
salt-call state.apply elastalert >> $setup_log 2>&1
if [[ $OSQUERY == '1' ]]; then
echo -e "XXX\n60\nInstalling fleet... \nXXX"
salt-call state.apply fleet >> $setup_log 2>&1
salt-call state.apply redis >> $setup_log 2>&1
fi
echo -e "XXX\n85\nInstalling filebeat... \nXXX"
salt-call state.apply filebeat >> $setup_log 2>&1
salt-call state.apply utility >> $setup_log 2>&1
echo -e "XXX\n90\nInstalling misc components... \nXXX"
salt-call state.apply schedule >> $setup_log 2>&1
salt-call state.apply soctopus >> $setup_log 2>&1
if [[ $THEHIVE == '1' ]]; then
echo -e "XXX\n91\nInstalling The Hive... \nXXX"
salt-call state.apply hive >> $setup_log 2>&1
fi
if [[ $PLAYBOOK == '1' ]]; then
echo -e "XXX\n93\nInstalling Playbook... \nXXX"
salt-call state.apply playbook >> $setup_log 2>&1
fi
if [[ $STRELKA == '1' ]]; then
echo -e "XXX\n95\nInstalling Strelka... \nXXX"
salt-call state.apply strelka >> $setup_log 2>&1
fi
echo -e "XXX\n97\nFinishing touches... \nXXX"
filter_unused_nics >> $setup_log 2>&1
network_setup >> $setup_log 2>&1
echo -e "XXX\n98\nAdding user to SOC... \nXXX"
add_web_user >> $setup_log 2>&1
echo -e "XXX\n99\nVerifying Setup... \nXXX"
salt-call state.highstate >> $setup_log 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
if [[ $GOODSETUP == '0' ]]; then
whiptail_setup_complete
if [[ $THEHIVE == '1' ]]; then
check_hive_init_then_reboot
else
shutdown -r now
fi
else
whiptail_setup_failed
shutdown -r now
fi
fi
###################
## Nodes ##
###################
if [ $install_type == 'SEARCHNODE' ] || [ $install_type == 'PARSINGNODE' ] || [ $install_type == 'HOTNODE' ] || [ $install_type == 'WARMNODE' ]; then
whiptail_management_server
whiptail_master_updates
set_defaul_log_size
CURCLOSEDAYS=30
es_heapsize
ls_heapsize
whiptail_node_advanced
if [ $NODESETUP == 'NODEADVANCED' ]; then
whiptail_node_es_heap
whiptail_node_ls_heap
whiptail_node_ls_pipeline_worker
whiptail_node_ls_pipline_batchsize
whiptail_node_ls_input_threads
whiptail_node_ls_input_batch_count
whiptail_cur_close_days
whiptail_log_size_limit
else
NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
LSPIPELINEWORKERS=$cpu_cores
LSPIPELINEBATCH=125
LSINPUTTHREADS=1
LSINPUTBATCHCOUNT=125
fi
whiptail_make_changes
set_updates
set_hostname
clear_master
copy_ssh_key >> $setup_log 2>&1
{
sleep 0.5
echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
set_initial_firewall_policy >> $setup_log 2>&1
echo -e "XXX\n1\nInstalling pip3... \nXXX"
echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"
saltify >> $setup_log 2>&1
echo -e "XXX\n20\nInstalling Docker... \nXXX"
docker_install >> $setup_log 2>&1
echo -e "XXX\n30\nInitializing Minion... \nXXX"
configure_minion node >> $setup_log 2>&1
set_node_type >> $setup_log 2>&1
node_pillar >> $setup_log 2>&1
echo "** Generating the patch pillar **" >> $setup_log
patch_pillar >> $setup_log 2>&1
echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
copy_minion_tmp_files >> $setup_log 2>&1
echo -e "XXX\n35\nSending and Accepting Salt Key... \nXXX"
salt_firstcheckin >> $setup_log 2>&1
# Accept the Salt Key
accept_salt_key_remote >> $setup_log 2>&1
echo -e "XXX\n40\nApplying SSL Certificates... \nXXX"
salt-call state.apply ca >> $setup_log 2>&1
salt-call state.apply ssl >> $setup_log 2>&1
echo -e "XXX\n50\nConfiguring Firewall... \nXXX"
salt-call state.apply common >> $setup_log 2>&1
salt-call state.apply firewall >> $setup_log 2>&1
echo -e "XXX\n70\nInstalling Elastic Components... \nXXX"
salt-call state.apply logstash >> $setup_log 2>&1
salt-call state.apply elasticsearch >> $setup_log 2>&1
salt-call state.apply curator >> $setup_log 2>&1
salt-call state.apply filebeat >> $setup_log 2>&1
echo -e "XXX\n97\nFinishing touches... \nXXX"
filter_unused_nics >> $setup_log 2>&1
network_setup >> $setup_log 2>&1
echo -e "XXX\n98\nVerifying Setup... \nXXX"
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
if [[ $GOODSETUP == '0' ]]; then
whiptail_setup_complete
shutdown -r now
else
whiptail_setup_failed
shutdown -r now
fi
fi
########################
## Heavy Node ##
########################
if [ $install_type == 'HEAVYNODE' ]; then
filter_unused_nics
whiptail_bond_nics
whiptail_management_server
whiptail_master_updates
whiptail_homenet_sensor
whiptail_sensor_config
# Calculate lbprocs so we can call it in the prompts
calculate_useable_cores
if [ $NSMSETUP == 'ADVANCED' ]; then
whiptail_bro_pins
whiptail_suricata_pins
whiptail_bond_nics_mtu
else
whiptail_basic_bro
whiptail_basic_suri
fi
set_defaul_log_size
CURCLOSEDAYS=30
es_heapsize
ls_heapsize
whiptail_node_advanced
if [ $NODESETUP == 'NODEADVANCED' ]; then
whiptail_node_es_heap
whiptail_node_ls_heap
whiptail_node_ls_pipeline_worker
whiptail_node_ls_pipline_batchsize
whiptail_node_ls_input_threads
whiptail_node_ls_input_batch_count
whiptail_cur_close_days
whiptail_log_size_limit
else
NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
LSPIPELINEWORKERS=$cpu_cores
LSPIPELINEBATCH=125
LSINPUTTHREADS=1
LSINPUTBATCHCOUNT=125
fi
whiptail_make_changes
set_updates
set_hostname
clear_master
copy_ssh_key >> $setup_log 2>&1
{
sleep 0.5
echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
set_initial_firewall_policy >> $setup_log 2>&1
echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
create_sensor_bond >> $setup_log 2>&1
echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
sensor_pillar >> $setup_log 2>&1
echo "** Generating the patch pillar **" >> $setup_log
patch_pillar >> $setup_log 2>&1
echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"
saltify >> $setup_log 2>&1
echo -e "XXX\n20\nInstalling Docker... \nXXX"
docker_install >> $setup_log 2>&1
echo -e "XXX\n30\nInitializing Minion... \nXXX"
configure_minion heavynode >> $setup_log 2>&1
set_node_type >> $setup_log 2>&1
node_pillar >> $setup_log 2>&1
echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
copy_minion_tmp_files >> $setup_log 2>&1
echo -e "XXX\n35\nSending and Accepting Salt Key... \nXXX"
salt_firstcheckin >> $setup_log 2>&1
# Accept the Salt Key
accept_salt_key_remote >> $setup_log 2>&1
echo -e "XXX\n40\nApplying SSL Certificates... \nXXX"
salt-call state.apply ca >> $setup_log 2>&1
salt-call state.apply ssl >> $setup_log 2>&1
echo -e "XXX\n50\nConfiguring Firewall... \nXXX"
salt-call state.apply common >> $setup_log 2>&1
salt-call state.apply firewall >> $setup_log 2>&1
echo -e "XXX\n70\nInstalling Elastic Components... \nXXX"
salt-call state.apply logstash >> $setup_log 2>&1
salt-call state.apply elasticsearch >> $setup_log 2>&1
salt-call state.apply curator >> $setup_log 2>&1
salt-call state.apply filebeat >> $setup_log 2>&1
echo -e "XXX\n50\nInstalling PCAP... \nXXX"
salt-call state.apply pcap >> $setup_log 2>&1
echo -e "XXX\n60\nInstalling IDS components... \nXXX"
salt-call state.apply suricata >> $setup_log 2>&1
echo -e "XXX\n97\nFinishing touches... \nXXX"
filter_unused_nics >> $setup_log 2>&1
network_setup >> $setup_log 2>&1
echo -e "XXX\n98\nVerifying Setup... \nXXX"
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
if [[ $GOODSETUP == '0' ]]; then
whiptail_setup_complete
shutdown -r now
else
whiptail_setup_failed
shutdown -r now
fi
fi
###########################
### Standalone Fleet ###
###########################
if [ $install_type == 'FLEET' ]; then
whiptail_management_server
whiptail_master_updates
whiptail_make_changes
set_updates
set_hostname
clear_master
copy_ssh_key >> $setup_log 2>&1
{
sleep 0.5
echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
set_initial_firewall_policy >> $setup_log 2>&1
#echo -e "XXX\n4\nGenerating Fleet Pillar... \nXXX"
fleet_pillar >> $setup_log 2>&1
echo "** Generating the patch pillar **" >> $setup_log
patch_pillar >> $setup_log 2>&1
node_pillar >> $setup_log 2>&1
echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
saltify >> $setup_log 2>&1
echo -e "XXX\n20\nInstalling Docker... \nXXX"
docker_install >> $setup_log 2>&1
echo -e "XXX\n22\nConfiguring Salt Minion... \nXXX"
configure_minion fleet >> $setup_log 2>&1
echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
copy_minion_tmp_files >> $setup_log 2>&1
echo -e "XXX\n25\nSending Salt Key to Master... \nXXX"
salt_firstcheckin >> $setup_log 2>&1
echo -e "XXX\n26\nTelling the Master to Accept Key... \nXXX"
# Accept the Salt Key
accept_salt_key_remote >> $setup_log 2>&1
echo -e "XXX\n27\nApplying SSL Certificates... \nXXX"
salt-call state.apply ca >> $setup_log 2>&1
salt-call state.apply ssl >> $setup_log 2>&1
echo -e "XXX\n35\nInstalling Core Components... \nXXX"
salt-call state.apply common >> $setup_log 2>&1
salt-call state.apply firewall >> $setup_log 2>&1
echo -e "XXX\n50\nInstalling MySQL... \nXXX"
salt-call state.apply mysql >> $setup_log 2>&1
echo -e "XXX\n50\nInstalling Redis... \nXXX"
salt-call state.apply redis >> $setup_log 2>&1
echo -e "XXX\n60\nInstalling Fleet... \nXXX"
salt-call state.apply fleet >> $setup_log 2>&1
echo -e "XXX\n97\nFinishing touches... \nXXX"
filter_unused_nics >> $setup_log 2>&1
network_setup >> $setup_log 2>&1
echo -e "XXX\n98\nVerifying Setup... \nXXX"
salt-call state.highstate >> $setup_log 2>&1
} |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
if [[ $GOODSETUP == '0' ]]; then
whiptail_setup_complete
shutdown -r now
else
whiptail_setup_failed
shutdown -r now
fi
fi
else
echo "User not sure. Cancelling setup.">> $setup_log 2>&1
whiptail_cancel
fi
Reference in New Issue View Git Blame Copy Permalink