mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-09 18:52:52 +01:00
eb2c432f22
Firewall must be updated before checking in to salt, and schedule state must run before copying minion temp files to master
460 lines
12 KiB
Bash
Executable File
460 lines
12 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright 2014-2020 Security Onion Solutions, LLC
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
cd "$(dirname "$0")" || exit 255
|
|
source ./so-functions
|
|
source ./so-common-functions
|
|
source ./so-whiptail
|
|
source ./so-variables
|
|
|
|
setup_type=$1
|
|
export setup_type
|
|
|
|
case "$setup_type" in
|
|
iso | network) # Accepted values
|
|
echo "Beginning Security Onion $setup_type install"
|
|
;;
|
|
*)
|
|
echo "Invalid install type, must be 'iso' or 'network'"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# Allow execution of SO tools during setup
|
|
export PATH=$PATH:../salt/common/tools/sbin
|
|
|
|
date -u > $setup_log 2>&1
|
|
|
|
got_root
|
|
detect_os
|
|
|
|
if [ "$OS" == ubuntu ]; then
|
|
update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1
|
|
fi
|
|
|
|
setterm -blank 0
|
|
|
|
if (whiptail_you_sure); then
|
|
true
|
|
else
|
|
echo "User cancelled setup." >> $setup_log 2>&1
|
|
whiptail_cancel
|
|
fi
|
|
|
|
whiptail_install_type
|
|
|
|
whiptail_patch_schedule
|
|
|
|
if [ "$install_type" = 'EVAL' ]; then
|
|
is_node=true
|
|
is_master=true
|
|
is_sensor=true
|
|
is_eval=true
|
|
elif [ "$install_type" = 'MASTERSEARCH' ]; then
|
|
is_master=true
|
|
is_distmaster=true
|
|
is_node=true
|
|
elif [ "$install_type" = 'MASTER' ]; then
|
|
is_master=true
|
|
is_distmaster=true
|
|
elif [ "$install_type" = 'SENSOR' ]; then
|
|
is_sensor=true
|
|
is_minion=true
|
|
STRELKA=1
|
|
elif [[ "$install_type" =~ ^('SEARCHNODE'|'PARSINGNODE'|'HOTNODE'|'WARMNODE')$ ]]; then
|
|
is_node=true
|
|
is_minion=true
|
|
elif [ "$install_type" = 'HEAVYNODE' ]; then
|
|
is_node=true
|
|
is_minion=true
|
|
is_sensor=true
|
|
elif [ "$install_type" = 'FLEET' ]; then
|
|
is_minion=true
|
|
OSQUERY=1
|
|
elif [ "$install_type" = 'HELIXSENSOR' ]; then
|
|
is_helix=true
|
|
fi
|
|
|
|
case "$setup_type" in
|
|
'iso')
|
|
whiptail_set_hostname
|
|
whiptail_management_nic
|
|
whiptail_dhcp_or_static
|
|
|
|
if [ "$address_type" != 'DHCP' ]; then
|
|
whiptail_management_interface_ip
|
|
whiptail_management_interface_mask
|
|
whiptail_management_interface_gateway
|
|
whiptail_management_interface_dns
|
|
whiptail_management_interface_dns_search
|
|
fi
|
|
|
|
# Init networking so rest of install works
|
|
set_hostname_iso
|
|
set_management_interface
|
|
|
|
collect_adminuser_inputs
|
|
add_admin_user
|
|
disable_onion_user
|
|
;;
|
|
'network')
|
|
whiptail_network_notice
|
|
whiptail_set_hostname
|
|
whiptail_management_nic
|
|
;;
|
|
esac
|
|
|
|
short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')
|
|
|
|
MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]')
|
|
export MINION_ID
|
|
|
|
echo "MINION_ID = $MINION_ID" >> $setup_log 2>&1
|
|
|
|
minion_type=$(get_minion_type)
|
|
|
|
# Set any constants needed
|
|
if [[ $is_helix ]]; then
|
|
RULESETUP=ETOPEN
|
|
NSMSETUP=BASIC
|
|
HNSENSOR=inherit
|
|
MASTERUPDATES=0
|
|
fi
|
|
if [[ $is_helix || ( $is_master && $is_node ) ]]; then
|
|
RULESETUP=ETOPEN
|
|
NSMSETUP=BASIC
|
|
fi
|
|
if [[ $is_master && $is_node ]]; then
|
|
LSPIPELINEWORKERS=1
|
|
LSPIPELINEBATCH=125
|
|
LSINPUTTHREADS=1
|
|
LSINPUTBATCHCOUNT=125
|
|
NIDS=Suricata
|
|
BROVERSION=ZEEK
|
|
fi
|
|
if [[ $is_node ]]; then
|
|
CURCLOSEDAYS=30
|
|
fi
|
|
|
|
# Start user prompts
|
|
if [[ $is_helix || $is_sensor ]]; then
|
|
whiptail_bond_nics
|
|
calculate_useable_cores
|
|
fi
|
|
|
|
if [[ $is_helix || $is_master ]]; then
|
|
whiptail_homenet_master
|
|
fi
|
|
|
|
if [[ $is_helix || $is_master || $is_node ]]; then
|
|
set_base_heapsizes
|
|
fi
|
|
|
|
if [[ $is_master && ! $is_eval ]]; then
|
|
whiptail_master_adv
|
|
whiptail_bro_version
|
|
whiptail_nids
|
|
whiptail_rule_setup
|
|
|
|
if [ "$RULESETUP" != 'ETOPEN' ]; then
|
|
whiptail_oinkcode
|
|
fi
|
|
|
|
if [ "$MASTERADV" = 'ADVANCED' ] && [ "$BROVERSION" != 'SURICATA' ]; then
|
|
whiptail_master_adv_service_brologs
|
|
fi
|
|
fi
|
|
|
|
if [[ $is_master ]]; then
|
|
whiptail_components_adv_warning
|
|
whiptail_enable_components
|
|
collect_webuser_inputs
|
|
get_redirect
|
|
fi
|
|
|
|
if [[ $is_distmaster || ( $is_sensor || $is_node ) && ! $is_eval ]]; then
|
|
whiptail_master_updates
|
|
fi
|
|
|
|
if [[ $is_minion ]]; then
|
|
whiptail_management_server
|
|
fi
|
|
|
|
if [[ $is_distmaster ]]; then
|
|
collect_soremote_inputs
|
|
fi
|
|
|
|
if [[ $is_sensor && ! $is_eval ]]; then
|
|
whiptail_homenet_sensor
|
|
whiptail_sensor_config
|
|
if [ $NSMSETUP == 'ADVANCED' ]; then
|
|
whiptail_bro_pins
|
|
whiptail_suricata_pins
|
|
whiptail_bond_nics_mtu
|
|
else
|
|
whiptail_basic_bro
|
|
whiptail_basic_suri
|
|
fi
|
|
fi
|
|
|
|
if [[ $is_node && ! $is_eval ]]; then
|
|
whiptail_node_advanced
|
|
if [ "$NODESETUP" == 'NODEADVANCED' ]; then
|
|
whiptail_node_es_heap
|
|
whiptail_node_ls_heap
|
|
whiptail_node_ls_pipeline_worker
|
|
whiptail_node_ls_pipline_batchsize
|
|
whiptail_node_ls_input_threads
|
|
whiptail_node_ls_input_batch_count
|
|
whiptail_cur_close_days
|
|
whiptail_log_size_limit
|
|
else
|
|
NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
|
|
NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
|
|
LSPIPELINEWORKERS=$num_cpu_cores
|
|
LSPIPELINEBATCH=125
|
|
LSINPUTTHREADS=1
|
|
LSINPUTBATCHCOUNT=125
|
|
fi
|
|
fi
|
|
|
|
whiptail_make_changes
|
|
|
|
set_hostname 2>> "$setup_log"
|
|
set_version 2>> "$setup_log"
|
|
clear_master 2>> "$setup_log"
|
|
|
|
if [[ $is_master ]]; then
|
|
generate_passwords 2>> "$setup_log"
|
|
secrets_pillar 2>> "$setup_log"
|
|
add_socore_user_master 2>> "$setup_log"
|
|
fi
|
|
|
|
if [[ $is_master && ! $is_eval ]]; then
|
|
add_soremote_user_master 2>> "$setup_log"
|
|
fi
|
|
|
|
if [[ $is_helix || $is_master ]]; then
|
|
set_main_ip 2>> "$setup_log"
|
|
fi
|
|
|
|
if [[ $is_minion ]]; then
|
|
set_updates 2>> "$setup_log"
|
|
copy_ssh_key 2>> "$setup_log"
|
|
fi
|
|
|
|
# Begin install
|
|
|
|
# Set initial percentage to 0
|
|
export percentage=0
|
|
{
|
|
|
|
if [[ $is_sensor || $is_helix ]]; then
|
|
set_progress_str 1 'Creating bond interface'
|
|
create_sensor_bond >> "$setup_log" 2>&1
|
|
|
|
set_progress_str 2 'Generating sensor pillar'
|
|
sensor_pillar >> "$setup_log" 2>&1
|
|
fi
|
|
|
|
set_progress_str 3 'Installing Salt and dependencies'
|
|
saltify 2>> "$setup_log"
|
|
|
|
set_progress_str 7 'Installing Docker and dependencies'
|
|
docker_install 2>> "$setup_log"
|
|
|
|
set_progress_str 8 'Generating patch pillar'
|
|
patch_pillar 2>> "$setup_log"
|
|
|
|
set_progress_str 9 'Initializing Salt minion'
|
|
configure_minion "$minion_type" 2>> "$setup_log"
|
|
|
|
|
|
if [[ $is_master || $is_helix ]]; then
|
|
set_progress_str 10 'Configuring Salt master'
|
|
copy_master_config 2>> "$setup_log"
|
|
setup_salt_master_dirs 2>> "$setup_log"
|
|
|
|
set_progress_str 11 'Updating sudoers file for soremote user'
|
|
update_sudoers 2>> "$setup_log"
|
|
|
|
set_progress_str 12 'Generating master static pillar'
|
|
master_static 2>> "$setup_log"
|
|
|
|
set_progress_str 13 'Generating master pillar'
|
|
master_pillar 2>> "$setup_log"
|
|
fi
|
|
|
|
set_progress_str 14 'Configuring firewall'
|
|
set_initial_firewall_policy 2>> "$setup_log"
|
|
|
|
set_progress_str 15 "$(print_salt_state_apply 'firewall')"
|
|
salt-call state.apply -l info firewall >> $setup_log 2>&1
|
|
|
|
set_progress_str 16 'Running first Salt checkin'
|
|
salt_firstcheckin 2>> "$setup_log"
|
|
|
|
if [[ $is_helix ]]; then
|
|
set_progress_str 17 'Generating the FireEye pillar'
|
|
fireeye_pillar 2>> "$setup_log"
|
|
fi
|
|
|
|
set_progress_str 18 "$(print_salt_state_apply 'schedule')"
|
|
salt-call state.apply -l info schedule >> $setup_log 2>&1
|
|
|
|
set_progress_str 19 'Copying minion pillars to master'
|
|
copy_minion_tmp_files 2>> "$setup_log"
|
|
|
|
if [[ $is_node ]]; then
|
|
set_progress_str 20 'Setting node type'
|
|
set_node_type 2>> "$setup_log"
|
|
|
|
set_progress_str 21 'Generating search node pillar'
|
|
node_pillar 2>> "$setup_log"
|
|
fi
|
|
|
|
if [[ $is_minion ]]; then
|
|
set_progress_str 22 'Accepting Salt key on master'
|
|
accept_salt_key_remote 2>> "$setup_log"
|
|
fi
|
|
|
|
if [[ $is_master ]]; then
|
|
set_progress_str 23 'Accepting Salt key'
|
|
salt-key -ya "$MINION_ID" >> "$setup_log" 2>&1
|
|
fi
|
|
|
|
set_progress_str 24 'Generating CA and checking in'
|
|
salt_checkin 2>> "$setup_log"
|
|
|
|
if [[ $is_master || $is_helix ]]; then
|
|
set_progress_str 25 'Downloading containers from the internet'
|
|
salt-call state.apply -l info registry >> "$setup_log" 2>&1
|
|
docker_seed_registry 2>> "$setup_log" # ~ 60% when finished
|
|
fi
|
|
|
|
set_progress_str 63 "$(print_salt_state_apply 'common')"
|
|
salt-call state.apply -l info common >> $setup_log 2>&1
|
|
|
|
if [[ $is_master || $is_node ]]; then
|
|
set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')"
|
|
salt-call state.apply -l info elasticsearch >> $setup_log 2>&1
|
|
fi
|
|
|
|
if [[ $is_sensor ]]; then
|
|
set_progress_str 65 "$(print_salt_state_apply 'pcap')"
|
|
salt-call state.apply -l info pcap >> $setup_log 2>&1
|
|
|
|
set_progress_str 66 "$(print_salt_state_apply 'suricata')"
|
|
salt-call state.apply -l info suricata >> $setup_log 2>&1
|
|
|
|
set_progress_str 67 "$(print_salt_state_apply 'zeek')"
|
|
salt-call state.apply -l info zeek >> $setup_log 2>&1
|
|
fi
|
|
|
|
if [[ $is_node ]]; then
|
|
set_progress_str 68 "$(print_salt_state_apply 'curator')"
|
|
salt-call state.apply -l info curator >> $setup_log 2>&1
|
|
fi
|
|
|
|
if [[ $is_master ]]; then
|
|
set_progress_str 69 "$(print_salt_state_apply 'soc')"
|
|
salt-call state.apply -l info soc >> "$setup_log" 2>&1
|
|
|
|
set_progress_str 70 "$(print_salt_state_apply 'kibana')"
|
|
salt-call state.apply -l info kibana >> $setup_log 2>&1
|
|
|
|
set_progress_str 71 "$(print_salt_state_apply 'elastalert')"
|
|
salt-call state.apply -l info elastalert >> $setup_log 2>&1
|
|
|
|
set_progress_str 72 "$(print_salt_state_apply 'soctopus')"
|
|
salt-call state.apply -l info soctopus >> $setup_log 2>&1
|
|
fi
|
|
|
|
if [[ "$OSQUERY" = 1 ]]; then
|
|
set_progress_str 73 "$(print_salt_state_apply 'fleet')"
|
|
salt-call state.apply -l info fleet >> $setup_log 2>&1
|
|
|
|
set_progress_str 74 "$(print_salt_state_apply 'redis')"
|
|
salt-call state.apply -l info redis >> $setup_log 2>&1
|
|
fi
|
|
|
|
if [[ "$WAZUH" = 1 ]]; then
|
|
set_progress_str 75 "$(print_salt_state_apply 'wazuh')"
|
|
salt-call state.apply -l info wazuh >> $setup_log 2>&1
|
|
fi
|
|
|
|
if [[ "$THEHIVE" = 1 ]]; then
|
|
set_progress_str 76 "$(print_salt_state_apply 'hive')"
|
|
salt-call state.apply -l info hive >> $setup_log 2>&1
|
|
fi
|
|
|
|
if [[ "$STRELKA" = 1 ]]; then
|
|
set_progress_str 77 "$(print_salt_state_apply 'strelka')"
|
|
salt-call state.apply -l info strelka >> $setup_log 2>&1
|
|
fi
|
|
|
|
if [[ "$PLAYBOOK" = 1 ]]; then
|
|
set_progress_str 78 "$(print_salt_state_apply 'playbook')"
|
|
salt-call state.apply -l info playbook >> $setup_log 2>&1
|
|
fi
|
|
|
|
if [[ $is_master || $is_helix ]]; then
|
|
set_progress_str 79 "$(print_salt_state_apply 'master')"
|
|
salt-call state.apply -l info master >> $setup_log 2>&1
|
|
|
|
set_progress_str 80 "$(print_salt_state_apply 'idstools')"
|
|
salt-call state.apply -l info idstools >> $setup_log 2>&1
|
|
|
|
set_progress_str 81 "$(print_salt_state_apply 'utility')"
|
|
salt-call state.apply -l info utility >> $setup_log 2>&1
|
|
fi
|
|
|
|
if [[ ( $is_helix || $is_master || $is_node ) && ! $is_eval ]]; then
|
|
set_progress_str 82 "$(print_salt_state_apply 'logstash')"
|
|
salt-call state.apply -l info logstash >> $setup_log 2>&1
|
|
|
|
set_progress_str 83 "$(print_salt_state_apply 'filebeat')"
|
|
salt-call state.apply -l info filebeat >> $setup_log 2>&1
|
|
fi
|
|
|
|
set_progress_str 85 'Applying finishing touches'
|
|
filter_unused_nics 2>> "$setup_log"
|
|
network_setup 2>> "$setup_log"
|
|
|
|
set_progress_str 86 'Updating packages'
|
|
update_packages 2>> "$setup_log"
|
|
|
|
set_progress_str 90 'Enabling checkin at boot'
|
|
checkin_at_boot 2>> "$setup_log"
|
|
|
|
set_progress_str 95 'Verifying setup'
|
|
salt-call -l info state.highstate >> $setup_log 2>&1
|
|
|
|
} | whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
|
|
|
|
success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
|
|
if [[ "$success" = 0 ]]; then
|
|
whiptail_setup_complete
|
|
if [[ $THEHIVE == 1 ]]; then
|
|
check_hive_init_then_reboot
|
|
else
|
|
shutdown -r now
|
|
fi
|
|
else
|
|
whiptail_setup_failed
|
|
shutdown -r now
|
|
fi |