initial commit

containers/fouroneone

@@ -0,0 +1,129 @@
+#!/bin/bash
+# Configure Etsy 411 for Odin
+# 
+
+echo -e "\e[93m"
+
+log() {
+    echo -e "\t\e[96m[*]${1}\e[93m"
+}
+
+export CONF_411=https://gist.githubusercontent.com/scoutsec/4a4841ad4ea019190bfcc7d87b663600/raw/4424e66e50033c2e72559310a7bd25d8e959f023/411.conf
+export FOUR11_URL=https://github.com/etsy/411/releases/download/v1.4.0/release-es5x.tgz
+export IP=$(ip route | awk '/src/{print $9}')
+echo "fouroneone" >/etc/hostname
+echo -e "${IP}\tfouroneone" >> /etc/hosts
+
+deluser -q --remove-home ubuntu
+
+apt-get update || exit 1
+apt-get --purge remove -y snapd lxd
+apt-get upgrade -y
+apt-get install -y htop  wget unzip apache2 libapache2-mod-php php-xml php7.0-mbstring php7.0-sqlite php7.0-curl sqlite3
+apt-get clean
+
+curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer
+a2enmod rewrite headers ssl
+wget -O /tmp/411.conf ${CONF_411}
+sed -i 's/HOSTNAME/fouroneone/g' /tmp/411.conf
+mv /tmp/411.conf /etc/apache2/sites-available/411.conf
+
+cd /tmp
+openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
+openssl rsa -passin pass:x -in server.pass.key -out server.key
+rm server.pass.key
+openssl req -new -key server.key -out server.csr \
+  -subj "/C=US/ST=Ohio/L=Lima/O=SecOps/OU=Odin/CN=fouroneone"
+openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+mv server.crt /etc/ssl/certs/411.pem
+mv server.key /etc/ssl/private/411.key
+
+a2dissite 000-default
+a2ensite 411
+systemctl restart apache2
+
+wget -O /tmp/411.tgz ${FOUR11_URL}
+mkdir /var/www/411; sudo tar -xzf /tmp/411.tgz -C /var/www/411
+chown -R www-data:www-data /var/www/411
+cd /var/www/411/
+sudo -u www-data composer install --no-dev --optimize-autoloader
+apt-get install -y prometheus-node-exporter
+
+cat >config.php <<EOF
+<?php
+\$config = [];
+\$config['auth'] = [
+    'proxy' => [
+        'enabled' => false,
+        'header' => null,
+        'auto_create' => false,
+        'domain' =>null,
+    ],
+    'api' => [
+        'enabled' => true
+    ]
+];
+
+\$config['db'] = [
+    'dsn' => 'sqlite:' . realpath(__DIR__ . '/data.db'),
+    'user' => 'root',
+    'pass' => null,
+];
+
+\$config['elasticsearch'] = [
+    'alerts' => [
+        'hosts' => ['http://elasticsearch'],
+        'index_hosts' => [],
+        'ssl_cert' => null,
+        'index' => 411,
+        'date_based' => false,
+        'date_interval' => null,
+        'date_field' => 'alert_date',
+        'date_type' => null,
+        'src_url' => null,
+    ],
+    'odin' => [
+        'hosts' => ['http://elasticsearch'],
+        'index_hosts' => [],
+        'ssl_cert' => null,
+        'index'=> '[odin-]Y.m.d',
+        'date_based' => true,
+        'date_interval' => 'd',
+        'date_field' => '@timestamp',
+        'date_type' => null,
+        'src_url' => null,
+    ],
+];
+
+\$config['graphite'] = [
+    'graphite' => [
+        'host' => null,
+    ],
+];
+
+\$config['threatexchange'] = [
+    'api_token' => null,
+    'api_secret' => null,
+];
+
+\$config['jira'] = [
+    'host' => null,
+    'user' => null,
+    'pass' => null,
+];
+
+\$config['slack'] = [
+    'webhook_url' => null
+];
+EOF
+
+sudo -u www-data sqlite3 data.db < db.sql
+sudo -u www-data bin/migration.php
+chown -R www-data:www-data /var/www/411
+cat >/etc/cron.d/411 <<EOF
+* * * * * www-data /var/www/411/bin/cron.php > /dev/null 2>&1 && /var/www/411/bin/worker.php > /dev/null 2>&1
+EOF
+systemctl restart cron
+sudo -u www-data /var/www/411/bin/create_site.php && sudo -u www-data /var/www/411/bin/create_user.php
+
+echo -e "\e[0m"