initial commit
This commit is contained in:
Shane Peters
119
containers/fsf
Normal file
119
containers/fsf
Normal file
@@ -0,0 +1,119 @@
|
||||
#!/bin/bash
|
||||
# Configure FSF for Odin
|
||||
|
||||
echo -e "\e[93m"
|
||||
|
||||
log() {
|
||||
echo -e "\t\e[96m[*]${1}\e[93m"
|
||||
}
|
||||
|
||||
export VT_KEY=99dfd41c7ff9cd406982f801f2393907678f562fb149a8e538d0680c14e0060a
|
||||
export FSF_URL="https://github.com/EmersonElectricCo/fsf/archive/master.zip"
|
||||
export IP=$(ip route | awk '/src/{print $9}')
|
||||
echo "fsf" >/etc/hostname
|
||||
echo -e "${IP}\tfsf" >> /etc/hosts
|
||||
|
||||
deluser -q --remove-home ubuntu
|
||||
|
||||
apt-get update || exit 1
|
||||
apt-get --purge remove snapd lxd -y
|
||||
apt-get upgrade -y
|
||||
apt-get install -y jq htop wget python-pip
|
||||
|
||||
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
|
||||
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" >/etc/apt/sources.list.d/elastic-5.x.list
|
||||
apt-get update
|
||||
apt-get install -y filebeat
|
||||
|
||||
apt-get install -y python-yara autoconf dh-autoreconf python-dev \
|
||||
libpython2.7-stdlib python-pip libffi-dev ssdeep python-ssdeep upx unrar \
|
||||
libfuzzy-dev unzip libssl-dev net-tools cabextract python-pefile \
|
||||
python-cffi yara python-yara
|
||||
|
||||
pip install czipfile hachoir-parser hachoir-core hachoir-regex \
|
||||
hachoir-metadata hachoir-subfile ConcurrentLogHandler pypdf2 xmltodict \
|
||||
rarfile pylzma oletools pyasn1_modules pyasn1 pyelftools javatools \
|
||||
requests git+https://github.com/aaronst/macholibre.git
|
||||
|
||||
useradd -r -c "File Scanner" -m -d /opt/fsf -s /bin/true fsf
|
||||
cd /opt/fsf
|
||||
wget -O fsf.zip ${FSF_URL}
|
||||
unzip fsf.zip && rm fsf.zip
|
||||
touch scan.log
|
||||
mv fsf-master bin && chown -R fsf:fsf bin scan.log
|
||||
cd bin
|
||||
|
||||
sed -i 's/FULL\/PATH\/TO\/fsf/opt\/fsf\/bin/g' /opt/fsf/bin/fsf-server/conf/config.py
|
||||
sed -i 's/tmp/opt\/fsf/g' /opt/fsf/bin/fsf-server/conf/config.py
|
||||
|
||||
if [ ! -z ${VT_KEY} ]; then
|
||||
echo " [*] Enabling VirusTotal Checks for PE and ELF files."
|
||||
sed -i "s/YOUR API KEY HERE/${VT_KEY}/g" /opt/fsf/bin/fsf-server/modules/META_VT_INSPECT.py
|
||||
sed -i "s/META_PE'/META_PE', 'META_VT_INSPECT'/g" /opt/fsf/bin/fsf-server/conf/disposition.py
|
||||
sed -i "s/META_ELF'/META_ELF', 'META_VT_INSPECT'/g" /opt/fsf/bin/fsf-server/conf/disposition.py
|
||||
fi
|
||||
|
||||
cat >/etc/logrotate.d/scanner <<EOF
|
||||
compress
|
||||
copytruncate
|
||||
|
||||
/opt/fsf/*.log {
|
||||
weekly
|
||||
create 0664 fsf
|
||||
rotate 3
|
||||
}
|
||||
EOF
|
||||
|
||||
cat >/etc/systemd/system/fsf.service <<EOF
|
||||
[Unit]
|
||||
Description=Odin File Scanner
|
||||
Requires=network.target
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
User=fsf
|
||||
Group=fsf
|
||||
PIDFile=/opt/fsf/scanner.pid
|
||||
ExecStart=/opt/fsf/bin/fsf-server/main.py start
|
||||
ExecStop=/opt/fsf/bin/fsf-server/main.py stop
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
cat > /etc/logrotate.d/scanner <<EOF
|
||||
compress
|
||||
copytruncate
|
||||
|
||||
/opt/fsf/*.log {
|
||||
weekly
|
||||
create 0664 fsf
|
||||
rotate 3
|
||||
}
|
||||
EOF
|
||||
|
||||
cat > /etc/filebeat/filebeat.yml <<EOF
|
||||
filebeat.prospectors:
|
||||
- input_type: log
|
||||
paths:
|
||||
- /opt/fsf/scan.log
|
||||
encoding: utf-8
|
||||
tags: ["fsf"]
|
||||
json.keys_under_root: true
|
||||
|
||||
output.kafka:
|
||||
hosts: ["kafka:9092"]
|
||||
topic: 'fsf'
|
||||
|
||||
required_acks: 1
|
||||
compression: gzip
|
||||
max_message_bytes: 1000000
|
||||
EOF
|
||||
|
||||
apt-get install -y prometheus-node-exporter
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable fsf && systemctl enable filebeat
|
||||
systemctl start fsf && systemctl start filebeat
|
||||
echo -e "\e[0m"
|
||||
Reference in New Issue
Block a user