#!/bin/bash # Configure Etsy 411 for Odin # echo -e "\e[93m" log() { echo -e "\t\e[96m[*]${1}\e[93m" } export CONF_411=https://gist.githubusercontent.com/scoutsec/4a4841ad4ea019190bfcc7d87b663600/raw/4424e66e50033c2e72559310a7bd25d8e959f023/411.conf export FOUR11_URL=https://github.com/etsy/411/releases/download/v1.4.0/release-es5x.tgz export IP=$(ip route | awk '/src/{print $9}') echo "fouroneone" >/etc/hostname echo -e "${IP}\tfouroneone" >> /etc/hosts deluser -q --remove-home ubuntu apt-get update || exit 1 apt-get --purge remove -y snapd lxd apt-get upgrade -y apt-get install -y htop wget unzip apache2 libapache2-mod-php php-xml php7.0-mbstring php7.0-sqlite php7.0-curl sqlite3 apt-get clean curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer a2enmod rewrite headers ssl wget -O /tmp/411.conf ${CONF_411} sed -i 's/HOSTNAME/fouroneone/g' /tmp/411.conf mv /tmp/411.conf /etc/apache2/sites-available/411.conf cd /tmp openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 openssl rsa -passin pass:x -in server.pass.key -out server.key rm server.pass.key openssl req -new -key server.key -out server.csr \ -subj "/C=US/ST=Ohio/L=Lima/O=SecOps/OU=Odin/CN=fouroneone" openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt mv server.crt /etc/ssl/certs/411.pem mv server.key /etc/ssl/private/411.key a2dissite 000-default a2ensite 411 systemctl restart apache2 wget -O /tmp/411.tgz ${FOUR11_URL} mkdir /var/www/411; sudo tar -xzf /tmp/411.tgz -C /var/www/411 chown -R www-data:www-data /var/www/411 cd /var/www/411/ sudo -u www-data composer install --no-dev --optimize-autoloader apt-get install -y prometheus-node-exporter cat >config.php < [ 'enabled' => false, 'header' => null, 'auto_create' => false, 'domain' =>null, ], 'api' => [ 'enabled' => true ] ]; \$config['db'] = [ 'dsn' => 'sqlite:' . realpath(__DIR__ . '/data.db'), 'user' => 'root', 'pass' => null, ]; \$config['elasticsearch'] = [ 'alerts' => [ 'hosts' => ['http://elasticsearch'], 'index_hosts' => [], 'ssl_cert' => null, 'index' => 411, 'date_based' => false, 'date_interval' => null, 'date_field' => 'alert_date', 'date_type' => null, 'src_url' => null, ], 'odin' => [ 'hosts' => ['http://elasticsearch'], 'index_hosts' => [], 'ssl_cert' => null, 'index'=> '[odin-]Y.m.d', 'date_based' => true, 'date_interval' => 'd', 'date_field' => '@timestamp', 'date_type' => null, 'src_url' => null, ], ]; \$config['graphite'] = [ 'graphite' => [ 'host' => null, ], ]; \$config['threatexchange'] = [ 'api_token' => null, 'api_secret' => null, ]; \$config['jira'] = [ 'host' => null, 'user' => null, 'pass' => null, ]; \$config['slack'] = [ 'webhook_url' => null ]; EOF sudo -u www-data sqlite3 data.db < db.sql sudo -u www-data bin/migration.php chown -R www-data:www-data /var/www/411 cat >/etc/cron.d/411 < /dev/null 2>&1 && /var/www/411/bin/worker.php > /dev/null 2>&1 EOF systemctl restart cron sudo -u www-data /var/www/411/bin/create_site.php && sudo -u www-data /var/www/411/bin/create_user.php echo -e "\e[0m"