shane/odin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
odin/containers/fsf
Shane Peters 41a9162c9c switch to lxd snap instead of ppa
2019-01-12 15:50:03 -05:00

120 lines
3.0 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Configure FSF for Odin
echo -e "\e[93m"
log() {
echo -e "\t\e[96m[*]${1}\e[93m"
}
export VT_KEY=99dfd41c7ff9cd406982f801f2393907678f562fb149a8e538d0680c14e0060a
export FSF_URL="https://github.com/EmersonElectricCo/fsf/archive/master.zip"
export IP=$(ip route | awk '/src/{print $9}')
echo "fsf" >/etc/hostname
echo -e "${IP}\tfsf" >> /etc/hosts
deluser -q --remove-home ubuntu
apt-get update || exit 1
apt-get --purge remove snapd lxd -y
apt-get upgrade -y
apt-get install -y jq htop wget python-pip
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" >/etc/apt/sources.list.d/elastic-5.x.list
apt-get update
apt-get install -y filebeat
apt-get install -y python-yara autoconf dh-autoreconf python-dev \
libpython2.7-stdlib python-pip libffi-dev ssdeep python-ssdeep upx unrar \
libfuzzy-dev unzip libssl-dev net-tools cabextract python-pefile \
python-cffi yara python-yara
pip install czipfile hachoir-parser hachoir-core hachoir-regex \
hachoir-metadata hachoir-subfile ConcurrentLogHandler pypdf2 xmltodict \
rarfile pylzma oletools pyasn1_modules pyasn1 pyelftools javatools \
requests git+https://github.com/aaronst/macholibre.git
useradd -r -c "File Scanner" -m -d /opt/fsf -s /bin/true fsf
cd /opt/fsf
wget -O fsf.zip ${FSF_URL}
unzip fsf.zip && rm fsf.zip
touch scan.log
mv fsf-master bin && chown -R fsf:fsf bin scan.log
cd bin
sed -i 's/FULL\/PATH\/TO\/fsf/opt\/fsf\/bin/g' /opt/fsf/bin/fsf-server/conf/config.py
sed -i 's/tmp/opt\/fsf/g' /opt/fsf/bin/fsf-server/conf/config.py
if [ ! -z ${VT_KEY} ]; then
echo " [*] Enabling VirusTotal Checks for PE and ELF files."
sed -i "s/YOUR API KEY HERE/${VT_KEY}/g" /opt/fsf/bin/fsf-server/modules/META_VT_INSPECT.py
sed -i "s/META_PE'/META_PE', 'META_VT_INSPECT'/g" /opt/fsf/bin/fsf-server/conf/disposition.py
sed -i "s/META_ELF'/META_ELF', 'META_VT_INSPECT'/g" /opt/fsf/bin/fsf-server/conf/disposition.py
fi
cat >/etc/logrotate.d/scanner <<EOF
compress
copytruncate
/opt/fsf/*.log {
weekly
create 0664 fsf
rotate 3
}
EOF
cat >/etc/systemd/system/fsf.service <<EOF
[Unit]
Description=Odin File Scanner
Requires=network.target
After=network.target
[Service]
Type=forking
User=fsf
Group=fsf
PIDFile=/opt/fsf/scanner.pid
ExecStart=/opt/fsf/bin/fsf-server/main.py start
ExecStop=/opt/fsf/bin/fsf-server/main.py stop
[Install]
WantedBy=multi-user.target
EOF
cat > /etc/logrotate.d/scanner <<EOF
compress
copytruncate
/opt/fsf/*.log {
weekly
create 0664 fsf
rotate 3
}
EOF
cat > /etc/filebeat/filebeat.yml <<EOF
filebeat.prospectors:
- input_type: log
paths:
- /opt/fsf/scan.log
encoding: utf-8
tags: ["fsf"]
json.keys_under_root: true
output.kafka:
hosts: ["kafka:9092"]
topic: 'fsf'
required_acks: 1
compression: gzip
max_message_bytes: 1000000
EOF
apt-get install -y prometheus-node-exporter
systemctl daemon-reload
systemctl enable fsf && systemctl enable filebeat
systemctl start fsf && systemctl start filebeat
echo -e "\e[0m"
Reference in New Issue View Git Blame Copy Permalink