odin/containers/fouroneone

#!/bin/bash
# Configure Etsy 411 for Odin
# 

echo -e "\e[93m"

log() {
    echo -e "\t\e[96m[*]${1}\e[93m"
}

export CONF_411=https://gist.githubusercontent.com/scoutsec/4a4841ad4ea019190bfcc7d87b663600/raw/4424e66e50033c2e72559310a7bd25d8e959f023/411.conf
export FOUR11_URL=https://github.com/etsy/411/releases/download/v1.4.0/release-es5x.tgz
export IP=$(ip route | awk '/src/{print $9}')
echo "fouroneone" >/etc/hostname
echo -e "${IP}\tfouroneone" >> /etc/hosts

deluser -q --remove-home ubuntu

apt-get update || exit 1
apt-get --purge remove -y snapd lxd
apt-get upgrade -y
apt-get install -y htop  wget unzip apache2 libapache2-mod-php php-xml php7.0-mbstring php7.0-sqlite php7.0-curl sqlite3
apt-get clean

curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer
a2enmod rewrite headers ssl
wget -O /tmp/411.conf ${CONF_411}
sed -i 's/HOSTNAME/fouroneone/g' /tmp/411.conf
mv /tmp/411.conf /etc/apache2/sites-available/411.conf

cd /tmp
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -new -key server.key -out server.csr \
  -subj "/C=US/ST=Ohio/L=Lima/O=SecOps/OU=Odin/CN=fouroneone"
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
mv server.crt /etc/ssl/certs/411.pem
mv server.key /etc/ssl/private/411.key

a2dissite 000-default
a2ensite 411
systemctl restart apache2

wget -O /tmp/411.tgz ${FOUR11_URL}
mkdir /var/www/411; sudo tar -xzf /tmp/411.tgz -C /var/www/411
chown -R www-data:www-data /var/www/411
cd /var/www/411/
sudo -u www-data composer install --no-dev --optimize-autoloader
apt-get install -y prometheus-node-exporter

cat >config.php <<EOF
<?php
\$config = [];
\$config['auth'] = [
    'proxy' => [
        'enabled' => false,
        'header' => null,
        'auto_create' => false,
        'domain' =>null,
    ],
    'api' => [
        'enabled' => true
    ]
];

\$config['db'] = [
    'dsn' => 'sqlite:' . realpath(__DIR__ . '/data.db'),
    'user' => 'root',
    'pass' => null,
];

\$config['elasticsearch'] = [
    'alerts' => [
        'hosts' => ['http://elasticsearch'],
        'index_hosts' => [],
        'ssl_cert' => null,
        'index' => 411,
        'date_based' => false,
        'date_interval' => null,
        'date_field' => 'alert_date',
        'date_type' => null,
        'src_url' => null,
    ],
    'odin' => [
        'hosts' => ['http://elasticsearch'],
        'index_hosts' => [],
        'ssl_cert' => null,
        'index'=> '[odin-]Y.m.d',
        'date_based' => true,
        'date_interval' => 'd',
        'date_field' => '@timestamp',
        'date_type' => null,
        'src_url' => null,
    ],
];

\$config['graphite'] = [
    'graphite' => [
        'host' => null,
    ],
];

\$config['threatexchange'] = [
    'api_token' => null,
    'api_secret' => null,
];

\$config['jira'] = [
    'host' => null,
    'user' => null,
    'pass' => null,
];

\$config['slack'] = [
    'webhook_url' => null
];
EOF

sudo -u www-data sqlite3 data.db < db.sql
sudo -u www-data bin/migration.php
chown -R www-data:www-data /var/www/411
cat >/etc/cron.d/411 <<EOF
* * * * * www-data /var/www/411/bin/cron.php > /dev/null 2>&1 && /var/www/411/bin/worker.php > /dev/null 2>&1
EOF
systemctl restart cron
sudo -u www-data /var/www/411/bin/create_site.php && sudo -u www-data /var/www/411/bin/create_user.php

echo -e "\e[0m"