-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path01_deploy.sh
217 lines (217 loc) · 8.39 KB
/
01_deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
#!/bin/bash
SCRIPTDIR="$(pwd)"
mkdir certs
cp env.sample .env
echo "##########################################"
echo "###### CONFIGURING ACCOUNT ELASTIC #######"
echo "###### AND KIBANA API KEY ######"
echo "##########################################"
echo
echo
password=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c14)
kibana_password=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c14)
kibana_api_key=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c32)
mysql_password=$(< /dev/urandom tr -dc A-Za-z0-9 | head -c32)
echo "The master password Elastic set in .env:" $password
echo "The master password Kibana set in .env:" $kibana_password
echo "The Kibana api key is : " $kibana_api_key
sed -i "s|kibana_api_key|$kibana_api_key|g" kibana/kibana.yml
sed -i "s|kibana_changeme|$kibana_password|g" .env
echo
echo
echo "##########################################"
echo "####### CONFIGURING ADMIN ACCOUNT ########"
echo "####### FOR KIBANA / VELOCIRAPTOR ########"
echo "##########################################"
echo
echo
read -r -p "Enter the admin account (Must be like user@domain.tld):" admin_account
admin_account=$admin_account
sed -i "s|zircolite_account|$admin_account|g" .env
echo
while true; do
read -s -p "Password (Must be a password with at least 6 characters):" admin_password
echo
read -s -p "Password (again):" admin_password2
echo
[ "$admin_password" = "$admin_password2" ] && break
echo "Please try again"
done
sed -i "s|zircolite_password|$admin_password|g" .env
echo
echo
echo "##########################################"
echo "####### CONFIGURING HOSTNAME S1EM ########"
echo "##########################################"
echo
echo
read -r -p "Enter the hostname or IP of the solution S1EM (ex: s1em.cyber.local or 192.168.0.1):" s1em_hostname
s1em_hostname=$s1em_hostname
sed -i "s|s1em_hostname|$s1em_hostname|g" docker-compose.yml homer/config.yml .env
echo
echo
echo "##########################################"
echo "### CONFIGURING CLUSTER ELASTICSEARCH ###"
echo "##########################################"
echo
echo
read -p "Enter the RAM in Go of node elasticsearch [2]:" master_node
master_node=${master_node:-2}
sed -i "s|RAM_MASTER|$master_node|g" docker-compose.yml
sed -i "s|changeme|$password|g" .env kibana/kibana.yml logstash/config/logstash.yml logstash/pipeline/zircolite/300_output_zircolite.conf logstash/pipeline/velociraptor/300_output_velociraptor.conf
echo
echo
echo "##########################################"
echo "######### CONFIGURING INTERFACES #########"
echo "##########################################"
echo
echo
ip a | egrep -A 2 "ens[[:digit:]]{1,3}:|eth[[:digit:]]{1,3}:"
echo
echo
read -r -p "Enter the administration interface (ex:ens32):" administration_interface
administration_interface=$administration_interface
INTERFACE=`netstat -rn | grep ${administration_interface} | awk '{ print $NF }'| tail -n1`
ADMINISTRATION_IP=`ifconfig ${INTERFACE} | grep inet | awk '{ print $2 }' | grep -o -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'`
echo "Interface: ${INTERFACE} IP found: ${ADMINISTRATION_IP}"
sed -i "s;administrationip;${ADMINISTRATION_IP};" instances.yml .env
echo
echo
echo "##########################################"
echo "############# CONFIRMATION ###############"
echo "##########################################"
echo
echo
echo "The administration account: $admin_account"
echo "The S1EM hostname: $s1em_hostname"
echo "The cluster Elasticsearch: $cluster"
echo "The RAM of Master node of Elasticsearch: $master_node"
echo "The administration interface: $administration_interface"
echo "The administration ip: $ADMINISTRATION_IP"
echo
while true; do
read -r -p "Do you confirm for installation [Y/N]?" choice
case $choice in
[Yy]) echo "Starting of installation"; break;;
[Nn]) echo "Stopping of installation"; exit 0;;
* ) echo "Please answer (Y/y) or (Y/y).";;
esac
done
echo
echo
echo "##########################################"
echo "######### GENERATE CERTIFICATE ###########"
echo "##########################################"
echo
echo
docker compose run --rm certificates
echo
echo
echo "##########################################"
echo "########## DOCKER DOWNLOADING ############"
echo "##########################################"
echo
echo
docker compose pull
echo
echo
echo "##########################################"
echo "########## STARTING TRAEFIK ##############"
echo "##########################################"
echo
echo
docker compose up -d traefik
echo
echo
echo "##########################################"
echo "############# STARTING HOMER #############"
echo "##########################################"
echo
echo
docker compose up -d homer
echo
echo
echo "##########################################"
echo "##### STARTING ELASTICSEARCH/KIBANA ######"
echo "##########################################"
echo
echo
docker compose up -d es01 kibana
while [ "$(docker exec es01 sh -c 'curl -sk https://127.0.0.1:9200 -u elastic:$password')" == "" ]; do
echo "Waiting for Elasticsearch to come online.";
sleep 15;
done
echo
echo
echo "##########################################"
echo "########## DEPLOY KIBANA INDEX ###########"
echo "##########################################"
echo
echo
while [ "$(docker logs kibana | grep -i "server running" | grep -v "NotReady")" == "" ]; do
echo "Waiting for Kibana to come online.";
sleep 15;
done
echo "Kibana is online"
docker exec es01 sh -c "curl -sk -X POST 'https://127.0.0.1:9200/_security/user/kibana_system/_password' -u 'elastic:$password' -H 'Content-Type: application/json' -d '{\"password\":\"$kibana_password\"}'" >/dev/null 2>&1
docker exec es01 sh -c "curl -sk -X POST 'https://127.0.0.1:9200/_security/user/$admin_account' -u 'elastic:$password' -H 'Content-Type: application/json' -d '{\"enabled\": true,\"password\": \"$admin_password\",\"roles\":\"superuser\",\"full_name\": \"$admin_account\"}'" >/dev/null 2>&1
for index in $(find kibana/index/* -type f); do docker exec kibana sh -c "curl -sk -X POST 'https://kibana:5601/kibana/api/saved_objects/_import?overwrite=true' -u 'elastic:$password' -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form file=@/usr/share/$index >/dev/null 2>&1"; done
sleep 10
for dashboard in $(find kibana/dashboard/* -type f); do docker exec kibana sh -c "curl -sk -X POST 'https://kibana:5601/kibana/api/saved_objects/_import?overwrite=true' -u 'elastic:$password' -H 'kbn-xsrf: true' -H 'Content-Type: multipart/form-data' --form file=@/usr/share/$dashboard >/dev/null 2>&1"; done
sleep 10
echo
echo
echo "##########################################"
echo "########## STARTING LOGSTASH #############"
echo "##########################################"
echo
echo
docker compose up -d logstash
echo
echo
echo "##########################################"
echo "######### STARTING VELOCIRAPTOR ##########"
echo "##########################################"
echo
echo
docker compose up -d velociraptor
echo "Waiting for the start of velociraptor."
sleep 30
docker exec -ti velociraptor bash -c "/velociraptor/velociraptor config generate > /velociraptor/server.config.yaml --merge '{\"gui\":{\"use_plain_http\":true,\"base_path\":\"/velociraptor\",\"public_url\":\"https://$s1em_hostname/velociraptor\",\"bind_address\":\"0.0.0.0\"}}'" 2>&1
docker exec -ti velociraptor bash -c "/velociraptor/velociraptor --config /velociraptor/server.config.yaml user add $admin_account $admin_password --role administrator" 2>&1
docker restart velociraptor
echo
echo
echo "#########################################"
echo "###### CONFIGURATION DE REPLAY ##########"
echo "#########################################"
echo
echo
chmod 755 replay/replay.sh
instance=$(grep -oP 'INSTANCE=\K.*' .env)
sed -i "s|instance_name|$instance|g" replay/replay.sh
echo
echo
echo "##########################################"
echo "########## STARTING DATABASES ############"
echo "##########################################"
echo
echo
docker compose up -d db
echo
echo
echo "#########################################"
echo "####### STARTING OTHER DOCKER ###########"
echo "#########################################"
echo
echo
docker compose up -d cyberchef zircolite-upload velociraptor-upload replay spiderfoot codimd
echo
echo
echo "#########################################"
echo "############ DEPLOY FINISH ##############"
echo "#########################################"
echo
echo "Access url: https://$s1em_hostname"
echo "Use the user account $admin_account for access to Kibana / Velociraptor"
echo "The master password of elastic is in \".env\" "