Managed to get the gpg to work by importing manually for the moment. But I still get errors when I run the following scripts, would appreciate any help I could get =)
Main call-script:
Code:
#!/bin/bash
gpg --import /home/epm/first_installation/config_chroot_sources_local.gpg
gpg --import /home/epm/first_installation/config_chroot_sources_packages-inl-fr.gpg
echo deb http://www.wzdftpd.net/siem-live lenny main >> /etc/apt/sources.list
echo deb http://packages.inl.fr/debian lenny/ >> /etc/apt/sources.list
apt-get update
debconf-set-selections --v /home/epm/first_installation/preseed/prelude.seed
#run-parts --v --list /home/epm/first_installation/packagelist/
sh /home/epm/first_installation/packagelist/misc.sh
sh /home/epm/first_installation/packagelist/nufw.sh
sh /home/epm/first_installation/packagelist/openvas.sh
sh /home/epm/first_installation/packagelist/prelude.sh
sh /home/epm/first_installation/packagelist/security.sh
sh /home/epm/first_installation/packagelist/snort.sh
#run-parts --v --list /home/epm/first_installation/usr/share/siem-live/init
sh /home/epm/first_installation/usr/share/siem-live/init/10-rngtools.sh
sh /home/epm/first_installation/usr/share/siem-live/init/20-rsyslog.sh
sh /home/epm/first_installation/usr/share/siem-live/init/50-prelude-database.sh
sh /home/epm/first_installation/usr/share/siem-live/init/50-prewikka-database.sh
sh /home/epm/first_installation/usr/share/siem-live/init/60-prelude-correlator.sh
sh /home/epm/first_installation/usr/share/siem-live/init/70-prelude-notify.sh
sh /home/epm/first_installation/usr/share/siem-live/init/99-first_boot_prelude.sh
sh /home/epm/first_installation/usr/share/siem-live/init/99-first_boot_prewikka.sh
sh /home/epm/first_installation/usr/share/siem-live/init/99-snort.sh
echo Script is DONE!
rngtools:
Code:
#!/bin/sh
echo "[+] Configuring rng-tools "
conf="/etc/default/rng-tools"
cat >> $conf << EOF
#take some entropy from urandom
HRNGDEVICE=/dev/urandom
HRNGDOPTIONS="--fill-watermark=65% --feed-interval=1"
EOF
#if [ "x$target" == "x" ]; then
invoke-rc.d rng-tools restart
#fi
exit 0
syslog:
Code:
#!/bin/sh
conffile="/etc/rsyslog.conf"
sed -i \
-e 's/#\(\$ModLoad imudp\)/\1/' \
-e 's/#\(\$UDPServerRun 514\)/\1/' \
-e 's/#\(\$ModLoad imtcp\)/\1/' \
-e 's/#\(\$InputTCPServerRun 514\)/\1/' \
$conffile
#if [ "x$target" == "x" ]; then
invoke-rc.d rsyslog restart
#fi
exit 0
Code:
#!/bin/sh
echo "[+] Configuring Prelude Manager and database"
DB="prelude"
USER="prelude"
PASS="Kin6Ead"
conf_dir="/etc/mysql/conf.d"
mem_total=$(free -m | grep Mem | awk '{print $2}')
echo "total memory found: $mem_total"
# take 50% for MySQL
mysql_reserved=$((mem_total * 5 / 10))
echo "allocating $mem_total MB for MySQL"
cat >> $conf_dir/prelude << EOF
[mysqld]
innodb_buffer_pool_size=${mysql_reserved}M
EOF
conffile="/etc/prelude-manager/prelude-manager.conf"
sed -i \
-e "s/@DBC_TYPE@/mysql/" \
-e "s/@DBC_HOST@/localhost/" \
-e "s/@DBC_PORT@/3306/" \
-e "s/@DBC_NAME@/$DB/" \
-e "s/@DBC_USER@/$USER/" \
-e "s/@DBC_PASS@/$PASS/" \
$conffile
sed -i "s/RUN=no/RUN=yes/" /etc/default/prelude-manager
exit 0
Code:
#!/bin/sh
PRELUDE_DB="prelude"
PRELUDE_USER="prelude"
PRELUDE_PASS="Kin6Ead"
#
PREWIKKA_DB="prewikka"
PREWIKKA_USER="prewikka"
PREWIKKA_PASS="ahZoh8m"
#
conffile="/etc/prewikka/prewikka.conf"
#
# a bit of perl magic for multi-line replace
perl -pi -e \
"undef $/; s/\[database[^\[]*/[database]\ntype: mysql\nhost: localhost\nuser: $PREWIKKA_USER\npass: $PREWIKKA_PASS\nname: $PREWIKKA_DB\n\n/msg" \
$conffile
#
perl -pi -e \
"undef $/; s/\[idmef_database[^\[]*/[idmef_database]\ntype: mysql\nhost: localhost\nuser: $PRELUDE_USER\npass: $PRELUDE_PASS\nname: $PRELUDE_DB\n\n/msg" \
$conffile
#
#
exit 0
Code:
#!/bin/sh
sed -i "s/RUN=no/RUN=yes/" /etc/default/prelude-correlator
#
exit 0
Code:
#!/bin/sh
sed -i "s/url = http:\/\/localhost:8000/url = http:\/\/localhost\/prelude/g" /etc/prelude-notify/prelude-notify.conf
exit 0
Code:
#!/bin/sh
set -e
#set -x
function wait_regserver
{
# Wait at most 20 secondes for Prelude registration server to start:
i=1
while [ $i -lt 20 ]; do
if netstat -lnpt |grep -q :5553; then
return 0
fi
sleep 1
i=$(($i + 1))
done
exit 1
}
#/sbin/splashy_update "TEXT configuring first boot parameters (Prelude manager)" ||:
echo "----------------------------------------------------"
echo " Configuring first boot parameters (prelude manager)"
echo "----------------------------------------------------"
DB="prelude"
USER="prelude"
PASS="Kin6Ead"
#/sbin/splashy_update "TEXT creating prelude database" ||:
echo "[+] creating prelude database"
echo "CREATE DATABASE $DB;" | mysql -uroot
echo "GRANT ALL PRIVILEGES ON $DB.* TO '$USER'@'localhost' IDENTIFIED BY '$PASS';" | mysql -uroot
mysql -u$USER -p$PASS $DB < /usr/share/dbconfig-common/data/prelude-manager/install/mysql
echo "[+] setting prelude-manager bind address to 0.0.0.0"
sed -i 's/^listen.*/listen = 0.0.0.0/' /etc/prelude-manager/prelude-manager.conf
echo "[+] (re-)starting prelude manager"
/etc/init.d/prelude-manager start ||:
## LML
#/sbin/splashy_update "TEXT creating and registering prelude-lml profile" ||:
echo "[+] creating and registering prelude-lml profile"
killall prelude-admin &>/dev/null ||:
(/usr/local/sbin/prelude-simple-regserver blah ||: ) &
echo "[+] waiting 10 seconds for registration-server to start"
wait_regserver
prelude-admin register prelude-lml "idmef:w" 127.0.0.1 --uid 0 --gid 0 --passwd blah ||:
echo "[+] (re-)starting prelude lml"
/etc/init.d/prelude-lml restart ||:
## Correlator
#/sbin/splashy_update "TEXT creating and registering prelude-correlator profile" ||:
echo "[+] creating and registering prelude-correlator profile"
killall prelude-admin &>/dev/null ||:
(/usr/local/sbin/prelude-simple-regserver blah ||: ) &
echo "[+] waiting 10 seconds for registration-server to start"
wait_regserver
prelude-admin register prelude-correlator "idmef:rw" 127.0.0.1 --uid prelude-correlator --gid prelude-correlator --passwd blah ||:
echo "[+] (re-)starting prelude correlator"
(/etc/init.d/prelude-correlator restart ||: ) &
## Prelude Notify
#/sbin/splashy_update "TEXT creating and registering prelude-notify profile" ||:
echo "[+] creating and registering prelude-correlator profile"
killall prelude-admin &>/dev/null ||:
(/usr/local/sbin/prelude-simple-regserver blah ||: ) &
echo "[+] waiting 10 seconds for registration-server to start"
wait_regserver
prelude-admin register prelude-notify "idmef:rw" 127.0.0.1 --uid user --gid user --passwd blah ||:
echo "[+] prelude-notify registered"
exit 0
Code:
#!/bin/sh
set -e
#set -x
echo "----------------------------------------------------"
echo " Configuring first boot parameters (prewikka)"
echo "----------------------------------------------------"
PRELUDE_DB="prelude"
PRELUDE_USER="prelude"
PRELUDE_PASS="Kin6Ead"
PREWIKKA_DB="prewikka"
PREWIKKA_USER="prewikka"
PREWIKKA_PASS="ahZoh8m"
echo "[+] creating prewikka database"
echo "CREATE DATABASE $PREWIKKA_DB;" | mysql -uroot
echo "GRANT ALL PRIVILEGES ON $PREWIKKA_DB.* TO '$PREWIKKA_USER'@'localhost' IDENTIFIED BY '$PREWIKKA_PASS';" | mysql -uroot
mysql -u$PREWIKKA_USER -p$PREWIKKA_PASS $PREWIKKA_DB < /usr/share/dbconfig-common/data/prewikka/install/mysql
echo "[+] configuring apache2"
install -m0644 /usr/share/siem-live/conf/apache2_site_config /etc/apache2/sites-available/prewikka
a2dissite 000-default ||:
a2ensite prewikka
chgrp www-data /etc/prewikka/prewikka.conf
chmod 0640 /etc/prewikka/prewikka.conf
exit 0
Code:
#!/bin/sh
set -e
#set -x
function wait_regserver
{
# Wait at most 20 secondes for Prelude registration server to start:
i=1
while [ $i -lt 20 ]; do
if netstat -lnpt |grep -q :5553; then
return 0
fi
sleep 1
i=$(($i + 1))
done
exit 1
}
#/sbin/splashy_update "TEXT configuring and creating profile for snort" ||:
echo "----------------------------------------------------"
echo " Configuring first boot parameters (snort)"
echo "----------------------------------------------------"
CONF="/etc/snort/snort.conf"
sed -i 's/^# output alert_prelude$/output alert_prelude/' $CONF
echo "[+] creating and registering snort profile"
killall prelude-admin &>/dev/null ||:
(/usr/local/sbin/prelude-simple-regserver blah ||: ) &
echo "[+] waiting 10 seconds for registration-server to start"
wait_regserver
prelude-admin register snort "idmef:w" 127.0.0.1 --uid snort --gid snort --passwd blah ||:
echo "[+] (re-)starting snort"
(/etc/init.d/snort restart ||:) &
exit 0
Bookmarks