-
Notifications
You must be signed in to change notification settings - Fork 5
/
conf
187 lines (149 loc) · 5.39 KB
/
conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
#!/bin/bash -ex
# Insta-Snorby (Snorby Appliance) - TKLPatch
# By Jason Meller (Terracatta) & Dustin Webber (Mephux) | Team Snorby & Lookycode
#Declare all methods
install()
{
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get -y \
-o DPkg::Options::=--force-confdef \
-o DPkg::Options::=--force-confold \
install $@
}
cleanup_apt()
{
rm -r /var/cache/apt/*
mkdir /var/cache/apt/archives
mkdir /var/cache/apt/archives/partial
}
#Set Hostname
HOSTNAME="Insta-Snorby"
echo "$HOSTNAME" > /etc/hostname
sed -i "s|127.0.0.1 \(.*\)|127.0.0.1 $HOSTNAME $HOSTNAME.localdomain|" /etc/hosts
hostname Insta-Snorby
#Install all needed packages
install gcc g++ build-essential libssl-dev libreadline5-dev zlib1g-dev linux-headers-generic libsqlite3-dev libxslt-dev libxml2-dev memcached
# Install ruby 1.9.2
cd
wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.2-p290.tar.gz
tar -xvzf ruby-1.9.2-p290.tar.gz
cd ruby-1.9.2-p290
./configure
make && make install
#Install packages needed for gems
install imagemagick git-core libmysqlclient-dev mysql-server libmagickwand-dev
gem update --system
gem install tzinfo builder memcache-client rack rack-test erubis mail bundler thor i18n sqlite3
gem install rack-mount
gem install rails
gem install rake
# Get the binary that works to make PDFs
wget http://dl.dropbox.com/u/38088/wkhtmltopdf
cp wkhtmltopdf /usr/local/bin/wkhtmltopdf
chmod 755 /usr/local/bin/wkhtmltopdf
# Download Snorby
mkdir -p /var/www/snorby
adduser --system --home /var/www/snorby/ --no-create-home --group --shell /bin/bash snorby
usermod -a -G snorby www-data
git clone http://github.com/Snorby/snorby.git /var/www/snorby
cp /root/database.yml /var/www/snorby/config/database.yml
cd /var/www/snorby
# Setup Snorby
bundle install
# Setup mail
install sendmail
#Install packages for Snort
install nmap nbtscan libpcap0.8-dev libpcre3-dev bison flex libpcap-ruby libdumbnet-dev apache2-mpm-prefork apache2-prefork-dev libapr1-dev libaprutil1-dev aspell libaspell-dev libapache2-mod-xsendfile jsvc openjdk-6-jre-headless apg
#Install DAQ
cd
wget http://www.procyonlabs.com/mirrors/snort/daq-0.6.2.tar.gz
tar zxvf daq-0.6.2.tar.gz
cd daq-0.6.2
./configure
make && make install
#Install Libdnet that actually works
cd
wget http://prdownloads.sourceforge.net/libdnet/libdnet-1.11.tar.gz?download
tar zxvf libdnet-1.11.tar.gz?download
cd libdnet-1.11
./configure
make && make install
ln -s /usr/local/lib/libdnet.1 /usr/lib/
ldconfig
#Install Snort
cd
wget http://fossies.org/linux/misc/snort-2.9.2.tar.gz
tar zxvf snort-2.9.2.tar.gz
cd snort-2.9.2
./configure --with-mysql --enable-gre --enable-reload --enable-linux-smp-stats --enable-zlib
make && make install
mkdir /var/log/snort
groupadd snort
useradd -g snort snort
chown snort:snort /var/log/snort
#Copy over configs
mkdir /etc/snort
cp etc/* /etc/snort/
#Install Barnyard2
cd
wget http://mirrors4.ustc.edu.cn/gentoo/distfiles/barnyard2-1.9.tar.gz
tar zxvf barnyard2-1.9.tar.gz
cd barnyard2-1.9
./configure --with-mysql
make && make install
cp etc/barnyard2.conf /etc/snort/
mkdir /var/log/barnyard2
chmod 666 /var/log/barnyard2
touch /var/log/snort/barnyard2.waldo
chown snort:snort /var/log/snort/barnyard2.waldo
#Install Pulled Pork
install libwww-Perl libcrypt-ssleay-perl
cd
wget http://pulledpork.googlecode.com/files/pulledpork-0.6.1.tar.gz
tar zxvf pulledpork-0.6.1.tar.gz
#Download and install latest Emerging Threat Rules
cd
wget http://rules.emergingthreats.net/open-nogpl/snort-2.9.0/emerging.rules.tar.gz
tar zxvf emerging.rules.tar.gz
mkdir /etc/snort/rules
cp /root/rules/* /etc/snort/rules/
cp /root/rules/sid-msg.map /etc/snort/sid-msg.map
rm -rf /root/rules
cp /root/snort.conf /etc/snort/snort.conf
cp /root/etpulledpork.conf /root/pulledpork-0.6.1/etc/pulledpork.conf
#Copy over configs
cd
cp /root/emerging.conf /etc/snort/rules/emerging.conf
cp /root/barnyard2.conf /etc/snort/barnyard2.conf
cp /root/snort.conf /etc/snort.conf
# Install passenger and apache modules
gem install --no-ri --no-rdoc --version 2.2.15 passenger
/usr/local/lib/ruby/gems/1.9.1/gems/passenger-2.2.15/bin/passenger-install-apache2-module -a
echo "LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-2.2.15/ext/apache2/mod_passenger.so" > /etc/apache2/mods-available/passenger.load
echo "<IfModule mod_passenger.c>" > /etc/apache2/mods-available/passenger.conf
echo " PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-2.2.15" >> /etc/apache2/mods-available/passenger.conf
echo " PassengerRuby /usr/local/bin/ruby" >> /etc/apache2/mods-available/passenger.conf
echo "</IfModule>" >> /etc/apache2/mods-available/passenger.conf
a2enmod passenger
a2enmod rewrite
a2enmod ssl
#delete default site and add Snorby
rm -rf /etc/apache2/sites-enabled/*
a2ensite snorby
a2ensite snorby-ssl
touch /var/www/snorby/log/production.log
chmod 666 /var/www/snorby/log/production.log
#install stuff needed for OpenFPC
install apache2 daemonlogger tcpdump tshark libarchive-zip-perl \
libfilesys-df-perl libapache2-mod-php5 mysql-server php5-mysql \
libdatetime-perl libdbi-perl libdate-simple-perl php5-mysql \
libterm-readkey-perl libdate-simple-perl
#Install OpenFPC save final steps for bootup if user wishes
cd
wget http://openfpc.googlecode.com/files/openfpc-0.6-314.tgz
tar zxvf openfpc-0.6-314.tgz
mkdir /etc/openfpc
#Kill uneeded inithooks
rm /usr/lib/inithooks/firstboot.d/80tklbam
#Stop services and cleanup
cleanup_apt