-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathSecurityPi.sh
executable file
·131 lines (104 loc) · 4.3 KB
/
SecurityPi.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
echo "Please enter your Critical Stack API Key: "
read cs_api
read -p "Enter SMTP Host (smtp.google.com): " smtpHost
smtpHost=${smtpHost:-smtp.google.com}
read -p "Enter SMTP Port (587): " smtpPort
smtpPort=${smtpPort:-587}
read -p "Enter Email Address ([email protected]): " emailAddr
emailAddr=${emailAddr:[email protected]}
read -p "Enter Email Password (P@55word): " emailPwd
emailPwd=${emailPwd:-P@55word}
cd /home/pi
echo "Installing Pre-Requisites..."
sudo apt-get -y install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev ant zip nmap
#Install Bro
echo "Installing Bro"
sudo wget https://www.bro.org/downloads/release/bro-2.4.1.tar.gz
sudo tar -xzf bro-2.4.1.tar.gz
sudo mkdir /opt/nsm
sudo mkdir /opt/nsm/bro
cd bro-2.4.1
sudo ./configure --prefix=/opt/nsm/bro
sudo make
sudo make install
cd ..
sudo rm bro-2.4.1.tar.gz
sudo rm -rf bro-2.4.1/
#Install Critical Stack
echo "Installing Critical Stack Agent"
sudo wget https://intel.criticalstack.com/client/critical-stack-intel-arm.deb
sudo dpkg -i critical-stack-intel-arm.deb
sudo -u critical-stack critical-stack-intel api $cs_api
sudo rm critical-stack-intel-arm.deb
cd /home/pi
#Install ElasticSearch
echo "Installing Elastic Search"
sudo wget https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-2.3.2.deb
sudo dpkg -i elasticsearch-2.3.2.deb
sudo rm elasticsearch-2.3.2.deb
sudo update-rc.d elasticsearch defaults
#Install LogStash
echo "Installing Logstash"
sudo wget https://download.elastic.co/logstash/logstash/packages/debian/logstash_2.3.2-1_all.deb
sudo dpkg -i logstash_2.3.2-1_all.deb
sudo rm logstash_2.3.2-1_all.deb
cd /home/pi
sudo git clone https://github.com/jnr/jffi.git
cd jffi
sudo ant jar
sudo cp build/jni/libjffi-1.2.so /opt/logstash/vendor/jruby/lib/jni/arm-Linux
cd /opt/logstash/vendor/jruby/lib
sudo zip -g jruby-complete-1.7.11.jar jni/arm-Linux/libjffi-1.2.so
cd /home/pi
sudo rm -rf jffi/
sudo update-rc.d logstash defaults
sudo /opt/logstash/bin/plugin install logstash-filter-translate
sudo cp SecurityPi/logstash.conf /etc/logstash/conf.d
sudo mkdir /etc/logstash/custom_patterns
sudo cp SecurityPi/bro.rule /etc/logstash/custom_patterns
sudo mkdir /etc/logstash/translate
#Install Kibana
echo "Installing Kibana"
sudo wget https://download.elastic.co/kibana/kibana/kibana-4.5.0-linux-x86.tar.gz
sudo tar -xzf kibana-4.5.0-linux-x86.tar.gz
sudo mv kibana-4.5.0-linux-x86/ /opt/kibana/
sudo apt-get -y remove nodejs-legacy nodejs nodered #Remove nodejs on Pi3
sudo wget http://node-arm.herokuapp.com/node_latest_armhf.deb
sudo dpkg -i node_latest_armhf.deb
sudo mv /opt/kibana/node/bin/node /opt/kibana/node/bin/node.orig
sudo mv /opt/kibana/node/bin/npm /opt/kibana/node/bin/npm.orig
sudo ln -s /usr/local/bin/node /opt/kibana/node/bin/node
sudo ln -s /usr/local/bin/npm /opt/kibana/node/bin/npm
sudo rm node_latest_armhf.deb
sudo cp SecurityPi/init.d/kibana /etc/init.d
sudo chmod 755 /etc/init.d/kibana
sudo update-rc.d kibana defaults
#Configure Sweet Security Scripts
sudo mkdir /opt/SecurityPi
sudo cp SecurityPi/pullMaliciousIP.py /opt/SecurityPi/
sudo cp SecurityPi/pullTorIP.py /opt/SecurityPi/
#Run scripts for the first time
sudo python /opt/SecurityPi/pullTorIP.py
sudo python /opt/SecurityPi/pullMaliciousIP.py
#Configure Logstash Conf File
sudo sed -i -- "s/SMTP_HOST/"$smtpHost"/g" /opt/logstash/logstash.conf
sudo sed -i -- "s/SMTP_PORT/"$smtpPort"/g" /opt/logstash/logstash.conf
sudo sed -i -- "s/EMAIL_USER/"$emailAddr"/g" /opt/logstash/logstash.conf
sudo sed -i -- "s/EMAIL_PASS/"$emailPwd"/g" /opt/logstash/logstash.conf
cd /home/pi
sudo cp SecurityPi/networkDiscovery.py /opt/SecurityPi/networkDiscovery.py
sudo cp SecurityPi/SecurityPiDB.py /opt/SecurityPi/SecurityPiDB.py
#Configure Network Discovery Scripts
sudo sed -i -- "s/SMTP_HOST/"$smtpHost"/g" /opt/SecurityPi/networkDiscovery.py
sudo sed -i -- "s/SMTP_PORT/"$smtpPort"/g" /opt/SecurityPi/networkDiscovery.py
sudo sed -i -- "s/EMAIL_USER/"$emailAddr"/g" /opt/SecurityPi/networkDiscovery.py
sudo sed -i -- "s/EMAIL_PASS/"$emailPwd"/g" /opt/SecurityPi/networkDiscovery.py
#Restart services
echo "Restarting ELK services"
sudo service elasticsearch restart
sudo service kibana restart
sudo service logstash restart
#Deploy and start BroIDS
echo "Deploying and starting BroIDS"
sudo /opt/nsm/bro/bin/broctl deploy
sudo /opt/nsm/bro/bin/broctl start