#!/bin/sh # # THIS SCRIPT MUST BE RUN AS USER "ROOT" # # Auth: David Marcoux # #if [ $# -lt 1 ];then # echo -e "\nUsage: #./post-install-script.sh \n" # echo -e " 1- Standard Snort Box (IDS/Traffic Recorder)" # echo -e " 2- Special Snort Box (Investigations)\n" # exit #fi # set default directory cd . echo " " echo " " echo "ACME Snort box install script..." echo " " echo "System Purpose/Role?" echo " 1. Standard (IDS/ACID/DDR)" echo " 2. Special (Investigation)" echo " " read purpose echo " " echo "Hardware?" echo " 1. Penguin 1U - Relion 140" echo " 2. Shuttle XPC / Other" echo " " read hardware echo " " echo "Number of snort interfaces (1-6)?" echo " " read interfaces echo " " echo "Hostname?" echo " " read hostname # Set hostname grep -v "HOSTNAME" /etc/sysconfig/network > /tmp/network mv /tmp/network /etc/sysconfig/network echo "HOSTNAME=$hostname" >> /etc/sysconfig/network if ! grep -q '^maintenance:' /etc/passwd; then echo -e "\nAdding account \"maintenance\"..." adduser maintenance passwd maintenance echo -e "\nPress [enter] to continue..." read dummie fi if ! grep -q '^rulemgr:' /etc/passwd; then echo -e "\nAdding account \"rulemgr\"..." adduser rulemgr passwd rulemgr echo -e "\nPress [enter] to continue..." read dummie fi if ! grep -q '^bkdr:' /etc/passwd; then echo -e "\nAdding account \"bkdr\"..." adduser -o -u 0 -g 0 bkdr passwd bkdr echo -e "\nPress [enter] to continue..." read dummie fi if ! grep -q '^analyst:' /etc/group; then groupadd analyst chgrp analyst /dat* chmod 775 /dat* fi echo -e "\nDisabling unnecessary services..." chkconfig netfs off chkconfig nfs off chkconfig random off chkconfig rawdevices off chkconfig portmap off chkconfig apmd off chkconfig atd off chkconfig gpm off chkconfig autofs off chkconfig keytable off chkconfig kudzu off chkconfig sendmail off chkconfig nfslock off chkconfig rhnsd off chkconfig anacron off chkconfig isdn off chkconfig pcmcia off chkconfig irda off chkconfig snmpd off chkconfig snmprapd off chkconfig winbind off chkconfig saslauthd off echo -e "\nPress [enter] to continue..." read dummie echo -e "\nRemove unnecessary accounts..." userdel acme userdel adm userdel lp userdel news userdel uucp userdel operator userdel games userdel gopher userdel ftp userdel guest userdel sync echo -e "\nPress [enter] to continue..." read dummie echo -e "\nRemoving unnecessary RPMs..." scripts/remove-unnecessary-rpms.sh echo -e "\nPress [enter] to continue..." read dummie echo "Installing RedHat PGP & GPG public keys..." rpm --import /usr/share/doc/rpm-4.2/RPM-PGP-KEY rpm --import /usr/share/doc/rpm-4.2/RPM-GPG-KEY echo -e "\nInstalling supplemental RPMs..." rpm -i -v install/*.rpm echo -e "\nPress [enter] to continue..." read dummie echo -e "\nUpgrade appropriate RPMs..." rpm -Fvh updates/*.rpm echo -e "\nPress [enter] to continue..." read dummie echo -e "\nInsert/Modify files (1)..." # Add some commands in /etc/rc.local and then run them echo "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts" >> /etc/rc.local echo "cp /usr/sbin/snort /usr/sbin/snort-log" >> /etc/rc.local echo "cp /usr/sbin/snort /usr/sbin/snort-alert" >> /etc/rc.local /etc/rc.local mkdir -p -v /root/bin chmod 755 /root/bin chown root:root /root/bin cp -v scripts/smbloginhunter.sh /root/bin/ chmod 755 /root/bin/smbloginhunter.sh chown root:root /root/bin/smbloginhunter.sh cp -v scripts/makespace* /bin/ chmod 700 /bin/makespace* chown root:root /bin/makespace* cp -v scripts/parser /bin/parser chmod 755 /bin/parser chown root:root /bin/parser # allow normal users to use tcpdump ln -s /usr/sbin/tcpdump /bin/tcpdump echo -e "\nPress [enter] to continue..." read dummie echo -e "\nInsert/Modify files (2)..." rm -f /etc/snort/snort.conf rm -f /etc/rc.d/init.d/snortd cp -v scripts/snort-alert /etc/rc.d/init.d/snort-alert cp -v scripts/snort-log /etc/rc.d/init.d/snort-log cp -v scripts/snort.conf /etc/snort/snort.conf cp -v scripts/snort-log.conf /etc/snort/snort-log.conf chmod 755 /etc/rc.d/init.d/snort* chown root:root /etc/rc.d/init.d/snort* chown root:rulemgr /etc/snort chown root:rulemgr /etc/snort/* chmod 775 /etc/snort chmod 664 /etc/snort/* rm -rf /etc/snort/rules/ ln -s /etc/rc.d/init.d/snort-log /etc/rc.d/rc3.d/S99snort-log ln -s /etc/rc.d/init.d/snort-log /etc/rc.d/rc3.d/K99snort-log ln -s /etc/rc.d/init.d/snort-alert /etc/rc.d/rc3.d/S99snort-alert ln -s /etc/rc.d/init.d/snort-alert /etc/rc.d/rc3.d/K99snort-alert echo -e "\nPress [enter] to continue..." read dummie echo -e "\nInsert/Modify files (3)..." # install barnyard, stunnel, and libmysql stuff cp -v scripts/barnyard.conf /etc/snort/barnyard.conf chmod 600 /etc/snort/barnyard.conf chown root:root /etc/snort/barnyard.conf cp -v scripts/stunnel.conf /etc/stunnel/stunnel.conf chmod 600 /etc/stunnel/stunnel.conf chown root:root /etc/stunnel/stunnel.conf cp -v install/barnyard /bin/barnyard chmod 700 /bin/barnyard chown root:root /bin/barnyard cp -v scripts/barnyard /etc/rc.d/init.d/barnyard chmod 700 /etc/rc.d/init.d/barnyard chown root:root /etc/rc.d/init.d/barnyard mkdir /usr/local/mysql mkdir /usr/local/mysql/lib mkdir /usr/local/mysql/lib/mysql rm -rf /usr/local/mysql/lib/mysql/* unzip install/libmysqlclient.zip -d /usr/local/mysql/lib/mysql ln -s /usr/local/mysql/lib/mysql/libmysqlclient.so /usr/local/mysql/lib/mysql/mysqlclient.so.12 echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf echo "/usr/local/lib" >> /etc/ld.so.conf ldconfig cp -v scripts/resolv.conf /etc/resolv.conf chmod 644 /etc/resolv.conf chown root:root /etc/resolv.conf cp -v scripts/services.sample /etc/services chmod 644 /etc/services chown root:root /etc/services cp -v scripts/sshd_config.sample /etc/ssh/sshd_config chmod 600 /etc/ssh/sshd_config chown root:root /etc/ssh/sshd_config cp -v scripts/warning-banner.sample /etc/issue cp -v scripts/warning-banner.sample /etc/issue.net cp -v scripts/warning-banner.sample /etc/motd chmod 644 /etc/issu* chmod 644 /etc/motd chown root:root /etc/issu* chown root:root /etc/motd echo -e "\nPress [enter] to continue..." read dummie echo -e "\nInsert/Modify files (4)..." rm -rf /etc/sysconfig/network-scripts/ifcfg-eth* rm -rf /etc/sysconfig/network-scripts/ifcfg-bond* rm -rf /etc/sysconfig/network-scripts/ifcfg-bridg* cp scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ cp scripts/ifcfg-eth1 /etc/sysconfig/network-scripts/ cp scripts/ifcfg-bond0 /etc/sysconfig/network-scripts/ if [ $interfaces -eq 2 ]; then cp scripts/ifcfg-eth2 /etc/sysconfig/network-scripts/ fi if [ $interfaces -eq 3 ]; then cp scripts/ifcfg-eth3 /etc/sysconfig/network-scripts/ fi if [ $interfaces -eq 4 ]; then cp scripts/ifcfg-eth4 /etc/sysconfig/network-scripts/ fi if [ $interfaces -eq 5 ]; then cp scripts/ifcfg-eth5 /etc/sysconfig/network-scripts/ fi if [ $interfaces -eq 6 ]; then cp scripts/ifcfg-eth6 /etc/sysconfig/network-scripts/ fi chown root:root /etc/sysconfig/network-scripts/ifcfg* chmod 755 /etc/sysconfig/network-scripts/ifcfg* if [ $hardware -eq 1 ]; then # Set the eth interfaces in the preferred order. egrep -v "eth0|eth1|eth2|bond0" /etc/modules.conf > /tmp/modules.conf mv /tmp/modules.conf /etc/modules.conf echo "alias eth0 e100 " >> /etc/modules.conf echo "alias eth1 e1000" >> /etc/modules.conf echo "alias eth2 e1000" >> /etc/modules.conf chmod 644 /etc/modules.conf chown root:root /etc/modules.conf fi # set up channel bonding echo "alias bond0 bonding " >> /etc/modules.conf echo "options bond0 miimon=100 downdelay=0" >> /etc/modules.conf echo -e "\nPress [enter] to continue..." read dummie echo -e "\nStart/Stop network service..." # Start all interfaces so that we can install the firewall script /etc/rc.d/init.d/network restart sleep 5 echo -e "\nPress [enter] to continue..." read dummie echo -e "\nInstall firewall..." scripts/install-iptables-firewall1.sh echo -e "\nPress [enter] to continue..." read dummie echo " " echo "Installing crontab entries..." crontab scripts/crontab.sample echo -e "\nPress [enter] to continue..." read dummie echo " " echo "Removing unnecessary files..." rm -v /etc/xinetd.d/* rm -v /root/install.log rm -v /root/install.log.syslog echo -e "\nPress [enter] to continue..." read dummie echo "Done. Time to reboot"