forked from SpyGuard/SpyGuard
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.sh
246 lines (210 loc) · 7.49 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
#!/bin/bash
CURRENT_USER="${SUDO_USER}"
SCRIPT_PATH="$( cd "$(dirname "$0")" ; pwd -P )"
HOST="$( hostname )"
LOCALES=(de en es fr it pl pt ru)
welcome_screen() {
cat << "EOF"
__ _ __ _ _
(_ |_) \_/ /__ | | /\ |_) | \
__) | | \_| |_| /--\ | \ |_/
SpyGuard is a fork of TinyCheck, developped by Kaspersky.
-----
EOF
}
set_userlang() {
# Set the user language.
echo -e "\e[39m[+] Setting the user language...\e[39m"
printf -v joined '%s/' "${LOCALES[@]}"
echo -n " Please choose a language for the reports and the user interface (${joined%/}): "
read lang
if [[ " ${LOCALES[@]} " =~ " ${lang} " ]]; then
sed -i "s/userlang/${lang}/g" /usr/share/spyguard/config.yaml
echo -e "\e[92m [✔] User language settled!\e[39m"
else
echo -e "\e[91m [✘] You must choose between the languages proposed, let's retry.\e[39m"
set_userlang
fi
}
testing_distro() {
# Check if the package manager is apt
if [[ ! -f "/usr/bin/apt" ]]; then
echo -e "\e[91m [✘] You must run this script on a system with apt package management system, like Debian.\e[39m"
echo -e "\e[91m Exiting...\e[39m"
exit
fi
}
set_credentials() {
# Set the credentials to access to the backend.
echo -e "\e[39m[+] Setting the backend credentials...\e[39m"
echo -n " Please choose a username for SpyGuard's backend: "
read login
echo -n " Please choose a password for SpyGuard's backend: "
read -s password1
echo ""
echo -n " Please confirm the password: "
read -s password2
echo ""
if [ $password1 = $password2 ]; then
password=$(echo -n "$password1" | sha256sum | cut -d" " -f1)
sed -i "s/userlogin/$login/g" /usr/share/spyguard/config.yaml
sed -i "s/userpassword/$password/g" /usr/share/spyguard/config.yaml
echo -e "\e[92m [✔] Credentials saved successfully!\e[39m"
else
echo -e "\e[91m [✘] The passwords aren't equal, please retry.\e[39m"
set_credentials
fi
}
create_directory() {
# Create the SpyGuard directory and move the whole stuff there.
echo -e "[+] Creating SpyGuard folder under /usr/share/"
mkdir /usr/share/spyguard
cp -Rf ./* /usr/share/spyguard
}
generate_certificate() {
# Generating SSL certificate for the backend.
echo -e "[+] Generating SSL certificate for the backend"
openssl req -x509 -subj '/CN=spyguard.local/O=Spyguard Backend' -newkey rsa:4096 -nodes -keyout /usr/share/spyguard/server/backend/key.pem -out /usr/share/spyguard/server/backend/cert.pem -days 3650
}
create_services() {
# Create services to launch the two servers.
echo -e "\e[39m[+] Creating services\e[39m"
echo -e "\e[92m [✔] Creating frontend service\e[39m"
cat >/lib/systemd/system/spyguard-frontend.service <<EOL
[Unit]
Description=Spyguard frontend service
[Service]
Type=simple
ExecStart=/usr/share/spyguard/spyguard-venv/bin/python3 /usr/share/spyguard/server/frontend/main.py
Restart=on-abort
KillMode=process
[Install]
WantedBy=multi-user.target
EOL
echo -e "\e[92m [✔] Creating backend service\e[39m"
cat >/lib/systemd/system/spyguard-backend.service <<EOL
[Unit]
Description=Spyguard backend service
[Service]
Type=simple
ExecStart=/usr/share/spyguard/spyguard-venv/bin/python3 /usr/share/spyguard/server/backend/main.py
Restart=on-abort
KillMode=process
[Install]
WantedBy=multi-user.target
EOL
echo -e "\e[92m [✔] Creating watchers service\e[39m"
cat >/lib/systemd/system/spyguard-watchers.service <<EOL
[Unit]
Description=spyguard watchers service
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
ExecStart=/usr/share/spyguard/spyguard-venv/bin/python3 /usr/share/spyguard/server/backend/watchers.py
Restart=on-abort
KillMode=process
[Install]
WantedBy=multi-user.target
EOL
echo -e "\e[92m [✔] Enabling services\e[39m"
systemctl enable spyguard-frontend &> /dev/null
systemctl enable spyguard-backend &> /dev/null
systemctl enable spyguard-watchers &> /dev/null
echo -e "\e[92m [✔] Starting services\e[39m"
systemctl start spyguard-frontend
systemctl start spyguard-backend
}
change_hostname() {
# Changing the hostname to spyguard
echo -e "[+] Changing the hostname to spyguard"
echo "spyguard" > /etc/hostname
sed -i "s/$HOST/spyguard/g" /etc/hosts
# Adding spyguard.local to the /etc/hosts.
echo "127.0.0.1 spyguard.local" >> /etc/hosts
}
install_packages() {
# Install associated packages by using aptitude.
packages=("tshark"
"sqlite3"
"suricata"
"dnsutils"
"python3-pip"
"python3-venv"
"net-tools")
echo -e "\e[39m[+] Checking dependencies...\e[39m"
for package in "${packages[@]}"
do
if dpkg-query -W -f='${Status}' "$package" 2>/dev/null | grep -q -P '^install ok installed$'; then
echo -e "\e[92m [✔] $package is already installed\e[39m"
else
echo -e "\e[93m [✘] $package is not installed, lets install it\e[39m"
apt-get install -y "$package"
if [ $? -eq 0 ]; then
echo -e "\e[92m [✔] $package was successfully installed\e[39m"
else
echo -e "\e[91m [✘] $package has an error during the installation\e[39m"
fi
fi
done
}
create_venv() {
echo -e "\e[39m[+] Create and activate Virtual Environment for Python packages\e[39m"
python3 -m venv /usr/share/spyguard/spyguard-venv
source /usr/share/spyguard/spyguard-venv/bin/activate
echo -e "\e[39m[+] Install Python packages...\e[39m"
python3 -m pip install -r "$SCRIPT_PATH/assets/requirements.txt" --no-cache-dir
}
get_version() {
# Get the actual SpyGuard version
git tag | tail -n 1 | xargs echo -n > /usr/share/spyguard/VERSION
}
cleaning() {
# Removing some files and useless directories
rm /usr/share/spyguard/install.sh
rm /usr/share/spyguard/README.md
rm /usr/share/spyguard/LICENSE.txt
rm /usr/share/spyguard/NOTICE.txt
rm -rf /usr/share/spyguard/assets/
# Disabling the suricata service
systemctl disable suricata.service &> /dev/null
# Removing some useless dependencies.
apt autoremove -y &> /dev/null
echo -e "\e[92m[+] Installation finished! You can open https://localhost:8443 to configure network settings.\e[39m"
}
create_database() {
# Create the database. This base will be provisioned in IOCs by the watchers
sqlite3 "/usr/share/spyguard/database.sqlite3" < "$SCRIPT_PATH/assets/scheme.sql"
}
feeding_iocs() {
echo -e "\e[39m[+] Feeding your SpyGuard instance with fresh IOCs and whitelist, please wait."
python3 /usr/share/spyguard/server/backend/watchers.py 2>/dev/null
# Then, let's activate watchers service
systemctl start spyguard-watchers
}
if [[ $EUID -ne 0 ]]; then
echo "This must be run as root. Type in 'sudo bash $0' to run."
exit 1
elif [[ -f /usr/share/spyguard/config.yaml ]]; then
echo "You have a Spyguard instance already installed on this box."
echo " - If you want to update the instance, please execute:"
echo " sudo bash /usr/share/spyguard/update.sh"
echo " - If you want to uninstall the instance, please execute:"
echo " sudo bash /usr/share/spyguard/uninstall.sh"
exit 1
else
welcome_screen
testing_distro
create_directory
get_version
set_userlang
set_credentials
install_packages
create_venv
change_hostname
generate_certificate
create_database
create_services
feeding_iocs
cleaning
fi