From 1bfad461d99d3fc38f180628bd4b012c32a6c5b2 Mon Sep 17 00:00:00 2001 From: Marc Smeets Date: Fri, 23 Oct 2020 13:56:46 +0200 Subject: [PATCH] Update to logging format installer files --- c2servers/install-c2server-cobaltstrike.sh | 48 ++++----- c2servers/install-c2server-poshc2.sh | 32 +++--- elkserver/install-elkserver-docker.sh | 21 ++-- elkserver/install-elkserver.sh | 119 +++++++++++---------- initial-setup-docker.sh | 34 +++--- initial-setup.sh | 36 +++---- redirs/install-redir.sh | 2 +- 7 files changed, 151 insertions(+), 141 deletions(-) diff --git a/c2servers/install-c2server-cobaltstrike.sh b/c2servers/install-c2server-cobaltstrike.sh index f8c3d51f..013b966a 100755 --- a/c2servers/install-c2server-cobaltstrike.sh +++ b/c2servers/install-c2server-cobaltstrike.sh @@ -35,7 +35,7 @@ preinstallcheck() { service filebeat stop ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not stop filebeat (Error Code: $ERROR)." + echoerror "[X] Could not stop filebeat (Error Code: $ERROR)." fi fi fi @@ -83,14 +83,14 @@ echo "[*] Adding GPG key of Elastic" | tee -a $LOGFILE wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not add GPG key (Error Code: $ERROR)." + echoerror "[X] Could not add GPG key (Error Code: $ERROR)." fi echo "[*] Installing apt-transport-https" | tee -a $LOGFILE apt-get install -y apt-transport-https >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install apt-transport-https (Error Code: $ERROR)." + echoerror "[X] Could not install apt-transport-https (Error Code: $ERROR)." fi echo "[*] Adding Elastic APT repository" | tee -a $LOGFILE @@ -99,77 +99,77 @@ if [ ! -f /etc/apt/sources.list.d/elastic-7.x.list ]; then fi ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not add APT repository (Error Code: $ERROR)." + echoerror "[X] Could not add APT repository (Error Code: $ERROR)." fi echo "[*] Updating APT" | tee -a $LOGFILE apt-get update >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not update APT (Error Code: $ERROR)." + echoerror "[X] Could not update APT (Error Code: $ERROR)." fi echo "[*] Installing filebeat" | tee -a $LOGFILE apt-get install -y filebeat=$ELKVERSION >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install filebeat (Error Code: $ERROR)." + echoerror "[X] Could not install filebeat (Error Code: $ERROR)." fi echo "[*] Setting filebeat to auto start after reboot" | tee -a $LOGFILE systemctl enable filebeat >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not change auto boot settings (Error Code: $ERROR)." + echoerror "[X] Could not change auto boot settings (Error Code: $ERROR)." fi echo "[*] Making backup of original filebeat config" | tee -a $LOGFILE mv /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.ori >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not make backup (Error Code: $ERROR)." + echoerror "[X] Could not make backup (Error Code: $ERROR)." fi echo "[*] Copying new config file" | tee -a $LOGFILE cp ./filebeat/filebeat_cobaltstrike.yml /etc/filebeat/filebeat.yml >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy filebeat config (Error Code: $ERROR)." + echoerror "[X] Could not copy filebeat config (Error Code: $ERROR)." fi echo "[*] Copying ca file" | tee -a $LOGFILE cp ./filebeat/redelkCA.crt /etc/filebeat/ >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy ca file (Error Code: $ERROR)." + echoerror "[X] Could not copy ca file (Error Code: $ERROR)." fi echo "[*] Altering hostname field in filebeat config" | tee -a $LOGFILE sed -i s/'@@HOSTNAME@@'/$1/g /etc/filebeat/filebeat.yml >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not change hostname field in filebeat config (Error Code: $ERROR)." + echoerror "[X] Could not change hostname field in filebeat config (Error Code: $ERROR)." fi echo "[*] Altering attackscenario field in filebeat config" | tee -a $LOGFILE sed -i s/'@@ATTACKSCENARIO@@'/$2/g /etc/filebeat/filebeat.yml >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not change attackscenario field in filebeat config (Error Code: $ERROR)." + echoerror "[X] Could not change attackscenario field in filebeat config (Error Code: $ERROR)." fi echo "[*] Altering log destination field in filebeat config" | tee -a $LOGFILE sed -i s/'@@HOSTANDPORT@@'/$3/g /etc/filebeat/filebeat.yml >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not change log destination field in filebeat config (Error Code: $ERROR)." + echoerror "[X] Could not change log destination field in filebeat config (Error Code: $ERROR)." fi echo "[*] Starting filebeat" | tee -a $LOGFILE service filebeat start >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not start filebeat (Error Code: $ERROR)." + echoerror "[X] Could not start filebeat (Error Code: $ERROR)." fi echo "[*] Creating scponly user" | tee -a $LOGFILE @@ -182,7 +182,7 @@ else fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create scponly user (Error Code: $ERROR)." + echoerror "[X] Could not create scponly user (Error Code: $ERROR)." fi echo "[*] Setting ssh key authentication for scponly user" | tee -a $LOGFILE @@ -195,14 +195,14 @@ if [ $EXIT -eq 0 ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not set ssh key authentication for scponly user (Error Code: $ERROR)." + echoerror "[X] Could not set ssh key authentication for scponly user (Error Code: $ERROR)." fi echo "[*] Installing rush" | tee -a $LOGFILE apt-get install -y rush >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install rush (Error Code: $ERROR)." + echoerror "[X] Could not install rush (Error Code: $ERROR)." fi echo "[*] Configuring rush" | tee -a $LOGFILE @@ -225,7 +225,7 @@ EOF fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not configure rush (Error Code: $ERROR)." + echoerror "[X] Could not configure rush (Error Code: $ERROR)." fi echo "[*] Creating crontab for local rscync of cobaltstrike logs" | tee -a $LOGFILE @@ -234,42 +234,42 @@ if [ ! -f /etc/cron.d/redelk_cobaltstrike ]; then fi ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create crontab for local rsync of cobaltstrike logs (Error Code: $ERROR)." + echoerror "[X] Could not create crontab for local rsync of cobaltstrike logs (Error Code: $ERROR)." fi echo "[*] Creating RedELK log directory" | tee -a $LOGFILE mkdir -p /var/log/redelk >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create RedELK log directory (Error Code: $ERROR)." + echoerror "[X] Could not create RedELK log directory (Error Code: $ERROR)." fi echo "[*] Copying RedELK background running scripts" | tee -a $LOGFILE mkdir -p /usr/share/redelk/bin && cp -r ./scripts/* /usr/share/redelk/bin/ && chmod -R 775 /usr/share/redelk/bin/* >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy background running scripts (Error Code: $ERROR)." + echoerror "[X] Could not copy background running scripts (Error Code: $ERROR)." fi echo "[*] Installing Python3 pip" | tee -a $LOGFILE apt-get install -y python3-pip >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Python3 pip (Error Code: $ERROR)." + echoerror "[X] Could not install Python3 pip (Error Code: $ERROR)." fi echo "[*] Installing pip modules for CS .bin parsing" | tee -a $LOGFILE pip3 install javaobj-py3 >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install pip modules for .bin parsing (Error Code: $ERROR)." + echoerror "[X] Could not install pip modules for .bin parsing (Error Code: $ERROR)." fi echo "[*] Restarting filebeat" | tee -a $LOGFILE service filebeat restart >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not restart filebeat (Error Code: $ERROR)." + echoerror "[X] Could not restart filebeat (Error Code: $ERROR)." fi diff --git a/c2servers/install-c2server-poshc2.sh b/c2servers/install-c2server-poshc2.sh index 5b3b70de..81675d96 100755 --- a/c2servers/install-c2server-poshc2.sh +++ b/c2servers/install-c2server-poshc2.sh @@ -36,7 +36,7 @@ preinstallcheck() { service filebeat stop ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not stop filebeat (Error Code: $ERROR)." + echoerror "[X] Could not stop filebeat (Error Code: $ERROR)." fi fi fi @@ -85,14 +85,14 @@ echo "[*] Adding GPG key of Elastic" | tee -a $LOGFILE wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not add GPG key (Error Code: $ERROR)." + echoerror "[X] Could not add GPG key (Error Code: $ERROR)." fi echo "[*] Installing apt-transport-https" | tee -a $LOGFILE apt-get install -y apt-transport-https >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install apt-transport-https (Error Code: $ERROR)." + echoerror "[X] Could not install apt-transport-https (Error Code: $ERROR)." fi echo "[*] Adding Elastic APT repository" | tee -a $LOGFILE @@ -101,91 +101,91 @@ if [ ! -f /etc/apt/sources.list.d/elastic-6.x.list ]; then fi ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not add APT repository (Error Code: $ERROR)." + echoerror "[X] Could not add APT repository (Error Code: $ERROR)." fi echo "[*] Updating APT" | tee -a $LOGFILE apt-get update >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not update APT (Error Code: $ERROR)." + echoerror "[X] Could not update APT (Error Code: $ERROR)." fi echo "[*] Installing filebeat" | tee -a $LOGFILE apt-get install -y filebeat=$ELKVERSION >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install filebeat (Error Code: $ERROR)." + echoerror "[X] Could not install filebeat (Error Code: $ERROR)." fi echo "[*] Setting filebeat to auto start after reboot" | tee -a $LOGFILE systemctl enable filebeat >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not change auto boot settings (Error Code: $ERROR)." + echoerror "[X] Could not change auto boot settings (Error Code: $ERROR)." fi echo "[*] Making backup of original filebeat config" | tee -a $LOGFILE mv /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.ori >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not make backup (Error Code: $ERROR)." + echoerror "[X] Could not make backup (Error Code: $ERROR)." fi echo "[*] Copying new config file" | tee -a $LOGFILE cp ./filebeat/filebeat_poshc2.yml /etc/filebeat/filebeat.yml >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy filebeat config (Error Code: $ERROR)." + echoerror "[X] Could not copy filebeat config (Error Code: $ERROR)." fi echo "[*] Copying ca file" | tee -a $LOGFILE cp ./filebeat/redelkCA.crt /etc/filebeat/ >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy ca file (Error Code: $ERROR)." + echoerror "[X] Could not copy ca file (Error Code: $ERROR)." fi echo "[*] Altering hostname field in filebeat config" | tee -a $LOGFILE sed -i s/'@@HOSTNAME@@'/$1/g /etc/filebeat/filebeat.yml >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not change hostname field in filebeat config (Error Code: $ERROR)." + echoerror "[X] Could not change hostname field in filebeat config (Error Code: $ERROR)." fi echo "[*] Altering attackscenario field in filebeat config" | tee -a $LOGFILE sed -i s/'@@ATTACKSCENARIO@@'/$2/g /etc/filebeat/filebeat.yml >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not change attackscenario field in filebeat config (Error Code: $ERROR)." + echoerror "[X] Could not change attackscenario field in filebeat config (Error Code: $ERROR)." fi echo "[*] Altering log destination field in filebeat config" | tee -a $LOGFILE sed -i s/'@@HOSTANDPORT@@'/$3/g /etc/filebeat/filebeat.yml >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not change log destination field in filebeat config (Error Code: $ERROR)." + echoerror "[X] Could not change log destination field in filebeat config (Error Code: $ERROR)." fi echo "[*] Starting filebeat" | tee -a $LOGFILE service filebeat start >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not start filebeat (Error Code: $ERROR)." + echoerror "[X] Could not start filebeat (Error Code: $ERROR)." fi echo "[*] Creating RedELK log directory" | tee -a $LOGFILE mkdir -p /var/log/redelk >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create RedELK log directory (Error Code: $ERROR)." + echoerror "[X] Could not create RedELK log directory (Error Code: $ERROR)." fi echo "[*] Restarting filebeat" | tee -a $LOGFILE service filebeat restart >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not restart filebeat (Error Code: $ERROR)." + echoerror "[X] Could not restart filebeat (Error Code: $ERROR)." fi grep -i error $LOGFILE 2>&1 diff --git a/elkserver/install-elkserver-docker.sh b/elkserver/install-elkserver-docker.sh index 93c8137d..520adae4 100755 --- a/elkserver/install-elkserver-docker.sh +++ b/elkserver/install-elkserver-docker.sh @@ -65,7 +65,7 @@ install_docker(){ apt -y install docker >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install docker via apt (Error Code: $ERROR)." + echoerror "[X] Could not install docker via apt (Error Code: $ERROR)." exit 1 fi else @@ -88,7 +88,7 @@ install_docker_compose(){ apt -y install docker-compose >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install docker-compose via apt (Error Code: $ERROR)." + echoerror "[X] Could not install docker-compose via apt (Error Code: $ERROR)." exit 1 fi else @@ -98,7 +98,7 @@ install_docker_compose(){ chmod +x /usr/local/bin/docker-compose >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install docker-compose (Error Code: $ERROR)." + echoerror "[X] Could not install docker-compose (Error Code: $ERROR)." exit 1 fi fi @@ -137,6 +137,11 @@ preinstallcheck() { # checking system memory and setting variables AVAILABLE_MEMORY=$(awk '/MemAvailable/{printf "%.f", $2/1024}' /proc/meminfo) + ERROR=$? + if [ $ERROR -ne 0 ]; then + echo "[X] Error getting memory configuration of this host. Exiting." | tee -a $LOGFILE + exit 1 + fi # check for full or limited install if [ ${WHATTOINSTALL} = "limited" ]; then @@ -206,7 +211,7 @@ echo "[*] Adjusting memory settings for ES" | tee -a $LOGFILE sed -E -i.bak "s/Xms1g/Xms${ES_MEMORY}/g" ./docker/${DOCKERCONFFILE} >> $LOGFILE 2>&1 && sed -E -i.bak2 "s/Xmx1g/Xmx${ES_MEMORY}/g" ./docker/${DOCKERCONFFILE} >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Coul not adjust ES memory settings (Error Code: $ERROR)." + echoerror "[X] Could not adjust ES memory settings (Error Code: $ERROR)." fi if [ ${WHATTOINSTALL} = "full" ]; then @@ -214,7 +219,7 @@ if [ ${WHATTOINSTALL} = "full" ]; then sed -E -i.bak3 "s/_size=1G/_size=${NEO4J_MEMORY}/g" ./docker/${DOCKERCONFFILE} ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Coul not adjust ES memory settings (Error Code: $ERROR)." + echoerror "[X] Could not adjust ES memory settings (Error Code: $ERROR)." fi fi @@ -222,14 +227,14 @@ echo "[*] Setting permissions on certs for logstash" | tee -a $LOGFILE chown 1000 ./docker/redelk-logstash/live/config/certs/elkserver.crt && chown 1000 ./docker/redelk-logstash/live/config/certs/elkserver.key >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not set permissions on certs for logsatsh (Error Code: $ERROR)." + echoerror "[X] Could not set permissions on certs for logsatsh (Error Code: $ERROR)." fi echo "[*] Setting permissions on redelk logs" | tee -a $LOGFILE chown 1000 ./docker/redelk-base/live/redelklogs/* && chmod 664 ./docker/redelk-base/live/redelklogs/* >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not set permissions on redelk logs (Error Code: $ERROR)." + echoerror "[X] Could not set permissions on redelk logs (Error Code: $ERROR)." fi @@ -237,7 +242,7 @@ echo "[*] Building RedELK from $DOCKERCONFFILE file" | tee -a $LOGFILE docker-compose -f ./docker/$DOCKERCONFFILE up --build -d # >>$LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not build RedELK using docker-compose file $DOCKERCONFFILE (Error Code: $ERROR)." + echoerror "[X] Could not build RedELK using docker-compose file $DOCKERCONFFILE (Error Code: $ERROR)." exit 1 fi diff --git a/elkserver/install-elkserver.sh b/elkserver/install-elkserver.sh index 63397947..8e7a0568 100755 --- a/elkserver/install-elkserver.sh +++ b/elkserver/install-elkserver.sh @@ -80,7 +80,7 @@ preinstallcheck() { service logstash stop ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not stop logstash (Error Code: $ERROR)." + echoerror "[X] Could not stop logstash (Error Code: $ERROR)." fi fi fi @@ -96,13 +96,18 @@ preinstallcheck() { service elasticsearch stop ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not stop elasticsearch (Error Code: $ERROR)." + echoerror "[X] Could not stop elasticsearch (Error Code: $ERROR)." fi fi fi # checking system memory and setting variables AVAILABLE_MEMORY=$(awk '/MemAvailable/{printf "%.f", $2/1024}' /proc/meminfo) + ERROR=$? + if [ $ERROR -ne 0 ]; then + echo "[X] Error getting memory configuration of this host. Exiting." | tee -a $LOGFILE + exit 1 + fi # check for full or limited install if [ ${WHATTOINSTALL} = "limited" ]; then @@ -219,14 +224,14 @@ echo "[*] Adding GPG key of Elastic" | tee -a $LOGFILE wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not add GPG key (Error Code: $ERROR)." + echoerror "[X] Could not add GPG key (Error Code: $ERROR)." fi echo "[*] Installing apt-transport-https" | tee -a $LOGFILE apt-get install -y apt-transport-https >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install apt-transport-https (Error Code: $ERROR)." + echoerror "[X] Could not install apt-transport-https (Error Code: $ERROR)." fi echo "[*] Adding Elastic APT repository" | tee -a $LOGFILE @@ -235,63 +240,63 @@ if [ ! -f /etc/apt/sources.list.d/elastic-7.x.list ]; then fi ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not add APT repository (Error Code: $ERROR)." + echoerror "[X] Could not add APT repository (Error Code: $ERROR)." fi echo "[*] Updating APT" | tee -a $LOGFILE apt-get update >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not update APT (Error Code: $ERROR)." + echoerror "[X] Could not update APT (Error Code: $ERROR)." fi echo "[*] Installing openjdk-11-jre-headless" | tee -a $LOGFILE apt-get install -y openjdk-11-jre-headless >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install openjdk-11-jre-headless (Error Code: $ERROR)." + echoerror "[X] Could not install openjdk-11-jre-headless (Error Code: $ERROR)." fi echo "[*] Installing logstash" | tee -a $LOGFILE apt-get install -y logstash=1:$ELKVERSION-1 >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install logstash (Error Code: $ERROR)." + echoerror "[X] Could not install logstash (Error Code: $ERROR)." fi echo "[*] Copying new logstach config files" | tee -a $LOGFILE cp ./logstash/conf.d/* /etc/logstash/conf.d/ >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy logstash config (Error Code: $ERROR)." + echoerror "[X] Could not copy logstash config (Error Code: $ERROR)." fi echo "[*] Copying Logstash certificate files" | tee -a $LOGFILE cp -r ./logstash/certs /etc/logstash/ >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy Logstash certificate files (Error Code: $ERROR)." + echoerror "[X] Could not copy Logstash certificate files (Error Code: $ERROR)." fi echo "[*] Setting ownership of Logstash certificate files" | tee -a $LOGFILE chown logstash /etc/logstash/certs/* >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Error with setting ownership of Logstach cert files (Error Code: $ERROR)." + echoerror "[X] Error with setting ownership of Logstach cert files (Error Code: $ERROR)." fi echo "[*] Copying logstash Ruby scripts" | tee -a $LOGFILE cp -r ./logstash/ruby-scripts /etc/logstash/ >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy logstash Ruby scripts (Error Code: $ERROR)." + echoerror "[X] Could not copy logstash Ruby scripts (Error Code: $ERROR)." fi echo "[*] Setting logstash to auto start after reboot" | tee -a $LOGFILE systemctl enable logstash >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Coul not change auto boot settings (Error Code: $ERROR)." + echoerror "[X] Could not change auto boot settings (Error Code: $ERROR)." fi cd $CWD @@ -300,77 +305,77 @@ echo "[*] Installing elasticsearch" | tee -a $LOGFILE apt-get install -y elasticsearch=$ELKVERSION >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install elasticsearch (Error Code: $ERROR)." + echoerror "[X] Could not install elasticsearch (Error Code: $ERROR)." fi echo "[*] Setting elasticsearch to auto start after reboot" | tee -a $LOGFILE systemctl enable elasticsearch >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Coul not change auto boot settings (Error Code: $ERROR)." + echoerror "[X] Could not change auto boot settings (Error Code: $ERROR)." fi echo "[*] Adjusting memory settings for ES" | tee -a $LOGFILE sed -E -i.bak "s/Xms1g/Xms${ES_MEMORY}/g" /etc/elasticsearch/jvm.options && sed -E -i.bak2 "s/Xmx1g/Xmx${ES_MEMORY}/g" /etc/elasticsearch/jvm.options >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Coul not adjust ES memory settings (Error Code: $ERROR)." + echoerror "[X] Could not adjust ES memory settings (Error Code: $ERROR)." fi echo "[*] Installing Kibana" | tee -a $LOGFILE apt-get install -y kibana=$ELKVERSION >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Kibana (Error Code: $ERROR)." + echoerror "[X] Could not install Kibana (Error Code: $ERROR)." fi echo "[*] Setting Kibana to auto start after reboot" | tee -a $LOGFILE systemctl enable kibana >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Coul not change auto boot settings (Error Code: $ERROR)." + echoerror "[X] Could not change auto boot settings (Error Code: $ERROR)." fi echo "[*] Installing nginx" | tee -a $LOGFILE apt-get install -y nginx >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install nginx (Error Code: $ERROR)." + echoerror "[X] Could not install nginx (Error Code: $ERROR)." fi echo "[*] Setting nginx to auto start after reboot" | tee -a $LOGFILE systemctl enable nginx >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Coul not change auto boot settings (Error Code: $ERROR)." + echoerror "[X] Could not change auto boot settings (Error Code: $ERROR)." fi echo "[*] Copying nginx config files" | tee -a $LOGFILE cp ./nginx/htpasswd.users /etc/nginx/ && cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default_backup && cp ./nginx/sites-available/* /etc/nginx/sites-available && ln -s /etc/nginx/sites-available/jupyter /etc/nginx/sites-enabled/jupyter >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy nginx config (Error Code: $ERROR)." + echoerror "[X] Could not copy nginx config (Error Code: $ERROR)." fi echo "[*] Creating www dirs and setting permissions" | tee -a $LOGFILE mkdir -p /var/www/html/c2logs && chown -R www-data:www-data /var/www/html/c2logs && chmod 775 /var/www/html/c2logs >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create WWW dirs and set permissions (Error Code: $ERROR)." + echoerror "[X] Could not create WWW dirs and set permissions (Error Code: $ERROR)." fi echo "[*] Copying attack-navigator files" | tee -a $LOGFILE cp -r ./attack-navigator /var/www/html/ && chown -R www-data:www-data /var/www/html/attack-navigator && chmod u+rwX,g+rwX,o-rwx /var/www/html/attack-navigator >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy attack-navigator files (Error Code: $ERROR)." + echoerror "[X] Could not copy attack-navigator files (Error Code: $ERROR)." fi echo "[*] Starting elasticsearch" | tee -a $LOGFILE systemctl start elasticsearch >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not start Elasticsearch (Error Code: $ERROR)." + echoerror "[X] Could not start Elasticsearch (Error Code: $ERROR)." fi sleep 10 @@ -378,14 +383,14 @@ echo "[*] Starting Kibana" | tee -a $LOGFILE systemctl start kibana >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not start Kibana (Error Code: $ERROR)." + echoerror "[X] Could not start Kibana (Error Code: $ERROR)." fi echo "[*] Restarting nginx" | tee -a $LOGFILE service nginx restart >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not start nginx (Error Code: $ERROR)." + echoerror "[X] Could not start nginx (Error Code: $ERROR)." fi echo "[*] Creating redelk user" | tee -a $LOGFILE @@ -396,63 +401,63 @@ if [ $EXIT -ne 0 ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create redelk user (Error Code: $ERROR)." + echoerror "[X] Could not create redelk user (Error Code: $ERROR)." fi echo "[*] Setting up ssh keys for redelk user" | tee -a $LOGFILE mkdir -p /home/redelk/.ssh && cp ./ssh/id* /home/redelk/.ssh/ && chown -R redelk:redelk /home/redelk/.ssh && chmod 700 /home/redelk/.ssh && chmod 600 /home/redelk/.ssh/id* >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not setup ssh keys for redelk user (Error Code: $ERROR)." + echoerror "[X] Could not setup ssh keys for redelk user (Error Code: $ERROR)." fi echo "[*] Copying RedELK background running scripts (remote logs, thumbnails, enrichment, alarms, etc)" | tee -a $LOGFILE mkdir -p /usr/share/redelk/bin && cp -r ./scripts/* /usr/share/redelk/bin/ && chmod -R 775 /usr/share/redelk/bin/* >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy background running scripts (Error Code: $ERROR)." + echoerror "[X] Could not copy background running scripts (Error Code: $ERROR)." fi echo "[*] Installing script dependencies" | tee -a $LOGFILE apt-get install -y python3-pil python3-pip >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install script dependencies (Error Code: $ERROR)." + echoerror "[X] Could not install script dependencies (Error Code: $ERROR)." fi echo "[*] Installing Chameleon.py dependencies" | tee -a $LOGFILE pip3 install -r /usr/share/redelk/bin/Chameleon/requirements.txt >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Chameloen.py dependencies (Error Code: $ERROR)." + echoerror "[X] Could not install Chameloen.py dependencies (Error Code: $ERROR)." fi echo "[*] Installing python elasticsearch library" | tee -a $LOGFILE pip3 install elasticsearch >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install python elasticsearch library (Error Code: $ERROR)." + echoerror "[X] Could not install python elasticsearch library (Error Code: $ERROR)." fi echo "[*] Installing python dependencies for alarm connectors, i.e. MS Teams" | tee -a $LOGFILE pip3 install pymsteams >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install dependencies for alarm connectors (Error Code: $ERROR)." + echoerror "[X] Could not install dependencies for alarm connectors (Error Code: $ERROR)." fi echo "[*] Creating RedELK config directory" | tee -a $LOGFILE mkdir -p /etc/redelk >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create RedELK config directory (Error Code: $ERROR)." + echoerror "[X] Could not create RedELK config directory (Error Code: $ERROR)." fi echo "[*] Copying RedELK config files" | tee -a $LOGFILE cp -r ./etc/redelk/* /etc/redelk/ && chown redelk /etc/redelk/* >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy RedELK config files (Error Code: $ERROR)." + echoerror "[X] Could not copy RedELK config files (Error Code: $ERROR)." fi echo "[*] Preparing the SIEM signals index" | tee -a $LOGFILE @@ -460,7 +465,7 @@ upcheck_elasticsearch curl -X PUT "localhost:9200/.siem-signals-default?pretty" >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not prepare the SIEM signals index (Error Code: $ERROR)." + echoerror "[X] Could not prepare the SIEM signals index (Error Code: $ERROR)." fi sleep 1 @@ -469,7 +474,7 @@ upcheck_elasticsearch curl -X PUT "http://localhost:9200/_ilm/policy/redelk" -H "Content-Type: application/json" -d @./templates/redelk_elasticsearch_ilm.json >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Elasticsearch ILM policy (Error Code: $ERROR)." + echoerror "[X] Could not install Elasticsearch ILM policy (Error Code: $ERROR)." fi echo "[*] Installing Elasticsearch index templates" | tee -a $LOGFILE @@ -477,7 +482,7 @@ upcheck_elasticsearch for i in implantsdb rtops redirtraffic; do curl -X POST "http://localhost:9200/_template/$i" -H "Content-Type: application/json" -d @./templates/redelk_elasticsearch_template_$i.json; done >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Elasticsearch index templates (Error Code: $ERROR)." + echoerror "[X] Could not install Elasticsearch index templates (Error Code: $ERROR)." fi # Extra sleep seconds as Kibana often is slower in startup @@ -491,7 +496,7 @@ for i in ./templates/redelk_kibana_index-pattern*.ndjson; do done >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Kibana index patterns (Error Code: $ERROR)." + echoerror "[X] Could not install Kibana index patterns (Error Code: $ERROR)." fi echo "[*] Installing Kibana searches" | tee -a $LOGFILE @@ -499,7 +504,7 @@ upcheck_kibana curl -X POST "http://localhost:5601/api/saved_objects/_import?overwrite=true" -H 'kbn-xsrf: true' -F file=@./templates/redelk_kibana_search.ndjson >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Kibana searches (Error Code: $ERROR)." + echoerror "[X] Could not install Kibana searches (Error Code: $ERROR)." fi sleep 1 @@ -508,7 +513,7 @@ upcheck_kibana curl -X POST "http://localhost:5601/api/saved_objects/_import?overwrite=true" -H 'kbn-xsrf: true' -F file=@./templates/redelk_kibana_visualization.ndjson >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Kibana visualizations (Error Code: $ERROR)." + echoerror "[X] Could not install Kibana visualizations (Error Code: $ERROR)." fi sleep 1 @@ -517,7 +522,7 @@ upcheck_kibana curl -X POST "http://localhost:5601/api/saved_objects/_import?overwrite=true" -H 'kbn-xsrf: true' -F file=@./templates/redelk_kibana_dashboard.ndjson >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Kibana dashboards (Error Code: $ERROR)." + echoerror "[X] Could not install Kibana dashboards (Error Code: $ERROR)." fi sleep 1 @@ -526,7 +531,7 @@ upcheck_kibana curl -X POST "http://localhost:5601/api/kibana/settings" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' --data @./templates/redelk_kibana_settings.json >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Kibana advanced settings (Error Code: $ERROR)." + echoerror "[X] Could not install Kibana advanced settings (Error Code: $ERROR)." fi sleep 1 @@ -535,7 +540,7 @@ upcheck_kibana curl -X POST "http://localhost:5601/api/detection_engine/rules/_import?overwrite=true" -H 'kbn-xsrf: true' -F file=@./templates/redelk_siem_detection_rules.ndjson >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Kibana SIEM detection rules (Error Code: $ERROR)." + echoerror "[X] Could not install Kibana SIEM detection rules (Error Code: $ERROR)." fi sleep 1 @@ -543,14 +548,14 @@ echo "[*] Creating RedELK log directory" | tee -a $LOGFILE mkdir -p /var/log/redelk >> $LOGFILE 2>&1 && chown -R redelk:redelk /var/log/redelk >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create RedELK log directory (Error Code: $ERROR)." + echoerror "[X] Could not create RedELK log directory (Error Code: $ERROR)." fi echo "[*] Starting logstash" | tee -a $LOGFILE systemctl start logstash >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not start logstash (Error Code: $ERROR)." + echoerror "[X] Could not start logstash (Error Code: $ERROR)." fi echo "[*] Inserting the superawesomesauce RedELK logo into Kibana" | tee -a $LOGFILE @@ -558,7 +563,7 @@ upcheck_kibana curl 'http://localhost:5601/api/spaces/space/default?overwrite=true' -H 'kbn-xsrf: true' -X PUT -H 'Content-Type: application/json' -d @./kibana/redelklogo.json >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not adjust Kibana logo (Error Code: $ERROR)." + echoerror "[X] Could not adjust Kibana logo (Error Code: $ERROR)." fi if [ ${WHATTOINSTALL} = "full" ]; then @@ -566,7 +571,7 @@ if [ ${WHATTOINSTALL} = "full" ]; then apt-get install -y docker.io >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Docker.io (Error Code: $ERROR)." + echoerror "[X] Could not install Docker.io (Error Code: $ERROR)." fi echo "[*] Creating Docker bridged network" | tee -a $LOGFILE @@ -577,7 +582,7 @@ if [ ${WHATTOINSTALL} = "full" ]; then docker network create -d bridge --subnet 192.168.254.0/24 --gateway 192.168.254.1 dockernetredelk >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create Docker bridged network (Error Code: $ERROR)." + echoerror "[X] Could not create Docker bridged network (Error Code: $ERROR)." fi fi @@ -585,21 +590,21 @@ if [ ${WHATTOINSTALL} = "full" ]; then mkdir /usr/share/redelk/jupyter && cp ./jupyter/* /usr/share/redelk/jupyter/ && chown -R redelk:redelk /usr/share/redelk/jupyter && chmod 777 /usr/share/redelk/jupyter >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create Jupyter working dir or copy notebooks (Error Code: $ERROR)." + echoerror "[X] Could not create Jupyter working dir or copy notebooks (Error Code: $ERROR)." fi echo "[*] Installing Jupyter Notebooks docker image" | tee -a $LOGFILE docker pull jupyter/scipy-notebook:4a112c0f11eb >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Jupyter docker image (Error Code: $ERROR)." + echoerror "[X] Could not install Jupyter docker image (Error Code: $ERROR)." fi echo "[*] Starting Jupyter Notebooks docker image" | tee -a $LOGFILE docker run --restart unless-stopped --name jupyter-notebook -d --network dockernetredelk --ip 192.168.254.2 -p8888:8888 --add-host="elasticsearch:192.168.254.1" --add-host="bloodhound:192.168.254.3" -v /usr/share/redelk/jupyter:/home/jovyan/work jupyter/scipy-notebook start-notebook.sh --NotebookApp.token='' --NotebookApp.password='' --NotebookApp.allow_remote_access='True' --NotebookApp.allow_origin='*' --NotebookApp.base_url='/jupyter/' >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not start Jupyter docker image (Error Code: $ERROR)." + echoerror "[X] Could not start Jupyter docker image (Error Code: $ERROR)." fi echo "[*] Modifying elasticsearch config file to include docker ip interface" | tee -a $LOGFILE @@ -620,28 +625,28 @@ if [ ${WHATTOINSTALL} = "full" ]; then systemctl restart elasticsearch >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not restart Elasticsearch (Error Code: $ERROR)." + echoerror "[X] Could not restart Elasticsearch (Error Code: $ERROR)." fi echo "[*] Creating Neo4j/BloodHound working dir" | tee -a $LOGFILE mkdir -p /usr/share/redelk/neo4j/data && mkdir /usr/share/redelk/neo4j/logs && mkdir /usr/share/redelk/neo4j/import && mkdir /usr/share/redelk/neo4j/plugins && chown -R redelk:redelk /usr/share/redelk/neo4j >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create Neo4j/BloodHound working dir or copy notebooks (Error Code: $ERROR)." + echoerror "[X] Could not create Neo4j/BloodHound working dir or copy notebooks (Error Code: $ERROR)." fi echo "[*] Installing Neo4j/BloodHound docker image" | tee -a $LOGFILE docker pull specterops/bloodhound-neo4j >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not install Neo4j/BloodHound docker image (Error Code: $ERROR)." + echoerror "[X] Could not install Neo4j/BloodHound docker image (Error Code: $ERROR)." fi echo "[*] Starting Neo4j/BloodHound docker image" | tee -a $LOGFILE docker run --restart unless-stopped --name bloodhound -d --network dockernetredelk --ip 192.168.254.3 -p7474:7474 -p7687:7687 --add-host="elasticsearch:192.168.254.1" --add-host="jupyter:192.168.254.2" -v /usr/share/redelk/neo4j/data:/data -v /usr/share/redelk/neo4j/logs:/logs -v /usr/share/redelk/neo4j/import:/var/lib/neo4j/import -v /usr/share/redelk/neo4j/plugins:/plugins --env NEO4J_AUTH=neo4j/BloodHound --env NEO4J_dbms_memory_heap_initial__size=${NEO4J_MEMORY} --env NEO4J_dbms_memory_heap_max__size=${NEO4J_MEMORY} --env NEO4J_dbms_memory_pagecache_size=${NEO4J_MEMORY} specterops/bloodhound-neo4j >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not start Neo4j/BloodHound docker image (Error Code: $ERROR)." + echoerror "[X] Could not start Neo4j/BloodHound docker image (Error Code: $ERROR)." fi fi @@ -649,7 +654,7 @@ echo "[*] Creating crontab for redelk user actions" | tee -a $LOGFILE cp ./cron.d/redelk /etc/cron.d/redelk >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create crontab for redelk user actions (Error Code: $ERROR)." + echoerror "[X] Could not create crontab for redelk user actions (Error Code: $ERROR)." fi grep "* ERROR " redelk-install.log diff --git a/initial-setup-docker.sh b/initial-setup-docker.sh index ed9dd372..6908801e 100755 --- a/initial-setup-docker.sh +++ b/initial-setup-docker.sh @@ -13,7 +13,7 @@ echoerror() { printf "`date +'%b %e %R'` $INSTALLER - ${RC} * ERROR ${EC}: $@\n" >> $LOGFILE 2>&1 } - +printf "`date +'%b %e %R'` $INSTALLER - Starting installer\n" > $LOGFILE 2>&1 echo "" echo "" echo "" @@ -26,19 +26,19 @@ echo "" echo "" echo "" echo "This script will generate necessary keys and packages for RedELK deployments" -echo "`date +'%b %e %R'` $INSTALLER - Starting installer" | tee $LOGFILE -printf "`date +'%b %e %R'` $INSTALLER - Starting installer\n" > $LOGFILE 2>&1 +echo "" +echo "" if ! [ $# -eq 1 ] ; then echo "[X] ERROR missing parameter" echo "[X] require 1st parameter: path of openssl config file" - echoerror "Incorrect amount of parameters" + echoerror "[X] Incorrect amount of parameters" exit 1 fi if [ ! -f $1 ];then echo "[X] ERROR Could not find openssl config file. Stopping" - echoerror "Could not find openssl config file" + echoerror "[X] Could not find openssl config file" exit 1 fi >> $LOGFILE 2>&1 @@ -56,7 +56,7 @@ if [ ! -d "./certs" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror " Could not create ./certs directory (Error Code: $ERROR)." + echoerror "[X] Could not create ./certs directory (Error Code: $ERROR)." fi echo "[*] Generating private key for CA" | tee -a $LOGFILE @@ -65,7 +65,7 @@ if [ ! -f "./certs/redelkCA.key" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not generate private key for CA (Error Code: $ERROR)." + echoerror "[X] Could not generate private key for CA (Error Code: $ERROR)." fi echo "[*] Creating Certificate Authority" | tee -a $LOGFILE @@ -74,7 +74,7 @@ if [ ! -f "./certs/redelkCA.crt" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not generate certificate authority (Error Code: $ERROR)." + echoerror "[X] Could not generate certificate authority (Error Code: $ERROR)." fi echo "[*] Generating private key for ELK server" | tee -a $LOGFILE @@ -92,7 +92,7 @@ if [ ! -f "./certs/elkserver.csr" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not generate certificates for elk server (Error Code: $ERROR)." + echoerror "[X] Could not generate certificates for elk server (Error Code: $ERROR)." fi echo "[*] Signing certificate of ELK server with our new CA" | tee -a $LOGFILE @@ -101,7 +101,7 @@ if [ ! -f "./certs/elkserver.crt" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not sign elk server certificate with CA (Error Code: $ERROR)." + echoerror "[X] Could not sign elk server certificate with CA (Error Code: $ERROR)." fi echo "[*] Converting ELK server private key to PKCS8 format" | tee -a $LOGFILE @@ -110,7 +110,7 @@ if [ ! -f "./certs/elkserver.key.pem" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not convert ELK server private key to PKCS8 format(Error Code: $ERROR)." + echoerror "[X] Could not convert ELK server private key to PKCS8 format(Error Code: $ERROR)." fi echo "[*] Copying certificates to relevant redir and c2servers folders." | tee -a $LOGFILE @@ -125,7 +125,7 @@ if [ ! -d "./sshkey" ] || [ ! -d "./elkserver/ssh" ] || [ ! -d "./c2servers/ssh" fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create ssh directories (Error Code: $ERROR)." + echoerror "[X] Could not create ssh directories (Error Code: $ERROR)." fi echo "[*] Generating SSH key pair for scponly user" | tee -a $LOGFILE @@ -134,7 +134,7 @@ if [ ! -f "./sshkey/id_rsa" ] || [ ! -f "sshkey/id_rsa.pub" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not generate SSH key pair for scponly user (Error Code: $ERROR)." + echoerror "[X] Could not generate SSH key pair for scponly user (Error Code: $ERROR)." fi echo "[*] Copying sshkeys to relevant folders." | tee -a $LOGFILE @@ -157,7 +157,7 @@ if [ -f "./VERSION" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy VERSION file to subfolders (Error Code: $ERROR)." + echoerror "[X] Could not copy VERSION file to subfolders (Error Code: $ERROR)." fi echo "[*] Creating TGZ packages for easy distribution" | tee -a $LOGFILE @@ -166,21 +166,21 @@ if [ ! -f "./elkserver.tgz" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not TGZ for elkserver directory (Error Code: $ERROR)." + echoerror "[X] Could not TGZ for elkserver directory (Error Code: $ERROR)." fi if [ ! -f "./redirs.tgz" ]; then tar zcvf redirs.tgz redirs/ fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not TGZ for redirs directory (Error Code: $ERROR)." + echoerror "[X] Could not TGZ for redirs directory (Error Code: $ERROR)." fi if [ ! -f "./c2servers.tgz" ]; then tar zcvf c2servers.tgz c2servers/ fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not TGZ for c2servers directory (Error Code: $ERROR)." + echoerror "[X] Could not TGZ for c2servers directory (Error Code: $ERROR)." fi grep -i error $LOGFILE 2>&1 diff --git a/initial-setup.sh b/initial-setup.sh index 1a9f2c71..1fbe6d54 100755 --- a/initial-setup.sh +++ b/initial-setup.sh @@ -13,7 +13,7 @@ echoerror() { printf "`date +'%b %e %R'` $INSTALLER - ${RC} * ERROR ${EC}: $@\n" >> $LOGFILE 2>&1 } - +printf "`date +'%b %e %R'` $INSTALLER - Starting installer\n" > $LOGFILE 2>&1 echo "" echo "" echo "" @@ -26,19 +26,19 @@ echo "" echo "" echo "" echo "This script will generate necessary keys and packages for RedELK deployments" -echo "`date +'%b %e %R'` $INSTALLER - Starting installer" | tee $LOGFILE -printf "`date +'%b %e %R'` $INSTALLER - Starting installer\n" > $LOGFILE 2>&1 +echo "" +echo "" if ! [ $# -eq 1 ] ; then echo "[X] ERROR missing parameter" echo "[X] require 1st parameter: path of openssl config file" - echoerror "Incorrect amount of parameters" + echoerror "[X] Incorrect amount of parameters" exit 1 fi if [ ! -f $1 ];then echo "[X] ERROR Could not find openssl config file. Stopping" - echoerror "Could not find openssl config file" + echoerror "[X] Could not find openssl config file" exit 1 fi >> $LOGFILE 2>&1 @@ -56,7 +56,7 @@ if [ ! -d "./certs" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror " Could not create ./certs directory (Error Code: $ERROR)." + echoerror "[X] Could not create ./certs directory (Error Code: $ERROR)." fi echo "[*] Generating private key for CA" | tee -a $LOGFILE @@ -65,7 +65,7 @@ if [ ! -f "./certs/redelkCA.key" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not generate private key for CA (Error Code: $ERROR)." + echoerror "[X] Could not generate private key for CA (Error Code: $ERROR)." fi echo "[*] Creating Certificate Authority" | tee -a $LOGFILE @@ -74,7 +74,7 @@ if [ ! -f "./certs/redelkCA.crt" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not generate certificate authority (Error Code: $ERROR)." + echoerror "[X] Could not generate certificate authority (Error Code: $ERROR)." fi echo "[*] Generating private key for ELK server" | tee -a $LOGFILE @@ -83,7 +83,7 @@ if [ ! -f "./certs/elkserver.key" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not generate private key for ELK server (Error Code: $ERROR)." + echoerror "[X] Could not generate private key for ELK server (Error Code: $ERROR)." fi echo "[*] Generating certificate for ELK server" | tee -a $LOGFILE @@ -92,7 +92,7 @@ if [ ! -f "./certs/elkserver.csr" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not generate certificates for elk server (Error Code: $ERROR)." + echoerror "[X] Could not generate certificates for elk server (Error Code: $ERROR)." fi echo "[*] Signing certificate of ELK server with our new CA" | tee -a $LOGFILE @@ -101,7 +101,7 @@ if [ ! -f "./certs/elkserver.crt" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not sign elk server certificate with CA (Error Code: $ERROR)." + echoerror "[X] Could not sign elk server certificate with CA (Error Code: $ERROR)." fi echo "[*] Converting ELK server private key to PKCS8 format" | tee -a $LOGFILE @@ -110,7 +110,7 @@ if [ ! -f "./certs/elkserver.key.pem" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not convert ELK server private key to PKCS8 format(Error Code: $ERROR)." + echoerror "[X] Could not convert ELK server private key to PKCS8 format(Error Code: $ERROR)." fi echo "[*] Copying certificates to relevant redir and c2servers folders." | tee -a $LOGFILE @@ -124,7 +124,7 @@ if [ ! -d "./sshkey" ] || [ ! -d "./elkserver/ssh" ] || [ ! -d "./c2servers/ssh" fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not create ssh directories (Error Code: $ERROR)." + echoerror "[X] Could not create ssh directories (Error Code: $ERROR)." fi echo "[*] Generating SSH key pair for scponly user" | tee -a $LOGFILE @@ -133,7 +133,7 @@ if [ ! -f "./sshkey/id_rsa" ] || [ ! -f "sshkey/id_rsa.pub" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not generate SSH key pair for scponly user (Error Code: $ERROR)." + echoerror "[X] Could not generate SSH key pair for scponly user (Error Code: $ERROR)." fi echo "[*] Copying sshkeys to relevant folders." | tee -a $LOGFILE @@ -149,7 +149,7 @@ if [ -f "./VERSION" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not copy VERSION file to subfolders (Error Code: $ERROR)." + echoerror "[X] Could not copy VERSION file to subfolders (Error Code: $ERROR)." fi echo "[*] Creating TGZ packages for easy distribution" | tee -a $LOGFILE @@ -158,21 +158,21 @@ if [ ! -f "./elkserver.tgz" ]; then fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not TGZ for elkserver directory (Error Code: $ERROR)." + echoerror "[X] Could not TGZ for elkserver directory (Error Code: $ERROR)." fi if [ ! -f "./redirs.tgz" ]; then tar zcvf redirs.tgz redirs/ fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not TGZ for redirs directory (Error Code: $ERROR)." + echoerror "[X] Could not TGZ for redirs directory (Error Code: $ERROR)." fi if [ ! -f "./c2servers.tgz" ]; then tar zcvf c2servers.tgz c2servers/ fi >> $LOGFILE 2>&1 ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not TGZ for c2servers directory (Error Code: $ERROR)." + echoerror "[X] Could not TGZ for c2servers directory (Error Code: $ERROR)." fi grep -i error $LOGFILE 2>&1 diff --git a/redirs/install-redir.sh b/redirs/install-redir.sh index b4b5005b..05d7ff1c 100755 --- a/redirs/install-redir.sh +++ b/redirs/install-redir.sh @@ -40,7 +40,7 @@ preinstallcheck() { service filebeat stop ERROR=$? if [ $ERROR -ne 0 ]; then - echoerror "Could not stop filebeat (Error Code: $ERROR)." + echoerror "[X] Could not stop filebeat (Error Code: $ERROR)." fi fi fi