#!/bin/bash

#deze packages zijn nodig
apt install snmpd postfix curl figlet wget gnupg2 -y

echo "--------------------"
echo Set the correct mailer fqdn
hostname -f > /etc/mailname

echo "--------------------"
echo Forward mail to root
echo root: thomas@de-roo.org >> /etc/aliases
/usr/bin/newaliases

echo "--------------------"
echo Add mailto address in crontab
awk '/PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/ { print; print "MAILTO=thomas@de-roo.org"; next }1' /etc/crontab > /tmp/crontab.temp
cat /tmp/crontab.temp > /etc/crontab
rm /tmp/crontab.temp

echo "--------------------"
echo Better logon-message
figlet "$(hostname)">/etc/motd

echo "--------------------"
echo Apt Updates
curl -s https://git.de-roo.org/DEROO/apt-update/raw/branch/main/apt-update.sh -o /usr/local/bin/apt-update.sh
chmod a+x /usr/local/bin/apt-update.sh
echo 0 0 * * * root /usr/local/bin/apt-update.sh >> /etc/crontab

echo "--------------------"
echo SNMP things. N.B.: replace VULHIERDELOCATIEIN later
cat > /etc/snmp/snmpd.conf << 'EOF'
sysLocation  VULHIERDELOCATIEIN
sysContact   Thomas de Roo <thomas@de-roo.org>
rocommunity  cacti
rocommunity  librenms
includeAllDisks 10%

#OS Distribution Detection
extend distro /usr/bin/distro

#Hardware Detection
# (uncomment for x86 platforms)
extend manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor'
extend hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name'
extend serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial'

# (uncomment for ARM platforms)
#extend hardware '/bin/cat /sys/firmware/devicetree/base/model'
#extend serial '/bin/cat /sys/firmware/devicetree/base/serial-number'
EOF

curl -s -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod a+x /usr/bin/distro
echo @reboot root chmod 444 /sys/devices/virtual/dmi/id/product_serial >> /etc/crontab
chmod 444 /sys/devices/virtual/dmi/id/product_serial
systemctl restart snmpd

echo "--------------------"
#echo  Debian Bookworm apt sources
#cat > /etc/apt/sources.list << "EOF"
#deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
#deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
#deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
#deb-src http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
#deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
#deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
EOF
cd $HOME
wget https://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2024.9.1_all.deb
apt install ./deb-multimedia-keyring_2024.9.1_all.deb
cat >> /etc/apt/sources.list.d/multimedia.list << "EOF"
deb [arch=amd64 signed-by=/usr/share/keyrings/deb-multimedia-keyring.pgp] https://www.deb-multimedia.org trixie main non-free
EOF
#curl -s https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/google-chrome-keyring.gpg'
#cat >> /etc/apt/sources.list.d/chrome.list << "EOF"
#deb [arch=amd64 signed-by=/usr/share/keyrings/google-chrome-keyring.gpg] http://dl.google.com/linux/chrome/deb/ stable main
#EOF
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /usr/share/keyrings/packages.microsoft.gpg
cat >> /etc/apt/sources.list.d/microsoft.list << "EOF"
deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/debian/12/prod bookworm main
deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm main
deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] http://packages.microsoft.com/repos/code stable main
EOF



echo "--------------------"
echo Brave browser
apt install curl
curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"|tee /etc/apt/sources.list.d/brave-browser-release.list
apt update
#apt install brave-browser


echo "--------------------"
echo  osquery
mkdir -p /etc/apt/keyrings
curl -fsSLo /usr/share/keyrings/osquery-keyring.gpg https://pkg.osquery.io/deb/pubkey.gpg
cat >> /etc/apt/sources.list.d/osquery.list << "EOF"
deb [trusted=yes signed-by=/usr/share/keyrings/osquery-keyring.gpg] https://pkg.osquery.io/deb deb main
EOF
apt update
apt install -y osquery
cat >> /etc/osquery/osquery.conf << "EOF"
{
    "options": {
        "config_plugin": "filesystem",
        "logger_plugin": "filesystem",
        "utc": "true"
    },

    "schedule": {
        "system_info": {
        "query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
        "interval": 3600
        },
        "high_load_average": {
        "query": "SELECT period, average, '70%' AS 'threshold' FROM load_average WHERE period = '15m' AND average > '0.7';",
        "interval": 900,
        "description": "Report if load charge is over 70 percent."
        },
        "low_free_memory": {
        "query": "SELECT memory_total, memory_free, CAST(memory_free AS real) / memory_total AS memory_free_perc, '10%' AS threshold FROM memory_info WHERE memory_free_perc < 0.1;",
        "interval": 1800,
        "description": "Free RAM is under 10%."
        }
    },

    "packs": {
        "osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf",
        "incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf",
        "it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf",
        "vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf",
        "hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf",
        "ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf"
    }
}
EOF
systemctl enable osqueryd
systemctl start osqueryd

echo "--------------------"
echo Wazuh agent
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
apt update
WAZUH_MANAGER="siem01.de-roo.org" apt install wazuh-agent -y
systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent