#!/bin/bash


#Set the correct mailer fqdn
echo $(hostname -f) > /etc/mailname

# Forward mail to root
echo root: thomas@de-roo.org >> /etc/aliases
/usr/bin/newaliases

#Add mailto address in crontab
awk '/PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/ { print; print "MAILTO=thomas@de-roo.org"; next }1' /etc/crontab > /tmp/crontab.temp
cat /tmp/crontab.temp > /etc/crontab
rm /tmp/crontab.temp

#Better logon-message
figlet $(hostname)>/etc/motd

#Apt Updates
curl https://git.de-roo.org/DEROO/apt-update/raw/branch/main/apt-update.sh -o /usr/local/bin/apt-update.sh
chmod a+x /usr/local/bin/apt-update.sh
echo 0 0 * * * root /usr/local/bin/apt-update.sh >> /etc/crontab

#SNMP things. N.B.: replace VULHIERDELOCATIEIN later
cat > /etc/snmp/snmpd.conf << 'EOF'
sysLocation  VULHIERDELOCATIEIN
sysContact   Thomas de Roo <thomas@de-roo.org>
rocommunity  cacti
rocommunity  librenms
includeAllDisks 10%

#OS Distribution Detection
extend distro /usr/bin/distro

#Hardware Detection
# (uncomment for x86 platforms)
extend manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor'
extend hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name'
extend serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial'

# (uncomment for ARM platforms)
#extend hardware '/bin/cat /sys/firmware/devicetree/base/model'
#extend serial '/bin/cat /sys/firmware/devicetree/base/serial-number'
EOF

curl -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
chmod a+x /usr/bin/distro
echo @reboot root chmod 444 /sys/devices/virtual/dmi/id/product_serial >> /etc/crontab
chmod 444 /sys/devices/virtual/dmi/id/product_serial
systemctl restart snmpd

# Debian Trixie apt sources
cat > /etc/apt/sources.list << "EOF"
deb http://deb.debian.org/debian trixie main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian trixie main contrib non-free non-free-firmware
deb http://deb.debian.org/debian-security/ trixie-security main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian-security/ trixie-security main contrib non-free non-free-firmware
deb http://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware
EOF
cat >> /etc/apt/sources.list.d/multimedia.list << "EOF"
deb https://www.deb-multimedia.org trixie main non-free
EOF
cat >> /etc/apt/sources.list.d/chrome.list << "EOF"
deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
EOF
cat >> /etc/apt/sources.list.d/microsoft.list << "EOF"
deb [arch=amd64] https://packages.microsoft.com/debian/12/prod bookworm main
deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm main
deb [arch=amd64] http://packages.microsoft.com/repos/code stable main
EOF

apt install gnupg -y
# Chrome
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4EB27DB2A3B88B8B
# Microsoft
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EB3E94ADBE1229CF
# Multimedia
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5C808C2B65558117
ln -s /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/
# osquery
mkdir -p /etc/apt/keyrings
curl -L https://pkg.osquery.io/deb/pubkey.gpg | sudo tee /etc/apt/keyrings/osquery.asc
cat >> /etc/apt/sources.list.d/osquery.list << "EOF"
deb [arch=amd64 signed-by=/etc/apt/keyrings/osquery.asc] https://pkg.osquery.io/deb deb main
EOF
apt update
apt install -y osquery
cat >> /etc/osquery/osquery.conf << "EOF"
{
    "options": {
        "config_plugin": "filesystem",
        "logger_plugin": "filesystem",
        "utc": "true"
    },

    "schedule": {
        "system_info": {
        "query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
        "interval": 3600
        },
        "high_load_average": {
        "query": "SELECT period, average, '70%' AS 'threshold' FROM load_average WHERE period = '15m' AND average > '0.7';",
        "interval": 900,
        "description": "Report if load charge is over 70 percent."
        },
        "low_free_memory": {
        "query": "SELECT memory_total, memory_free, CAST(memory_free AS real) / memory_total AS memory_free_perc, '10%' AS threshold FROM memory_info WHERE memory_free_perc < 0.1;",
        "interval": 1800,
        "description": "Free RAM is under 10%."
        }
    },

    "packs": {
        "osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf",
        "incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf",
        "it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf",
        "vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf",
        "hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf",
        "ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf"
    }
}
EOF
systemctl enable osqueryd
systemctl start osqueryd

# Wazuh agent
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
apt update
WAZUH_MANAGER="siem01.de-roo.org" apt install wazuh-agent -y
systemctl daemon-reload
systemctl enable wazuh-agent
systemctl start wazuh-agent