154 lines
6.6 KiB
Bash
Executable File
154 lines
6.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
#deze packages zijn nodig
|
|
apt install snmpd postfix curl figlet wget gnupg2 -y
|
|
|
|
echo "--------------------"
|
|
echo Set the correct mailer fqdn
|
|
hostname -f > /etc/mailname
|
|
|
|
echo "--------------------"
|
|
echo Forward mail to root
|
|
echo root: thomas@de-roo.org >> /etc/aliases
|
|
/usr/bin/newaliases
|
|
|
|
echo "--------------------"
|
|
echo Add mailto address in crontab
|
|
awk '/PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/ { print; print "MAILTO=thomas@de-roo.org"; next }1' /etc/crontab > /tmp/crontab.temp
|
|
cat /tmp/crontab.temp > /etc/crontab
|
|
rm /tmp/crontab.temp
|
|
|
|
echo "--------------------"
|
|
echo Better logon-message
|
|
figlet "$(hostname)">/etc/motd
|
|
|
|
echo "--------------------"
|
|
echo Apt Updates
|
|
curl -s https://git.de-roo.org/DEROO/apt-update/raw/branch/main/apt-update.sh -o /usr/local/bin/apt-update.sh
|
|
chmod a+x /usr/local/bin/apt-update.sh
|
|
echo 0 0 * * * root /usr/local/bin/apt-update.sh >> /etc/crontab
|
|
|
|
echo "--------------------"
|
|
echo SNMP things. N.B.: replace VULHIERDELOCATIEIN later
|
|
cat > /etc/snmp/snmpd.conf << 'EOF'
|
|
sysLocation VULHIERDELOCATIEIN
|
|
sysContact Thomas de Roo <thomas@de-roo.org>
|
|
rocommunity cacti
|
|
rocommunity librenms
|
|
includeAllDisks 10%
|
|
|
|
#OS Distribution Detection
|
|
extend distro /usr/bin/distro
|
|
|
|
#Hardware Detection
|
|
# (uncomment for x86 platforms)
|
|
extend manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor'
|
|
extend hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name'
|
|
extend serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial'
|
|
|
|
# (uncomment for ARM platforms)
|
|
#extend hardware '/bin/cat /sys/firmware/devicetree/base/model'
|
|
#extend serial '/bin/cat /sys/firmware/devicetree/base/serial-number'
|
|
EOF
|
|
|
|
curl -s -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
|
|
chmod a+x /usr/bin/distro
|
|
echo @reboot root chmod 444 /sys/devices/virtual/dmi/id/product_serial >> /etc/crontab
|
|
chmod 444 /sys/devices/virtual/dmi/id/product_serial
|
|
systemctl restart snmpd
|
|
|
|
echo "--------------------"
|
|
#echo Debian Bookworm apt sources
|
|
#cat > /etc/apt/sources.list << "EOF"
|
|
#deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
|
|
#deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
|
|
#deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
|
|
#deb-src http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
|
|
#deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
|
|
#deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
|
|
EOF
|
|
cd $HOME
|
|
wget https://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2024.9.1_all.deb
|
|
apt install ./deb-multimedia-keyring_2024.9.1_all.deb
|
|
cat >> /etc/apt/sources.list.d/multimedia.list << "EOF"
|
|
deb [arch=amd64 signed-by=/usr/share/keyrings/deb-multimedia-keyring.pgp] https://www.deb-multimedia.org trixie main non-free
|
|
EOF
|
|
#curl -s https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo sh -c 'gpg --dearmor > /usr/share/keyrings/google-chrome-keyring.gpg'
|
|
#cat >> /etc/apt/sources.list.d/chrome.list << "EOF"
|
|
#deb [arch=amd64 signed-by=/usr/share/keyrings/google-chrome-keyring.gpg] http://dl.google.com/linux/chrome/deb/ stable main
|
|
#EOF
|
|
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /usr/share/keyrings/packages.microsoft.gpg
|
|
cat >> /etc/apt/sources.list.d/microsoft.list << "EOF"
|
|
deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/debian/12/prod bookworm main
|
|
deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm main
|
|
deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] http://packages.microsoft.com/repos/code stable main
|
|
EOF
|
|
|
|
|
|
|
|
echo "--------------------"
|
|
echo Brave browser
|
|
apt install curl
|
|
curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
|
|
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"|tee /etc/apt/sources.list.d/brave-browser-release.list
|
|
apt update
|
|
#apt install brave-browser
|
|
|
|
|
|
echo "--------------------"
|
|
echo osquery
|
|
mkdir -p /etc/apt/keyrings
|
|
curl -fsSLo /usr/share/keyrings/osquery-keyring.gpg https://pkg.osquery.io/deb/pubkey.gpg
|
|
cat >> /etc/apt/sources.list.d/osquery.list << "EOF"
|
|
deb [trusted=yes signed-by=/usr/share/keyrings/osquery-keyring.gpg] https://pkg.osquery.io/deb deb main
|
|
EOF
|
|
apt update
|
|
apt install -y osquery
|
|
cat >> /etc/osquery/osquery.conf << "EOF"
|
|
{
|
|
"options": {
|
|
"config_plugin": "filesystem",
|
|
"logger_plugin": "filesystem",
|
|
"utc": "true"
|
|
},
|
|
|
|
"schedule": {
|
|
"system_info": {
|
|
"query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
|
|
"interval": 3600
|
|
},
|
|
"high_load_average": {
|
|
"query": "SELECT period, average, '70%' AS 'threshold' FROM load_average WHERE period = '15m' AND average > '0.7';",
|
|
"interval": 900,
|
|
"description": "Report if load charge is over 70 percent."
|
|
},
|
|
"low_free_memory": {
|
|
"query": "SELECT memory_total, memory_free, CAST(memory_free AS real) / memory_total AS memory_free_perc, '10%' AS threshold FROM memory_info WHERE memory_free_perc < 0.1;",
|
|
"interval": 1800,
|
|
"description": "Free RAM is under 10%."
|
|
}
|
|
},
|
|
|
|
"packs": {
|
|
"osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf",
|
|
"incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf",
|
|
"it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf",
|
|
"vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf",
|
|
"hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf",
|
|
"ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf"
|
|
}
|
|
}
|
|
EOF
|
|
systemctl enable osqueryd
|
|
systemctl start osqueryd
|
|
|
|
echo "--------------------"
|
|
echo Wazuh agent
|
|
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
|
|
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
|
|
apt update
|
|
WAZUH_MANAGER="siem01.de-roo.org" apt install wazuh-agent -y
|
|
systemctl daemon-reload
|
|
systemctl enable wazuh-agent
|
|
systemctl start wazuh-agent
|