158 lines
6.2 KiB
Bash
Executable File
158 lines
6.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
#deze packages zijn nodig
|
|
apt install snmpd postfix curl figlet wget -y
|
|
|
|
echo "--------------------"
|
|
echo Set the correct mailer fqdn
|
|
hostname -f > /etc/mailname
|
|
|
|
echo "--------------------"
|
|
echo Forward mail to root
|
|
echo root: thomas@de-roo.org >> /etc/aliases
|
|
/usr/bin/newaliases
|
|
|
|
echo "--------------------"
|
|
echo Add mailto address in crontab
|
|
awk '/PATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/ { print; print "MAILTO=thomas@de-roo.org"; next }1' /etc/crontab > /tmp/crontab.temp
|
|
cat /tmp/crontab.temp > /etc/crontab
|
|
rm /tmp/crontab.temp
|
|
|
|
echo "--------------------"
|
|
echo Better logon-message
|
|
figlet "$(hostname)">/etc/motd
|
|
|
|
echo "--------------------"
|
|
echo Apt Updates
|
|
curl -s https://git.de-roo.org/DEROO/apt-update/raw/branch/main/apt-update.sh -o /usr/local/bin/apt-update.sh
|
|
chmod a+x /usr/local/bin/apt-update.sh
|
|
echo 0 0 * * * root /usr/local/bin/apt-update.sh >> /etc/crontab
|
|
|
|
echo "--------------------"
|
|
echo SNMP things. N.B.: replace VULHIERDELOCATIEIN later
|
|
cat > /etc/snmp/snmpd.conf << 'EOF'
|
|
sysLocation VULHIERDELOCATIEIN
|
|
sysContact Thomas de Roo <thomas@de-roo.org>
|
|
rocommunity cacti
|
|
rocommunity librenms
|
|
includeAllDisks 10%
|
|
|
|
#OS Distribution Detection
|
|
extend distro /usr/bin/distro
|
|
|
|
#Hardware Detection
|
|
# (uncomment for x86 platforms)
|
|
extend manufacturer '/bin/cat /sys/devices/virtual/dmi/id/sys_vendor'
|
|
extend hardware '/bin/cat /sys/devices/virtual/dmi/id/product_name'
|
|
extend serial '/bin/cat /sys/devices/virtual/dmi/id/product_serial'
|
|
|
|
# (uncomment for ARM platforms)
|
|
#extend hardware '/bin/cat /sys/firmware/devicetree/base/model'
|
|
#extend serial '/bin/cat /sys/firmware/devicetree/base/serial-number'
|
|
EOF
|
|
|
|
curl -s -o /usr/bin/distro https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/distro
|
|
chmod a+x /usr/bin/distro
|
|
echo @reboot root chmod 444 /sys/devices/virtual/dmi/id/product_serial >> /etc/crontab
|
|
chmod 444 /sys/devices/virtual/dmi/id/product_serial
|
|
systemctl restart snmpd
|
|
|
|
echo "--------------------"
|
|
echo Debian Bookworm apt sources
|
|
cat > /etc/apt/sources.list << "EOF"
|
|
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
|
|
deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
|
|
deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
|
|
deb-src http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
|
|
deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
|
|
deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
|
|
EOF
|
|
cat >> /etc/apt/sources.list.d/multimedia.list << "EOF"
|
|
deb https://www.deb-multimedia.org bookworm main non-free
|
|
EOF
|
|
cat >> /etc/apt/sources.list.d/chrome.list << "EOF"
|
|
deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
|
|
EOF
|
|
cat >> /etc/apt/sources.list.d/microsoft.list << "EOF"
|
|
deb [arch=amd64] https://packages.microsoft.com/debian/12/prod bookworm main
|
|
deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-debian-bookworm-prod bookworm main
|
|
deb [arch=amd64] http://packages.microsoft.com/repos/code stable main
|
|
EOF
|
|
|
|
apt install gnupg -y
|
|
echo Chrome
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4EB27DB2A3B88B8B
|
|
echo Microsoft
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EB3E94ADBE1229CF
|
|
echo Multimedia
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5C808C2B65558117
|
|
echo osquery
|
|
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 97A80C63C9D8B80B
|
|
ln -s /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/
|
|
|
|
echo "--------------------"
|
|
echo Brave browser
|
|
apt install curl
|
|
curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
|
|
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"|tee /etc/apt/sources.list.d/brave-browser-release.list
|
|
apt update
|
|
apt install brave-browser
|
|
|
|
|
|
echo "--------------------"
|
|
echo osquery
|
|
mkdir -p /etc/apt/keyrings
|
|
curl -s -L https://pkg.osquery.io/deb/pubkey.gpg | sudo tee /etc/apt/keyrings/osquery.asc
|
|
cat >> /etc/apt/sources.list.d/osquery.list << "EOF"
|
|
deb [trusted=yes] https://pkg.osquery.io/deb deb main
|
|
EOF
|
|
apt update
|
|
apt install -y osquery
|
|
cat >> /etc/osquery/osquery.conf << "EOF"
|
|
{
|
|
"options": {
|
|
"config_plugin": "filesystem",
|
|
"logger_plugin": "filesystem",
|
|
"utc": "true"
|
|
},
|
|
|
|
"schedule": {
|
|
"system_info": {
|
|
"query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
|
|
"interval": 3600
|
|
},
|
|
"high_load_average": {
|
|
"query": "SELECT period, average, '70%' AS 'threshold' FROM load_average WHERE period = '15m' AND average > '0.7';",
|
|
"interval": 900,
|
|
"description": "Report if load charge is over 70 percent."
|
|
},
|
|
"low_free_memory": {
|
|
"query": "SELECT memory_total, memory_free, CAST(memory_free AS real) / memory_total AS memory_free_perc, '10%' AS threshold FROM memory_info WHERE memory_free_perc < 0.1;",
|
|
"interval": 1800,
|
|
"description": "Free RAM is under 10%."
|
|
}
|
|
},
|
|
|
|
"packs": {
|
|
"osquery-monitoring": "/opt/osquery/share/osquery/packs/osquery-monitoring.conf",
|
|
"incident-response": "/opt/osquery/share/osquery/packs/incident-response.conf",
|
|
"it-compliance": "/opt/osquery/share/osquery/packs/it-compliance.conf",
|
|
"vuln-management": "/opt/osquery/share/osquery/packs/vuln-management.conf",
|
|
"hardware-monitoring": "/opt/osquery/share/osquery/packs/hardware-monitoring.conf",
|
|
"ossec-rootkit": "/opt/osquery/share/osquery/packs/ossec-rootkit.conf"
|
|
}
|
|
}
|
|
EOF
|
|
systemctl enable osqueryd
|
|
systemctl start osqueryd
|
|
|
|
echo "--------------------"
|
|
echo Wazuh agent
|
|
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
|
|
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
|
|
apt update
|
|
WAZUH_MANAGER="siem01.de-roo.org" apt install wazuh-agent -y
|
|
systemctl daemon-reload
|
|
systemctl enable wazuh-agent
|
|
systemctl start wazuh-agent
|