forked from branchnetconsulting/so-ntopng-installer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathold_install_ntopng_on_so
113 lines (96 loc) · 5.28 KB
/
old_install_ntopng_on_so
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/bin/bash
#
# install_ntopng_on_so
# Script to install the latest stable and SO-compatible ntopng on SO 14.04 sensor systems.
# by Kevin Branch ([email protected])
#
# Confirm this script is being run as root
if [ "`whoami`" != "root" ]; then
echo "This installer must be run as root."
exit
fi
# Confirm this is an SO sensor
IFACES=`echo \`grep -v "^#" /etc/nsm/sensortab 2> /dev/null | cut -f1 | sed 's/.*-\([^-]\+\)/\1/g'\` | sed 's/ /,/g'`
if [ "$IFACES" == "" ]; then
echo "This system does not appear to be a Security Onion sensor."
exit
fi
# Confirm the Sensor is running on Ubuntu 14.04
if [[ ! `grep "14\.04" /etc/lsb-release` ]]; then
echo "This installer only works with Security Onion running on Ubuntu 14.04."
exit
fi
# Announce start of installation process
echo -e "\n*\n* Starting install/upgrade of ntopng…\n*\n"
# Download back versions of ntop and pfring debs that are compatible with SO
rm -rf /tmp/_ntop
mkdir /tmp/_ntop
cd /tmp/_ntop
# Install dependencies
sudo apt-get install libzmq3 libnetfilter-queue1 libmnl0 libpgm-5.1-0 \
fonts-dejavu fonts-dejavu-extra libjemalloc1 librrd4 \
redis-server redis-tools ttf-dejavu ttf-dejavu-core ttf-dejavu-extra
# Fetch needed deb packages from ntop repo and confirm all were acquired
echo -e "\n*\n* Downloading SO-compatible back versions of deb packages needed for ntopng installation...\n*\n"
wget https://github.com/branchnetconsulting/so1404-ntopng-installer/blob/master/ntopng_2.2.160504-1216_amd64.deb?raw=true -O ntopng_2.2.160504-1216_amd64.deb
wget https://github.com/branchnetconsulting/so1404-ntopng-installer/blob/master/ntopng-data_2.2.160504_all.deb?raw=true -O ntopng-data_2.2.160504_all.deb
wget https://github.com/branchnetconsulting/so1404-ntopng-installer/blob/master/pfring_6.2.0-549_amd64.deb?raw=true -O pfring_6.2.0-549_amd64.deb
# Manually extract library dependencies from the pfring deb file and put the needed files in place
mkdir scratch
dpkg-deb -x pfring_*deb scratch
if [ "`ls -1 scratch/usr/local/lib/{libanic,libntapi,libntos,libsnf}.so | wc -l`" != "4" ]; then
echo "Failed to extract necessary library files from the ntop pfring package. Aborting..."
exit
fi
cp scratch/usr/local/lib/{libanic,libntapi,libntos,libsnf}.so /usr/local/lib/
ldconfig
# Create a stub pfring package so that apt-get don't keep barking about a missing dependency we've already met.
mkdir -p pfring-stub/DEBIAN
PFVER="6.2.0-549"
echo "Package: pfring" > pfring-stub/DEBIAN/control
echo "Version: $PFVER" >> pfring-stub/DEBIAN/control
echo "Section: user/hidden" >> pfring-stub/DEBIAN/control
echo "Priority: optional" >> pfring-stub/DEBIAN/control
echo "Architecture: amd64" >> pfring-stub/DEBIAN/control
echo "Installed-Size: 0" >> pfring-stub/DEBIAN/control
echo "Maintainer: Kevin Branch <[email protected]>" >> pfring-stub/DEBIAN/control
echo "Description: This is an empty stub package created to satisfy a dependency in the ntopng debs from the ntop repo. These dependencies are actually met by the securityonion-pfring-* and securityonion-ntopng packages." >> pfring-stub/DEBIAN/control
dpkg-deb -b pfring-stub
dpkg -i pfring-stub.deb
# Install/upgrade the ntopng and ntopng-data packages from the ntop repo
dpkg --force-all -i ntopng*.deb
# Generate /etc/ntopng/ntopng.conf if missing (parent dir is created by deb)
echo -e "#\n# Here is a reasonable starting configuration for ntopng. Review the ntopng man page and customize this file to suit your specific needs.\n#" > /etc/ntopng/ntopng.conf.dist
echo '--http-port=0' >> /etc/ntopng/ntopng.conf.dist
echo '--https-port=3000' >> /etc/ntopng/ntopng.conf.dist
echo '--data-dir=/usr/local/ntopng' >> /etc/ntopng/ntopng.conf.dist
echo '--local-networks="192.168.0.0/16,10.0.0.0/8,172.16.0.0/12"' >> /etc/ntopng/ntopng.conf.dist
echo "--interface=$IFACES" >> /etc/ntopng/ntopng.conf.dist
echo '--dns-mode=1' >> /etc/ntopng/ntopng.conf.dist
echo '--community' >> /etc/ntopng/ntopng.conf.dist
echo '--daemon' >> /etc/ntopng/ntopng.conf.dist
echo '-G=/var/tmp/ntopng.pid' >> /etc/ntopng/ntopng.conf.dist
if [ ! -f /etc/ntopng/ntopng.conf ]; then
echo "Generating /etc/ntopng/ntopng.conf for the first time. Consult ntopng man page for customization options. "
echo "The default login credentials for ntopng are: admin/admin"
cp /etc/ntopng/ntopng.conf.dist /etc/ntopng/ntopng.conf
else
echo "Did not overwrite pre-existing /etc/ntopng/ntopng.conf file. Consider consulting /etc/ntopng/ntopng.conf.dist and copying across changes as desired."
fi
# create /etc/ntopng/ntopng.start if missing
if [ ! -f /etc/ntopng/ntopng.start ]; then
touch /etc/ntopng/ntopng.start
fi
# create /usr/local/ntopng dir if missing, plus set ownership
if [ ! -d /usr/local/ntopng ]; then
mkdir /usr/local/ntopng
chown nobody:root /usr/local/ntopng
fi
# Open ntopng port in ufw if needed
if [[ ! `ufw status | grep "3000/tcp"` ]]; then
echo -e "\n*\n* Adding 3000/tcp to ufw open ports.\n* If this is not desired, manually delete the new ufw rules and then create an empty file '/etc/ntopng/no_touch_ufw' to prevent future ntopng installer updates from modifying ufw.\n*\n"
ufw allow 3000/tcp
fi
service ntopng start
MGT_IP=`ifconfig |grep "inet addr" | awk '{print $2}' |cut -d\: -f2 |egrep -v "^(127.0.0.1|169.254)" |head -1`
echo -e "\n*\n* The ntopng should now be running. Surf to https://$MGT_IP:3000 to reach it.\n*\n"