diff --git a/archive.sh b/archive.sh index e2ba41b..2571ff8 100644 --- a/archive.sh +++ b/archive.sh @@ -15,3 +15,4 @@ for VERSION in `echo ${VERSIONS}`; do fi find . -maxdepth 1 -type d -name MISP_v${VERSION}\* -exec rm -rv {} \; done + diff --git a/conffiles/issue b/conffiles/issue index c8a69ec..5db67ad 100644 --- a/conffiles/issue +++ b/conffiles/issue @@ -1,4 +1,4 @@ -Ubuntu 18.04.1 LTS \n \l +Ubuntu 20.04.1 LTS \n \l Welcome to the MISP Threat Sharing VM. --- diff --git a/config.sh b/config.sh index 7512f56..e4d77ca 100644 --- a/config.sh +++ b/config.sh @@ -22,7 +22,7 @@ REL_SERVER="cpab" GPG_ENABLED=1 GPG_KEY="0x34F20B13" -# Enable debug for packer, omit -debug to disable +# Enable debugging for packing, omit -debug to disable it ##PACKER_DEBUG="-debug" # Enable logging and debug for packer @@ -39,6 +39,8 @@ PATH_TO_INSTALLER="scripts/${NAME_OF_INSTALLER}" URL_TO_INSTALLER="https://raw.githubusercontent.com/${REPO}/${BRANCH}/INSTALL/${NAME_OF_INSTALLER}" URL_TO_LICENSE="https://raw.githubusercontent.com/${REPO}/${BRANCH}/LICENSE" +UBUNTU_VERSION="20.04" # Upgrade to Ubuntu 20.04. + if [[ ! -z $DEBUG ]]; then echo "Debug mode enabled." echo "-------------------" @@ -49,4 +51,3 @@ if [[ ! -z $DEBUG ]]; then [[ ! -z $PACKER_LOG ]] && echo "Packer Log enabled." [[ ! -z $REMOTE ]] && echo "Remote deploy enabled with connection string: $REL_USER@$REL_SERVER" fi - diff --git a/deploy.sh b/deploy.sh index d62e9f4..ca60215 100755 --- a/deploy.sh +++ b/deploy.sh @@ -62,224 +62,5 @@ signify () # # iQIcBAEBCAAGBQJcw139AAoJEO88ER/Pxlm557kP/2KCssWq9WF75XGSXuoALdpC # ptEoUNgHBwlv00YtUwRyyuPQ/VGE6Jst9dEN7m4CUJGDgeSm2X8hPkvGcJ+Ns3+C - # 9LJurJ603fetvDFm80mqIxY3yfGSpL6Oqh3ppXVo/UC62No9a3sfg1/Fhu0G6Uk0 - # bgvRxTgjXFTS7pA5KEqB8d07jxJJF5Z6Xjkz/mHp5zoRLaBE7z2v0uYTXARf91x4 - # shSFSjUapYL2DYpJCWY8u7ROchU9sqiZmZrzZ0OHNZ3TZhvs8LIySecBY5NZO9xt - # 5Y9WYvB1Ivw875I+DSARshJB+hLW6VIAwIZ+UMcdrv7xgS+lMkgG77H37yS/pZ+8 - # bL+pZb6uFo8OzdFmPWVodw4P/3jA/NxiZJFF81/K/pLFg/TVP8i/vfWzWS50Bx9p - # yzm3hGUliFocAhDcAipE0rPFko4Gm+TmwMzgE8hGDgFblmEfdlOcLH6zH36YXzQp - # ATCeavjClaJU8292/64+YWROHVRaNXcLpYIW9pD8a0XRz/prGFdzNdDF52QC/CE2 - # gmaFfo6ggn208ciXLQKvYlaKEZa6m3nmLi6neHBiOla05jL94UXdcpYjI9kuIGxj - # 60AQaPhVKzAE4Yjh7Zxf5RKxMCHMjw8oT730GXD2TRwnv0Dmx8Ioc6IYoLMF57t3 - # zpjK0m3T8vNuHKr5deMp - # =8sTO - # -----END PGP SIGNATURE----- - ## Source: https://getfedora.org/en/static/checksums/Fedora-Server-30-1.2-x86_64-CHECKSUM + # 9LJurJ603fet. -if [[ -z ${1} ]]; then - echo "This function needs an argument" - exit 1 -fi - -} - -convertSecs() { - ((h=${1}/3600)) - ((m=(${1}%3600)/60)) - ((s=${1}%60)) - printf "%02d:%02d:%02d\n" ${h} ${m} ${s} -} - -# Check if ponysay is installed. (https://github.com/erkin/ponysay) -say () { - echo ${1} > /tmp/lastBuild.time - if [[ $(command -v ponysay) ]]; then - printf "\n\n\n\n\n" - ponysay -c ${1} - else - echo ${1} - fi -} - -think () { - if [[ $(command -v ponythink) ]]; then - printf "\n\n\n\n\n" - ponythink -c ${1} - else - echo ${1} - fi -} - -checkInstaller () { - /usr/bin/wget --no-cache -q -O ${PATH_TO_INSTALLER}.sfv ${URL_TO_INSTALLER}.sfv - rhash_chk=$(cd scripts ; ${RHASH_RUN} -c ${NAME_OF_INSTALLER}.sfv > /dev/null 2>&1; echo $?) - for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do - /usr/bin/wget --no-cache -q -O ${PATH_TO_INSTALLER}.sha${sum} ${URL_TO_INSTALLER}.sha${sum} - INSTsum=$(shasum -a ${sum} ${PATH_TO_INSTALLER} | cut -f1 -d\ ) - chsum=$(cat ${PATH_TO_INSTALLER}.sha${sum} | cut -f1 -d\ ) - - if [[ ${chsum} == ${INSTsum} ]] && [[ ${rhash_chk} == 0 ]]; then - echo "sha${sum} matches" - else - echo "Either: sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" - echo "Or: rhash failed on non Zero: ${rhash_chk}" - echo "Deleting installer, please run again." - rm ${PATH_TO_INSTALLER} - exit 1 - fi - done -} - -removeAll () { - # Remove files for next run - [[ -d "output-virtualbox-iso" ]] && rm -r output-virtualbox-iso - [[ -d "output-vmware-iso" ]] && rm -r output-vmware-iso - [[ -d "VMware" ]] && rm -r VMware - rm -f *.zip *.zip.asc *.sfv *.sfv.asc *.ova *.ova.asc index.html - rm ${PACKER_NAME}-deploy.json - rm script/INSTALL.sh* - rm /tmp/LICENSE-${PACKER_NAME} - rm /tmp/${PACKER_NAME}-vbox.done /tmp/${PACKER_NAME}-vmware.done -} - -# TODO: Make it more graceful if files do not exist -removeAll 2> /dev/null - -# Fetching latest MISP LICENSE -NET_WGET=$(/usr/bin/wget -q -O /tmp/LICENSE-${PACKER_NAME} ${URL_TO_LICENSE}; echo $?) - -if [[ "$NET_WGET" != "0" ]]; then - echo "wget failed with error code: ${NET_WGET} - please fix." - exit $NET_WGET -fi - -# Make sure the installer we run is the one that is currently on GitHub -if [[ -e ${PATH_TO_INSTALLER} ]]; then - echo "Checking checksums" - checkInstaller -else - /usr/bin/wget --no-cache -q -O ${PATH_TO_INSTALLER} ${URL_TO_INSTALLER} - checkInstaller -fi - -# Check if latest build is still up to date, if not, roll and deploy new -if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then - echo "Current ${PACKER_VM} version is: ${VER}@${LATEST_COMMIT_SHORT}" - - # Search and replace for vm_name and make sure we can easily identify the generated VMs - cat ${PACKER_NAME}.json| sed "s|\"vm_name\": \"${PACKER_VM}_demo\",|\"vm_name\": \"${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}\",|" > ${PACKER_NAME}-deploy.json - - if [[ -z $DEBUG ]]; then - # Build virtualbox VM set - export PACKER_LOG_PATH="${PWD}/packerlog-vbox.txt" - ($PACKER_RUN build --on-error=cleanup -only=virtualbox-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/${PACKER_NAME}-vbox.done) & - - # Build vmware VM set - export PACKER_LOG_PATH="${PWD}/packerlog-vmware.txt" - ($PACKER_RUN build --on-error=cleanup -only=vmware-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/${PACKER_NAME}-vmware.done) & - - else - echo "Disabling // builds" - # Build virtualbox VM set - export PACKER_LOG_PATH="${PWD}/packerlog-vbox.txt" - ($PACKER_RUN build --on-error=cleanup -only=virtualbox-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/${PACKER_NAME}-vbox.done) - - # Build vmware VM set - export PACKER_LOG_PATH="${PWD}/packerlog-vmware.txt" - ($PACKER_RUN build --on-error=cleanup -only=vmware-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/${PACKER_NAME}-vmware.done) - TIME_END=$(date +%s) - TIME_DELTA=$(expr ${TIME_END} - ${TIME_START}) - TIME=$(convertSecs ${TIME_DELTA}) - echo "So far the generation took ${TIME}" - echo "" - echo "Waiting for return key..." - read - #exit -1 - fi - - # The below waits for the above 2 parallel packer builds to finish - while [[ ! -f /tmp/${PACKER_NAME}-vmware.done ]]; do :; done - while [[ ! -f /tmp/${PACKER_NAME}-vbox.done ]]; do :; done - - # Prevent uploading only half a build - if [[ "$(cat /tmp/${PACKER_NAME}-vbox.done)" == "0" ]] && [[ "$(cat /tmp/${PACKER_NAME}-vmware.done)" == "0" ]]; then - # ZIPup all the vmware stuff - mv output-vmware-iso VMware - cd VMware - # TODO/FIXME: Use ${SHA_SUMS} instead of static --shaFOO - ${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.sfv * - cd ../ - zip -r ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip VMware/* - - mv output-virtualbox-iso/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova . - - # Create a hashfile for the zip - # TODO/FIXME: Use ${SHA_SUMS} instead of static --shaFOO - ${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv *.zip *.ova - - # Current file list of everything to gpg sign and transfer - FILE_LIST="${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip \ - ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova \ - ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv" - - # Create the latest MISP export directory - if [[ "${REMOTE}" == "1" ]]; then - ssh ${REL_USER}@${REL_SERVER} "mkdir -p export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT} ; mkdir -p export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums" - scp verify.txt ${REL_USER}@${REL_SERVER}:export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/ - fi - - # Sign and transfer files - for FILE in ${FILE_LIST}; do - if [[ "$GPG_ENABLED" == "1" ]]; then - if [[ "$GPG_KEY" == "0x" ]] || [[ -z "$GPG_KEY" ]]; then - gpg --armor --output ${FILE}.asc --detach-sig ${FILE} - else - gpg --armor -u ${GPG_KEY} --output ${FILE}.asc --detach-sig ${FILE} - fi - [[ "${REMOTE}" == "1" ]] && rsync -azvq --progress ${FILE}.asc ${REL_USER}@${REL_SERVER}:export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT} - fi - - if [[ "${REMOTE}" == "1" ]]; then - rsync -azvq --progress ${FILE} ${REL_USER}@${REL_SERVER}:export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT} - ssh ${REL_USER}@${REL_SERVER} "rm export/latest ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT} export/latest ;\ - rm export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv.asc ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv.asc export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv.asc" - fi - done - - if [[ "${REMOTE}" == "1" ]]; then - ssh ${REL_USER}@${REL_SERVER} "chmod -R +r export ;\ - mv export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums ;\ - mv export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv.asc export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums ;\ - rm export/${PACKER_VM}_${VER}@latest.ova ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova export/${PACKER_VM}_${VER}@latest.ova ;\ - rm export/${PACKER_VM}_${VER}@latest.ova.asc ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova.asc export/${PACKER_VM}_${VER}@latest.ova.asc ;\ - rm export/${PACKER_VM}_${VER}@latest-VMware.zip ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip export/${PACKER_VM}_${VER}@latest-VMware.zip ;\ - rm export/${PACKER_VM}_${VER}@latest-VMware.zip.asc ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip.asc export/${PACKER_VM}_${VER}@latest-VMware.zip.asc ;\ - rm export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv ;\ - rm export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv.asc ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv.asc export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv.asc" - fi - - else - echo "The packer exit code of VMware was: ${VMWARE_BUILD}" - echo "The packer exit code of VBox was: ${VIRTUALBOX_BUILD}" - echo "--------------------------------------------------------------------------------" - echo "#fail" > /tmp/${PACKER_NAME}-latest.sha - removeAll 2> /dev/null - TIME_END=$(date +%s) - TIME_DELTA=$(expr ${TIME_END} - ${TIME_START}) - TIME=$(convertSecs ${TIME_DELTA}) - echo "The last generation took ${TIME}" |tee /tmp/${PACKER_NAME}-lastBuild.time - exit 1 - fi - - # Remove files for next run - removeAll 2> /dev/null - echo ${LATEST_COMMIT} > /tmp/${PACKER_NAME}-latest.sha - TIME_END=$(date +%s) - TIME_DELTA=$(expr ${TIME_END} - ${TIME_START}) - TIME=$(convertSecs ${TIME_DELTA}) - - say "The last generation took ${TIME}" -else - clear - think "Current ${PACKER_VM} version ${VER}@${LATEST_COMMIT_SHORT} is up to date." -fi diff --git a/misp.json b/misp.json index 2c7b039..7c940b6 100644 --- a/misp.json +++ b/misp.json @@ -23,10 +23,14 @@ "disk_size": "{{user `disk_size`}}", "export_opts": [ "--manifest", - "--vsys", "0", - "--eulafile", "/tmp/LICENSE-misp", - "--description", "{{user `vm_description`}}", - "--version", "{{user `vm_version`}}" + "--vsys", + "0", + "--eulafile", + "/tmp/LICENSE-misp", + "--description", + "{{user `vm_description`}}", + "--version", + "{{user `vm_version`}}" ], "format": "ova", "guest_additions_path": "VBoxGuestAdditions_{{.Version}}.iso", @@ -36,8 +40,7 @@ "http_directory": "preseeds", "http_port_max": 9011, "http_port_min": 9001, - "iso_checksum": "{{ user `iso_checksum` }}", - "iso_checksum_type": "{{ user `iso_checksum_type` }}", + "iso_checksum": "{{ user `iso_checksum_type` }}:{{ user `iso_checksum` }}", "iso_urls": [ "{{ user `iso_path` }}/{{ user `iso_name` }}", "{{ user `iso_url` }}" @@ -49,20 +52,90 @@ "ssh_username": "{{user `ssh_name`}}", "type": "virtualbox-iso", "vboxmanage": [ - [ "modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "ssh,tcp,,2222,0.0.0.0,22" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "http,tcp,,8080,,80" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "https,tcp,,8443,,443" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "dashboard,tcp,,8001,0.0.0.0,8001" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "viper,tcp,,8888,0.0.0.0,8888" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "jupyter-notebook,tcp,,8889,0.0.0.0,8889" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "misp-modules,tcp,,1666,0.0.0.0,6666" ], - [ "modifyvm", "{{.Name}}", "--audio", "none" ], - [ "modifyvm", "{{.Name}}", "--graphicscontroller", "vmsvga" ], - [ "modifyvm", "{{.Name}}", "--usb", "off" ], - [ "modifyvm", "{{.Name}}", "--vrde", "off" ], - [ "modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}" ], - [ "modifyvm", "{{.Name}}", "--vram", "32" ] + [ + "modifyvm", + "{{.Name}}", + "--memory", + "{{user `memory`}}" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "ssh,tcp,,2222,0.0.0.0,22" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "http,tcp,,8080,,80" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "https,tcp,,8443,,443" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "dashboard,tcp,,8001,0.0.0.0,8001" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "viper,tcp,,8888,0.0.0.0,8888" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "jupyter-notebook,tcp,,8889,0.0.0.0,8889" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "misp-modules,tcp,,1666,0.0.0.0,6666" + ], + [ + "modifyvm", + "{{.Name}}", + "--audio", + "none" + ], + [ + "modifyvm", + "{{.Name}}", + "--graphicscontroller", + "vmsvga" + ], + [ + "modifyvm", + "{{.Name}}", + "--usb", + "off" + ], + [ + "modifyvm", + "{{.Name}}", + "--vrde", + "off" + ], + [ + "modifyvm", + "{{.Name}}", + "--cpus", + "{{user `cpus`}}" + ], + [ + "modifyvm", + "{{.Name}}", + "--vram", + "32" + ] ], "vm_name": "{{user `vm_name`}}" }, @@ -84,8 +157,7 @@ "http_directory": "preseeds", "http_port_max": 9011, "http_port_min": 9001, - "iso_checksum": "{{ user `iso_checksum` }}", - "iso_checksum_type": "{{ user `iso_checksum_type` }}", + "iso_checksum": "{{ user `iso_checksum_type` }}:{{ user `iso_checksum` }}", "iso_urls": [ "{{ user `iso_path` }}/{{ user `iso_name` }}", "{{ user `iso_url` }}" @@ -174,9 +246,9 @@ "https_proxy": "{{env `https_proxy`}}", "iso_checksum": "7514fceffc9ddc636f97c69e330976ffc88652842e700ba20f9a41b4ede34f56990777da883b845f769d22c444660c7982bc08be8007a68251e7013d97c16185", "iso_checksum_type": "sha512", - "iso_name": "ubuntu-18.04.6-server-amd64.iso", + "iso_name": "ubuntu-20.04.6-server-amd64.iso", "iso_path": "iso", - "iso_url": "http://cdimage.ubuntu.com/ubuntu/releases/bionic/release/ubuntu-18.04.6-server-amd64.iso", + "iso_url": "https://releases.ubuntu.com/20.04.6/ubuntu-20.04.6-desktop-amd64.iso", "memory": "3072", "no_proxy": "{{env `no_proxy`}}", "ovftool_path": "ovftool", @@ -186,7 +258,7 @@ "ssh_pass": "Password1234", "update": "true", "vm_description": "MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.", - "vm_name": "MISP_demo", + "vm_name": "rawane", "vm_version": "2.4" } } diff --git a/preseeds/preseed.cfg b/preseeds/preseed.cfg index 047c32c..a035324 100644 --- a/preseeds/preseed.cfg +++ b/preseeds/preseed.cfg @@ -70,3 +70,4 @@ d-i pkgsel/upgrade select safe-upgrade d-i grub-installer/only_debian boolean true d-i finish-install/reboot_in_progress note + diff --git a/scripts/clean.sh b/scripts/clean.sh index c381107..a569a76 100644 --- a/scripts/clean.sh +++ b/scripts/clean.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash + + mv /tmp/issue /etc/issue mv /tmp/crontab /etc/cron.d/misp @@ -32,3 +34,5 @@ rm /etc/apt/apt.conf.d/99progressbar # End Cleaning echo "VM cleaned and rebooting for automagic reas0ns." reboot + + diff --git a/scripts/interfaces.sh b/scripts/interfaces.sh index dc3a723..a670297 100644 --- a/scripts/interfaces.sh +++ b/scripts/interfaces.sh @@ -6,9 +6,8 @@ ## As a quick reference, you cat generate with xsnippet: # $ xsnippet /tmp/ $PATH_TO_MISP/docs/generic/ethX.md # $ cp /tmp/interfaces.sh . - echo "--- Using old style name (ethX) for interfaces" -sed -r 's/^(GRUB_CMDLINE_LINUX=).*/\1\"net\.ifnames=0\ biosdevname=0\"/' /etc/default/grub | sudo tee /etc/default/grub > /dev/null +sed -i 's/^\(GRUB_CMDLINE_LINUX=\).*/\1"net.ifnames=0 biosdevname=0"/' /etc/default/grub # install ifupdown since ubuntu 18.04 sudo apt update diff --git a/scripts/users.sh b/scripts/users.sh index 5aa3d29..94fe833 100644 --- a/scripts/users.sh +++ b/scripts/users.sh @@ -1,15 +1,26 @@ #! /usr/bin/env bash -##echo "--- Creating thehive user" -##useradd -U -G sudo -m -s /bin/bash thehive -##echo -e "thehive1234\nthehive1234" | passwd thehive - -echo "--- Configuring sudo " -##echo %thehive ALL=NOPASSWD:ALL > /etc/sudoers.d/thehive -echo "%misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp -##chmod 0440 /etc/sudoers.d/thehive + +echo "--- Creating thehive user" +useradd -U -G sudo -m -s /bin/bash thehive +echo -e "thehive1234\nthehive1234" | chpasswd + +echo "--- Configuring sudo" +echo "thehive ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/thehive +echo "misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp +chmod 0440 /etc/sudoers.d/thehive chmod 0440 /etc/sudoers.d/misp -# Disable fancy progressbar -echo 'Dpkg::Progress-Fancy "0";' > /etc/apt/apt.conf.d/99progressbar -echo 'Dpkg::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar +echo 'APT::ProgressBar::Fancy "0";' > /etc/apt/apt.conf.d/99progressbar +echo 'APT::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar + +#préambule on dirait +sudo apt update +sudo apt upgrade -y + + + +# Upgrade to Ubuntu 20.04 +echo "--- Upgrading to Ubuntu 20.04" +do-release-upgrade -f DistUpgradeViewNonInteractive + diff --git a/upload.sh b/upload.sh index b381ecf..9a35f7d 100755 --- a/upload.sh +++ b/upload.sh @@ -20,6 +20,9 @@ # # Check dependencies. + +upload-github-release-asset.sh github_api_token=TOKEN owner=stefanbuck repo=playground tag=v0.1.0 filename=./build.zip + set -e xargs=$(which gxargs || which xargs) @@ -29,36 +32,40 @@ xargs=$(which gxargs || which xargs) CONFIG=$@ for line in $CONFIG; do - eval "$line" - done + eval "$line" +done + +# Define variables. +GH_API="https://api.github.com" +GH_REPO="$GH_API/repos/$owner/$repo" +GH_TAGS="$GH_REPO/releases/tags/$tag" +AUTH="Authorization: token $github_api_token" +WGET_ARGS="--content-disposition --auth-no-challenge --no-cookie" +CURL_ARGS="-LJO#" + +if [[ "$tag" == 'LATEST' ]]; then + GH_TAGS="$GH_REPO/releases/latest" +fi - # Define variables. - GH_API="https://api.github.com" - GH_REPO="$GH_API/repos/$owner/$repo" - GH_TAGS="$GH_REPO/releases/tags/$tag" - AUTH="Authorization: token $github_api_token" - WGET_ARGS="--content-disposition --auth-no-challenge --no-cookie" - CURL_ARGS="-LJO#" +# Validate token. +curl -o /dev/null -sH "$AUTH" $GH_REPO || { echo "Error: Invalid repo, token, or network issue!"; exit 1; } - if [[ "$tag" == 'LATEST' ]]; then - GH_TAGS="$GH_REPO/releases/latest" - fi +# Read asset tags. +response=$(curl -sH "$AUTH" $GH_TAGS) - # Validate token. - curl -o /dev/null -sH "$AUTH" $GH_REPO || { echo "Error: Invalid repo, token or network issue!"; exit 1; } +# Get ID of the asset based on the given filename. +eval $(echo "$response" | grep -m 1 "id.:" | grep -w id | tr : = | tr -cd '[[:alnum:]]=') +[ "$id" ] || { echo "Error: Failed to get release id for tag: $tag"; echo "$response" | awk 'length($0)<100' >&2; exit 1; } - # Read asset tags. - response=$(curl -sH "$AUTH" $GH_TAGS) +# Upload asset +echo "Uploading asset... $filename" >&2 - # Get ID of the asset based on given filename. - eval $(echo "$response" | grep -m 1 "id.:" | grep -w id | tr : = | tr -cd '[[:alnum:]]=') - [ "$id" ] || { echo "Error: Failed to get release id for tag: $tag"; echo "$response" | awk 'length($0)<100' >&2; exit 1; } +# Construct URL +GH_ASSET="https://uploads.github.com/repos/$owner/$repo/releases/$id/assets?name=$(basename $filename)" - # Upload asset - echo "Uploading asset... $localAssetPath" >&2 +# Install required packages +apt-get update +apt-get install -y curl - # Construct url - GH_ASSET="https://uploads.github.com/repos/$owner/$repo/releases/$id/assets?name=$(basename $filename)" +curl "$GITHUB_OAUTH_BASIC" --data-binary @"$filename" -H "Authorization: token $github_api_token" -H "Content-Type: application/octet-stream" $GH_ASSET - curl "$GITHUB_OAUTH_BASIC" --data-binary @"$filename" -H "Authorization: token $github_api_token" -H "Content-Type: application/octet-stream" $GH_ASSET -