From eab676b665d46da4f049fde2abb276717fd95773 Mon Sep 17 00:00:00 2001 From: Rawane Boubrima Date: Wed, 17 May 2023 15:10:16 +0200 Subject: [PATCH 1/9] first commit --- misp.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/misp.json b/misp.json index 2c7b039..900cc7a 100644 --- a/misp.json +++ b/misp.json @@ -174,9 +174,9 @@ "https_proxy": "{{env `https_proxy`}}", "iso_checksum": "7514fceffc9ddc636f97c69e330976ffc88652842e700ba20f9a41b4ede34f56990777da883b845f769d22c444660c7982bc08be8007a68251e7013d97c16185", "iso_checksum_type": "sha512", - "iso_name": "ubuntu-18.04.6-server-amd64.iso", + "iso_name": "ubuntu-20.04.6-server-amd64.iso", "iso_path": "iso", - "iso_url": "http://cdimage.ubuntu.com/ubuntu/releases/bionic/release/ubuntu-18.04.6-server-amd64.iso", + "iso_url": "http://cdimage.ubuntu.com/ubuntu/releases/bionic/release/ubuntu-20.04.6-server-amd64.iso", "memory": "3072", "no_proxy": "{{env `no_proxy`}}", "ovftool_path": "ovftool", @@ -186,7 +186,7 @@ "ssh_pass": "Password1234", "update": "true", "vm_description": "MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.", - "vm_name": "MISP_demo", + "vm_name": "MISP_demo_rawane", "vm_version": "2.4" } } From 9cd6b230c2acd3b92d3ffe95b415d80523fddc04 Mon Sep 17 00:00:00 2001 From: Rawane Boubrima Date: Mon, 22 May 2023 08:45:53 +0200 Subject: [PATCH 2/9] changement --- conffiles/issue | 2 +- misp.json | 116 +++++++++++++++++++++++++++++++++++++++--------- 2 files changed, 95 insertions(+), 23 deletions(-) diff --git a/conffiles/issue b/conffiles/issue index c8a69ec..5db67ad 100644 --- a/conffiles/issue +++ b/conffiles/issue @@ -1,4 +1,4 @@ -Ubuntu 18.04.1 LTS \n \l +Ubuntu 20.04.1 LTS \n \l Welcome to the MISP Threat Sharing VM. --- diff --git a/misp.json b/misp.json index 900cc7a..4ebfaf2 100644 --- a/misp.json +++ b/misp.json @@ -23,10 +23,14 @@ "disk_size": "{{user `disk_size`}}", "export_opts": [ "--manifest", - "--vsys", "0", - "--eulafile", "/tmp/LICENSE-misp", - "--description", "{{user `vm_description`}}", - "--version", "{{user `vm_version`}}" + "--vsys", + "0", + "--eulafile", + "/tmp/LICENSE-misp", + "--description", + "{{user `vm_description`}}", + "--version", + "{{user `vm_version`}}" ], "format": "ova", "guest_additions_path": "VBoxGuestAdditions_{{.Version}}.iso", @@ -36,8 +40,7 @@ "http_directory": "preseeds", "http_port_max": 9011, "http_port_min": 9001, - "iso_checksum": "{{ user `iso_checksum` }}", - "iso_checksum_type": "{{ user `iso_checksum_type` }}", + "iso_checksum": "{{ user `iso_checksum_type` }}:{{ user `iso_checksum` }}", "iso_urls": [ "{{ user `iso_path` }}/{{ user `iso_name` }}", "{{ user `iso_url` }}" @@ -49,20 +52,90 @@ "ssh_username": "{{user `ssh_name`}}", "type": "virtualbox-iso", "vboxmanage": [ - [ "modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "ssh,tcp,,2222,0.0.0.0,22" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "http,tcp,,8080,,80" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "https,tcp,,8443,,443" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "dashboard,tcp,,8001,0.0.0.0,8001" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "viper,tcp,,8888,0.0.0.0,8888" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "jupyter-notebook,tcp,,8889,0.0.0.0,8889" ], - [ "modifyvm", "{{.Name}}", "--natpf1", "misp-modules,tcp,,1666,0.0.0.0,6666" ], - [ "modifyvm", "{{.Name}}", "--audio", "none" ], - [ "modifyvm", "{{.Name}}", "--graphicscontroller", "vmsvga" ], - [ "modifyvm", "{{.Name}}", "--usb", "off" ], - [ "modifyvm", "{{.Name}}", "--vrde", "off" ], - [ "modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}" ], - [ "modifyvm", "{{.Name}}", "--vram", "32" ] + [ + "modifyvm", + "{{.Name}}", + "--memory", + "{{user `memory`}}" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "ssh,tcp,,2222,0.0.0.0,22" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "http,tcp,,8080,,80" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "https,tcp,,8443,,443" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "dashboard,tcp,,8001,0.0.0.0,8001" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "viper,tcp,,8888,0.0.0.0,8888" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "jupyter-notebook,tcp,,8889,0.0.0.0,8889" + ], + [ + "modifyvm", + "{{.Name}}", + "--natpf1", + "misp-modules,tcp,,1666,0.0.0.0,6666" + ], + [ + "modifyvm", + "{{.Name}}", + "--audio", + "none" + ], + [ + "modifyvm", + "{{.Name}}", + "--graphicscontroller", + "vmsvga" + ], + [ + "modifyvm", + "{{.Name}}", + "--usb", + "off" + ], + [ + "modifyvm", + "{{.Name}}", + "--vrde", + "off" + ], + [ + "modifyvm", + "{{.Name}}", + "--cpus", + "{{user `cpus`}}" + ], + [ + "modifyvm", + "{{.Name}}", + "--vram", + "32" + ] ], "vm_name": "{{user `vm_name`}}" }, @@ -84,8 +157,7 @@ "http_directory": "preseeds", "http_port_max": 9011, "http_port_min": 9001, - "iso_checksum": "{{ user `iso_checksum` }}", - "iso_checksum_type": "{{ user `iso_checksum_type` }}", + "iso_checksum": "{{ user `iso_checksum_type` }}:{{ user `iso_checksum` }}", "iso_urls": [ "{{ user `iso_path` }}/{{ user `iso_name` }}", "{{ user `iso_url` }}" From a9abf4bfd97a8430e485ffff862227e2951613a6 Mon Sep 17 00:00:00 2001 From: Rawane Boubrima Date: Tue, 23 May 2023 10:15:04 +0200 Subject: [PATCH 3/9] Ubuntu changement de version --- misp.json | 2 +- scripts/interfaces.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/misp.json b/misp.json index 4ebfaf2..14cf4fa 100644 --- a/misp.json +++ b/misp.json @@ -258,7 +258,7 @@ "ssh_pass": "Password1234", "update": "true", "vm_description": "MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.", - "vm_name": "MISP_demo_rawane", + "vm_name": "MISP_rawane_demo", "vm_version": "2.4" } } diff --git a/scripts/interfaces.sh b/scripts/interfaces.sh index dc3a723..60e42f6 100644 --- a/scripts/interfaces.sh +++ b/scripts/interfaces.sh @@ -10,7 +10,7 @@ echo "--- Using old style name (ethX) for interfaces" sed -r 's/^(GRUB_CMDLINE_LINUX=).*/\1\"net\.ifnames=0\ biosdevname=0\"/' /etc/default/grub | sudo tee /etc/default/grub > /dev/null -# install ifupdown since ubuntu 18.04 +# install ifupdown since ubuntu 20.04 sudo apt update sudo apt install ifupdown -qqy From 5378398ef5a6909c11bcd3f45231660442a59df6 Mon Sep 17 00:00:00 2001 From: Rawane Boubrima Date: Tue, 23 May 2023 13:36:15 +0200 Subject: [PATCH 4/9] ajout de ldc et modif --- conffiles/issue | 2 +- preseeds/preseed.cfg | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/conffiles/issue b/conffiles/issue index 5db67ad..7e87000 100644 --- a/conffiles/issue +++ b/conffiles/issue @@ -1,4 +1,4 @@ -Ubuntu 20.04.1 LTS \n \l +Ubuntu 20.04.6 LTS \n \l Welcome to the MISP Threat Sharing VM. --- diff --git a/preseeds/preseed.cfg b/preseeds/preseed.cfg index 047c32c..7641a81 100644 --- a/preseeds/preseed.cfg +++ b/preseeds/preseed.cfg @@ -1,5 +1,5 @@ ### Base system install -d-i base-installer/kernel/override-image string linux-server +d-i base-installer/kernel/override-image string linux-generic-lts-hwe-20.04 # Account setup d-i passwd/user-fullname string misp @@ -60,7 +60,8 @@ d-i partman-lvm/confirm_nooverwrite boolean true d-i partman-auto-lvm/guided_size string max # No proxy, plx -d-i mirror/http/proxy string +#d-i mirror/http/proxy string +d-i mirror/http/mirror select archive.ubuntu.com # Whether to upgrade packages after debootstrap. # Allowed values: none, safe-upgrade, full-upgrade From e3cc666e9f926c58c12bf68b32191b58cdcb82cc Mon Sep 17 00:00:00 2001 From: Rawane Boubrima Date: Thu, 25 May 2023 13:12:11 +0200 Subject: [PATCH 5/9] test --- build_vbox.sh | 62 ++++++++++++++++++++++++++++++++++---------- misp.json | 2 +- preseeds/preseed.cfg | 5 ++-- 3 files changed, 52 insertions(+), 17 deletions(-) diff --git a/build_vbox.sh b/build_vbox.sh index 01fa9a0..c0725d7 100755 --- a/build_vbox.sh +++ b/build_vbox.sh @@ -13,22 +13,58 @@ fi SHA_SUMS="1 256 384 512" checkInstaller () { - for sum in $(echo ${SHA_SUMS}); do - /usr/bin/wget -q -O scripts/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum} - INSTsum=$(shasum -a ${sum} scripts/INSTALL.sh | cut -f1 -d\ ) - chsum=$(cat scripts/INSTALL.sh.sha${sum} | cut -f1 -d\ ) - - if [[ "$chsum" == "$INSTsum" ]]; then - echo "sha${sum} matches" - else - echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" - echo "Deleting installer, please run again." - rm scripts/INSTALL.sh - exit 1 +if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]] || [[ "${FLAVOUR}" == "fedora" ]]; then + INSTsum=$(sha512sum ${0} | cut -f1 -d\ ) + /usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha512 https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha512 + chsum=$(cat /tmp/INSTALL.sh.sha512) + if [[ "${chsum}" == "${INSTsum}" ]]; then + echo "SHA512 matches" + else + echo "SHA512: ${chsum} does not match the installer sum of: ${INSTsum}" + # exit 1 # uncomment when/if PR is merged + fi + else + # TODO: Implement $FLAVOUR checks and install depending on the platform we are on + if [[ $(which shasum > /dev/null 2>&1 ; echo $?) -ne 0 ]]; then + checkAptLock + sudo apt install libdigest-sha-perl -qyy fi - done + # SHAsums to be computed, not the -- notatiation is for ease of use with rhash + SHA_SUMS="--sha1 --sha256 --sha384 --sha512" + for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do + /usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum} + INSTsum=$(shasum -a ${sum} ${0} | cut -f1 -d\ ) + chsum=$(cat /tmp/INSTALL.sh.sha${sum} | cut -f1 -d\ ) + + if [[ "${chsum}" == "${INSTsum}" ]]; then + echo "sha${sum} matches" + else + echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" + echo "Delete installer, re-download and please run again." + exit 1 + fi + done +fi } + +#checkInstaller () { +# for sum in $(echo ${SHA_SUMS}); do +# /usr/bin/wget -q -O scripts/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum} +# INSTsum=$(shasum -a ${sum} scripts/INSTALL.sh | cut -f1 -d\ ) +# chsum=$(cat scripts/INSTALL.sh.sha${sum} | cut -f1 -d\ ) + +# if [[ "$chsum" == "$INSTsum" ]]; then +# echo "sha${sum} matches" +# else +# echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" +# echo "Deleting installer, please run again." +# rm scripts/INSTALL.sh +# exit 1 +# fi +# done +#} + # Fetch and check installer if [[ -f "scripts/INSTALL.sh" ]]; then echo "Checking checksums" diff --git a/misp.json b/misp.json index 14cf4fa..197fc82 100644 --- a/misp.json +++ b/misp.json @@ -258,7 +258,7 @@ "ssh_pass": "Password1234", "update": "true", "vm_description": "MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.", - "vm_name": "MISP_rawane_demo", + "vm_name": "1", "vm_version": "2.4" } } diff --git a/preseeds/preseed.cfg b/preseeds/preseed.cfg index 7641a81..047c32c 100644 --- a/preseeds/preseed.cfg +++ b/preseeds/preseed.cfg @@ -1,5 +1,5 @@ ### Base system install -d-i base-installer/kernel/override-image string linux-generic-lts-hwe-20.04 +d-i base-installer/kernel/override-image string linux-server # Account setup d-i passwd/user-fullname string misp @@ -60,8 +60,7 @@ d-i partman-lvm/confirm_nooverwrite boolean true d-i partman-auto-lvm/guided_size string max # No proxy, plx -#d-i mirror/http/proxy string -d-i mirror/http/mirror select archive.ubuntu.com +d-i mirror/http/proxy string # Whether to upgrade packages after debootstrap. # Allowed values: none, safe-upgrade, full-upgrade From e561d13a9a976fa936875141654042d7a4107dbe Mon Sep 17 00:00:00 2001 From: Rawane Boubrima Date: Tue, 30 May 2023 08:44:38 +0200 Subject: [PATCH 6/9] =?UTF-8?q?avanc=C3=A9e?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- archive.sh | 1 + build_vbox.sh | 62 ++++++++++---------------------------------- config.sh | 2 ++ misp.json | 2 +- preseeds/preseed.cfg | 1 + scripts/users.sh | 20 ++++++++++---- 6 files changed, 33 insertions(+), 55 deletions(-) diff --git a/archive.sh b/archive.sh index e2ba41b..2571ff8 100644 --- a/archive.sh +++ b/archive.sh @@ -15,3 +15,4 @@ for VERSION in `echo ${VERSIONS}`; do fi find . -maxdepth 1 -type d -name MISP_v${VERSION}\* -exec rm -rv {} \; done + diff --git a/build_vbox.sh b/build_vbox.sh index c0725d7..01fa9a0 100755 --- a/build_vbox.sh +++ b/build_vbox.sh @@ -13,58 +13,22 @@ fi SHA_SUMS="1 256 384 512" checkInstaller () { -if [[ "${FLAVOUR}" == "rhel" ]] || [[ "${FLAVOUR}" == "centos" ]] || [[ "${FLAVOUR}" == "fedora" ]]; then - INSTsum=$(sha512sum ${0} | cut -f1 -d\ ) - /usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha512 https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha512 - chsum=$(cat /tmp/INSTALL.sh.sha512) - if [[ "${chsum}" == "${INSTsum}" ]]; then - echo "SHA512 matches" - else - echo "SHA512: ${chsum} does not match the installer sum of: ${INSTsum}" - # exit 1 # uncomment when/if PR is merged - fi - else - # TODO: Implement $FLAVOUR checks and install depending on the platform we are on - if [[ $(which shasum > /dev/null 2>&1 ; echo $?) -ne 0 ]]; then - checkAptLock - sudo apt install libdigest-sha-perl -qyy + for sum in $(echo ${SHA_SUMS}); do + /usr/bin/wget -q -O scripts/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum} + INSTsum=$(shasum -a ${sum} scripts/INSTALL.sh | cut -f1 -d\ ) + chsum=$(cat scripts/INSTALL.sh.sha${sum} | cut -f1 -d\ ) + + if [[ "$chsum" == "$INSTsum" ]]; then + echo "sha${sum} matches" + else + echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" + echo "Deleting installer, please run again." + rm scripts/INSTALL.sh + exit 1 fi - # SHAsums to be computed, not the -- notatiation is for ease of use with rhash - SHA_SUMS="--sha1 --sha256 --sha384 --sha512" - for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do - /usr/bin/wget --no-cache -q -O /tmp/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum} - INSTsum=$(shasum -a ${sum} ${0} | cut -f1 -d\ ) - chsum=$(cat /tmp/INSTALL.sh.sha${sum} | cut -f1 -d\ ) - - if [[ "${chsum}" == "${INSTsum}" ]]; then - echo "sha${sum} matches" - else - echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" - echo "Delete installer, re-download and please run again." - exit 1 - fi - done -fi + done } - -#checkInstaller () { -# for sum in $(echo ${SHA_SUMS}); do -# /usr/bin/wget -q -O scripts/INSTALL.sh.sha${sum} https://raw.githubusercontent.com/MISP/MISP/2.4/INSTALL/INSTALL.sh.sha${sum} -# INSTsum=$(shasum -a ${sum} scripts/INSTALL.sh | cut -f1 -d\ ) -# chsum=$(cat scripts/INSTALL.sh.sha${sum} | cut -f1 -d\ ) - -# if [[ "$chsum" == "$INSTsum" ]]; then -# echo "sha${sum} matches" -# else -# echo "sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" -# echo "Deleting installer, please run again." -# rm scripts/INSTALL.sh -# exit 1 -# fi -# done -#} - # Fetch and check installer if [[ -f "scripts/INSTALL.sh" ]]; then echo "Checking checksums" diff --git a/config.sh b/config.sh index 7512f56..0bc8b4f 100644 --- a/config.sh +++ b/config.sh @@ -39,6 +39,8 @@ PATH_TO_INSTALLER="scripts/${NAME_OF_INSTALLER}" URL_TO_INSTALLER="https://raw.githubusercontent.com/${REPO}/${BRANCH}/INSTALL/${NAME_OF_INSTALLER}" URL_TO_LICENSE="https://raw.githubusercontent.com/${REPO}/${BRANCH}/LICENSE" +UBUNTU_VERSION="20.04" # Update to Ubuntu 20.04 + if [[ ! -z $DEBUG ]]; then echo "Debug mode enabled." echo "-------------------" diff --git a/misp.json b/misp.json index 197fc82..d731455 100644 --- a/misp.json +++ b/misp.json @@ -248,7 +248,7 @@ "iso_checksum_type": "sha512", "iso_name": "ubuntu-20.04.6-server-amd64.iso", "iso_path": "iso", - "iso_url": "http://cdimage.ubuntu.com/ubuntu/releases/bionic/release/ubuntu-20.04.6-server-amd64.iso", + "iso_url": "http://cdimage.ubuntu.com/ubuntu/releases/focal/release/ubuntu-20.04.6-server-amd64.iso", "memory": "3072", "no_proxy": "{{env `no_proxy`}}", "ovftool_path": "ovftool", diff --git a/preseeds/preseed.cfg b/preseeds/preseed.cfg index 047c32c..a035324 100644 --- a/preseeds/preseed.cfg +++ b/preseeds/preseed.cfg @@ -70,3 +70,4 @@ d-i pkgsel/upgrade select safe-upgrade d-i grub-installer/only_debian boolean true d-i finish-install/reboot_in_progress note + diff --git a/scripts/users.sh b/scripts/users.sh index 5aa3d29..5fec9ed 100644 --- a/scripts/users.sh +++ b/scripts/users.sh @@ -4,12 +4,22 @@ ##useradd -U -G sudo -m -s /bin/bash thehive ##echo -e "thehive1234\nthehive1234" | passwd thehive -echo "--- Configuring sudo " +#echo "--- Configuring sudo " ##echo %thehive ALL=NOPASSWD:ALL > /etc/sudoers.d/thehive -echo "%misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp +#echo "%misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp ##chmod 0440 /etc/sudoers.d/thehive -chmod 0440 /etc/sudoers.d/misp +#chmod 0440 /etc/sudoers.d/misp # Disable fancy progressbar -echo 'Dpkg::Progress-Fancy "0";' > /etc/apt/apt.conf.d/99progressbar -echo 'Dpkg::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar +#echo 'Dpkg::Progress-Fancy "0";' > /etc/apt/apt.conf.d/99progressbar +#echo 'Dpkg::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar + + + + +echo "--- Configuring sudo" +echo "misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp +chmod 0440 /etc/sudoers.d/misp + +echo 'APT::ProgressBar::Fancy "0";' > /etc/apt/apt.conf.d/99progressbar +echo 'APT::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar From a87b0bab6263efc208dea2a90736acac4898a2f5 Mon Sep 17 00:00:00 2001 From: Rawane Boubrima Date: Fri, 2 Jun 2023 11:52:43 +0200 Subject: [PATCH 7/9] Changement code, Ubuntu 20.04 installer --- checkDeps.sh | 27 +++++- config.sh | 27 +++--- deploy.sh | 221 +----------------------------------------- misp.json | 2 +- scripts/clean.sh | 1 + scripts/interfaces.sh | 18 ++-- scripts/users.sh | 36 +++++++ upload.sh | 57 ++++++----- 8 files changed, 118 insertions(+), 271 deletions(-) diff --git a/checkDeps.sh b/checkDeps.sh index 4c9447a..ff073e6 100644 --- a/checkDeps.sh +++ b/checkDeps.sh @@ -1,19 +1,38 @@ #!/bin/bash +#GOT_PACKER=$(which packer > /dev/null 2>&1; echo $?) +#if [[ "${GOT_PACKER}" == 0 ]]; then +# echo "Packer detected, version: $(packer -v)" +# PACKER_RUN=$(which packer) +#else +# echo "No packer binary detected, please make sure you installed it from: https://www.packer.io/downloads.html" +# exit 1 +#fi + +#GOT_RHASH=$(which rhash > /dev/null 2>&1; echo $?) +#if [[ "${GOT_RHASH}" == 0 ]]; then +# echo "rhash detected, version: $(rhash --version)" +# RHASH_RUN=$(which rhash) +#else +# echo "No rhash binary detected, please make sure you installed it." +# exit 1 +#fi + + GOT_PACKER=$(which packer > /dev/null 2>&1; echo $?) if [[ "${GOT_PACKER}" == 0 ]]; then - echo "Packer detected, version: $(packer -v)" + echo "Packer détecté, version : $(packer -v)" PACKER_RUN=$(which packer) else - echo "No packer binary detected, please make sure you installed it from: https://www.packer.io/downloads.html" + echo "Aucun binaire packer détecté, veuillez vous assurer de l'avoir installé à partir de : https://www.packer.io/downloads.html" exit 1 fi GOT_RHASH=$(which rhash > /dev/null 2>&1; echo $?) if [[ "${GOT_RHASH}" == 0 ]]; then - echo "rhash detected, version: $(rhash --version)" + echo "rhash détecté, version : $(rhash --version)" RHASH_RUN=$(which rhash) else - echo "No rhash binary detected, please make sure you installed it." + echo "Aucun binaire rhash détecté, veuillez vous assurer de l'avoir installé." exit 1 fi diff --git a/config.sh b/config.sh index 0bc8b4f..b5a0ed8 100644 --- a/config.sh +++ b/config.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default +# Laissez vide pour désactiver les messages de débogage. S'il est exécuté avec set -x ou bash -x, il activera le mode DEBUG par défaut. DEBUG= case "$-" in @@ -8,12 +8,12 @@ case "$-" in *) NO_PROGRESS=0 ;; esac -# Name of the packer +# Nom du packer PACKER_NAME="misp" PACKER_VM="MISP" NAME="${PACKER_NAME}-packer" -# Configure your user and remote server +# Configurez votre utilisateur et serveur distant REMOTE=1 REL_USER="${PACKER_NAME}-release" REL_SERVER="cpab" @@ -22,16 +22,16 @@ REL_SERVER="cpab" GPG_ENABLED=1 GPG_KEY="0x34F20B13" -# Enable debug for packer, omit -debug to disable +# Activer le débogage pour packer, omettre -debug pour le désactiver ##PACKER_DEBUG="-debug" -# Enable logging and debug for packer +# Activer l'enregistrement et le débogage pour packer export PACKER_LOG=1 REPO="MISP/MISP" BRANCH="2.4" -# SHAsums to be computed, note the -- notatiation is for ease of use with rhash +# SOMmes de contrôle à calculer, notez la notation -- pour faciliter l'utilisation avec rhash SHA_SUMS="--sha1 --sha256 --sha384 --sha512" NAME_OF_INSTALLER="INSTALL.sh" @@ -39,16 +39,15 @@ PATH_TO_INSTALLER="scripts/${NAME_OF_INSTALLER}" URL_TO_INSTALLER="https://raw.githubusercontent.com/${REPO}/${BRANCH}/INSTALL/${NAME_OF_INSTALLER}" URL_TO_LICENSE="https://raw.githubusercontent.com/${REPO}/${BRANCH}/LICENSE" -UBUNTU_VERSION="20.04" # Update to Ubuntu 20.04 +UBUNTU_VERSION="20.04" # Mettez à jour vers Ubuntu 20.04 if [[ ! -z $DEBUG ]]; then - echo "Debug mode enabled." + echo "Mode de débogage activé." echo "-------------------" echo "" - echo "Some config info:" - echo "Using: $NAME" - [[ ! -z $GPG_ENABLED ]] && echo "GnuPG enabled with key $GPG_KEY" - [[ ! -z $PACKER_LOG ]] && echo "Packer Log enabled." - [[ ! -z $REMOTE ]] && echo "Remote deploy enabled with connection string: $REL_USER@$REL_SERVER" + echo "Informations de configuration :" + echo "Utilisation de : $NAME" + [[ ! -z $GPG_ENABLED ]] && echo "GnuPG activé avec la clé $GPG_KEY" + [[ ! -z $PACKER_LOG ]] && echo "Enregistrement Packer activé." + [[ ! -z $REMOTE ]] && echo "Déploiement distant activé avec la chaîne de connexion : $REL_USER@$REL_SERVER" fi - diff --git a/deploy.sh b/deploy.sh index d62e9f4..ca60215 100755 --- a/deploy.sh +++ b/deploy.sh @@ -62,224 +62,5 @@ signify () # # iQIcBAEBCAAGBQJcw139AAoJEO88ER/Pxlm557kP/2KCssWq9WF75XGSXuoALdpC # ptEoUNgHBwlv00YtUwRyyuPQ/VGE6Jst9dEN7m4CUJGDgeSm2X8hPkvGcJ+Ns3+C - # 9LJurJ603fetvDFm80mqIxY3yfGSpL6Oqh3ppXVo/UC62No9a3sfg1/Fhu0G6Uk0 - # bgvRxTgjXFTS7pA5KEqB8d07jxJJF5Z6Xjkz/mHp5zoRLaBE7z2v0uYTXARf91x4 - # shSFSjUapYL2DYpJCWY8u7ROchU9sqiZmZrzZ0OHNZ3TZhvs8LIySecBY5NZO9xt - # 5Y9WYvB1Ivw875I+DSARshJB+hLW6VIAwIZ+UMcdrv7xgS+lMkgG77H37yS/pZ+8 - # bL+pZb6uFo8OzdFmPWVodw4P/3jA/NxiZJFF81/K/pLFg/TVP8i/vfWzWS50Bx9p - # yzm3hGUliFocAhDcAipE0rPFko4Gm+TmwMzgE8hGDgFblmEfdlOcLH6zH36YXzQp - # ATCeavjClaJU8292/64+YWROHVRaNXcLpYIW9pD8a0XRz/prGFdzNdDF52QC/CE2 - # gmaFfo6ggn208ciXLQKvYlaKEZa6m3nmLi6neHBiOla05jL94UXdcpYjI9kuIGxj - # 60AQaPhVKzAE4Yjh7Zxf5RKxMCHMjw8oT730GXD2TRwnv0Dmx8Ioc6IYoLMF57t3 - # zpjK0m3T8vNuHKr5deMp - # =8sTO - # -----END PGP SIGNATURE----- - ## Source: https://getfedora.org/en/static/checksums/Fedora-Server-30-1.2-x86_64-CHECKSUM + # 9LJurJ603fet. -if [[ -z ${1} ]]; then - echo "This function needs an argument" - exit 1 -fi - -} - -convertSecs() { - ((h=${1}/3600)) - ((m=(${1}%3600)/60)) - ((s=${1}%60)) - printf "%02d:%02d:%02d\n" ${h} ${m} ${s} -} - -# Check if ponysay is installed. (https://github.com/erkin/ponysay) -say () { - echo ${1} > /tmp/lastBuild.time - if [[ $(command -v ponysay) ]]; then - printf "\n\n\n\n\n" - ponysay -c ${1} - else - echo ${1} - fi -} - -think () { - if [[ $(command -v ponythink) ]]; then - printf "\n\n\n\n\n" - ponythink -c ${1} - else - echo ${1} - fi -} - -checkInstaller () { - /usr/bin/wget --no-cache -q -O ${PATH_TO_INSTALLER}.sfv ${URL_TO_INSTALLER}.sfv - rhash_chk=$(cd scripts ; ${RHASH_RUN} -c ${NAME_OF_INSTALLER}.sfv > /dev/null 2>&1; echo $?) - for sum in $(echo ${SHA_SUMS} |sed 's/--sha//g'); do - /usr/bin/wget --no-cache -q -O ${PATH_TO_INSTALLER}.sha${sum} ${URL_TO_INSTALLER}.sha${sum} - INSTsum=$(shasum -a ${sum} ${PATH_TO_INSTALLER} | cut -f1 -d\ ) - chsum=$(cat ${PATH_TO_INSTALLER}.sha${sum} | cut -f1 -d\ ) - - if [[ ${chsum} == ${INSTsum} ]] && [[ ${rhash_chk} == 0 ]]; then - echo "sha${sum} matches" - else - echo "Either: sha${sum}: ${chsum} does not match the installer sum of: ${INSTsum}" - echo "Or: rhash failed on non Zero: ${rhash_chk}" - echo "Deleting installer, please run again." - rm ${PATH_TO_INSTALLER} - exit 1 - fi - done -} - -removeAll () { - # Remove files for next run - [[ -d "output-virtualbox-iso" ]] && rm -r output-virtualbox-iso - [[ -d "output-vmware-iso" ]] && rm -r output-vmware-iso - [[ -d "VMware" ]] && rm -r VMware - rm -f *.zip *.zip.asc *.sfv *.sfv.asc *.ova *.ova.asc index.html - rm ${PACKER_NAME}-deploy.json - rm script/INSTALL.sh* - rm /tmp/LICENSE-${PACKER_NAME} - rm /tmp/${PACKER_NAME}-vbox.done /tmp/${PACKER_NAME}-vmware.done -} - -# TODO: Make it more graceful if files do not exist -removeAll 2> /dev/null - -# Fetching latest MISP LICENSE -NET_WGET=$(/usr/bin/wget -q -O /tmp/LICENSE-${PACKER_NAME} ${URL_TO_LICENSE}; echo $?) - -if [[ "$NET_WGET" != "0" ]]; then - echo "wget failed with error code: ${NET_WGET} - please fix." - exit $NET_WGET -fi - -# Make sure the installer we run is the one that is currently on GitHub -if [[ -e ${PATH_TO_INSTALLER} ]]; then - echo "Checking checksums" - checkInstaller -else - /usr/bin/wget --no-cache -q -O ${PATH_TO_INSTALLER} ${URL_TO_INSTALLER} - checkInstaller -fi - -# Check if latest build is still up to date, if not, roll and deploy new -if [[ "${LATEST_COMMIT}" != "$(cat /tmp/${PACKER_NAME}-latest.sha)" ]]; then - echo "Current ${PACKER_VM} version is: ${VER}@${LATEST_COMMIT_SHORT}" - - # Search and replace for vm_name and make sure we can easily identify the generated VMs - cat ${PACKER_NAME}.json| sed "s|\"vm_name\": \"${PACKER_VM}_demo\",|\"vm_name\": \"${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}\",|" > ${PACKER_NAME}-deploy.json - - if [[ -z $DEBUG ]]; then - # Build virtualbox VM set - export PACKER_LOG_PATH="${PWD}/packerlog-vbox.txt" - ($PACKER_RUN build --on-error=cleanup -only=virtualbox-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/${PACKER_NAME}-vbox.done) & - - # Build vmware VM set - export PACKER_LOG_PATH="${PWD}/packerlog-vmware.txt" - ($PACKER_RUN build --on-error=cleanup -only=vmware-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/${PACKER_NAME}-vmware.done) & - - else - echo "Disabling // builds" - # Build virtualbox VM set - export PACKER_LOG_PATH="${PWD}/packerlog-vbox.txt" - ($PACKER_RUN build --on-error=cleanup -only=virtualbox-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/${PACKER_NAME}-vbox.done) - - # Build vmware VM set - export PACKER_LOG_PATH="${PWD}/packerlog-vmware.txt" - ($PACKER_RUN build --on-error=cleanup -only=vmware-iso ${PACKER_NAME}-deploy.json ; echo $? > /tmp/${PACKER_NAME}-vmware.done) - TIME_END=$(date +%s) - TIME_DELTA=$(expr ${TIME_END} - ${TIME_START}) - TIME=$(convertSecs ${TIME_DELTA}) - echo "So far the generation took ${TIME}" - echo "" - echo "Waiting for return key..." - read - #exit -1 - fi - - # The below waits for the above 2 parallel packer builds to finish - while [[ ! -f /tmp/${PACKER_NAME}-vmware.done ]]; do :; done - while [[ ! -f /tmp/${PACKER_NAME}-vbox.done ]]; do :; done - - # Prevent uploading only half a build - if [[ "$(cat /tmp/${PACKER_NAME}-vbox.done)" == "0" ]] && [[ "$(cat /tmp/${PACKER_NAME}-vmware.done)" == "0" ]]; then - # ZIPup all the vmware stuff - mv output-vmware-iso VMware - cd VMware - # TODO/FIXME: Use ${SHA_SUMS} instead of static --shaFOO - ${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.sfv * - cd ../ - zip -r ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip VMware/* - - mv output-virtualbox-iso/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova . - - # Create a hashfile for the zip - # TODO/FIXME: Use ${SHA_SUMS} instead of static --shaFOO - ${RHASH_RUN} --lowercase --sfv --sha1 --sha256 --sha384 --sha512 -o ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv *.zip *.ova - - # Current file list of everything to gpg sign and transfer - FILE_LIST="${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip \ - ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova \ - ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv" - - # Create the latest MISP export directory - if [[ "${REMOTE}" == "1" ]]; then - ssh ${REL_USER}@${REL_SERVER} "mkdir -p export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT} ; mkdir -p export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums" - scp verify.txt ${REL_USER}@${REL_SERVER}:export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/ - fi - - # Sign and transfer files - for FILE in ${FILE_LIST}; do - if [[ "$GPG_ENABLED" == "1" ]]; then - if [[ "$GPG_KEY" == "0x" ]] || [[ -z "$GPG_KEY" ]]; then - gpg --armor --output ${FILE}.asc --detach-sig ${FILE} - else - gpg --armor -u ${GPG_KEY} --output ${FILE}.asc --detach-sig ${FILE} - fi - [[ "${REMOTE}" == "1" ]] && rsync -azvq --progress ${FILE}.asc ${REL_USER}@${REL_SERVER}:export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT} - fi - - if [[ "${REMOTE}" == "1" ]]; then - rsync -azvq --progress ${FILE} ${REL_USER}@${REL_SERVER}:export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT} - ssh ${REL_USER}@${REL_SERVER} "rm export/latest ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT} export/latest ;\ - rm export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv.asc ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv.asc export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv.asc" - fi - done - - if [[ "${REMOTE}" == "1" ]]; then - ssh ${REL_USER}@${REL_SERVER} "chmod -R +r export ;\ - mv export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums ;\ - mv export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv.asc export/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums ;\ - rm export/${PACKER_VM}_${VER}@latest.ova ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova export/${PACKER_VM}_${VER}@latest.ova ;\ - rm export/${PACKER_VM}_${VER}@latest.ova.asc ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}.ova.asc export/${PACKER_VM}_${VER}@latest.ova.asc ;\ - rm export/${PACKER_VM}_${VER}@latest-VMware.zip ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip export/${PACKER_VM}_${VER}@latest-VMware.zip ;\ - rm export/${PACKER_VM}_${VER}@latest-VMware.zip.asc ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-VMware.zip.asc export/${PACKER_VM}_${VER}@latest-VMware.zip.asc ;\ - rm export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv ;\ - rm export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv.asc ; ln -s ${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}/checksums/${PACKER_VM}_${VER}@${LATEST_COMMIT_SHORT}-CHECKSUM.sfv.asc export/${PACKER_VM}_${VER}@latest-CHECKSUM.sfv.asc" - fi - - else - echo "The packer exit code of VMware was: ${VMWARE_BUILD}" - echo "The packer exit code of VBox was: ${VIRTUALBOX_BUILD}" - echo "--------------------------------------------------------------------------------" - echo "#fail" > /tmp/${PACKER_NAME}-latest.sha - removeAll 2> /dev/null - TIME_END=$(date +%s) - TIME_DELTA=$(expr ${TIME_END} - ${TIME_START}) - TIME=$(convertSecs ${TIME_DELTA}) - echo "The last generation took ${TIME}" |tee /tmp/${PACKER_NAME}-lastBuild.time - exit 1 - fi - - # Remove files for next run - removeAll 2> /dev/null - echo ${LATEST_COMMIT} > /tmp/${PACKER_NAME}-latest.sha - TIME_END=$(date +%s) - TIME_DELTA=$(expr ${TIME_END} - ${TIME_START}) - TIME=$(convertSecs ${TIME_DELTA}) - - say "The last generation took ${TIME}" -else - clear - think "Current ${PACKER_VM} version ${VER}@${LATEST_COMMIT_SHORT} is up to date." -fi diff --git a/misp.json b/misp.json index d731455..9a2472c 100644 --- a/misp.json +++ b/misp.json @@ -248,7 +248,7 @@ "iso_checksum_type": "sha512", "iso_name": "ubuntu-20.04.6-server-amd64.iso", "iso_path": "iso", - "iso_url": "http://cdimage.ubuntu.com/ubuntu/releases/focal/release/ubuntu-20.04.6-server-amd64.iso", + "iso_url": "https://releases.ubuntu.com/20.04.6/ubuntu-20.04.6-desktop-amd64.iso", "memory": "3072", "no_proxy": "{{env `no_proxy`}}", "ovftool_path": "ovftool", diff --git a/scripts/clean.sh b/scripts/clean.sh index c381107..114d2e2 100644 --- a/scripts/clean.sh +++ b/scripts/clean.sh @@ -32,3 +32,4 @@ rm /etc/apt/apt.conf.d/99progressbar # End Cleaning echo "VM cleaned and rebooting for automagic reas0ns." reboot + diff --git a/scripts/interfaces.sh b/scripts/interfaces.sh index 60e42f6..de3cf6e 100644 --- a/scripts/interfaces.sh +++ b/scripts/interfaces.sh @@ -8,19 +8,23 @@ # $ cp /tmp/interfaces.sh . echo "--- Using old style name (ethX) for interfaces" -sed -r 's/^(GRUB_CMDLINE_LINUX=).*/\1\"net\.ifnames=0\ biosdevname=0\"/' /etc/default/grub | sudo tee /etc/default/grub > /dev/null +sed -i 's/^\(GRUB_CMDLINE_LINUX=\).*/\1"net.ifnames=0 biosdevname=0"/' /etc/default/grub -# install ifupdown since ubuntu 20.04 +# install ifupdown since ubuntu 18.04 sudo apt update sudo apt install ifupdown -qqy # enable eth0 echo "--- Configuring eth0" -cat >> /etc/network/interfaces << EOF -# The primary network interface -auto eth0 -iface eth0 inet dhcp +cat >> /etc/netplan/01-netcfg.yaml << EOF +network: + version: 2 + renderer: networkd + ethernets: + eth0: + dhcp4: true EOF -update-grub > /dev/null 2>&1 +netplan apply + diff --git a/scripts/users.sh b/scripts/users.sh index 5fec9ed..ced2cb4 100644 --- a/scripts/users.sh +++ b/scripts/users.sh @@ -14,12 +14,48 @@ #echo 'Dpkg::Progress-Fancy "0";' > /etc/apt/apt.conf.d/99progressbar #echo 'Dpkg::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar +#echo "--- Configuring sudo" +#echo "misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp +#chmod 0440 /etc/sudoers.d/misp + +#echo 'APT::ProgressBar::Fancy "0";' > /etc/apt/apt.conf.d/99progressbar +#echo 'APT::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar + + +#echo "--- Creating thehive user" +#useradd -U -G sudo -m -s /bin/bash thehive +#echo -e "thehive1234\nthehive1234" | passwd thehive + +#echo "--- Configuring sudo" +#echo "thehive ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/thehive +#echo "misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp +#chmod 0440 /etc/sudoers.d/thehive +#chmod 0440 /etc/sudoers.d/misp +#echo 'APT::ProgressBar::Fancy "0";' > /etc/apt/apt.conf.d/99progressbar +#echo 'APT::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar +echo "--- Creating thehive user" +useradd -U -G sudo -m -s /bin/bash thehive +echo -e "thehive1234\nthehive1234" | chpasswd + echo "--- Configuring sudo" +echo "thehive ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/thehive echo "misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp +chmod 0440 /etc/sudoers.d/thehive chmod 0440 /etc/sudoers.d/misp echo 'APT::ProgressBar::Fancy "0";' > /etc/apt/apt.conf.d/99progressbar echo 'APT::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar + +#préambule on dirait +sudo apt update +sudo apt upgrade -y + + + +# Upgrade to Ubuntu 20.04 +echo "--- Upgrading to Ubuntu 20.04" +do-release-upgrade -f DistUpgradeViewNonInteractive + diff --git a/upload.sh b/upload.sh index b381ecf..9a35f7d 100755 --- a/upload.sh +++ b/upload.sh @@ -20,6 +20,9 @@ # # Check dependencies. + +upload-github-release-asset.sh github_api_token=TOKEN owner=stefanbuck repo=playground tag=v0.1.0 filename=./build.zip + set -e xargs=$(which gxargs || which xargs) @@ -29,36 +32,40 @@ xargs=$(which gxargs || which xargs) CONFIG=$@ for line in $CONFIG; do - eval "$line" - done + eval "$line" +done + +# Define variables. +GH_API="https://api.github.com" +GH_REPO="$GH_API/repos/$owner/$repo" +GH_TAGS="$GH_REPO/releases/tags/$tag" +AUTH="Authorization: token $github_api_token" +WGET_ARGS="--content-disposition --auth-no-challenge --no-cookie" +CURL_ARGS="-LJO#" + +if [[ "$tag" == 'LATEST' ]]; then + GH_TAGS="$GH_REPO/releases/latest" +fi - # Define variables. - GH_API="https://api.github.com" - GH_REPO="$GH_API/repos/$owner/$repo" - GH_TAGS="$GH_REPO/releases/tags/$tag" - AUTH="Authorization: token $github_api_token" - WGET_ARGS="--content-disposition --auth-no-challenge --no-cookie" - CURL_ARGS="-LJO#" +# Validate token. +curl -o /dev/null -sH "$AUTH" $GH_REPO || { echo "Error: Invalid repo, token, or network issue!"; exit 1; } - if [[ "$tag" == 'LATEST' ]]; then - GH_TAGS="$GH_REPO/releases/latest" - fi +# Read asset tags. +response=$(curl -sH "$AUTH" $GH_TAGS) - # Validate token. - curl -o /dev/null -sH "$AUTH" $GH_REPO || { echo "Error: Invalid repo, token or network issue!"; exit 1; } +# Get ID of the asset based on the given filename. +eval $(echo "$response" | grep -m 1 "id.:" | grep -w id | tr : = | tr -cd '[[:alnum:]]=') +[ "$id" ] || { echo "Error: Failed to get release id for tag: $tag"; echo "$response" | awk 'length($0)<100' >&2; exit 1; } - # Read asset tags. - response=$(curl -sH "$AUTH" $GH_TAGS) +# Upload asset +echo "Uploading asset... $filename" >&2 - # Get ID of the asset based on given filename. - eval $(echo "$response" | grep -m 1 "id.:" | grep -w id | tr : = | tr -cd '[[:alnum:]]=') - [ "$id" ] || { echo "Error: Failed to get release id for tag: $tag"; echo "$response" | awk 'length($0)<100' >&2; exit 1; } +# Construct URL +GH_ASSET="https://uploads.github.com/repos/$owner/$repo/releases/$id/assets?name=$(basename $filename)" - # Upload asset - echo "Uploading asset... $localAssetPath" >&2 +# Install required packages +apt-get update +apt-get install -y curl - # Construct url - GH_ASSET="https://uploads.github.com/repos/$owner/$repo/releases/$id/assets?name=$(basename $filename)" +curl "$GITHUB_OAUTH_BASIC" --data-binary @"$filename" -H "Authorization: token $github_api_token" -H "Content-Type: application/octet-stream" $GH_ASSET - curl "$GITHUB_OAUTH_BASIC" --data-binary @"$filename" -H "Authorization: token $github_api_token" -H "Content-Type: application/octet-stream" $GH_ASSET - From 6b51981aba659a676509229b8993c93a0bb210ac Mon Sep 17 00:00:00 2001 From: Rawane Boubrima Date: Tue, 6 Jun 2023 11:42:18 +0200 Subject: [PATCH 8/9] tout fonctionne --- checkDeps.sh | 27 ++++----------------------- conffiles/issue | 2 +- config.sh | 26 +++++++++++++------------- misp.json | 2 +- scripts/clean.sh | 3 +++ scripts/interfaces.sh | 15 +++++---------- scripts/users.sh | 35 ----------------------------------- 7 files changed, 27 insertions(+), 83 deletions(-) diff --git a/checkDeps.sh b/checkDeps.sh index ff073e6..4c9447a 100644 --- a/checkDeps.sh +++ b/checkDeps.sh @@ -1,38 +1,19 @@ #!/bin/bash -#GOT_PACKER=$(which packer > /dev/null 2>&1; echo $?) -#if [[ "${GOT_PACKER}" == 0 ]]; then -# echo "Packer detected, version: $(packer -v)" -# PACKER_RUN=$(which packer) -#else -# echo "No packer binary detected, please make sure you installed it from: https://www.packer.io/downloads.html" -# exit 1 -#fi - -#GOT_RHASH=$(which rhash > /dev/null 2>&1; echo $?) -#if [[ "${GOT_RHASH}" == 0 ]]; then -# echo "rhash detected, version: $(rhash --version)" -# RHASH_RUN=$(which rhash) -#else -# echo "No rhash binary detected, please make sure you installed it." -# exit 1 -#fi - - GOT_PACKER=$(which packer > /dev/null 2>&1; echo $?) if [[ "${GOT_PACKER}" == 0 ]]; then - echo "Packer détecté, version : $(packer -v)" + echo "Packer detected, version: $(packer -v)" PACKER_RUN=$(which packer) else - echo "Aucun binaire packer détecté, veuillez vous assurer de l'avoir installé à partir de : https://www.packer.io/downloads.html" + echo "No packer binary detected, please make sure you installed it from: https://www.packer.io/downloads.html" exit 1 fi GOT_RHASH=$(which rhash > /dev/null 2>&1; echo $?) if [[ "${GOT_RHASH}" == 0 ]]; then - echo "rhash détecté, version : $(rhash --version)" + echo "rhash detected, version: $(rhash --version)" RHASH_RUN=$(which rhash) else - echo "Aucun binaire rhash détecté, veuillez vous assurer de l'avoir installé." + echo "No rhash binary detected, please make sure you installed it." exit 1 fi diff --git a/conffiles/issue b/conffiles/issue index 7e87000..c8a69ec 100644 --- a/conffiles/issue +++ b/conffiles/issue @@ -1,4 +1,4 @@ -Ubuntu 20.04.6 LTS \n \l +Ubuntu 18.04.1 LTS \n \l Welcome to the MISP Threat Sharing VM. --- diff --git a/config.sh b/config.sh index b5a0ed8..e4d77ca 100644 --- a/config.sh +++ b/config.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Laissez vide pour désactiver les messages de débogage. S'il est exécuté avec set -x ou bash -x, il activera le mode DEBUG par défaut. +# Leave empty for NO debug messages, if run with set -x or bash -x it will enable DEBUG by default DEBUG= case "$-" in @@ -8,12 +8,12 @@ case "$-" in *) NO_PROGRESS=0 ;; esac -# Nom du packer +# Name of the packer PACKER_NAME="misp" PACKER_VM="MISP" NAME="${PACKER_NAME}-packer" -# Configurez votre utilisateur et serveur distant +# Configure your user and remote server REMOTE=1 REL_USER="${PACKER_NAME}-release" REL_SERVER="cpab" @@ -22,16 +22,16 @@ REL_SERVER="cpab" GPG_ENABLED=1 GPG_KEY="0x34F20B13" -# Activer le débogage pour packer, omettre -debug pour le désactiver +# Enable debugging for packing, omit -debug to disable it ##PACKER_DEBUG="-debug" -# Activer l'enregistrement et le débogage pour packer +# Enable logging and debug for packer export PACKER_LOG=1 REPO="MISP/MISP" BRANCH="2.4" -# SOMmes de contrôle à calculer, notez la notation -- pour faciliter l'utilisation avec rhash +# SHAsums to be computed, note the -- notatiation is for ease of use with rhash SHA_SUMS="--sha1 --sha256 --sha384 --sha512" NAME_OF_INSTALLER="INSTALL.sh" @@ -39,15 +39,15 @@ PATH_TO_INSTALLER="scripts/${NAME_OF_INSTALLER}" URL_TO_INSTALLER="https://raw.githubusercontent.com/${REPO}/${BRANCH}/INSTALL/${NAME_OF_INSTALLER}" URL_TO_LICENSE="https://raw.githubusercontent.com/${REPO}/${BRANCH}/LICENSE" -UBUNTU_VERSION="20.04" # Mettez à jour vers Ubuntu 20.04 +UBUNTU_VERSION="20.04" # Upgrade to Ubuntu 20.04. if [[ ! -z $DEBUG ]]; then - echo "Mode de débogage activé." + echo "Debug mode enabled." echo "-------------------" echo "" - echo "Informations de configuration :" - echo "Utilisation de : $NAME" - [[ ! -z $GPG_ENABLED ]] && echo "GnuPG activé avec la clé $GPG_KEY" - [[ ! -z $PACKER_LOG ]] && echo "Enregistrement Packer activé." - [[ ! -z $REMOTE ]] && echo "Déploiement distant activé avec la chaîne de connexion : $REL_USER@$REL_SERVER" + echo "Some config info:" + echo "Using: $NAME" + [[ ! -z $GPG_ENABLED ]] && echo "GnuPG enabled with key $GPG_KEY" + [[ ! -z $PACKER_LOG ]] && echo "Packer Log enabled." + [[ ! -z $REMOTE ]] && echo "Remote deploy enabled with connection string: $REL_USER@$REL_SERVER" fi diff --git a/misp.json b/misp.json index 9a2472c..7c940b6 100644 --- a/misp.json +++ b/misp.json @@ -258,7 +258,7 @@ "ssh_pass": "Password1234", "update": "true", "vm_description": "MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently.", - "vm_name": "1", + "vm_name": "rawane", "vm_version": "2.4" } } diff --git a/scripts/clean.sh b/scripts/clean.sh index 114d2e2..a569a76 100644 --- a/scripts/clean.sh +++ b/scripts/clean.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash + + mv /tmp/issue /etc/issue mv /tmp/crontab /etc/cron.d/misp @@ -33,3 +35,4 @@ rm /etc/apt/apt.conf.d/99progressbar echo "VM cleaned and rebooting for automagic reas0ns." reboot + diff --git a/scripts/interfaces.sh b/scripts/interfaces.sh index de3cf6e..a670297 100644 --- a/scripts/interfaces.sh +++ b/scripts/interfaces.sh @@ -6,7 +6,6 @@ ## As a quick reference, you cat generate with xsnippet: # $ xsnippet /tmp/ $PATH_TO_MISP/docs/generic/ethX.md # $ cp /tmp/interfaces.sh . - echo "--- Using old style name (ethX) for interfaces" sed -i 's/^\(GRUB_CMDLINE_LINUX=\).*/\1"net.ifnames=0 biosdevname=0"/' /etc/default/grub @@ -17,14 +16,10 @@ sudo apt install ifupdown -qqy # enable eth0 echo "--- Configuring eth0" -cat >> /etc/netplan/01-netcfg.yaml << EOF -network: - version: 2 - renderer: networkd - ethernets: - eth0: - dhcp4: true +cat >> /etc/network/interfaces << EOF +# The primary network interface +auto eth0 +iface eth0 inet dhcp EOF -netplan apply - +update-grub > /dev/null 2>&1 diff --git a/scripts/users.sh b/scripts/users.sh index ced2cb4..94fe833 100644 --- a/scripts/users.sh +++ b/scripts/users.sh @@ -1,40 +1,5 @@ #! /usr/bin/env bash -##echo "--- Creating thehive user" -##useradd -U -G sudo -m -s /bin/bash thehive -##echo -e "thehive1234\nthehive1234" | passwd thehive - -#echo "--- Configuring sudo " -##echo %thehive ALL=NOPASSWD:ALL > /etc/sudoers.d/thehive -#echo "%misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp -##chmod 0440 /etc/sudoers.d/thehive -#chmod 0440 /etc/sudoers.d/misp - -# Disable fancy progressbar -#echo 'Dpkg::Progress-Fancy "0";' > /etc/apt/apt.conf.d/99progressbar -#echo 'Dpkg::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar - -#echo "--- Configuring sudo" -#echo "misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp -#chmod 0440 /etc/sudoers.d/misp - -#echo 'APT::ProgressBar::Fancy "0";' > /etc/apt/apt.conf.d/99progressbar -#echo 'APT::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar - - -#echo "--- Creating thehive user" -#useradd -U -G sudo -m -s /bin/bash thehive -#echo -e "thehive1234\nthehive1234" | passwd thehive - -#echo "--- Configuring sudo" -#echo "thehive ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/thehive -#echo "misp ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers.d/misp -#chmod 0440 /etc/sudoers.d/thehive -#chmod 0440 /etc/sudoers.d/misp - -#echo 'APT::ProgressBar::Fancy "0";' > /etc/apt/apt.conf.d/99progressbar -#echo 'APT::Use-Pty "0";' >> /etc/apt/apt.conf.d/99progressbar - echo "--- Creating thehive user" useradd -U -G sudo -m -s /bin/bash thehive From 5145c5f1610e9b60ae8a80cb0dd94a0d557cadca Mon Sep 17 00:00:00 2001 From: boubrima rawane <129376582+Rawanebou@users.noreply.github.com> Date: Fri, 9 Jun 2023 13:22:36 +0200 Subject: [PATCH 9/9] Update issue --- conffiles/issue | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conffiles/issue b/conffiles/issue index c8a69ec..5db67ad 100644 --- a/conffiles/issue +++ b/conffiles/issue @@ -1,4 +1,4 @@ -Ubuntu 18.04.1 LTS \n \l +Ubuntu 20.04.1 LTS \n \l Welcome to the MISP Threat Sharing VM. ---