#!/bin/bash # - TODO IMPORTANT - This file contains a line with 'setenforce 0' # - TODO change cron job minute from '*' to '0' (set this for tests) # - TODO change 'centos' with $USER env variable everywhere # - Check sudo if [[ "$EUID" != 0 ]]; then echo "This script must be run with sudo" exit fi # - Set current working dir cd /home/centos/ # - Update #sudo apt-get update && sudo apt-get dist-upgrade echo "Checking for updates..." yum check-update sudo yum update -y # - Install required packages #sudo apt-get install python3-dev python3-pip python3-virtualenv python3-venv python3-scapy libssl-dev libpcap-dev echo "Installing required packages (git, vim, virtualenv)..." sudo yum install git -y sudo yum install vim -y sudo yum install virtualenv -y # - Install EPEL repo (Extra Packages for Enterprise Linux) # - AWSClient present in it echo "Adding EPEL repo..." sudo yum install epel-release.noarch -yi echo "Checking for updates..." yum check-update sudo yum update -y # - Install AWS Client (from EPEL) echo "Installing Amazon AWS Client (awscli.noarch)..." sudo yum install awscli.noarch -y # - Configure AWS Client echo "Copy of awscli config (credentials and config file)..." sudo cp -R /home/centos/ocanary-setup/.aws /root/ sudo chmod -R 755 /root/.aws sudo chmod 600 /root/.aws/* sudo chown -R root:root /root/.aws # - Create folder to sync with S3 Bucket (where we will store a copy of ocanary logs) echo "Creating folder that will contain a copy of ocanary logs (under /home/$USER/opencanary_logs/) ..." sudo mkdir /home/centos/opencanary_logs # - Add cron jobs in crontab echo "Adding cron jobs (copy of logs in /home/$USER/opencanary_logs/ and aws S3 sync) ..." sudo crontab -l > /root/cron_content sudo echo "* * * * * cp /var/tmp/opencanary.log /home/centos/opencanary_logs/" >> /root/cron_content sudo echo "* * * * * aws s3 sync /home/centos/opencanary_logs/ s3://s3-protonlab-02" >> /root/cron_content sudo crontab /root/cron_content # - Create Virtual Environment echo "Creating virtual env..." sudo virtualenv -p python3 /var/lib/canary-env sudo source /var/lib/canary-env/bin/activate # - Python (pip update) #pip install --upgrade pip setuptools # - Clone Opencanary Git repo echo "Cloning opencanary git repo..." git clone https://github.com/thinkst/opencanary # - Opencanary initial setup echo "Opencanary general install..." cd opencanary ##pip install opencanary #python setup.py install sudo /var/lib/canary-env/bin/python setup.py install sudo /var/lib/canary-env/bin/pip install -r requirements.txt # - Opencanary config echo "Creating Opencanary config..." sudo mkdir /etc/opencanaryd -p sudo cp /home/centos/ocanary-setup/opencanary.conf /etc/opencanaryd/opencanary.conf # - Copy Service config echo "Making Opencanary run as a service..." sudo cp /home/centos/ocanary-setup/opencanary.service /etc/systemd/system/opencanary.service # - Reload services daemon to add opencanary.service sudo systemctl daemon-reload # - Enable opencanary.service at boot echo "Enable Opencanary service at boot..." sudo systemctl enable opencanary.service # - Update SSH port to 2222 on the system (OpenCanary runs HoneyPot on port 22) # Backup default config echo "Updating SSHD config (make sshd run on port 2222, let port 22 for HoneyPot)..." sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bkp # Change port to 2222 sudo sed -i 's/#Port\ 22/Port 2222/g' /etc/ssh/sshd_config echo "Adding rule for SELinux to let SSHD listen on port 2222..." # Add SELinux policy to let ssh bind on port 2222 sudo semanage port -a -t ssh_port_t -p tcp 2222 echo "Setting SELinux to permisive - IMPORTANT - This action must be removed for production" # ----- TODO Change this setting ----- # - Set SELinux to permisive sudo setenforce 0 # ------------------------------------ # Restart ssh-server read -p "Restart ssh server now ?" -r echo "" if [[ $REPLY =~ ^[Yy]$ ]] then echo "SSH Server restarting..." sudo systemctl restart sshd.service echo "SSH Server restarted" # - Enable and start service echo "Start opencanary service" sudo systemctl start opencanary.service else echo "For OpenCanary to run you must:" echo "- restart sshd" echo "- start opencanary" echo "" echo "sudo systemctl restart sshd.service" echo "sudo systemctl start opencanary.service" fi