-
Notifications
You must be signed in to change notification settings - Fork 7
/
buildworld.sh
executable file
·295 lines (261 loc) · 10.6 KB
/
buildworld.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
#!/bin/sh
sudo apt-get update -y && sudo apt-get upgrade -y
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
sudo apt-get update
sudo apt-get install -y mongodb-org
sudo apt-get install -y vim screen unzip python python-dpkt python-jinja2 python-magic python-pymongo python-gridfs python-libvirt python-bottle python-chardet tcpdump clamav-daemon clamav-unofficial-sigs clamav clamav-base libcap2-bin python-dev build-essential subversion pcregrep libpcre++-dev python-pip ssdeep libfuzzy-dev git automake libtool autoconf libapr1 libapr1-dev libnspr4-dev libnss3-dev libwww-Perl libcrypt-ssleay-perl python-dev python-scapy python-yaml bison libpcre3-dev bison flex libdumbnet-dev autotools-dev libnet1-dev libpcap-dev libyaml-dev libnetfilter-queue-dev libprelude-dev zlib1g-dev libz-dev libcap-ng-dev libmagic-dev python-mysqldb lua-zip-dev lua-zip luarocks cmake libjansson-dev libswitch-perl libcdio-utils python-simplejson p7zip-full libzzip-dev python-geoip python-chardet python-m2crypto python-dnspython lua-bitop lua-zlib libcap2-bin zram-config xfce4 python-pil libidn11-dev libtommath-dev libjson-c-dev libjson-c-dev libmilter1.0.1 python-dateutil lua-apr python-pyparsing libbz2-dev cmake ragel
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
sudo pip install bottle Django==1.8.8 pycrypto clamd distorm3 pygal django-ratelimit
sudo luarocks install struct
#sudo luarocks install lua-apr
#wget https://pefile.googlecode.com/files/pefile-1.2.10-139.tar.gz
tar -xzvf pefile-1.2.10-139.tar.gz
cd pefile-1.2.10-139
python setup.py build
sudo python setup.py install
cd ..
#yara
tar -zxf v3.4.0.tar.gz
cd yara-3.4.0
./bootstrap.sh
chmod +x build.sh
./build.sh
sudo make install
echo "/usr/local/lib" | sudo tee /etc/ld.so.conf.d/cuckoo
sudo ldconfig
cd yara-python
python setup.py build
sudo python setup.py install
cd ../..
#volatility
tar -zxf volatility-2.4.tar.gz
cd volatility-2.4
python setup.py build
sudo python setup.py install
cd ..
git clone https://github.com/kbandla/pydeep.git
cd pydeep
python setup.py build
sudo python setup.py install
cd ..
sudo mkdir -p /usr/local/suricata/bin
sudo mkdir -p /usr/local/suricata/lib
sudo mkdir -p /usr/local/suricata/lib
sudo mkdir -p /usr/local/suricata/include/linux
sudo mkdir -p /usr/local/suricata/sbin
sudo mkdir -p /usr/local/suricata/etc/
sudo mkdir -p /usr/local/suricata/etc/
sudo mkdir -p /usr/local/suricata/et-luajit-scripts/
sudo mkdir -p /usr/local/suricata/var/log
sudo mkdir -p /usr/local/suricata/var/run/suricata/
sudo mkdir -p /data/etc/
sudo apt-get install build-essential libapr1 libapr1-dev libnspr4-dev libnss3-dev libwww-Perl libcrypt-ssleay-perl python-dev python-scapy python-yaml bison libpcre3-dev bison flex libdumbnet-dev autotools-dev libnet1-dev libpcap-dev libyaml-dev libnetfilter-queue-dev libprelude-dev zlib1g-dev libz-dev libcap-ng-dev libmagic-dev python-mysqldb lua-zip-dev luarocks cmake openvswitch-switch libaprutil1-dev libaprutil1-dbd-sqlite3 libapreq2-3 libapreq2-dev liblua5.1-0 liblua5.1-0-dev libapr1 libaprutil1 libaprutil1-dev libaprutil1-dbd-sqlite3 libapreq2-3 libapreq2-dev xrdp python-sqlalchemy -y
tar -xzvf 2015-08-01.tar.gz
cd re2-2015-08-01
make
make test
sudo make install
sudo make testinstall
cd ..
git clone https://github.com/axiak/pyre2.git
cd pyre2
sudo python setup.py install
cd ..
git clone https://github.com/mkottman/ltn12ce
cd ltn12ce
mkdir build
cd build
cmake .. -DBUILD_ZLIB=Off -DLUA_LIBRARY=/usr/lib/x86_64-linux-gnu/liblua5.1.so -DLUA_INCLUDE_DIR=/usr/include/lua5.1/
make
sudo make install
cd ../..
sudo ln -s /usr/local/lib/lua/ltn12ce /usr/local/lib/lua/5.1/ltn12ce
git clone https://github.com/bighil/aeslua
cd aeslua
make
sudo make install
cd ..
luarocks download luazip
luarocks unpack luazip
rm luazip-1.2.4-1/luazip/src/luazip.c
cp -f luazip.c luazip-1.2.4-1/luazip/src/
cd luazip-1.2.4-1/luazip
sudo luarocks make luazip-1.2.4-1.rockspec
cd ../..
tar -xvzf boost_1_60_0.tar.gz
cd boost_1_60_0
./bootstrap.sh --prefix=/tmp/boost-1.60
./b2 install
cd ..
tar -xzvf hyperscan.tar.gz
cd hyperscan
git checkout v4.0.1 -b ver401
mkdir build
cd build
cmake -DBUILD_SHARED_LIBS=1 -DBOOST_ROOT=/tmp/boost-1.60 ../
make
sudo make install
cd ../..
#sudo apt-get install apache2 libapache2-mod-wsgi
#sudo a2enmod wsgi
#sudo a2enmod ssl
#sudo a2enmod proxy
#sudo a2enmod proxy_http
#sudo a2enmod auth_basic
#sudo a2enmod headers
#wget http://www.openinfosecfoundation.org/download/suricata-3.0.1.tar.gz
#wget https://raw.githubusercontent.com/wmetcalf/buildcuckoo-trusty/master/suricata.yaml
tar -xzvf suricata-3.0.1.tar.gz
cd suricata-3.0.1
./configure --enable-profiling --prefix=/usr/local/suricata/ --with-libnss-includes=/usr/include/nss --with-libnss-libs=/usr/lib/nss --with-libnspr-includes=/usr/include/nspr --with-libnspr-libraries=/usr/lib/nspr --enable-lua --enable-unix-socket && make -j && sudo make install
sudo cp ../suricata.yaml /usr/local/suricata/etc/
sudo cp reference.config /usr/local/suricata/etc/
sudo cp classification.config /usr/local/suricata/etc/
cd ..
echo "alert http any any -> any any (msg:\"FILE store all\"; filestore; flowbits:noalert; sid:44444; rev:1;)" > local.rules
sudo cp local.rules /usr/local/suricata/etc/
#cp rules/files.rules /usr/local/suricata/etc/etpro/
sudo git clone https://github.com/EmergingThreats/et-luajit-scripts /usr/local/suricata/et-luajit-scripts
sudo cp /usr/local/suricata/et-luajit-scripts/* /usr/local/suricata/etc/
read -p "Enter your ETPRO oinkcode if you have one [ENTER]: " oinkcode
if ["$oinkcode" = ""]; then
rule_url="https://rules.emergingthreatspro.com/|emerging.rules.tar.gz|open"
else
rule_url="https://rules.emergingthreatspro.com/|etpro.rules.tar.gz|$oinkcode"
fi
echo "rule_url=$rule_url
ignore=local.rules
temp_path=/tmp
rule_path=/usr/local/suricata/etc/all.rules
sid_msg=/usr/local/suricata/etc/sid-msg.map
sid_changelog=/usr/local/suricata/var/log/etpro_sid_changes.log
disablesid=/usr/local/suricata/etc/disablesid.conf
engine=suricata
suricata_version=2.0.4
version=0.6.0
" > pp.config
#wget https://pulledpork.googlecode.com/files/pulledpork-0.6.1.tar.gz
tar -xzvf pulledpork-0.6.1.tar.gz
cd pulledpork-0.6.1
patch -p1 < ../pulledpork-etpro-fix.diff
sudo cp -f pulledpork.pl /usr/local/bin/
echo "#!/bin/sh
/usr/local/bin/pulledpork.pl -c /usr/local/suricata/etc/pp.config
cd /usr/local/suricata/et-luajit-scripts/ && git pull
cp -f /usr/local/suricata/et-luajit-scripts/*.lua /usr/local/suricata/etc/
cp -f /usr/local/suricata/et-luajit-scripts/d*.rules /usr/local/suricata/etc/
" > ruleupdates.sh
chmod +x ruleupdates.sh
echo "pcre:SURICATA (STMP|IP|TCP|ICMP|HTTP|STREAM)" >> etc/disablesid.conf
echo "pcre:GPL NETBIOS" >> etc/disablesid.conf
sudo cp ruleupdates.sh /usr/local/bin/
sudo cp ../pp.config /usr/local/suricata/etc/
sudo cp etc/modifysid.conf /usr/local/suricata/etc/
sudo cp etc/enablesid.conf /usr/local/suricata/etc/
sudo cp etc/disablesid.conf /usr/local/suricata/etc/
cd ..
ruleupdates.sh
tar -xzvf moloch.tar.gz
cd moloch-0.12.2
sudo ./easybutton-singlehost.sh
cd ..
sudo pkill -f "/data/moloch/bin/node viewer.js"
sudo pkill -f "/data/moloch/elasticsearch"
#sudo git clone https://github.com/EmergingThreats/cuckoo-1.1.git /data/cuckoo
git clone https://github.com/spender-sandbox/cuckoo-modified cuckoo
cd cuckoo/utils
./community.py -a -f
cd ../..
sudo mv cuckoo /data/cuckoo
sudo cp procyon-decompiler-0.5.30.jar /data/cuckoo/
rm suricata-3.0.1 -Rf
rm pulledpork-0.6.1 -Rf
rm lua-zlib -Rf
rm ltn12ce -Rf
rm yara-3.4.0 -Rf
sudo rm volatility-2.4 -Rf
rm pydeep -Rf
sudo rm moloch-0.12.2 -Rf
rm pp.config
sudo rm luazip-1.2.4-1.rockspec
sudo rm luazip-1.2.4-1 -Rf
sudo rm pefile-1.2.10-139 -Rf
sudo rm re2-2015-08-01 -Rf
sudo rm pyre2 -Rf
sudo rm aeslua -Rf
sudo rm hyperscan -Rf
sudo rm /tmp/boost-1.60 -Rf
sudo rm boost_1_60_0 -Rf
sudo ovs-vsctl add-br lan0
for tap in `seq 0 16`; do
sudo ip tuntap add mode tap lan0p$tap
done;
sudo ip tuntap list
for tap in `seq 0 16`; do
sudo ip link set lan0p$tap up
done;
sudo ip link
for tap in `seq 0 16`; do
sudo ovs-vsctl add-port lan0 lan0p$tap
done;
sudo ovs-vsctl list-ports lan0
#sudo ovs-vsctl -- --id=@m create mirror name=mirror3 select_all=1 -- add bridge lan0 mirrors @m
#mirror port
sudo modprobe dummy
sudo ip link set up dummy0
sudo ifconfig dummy0 promisc -arp
sudo ovs-vsctl -- --may-exist add-port lan0 dummy0
sudo ovs-vsctl -- --id=@p get port dummy0 -- --id=@m create mirror name=mirror0 select_all=1 -- add bridge lan0 mirrors @m -- set mirror mirror0 output_port=@p
#mgmt
sudo ovs-vsctl add-port lan0 lan0hp0 -- set interface lan0hp0 type=internal
sudo ip addr add 192.168.1.1 dev lan0hp0
sudo ip link set lan0hp0 up
sudo ip route add 192.168.1.0/24 dev lan0hp0
chmod +x services/*
sudo cp services/* /etc/init.d/
sudo update-rc.d iptables defaults
sudo update-rc.d suricata defaults
echo "service /etc/init.d/openvswitch-switch restart
for tap in \`seq 0 16\`; do
sudo ip tuntap add mode tap lan0p\$tap
done;
sudo ip tuntap list
for tap in \`seq 0 16\`; do
sudo ip link set lan0p\$tap up
done;
sudo ip link
#mirror port
sudo modprobe dummy
sudo ip link set up dummy0
sudo ifconfig dummy0 promisc -arp
#mgmt
sudo ip addr add 192.168.1.1 dev lan0hp0
sudo ip link set lan0hp0 up
sudo ip route add 192.168.1.0/24 dev lan0hp0
/etc/init.d/moloch start
/etc/init.d/cuckoo start
setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
exit 0" | sudo tee /etc/rc.local
CURRENT_USER=`whoami`
sudo chown $CURRENT_USER:$CURRENT_USER /usr/local/suricata/ -Rf
sudo chown $CURRENT_USER:$CURRENT_USER /data/moloch -Rf
sudo chown $CURRENT_USER:$CURRENT_USER /data/cuckoo -Rf
sudo usermod -a -G cuckoo clamav
echo "/data/cuckoo/storage/** r," | sudo tee /etc/apparmor.d/local/usr.sbin.clamd
echo "deb http://download.virtualbox.org/virtualbox/debian trusty contrib" |sudo tee -a /etc/apt/sources.list
wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add -
sudo apt-get update
sudo apt-get install virtualbox-5.0 -y
sudo dpkg -i *clamav*.deb
sudo apt-get -f install
echo "add_dbs=\"https://raw.githubusercontent.com/wmetcalf/clam-punch/master/miscreantpunch099.ldb\"" |sudo tee -a /usr/share/clamav-unofficial-sigs/conf.d/00-clamav-unofficial-sigs.conf
sudo -u clamav /usr/sbin/clamav-unofficial-sigs
echo xfce4-session > ~/.xsession
sudo service xrdp restart
sudo virsh net-destroy default
sudo virsh net-undefine default
sudo service libvirtd restart
echo "#!/bin/sh
su cuckoo -c \"/usr/local/bin/ruleupdates.sh\" && /etc/init.d/suricata restart" | sudo tee /etc/cron.daily/ruleupdates
sudo chmod +x /etc/cron.daily/ruleupdates