answer file for security onion sosetup

expect file for sosetup

#!/usr/bin/expect -f
#
# This Expect script was generated by autoexpect on Tue Jun 28 16:44:12 2016
# Expect and autoexpect were both written by Don Libes, NIST.
#
# Note that autoexpect does not guarantee a working script.  It
# necessarily has to guess about certain things.  Two reasons a script
# might fail are:
#
# 1) timing - A surprising number of programs (rn, ksh, zsh, telnet,
# etc.) and devices discard or ignore keystrokes that arrive "too
# quickly" after prompts.  If you find your new script hanging up at
# one spot, try adding a short sleep just before the previous send.
# Setting "force_conservative" to 1 (see below) makes Expect do this
# automatically - pausing briefly before sending each character.  This
# pacifies every program I know of.  The -c flag makes the script do
# this in the first place.  The -C flag allows you to define a
# character to toggle this mode off and on.

set force_conservative 0  ;# set to 1 to force conservative mode even if
			  ;# script wasn't run conservatively originally
if {$force_conservative} {
	set send_slow {1 .1}
	proc send {ignore arg} {
		sleep .1
		exp_send -s -- $arg
	}
}

#
# 2) differing output - Some programs produce different output each time
# they run.  The "date" command is an obvious example.  Another is
# ftp, if it produces throughput statistics at the end of a file
# transfer.  If this causes a problem, delete these patterns or replace
# them with wildcards.  An alternative is to use the -p flag (for
# "prompt") which makes Expect only look for the last line of output
# (i.e., the prompt).  The -P flag allows you to define a character to
# toggle this mode off and on.
#
# Read the man page for more info.
#
# -Don


set timeout -1
spawn $env(SHELL)
match_max 100000
expect -exact "]0;vagrant@vagrant: ~vagrant@vagrant:~\$ "
send -- "sudo sosetup -f /vagrant/sosetup-prod.conf\r"
expect -exact "sudo sosetup -f /vagrant/sosetup-prod.conf\r
\r
Security Onion Setup\r
\r
Ready to configure system using parameters in /vagrant/sosetup-prod.conf.\r
\r
WARNING! Continuing will destroy any existing data/config.\r
Are you sure you want to continue?\r
Type yes to continue or anything else to exit.\r
"
send -- "yes\r"
expect -exact "yes\r
\r
Network configuration complete!\r
\r
You'll need to reboot before continuing to the second phase of Setup.\r
\r
If you need to modify MTU or any other settings for your network,\r
you can manually update /etc/network/interfaces now before rebooting.\r
\r
Would you like to reboot now?\r
Press Enter to reboot now or Ctrl-c to cancel.\r
"
send -- ""
expect -exact "^C]0;vagrant@vagrant: ~vagrant@vagrant:~\$ "
send -- "exit\r"
expect eof

sosetup-prod-default.conf

# ANSWERFILE generated by sosetup -w option
# Generation date: Tue Jun 28 15:25:59 UTC 2016
# Generated on host vagrant
#
# These fields were computed automatically
#IP=10.0.2.15
#CORES=1
#ALL_INTERFACES=eth0
#NUM_INTERFACES=1
#
# This field is specific to reading an answer file
SNIFFING_INTERFACES=eth0
#
# These fields were generated from your answers
SERVER=1
SERVERNAME=localhost
SSH_USERNAME=''
SGUIL_SERVER_NAME=securityonion
SGUIL_CLIENT_USERNAME='vagrant'
SGUIL_CLIENT_PASSWORD_1='vagrant'
XPLICO_ENABLED=no
ELSA=YES
UPDATE_ELSA_SERVER=NO
LOG_SIZE_LIMIT=64000000000
OSSEC_AGENT_ENABLED=yes
OSSEC_AGENT_LEVEL=5
SALT=no
SENSOR=1
BRO_ENABLED=yes
IDS_ENGINE_ENABLED=yes
SNORT_AGENT_ENABLED=yes
BARNYARD2_ENABLED=yes
PCAP_ENABLED=yes
PCAP_AGENT_ENABLED=yes
PRADS_ENABLED=yes
SANCP_AGENT_ENABLED=yes
PADS_AGENT_ENABLED=yes
HTTP_AGENT_ENABLED=yes
ARGUS_ENABLED=yes
IDS_RULESET='ETGPL'
OINKCODE=''
PF_RING_SLOTS=4096
IDS_ENGINE=Snort
IDS_LB_PROCS=1
BRO_LB_PROCS=1
EXTRACT_FILES=yes
PCAP_SIZE=150
PCAP_RING_SIZE=64
PCAP_OPTIONS='--mmap'
WARN_DISK_USAGE=80
CRIT_DISK_USAGE=90
DAYSTOKEEP=30
DAYSTOREPAIR=7