sooshie/deploy.sh

## deploy.sh
#!/bin/bash

set -e
set -x

if [ $# -ne 2 ]
    then
        echo "Wrong number of arguments supplied."
        echo "Usage: $0 <server_url> <deploy_key>."
        exit 1
fi

server_url=$1
deploy_key=$2
GLASTOPF_HOME=/opt/glastopf

# May need this for CentOS 7
# wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
yum update
yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel php-devel libxml2-devel libxslt-devel atlas atlas-devel gcc-gfortran g++ git php php-devel wget screen mysql mysql-server mysql-devel libevent-headers
yum install supervisor python-pip python-devel libffi-devel

# Minor changes, check out the other gist.
#wget $server_url/static/registration.txt -O registration.sh
chmod 0755 registration.sh
# Note: This will export the HPF_* variables
. ./registration.sh $server_url $deploy_key "glastopf"

# Install and configure the PHP sandbox
cd /opt
git clone git://github.com/glastopf/BFR.git
cd BFR
phpize
./configure --enable-bfr
make && make install


# Updated php.ini to add bfr.so
BFR_BUILD_OUTPUT=`find /usr/lib/php5/ -type f -name "bfr.so" | awk -F"/" '{print $5}'`
echo "zend_extension = /usr/lib/php5/$BFR_BUILD_OUTPUT/bfr.so" >> /etc/php.ini

# Stop httpd and disable it from start up, and remove the package
service httpd stop
yum remove httpd

# Upgrade python-greenlet
pip install --upgrade greenlet

# Install glastopf
pip install glastopf
mkdir -p $GLASTOPF_HOME

# Add the modified glastopf.cfg
cat > $GLASTOPF_HOME/glastopf.cfg <<EOF
[webserver]
host = 0.0.0.0
port = 80
uid = nobody
gid = nobody
proxy_enabled = False

#Generic logging for general monitoring
[logging]
consolelog_enabled = False
filelog_enabled = True
logfile = log/glastopf.log

[dork-db]
enabled = True
pattern = rfi
#Extracts dorks from a online dorks service operated by The Honeynet Project
mnem_service = True

[hpfeed]
enabled = True
host = $HPF_HOST
port = $HPF_PORT
secret = $HPF_SECRET
# channels comma separated
chan_events = glastopf.events
chan_files = glastopf.files
ident = $HPF_IDENT

[main-database]
#If disabled a sqlite database will be created (db/glastopf.db)
#to be used as dork storage.
enabled = True
#mongodb or sqlalchemy connection string, ex:
#mongodb://localhost:27017/glastopf
#mongodb://james:bond@localhost:27017/glastopf
#mysql://james:bond@somehost.com/glastopf
connection_string = sqlite:///db/glastopf.db

[surfcertids]
enabled = False
host = localhost
port = 5432
user =
password =
database = idsserver

[syslog]
enabled = False
socket = /dev/log

[mail]
enabled = False
# an email notification will be sent only if a specified matched pattern is identified.
# Use the wildcard char *, to be notified every time
patterns = rfi,lfi
user =
pwd =
mail_from =
mail_to =
smtp_host = smtp.gmail.com
smtp_port = 587

[taxii]
enabled = False
host = taxiitest.mitre.org
port = 80
inbox_path = /services/inbox/default/
use_https = False
use_auth_basic = False
auth_basic_username = your_username
auth_basic_password = your_password
use_auth_certificate = False
auth_certificate_keyfile = full_path_to_keyfile
auth_certificate_certfile = full_path_to_certfile
include_contact_info = False
contact_name = ...
contact_email = ...

[misc]
# set webserver banner
banner = Apache/2.0.48
EOF

# Set up supervisor
cat > /etc/supervisord.d/glastopf.ini <<EOF
[program:glastopf]
command=/usr/bin/python /usr/bin/glastopf-runner
directory=$GLASTOPF_HOME
stdout_logfile=/var/log/glastopf.out
stderr_logfile=/var/log/glastopf.err
autostart=true
autorestart=true
redirect_stderr=true
stopsignal=QUIT
EOF

chown -R nobody:nobody $GLASTOPF_HOME/*
service supervisord start

supervisorctl update

## registration.sh
#!/bin/bash

if [ $# -ne 3 ]
    then
        echo "Wrong number of arguments supplied."
        echo "Usage: sh $0 <server_url> <deploy_key> <honeypot_type>."
        exit 1
fi

server_url=$1
deploy_key=$2
honeypot=$3
hostname=$(hostname)


curl -s -X POST -H "Content-Type: application/json" -d "{
	\"name\": \"${hostname}-${honeypot}\",
	\"hostname\": \"$hostname\",
	\"deploy_key\": \"$deploy_key\",
	\"honeypot\": \"$honeypot\"
}" $server_url/api/sensor/ > /tmp/deploy.json

uuid=$(python -c 'import json;obj=json.load(file("/tmp/deploy.json"));print obj["uuid"]')

if [ -z "$uuid" ]
    then
        echo "Could not create sensor using name \"$hostname\"."
        exit 1
fi

set -e

echo "Created sensor: " $uuid

######################################################
# hpfeeds info
export HPF_HOST=$(echo $server_url | sed 's#^http://##; s#^https://##; s#/.*$##; s/:.*$//')
export HPF_PORT="10000"
export HPF_IDENT=$(python -c 'import json;obj=json.load(file("/tmp/deploy.json"));print obj["identifier"]')
export HPF_SECRET=$(python -c 'import json;obj=json.load(file("/tmp/deploy.json"));print obj["secret"]')
######################################################
	#!/bin/bash

	set -e
	set -x

	if [ $# -ne 2 ]
	then
	echo "Wrong number of arguments supplied."
	echo "Usage: $0 <server_url> <deploy_key>."
	exit 1
	fi

	server_url=$1
	deploy_key=$2
	GLASTOPF_HOME=/opt/glastopf

	# May need this for CentOS 7
	# wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
	yum update
	yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel php-devel libxml2-devel libxslt-devel atlas atlas-devel gcc-gfortran g++ git php php-devel wget screen mysql mysql-server mysql-devel libevent-headers
	yum install supervisor python-pip python-devel libffi-devel

	# Minor changes, check out the other gist.
	#wget $server_url/static/registration.txt -O registration.sh
	chmod 0755 registration.sh
	# Note: This will export the HPF_* variables
	. ./registration.sh $server_url $deploy_key "glastopf"

	# Install and configure the PHP sandbox
	cd /opt
	git clone git://github.com/glastopf/BFR.git
	cd BFR
	phpize
	./configure --enable-bfr
	make && make install


	# Updated php.ini to add bfr.so
	BFR_BUILD_OUTPUT=`find /usr/lib/php5/ -type f -name "bfr.so" \| awk -F"/" '{print $5}'`
	echo "zend_extension = /usr/lib/php5/$BFR_BUILD_OUTPUT/bfr.so" >> /etc/php.ini

	# Stop httpd and disable it from start up, and remove the package
	service httpd stop
	yum remove httpd

	# Upgrade python-greenlet
	pip install --upgrade greenlet

	# Install glastopf
	pip install glastopf
	mkdir -p $GLASTOPF_HOME

	# Add the modified glastopf.cfg
	cat > $GLASTOPF_HOME/glastopf.cfg <<EOF
	[webserver]
	host = 0.0.0.0
	port = 80
	uid = nobody
	gid = nobody
	proxy_enabled = False

	#Generic logging for general monitoring
	[logging]
	consolelog_enabled = False
	filelog_enabled = True
	logfile = log/glastopf.log

	[dork-db]
	enabled = True
	pattern = rfi
	#Extracts dorks from a online dorks service operated by The Honeynet Project
	mnem_service = True

	[hpfeed]
	enabled = True
	host = $HPF_HOST
	port = $HPF_PORT
	secret = $HPF_SECRET
	# channels comma separated
	chan_events = glastopf.events
	chan_files = glastopf.files
	ident = $HPF_IDENT

	[main-database]
	#If disabled a sqlite database will be created (db/glastopf.db)
	#to be used as dork storage.
	enabled = True
	#mongodb or sqlalchemy connection string, ex:
	#mongodb://localhost:27017/glastopf
	#mongodb://james:bond@localhost:27017/glastopf
	#mysql://james:bond@somehost.com/glastopf
	connection_string = sqlite:///db/glastopf.db

	[surfcertids]
	enabled = False
	host = localhost
	port = 5432
	user =
	password =
	database = idsserver

	[syslog]
	enabled = False
	socket = /dev/log

	[mail]
	enabled = False
	# an email notification will be sent only if a specified matched pattern is identified.
	# Use the wildcard char *, to be notified every time
	patterns = rfi,lfi
	user =
	pwd =
	mail_from =
	mail_to =
	smtp_host = smtp.gmail.com
	smtp_port = 587

	[taxii]
	enabled = False
	host = taxiitest.mitre.org
	port = 80
	inbox_path = /services/inbox/default/
	use_https = False
	use_auth_basic = False
	auth_basic_username = your_username
	auth_basic_password = your_password
	use_auth_certificate = False
	auth_certificate_keyfile = full_path_to_keyfile
	auth_certificate_certfile = full_path_to_certfile
	include_contact_info = False
	contact_name = ...
	contact_email = ...

	[misc]
	# set webserver banner
	banner = Apache/2.0.48
	EOF

	# Set up supervisor
	cat > /etc/supervisord.d/glastopf.ini <<EOF
	[program:glastopf]
	command=/usr/bin/python /usr/bin/glastopf-runner
	directory=$GLASTOPF_HOME
	stdout_logfile=/var/log/glastopf.out
	stderr_logfile=/var/log/glastopf.err
	autostart=true
	autorestart=true
	redirect_stderr=true
	stopsignal=QUIT
	EOF

	chown -R nobody:nobody $GLASTOPF_HOME/*
	service supervisord start

	supervisorctl update
	#!/bin/bash

	if [ $# -ne 3 ]
	then
	echo "Wrong number of arguments supplied."
	echo "Usage: sh $0 <server_url> <deploy_key> <honeypot_type>."
	exit 1
	fi

	server_url=$1
	deploy_key=$2
	honeypot=$3
	hostname=$(hostname)


	curl -s -X POST -H "Content-Type: application/json" -d "{
	\"name\": \"${hostname}-${honeypot}\",
	\"hostname\": \"$hostname\",
	\"deploy_key\": \"$deploy_key\",
	\"honeypot\": \"$honeypot\"
	}" $server_url/api/sensor/ > /tmp/deploy.json

	uuid=$(python -c 'import json;obj=json.load(file("/tmp/deploy.json"));print obj["uuid"]')

	if [ -z "$uuid" ]
	then
	echo "Could not create sensor using name \"$hostname\"."
	exit 1
	fi

	set -e

	echo "Created sensor: " $uuid

	######################################################
	# hpfeeds info
	export HPF_HOST=$(echo $server_url \| sed 's#^http://##; s#^https://##; s#/.$##; s/:.$//')
	export HPF_PORT="10000"
	export HPF_IDENT=$(python -c 'import json;obj=json.load(file("/tmp/deploy.json"));print obj["identifier"]')
	export HPF_SECRET=$(python -c 'import json;obj=json.load(file("/tmp/deploy.json"));print obj["secret"]')
	######################################################