| 
									
										
										
										
											2017-10-13 18:58:14 +00:00
										 |  |  | #!/bin/bash
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Let's ensure normal operation on exit or if interrupted ... | 
					
						
							|  |  |  | function fuCLEANUP { | 
					
						
							|  |  |  |   exit 0 | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | trap fuCLEANUP EXIT | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-02 13:11:05 +02:00
										 |  |  | # Source ENVs from file ... | 
					
						
							|  |  |  | if [ -f "/data/tpot/etc/compose/elk_environment" ]; | 
					
						
							|  |  |  |   then | 
					
						
							|  |  |  |     echo "Found .env, now exporting ..." | 
					
						
							|  |  |  |     set -o allexport && source "/data/tpot/etc/compose/elk_environment" && set +o allexport | 
					
						
							|  |  |  | fi | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-14 14:43:47 +00:00
										 |  |  | # Check internet availability  | 
					
						
							|  |  |  | function fuCHECKINET () { | 
					
						
							|  |  |  | mySITES=$1 | 
					
						
							|  |  |  | error=0 | 
					
						
							|  |  |  | for i in $mySITES; | 
					
						
							|  |  |  |   do | 
					
						
							|  |  |  |     curl --connect-timeout 5 -Is $i 2>&1 > /dev/null | 
					
						
							|  |  |  |       if [ $? -ne 0 ]; | 
					
						
							|  |  |  |         then | 
					
						
							|  |  |  |           let error+=1 | 
					
						
							|  |  |  |       fi; | 
					
						
							|  |  |  |   done; | 
					
						
							|  |  |  |   echo $error | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | # Check for connectivity and download latest translation maps | 
					
						
							| 
									
										
										
										
											2020-05-12 09:19:09 +00:00
										 |  |  | myCHECK=$(fuCHECKINET "listbot.sicherheitstacho.eu") | 
					
						
							| 
									
										
										
										
											2019-08-14 14:43:47 +00:00
										 |  |  | if [ "$myCHECK" == "0" ]; | 
					
						
							|  |  |  |   then | 
					
						
							| 
									
										
										
										
											2020-05-12 09:19:09 +00:00
										 |  |  |     echo "Connection to Listbot looks good, now downloading latest translation maps." | 
					
						
							| 
									
										
										
										
											2019-08-14 14:43:47 +00:00
										 |  |  |     cd /etc/listbot  | 
					
						
							| 
									
										
										
										
											2020-05-12 09:19:09 +00:00
										 |  |  |     aria2c -s16 -x 16 https://listbot.sicherheitstacho.eu/cve.yaml.bz2 && \
 | 
					
						
							|  |  |  |     aria2c -s16 -x 16 https://listbot.sicherheitstacho.eu/iprep.yaml.bz2 && \
 | 
					
						
							| 
									
										
										
										
											2019-08-14 14:43:47 +00:00
										 |  |  |     bunzip2 -f *.bz2 | 
					
						
							|  |  |  |     cd / | 
					
						
							|  |  |  |   else | 
					
						
							| 
									
										
										
										
											2020-05-12 09:19:09 +00:00
										 |  |  |     echo "Cannot reach Listbot, starting Logstash without latest translation maps." | 
					
						
							| 
									
										
										
										
											2019-08-14 14:43:47 +00:00
										 |  |  | fi | 
					
						
							| 
									
										
										
										
											2020-02-01 14:08:23 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-03 18:24:17 +00:00
										 |  |  | # Distributed T-Pot installation needs a different pipeline config and autossh tunnel.  | 
					
						
							| 
									
										
										
										
											2022-01-20 18:26:43 +00:00
										 |  |  | if [ "$MY_TPOT_TYPE" == "SENSOR" ]; | 
					
						
							| 
									
										
										
										
											2022-01-03 18:24:17 +00:00
										 |  |  |   then | 
					
						
							|  |  |  |     echo | 
					
						
							|  |  |  |     echo "Distributed T-Pot setup, sending T-Pot logs to $MY_HIVE_IP." | 
					
						
							|  |  |  |     echo | 
					
						
							|  |  |  |     echo "T-Pot type: $MY_TPOT_TYPE" | 
					
						
							| 
									
										
										
										
											2022-01-20 18:26:43 +00:00
										 |  |  |     echo "Keyfile used: $MY_SENSOR_PRIVATEKEYFILE" | 
					
						
							| 
									
										
										
										
											2022-01-03 18:24:17 +00:00
										 |  |  |     echo "Hive username: $MY_HIVE_USERNAME" | 
					
						
							|  |  |  |     echo "Hive IP: $MY_HIVE_IP" | 
					
						
							|  |  |  |     echo | 
					
						
							| 
									
										
										
										
											2022-03-30 15:53:08 +00:00
										 |  |  |     # Ensure correct file permissions for private keyfile or SSH will ask for password | 
					
						
							|  |  |  |     chmod 600 $MY_SENSOR_PRIVATEKEYFILE | 
					
						
							| 
									
										
										
										
											2022-01-23 14:49:07 +00:00
										 |  |  |     cp /usr/share/logstash/config/pipelines_sensor.yml /usr/share/logstash/config/pipelines.yml | 
					
						
							| 
									
										
										
										
											2022-01-20 18:26:43 +00:00
										 |  |  |     autossh -f -M 0 -4 -l $MY_HIVE_USERNAME -i $MY_SENSOR_PRIVATEKEYFILE -p 64295 -N -L64305:127.0.0.1:64305 $MY_HIVE_IP -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null" | 
					
						
							| 
									
										
										
										
											2022-01-03 18:24:17 +00:00
										 |  |  | fi | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-05-03 22:01:36 +00:00
										 |  |  | if [ "$MY_TPOT_TYPE" != "SENSOR" ]; | 
					
						
							| 
									
										
										
										
											2022-01-14 15:52:08 +00:00
										 |  |  |   then | 
					
						
							| 
									
										
										
										
											2023-05-03 22:01:36 +00:00
										 |  |  |     # Index Management is happening through ILM, but we need to put T-Pot ILM setting on ES. | 
					
						
							|  |  |  |     myTPOTILM=$(curl -s -XGET "http://elasticsearch:9200/_ilm/policy/tpot" | grep "Lifecycle policy not found: tpot" -c) | 
					
						
							|  |  |  |     if [ "$myTPOTILM" == "1" ]; | 
					
						
							|  |  |  |       then | 
					
						
							|  |  |  |         echo "T-Pot ILM template not found on ES, putting it on ES now." | 
					
						
							|  |  |  |         curl -XPUT "http://elasticsearch:9200/_ilm/policy/tpot" -H 'Content-Type: application/json' -d' | 
					
						
							|  |  |  |         { | 
					
						
							|  |  |  |           "policy": { | 
					
						
							|  |  |  |             "phases": { | 
					
						
							|  |  |  |               "hot": { | 
					
						
							|  |  |  |                 "min_age": "0ms", | 
					
						
							|  |  |  |                 "actions": {} | 
					
						
							|  |  |  |               }, | 
					
						
							| 
									
										
										
										
											2022-01-14 15:52:08 +00:00
										 |  |  |               "delete": { | 
					
						
							| 
									
										
										
										
											2023-05-03 22:01:36 +00:00
										 |  |  |                 "min_age": "30d", | 
					
						
							|  |  |  |                 "actions": { | 
					
						
							|  |  |  |                   "delete": { | 
					
						
							|  |  |  |                     "delete_searchable_snapshot": true | 
					
						
							|  |  |  |                   } | 
					
						
							|  |  |  |                 } | 
					
						
							| 
									
										
										
										
											2022-01-14 15:52:08 +00:00
										 |  |  |               } | 
					
						
							| 
									
										
										
										
											2023-05-03 22:01:36 +00:00
										 |  |  |             }, | 
					
						
							|  |  |  |             "_meta": { | 
					
						
							|  |  |  |               "managed": true, | 
					
						
							|  |  |  |               "description": "T-Pot ILM policy with a retention of 30 days" | 
					
						
							| 
									
										
										
										
											2022-01-14 15:52:08 +00:00
										 |  |  |             } | 
					
						
							| 
									
										
										
										
											2020-08-25 12:25:59 +00:00
										 |  |  |           } | 
					
						
							| 
									
										
										
										
											2023-05-03 22:01:36 +00:00
										 |  |  |         }' | 
					
						
							|  |  |  |       else | 
					
						
							|  |  |  |         echo "T-Pot ILM already configured or ES not available." | 
					
						
							|  |  |  |     fi | 
					
						
							| 
									
										
										
										
											2022-01-14 15:52:08 +00:00
										 |  |  | fi | 
					
						
							| 
									
										
										
										
											2020-08-24 10:35:46 +00:00
										 |  |  | echo | 
					
						
							| 
									
										
										
										
											2023-05-02 13:11:05 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | exec /usr/share/logstash/bin/logstash --config.reload.automatic |