tweak installer

2025-07-02 01:27:27 -04:00 · 2019-02-13 13:33:53 +01:00
parent 08d6d443af
commit 097e1d4684
2 changed files with 856 additions and 60 deletions
--- a/iso/installer/install.sh
+++ b/iso/installer/install.sh
@ -185,6 +185,10 @@ if [ "$myTPOT_DEPLOYMENT_TYPE" == "user" ];
 fi
 }

+#!/bin/bash
+function fuBANNER {
+toilet -f smmono12 -o -F metal "$1" | pv -qL 4000
+}

 # Prepare running the installer
 echo "$myINFO" | head -n 3
@ -422,30 +426,35 @@ if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ];
    htpasswd -b -c /data/nginx/conf/nginxpasswd "$myCONF_WEB_USER" "$myCONF_WEB_PW" 2>&1 | dialog --keep-window --title "[ Setting up user and password ]" $myPROGRESSBOXCONF;
 fi

+dialog --clear

 ########################
 # Installation section #
 ########################

+fuBANNER "Installing"
+
 # Let's generate a SSL self-signed certificate without interaction (browsers will see it invalid anyway)
 if ! [ "$myCONF_TPOT_FLAVOR" == "SENSOR" ];
 then
-mkdir -p /data/nginx/cert 2>&1 | dialog --keep-window --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF;
-openssl req \
-        -nodes \
-        -x509 \
-        -sha512 \
-        -newkey rsa:8192 \
-        -keyout "/data/nginx/cert/nginx.key" \
-        -out "/data/nginx/cert/nginx.crt" \
-        -days 3650 \
-        -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd' 2>&1 | dialog --keep-window --title "[ Generating a self-signed-certificate for NGINX ]" $myPROGRESSBOXCONF;
+  fuBANNER "NGINX Certificate"
+  mkdir -p /data/nginx/cert
+  openssl req \
+          -nodes \
+          -x509 \
+          -sha512 \
+          -newkey rsa:8192 \
+          -keyout "/data/nginx/cert/nginx.key" \
+          -out "/data/nginx/cert/nginx.crt" \
+          -days 3650 \
+          -subj '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd'
 fi

 # Let's setup the ntp server
 if [ "$myCONF_NTP_USE" == "0" ];
  then
-    cp $myCONF_NTP_CONF_FILE /etc/ntp.conf 2>&1 | dialog --keep-window --title "[ Setting up the ntp server ]" $myPROGRESSBOXCONF
+    fuBANNER "Setup NTP"
+    cp $myCONF_NTP_CONF_FILE /etc/ntp.conf
 fi

 # Let's setup 802.1x networking
@ -493,12 +502,13 @@ network={
 "
 if [ "myCONF_PFX_USE" == "0" ];
  then
-    cp $myCONF_PFX_FILE /etc/wpa_supplicant/ 2>&1 | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
-    echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
+    fuBANNER "Setup 802.1x"
+    cp $myCONF_PFX_FILE /etc/wpa_supplicant/
+    echo "$myNETWORK_INTERFACES" 2>&1 | tee -a /etc/network/interfaces

-    echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
+    echo "$myNETWORK_WIRED8021x" 2>&1 | tee /etc/wpa_supplicant/wired8021x.conf

-    echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf | dialog --keep-window --title "[ Setting 802.1x networking ]" $myPROGRESSBOXCONF
+    echo "$myNETWORK_WLAN8021x" 2>&1 | tee /etc/wpa_supplicant/wireless8021x.conf
 fi

 # Let's provide a wireless example config ...
@ -530,38 +540,42 @@ myNETWORK_WLANEXAMPLE="
 #   wpa-key-mgmt WPA-PSK
 #   wpa-psk \"<your_password_here_without_brackets>\"
 "
-echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces | dialog --keep-window --title "[ Provide WLAN example config ]" $myPROGRESSBOXCONF
-
-# Let's modify the sources list
-sed -i '/cdrom/d' /etc/apt/sources.list
+fuBANNER "Example config"
+echo "$myNETWORK_WLANEXAMPLE" 2>&1 | tee -a /etc/network/interfaces

 # Let's make sure SSH roaming is turned off (CVE-2016-0777, CVE-2016-0778)
-echo "UseRoaming no" 2>&1 | tee -a /etc/ssh/ssh_config | dialog --keep-window --title "[ Turn SSH roaming off ]" $myPROGRESSBOXCONF
+fuBANNER "SSH roaming off"
+echo "UseRoaming no" 2>&1 | tee -a /etc/ssh/ssh_config

 # Installing ctop, elasticdump, tpot, yq
-npm install https://github.com/taskrabbit/elasticsearch-dump -g 2>&1 | dialog --keep-window --title "[ Installing elasticsearch-dump ]" $myPROGRESSBOXCONF
-pip install --upgrade pip 2>&1 | dialog --keep-window --title "[ Installing pip ]" $myPROGRESSBOXCONF
-hash -r 2>&1 | dialog --keep-window --title "[ Installing pip ]" $myPROGRESSBOXCONF
-pip install elasticsearch-curator yq 2>&1 | dialog --keep-window --title "[ Installing elasticsearch-curator, yq ]" $myPROGRESSBOXCONF
-wget https://github.com/bcicen/ctop/releases/download/v0.7.2/ctop-0.7.2-linux-amd64 -O /usr/bin/ctop 2>&1 | dialog --keep-window --title "[ Installing ctop ]" $myPROGRESSBOXCONF
-chmod +x /usr/bin/ctop 2>&1 | dialog --keep-window --title "[ Installing ctop ]" $myPROGRESSBOXCONF
-git clone https://github.com/dtag-dev-sec/tpotce -b debian /opt/tpot 2>&1 | dialog --keep-window --title "[ Cloning T-Pot ]" $myPROGRESSBOXCONF
+fuBANNER "Installing packages"
+npm install https://github.com/taskrabbit/elasticsearch-dump -g
+pip install --upgrade pip
+hash -r
+pip install elasticsearch-curator yq
+
+# Cloning T-Pot from GitHub
+fuBANNER "Cloning T-Pot"
+git clone https://github.com/dtag-dev-sec/tpotce -b debian /opt/tpot

 # Let's create the T-Pot user
-addgroup --gid 2000 tpot 2>&1 | dialog --keep-window --title "[ Adding T-Pot user ]" $myPROGRESSBOXCONF
-adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot 2>&1 | dialog --keep-window --title "[ Adding T-Pot user ]" $myPROGRESSBOXCONF
+fuBANNER "Create user"
+addgroup --gid 2000 tpot
+adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot

 # Let's set the hostname
 a=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/a.txt)
 n=$(fuRANDOMWORD /opt/tpot/host/usr/share/dict/n.txt)
 myHOST=$a$n
-hostnamectl set-hostname $myHOST 2>&1 | dialog --keep-window --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
-sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts 2>&1 | dialog --keep-window --title "[ Setting new hostname ]" $myPROGRESSBOXCONF
+fuBANNER "Set hostname"
+hostnamectl set-hostname $myHOST
+sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts

 # Let's patch cockpit.socket, sshd_config
-sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.socket 2>&1 | dialog --keep-window --title "[ Cockpit listen on tcp/64294 ]" $myPROGRESSBOXCONF
-sed -i '/^port/Id' /etc/ssh/sshd_config 2>&1 | dialog --keep-window --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF
-echo "Port 64295" >> /etc/ssh/sshd_config 2>&1 | dialog --keep-window --title "[ SSH listen on tcp/64295 ]" $myPROGRESSBOXCONF
+fuBANNER "Adjust tcp ports"
+sed -i 's#ListenStream=9090#ListenStream=64294#' /lib/systemd/system/cockpit.socket
+sed -i '/^port/Id' /etc/ssh/sshd_config
+echo "Port 64295" >> /etc/ssh/sshd_config

 # Let's make sure only myCONF_TPOT_FLAVOR images will be downloaded and started
 case $myCONF_TPOT_FLAVOR in
@ -599,14 +613,16 @@ for name in $(cat $myTPOTCOMPOSE | grep -v '#' | grep image | cut -d'"' -f2 | un
 done
 wait
 }
-fuPULLIMAGES 2>&1 | dialog --keep-window --title "[ Pulling docker images, please be patient ]" $myPROGRESSBOXCONF
+fuBANNER "Pull images"
+fuPULLIMAGES

 # Let's add the daily update check with a weekly clean interval
 myUPDATECHECK="APT::Periodic::Update-Package-Lists \"1\";
 APT::Periodic::Download-Upgradeable-Packages \"0\";
 APT::Periodic::AutocleanInterval \"7\";
 "
-echo "$myUPDATECHECK" 2>&1 | tee /etc/apt/apt.conf.d/10periodic | dialog --keep-window --title "[ Modifying update checks ]" $myPROGRESSBOXCONF
+fuBANNER "Modify update checks"
+echo "$myUPDATECHECK" | tee /etc/apt/apt.conf.d/10periodic

 # Let's make sure to reboot the system after a kernel panic
 mySYSCTLCONF="
@ -619,7 +635,8 @@ net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv6.conf.lo.disable_ipv6 = 1
 "
-echo "$mySYSCTLCONF" 2>&1 | tee -a /etc/sysctl.conf | dialog --keep-window --title "[ Tweak Sysctl ]" $myPROGRESSBOXCONF
+fuBANNER "Tweak systctl"
+echo "$mySYSCTLCONF" | tee -a /etc/sysctl.conf

 # Let's setup fail2ban config
 myFAIL2BANCONF="[DEFAULT]
@ -646,14 +663,16 @@ port    = 64295
 filter  = sshd
 logpath = /var/log/auth.log
 "
-echo "$myFAIL2BANCONF" 2>&1 | tee /etc/fail2ban/jail.d/tpot.conf | dialog --keep-window --title "[ Setup fail2ban config ]" $myPROGRESSBOXCONF
+fuBANNER "Setup fail2ban"
+echo "$myFAIL2BANCONF" | tee /etc/fail2ban/jail.d/tpot.conf

 # Fix systemd error https://github.com/systemd/systemd/issues/3374
 mySYSTEMDFIX="[Link]
 NamePolicy=kernel database onboard slot path
 MACAddressPolicy=none
 "
-echo "$mySYSTEMDFIX" 2>&1 | tee /etc/systemd/network/99-default.link | dialog --keep-window --title "[ systemd fix ]" $myPROGRESSBOXCONF
+fuBANNER "Systemd fix"
+echo "$mySYSTEMDFIX" | tee /etc/systemd/network/99-default.link

 # Let's add some cronjobs
 myCRONJOBS="
@ -672,9 +691,11 @@ myCRONJOBS="
 # Check for updated packages every sunday, upgrade and reboot
 27 16 * * 0     root    apt-get autoclean -y && apt-get autoremove -y && apt-get update -y && apt-get upgrade -y && sleep 10 && reboot
 "
-echo "$myCRONJOBS" 2>&1 | tee -a /etc/crontab | dialog --keep-window --title "[ Adding cronjobs ]" $myPROGRESSBOXCONF
+fuBANNNER "Add cronjobs"
+echo "$myCRONJOBS" | tee -a /etc/crontab

 # Let's create some files and folders
+fuBANNER "Create files & folders"
 mkdir -p /data/adbhoney/downloads /data/adbhoney/log \
         /data/ciscoasa/log \
 	 /data/conpot/log \
@ -695,33 +716,39 @@ mkdir -p /data/adbhoney/downloads /data/adbhoney/log \
         /data/spiderfoot \
         /data/suricata/log /home/tsec/.ssh/ \
 	 /data/tanner/log /data/tanner/files \
-         /data/p0f/log 2>&1 | dialog --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
-touch /data/spiderfoot/spiderfoot.db 2>&1 | dialog --keep-window --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
-touch /data/nginx/log/error.log  2>&1 | dialog --keep-window --title "[ Creating some files and folders ]" $myPROGRESSBOXCONF
+         /data/p0f/log
+touch /data/spiderfoot/spiderfoot.db
+touch /data/nginx/log/error.log

 # Let's copy some files
-tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C / 2>&1 | dialog --keep-window --title "[ Extracting elkbase.tgz ]" $myPROGRESSBOXCONF
-cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/ 2>&1 | dialog --keep-window --title "[ Copy configs ]" $myPROGRESSBOXCONF
-systemctl enable tpot 2>&1 | dialog --keep-window --title "[ Enabling service for tpot ]" $myPROGRESSBOXCONF
+fuBANNER "Copy configs"
+tar xvfz /opt/tpot/etc/objects/elkbase.tgz -C /
+cp /opt/tpot/host/etc/systemd/* /etc/systemd/system/
+systemctl enable tpot

 # Let's take care of some files and permissions
-chmod 760 -R /data 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF
-chown tpot:tpot -R /data 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF
-chmod 644 -R /data/nginx/conf 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF
-chmod 644 -R /data/nginx/cert 2>&1 | dialog --keep-window --title "[ Set permissions and ownerships ]" $myPROGRESSBOXCONF
+fuBANNER "Set permissions"
+chmod 760 -R /data
+chown tpot:tpot -R /data
+chmod 644 -R /data/nginx/conf
+chmod 644 -R /data/nginx/cert

 # Let's replace "quiet splash" options, set a console font for more screen canvas and update grub
-sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet"#GRUB_CMDLINE_LINUX_DEFAULT="quiet consoleblank=0"#' /etc/default/grub 2>&1>/dev/null
-sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub 2>&1>/dev/null
-update-grub 2>&1 | dialog --keep-window --title "[ Update grub ]" $myPROGRESSBOXCONF
+fuBANNER "Set options"
+sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet"#GRUB_CMDLINE_LINUX_DEFAULT="quiet consoleblank=0"#' /etc/default/grub
+sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub
+update-grub 2>&1
+
+fuBANNER "Setup console"
 cp /usr/share/consolefonts/Uni2-Terminus12x6.psf.gz /etc/console-setup/
 gunzip /etc/console-setup/Uni2-Terminus12x6.psf.gz
 sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup
 sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup
-update-initramfs -u 2>&1 | dialog --keep-window --title "[ Update initramfs ]" $myPROGRESSBOXCONF
-sed -i 's#After=.*#After=systemd-tmpfiles-setup.service console-screen.service kbd.service local-fs.target#' /etc/systemd/system/multi-user.target.wants/console-setup.service 2>&1 | dialog --keep-window --title "[ Fix race with console setup ]" $myPROGRESSBOXCONF
+update-initramfs -u
+sed -i 's#After=.*#After=systemd-tmpfiles-setup.service console-screen.service kbd.service local-fs.target#' /etc/systemd/system/multi-user.target.wants/console-setup.service

 # Let's enable a color prompt and add /opt/tpot/bin to path
+fuBANNER "Setup prompts"
 myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
 myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
 myROOTCOLORS="export LS_OPTIONS='--color=auto'
@ -729,25 +756,27 @@ eval \"\`dircolors\`\"
 alias ls='ls \$LS_OPTIONS'
 alias ll='ls \$LS_OPTIONS -l'
 alias l='ls \$LS_OPTIONS -lA'"
-tee -a /root/.bashrc 2>&1>/dev/null <<EOF
+tee -a /root/.bashrc <<EOF
 $myROOTPROMPT
 $myROOTCOLORS
 PATH="$PATH:/opt/tpot/bin"
 EOF
 for i in $(ls -d /home/*/)
  do
-tee -a $i.bashrc 2>&1>/dev/null <<EOF
+tee -a $i.bashrc <<EOF
 $myUSERPROMPT
 PATH="$PATH:/opt/tpot/bin"
 EOF
 done

 # Let's create ews.ip before reboot and prevent race condition for first start
-/opt/tpot/bin/updateip.sh 2>&1>/dev/null
+fuBANNER "Update IP"
+/opt/tpot/bin/updateip.sh

 # Let's clean up apt
-apt-get autoclean -y 2>&1 | dialog --keep-window --title "[ Cleaning up ]" $myPROGRESSBOXCONF
-apt-get autoremove -y 2>&1 | dialog --keep-window --title "[ Cleaning up ]" $myPROGRESSBOXCONF
+fuBANNER "Clean up"
+apt-get autoclean -y
+apt-get autoremove -y

 # Final steps
 cp /opt/tpot/host/etc/rc.local /etc/rc.local 2>&1>/dev/null && \
@ -762,5 +791,6 @@ if [ "$myTPOT_DEPLOYMENT_TYPE" == "auto" ];
  else
    dialog --keep-window --no-ok --no-cancel --backtitle "$myBACKTITLE" --title "[ Thanks for your patience. Now rebooting. ]" --pause "" 6 80 2 && \
    systemctl restart console-setup.service
+    dialog --clear
    reboot
 fi