-
Notifications
You must be signed in to change notification settings - Fork 99
/
Copy pathprovision-opendistro.sh
executable file
·289 lines (242 loc) · 11.2 KB
/
provision-opendistro.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
#!/bin/bash
char="#"
sys_type="yum"
searchguard_version="1.8"
resources_url=https://raw.githubusercontent.com/wazuh/wazuh-documentation/${BRANCH}
manager_config="/var/ossec/etc/ossec.conf"
logger() {
echo $1
}
startService() {
service_name=$1
if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1; then
systemctl daemon-reload
systemctl enable ${service_name}.service
systemctl start ${service_name}.service
if [ "$?" != 0 ]; then
logger "${1^} could not be started."
exit 1
else
logger "${1^} started"
fi
elif command -v service > /dev/null 2>&1; then
if command -v chkconfig > /dev/null 2>&1; then
chkconfig ${service_name} on
elif command -v update-rc.d > /dev/null 2>&1; then
update-rc.d ${service_name} defaults
fi
service ${service_name} start
if [ "$?" != 0 ]; then
logger "${1^} could not be started."
exit 1
else
logger "${1^} started"
fi
else
logger "Error: ${1^} could not start. No service manager found on the system."
exit 1
fi
}
## Show script usage
getHelp() {
echo ""
echo "Usage: $0 arguments"
echo -e "\t-d | --debug Shows the complete installation output"
echo -e "\t-i | --ignore-health-check Ignores the health-check"
echo -e "\t-h | --help Shows help"
exit $1 # Exit script after printing help
}
## Install the required packages for the installation
installPrerequisites() {
logger "Installing all necessary utilities for the installation..."
$sys_type install curl unzip wget libcap -y -q
echo -e '[AdoptOpenJDK] \nname=AdoptOpenJDK \nbaseurl=http://adoptopenjdk.jfrog.io/adoptopenjdk/rpm/centos/$releasever/$basearch\nenabled=1\ngpgcheck=1\ngpgkey=https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public' | tee /etc/yum.repos.d/adoptopenjdk.repo
$sys_type install adoptopenjdk-11-hotspot -y -q
export JAVA_HOME=/usr/
if [ "$?" != 0 ]; then
logger "Error: Prerequisites could not be installed"
exit 1
else
logger "Done"
fi
}
## Add the Wazuh repository
addWazuhrepo() {
WAZUH_MAJOR="$(echo ${WAZUH_VERSION} | head -c 1)"
logger "Adding the Wazuh repository..."
rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
if [ "${PACKAGES_REPOSITORY}" = "prod" ]; then
logger "Adding production repository..."
echo -e "[wazuh_repo]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/${WAZUH_MAJOR}.x/yum/\nprotect=1" | tee /etc/yum.repos.d/wazuh.repo
elif [ "${PACKAGES_REPOSITORY}" = "dev" ]; then
logger "Adding development repository..."
echo -e '[wazuh_pre_release]\ngpgcheck=1\ngpgkey=https://packages-dev.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages-dev.wazuh.com/pre-release/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
fi
if [ "$?" != 0 ]; then
logger "Error: Wazuh repository could not be added"
exit 1
else
logger "Done"
fi
}
## Wazuh manager
installWazuh() {
logger "Installing the Wazuh manager..."
$sys_type install wazuh-manager-${WAZUH_VERSION} -y -q
if [ "$?" != 0 ]; then
logger "Error: Wazuh installation failed"
exit 1
else
logger "Done"
fi
}
## Elasticsearch
installElasticsearch() {
logger "Installing Open Distro for Elasticsearch..."
$sys_type install opendistroforelasticsearch-${OPENDISTRO_VERSION} -y -q
if [ "$?" != 0 ]; then
logger "Error: Elasticsearch installation failed"
exit 1
else
logger "Done"
logger "Configuring Elasticsearch..."
curl -so /etc/elasticsearch/elasticsearch.yml ${resources_url}/resources/open-distro/elasticsearch/7.x/elasticsearch_all_in_one.yml --max-time 300
curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles.yml ${resources_url}/resources/open-distro/elasticsearch/roles/roles.yml --max-time 300
curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml ${resources_url}/resources/open-distro/elasticsearch/roles/roles_mapping.yml --max-time 300
curl -so /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml ${resources_url}/resources/open-distro/elasticsearch/roles/internal_users.yml --max-time 300
rm /etc/elasticsearch/esnode-key.pem /etc/elasticsearch/esnode.pem /etc/elasticsearch/kirk-key.pem /etc/elasticsearch/kirk.pem /etc/elasticsearch/root-ca.pem -f
mkdir -p /etc/elasticsearch/certs
cd /etc/elasticsearch/certs
curl -so /etc/elasticsearch/certs/search-guard-tlstool-${searchguard_version}.zip https://maven.search-guard.com/search-guard-tlstool/${searchguard_version}/search-guard-tlstool-${searchguard_version}.zip --max-time 300
unzip search-guard-tlstool-${searchguard_version}.zip -d searchguard
curl -so /etc/elasticsearch/certs/searchguard/search-guard.yml ${resources_url}/resources/open-distro/searchguard/search-guard-aio.yml --max-time 300
chmod +x searchguard/tools/sgtlstool.sh
./searchguard/tools/sgtlstool.sh -c ./searchguard/search-guard.yml -ca -crt -t /etc/elasticsearch/certs/
if [ "$?" != 0 ]; then
logger "Error: certificates were not created"
exit 1
else
logger "Certificates created"
fi
rm /etc/elasticsearch/certs/client-certificates.readme /etc/elasticsearch/certs/elasticsearch_elasticsearch_config_snippet.yml search-guard-tlstool-1.7.zip -f
# While Performance Analyzer problems are solved (https://github.com/opendistro-for-elasticsearch/performance-analyzer/issues/229)
/usr/share/elasticsearch/bin/elasticsearch-plugin remove opendistro_performance_analyzer
# Start Elasticsearch
startService "elasticsearch"
logger "Initializing Elasticsearch..."
until $(curl -XGET https://localhost:9200/ -uadmin:admin -k --max-time 120 --silent --output /dev/null); do
logger -ne $char
sleep 10
done
cd /usr/share/elasticsearch/plugins/opendistro_security/tools/
./securityadmin.sh -cd ../securityconfig/ -nhnv -cacert /etc/elasticsearch/certs/root-ca.pem -cert /etc/elasticsearch/certs/admin.pem -key /etc/elasticsearch/certs/admin.key
logger "Done"
fi
}
## Filebeat
installFilebeat() {
logger "Installing Filebeat..."
$sys_type install filebeat-"${ELK_VERSION}" -y -q
if [ "$?" != 0 ]; then
logger "Error: Filebeat installation failed"
exit 1
else
WAZUH_MAJOR="$(echo ${WAZUH_VERSION} | head -c 1)"
curl -so /etc/filebeat/filebeat.yml ${resources_url}/resources/open-distro/filebeat/7.x/filebeat_all_in_one.yml --max-time 300
curl -so /etc/filebeat/wazuh-template.json https://raw.githubusercontent.com/wazuh/wazuh/master/extensions/elasticsearch/7.x/wazuh-template.json --max-time 300
chmod go+r /etc/filebeat/wazuh-template.json
curl -s https://packages.wazuh.com/${WAZUH_MAJOR}.x/filebeat/wazuh-filebeat-0.1.tar.gz --max-time 300 | tar -xvz -C /usr/share/filebeat/module
mkdir -p /etc/filebeat/certs
cp /etc/elasticsearch/certs/{root-ca.pem,filebeat.key,filebeat.pem} /etc/filebeat/certs/
# Start Filebeat
startService "filebeat"
logger "Done"
fi
}
## Kibana
installKibana() {
WAZUH_MAJOR="$(echo ${WAZUH_VERSION} | head -c 1)"
logger "Installing Open Distro for Kibana..."
$sys_type install opendistroforelasticsearch-kibana-${OPENDISTRO_VERSION} -y -q
if [ "$?" != 0 ]; then
logger "Error: Kibana installation failed"
exit 1
else
curl -so /etc/kibana/kibana.yml ${resources_url}/resources/open-distro/kibana/7.x/kibana_all_in_one.yml --max-time 300
echo "telemetry.enabled: false" >> /etc/kibana/kibana.yml
chown -R kibana:kibana /usr/share/kibana/plugins
mkdir /usr/share/kibana/data
chown -R kibana:kibana /usr/share/kibana/data
## Install Wazuh Kibana plugin
if [ "${PACKAGES_REPOSITORY}" = "prod" ]; then
if [ "${WAZUH_MAJOR}" -ge "4" ]; then
sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/${WAZUH_MAJOR}.x/ui/kibana/wazuh_kibana-${WAZUH_VERSION}_${ELK_VERSION}-${UI_REVISION}.zip
else
sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/wazuhapp/wazuhapp-${WAZUH_VERSION}_${ELK_VERSION}.zip
fi
elif [ "${PACKAGES_REPOSITORY}" = "dev" ]; then
sudo -u kibana /usr/share/kibana/bin/kibana-plugin install https://packages-dev.wazuh.com/pre-release/ui/kibana/wazuh_kibana-${WAZUH_VERSION}_${ELK_VERSION}-${UI_REVISION}.zip
fi
if [ "$?" != 0 ]
then
logger "Error: Wazuh Kibana plugin could not be installed."
exit 1
fi
mkdir -p /etc/kibana/certs
cp /etc/elasticsearch/certs/root-ca.pem /etc/kibana/certs/
mv /etc/elasticsearch/certs/kibana_http.key /etc/kibana/certs/kibana.key
mv /etc/elasticsearch/certs/kibana_http.pem /etc/kibana/certs/kibana.pem
setcap 'cap_net_bind_service=+ep' /usr/share/kibana/node/bin/node
# Start Kibana
startService "kibana"
logger "Done"
fi
}
configWazuh() {
sed -i 's/<enabled>.*<\/enabled>/<enabled>no<\/enabled>/' ${manager_config}
sed -i 's/<disabled>.*<\/disabled>/<disabled>yes<\/disabled>/' ${manager_config}
sed -i "s/INSTALLATION_DIRECTORY/\/var\/ossec/g" ${config_files}/ossec.conf
auth_configuration_with_tags=$(sed -n '/<auth>/I,/<\/auth>/I p' ${config_files}/ossec.conf)
auth_configuration=$(echo "${auth_configuration_with_tags}" | tail -n +2 | head -n -1)
ossec_configuration=$(awk -vauthConf="${auth_configuration}" '/<auth>/{p=1;print;print authConf}/<\/auth>/{p=0}!p' ${manager_config})
echo "${ossec_configuration}" > ${manager_config}
}
## Health check
healthCheck() {
cores=$(nproc)
ram_gb=$(free -m | awk '/^Mem:/{print $2}')
if [[ $cores -lt 2 ]] || [[ $ram_gb -lt 4096 ]]; then
logger "The system must have at least 4Gb of RAM and 2 CPUs"
exit 1
else
logger "Starting the installation..."
fi
}
checkInstallation() {
logger "Checking the installation..."
curl -XGET https://localhost:9200 -uadmin:admin -k --max-time 300
if [ "$?" != 0 ]; then
logger "Error: Elasticsearch was not successfully installed."
exit 1
else
logger "Elasticsearch installation succeeded."
fi
filebeat test output
if [ "$?" != 0 ]; then
logger "Error: Filebeat was not successfully installed."
exit 1
else
logger "Filebeat installation succeeded."
fi
logger "Initializing Kibana (this may take a while)"
until [[ "$(curl -XGET https://localhost/status -I -uadmin:admin -k -s | grep "200 OK")" ]]; do
logger -ne $char
sleep 10
done
logger $'\nInstallation finished'
}
cleanInstall(){
rm -rf /etc/yum.repos.d/adoptopenjdk.repo
rm -rf /etc/yum.repos.d/wazuh.repo
yum clean all
}