Fixing some issues with the installation scripts

alisle · Nov 29, 2018 · bc4fb8f · bc4fb8f
1 parent 7bf15ff
commit bc4fb8f
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 20 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -41,7 +41,7 @@ arguments along side the user details who the process belongs to.
 
 NoTrack-Track can be configured to report through UDP, TCP or local Syslog currently.
 """
-maintainer-scripts = "install_scripts/deb"
+maintainer-scripts = "resources/deb"
 assets = [
   [ "target/release/notrust-track", "/usr/sbin/notrust-track", "0550" ],
   [ "resources/default_config/config.yaml", "/etc/notrust/config.yaml", "0644"],

diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # NoTrust-Track
-Linux Agent  which tracks and logs all incoming and outgoing TCP and UDP connections along with the name of the process and who owns the process. NoTrust-Track is a userspace tool and doesn't require the installation of any propriety kernel modules. It leverages the iptables ip_conntrack module. 
+Linux Agent  which tracks and logs all incoming and outgoing TCP and UDP connections along with the name of the process and who owns the process. NoTrust-Track is a userspace tool and doesn't require the installation of any propriety kernel modules. It leverages the iptables ip_conntrack module.
 
 Currently it supports output to TCP and UDP Syslog, ElasticSearch and output to the NoTrust Server.
 
@@ -32,10 +32,10 @@ The settings are
 * __filters__ Defines the connections which NoTrust-Track should not report on.
   * __non_process_connections__ - By setting this to false, you will catch all connections, including multicast. This can be noisy and not particularly useful.
   * __dns_requests__ - By setting this to false, you will get all DNS look ups on 53 and 5353, this can be very noisy.
-  
+
   * __notrust_track_connections__ - By setting this to false we will report on connections which the NoTrust-Track daemon makes, if you have an output defined which is network based (i.e. ES, TCP, UDP Syslog) this can create a infinite loop of reporting =)
-  
-  
+
+
 ## Example of Output
 __Open Connection__ - When a connection is opened the following output is given,  the hash is derived by the properties of the connection and can be matched to the corresponding close.
 
@@ -51,7 +51,7 @@ __Open Connection__ - When a connection is opened the following output is given,
   "source_port" : 59325,
   "destination_port" : 80,
   "username" : "root",
-  "uid" : 0, 
+  "uid" : 0,
   "program_details" : {
     "inode" : 631905,
     "pid" : 656,
@@ -64,7 +64,7 @@ __Open Connection__ - When a connection is opened the following output is given,
 }
 ```
 
-__Close Connection__ 
+__Close Connection__
 ```javascript
 {
   "uuid":"b2f0281d-da73-4116-8639-8a1c693511b0",
@@ -80,13 +80,7 @@ __Close Connection__
 ```
 
 ## Notes
-In order for NoTrust-Track to work, it requires the ip_conntrack module to be loaded. If you find that no connections are being reported, please try running 
-
-```bash
-sudo modprobe ip_conntrack
-```
-
-And this should resolve it.  
+In order for NoTrust-Track to work, it requires the ip_conntrack module to be loaded.  This is added by default.
 
 As NoTrust-Track does NOT run as root by default, it requires the following capabilities to run:
 cap_sys_ptrace, cap_net_admin, cap_dac_read_search
@@ -96,3 +90,14 @@ These can be set by using
 ```bash  
 setcap 'cap_sys_ptrace,cap_net_admin,cap_dac_read_search=+ep' /usr/sbin/notrust-track
 ```
+
+Again this is done by default during the install.
+
+## Issues
+Please be aware this is a early version of a new project, please keep this in mind while deploying.
+
+On ubuntu 18.xx conntrack will not work without first using iptables, in order to enable conntrack you will need to add a iptables rule. For instance:
+```bash
+ sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+```
+And this should fix the issue.
diff --git a/resources/deb/postinst b/resources/deb/postinst
@@ -19,19 +19,21 @@ set -e
 
 
 case "$1" in
-
   configure)
-    # set up the capabilities needed to run.
-    setcap 'cap_sys_ptrace,cap_net_admin,cap_dac_read_search=+ep' /usr/sbin/notrust-track
+
 
     adduser --system notrust
     addgroup --system notrust
     sudo usermod -a -G notrust notrust
     chown notrust:notrust /usr/sbin/notrust-track
+    chown notrust:notrust -R /usr/share/notrust
 
     # For this to work we need to have the CAP_NET_ADMIN and CAP_DAC_READ_SEARCH, CAP_SYS_PTRACE
     setcap 'cap_sys_ptrace,cap_net_admin,cap_dac_read_search=+ep' /usr/sbin/notrust-track
 
+    # Add ip_conntrack to the modules list
+    echo "ip_conntrack" >> /etc/modules
+
     # set up the systemd service.
     if [ ! -L /etc/systemd/system/notrust-track.service ]; then
       systemctl link /usr/share/notrust/systemd/notrust-track.service

diff --git a/resources/default_config/config.yaml b/resources/default_config/config.yaml
@@ -8,16 +8,16 @@
 # Data directory
 directory: /usr/share/notrust
 outputs:
-#  syslog:
-#    - Localhost
+  syslog:
+    - Localhost
 #    - TCP:
 #        address: 127.0.0.1
 #        port: 601
 #    - UDP:
 #        address: 127.0.0.1
 #        port: 514
 #  elasticsearch: "http://<ES Server>:9200/<Index>"
-   notrust_endpoint: "http://10.60.4.182:8080"
+#  notrust_endpoint: "http://<NoTrust Server>
 
 filters:
   # If this is set to true it will include all connections, including multicast