forked from google/stenographer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
install_el7.sh
executable file
·216 lines (189 loc) · 5.74 KB
/
install_el7.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
#!/usr/bin/env bash
# Copyright 2014 Google Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# stenographer - full packet to disk capture
#
# stenographer is a simple, fast method of writing live packets to disk,
# then requesting those packets after-the-fact for post-hoc analysis.
#===============================================================#
# Installs Stenographer on CentOS 7.1
#===============================================================#
export KILLCMD=/usr/bin/pkill
export BINDIR="${BINDIR-/usr/bin}"
export GOPATH=${HOME}/go
export PATH=${PATH}:/usr/local/go/bin
# Load support functions
_scriptDir="$(dirname `readlink -f $0`)"
source lib.sh
check_sudo () {
Info "Checking for sudo... "
if (! sudo cat /dev/null); then
Error "Failed. Please configure sudo support for this user."
exit 1;
fi
}
stop_processes () {
Info "Killing any already running processes..."
sudo service stenographer stop
ReallyKill stenographer
ReallyKill stenotype
}
install_packages () {
Info "Installing stenographer package requirements... "
sudo yum install -y epel-release; sudo yum makecache
sudo yum install -y libaio-devel leveldb-devel snappy-devel gcc-c++ make libcap-devel libseccomp-devel &>/dev/null
if [ $? -ne 0 ]; then
Error "Error. Please check that yum can install needed packages."
exit 2;
fi
}
install_golang () {
local _url="https://storage.googleapis.com/golang/go1.4.2.linux-amd64.tar.gz"
if (! which go &>/dev/null ); then
Info "Installing golang ..."
TMP="$(mktemp -d)"
pushd $TMP
curl -L -O -J -s $_url
sudo tar -C /usr/local -zxf $(basename $_url)
sudo tee /etc/profile.d/golang.sh >/dev/null << EOF
pathmunge /usr/local/go/bin
export GOPATH=\${HOME}/go
EOF
popd
fi
}
# Install jq, if not present
install_jq () {
local _url="https://github.com/stedolan/jq/releases/download/jq-1.5rc2/jq-linux-x86_64"
if (! which jq &>/dev/null); then
Info "Installing jq ..."
curl -s -L -J $_url | sudo tee /usr/local/bin/jq >/dev/null;
sudo chmod +x /usr/local/bin/jq;
fi
}
add_accounts () {
if ! id stenographer &>/dev/null; then
Info "Setting up stenographer user"
sudo adduser --system --no-create-home stenographer
fi
if ! getent group stenographer &>/dev/null; then
Info "Setting up stenographer group"
sudo addgroup --system stenographer
fi
}
install_configs () {
cd $_scriptDir
Info "Setting up stenographer conf directory"
if [ ! -d /etc/stenographer/certs ]; then
sudo mkdir -p /etc/stenographer/certs
sudo chown -R root:root /etc/stenographer/certs
fi
if [ ! -f /etc/stenographer/config ]; then
sudo cp -vf configs/steno.conf /etc/stenographer/config
sudo chown root:root /etc/stenographer/config
sudo chmod 644 /etc/stenographer/config
fi
sudo chown root:root /etc/stenographer
if grep -q /path/to /etc/stenographer/config; then
Error "Create output directories for packets/index, then update"
Error "/etc/stenographer/config"
exit 1
fi
}
install_certs () {
cd $_scriptDir
sudo ./stenokeys.sh stenographer stenographer
}
install_service () {
cd $_scriptDir
if [ ! -f /etc/security/limits.d/stenographer.conf ]; then
Info "Setting up stenographer limits"
sudo cp -v configs/limits.conf /etc/security/limits.d/stenographer.conf
fi
if [ ! -f /etc/systemd/system/stenographer.service ]; then
Info "Installing stenographer systemd service"
sudo cp -v configs/systemd.conf /etc/systemd/system/stenographer.service
sudo chmod 0644 /etc/systemd/system/stenographer.service
fi
}
build_stenographer () {
if [ ! -x "$BINDIR/stenographer" ]; then
Info "Building/Installing stenographer"
/usr/local/go/bin/go get ./...
/usr/local/go/bin/go build
sudo cp -vf stenographer "$BINDIR/stenographer"
sudo chown stenographer:root "$BINDIR/stenographer"
sudo chmod 700 "$BINDIR/stenographer"
else
Info "stenographer already exists at $BINDIR/stenographer. Skipping"
fi
}
build_stenotype () {
cd ${_scriptDir}
if [ ! -x "$BINDIR/stenotype" ]; then
Info "Building/Installing stenotype"
pushd ${_scriptDir}/stenotype
make
popd
sudo cp -vf stenotype/stenotype "$BINDIR/stenotype"
sudo chown stenographer:root "$BINDIR/stenotype"
sudo chmod 0500 "$BINDIR/stenotype"
SetCapabilities "$BINDIR/stenotype"
else
Info "stenotype already exists at $BINDIR/stenotype. Skipping"
fi
}
install_stenoread () {
Info "Installing stenoread/stenocurl"
sudo cp -vf stenoread "$BINDIR/stenoread"
sudo chown root:root "$BINDIR/stenoread"
sudo chmod 0755 "$BINDIR/stenoread"
sudo cp -vf stenocurl "$BINDIR/stenocurl"
sudo chown root:root "$BINDIR/stenocurl"
sudo chmod 0755 "$BINDIR/stenocurl"
}
start_service () {
Info "Starting stenographer service"
sudo service stenographer start
Info "Checking for running processes..."
sleep 5
if Running stenographer; then
Info " * Stenographer up and running"
else
Error " !!! Stenographer not running !!!"
sudo tail -n 100 /var/log/messages | grep steno
exit 1
fi
if Running stenotype; then
Info " * Stenotype up and running"
else
Error " !!! Stenotype not running !!!"
sudo tail -n 100 /var/log/messages | grep steno
exit 1
fi
}
check_sudo
install_packages
install_golang
add_accounts
build_stenographer
build_stenotype
install_jq
install_configs
install_certs
install_service
install_stenoread
stop_processes
start_service