API tools faq
paste
Advertisement
Guest User

run of: so-setup-network.sh

a guest
Feb 13th, 2019
401
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.58 KB | None | 0 0
raw download clone embed print report
  1. root@so-hh-eval-centos:code/securityonion-saltstack# bash -x so-setup-network.sh
  2. ++ cat /etc/hostname
  3. + HOSTNAME=so-hh-eval-centos.dev.example.org
  4. ++ sed -r 's/.{3}$//'
  5. ++ grep MemTotal /proc/meminfo
  6. ++ awk '{print $2}'
  7. + TOTAL_MEM=3878
  8. ++ ip link
  9. ++ awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \"" "Interface" "\"" " OFF"}'
  10. + NICS=' eth0 "Interface" OFF
  11. eth1 "Interface" OFF
  12. bond0 "Interface" OFF'
  13. ++ cat /proc/cpuinfo
  14. ++ grep processor
  15. ++ wc -l
  16. + CPUCORES=2
  17. ++ cat /proc/cpuinfo
  18. ++ grep processor
  19. ++ awk '{print $3 " \"" "core" "\""}'
  20. + LISTCORES='0 "core"
  21. 1 "core"'
  22. ++ cat /dev/urandom
  23. ++ tr -dc a-zA-Z0-9
  24. ++ fold -w 16
  25. ++ head -n 1
  26. + RANDOMUID=XYiDvQmcZHEMUi5z
  27. + NODE_ES_PORT=9200
  28. + got_root
  29. ++ id -u
  30. + '[' 0 -ne 0 ']'
  31. + detect_os
  32. + echo 'Detecting Base OS'
  33. Detecting Base OS
  34. + '[' -f /etc/redhat-release ']'
  35. + OS=centos
  36. + yum -y install bind-utils
  37. Loaded plugins: fastestmirror
  38. Loading mirror speeds from cached hostfile
  39. * base: mirrors.advancedhosters.com
  40. * epel: d2lzkl7pfhq30w.cloudfront.net
  41. * extras: mirrors.advancedhosters.com
  42. * updates: repos-va.psychz.net
  43. Package 32:bind-utils-9.9.4-73.el7_6.x86_64 already installed and latest version
  44. Nothing to do
  45. + '[' centos == ubuntu ']'
  46. + whiptail_you_sure
  47. + whiptail --title 'Security Onion Setup' --yesno 'Are you sure you want to install Security Onion over the internet?' 8 78
  48. + install_prep
  49. + mkdir /root/installtmp
  50. + TMP=/root/installtmp
  51. + whiptail_network_notice
  52. + whiptail --title 'Security Onion Setup' --yesno 'Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Hit YES to continue.' 8 78
  53. + local exitstatus=0
  54. + whiptail_check_exitstatus 0
  55. + '[' 0 == 1 ']'
  56. + whiptail_install_type
  57. ++ whiptail --title 'Security Onion Setup' --radiolist 'Choose Install Type:' 20 78 14 SENSORONLY 'Create a forward only sensor' ON STORAGENODE 'Add a Storage Hot Node with parsing' OFF MASTERONLY 'Start a new grid' OFF PARSINGNODE 'TODO Add a dedicated Parsing Node' OFF HOTNODE 'TODO Add a Hot Node (Storage Node without Parsing)' OFF WARMNODE 'TODO Add a Warm Node to an existing Hot or Storage node' OFF EVALMODE 'Evaluate all the things' OFF WAZUH 'TODO Stand Alone Wazuh Node' OFF STRELKA 'TODO Stand Alone Strelka Node' OFF FLEET 'TODO Stand Alone Fleet OSQuery Node' OFF
  58. + INSTALLTYPE=EVALMODE
  59. + local exitstatus=0
  60. + whiptail_check_exitstatus 0
  61. + '[' 0 == 1 ']'
  62. + '[' EVALMODE == MASTERONLY ']'
  63. + '[' EVALMODE == SENSORONLY ']'
  64. + '[' EVALMODE == EVALMODE ']'
  65. + whiptail_management_nic
  66. ++ whiptail --title 'NIC Setup' --radiolist 'Please select your management NIC' 20 78 12 eth0 '"Interface"' OFF eth1 '"Interface"' OFF bond0 '"Interface"' OFF
  67. + MNIC=eth0
  68. + local exitstatus=0
  69. + whiptail_check_exitstatus 0
  70. + '[' 0 == 1 ']'
  71. + filter_nics
  72. ++ ip link
  73. ++ grep -vw eth0
  74. ++ awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \"" "Interface" "\"" " OFF"}'
  75. + FNICS=' eth1 "Interface" OFF
  76. bond0 "Interface" OFF'
  77. + whiptail_bond_nics
  78. ++ whiptail --title 'NIC Setup' --checklist 'Please add NICs to the Monitor Interface' 20 78 12 eth1 '"Interface"' OFF bond0 '"Interface"' OFF
  79. + BNICS='"eth1"'
  80. + local exitstatus=0
  81. + whiptail_check_exitstatus 0
  82. + '[' 0 == 1 ']'
  83. + whiptail_homenet_master
  84. ++ whiptail --title 'Security Onion Setup' --inputbox 'Enter your HOME_NET separated by ,' 10 60 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
  85. + HNMASTER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
  86. + local exitstatus=0
  87. + whiptail_check_exitstatus 0
  88. + '[' 0 == 1 ']'
  89. + es_heapsize
  90. + '[' 3878 -lt 8000 ']'
  91. + ES_HEAP_SIZE=600m
  92. + ls_heapsize
  93. + '[' 3878 -ge 16000 ']'
  94. + LS_HEAP_SIZE=2g
  95. + NODE_ES_HEAP_SIZE=600m
  96. + NODE_LS_HEAP_SIZE=2g
  97. + LSPIPELINEWORKERS=1
  98. + LSPIPELINEBATCH=125
  99. + LSINPUTTHREADS=1
  100. + LSINPUTBATCHCOUNT=125
  101. + RULESETUP=ETOPEN
  102. + NSMSETUP=BASIC
  103. + NIDS=Suricata
  104. + BROVERSION=ZEEK
  105. + CURCLOSEDAYS=30
  106. + whiptail_make_changes
  107. + whiptail --title 'Security Onion Setup' --yesno 'We are going to set this machine up as a EVALMODE. Please hit YES to make changes or NO to cancel.' 8 78
  108. + local exitstatus=0
  109. + whiptail_check_exitstatus 0
  110. + '[' 0 == 1 ']'
  111. + generate_passwords
  112. ++ fold -w 20
  113. ++ cat /dev/urandom
  114. ++ tr -dc a-zA-Z0-9
  115. ++ head -n 1
  116. + MYSQLPASS=kQ5nkiDyv6zYannqV9kk
  117. ++ tr -dc a-zA-Z0-9
  118. ++ cat /dev/urandom
  119. ++ fold -w 20
  120. ++ head -n 1
  121. + FLEETPASS=B4lWpzpz8emzDoal1pKI
  122. + auth_pillar
  123. + '[' '!' -f /opt/so/saltstack/pillar/auth.sls ']'
  124. + clear_master
  125. + '[' -f /etc/salt/pki/minion/minion_master.pub ']'
  126. + rm /etc/salt/pki/minion/minion_master.pub
  127. + service salt-minion restart
  128. Redirecting to /bin/systemctl restart salt-minion.service
  129. + mkdir -p /nsm
  130. + get_filesystem_root
  131. ++ df /
  132. ++ awk '$3 ~ /[0-9]+/ { print $2 * 1000 }'
  133. + FSROOT=8377344000
  134. + get_filesystem_nsm
  135. ++ awk '$3 ~ /[0-9]+/ { print $2 * 1000 }'
  136. ++ df /nsm
  137. + FSNSM=8377344000
  138. + get_log_size_limit
  139. + DISK_DIR=/
  140. + '[' -d /nsm ']'
  141. + DISK_DIR=/nsm
  142. ++ df /nsm
  143. ++ grep -v '^Filesystem'
  144. ++ awk '{print $2}'
  145. + DISK_SIZE_K=8377344
  146. + PERCENTAGE=85
  147. + DISK_SIZE='DISK_SIZE_K*1000'
  148. ++ echo 7120742400
  149. + PERCENTAGE_DISK_SPACE=7120742400
  150. + LOG_SIZE_LIMIT=7
  151. + get_main_ip
  152. ++ ip route get 1
  153. ++ awk '{print $NF;exit}'
  154. + MAINIP=10.0.194.112
  155. ++ ip route get 1
  156. ++ awk '{print $5;exit}'
  157. + MAININT=eth0
  158. + echo ''
  159.  
  160. + echo '**** Please set a password for socore. You will use this password when setting up other Nodes/Sensors'
  161. **** Please set a password for socore. You will use this password when setting up other Nodes/Sensors
  162. + echo ''
  163.  
  164. + add_socore_user_master
  165. + '[' centos == centos ']'
  166. + local ADDUSER=adduser
  167. + groupadd --gid 939 socore
  168. groupadd: group 'socore' already exists
  169. + adduser --uid 939 --gid 939 --home-dir /opt/so socore
  170. adduser: user 'socore' already exists
  171. + passwd socore
  172. Changing password for user socore.
  173. New password:
  174. BAD PASSWORD: The password contains more than 2 characters of the same class consecutively
  175. Retype new password:
  176. passwd: all authentication tokens updated successfully.
  177. + create_bond
  178. + echo 'Setting up Bond'
  179. Setting up Bond
  180. + '[' BASIC '!=' ADVANCED ']'
  181. + MTU=1500
  182. + '[' centos == centos ']'
  183. + modprobe --first-time bonding
  184. modprobe: ERROR: could not insert 'bonding': Module already in kernel
  185. + touch /etc/sysconfig/network-scripts/ifcfg-bond0
  186. + echo DEVICE=bond0
  187. + echo NAME=bond0
  188. + echo Type=Bond
  189. + echo BONDING_MASTER=yes
  190. + echo BOOTPROTO=none
  191. + echo 'BONDING_OPTS="mode=0"'
  192. + echo ONBOOT=yes
  193. + echo MTU=1500
  194. + for BNIC in '${BNICS[@]}'
  195. + BONDNIC='"eth1'
  196. + BONDNIC=eth1
  197. + sed -i s/ONBOOT=no/ONBOOT=yes/g /etc/sysconfig/network-scripts/ifcfg-eth1
  198. + echo MASTER=bond0
  199. + echo SLAVE=yes
  200. + echo MTU=1500
  201. + nmcli con reload
  202. + systemctl restart network
  203. Job for network.service failed because the control process exited with error code. See "systemctl status network.service" and "journalctl -xe" for details.
  204. + saltify
  205. + '[' centos == centos ']'
  206. + ADDUSER=adduser
  207. + '[' EVALMODE == MASTERONLY ']'
  208. + '[' EVALMODE == EVALMODE ']'
  209. + yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
  210. Loaded plugins: fastestmirror
  211. salt-repo-latest-2.el7.noarch.rpm | 5.6 kB 00:00:00
  212. Examining /var/tmp/yum-root-FJJ7HL/salt-repo-latest-2.el7.noarch.rpm: salt-repo-latest-2.el7.noarch
  213. Marking /var/tmp/yum-root-FJJ7HL/salt-repo-latest-2.el7.noarch.rpm to be installed
  214. Resolving Dependencies
  215. --> Running transaction check
  216. ---> Package salt-repo.noarch 0:latest-2.el7 will be installed
  217. --> Finished Dependency Resolution
  218. --> Finding unneeded leftover dependencies
  219. Found and removing 0 unneeded dependencies
  220.  
  221. Dependencies Resolved
  222.  
  223. =====================================================================================================================================================================================
  224. Package Arch Version Repository Size
  225. =====================================================================================================================================================================================
  226. Installing:
  227. salt-repo noarch latest-2.el7 /salt-repo-latest-2.el7.noarch 3.6 k
  228.  
  229. Transaction Summary
  230. =====================================================================================================================================================================================
  231. Install 1 Package
  232.  
  233. Total size: 3.6 k
  234. Installed size: 3.6 k
  235. Downloading packages:
  236.  
  237.  
  238. Package salt-repo-latest-2.el7.noarch.rpm is not signed
  239. + cat
  240. + yum clean expire-cache
  241. Loaded plugins: fastestmirror
  242. Cleaning repos: base docker-ce-stable epel extras updates wazuh_repo
  243. 9 metadata files removed
  244. + yum -y install salt-minion yum-utils device-mapper-persistent-data lvm2 openssl
  245. Loaded plugins: fastestmirror
  246. Loading mirror speeds from cached hostfile
  247. epel/x86_64/metalink | 17 kB 00:00:00
  248. * base: mirrors.advancedhosters.com
  249. * epel: d2lzkl7pfhq30w.cloudfront.net
  250. * extras: mirror.cs.pitt.edu
  251. * updates: repos-va.psychz.net
  252. base/7/x86_64/signature | 811 B 00:00:00
  253. base/7/x86_64/signature | 3.6 kB 00:00:00 !!!
  254. docker-ce-stable/x86_64/signature | 819 B 00:00:00
  255. docker-ce-stable/x86_64/signature | 3.5 kB 00:00:00 !!!
  256. epel | 4.7 kB 00:00:00
  257. extras/7/x86_64/signature | 811 B 00:00:00
  258. extras/7/x86_64/signature | 3.4 kB 00:00:00 !!!
  259. updates/7/x86_64/signature | 811 B 00:00:00
  260. updates/7/x86_64/signature | 3.4 kB 00:00:00 !!!
  261. wazuh_repo/signature | 836 B 00:00:00
  262. wazuh_repo/signature | 3.4 kB 00:00:00 !!!
  263. extras/7/x86_64/primary_db | 179 kB 00:00:00
  264. Package salt-minion-2015.5.10-2.el7.noarch already installed and latest version
  265. Package yum-utils-1.1.31-50.el7.noarch already installed and latest version
  266. Package device-mapper-persistent-data-0.7.3-3.el7.x86_64 already installed and latest version
  267. Package 7:lvm2-2.02.180-10.el7_6.3.x86_64 already installed and latest version
  268. Package 1:openssl-1.0.2k-16.el7.x86_64 already installed and latest version
  269. Nothing to do
  270. + yum -y update
  271. Loaded plugins: fastestmirror
  272. Loading mirror speeds from cached hostfile
  273. * base: mirrors.advancedhosters.com
  274. * epel: d2lzkl7pfhq30w.cloudfront.net
  275. * extras: mirror.cc.columbia.edu
  276. * updates: repos-va.psychz.net
  277. Resolving Dependencies
  278. --> Running transaction check
  279. ---> Package python-docker-py.noarch 1:1.10.6-7.el7 will be updated
  280. ---> Package python-docker-py.noarch 1:1.10.6-8.el7_6 will be an update
  281. ---> Package python-docker-pycreds.noarch 1:0.3.0-7.el7 will be updated
  282. ---> Package python-docker-pycreds.noarch 1:0.3.0-8.el7_6 will be an update
  283. --> Finished Dependency Resolution
  284. --> Finding unneeded leftover dependencies
  285. Found and removing 0 unneeded dependencies
  286.  
  287. Dependencies Resolved
  288.  
  289. =====================================================================================================================================================================================
  290. Package Arch Version Repository Size
  291. =====================================================================================================================================================================================
  292. Updating:
  293. python-docker-py noarch 1:1.10.6-8.el7_6 extras 102 k
  294. python-docker-pycreds noarch 1:0.3.0-8.el7_6 extras 20 k
  295.  
  296. Transaction Summary
  297. =====================================================================================================================================================================================
  298. Upgrade 2 Packages
  299.  
  300. Total download size: 122 k
  301. Downloading packages:
  302. (1/2): python-docker-py-1.10.6-8.el7_6.noarch.rpm | 102 kB 00:00:00
  303. (2/2): python-docker-pycreds-0.3.0-8.el7_6.noarch.rpm | 20 kB 00:00:00
  304. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  305. Total 614 kB/s | 122 kB 00:00:00
  306. Running transaction check
  307. Running transaction test
  308. Transaction test succeeded
  309. Running transaction
  310. Updating : 1:python-docker-pycreds-0.3.0-8.el7_6.noarch 1/4
  311. Updating : 1:python-docker-py-1.10.6-8.el7_6.noarch 2/4
  312. Cleanup : 1:python-docker-py-1.10.6-7.el7.noarch 3/4
  313. Cleanup : 1:python-docker-pycreds-0.3.0-7.el7.noarch 4/4
  314. Verifying : 1:python-docker-pycreds-0.3.0-8.el7_6.noarch 1/4
  315. Verifying : 1:python-docker-py-1.10.6-8.el7_6.noarch 2/4
  316. Verifying : 1:python-docker-pycreds-0.3.0-7.el7.noarch 3/4
  317. Verifying : 1:python-docker-py-1.10.6-7.el7.noarch 4/4
  318.  
  319. Updated:
  320. python-docker-py.noarch 1:1.10.6-8.el7_6 python-docker-pycreds.noarch 1:0.3.0-8.el7_6
  321.  
  322. Complete!
  323. + systemctl enable salt-minion
  324. + '[' EVALMODE == MASTERONLY ']'
  325. + '[' EVALMODE == EVALMODE ']'
  326. + yum -y install salt-master python-m2crypto salt-minion m2crypto
  327. Loaded plugins: fastestmirror
  328. Loading mirror speeds from cached hostfile
  329. * base: mirrors.advancedhosters.com
  330. * epel: d2lzkl7pfhq30w.cloudfront.net
  331. * extras: mirror.cc.columbia.edu
  332. * updates: repos-va.psychz.net
  333. Package salt-master-2015.5.10-2.el7.noarch already installed and latest version
  334. No package python-m2crypto available.
  335. Package salt-minion-2015.5.10-2.el7.noarch already installed and latest version
  336. Package m2crypto-0.21.1-17.el7.x86_64 already installed and latest version
  337. Nothing to do
  338. + systemctl enable salt-master
  339. + docker_install
  340. + '[' centos == centos ']'
  341. + yum clean expire-cache
  342. Loaded plugins: fastestmirror
  343. Cleaning repos: base docker-ce-stable epel extras updates wazuh_repo
  344. 9 metadata files removed
  345. + yum -y install yum-utils device-mapper-persistent-data lvm2 openssl
  346. Loaded plugins: fastestmirror
  347. Loading mirror speeds from cached hostfile
  348. Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=genclo error was
  349. 14: curl#7 - "Failed to connect to 2607:f8f8:700:12::10: Network is unreachable"
  350.  
  351.  
  352. One of the configured repositories failed (Unknown),
  353. and yum doesn't have enough cached data to continue. At this point the only
  354. safe thing yum can do is fail. There are a few ways to work "fix" this:
  355.  
  356. 1. Contact the upstream for the repository and get them to fix the problem.
  357.  
  358. 2. Reconfigure the baseurl/etc. for the repository, to point to a working
  359. upstream. This is most often useful if you are using a newer
  360. distribution release than is supported by the repository (and the
  361. packages for the previous distribution release still work).
  362.  
  363. 3. Run the command with the repository temporarily disabled
  364. yum --disablerepo=<repoid> ...
  365.  
  366. 4. Disable the repository permanently, so yum won't use it by default. Yum
  367. will then just ignore the repository until you permanently enable it
  368. again or use --enablerepo for temporary usage:
  369.  
  370. yum-config-manager --disable <repoid>
  371. or
  372. subscription-manager repos --disable=<repoid>
  373.  
  374. 5. Configure the failing repository to be skipped, if it is unavailable.
  375. Note that yum will try to contact the repo. when it runs most commands,
  376. so will have to try and fail each time (and thus. yum will be be much
  377. slower). If it is a very temporary problem though, this is often a nice
  378. compromise:
  379.  
  380. yum-config-manager --save --setopt=<repoid>.skip_if_unavailable=true
  381.  
  382. Cannot find a valid baseurl for repo: base/7/x86_64
  383. + yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
  384. Loaded plugins: fastestmirror
  385. adding repo from: https://download.docker.com/linux/centos/docker-ce.repo
  386. grabbing file https://download.docker.com/linux/centos/docker-ce.repo to /etc/yum.repos.d/docker-ce.repo
  387. repo saved to /etc/yum.repos.d/docker-ce.repo
  388. + yum -y update
  389. Loaded plugins: fastestmirror
  390. Loading mirror speeds from cached hostfile
  391. epel/x86_64/metalink | 17 kB 00:00:00
  392. * base: mirrors.advancedhosters.com
  393. * epel: d2lzkl7pfhq30w.cloudfront.net
  394. * extras: mirror.cc.columbia.edu
  395. * updates: repos-va.psychz.net
  396. base/7/x86_64/signature | 811 B 00:00:00
  397. base/7/x86_64/signature | 3.6 kB 00:00:00 !!!
  398. docker-ce-stable/x86_64/signature | 819 B 00:00:00
  399. docker-ce-stable/x86_64/signature | 3.5 kB 00:00:00 !!!
  400. epel | 4.7 kB 00:00:00
  401. extras/7/x86_64/signature | 811 B 00:00:00
  402. extras/7/x86_64/signature | 3.4 kB 00:00:00 !!!
  403. updates/7/x86_64/signature | 811 B 00:00:00
  404. updates/7/x86_64/signature | 3.4 kB 00:00:00 !!!
  405. wazuh_repo/signature | 836 B 00:00:00
  406. wazuh_repo/signature | 3.4 kB 00:00:00 !!!
  407. No packages marked for update
  408. + yum -y install docker-ce docker-python python-docker
  409. Loaded plugins: fastestmirror
  410. Loading mirror speeds from cached hostfile
  411. * base: mirrors.advancedhosters.com
  412. * epel: d2lzkl7pfhq30w.cloudfront.net
  413. * extras: mirror.cs.pitt.edu
  414. * updates: repos-va.psychz.net
  415. Package 3:docker-ce-18.09.2-3.el7.x86_64 already installed and latest version
  416. Package 1:python-docker-py-1.10.6-8.el7_6.noarch already installed and latest version
  417. Package 1:python-docker-py-1.10.6-8.el7_6.noarch already installed and latest version
  418. Nothing to do
  419. + docker_registry
  420. + echo 'Setting up Docker Registry'
  421. Setting up Docker Registry
  422. + mkdir -p /etc/docker
  423. + echo '{'
  424. + echo ' "registry-mirrors": ["https://:5000"]'
  425. + echo '}'
  426. + echo 'Docker Registry Setup - Complete'
  427. Docker Registry Setup - Complete
  428. + echo 'Restarting Docker'
  429. Restarting Docker
  430. + systemctl restart docker
  431. + systemctl enable docker
  432. + install_master
  433. + '[' centos == centos ']'
  434. + yum -y install salt-master wget
  435. Loaded plugins: fastestmirror
  436. Loading mirror speeds from cached hostfile
  437. * base: mirrors.advancedhosters.com
  438. * epel: d2lzkl7pfhq30w.cloudfront.net
  439. * extras: mirror.cc.columbia.edu
  440. * updates: repos-va.psychz.net
  441. Package salt-master-2015.5.10-2.el7.noarch already installed and latest version
  442. Package wget-1.14-18.el7.x86_64 already installed and latest version
  443. Nothing to do
  444. + mkdir -p /opt/so/gpg
  445. + wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
  446. --2019-02-13 17:05:53-- https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
  447. Resolving repo.saltstack.com (repo.saltstack.com)... 138.197.226.47
  448. Connecting to repo.saltstack.com (repo.saltstack.com)|138.197.226.47|:443... connected.
  449. HTTP request sent, awaiting response... 200 OK
  450. Length: 1727 (1.7K)
  451. Saving to: '/opt/so/gpg/SALTSTACK-GPG-KEY.pub'
  452.  
  453. 100%[===========================================================================================================================================>] 1,727 --.-K/s in 0s
  454.  
  455. 2019-02-13 17:05:53 (26.3 MB/s) - '/opt/so/gpg/SALTSTACK-GPG-KEY.pub' saved [1727/1727]
  456.  
  457. + wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg
  458. --2019-02-13 17:05:53-- https://download.docker.com/linux/ubuntu/gpg
  459. Resolving download.docker.com (download.docker.com)... 13.249.44.98, 13.249.44.126, 13.249.44.128, ...
  460. Connecting to download.docker.com (download.docker.com)|13.249.44.98|:443... connected.
  461. HTTP request sent, awaiting response... 200 OK
  462. Length: 3817 (3.7K) [binary/octet-stream]
  463. Saving to: '/opt/so/gpg/docker.pub'
  464.  
  465. 100%[===========================================================================================================================================>] 3,817 --.-K/s in 0s
  466.  
  467. 2019-02-13 17:05:53 (235 MB/s) - '/opt/so/gpg/docker.pub' saved [3817/3817]
  468.  
  469. + wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH
  470. --2019-02-13 17:05:53-- https://packages.wazuh.com/key/GPG-KEY-WAZUH
  471. Resolving packages.wazuh.com (packages.wazuh.com)... 13.249.44.52, 13.249.44.11, 13.249.44.45, ...
  472. Connecting to packages.wazuh.com (packages.wazuh.com)|13.249.44.52|:443... connected.
  473. HTTP request sent, awaiting response... 200 OK
  474. Length: 3124 (3.1K) [application/octet-stream]
  475. Saving to: '/opt/so/gpg/GPG-KEY-WAZUH'
  476.  
  477. 100%[===========================================================================================================================================>] 3,124 --.-K/s in 0s
  478.  
  479. 2019-02-13 17:05:53 (559 MB/s) - '/opt/so/gpg/GPG-KEY-WAZUH' saved [3124/3124]
  480.  
  481. + copy_master_config
  482. + cp files/master /etc/salt/master
  483. + service salt-master restart
  484. Redirecting to /bin/systemctl restart salt-master.service
  485. + salt_master_directories
  486. + mkdir -p /opt/so/saltstack/salt
  487. + mkdir -p /opt/so/saltstack/pillar
  488. + cp -R pillar/brologs.sls pillar/data pillar/firewall pillar/masters pillar/nodes pillar/sensors pillar/top.sls /opt/so/saltstack/pillar/
  489. + chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh
  490. + chmod +x /opt/so/saltstack/pillar/data/addtotab.sh
  491. + cp -R salt/bro salt/ca salt/common salt/curator salt/elastalert salt/elasticsearch salt/filebeat salt/firewall salt/fleet salt/idstools salt/kibana salt/logstash salt/master salt/minio salt/mysql salt/pcap salt/redis salt/schedule.sls salt/ssl salt/suricata salt/syslog-ng salt/top.sls salt/utility salt/wazuh /opt/so/saltstack/salt/
  492. + update_sudoers
  493. + grep -qE '^socore\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers
  494. + echo 'User socore already granted sudo privileges'
  495. User socore already granted sudo privileges
  496. + chown_salt_master
  497. + chown -R socore:socore /opt/so
  498. + master_static
  499. + touch /opt/so/saltstack/pillar/static.sls
  500. + echo static:
  501. + echo ' hnmaster: 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12'
  502. + echo ' ntpserver: '
  503. + echo ' proxy: '
  504. + echo ' broversion: ZEEK'
  505. + echo ' ids: Suricata'
  506. + echo ' masterip: 10.0.194.112'
  507. + [[ '' == \M\A\S\T\E\R ]]
  508. + echo ' masterupdate: 0'
  509. + echo '** Generating the master pillar **'
  510. ** Generating the master pillar **
  511. + master_pillar
  512. + touch /opt/so/saltstack/pillar/masters/so-hh-eval-centos.dev.example.org.sls
  513. + echo master:
  514. + echo ' mainip: 10.0.194.112'
  515. + echo ' mainint: eth0'
  516. + echo ' esheap: 600m'
  517. + echo ' esclustername: {{ grains.host }}'
  518. + '[' EVALMODE == EVALMODE ']'
  519. + echo ' freq: 1'
  520. + echo ' domainstats: 1'
  521. + echo ' ls_pipeline_batch_size: 125'
  522. + echo ' ls_input_threads: 1'
  523. + echo ' ls_batch_count: 125'
  524. + echo ' mtu: 1500'
  525. + echo ' lsheap: 2g'
  526. + echo ' lsaccessip: 127.0.0.1'
  527. + echo ' elastalert: 1'
  528. + echo ' ls_pipeline_workers: 2'
  529. + echo ' nids_rules: ETOPEN'
  530. + echo ' oinkcode: '
  531. + echo ' es_port: 9200'
  532. + echo ' log_size_limit: 7'
  533. + echo ' cur_close_days: 30'
  534. + configure_minion eval
  535. + local TYPE=eval
  536. + echo 'Configuring minion type as eval'
  537. Configuring minion type as eval
  538. + touch /etc/salt/grains
  539. + echo 'role: so-eval'
  540. + '[' eval == master ']'
  541. + '[' eval == eval ']'
  542. + echo 'master: so-hh-eval-centos.dev.example.org'
  543. + echo 'id: so-hh-eval-centos.dev.example.org'
  544. + echo 'mysql.host: '\''10.0.194.112'\'''
  545. + echo 'mysql.port: 3306'
  546. + echo 'mysql.user: '\''root'\'''
  547. + '[' '!' -f /opt/so/saltstack/pillar/auth.sls ']'
  548. ++ grep mysql
  549. ++ awk '{print $2}'
  550. ++ cat /opt/so/saltstack/pillar/auth.sls
  551. + OLDPASS=dUCu9k3Rs7pdKlUpdczp
  552. + echo 'mysql.pass: '\''dUCu9k3Rs7pdKlUpdczp'\'''
  553. + service salt-minion restart
  554. Redirecting to /bin/systemctl restart salt-minion.service
  555. + set_node_type
  556. + '[' EVALMODE == STORAGENODE ']'
  557. + '[' EVALMODE == EVALMODE ']'
  558. + NODETYPE=storage
  559. + '[' EVALMODE == PARSINGNODE ']'
  560. + '[' EVALMODE == HOTNODE ']'
  561. + '[' EVALMODE == WARMNODE ']'
  562. + node_pillar
  563. + touch /root/installtmp/so-hh-eval-centos.dev.example.org.sls
  564. + echo node:
  565. + echo ' mainip: 10.0.194.112'
  566. + echo ' mainint: eth0'
  567. + echo ' esheap: 600m'
  568. + echo ' esclustername: {{ grains.host }}'
  569. + echo ' lsheap: 2g'
  570. + echo ' ls_pipeline_workers: 1'
  571. + echo ' ls_pipeline_batch_size: 125'
  572. + echo ' ls_input_threads: 1'
  573. + echo ' ls_batch_count: 125'
  574. + echo ' es_shard_count: '
  575. + echo ' node_type: storage'
  576. + echo ' es_port: 9200'
  577. + echo ' log_size_limit: 7'
  578. + echo ' cur_close_days: 30'
  579. + set_initial_firewall_policy
  580. + get_main_ip
  581. ++ ip route get 1
  582. ++ awk '{print $NF;exit}'
  583. + MAINIP=10.0.194.112
  584. ++ ip route get 1
  585. ++ awk '{print $5;exit}'
  586. + MAININT=eth0
  587. + '[' EVALMODE == MASTERONLY ']'
  588. + '[' EVALMODE == EVALMODE ']'
  589. + printf ' - 10.0.194.112\n'
  590. + printf ' - 10.0.194.112\n'
  591. + printf ' - 10.0.194.112\n'
  592. + printf ' - 10.0.194.112\n'
  593. + /opt/so/saltstack/pillar/data/addtotab.sh evaltab so-hh-eval-centos.dev.example.org 10.0.194.112 2 XYiDvQmcZHEMUi5z eth0 8377344000 8377344000 bond0
  594. Seeing if this host is already in here. If so delete it
  595. local:
  596. - Pillar failed to render with the following messages:
  597. - Specified SLS 'masters.so-hh-eval-centos' in environment 'base' is not available on the salt master
  598. - Specified SLS 'firewall.*' in environment 'base' is not available on the salt master
  599. - Specified SLS 'data.*' in environment 'base' is not available on the salt master
  600. local:
  601. - Pillar failed to render with the following messages:
  602. - Specified SLS 'masters.so-hh-eval-centos' in environment 'base' is not available on the salt master
  603. - Specified SLS 'firewall.*' in environment 'base' is not available on the salt master
  604. - Specified SLS 'data.*' in environment 'base' is not available on the salt master
  605. + '[' EVALMODE == SENSORONLY ']'
  606. + '[' EVALMODE == STORAGENODE ']'
  607. + '[' EVALMODE == PARSINGNODE ']'
  608. + '[' EVALMODE == HOTNODE ']'
  609. + '[' EVALMODE == WARMNODE ']'
  610. + salt_firstcheckin
  611. + salt-call state.highstate
  612. + accept_salt_key_local
  613. + salt-key -ya so-hh-eval-centos.dev.example.org
  614. The key glob 'so-hh-eval-centos.dev.example.org' does not match any unaccepted keys.
  615. + salt_checkin_message
  616. + echo '####################################################'
  617. ####################################################
  618. + echo '## ##'
  619. ## ##
  620. + echo '## Applying and Installing everything ##'
  621. ## Applying and Installing everything ##
  622. + echo '## (This will take a while) ##'
  623. ## (This will take a while) ##
  624. + echo '## ##'
  625. ## ##
  626. + echo '####################################################'
  627. ####################################################
  628. + salt_checkin
  629. + '[' EVALMODE == MASTERONLY ']'
  630. + '[' EVALMODE == EVALMODE ']'
  631. + echo 'Building Certificate Authority'
  632. Building Certificate Authority
  633. + salt-call state.apply ca
  634. local:
  635. - Pillar failed to render with the following messages:
  636. - Specified SLS 'masters.so-hh-eval-centos' in environment 'base' is not available on the salt master
  637. - Specified SLS 'firewall.*' in environment 'base' is not available on the salt master
  638. - Specified SLS 'data.*' in environment 'base' is not available on the salt master
  639. + echo ' *** Restarting Salt to fix any SSL errors. ***'
  640. *** Restarting Salt to fix any SSL errors. ***
  641. + service salt-master restart
  642. Redirecting to /bin/systemctl restart salt-master.service
  643. + sleep 5
  644. + service salt-minion restart
  645. Redirecting to /bin/systemctl restart salt-minion.service
  646. + sleep 15
  647. + echo ' Applyng a mine hack '
  648. Applyng a mine hack
  649. + sudo salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt
  650. so-hh-eval-centos.dev.example.org:
  651. False
  652. + echo ' Applying SSL state '
  653. Applying SSL state
  654. + salt-call state.apply ssl
  655. local:
  656. - Pillar failed to render with the following messages:
  657. - Specified SLS 'masters.so-hh-eval-centos' in environment 'base' is not available on the salt master
  658. - Specified SLS 'firewall.*' in environment 'base' is not available on the salt master
  659. - Specified SLS 'data.*' in environment 'base' is not available on the salt master
  660. + echo 'Still Working... Hang in there'
  661. Still Working... Hang in there
  662. + salt-call state.highstate
  663. [INFO ] Loading fresh modules for state activity
  664. [INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://top.sls'
  665. [INFO ] Creating module dir '/var/cache/salt/minion/extmods/beacons'
  666. [INFO ] Syncing beacons for environment 'base'
  667. [INFO ] Loading cache from salt://_beacons, for base)
  668. [INFO ] Caching directory '_beacons/' for environment 'base'
  669. [INFO ] Creating module dir '/var/cache/salt/minion/extmods/modules'
  670. [INFO ] Syncing modules for environment 'base'
  671. [INFO ] Loading cache from salt://_modules, for base)
  672. [INFO ] Caching directory '_modules/' for environment 'base'
  673. [INFO ] Creating module dir '/var/cache/salt/minion/extmods/states'
  674. [INFO ] Syncing states for environment 'base'
  675. [INFO ] Loading cache from salt://_states, for base)
  676. [INFO ] Caching directory '_states/' for environment 'base'
  677. [INFO ] Creating module dir '/var/cache/salt/minion/extmods/sdb'
  678. [INFO ] Syncing sdb for environment 'base'
  679. [INFO ] Loading cache from salt://_sdb, for base)
  680. [INFO ] Caching directory '_sdb/' for environment 'base'
  681. [INFO ] Creating module dir '/var/cache/salt/minion/extmods/grains'
  682. [INFO ] Syncing grains for environment 'base'
  683. [INFO ] Loading cache from salt://_grains, for base)
  684. [INFO ] Caching directory '_grains/' for environment 'base'
  685. [INFO ] Creating module dir '/var/cache/salt/minion/extmods/renderers'
  686. [INFO ] Syncing renderers for environment 'base'
  687. [INFO ] Loading cache from salt://_renderers, for base)
  688. [INFO ] Caching directory '_renderers/' for environment 'base'
  689. [INFO ] Creating module dir '/var/cache/salt/minion/extmods/returners'
  690. [INFO ] Syncing returners for environment 'base'
  691. [INFO ] Loading cache from salt://_returners, for base)
  692. [INFO ] Caching directory '_returners/' for environment 'base'
  693. [INFO ] Creating module dir '/var/cache/salt/minion/extmods/output'
  694. [INFO ] Syncing output for environment 'base'
  695. [INFO ] Loading cache from salt://_output, for base)
  696. [INFO ] Caching directory '_output/' for environment 'base'
  697. [INFO ] Creating module dir '/var/cache/salt/minion/extmods/utils'
  698. [INFO ] Syncing utils for environment 'base'
  699. [INFO ] Loading cache from salt://_utils, for base)
  700. [INFO ] Caching directory '_utils/' for environment 'base'
  701. [INFO ] Loading fresh modules for state activity
  702. local:
  703. Data failed to compile:
  704. ----------
  705. Pillar failed to render with the following messages:
  706. ----------
  707. Specified SLS 'masters.so-hh-eval-centos' in environment 'base' is not available on the salt master
  708. ----------
  709. Specified SLS 'firewall.*' in environment 'base' is not available on the salt master
  710. ----------
  711. Specified SLS 'data.*' in environment 'base' is not available on the salt master
  712. + checkin_at_boot
  713. + echo 'startup_states: highstate'
  714. + whiptail_setup_complete
  715. + whiptail --title 'Security Onion Setup' --msgbox 'Finished installing this as an EVALMODE. A reboot is recommended.' 8 78
  716. + install_cleanup
  717. + rm -rf /root/installtmp
  718. + exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!