Untitled

#INSTALL GRAYLOG2 AND NGINX AUTOMAGICALLY @bryptik 8/14/18
#ADD LOGGING LATER
#LOGFILE="/var/log/graylog2-install.log"

INFO="\033[1;32m"
RESET="\033[0m"

echo "${INFO}Starting Graylog2 Installation${RESET}"

#GET PASSWORDS FOR LATER
read -p 'Username: ' nginxUsername
read -p 'Password: ' passvar

#DISABLE IPV6
echo "${INFO}Disabling IPv6${RESET}"
echo "  net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "  net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "  net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf

#UPDATE AND GET JAVA
echo "${INFO}Verifying system is up to date and installing initial dependencies${RESET}"
apt-get update && apt-get upgrade -y
apt-get install -y apt-transport-https uuid-runtime pwgen software-properties-common python-software-properties debconf-utils pwgen

#ADD JAVA WEB REPO
echo "${INFO}Installing JAVA 8 Dependency from Oracle${RESET}"
add-apt-repository -y ppa:webupd8team/java
echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | sudo debconf-set-selections
apt-get update
apt-get install -y oracle-java8-installer

#MONGODB INSTALL
echo "${INFO}Installing MongoDB${RESET}"
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
apt-get update
apt-get install -y mongodb-org

#AUTOSTART MONGODB SERVICE
echo "${INFO}Setting MongoDB Services${RESET}"
systemctl daemon-reload
systemctl enable mongod.service
systemctl restart mongod.service

#GET ELASTIC
echo "${INFO}Installing Elastic Search 5x (Graylog2 is not compatible with 6x)${RESET}"
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
apt-get update && sudo apt-get install elasticsearch

#SET CLUSTER.NAME TO GRAYLOG
echo "${INFO}Setting Elastic cluster.name to graylog${RESET}"
sed -i 's/#cluster.name.*/cluster.name: graylog/g' /etc/elasticsearch/elasticsearch.yml

#AUTOSTART ELASTICSEARCH SERVICE
echo "${INFO}Setting ElasticSearch Services${RESET}"
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl restart elasticsearch.service

#DOWNLOAD AND INSTALL GRAYLOG SERVER
echo "${INFO}Download and install Graylog2 DEB Latest${RESET}"
wget https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.deb
sudo dpkg -i graylog-2.4-repository_latest.deb
sudo apt-get update && sudo apt-get install graylog-server

#MODIFY GRAYLOG2 CONFIGURATION
echo "${INFO}Adjust Graylog2 Settings${RESET}"
HOSTIPADDR=$(ifconfig | awk '/inet addr/{print substr($2,6)}'| head -n 1)
SPASS=$(pwgen -N 1 -s 96)
UPASS=$(echo -n $passvar | sha256sum | cut -c1-64) #DROP THAT -


sed -i 's/#root_username.*/root_username = '$nginxUsername' /g' /etc/graylog/server/server.conf
sed -i 's/password_secret.*/password_secret = '$SPASS' /g' /etc/graylog/server/server.conf
sed -i 's/root_password_sha2.*/root_password_sha2 = '"$UPASS"' /g' /etc/graylog/server/server.conf

sed -i 's/rest_listen_uri.*/rest_listen_uri = '"http:\/\/0.0.0.0:9000\/api\/"' /g' /etc/graylog/server/server.conf
sed -i 's/#rest_transport_uri.*/rest_transport_uri =  http:\/\/'"$HOSTIPADDR"':9000\/api\/ /g' /etc/graylog/server/server.conf
sed -i 's/#web_listen_uri.*/web_listen_uri = http:\/\/0.0.0.0:9000\/ /g' /etc/graylog/server/server.conf

#AUTOSTART GRAYLOG2 SERVICES
echo "${INFO}Setting Graylog2 Services${RESET}"
systemctl daemon-reload
systemctl enable graylog-server.service
systemctl restart graylog-server.service

#CREATE SSL CERTIFICATES
echo "${INFO}Generating SSL Certificates${RESET}"
HOSTIPADDR=$(ifconfig | awk '/inet addr/{print substr($2,6)}'| head -n 1)
sed -i '226s/.*/subjectAltName = IP: '"$HOSTIPADDR"'/' /etc/ssl/openssl.cnf
mkdir -p /etc/pki/tls/certs
mkdir /etc/pki/tls/private
openssl req -config /etc/ssl/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout /etc/pki/tls/private/Graylog2.key -out /etc/pki/tls/certs/Graylog2.crt

#INSTALL NGINX PROXY
echo "${INFO}Installing NGINX front end proxy for Graylog2${RESET}"
apt-get install -y nginx apache2-utils

#CREATE NGINX GRAYLOG2 SITE
echo "${INFO}Creating new NGINX site${RESET}"
cp /etc/nginx/sites-available/default /etc/nginx/sites-available/backup_default
truncate -s 0 /etc/nginx/sites-available/default

newDefault="
    server {
        listen 443 default ssl;
        ssl_certificate /etc/pki/tls/certs/Graylog2.crt;
        ssl_certificate_key /etc/pki/tls/private/Graylog2.key;
        ssl_session_cache shared:SSL:10m;
        server_name $HOSTIPADDR;
        access_log /var/log/nginx/graylog.access.log;
        location / {
            proxy_set_header Host \$host;
            proxy_set_header X-Forwarded-Host \$host;
            proxy_set_header X-Forwarded-Server \$host;
            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
            proxy_set_header X-Graylog-Server-URL https://\$server_name/api;
            proxy_pass       http://127.0.0.1:9000;
        }
    }
"
echo "$newDefault" >> /etc/nginx/sites-available/default

echo "${INFO}Testing NGINX Config${RESET}"
nginx -t
systemctl restart nginx

#SET NGINX SERVICES
systemctl start nginx
systemctl enable nginx

#FINALE!
echo "${INFO}Graylog2 has been installed${RESET}"
echo "Browse to your server and sign-in @ "$HOSTIPADDR
echo "Username: " $nginxUsername
echo "Password: " $passvar
echo "Additional Details:"
echo "SSL cert: /etc/pki/tls/certs/Graylog2.crt"