#!/bin/sh
#
# THIS SCRIPT MUST BE RUN AS USER "ROOT"
#
# Auth: David Marcoux
# 

#if [ $# -lt 1 ];then
#   echo -e "\nUsage: #./post-install-script.sh <type>\n"
#   echo -e "   1- Standard Snort Box (IDS/Traffic Recorder)"
#   echo -e "   2- Special  Snort Box (Investigations)\n"
#   exit
#fi

# set default directory 
cd .
echo " "
echo " "
echo "ACME Snort box install script..."
echo " "
echo "System Purpose/Role?"
echo "  1.  Standard (IDS/ACID/DDR)"
echo "  2.  Special (Investigation)"
echo " "
read purpose

echo " "
echo "Hardware?"
echo "  1.  Penguin 1U - Relion 140"
echo "  2.  Shuttle XPC / Other"
echo " "
read hardware


echo " "
echo "Number of snort interfaces (1-6)?"
echo " "
read interfaces

echo " "
echo "Hostname?"
echo " "
read hostname

# Set hostname
grep -v "HOSTNAME" /etc/sysconfig/network > /tmp/network
mv /tmp/network /etc/sysconfig/network
echo "HOSTNAME=$hostname" >> /etc/sysconfig/network


if ! grep -q '^maintenance:' /etc/passwd; then
  echo -e "\nAdding account \"maintenance\"..."
  adduser maintenance
  passwd  maintenance 
  echo -e "\nPress [enter] to continue..."
  read dummie
fi

if ! grep -q '^rulemgr:' /etc/passwd; then
  echo -e "\nAdding account \"rulemgr\"..."
  adduser rulemgr
  passwd  rulemgr
  echo -e "\nPress [enter] to continue..."
  read dummie
fi

if ! grep -q '^bkdr:' /etc/passwd; then
  echo -e "\nAdding account \"bkdr\"..."
  adduser -o -u 0 -g 0 bkdr
  passwd  bkdr
  echo -e "\nPress [enter] to continue..."
  read dummie
fi

if ! grep -q '^analyst:' /etc/group; then
  groupadd analyst
  chgrp analyst /dat*
  chmod 775 /dat*
fi

echo -e "\nDisabling unnecessary services..."
chkconfig netfs off
chkconfig nfs off
chkconfig random off
chkconfig rawdevices off
chkconfig portmap off
chkconfig apmd off
chkconfig atd off
chkconfig gpm off
chkconfig autofs off
chkconfig keytable off
chkconfig kudzu off
chkconfig sendmail off
chkconfig nfslock off
chkconfig rhnsd off
chkconfig anacron off
chkconfig isdn off
chkconfig pcmcia off
chkconfig irda off
chkconfig snmpd off
chkconfig snmprapd off
chkconfig winbind off
chkconfig saslauthd off
echo -e "\nPress [enter] to continue..."
read dummie

echo -e "\nRemove unnecessary accounts..."
userdel acme
userdel adm
userdel lp
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
userdel ftp
userdel guest
userdel sync
echo -e "\nPress [enter] to continue..."
read dummie

echo -e "\nRemoving unnecessary RPMs..."
scripts/remove-unnecessary-rpms.sh
echo -e "\nPress [enter] to continue..."
read dummie

echo "Installing RedHat PGP & GPG public keys..."
rpm --import /usr/share/doc/rpm-4.2/RPM-PGP-KEY
rpm --import /usr/share/doc/rpm-4.2/RPM-GPG-KEY

echo -e "\nInstalling supplemental RPMs..."
rpm -i -v install/*.rpm
echo -e "\nPress [enter] to continue..."
read dummie

echo -e "\nUpgrade appropriate RPMs..."
rpm -Fvh updates/*.rpm
echo -e "\nPress [enter] to continue..."
read dummie

echo -e "\nInsert/Modify files (1)..."
# Add some commands in /etc/rc.local and then run them
echo "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts" >> /etc/rc.local
echo "cp /usr/sbin/snort /usr/sbin/snort-log"   >> /etc/rc.local
echo "cp /usr/sbin/snort /usr/sbin/snort-alert" >> /etc/rc.local
/etc/rc.local

mkdir -p -v /root/bin
chmod 755        /root/bin
chown root:root  /root/bin

cp -v scripts/smbloginhunter.sh /root/bin/
chmod 755        /root/bin/smbloginhunter.sh
chown root:root  /root/bin/smbloginhunter.sh

cp -v scripts/makespace*  /bin/
chmod 700        /bin/makespace*
chown root:root  /bin/makespace*

cp -v scripts/parser /bin/parser
chmod 755        /bin/parser
chown root:root  /bin/parser

# allow normal users to use tcpdump
ln -s /usr/sbin/tcpdump /bin/tcpdump
echo -e "\nPress [enter] to continue..."
read dummie

echo -e "\nInsert/Modify files (2)..."
rm -f                           /etc/snort/snort.conf
rm -f                           /etc/rc.d/init.d/snortd

cp -v scripts/snort-alert       /etc/rc.d/init.d/snort-alert
cp -v scripts/snort-log         /etc/rc.d/init.d/snort-log
cp -v scripts/snort.conf        /etc/snort/snort.conf
cp -v scripts/snort-log.conf    /etc/snort/snort-log.conf

chmod 755                       /etc/rc.d/init.d/snort*
chown root:root                 /etc/rc.d/init.d/snort*

chown root:rulemgr /etc/snort
chown root:rulemgr /etc/snort/*

chmod 775     /etc/snort
chmod 664     /etc/snort/*

rm -rf  /etc/snort/rules/

ln -s /etc/rc.d/init.d/snort-log /etc/rc.d/rc3.d/S99snort-log
ln -s /etc/rc.d/init.d/snort-log /etc/rc.d/rc3.d/K99snort-log
ln -s /etc/rc.d/init.d/snort-alert /etc/rc.d/rc3.d/S99snort-alert
ln -s /etc/rc.d/init.d/snort-alert /etc/rc.d/rc3.d/K99snort-alert
echo -e "\nPress [enter] to continue..."
read dummie

echo -e "\nInsert/Modify files (3)..."
# install barnyard, stunnel, and libmysql stuff
cp -v scripts/barnyard.conf  /etc/snort/barnyard.conf
chmod 600                    /etc/snort/barnyard.conf
chown root:root              /etc/snort/barnyard.conf
cp -v scripts/stunnel.conf   /etc/stunnel/stunnel.conf
chmod 600                    /etc/stunnel/stunnel.conf
chown root:root              /etc/stunnel/stunnel.conf
cp -v install/barnyard       /bin/barnyard
chmod 700                    /bin/barnyard
chown root:root              /bin/barnyard
cp -v scripts/barnyard       /etc/rc.d/init.d/barnyard
chmod 700                    /etc/rc.d/init.d/barnyard
chown root:root              /etc/rc.d/init.d/barnyard 
mkdir /usr/local/mysql
mkdir /usr/local/mysql/lib
mkdir /usr/local/mysql/lib/mysql
rm -rf  /usr/local/mysql/lib/mysql/*
unzip install/libmysqlclient.zip  -d /usr/local/mysql/lib/mysql
ln -s /usr/local/mysql/lib/mysql/libmysqlclient.so /usr/local/mysql/lib/mysql/mysqlclient.so.12
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig

cp -v scripts/resolv.conf /etc/resolv.conf
chmod 644       /etc/resolv.conf
chown root:root /etc/resolv.conf

cp -v scripts/services.sample /etc/services
chmod 644       /etc/services
chown root:root /etc/services

cp -v scripts/sshd_config.sample /etc/ssh/sshd_config
chmod 600        /etc/ssh/sshd_config
chown root:root  /etc/ssh/sshd_config

cp -v scripts/warning-banner.sample /etc/issue
cp -v scripts/warning-banner.sample /etc/issue.net
cp -v scripts/warning-banner.sample /etc/motd
chmod 644 /etc/issu*
chmod 644 /etc/motd
chown root:root /etc/issu*
chown root:root /etc/motd
echo -e "\nPress [enter] to continue..."
read dummie

echo -e "\nInsert/Modify files (4)..."
rm -rf /etc/sysconfig/network-scripts/ifcfg-eth*
rm -rf /etc/sysconfig/network-scripts/ifcfg-bond*
rm -rf /etc/sysconfig/network-scripts/ifcfg-bridg*

cp scripts/ifcfg-eth0  /etc/sysconfig/network-scripts/
cp scripts/ifcfg-eth1  /etc/sysconfig/network-scripts/
cp scripts/ifcfg-bond0 /etc/sysconfig/network-scripts/

if [ $interfaces -eq 2 ]; then
  cp scripts/ifcfg-eth2  /etc/sysconfig/network-scripts/
fi

if [ $interfaces -eq 3 ]; then
  cp scripts/ifcfg-eth3  /etc/sysconfig/network-scripts/
fi

if [ $interfaces -eq 4 ]; then
  cp scripts/ifcfg-eth4  /etc/sysconfig/network-scripts/
fi

if [ $interfaces -eq 5 ]; then
  cp scripts/ifcfg-eth5  /etc/sysconfig/network-scripts/
fi

if [ $interfaces -eq 6 ]; then
  cp scripts/ifcfg-eth6  /etc/sysconfig/network-scripts/
fi

chown root:root /etc/sysconfig/network-scripts/ifcfg*
chmod 755       /etc/sysconfig/network-scripts/ifcfg*

if [ $hardware -eq 1 ]; then
   # Set the eth interfaces in the preferred order.
   egrep -v "eth0|eth1|eth2|bond0" /etc/modules.conf > /tmp/modules.conf
   mv /tmp/modules.conf /etc/modules.conf
   echo "alias eth0 e100 " >> /etc/modules.conf  
   echo "alias eth1 e1000" >> /etc/modules.conf  
   echo "alias eth2 e1000" >> /etc/modules.conf  
   chmod 644        /etc/modules.conf
   chown root:root  /etc/modules.conf
fi

# set up channel bonding
echo "alias bond0 bonding                 "  >> /etc/modules.conf
echo "options bond0 miimon=100 downdelay=0"  >> /etc/modules.conf

echo -e "\nPress [enter] to continue..."
read dummie

echo -e "\nStart/Stop network service..."
# Start all interfaces so that we can install the firewall script
/etc/rc.d/init.d/network restart
sleep 5
echo -e "\nPress [enter] to continue..."
read dummie

echo -e "\nInstall firewall..."
scripts/install-iptables-firewall1.sh
echo -e "\nPress [enter] to continue..."
read dummie

echo " "
echo "Installing crontab entries..."
crontab scripts/crontab.sample
echo -e "\nPress [enter] to continue..."
read dummie

echo " "
echo "Removing unnecessary files..."
rm  -v /etc/xinetd.d/*
rm  -v /root/install.log
rm  -v /root/install.log.syslog
echo -e "\nPress [enter] to continue..."
read dummie

echo "Done. Time to reboot"