2018년 1월 21일 일요일

snort + barnyard2 + mysql7 install script

#!/bin/bash
# on CentOS 7(minimal)

clear
mkdir /root/install
cd /root/install

echo
echo "================================="
echo "Step 1 : start mysql installation"
echo "================================="
echo
read -p "press enter for continue"
echo

# mysql 설치를 위한 yum 저장소 구축
rpm -ivh https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm

# mysql 설치
yum install mysql-server mysql-devel -y

echo
echo "-------------------------"
echo "Start mysql configuration"
echo "-------------------------"
echo
read -p "press enter for configuration"
echo

service mysqld start

# 패스워드 정책이 너무 까다로워서-_-
echo "validate-password=off" >> /etc/my.cnf
service mysqld restart

# mysql root 임시 패스워드 확인
PW=`grep "temporary password is generated" /var/log/mysqld.log | grep -oP "\S+$"`
echo
echo "--------------------------------------"
echo "temporary root password : $PW"
echo "--------------------------------------"

# mysql root 패스워드 재설정 및 원격 접속 허용
mysql_secure_installation
echo
echo "--------------------------------------------"
echo "input password for allow root login remotely"
echo "--------------------------------------------"
mysql -u root -p -e "grant all privileges on *.* to 'root'@'%' identified by 'your password';"

# 신규 설정 적용
echo
echo "-----------------------------------"
echo "input password for flush privileges"
echo "-----------------------------------"
mysql -u root -p -e "flush privileges;"

# mysql 설치 경로 확인
echo
echo "-------------------------"
echo "mysql installation status"
echo "-------------------------"
whereis mysql|cut -d " " -f 2
whereis mysql|cut -d " " -f 3
whereis mysql|cut -d " " -f 4
whereis mysql|cut -d " " -f 5
whereis mysql|cut -d " " -f 6

echo
echo "================================="
echo "Step 2 : start snort installation"
echo "================================="
echo
read -p "press enter for continue"
echo

# snort 설치에 필요한 패키지 설치
yum install wget gcc bison flex libpcap* pcre* libdnet* zlib* libtool python-devel -y

echo
echo "-------------------------"
echo "Start nghttp installation"
echo "-------------------------"
echo
read -p "press enter for continue"
echo

# daq 설치 시 요구되는 패키지 사전 설치(없어도 설치에 문제는 없음)
wget https://github.com/nghttp2/nghttp2/releases/download/v1.29.0/nghttp2-1.29.0.tar.gz
tar -xvzf nghttp2-1.29.0.tar.gz
cd nghttp2-1.29.0
./configure && make && make install
cd /root/install

echo
echo "----------------------"
echo "Start daq installation"
echo "----------------------"
echo
read -p "press enter for continue"
echo

# daq 설치
wget https://snort.org/downloads/snort/daq-2.0.6.tar.gz
tar -xvzf daq-2.0.6.tar.gz
cd daq-2.0.6
./configure && make && make install
cd /root/install

echo
echo "------------------------"
echo "Start snort installation"
echo "------------------------"
echo
read -p "press enter for continue"
echo

# snort 설치
wget https://snort.org/downloads/snort/snort-2.9.11.1.tar.gz
tar -xvzf snort-2.9.11.1.tar.gz
cd snort-2.9.11.1
./configure && make && make install
cd /root/install

echo
# snort conf 파일 경로
mkdir /etc/snort
# snort rule 파일 경로
mkdir /etc/snort/rules
# snort log 파일 경로
mkdir /var/log/snort

# snort 설치 확인
echo
echo "-------------------------"
echo "snort installation status"
echo "-------------------------"
whereis snort|cut -d " " -f 2
whereis snort|cut -d " " -f 3

echo
echo "====================================="
echo "Step 3 : start barnyard2 installation"
echo "====================================="
echo
read -p "press enter for continue"
echo

# snort와 mysql 연동을 위한 barnyard2 설치
wget https://github.com/firnsy/barnyard2/archive/master.tar.gz -O barnyard2-Master.tar.gz
tar -xvzf barnyard2-Master.tar.gz
cd barnyard2-master
./autogen.sh

# 가끔 에러가 발생해서 autogen.sh 재실행 설정 추가
if ! [ -e Makefile.in ]
then
echo "--------------------------"
echo "cannot find 'Makefile.in'"
echo "execute 'autogen.sh' again"
echo "--------------------------"
echo
read -p "press enter for continue"
echo

CNT=2
while ! [ -e Makefile.in ]
do
echo
echo "------------------"
echo "try 'autogen.sh[$CNT]'"
echo "------------------"
echo
./autogen.sh
CNT=`expr $CNT + 1`
done

./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql && make && make install

else
./configure --with-mysql --with-mysql-libraries=/usr/lib64/mysql && make && make install
fi

echo
echo "----------------------"
echo "Start db configuration"
echo "----------------------"
echo
read -p "press enter for continue"
echo

# snort 데이터베이스 생성
echo "----------------------------------------"
echo "input password for create database snort"
echo "----------------------------------------"
mysql -u root -p -e "create database snort";

# 데이터베이스 스키마 생성
echo
echo "--------------------------------------"
echo "input password for create snort schema"
echo "--------------------------------------"
mysql -u root -p -D snort < /root/install/barnyard2-master/schemas/create_mysql

# snort 로그를 읽어드릴 barnyard2 임시 파일
touch /var/log/snort/barnyard2.waldo
# barnyard2 log 파일 경로
mkdir /var/log/barnyard2

# mysql 원격 접속을 위해
echo
echo "--------------------"
echo "firewall service off"
echo "--------------------"
chkconfig firewalld off
service firewalld stop

# barnyard2 설치 확인
echo
echo "-----------------------------"
echo "barnyard2 installation status"
echo "-----------------------------"
whereis barnyard2|cut -d " " -f 2
whereis barnyard2|cut -d " " -f 3

댓글 없음:

댓글 쓰기

크리에이티브 커먼즈 라이선스