def main(): fpcuser = "" fpcpassword = "" if not fpcpassword and not fpcuser: d = Dialog('Insta-Snorby - First boot configuration') response = d.yesno("Enable OpenFPC?","Snorby supports intergration with OpenFPC, a lightweight full-packet network traffic recorder & buffering system.\nInsta-Snorby can install and configure OpenFPC so that full pcaps of alerts will be made available inside the Snorby application.\n\n Would you like to enable OpenFPC?") if response: fpcuser = d.inputbox("Create OpenFPC Username","Please enter your desired OpenFPC username.") fpcpassword = d.get_password("Create OpenFPC password", "Please enter your desired OpenFPC password.") if fpcuser and fpcpassword: ipaddress = get_ip_address('eth0') d.infobox('Installing OpenFPC 0.6-314') system('htpasswd -b -c /etc/openfpc/apache2.passwd %s %s > /dev/null' % (fpcuser[1], fpcpassword) ) system('cd /root/openfpc-0.6-314/ && /root/openfpc-0.6-314/openfpc-install.sh install > /dev/null') system("sed -i 's/GUIUSER=openfpc/#GUIUSER=openfpc/g' /etc/openfpc/openfpc-default.conf") system("sed -i 's/GUIPASS=openfpc/#GUIUSER=openfpc/g' /etc/openfpc/openfpc-default.conf") system("sed -i 's/USER=openfpc=openfpc/USER=%s=%s/g' /etc/openfpc/openfpc-default.conf" % (fpcuser[1], fpcpassword)) system("sed -i 's/AuthType Basic/#AuthType Basic/g' /etc/apache2/sites-enabled/openfpc.apache2.site") system("sed -i 's/AuthName/#AuthName/g' /etc/apache2/sites-enabled/openfpc.apache2.site") system("sed -i 's/AuthUserFile/#AuthUserFile/g' /etc/apache2/sites-enabled/openfpc.apache2.site") system("sed -i 's/Require valid-user/#Require valid-user/g' /etc/apache2/sites-enabled/openfpc.apache2.site") d.infobox('Starting OpenFPC 0.6-314') system("openfpc -action start > /dev/null") d.infobox('Configuring Snorby...') system("cd /var/www/snorby && /usr/local/bin/rails runner 'Setting.set(:packet_capture, 1)' > /dev/null 2>&1") system("cd /var/www/snorby && /usr/local/bin/rails runner \"Setting.set(:packet_capture_url, 'https://%s/openfpc/cgi-bin/extract.cgi')\" > /dev/null 2>&1" % ipaddress) system("cd /var/www/snorby && /usr/local/bin/rails runner \"Setting.set(:packet_capture_type, 'openfpc')\" > /dev/null 2>&1")
def main(): fpcuser = "" fpcpassword = "" if not fpcpassword and not fpcuser: d = Dialog('Insta-Snorby - First boot configuration') response = d.yesno("Enable OpenFPC?","Snorby supports intergration with OpenFPC, a lightweight full-packet network traffic recorder & buffering system.\nInsta-Snorby can install and configure OpenFPC so that full pcaps of alerts will be made available inside the Snorby application.\n\n Would you like to enable OpenFPC?") if response: fpcuser = d.inputbox("Create OpenFPC Username","Please enter your desired OpenFPC username.") fpcpassword = d.get_password("Create OpenFPC password", "Please enter your desired OpenFPC password.") if fpcuser and fpcpassword: ipaddress = get_ip_address('eth0') d.infobox('Installing OpenFPC 0.6-314') system('htpasswd -b -c /etc/openfpc/apache2.passwd %s %s > /dev/null' % (fpcuser[1], fpcpassword) ) system('cd /root/openfpc-0.6-314/ && /root/openfpc-0.6-314/openfpc-install.sh install > /dev/null') system("sed -i 's/GUIUSER=openfpc/#GUIUSER=openfpc/g' /etc/openfpc/openfpc-default.conf") system("sed -i 's/GUIPASS=openfpc/#GUIUSER=openfpc/g' /etc/openfpc/openfpc-default.conf") system("sed -i 's/USER=openfpc=openfpc/USER=%s=%s/g' /etc/openfpc/openfpc-default.conf" % (fpcuser[1], fpcpassword)) system("sed -i 's/AuthType Basic/#AuthType Basic/g' /etc/apache2/sites-enabled/openfpc.apache2.site") system("sed -i 's/AuthName/#AuthName/g' /etc/apache2/sites-enabled/openfpc.apache2.site") system("sed -i 's/AuthUserFile/#AuthUserFile/g' /etc/apache2/sites-enabled/openfpc.apache2.site") system("sed -i 's/Require valid-user/#Require valid-user/g' /etc/apache2/sites-enabled/openfpc.apache2.site") d.infobox('Starting OpenFPC 0.6-314') system("openfpc -action start > /dev/null") d.infobox('Configuring Snorby...') system("cd /var/www/snorby && /usr/local/bin/rails runner 'Setting.set(:packet_capture, 1)' > /dev/null 2>&1") system("cd /var/www/snorby && /usr/local/bin/rails runner \"Setting.set(:packet_capture_url, 'https://%s/openfpc/cgi-bin/extract.cgi')\" > /dev/null 2>&1" % ipaddress) system("cd /var/www/snorby && /usr/local/bin/rails runner \"Setting.set(:packet_capture_type, 'openfpc')\" > /dev/null 2>&1") system("cd /var/www/snorby && /usr/local/bin/rails runner 'Setting.set(:packet_capture_auto_auth, 1)' > /dev/null 2>&1") system("cd /var/www/snorby && /usr/local/bin/rails runner \"Setting.set(:packet_capture_user, '%s')\" > /dev/null 2>&1" % fpcuser[1]) system("cd /var/www/snorby && /usr/local/bin/rails runner \"Setting.set(:packet_capture_password, '%s')\" > /dev/null 2>&1" % fpcpassword)
def main(): signal.signal(signal.SIGINT, signal.SIG_IGN) try: l_opts = ["help", "email=", "email-placeholder="] opts, args = getopt.gnu_getopt(sys.argv[1:], "h", l_opts) except getopt.GetoptError as e: usage(e) email = "" email_placeholder = "" for opt, val in opts: if opt in ("-h", "--help"): usage() elif opt == "--email": email = val elif opt == "--email-placeholder": email_placeholder = val if email and not email_re.match(email): fatal("email is not valid") if not email: d = Dialog("TurnKey Linux - First boot configuration") email = email_placeholder while 1: retcode, email = d.inputbox(TITLE, TEXT, email, "Enable", "Skip") dia_log(("secalerts.main():\n\tretcode:`{}'\n\temail:`{}'").format( retcode, email)) if retcode == 'cancel': email = "" break if not email_re.match(email): d.error('Email is not valid') continue if d.yesno("Is your email correct?", email): break if email: cmd = os.path.join(os.path.dirname(__file__), 'secalerts.sh') dia_log("\tcmd:`{}'".format(cmd)) subprocess.run([cmd, email], check=True)
url = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--url': url = val if not url: if 'd' not in locals(): d = Dialog('TurnKey Linux - First boot configuration') url = d.inputbox( "YouPHPTube URL", "Please enter the URL address for YouPHPTube.", "example.com") url = url[1] ALPHABET = "0123456789abcdefghijklmnopqrstuvwxyz" chars=[] for i in range(13): chars.append(random.choice(ALPHABET)) salty="".join(chars) streamkey=[] for i in range(13): streamkey.append(random.choice(ALPHABET)) key="".join(chars) m = MySQL()
except getopt.GetoptError, e: usage(e) oinkcode = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt in ('-o', '--oink'): oinkcode = val if not oinkcode: d = Dialog('Insta-Snorby - First boot configuration') response = d.yesno("Enter Oinkcode?","Snorby can automatically download and install Sourcefire's VRT rules. In order to do this, you need obtain and enter your Oinkcode from snort.org. \n\nWould you like to enter your oink code?") if response: oinkcode = d.inputbox("Enter Oinkcode","Please enter your 40 character Oinkcode") if oinkcode: system('echo %s > /root/oinkcode' % oinkcode[1]) d.infobox('VRT rules are downloading...') try: system('wget http://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/%s -o /dev/null -O /root/snortrules.tar.gz' % oinkcode[1]) except: d.error("Could not download VRT rules.") d.infobox('Download complete! VRT rules are extracting...') system('tar zxf /root/snortrules.tar.gz -C /root/') system('cp /root/rules/* /etc/snort/rules/') system('cp -f /root/snortvrt.conf /etc/snort/snort.conf')
def main(): try: opts, args = getopt.gnu_getopt(sys.argv[1:], "h", [ 'help', 'profile=', 'key-email=', 'public-address=', 'virtual-subnet=', 'private-subnet=' ]) except getopt.GetoptError as e: usage(e) profile = "" key_email = "" public_address = "" virtual_subnet = "" private_subnet = "" redirect_client_gateway = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--profile': profile = val elif opt == '--key-email': key_email = val elif opt == '--public-address': public_address = val elif opt == '--virtual-subnet': virtual_subnet = val elif opt == '--private-subnet': private_subnet = val dialog = Dialog('TurnKey Linux - First boot configuration') if not profile: profile = dialog.menu( "OpenVPN Profile", "Choose a profile for this server.\n\n* Gateway: clients will be configured to route all\n their traffic through the VPN.", [('server', 'Accept VPN connections from clients'), ('gateway', 'Accept VPN connections from clients*'), ('client', 'Initiate VPN connections to a server')]) if not profile in ('server', 'gateway', 'client'): fatal('invalid profile: %s' % profile) if profile == "client": return if not key_email: key_email = dialog.get_email( "OpenVPN Email", "Enter email address for the OpenVPN server key.", "*****@*****.**") inithooks_cache.write('APP_EMAIL', key_email) if not public_address: public_address = dialog.get_input( "OpenVPN Public Address", "Enter FQDN or IP address of server reachable by clients", "vpn.example.com") auto_virtual_subnet = "10.%d.%d.0/24" % (r(2, 254), r(2, 254)) if not virtual_subnet: virtual_subnet = dialog.get_input( "OpenVPN Virtual Subnet", "Enter CIDR subnet address pool to allocate to clients. This server will be configured with x.x.x.1. The CIDR must not be in-use on your network.", auto_virtual_subnet) if virtual_subnet.upper() == "AUTO": virtual_subnet = auto_virtual_subnet if profile == "server": if not private_subnet: retcode, private_subnet = dialog.inputbox( "OpenVPN Private Subnet", "Enter CIDR subnet behind server for clients to reach.", "10.0.1.0/24", "Apply", "Skip") if private_subnet.upper() == "SKIP": private_subnet = "" cmd = os.path.join(os.path.dirname(__file__), 'openvpn-server-init.sh') subprocess.run([cmd, key_email, public_address, virtual_subnet]) if profile == "gateway": fh = open("/etc/openvpn/server.conf", "a") fh.write( "# configure clients to route all their traffic through the vpn\n") fh.write("push \"redirect-gateway def1 bypass-dhcp\"\n\n") fh.close() if private_subnet: fh = open("/etc/openvpn/server.conf", "a") fh.write( "# push routes to clients to allow them to reach private subnets\n" ) for _private_subnet in private_subnet.split(','): fh.write("push \"route %s\"\n" % expand_cidr(_private_subnet)) fh.close() subprocess.run(['systemctl', 'start', 'openvpn@server'])
def main(): try: opts, args = getopt.gnu_getopt(sys.argv[1:], 'h', ['help', 'gameserver-repo=', 'gameserver-branch=']) except getopt.GetoptError as e: usage(e) default_gameserver_repo = 'https://github.com/jesinmat/linux-gameservers.git' default_gameserver_branch = 'master' gameserver_repo = "" gameserver_branch = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--gameserver-repo': gameserver_repo = val elif opt == '--gameserver-branch': gameserver_branch = val dialog = Dialog('TurnKey Linux - First boot configuration') if not gameserver_repo or not gameserver_branch: choose_gameserver_upstream = dialog.yesno( 'TKL Gameserver', 'Do you want to choose a custom repo?') if choose_gameserver_upstream: if not gameserver_repo: ok, gameserver_repo = dialog.inputbox( 'TKL Gameserver', 'Choose gameserver repo url', default_gameserver_repo) if not ok: gameserver_repo = default_gameserver_repo if not gameserver_branch: ok, gameserver_branch = dialog.inputbox( 'TKL Gameserver', 'Choose gameserver branch', default_gameserver_branch) if not ok: gameserver_branch = default_gameserver_branch else: gameserver_repo = default_gameserver_repo gameserver_branch = default_gameserver_branch needs_pull = False old_dir = os.getcwd() if gameserver_repo != default_gameserver_repo: os.chdir('/root/gameservers') subprocess.run([ 'git', 'remote', 'set-url', 'origin', gameserver_repo ]) needs_pull = True if gameserver_branch != default_gameserver_branch: os.chdir('/root/gameservers') subprocess.run([ 'git', 'fetch' ]) subprocess.run([ 'git', 'checkout', '--track', f'origin/{gameserver_branch}', ]) needs_pull = True if needs_pull: os.chdir('/root/gameservers') subprocess.run([ 'git', 'pull' ]) os.chdir(old_dir)
elif opt == '--fqdn': fqdn = val if apikey: system('tklbam-init %s' % apikey) if fqdn: system('hubdns-init %s %s' % (apikey, fqdn)) system('hubdns-update') return initialized_tklbam = False d = Dialog('TurnKey GNU/Linux - First boot configuration') while 1: retcode, apikey = d.inputbox("Initialize Hub services", TEXT_SERVICES, apikey, "Apply", "Skip") if not apikey or retcode == 1: break d.infobox("Linking TKLBAM to the TurnKey Hub...") try: getoutput("host -W 2 hub.turnkeylinux.org") except ExecError, e: d.error(CONNECTIVITY_ERROR) break try: getoutput('tklbam-init %s' % apikey) d.msgbox('Success! Linked TKLBAM to Hub', SUCCESS_TKLBAM)
def main(): signal.signal(signal.SIGINT, signal.SIG_IGN) try: opts, args = getopt.gnu_getopt(sys.argv[1:], "h", ['help', 'apikey=', 'fqdn=']) except getopt.GetoptError as e: usage(e) apikey = "" fqdn = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt == '--apikey': apikey = val elif opt == '--fqdn': fqdn = val if apikey: system('tklbam-init', apikey) if fqdn: system('hubdns-init', apikey, fqdn) system('hubdns-update') return initialized_tklbam = False d = Dialog('TurnKey GNU/Linux - First boot configuration') while 1: retcode, apikey = d.inputbox("Initialize Hub services", TEXT_SERVICES, apikey, "Apply", "Skip") if not apikey or retcode == 1: break d.infobox("Linking TKLBAM to the TurnKey Hub...") try: check_output(["host", "-W", "2", "hub.turnkeylinux.org"]) except CalledProcessError as e: d.error(CONNECTIVITY_ERROR) break try: check_output(['tklbam-init', apikey]) d.msgbox('Success! Linked TKLBAM to Hub', SUCCESS_TKLBAM) initialized_tklbam = True break except CalledProcessError as e: d.msgbox('Failure', e.output) continue if initialized_tklbam: while 1: retcode, fqdn = d.inputbox("Assign TurnKey DNS hostname", TEXT_HUBDNS, fqdn, "Apply", "Skip") if not fqdn or retcode == 1: break d.infobox("Linking HubDNS to the TurnKey Hub...") try: check_output(['hubdns-init', apikey, fqdn]) check_output(['hubdns-update']) d.msgbox('Success! Assigned %s' % fqdn, SUCCESS_HUBDNS) break except CalledProcessError as e: d.msgbox('Failure', e.output) continue
elif opt == '--fqdn': fqdn = val if apikey: system('tklbam-init', apikey) if fqdn: system('hubdns-init', apikey, fqdn) system('hubdns-update') return initialized_tklbam = False d = Dialog('TurnKey Linux - First boot configuration') while 1: retcode, apikey = d.inputbox("Initialize Hub services", TEXT_SERVICES, apikey, "Apply", "Skip") if not apikey or retcode == 1: break d.infobox("Linking TKLBAM to the TurnKey Hub...") try: getoutput("host -W 2 hub.turnkeylinux.org") except ExecError, e: d.error(CONNECTIVITY_ERROR) break try: getoutput('tklbam-init', apikey) d.msgbox('Success! Linked TKLBAM to Hub', SUCCESS_TKLBAM)
usage() elif opt == "--email": email = val elif opt == "--email-placeholder": email_placeholder = val if email and not email_re.match(email): fatal("email is not valid") if not email: d = Dialog("TurnKey Linux - First boot configuration") email = email_placeholder while 1: retcode, email = d.inputbox( TITLE, TEXT, email, "Enable", "Skip") if retcode == 1: email = "" break if not email_re.match(email): d.error('Email is not valid') continue if d.yesno("Is your email correct?", email): break if email:
"Magento Domain", "Enter the domain to serve Magento.", DEFAULT_DOMAIN) if domain == "DEFAULT": domain = DEFAULT_DOMAIN inithooks_cache.write('APP_DOMAIN', domain) if not privkey: if 'd' not in locals(): d = Dialog('TurnKey Linux - First boot configuration') privkey = d.inputbox( "Magento Account Key", AUTHKEY_MESSAGE % 'private', '', 'OK', 'Skip')[1] if privkey == "DEFAULT": privkey = "SKIP" if not pubkey: if 'd' not in locals(): d = Dialog('TurnKey Linux - First boot configuration') pubkey = d.inputbox( "Magento Account Key", AUTHKEY_MESSAGE % 'public', '', 'OK',
if not admin_password: if 'd' not in locals(): d = Dialog('TurnKey Linux - First boot configuration') admin_password = d.get_password( "Samba Password", "Enter password for the samba 'administrator' account.", pass_req=8, min_complexity=3) if join and not join_nameserver: d = Dialog('Turnkey Linux - First boot configuration') while 1: retcode, join_nameserver = d.inputbox( "Add nameserver", "Set the DNS server IP and AD DNS domain in your /etc/resolv.conf.", "", "Add", "Skip") if retcode == 1: join_nameserver = "" break if not valid_ip(join_nameserver): d.error('IP is not valid.') continue if d.yesno("Is your DNS correct?", join_nameserver): break if join:
"vpn.example.com") auto_virtual_subnet = "10.%d.%d.0/24" % (r(2, 254), r(2, 254)) if not virtual_subnet: virtual_subnet = dialog.get_input( "OpenVPN Virtual Subnet", "Enter CIDR subnet address pool to allocate to clients. This server will be configured with x.x.x.1. The CIDR must not be in-use on your network.", auto_virtual_subnet) if virtual_subnet.upper() == "AUTO": virtual_subnet = auto_virtual_subnet if profile == "server": if not private_subnet: retcode, private_subnet = dialog.inputbox( "OpenVPN Private Subnet", "Enter CIDR subnet behind server for clients to reach.", "10.0.1.0/24", "Apply", "Skip") if private_subnet.upper() == "SKIP": private_subnet = "" cmd = os.path.join(os.path.dirname(__file__), 'openvpn-server-init.sh') system(cmd, key_email, public_address, virtual_subnet) if profile == "gateway": fh = open("/etc/openvpn/server.conf", "a") fh.write( "# configure clients to route all their traffic through the vpn\n") fh.write("push \"redirect-gateway def1 bypass-dhcp\"\n\n") fh.close()
d = Dialog('TurnKey Linux - First boot configuration') domain = d.get_input("Magento Domain", "Enter the domain to serve Magento.", DEFAULT_DOMAIN) if domain == "DEFAULT": domain = DEFAULT_DOMAIN inithooks_cache.write('APP_DOMAIN', domain) if not privkey: if 'd' not in locals(): d = Dialog('TurnKey Linux - First boot configuration') privkey = d.inputbox("Magento Account Key", AUTHKEY_MESSAGE % 'private', '', 'OK', 'Skip')[1] if privkey == "DEFAULT": privkey = "SKIP" if privkey and not pubkey: if 'd' not in locals(): d = Dialog('TurnKey Linux - First boot configuration') pubkey = d.inputbox("Magento Account Key", AUTHKEY_MESSAGE % 'public', '', 'OK', 'Skip')[1] if pubkey == "DEFAULT": pubkey = "SKIP" salt = executil.getoutput(
"vpn.example.com") auto_virtual_subnet = "10.%d.%d.0/24" % (r(2, 254), r(2, 254)) if not virtual_subnet: virtual_subnet = dialog.get_input( "OpenVPN Virtual Subnet", "Enter CIDR subnet address pool to allocate to clients. This server will be configured with x.x.x.1. The CIDR must not be in-use on your network.", auto_virtual_subnet) if virtual_subnet.upper() == "AUTO": virtual_subnet = auto_virtual_subnet if profile == "server": if not private_subnet: retcode, private_subnet = dialog.inputbox( "OpenVPN Private Subnet", "Enter CIDR subnet behind server for clients to reach.", "10.0.1.0/24", "Apply", "Skip") if private_subnet.upper() == "SKIP": private_subnet = "" cmd = os.path.join(os.path.dirname(__file__), 'openvpn-server-init.sh') system(cmd, key_email, public_address, virtual_subnet) if profile == "gateway": fh = open("/etc/openvpn/server.conf", "a") fh.write("# configure clients to route all their traffic through the vpn\n") fh.write("push \"redirect-gateway def1 bypass-dhcp\"\n\n") fh.close() if private_subnet:
if not admin_password: if 'd' not in locals(): d = Dialog('TurnKey Linux - First boot configuration') admin_password = d.get_password( "Samba Password", "Enter password for the samba 'administrator' account.", pass_req=8, min_complexity=3) if join and not join_nameserver: d = Dialog('Turnkey Linux - First boot configuration') while 1: retcode, join_nameserver = d.inputbox( "Add nameserver", "Set the DNS server IP and AD DNS domain in your /etc/resolv.conf.", "", "Add", "Skip") if retcode == 1: join_nameserver = "" break if not valid_ip(join_nameserver): d.error('IP is not valid.') continue if d.yesno("Is your DNS correct?", join_nameserver): break if join: system(
oinkcode = "" for opt, val in opts: if opt in ('-h', '--help'): usage() elif opt in ('-o', '--oink'): oinkcode = val if not oinkcode: d = Dialog('Insta-Snorby - First boot configuration') response = d.yesno( "Enter Oinkcode?", "Snorby can automatically download and install Sourcefire's VRT rules. In order to do this, you need obtain and enter your Oinkcode from snort.org. \n\nWould you like to enter your oink code?" ) if response: oinkcode = d.inputbox("Enter Oinkcode", "Please enter your 40 character Oinkcode") if oinkcode: system('echo %s > /root/oinkcode' % oinkcode[1]) d.infobox('VRT rules are downloading...') try: system( 'wget http://www.snort.org/reg-rules/snortrules-snapshot-edge.tar.gz/%s -o /dev/null -O /root/snortrules.tar.gz' % oinkcode[1]) except: d.error("Could not download VRT rules.") d.infobox('Download complete! VRT rules are extracting...') system('tar zxf /root/snortrules.tar.gz -C /root/') system('cp /root/rules/* /etc/snort/rules/')