forked from StamusNetworks/SELKS
-
Notifications
You must be signed in to change notification settings - Fork 2
/
build-debian-live.sh
executable file
·624 lines (513 loc) · 28.6 KB
/
build-debian-live.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
#!/bin/bash
# Copyright Stamus Networks
# All rights reserved
# Debian Live/Install ISO script - oss@stamus-networks.com
#
# Please RUN ON Debian Buster only !!!
set -e
usage()
{
cat << EOF
usage: $0 options
########################################
#!!! RUN on Debian Buster (10) ONLY !!!#
########################################
SELKS build your own ISO options
OPTIONS:
-h Help info
-g GUI option - can be "no-desktop"
-p Add package(s) to the build - can be one-package or "package1 package2 package3...." (should be confined to up to 10 packages)
-k Kernel option - can be the stable standard version of the kernel you wish to deploy -
aka you can choose any kernel "3.x.x" you want.
Example: "4.16" or "3.19.6" or "3.18.11"
More info on kernel versions and support:
https://www.kernel.org/
https://www.kernel.org/category/releases.html
By default no options are required. The options presented here are if you wish to enable/disable/add components.
By default SELKS will be build with a standard Debian Stretch 64 bit distro and kernel ver 4.9+ (Stretch).
EXAMPLE (default):
./build-debian-live.sh
The example above (is the default) will build a SELKS standard Debian Stretch 64 bit distro (with kernel ver 3.16)
EXAMPLE (customizations):
./build-debian-live.sh -k 4.10
The example above will build a SELKS Debian Stretch 64 bit distro with kernel ver 4.10
./build-debian-live.sh -k 3.18.11 -p one-package
The example above will build a SELKS Debian Stretch 64 bit distro with kernel ver 3.18.11
and add the extra package named "one-package" to the build.
./build-debian-live.sh -k 3.18.11 -g no-desktop -p one-package
The example above will build a SELKS Debian Stretch 64 bit distro, no desktop with kernel ver 3.18.11
and add the extra package named "one-package" to the build.
./build-debian-live.sh -k 4.16 -g no-desktop -p "package1 package2 package3"
The example above will build a SELKS Debian Stretch 64 bit distro, no desktop with kernel ver 4.16
and add the extra packages named "package1", "package2", "package3" to the build.
EOF
}
GUI=no-desktop
KERNEL_VER=
while getopts “hg:k:p:” OPTION
do
case $OPTION in
h)
usage
exit 1
;;
g)
GUI=$OPTARG
if [[ "$GUI" != "no-desktop" ]];
then
echo -e "\n Please check the option's spelling \n"
usage
exit 1;
fi
;;
k)
KERNEL_VER=$OPTARG
if [[ "$KERNEL_VER" =~ ^[3-5]\.[0-9]+?\.?[0-9]+$ ]];
then
echo -e "\n Kernel version set to ${KERNEL_VER} \n"
else
echo -e "\n Please check the option's spelling "
echo -e " Also - only kernel versions >3.0 are supported !! \n"
usage
exit 1;
fi
;;
p)
PKG_ADD+=("$OPTARG")
#echo "The first value of the pkg array 'PKG_ADD' is '$PKG_ADD'"
#echo "The whole list of values is '${PKG_ADD[@]}'"
echo "Packages to be added to the build: ${PKG_ADD[@]} "
#exit 1;
;;
?)
GUI=
KERNEL_VER=
PKG_ADD=
echo -e "\n Using the default options for the SELKS ISO build \n"
;;
esac
done
shift $((OPTIND -1))
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
# Begin
# Pre staging
#
mkdir -p /binaries
if [ ! -f /binaries/megaraid_sas-07.721.02.00-1dkms.noarch.deb ]; then
cp ./drivers/megaraid_sas-07.721.02.00-1dkms.noarch.deb /binaries
fi
if [ ! -f /binaries/NVIDIA-Linux-x86_64-470.129.06.run ]; then
wget https://us.download.nvidia.com/tesla/470.129.06/NVIDIA-Linux-x86_64-470.129.06.run --output-document=/binaries/NVIDIA-Linux-x86_64-470.129.06.run
fi
if [ ! -f /binaries/cuda-repo-debian10-11-4-local_11.4.2-470.57.02-1_amd64.deb ]; then
wget https://developer.download.nvidia.com/compute/cuda/11.4.2/local_installers/cuda-repo-debian10-11-4-local_11.4.2-470.57.02-1_amd64.deb -o /binaries/cuda-repo-debian10-11-4-local_11.4.2-470.57.02-1_amd64.deb
fi
if [ ! -f /binaries/libcudnn8_8.2.4.15-1+cuda11.4_amd64.deb ]; then
wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/libcudnn8_8.2.4.15-1+cuda11.4_amd64.deb -o /binaries/libcudnn8_8.2.4.15-1+cuda11.4_amd64.deb
fi
if [ ! -f /binaries/libcudnn8-dev_8.2.4.15-1+cuda11.4_amd64.deb ]; then
wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/libcudnn8-dev_8.2.4.15-1+cuda11.4_amd64.deb -o /binaries/libcudnn8-dev_8.2.4.15-1+cuda11.4_amd64.deb
fi
if [ ! -f /binaries/unetbootin-linux64-702.bin ]; then
wget https://jaist.dl.sourceforge.net/project/unetbootin/UNetbootin/702/unetbootin-linux64-702.bin -o /binaries/unetbootin-linux64-702.bin
fi
if [ ! -f /binaries/moloch_2.7.1-1_amd64.deb ]; then
wget https://s3.amazonaws.com/files.molo.ch/builds/ubuntu-18.04/moloch_2.7.1-1_amd64.deb --output-document=/binaries/moloch_2.7.1-1_amd64.deb
fi
if [ ! -f /binaries/kibana-dashboards-stamus_2020122001_amd64.deb ]; then
wget http://packages.stamus-networks.com/selks6/debian/pool/main/k/kibana-dashboards-stamus/kibana-dashboards-stamus_2020122001_amd64.deb --output-document=/binaries/kibana-dashboards-stamus_2020122001_amd64.deb
fi
if [ ! -f /binaries/selks-scripts-stamus_2020121401_amd64.deb ]; then
wget http://packages.stamus-networks.com/selks6/debian/pool/main/s/selks-scripts-stamus/selks-scripts-stamus_2020121401_amd64.deb --output-document=/binaries/selks-scripts-stamus_2020121401_amd64.deb
fi
if [ ! -d /binaries/kibana7-dashboards ]; then
git clone https://github.com/lifesboy/KTS7.git /binaries/kibana7-dashboards
fi
if [ ! -d /binaries/cicflowmeter ]; then
git clone https://github.com/lifesboy/cicflowmeter-1.git /binaries/cicflowmeter
fi
if [ ! -d /binaries/scirius ]; then
git clone https://github.com/lifesboy/scirius.git /binaries/scirius
fi
if [ ! -d /binaries/selks ]; then
git clone -b gpu --single-branch https://github.com/lifesboy/SELKS.git /binaries/selks
fi
if [ ! -d /binaries/suricata ]; then
git clone -b master-6.0.x --single-branch https://github.com/lifesboy/suricata.git /binaries/suricata
rm -rf /binaries/suricata/libhtp
git clone -b 0.5.x --single-branch https://github.com/lifesboy/libhtp.git /binaries/suricata/libhtp
mkdir -p /binaries/suricata/suricata-update
cd /binaries/suricata/suricata-update
curl -L https://github.com/OISF/suricata-update/archive/master.tar.gz | tar zxvf - --strip-components=1
cd -
fi
if [ ! -d /binaries/squid ]; then
git clone https://github.com/lifesboy/squid.git /binaries/squid
fi
if [ ! -d /binaries/c-icap ]; then
#git clone -b c_icap_0_5_x --single-branch https://github.com/lifesboy/c-icap-server.git /binaries/c-icap-server
git clone https://github.com/lifesboy/c-icap.git /binaries/c-icap
fi
if [ ! -d /binaries/c-icap-modules ]; then
#git clone -b c_icap_0_5_x --single-branch https://github.com/lifesboy/c-icap-server.git /binaries/c-icap-server
git clone https://github.com/lifesboy/c-icap-modules.git /binaries/c-icap-modules
fi
if [ ! -d /binaries/squidclamav ]; then
#git clone -b v7.1 --single-branch https://github.com/lifesboy/squidclamav.git /binaries/squidclamav
git clone https://github.com/lifesboy/squidclamav.git /binaries/squidclamav
fi
if [ ! -d /binaries/plugins ]; then
git clone https://github.com/lifesboy/plugins.git /binaries/plugins
fi
if [ ! -d /binaries/lang ]; then
git clone -b gpu https://github.com/lifesboy/lang.git /binaries/lang
fi
mkdir -p Stamus-Live-Build
# Hook directory for the initramfs script to be copied to
#mkdir -p config/hooks/
mkdir -p Stamus-Live-Build/config/hooks/live/
if [[ -n "$KERNEL_VER" ]];
then
### START Kernel Version choice ###
cd Stamus-Live-Build && mkdir -p kernel-misc && cd kernel-misc
if [ ! -f /binaries/linux-${KERNEL_VER}.tar.xz ]; then
if [[ ${KERNEL_VER} == 3* ]];
then
wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-${KERNEL_VER}.tar.xz --output-document=/binaries/linux-${KERNEL_VER}.tar.xz
elif [[ ${KERNEL_VER} == 4* ]];
then
wget https://www.kernel.org/pub/linux/kernel/v4.x/linux-${KERNEL_VER}.tar.xz --output-document=/binaries/linux-${KERNEL_VER}.tar.xz
elif [[ ${KERNEL_VER} == 5* ]];
then
wget https://www.kernel.org/pub/linux/kernel/v5.x/linux-${KERNEL_VER}.tar.xz --output-document=/binaries/linux-${KERNEL_VER}.tar.xz
else
echo "Unsupported kernel version! Only kernel >3.0 are supported"
exit 1;
fi
fi
cp /binaries/linux-${KERNEL_VER}.tar.xz ./
if [ $? -eq 0 ];
then
echo -e "Downloaded successfully linux-${KERNEL_VER}.tar.xz "
else
echo -e "\n Please check your connection \n"
echo -e "CAN NOT download the requested kernel. Please make sure the kernel version is present here - \n"
echo -e "https://www.kernel.org/pub/linux/kernel/v3.x/ \n"
echo -e "or here respectively \n"
echo -e "https://www.kernel.org/pub/linux/kernel/v4.x/ \n"
exit 1;
fi
tar xfJ linux-${KERNEL_VER}.tar.xz
cd linux-${KERNEL_VER}
# Default linux kernel config
# Set up concurrent jobs with respect to number of CPUs
make defconfig && \
make clean && \
make -j `getconf _NPROCESSORS_ONLN` deb-pkg LOCALVERSION=-stamus-amd64 KDEB_PKGVERSION=${KERNEL_VER}
cd ../../
# Directory where the kernel image and headers are copied to
mkdir -p config/packages.chroot/
# Directory that needs to be present for the Kernel Version choice to work
mkdir -p cache/contents.chroot/
# Hook directory for the initramfs script to be copied to
#mkdir -p config/hooks/
mkdir -p config/hooks/live/
# Copy the kernel image and headers
#mv kernel-misc/*.deb config/packages.chroot/
#cp ../staging/config/hooks/all_chroot_update-initramfs.sh config/hooks/all_chroot_update-initramfs.chroot
mv kernel-misc/*.deb config/packages.chroot/
cp ../staging/config/hooks/live/all_chroot_update-initramfs.sh config/hooks/live/all_chroot_update-initramfs.chroot
### END Kernel Version choice ###
lb config \
-a amd64 -d buster \
--archive-areas "main contrib" \
--swap-file-size 2048 \
--bootloader syslinux \
--debian-installer live \
--bootappend-live "boot=live swap config username=selks-user live-config.hostname=SELKS live-config.user-default-groups=audio,cdrom,floppy,video,dip,plugdev,scanner,bluetooth,netdev,sudo" \
--linux-packages linux-image-${KERNEL_VER} \
--linux-packages linux-headers-${KERNEL_VER} \
--apt-options "--yes --force-yes" \
--linux-flavour stamus \
--iso-application SELKS - Suricata Elasticsearch Logstash Kibana Scirius \
--iso-preparer Stamus Networks \
--iso-publisher Stamus Networks \
--iso-volume Stamus-SELKS $LB_CONFIG_OPTIONS
else
cd Stamus-Live-Build && lb config \
-a amd64 -d buster \
--archive-areas "main contrib" \
--apt-options "-y -o APT::Keep-Downloaded-Packages=true" \
--swap-file-size 2048 \
--debian-installer live \
--bootappend-live "boot=live swap config username=selks-user live-config.hostname=SELKS live-config.user-default-groups=audio,cdrom,floppy,video,dip,plugdev,scanner,bluetooth,netdev,sudo" \
--iso-application SELKS - Suricata Elasticsearch Logstash Kibana Scirius \
--iso-preparer Stamus Networks \
--iso-publisher Stamus Networks \
--iso-volume Stamus-SELKS $LB_CONFIG_OPTIONS
# If needed a "live" kernel can be specified like so.
# In SELKS 4 as it uses kernel >4.9 we make sure we keep the "old/unpredictable" naming convention
# and we take care of that in chroot-inside-Debian-Live.sh
# more info -
# https://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
# --linux-packages linux-headers-4.9.20-stamus \
# --linux-packages linux-image-4.9.20-stamus \
# echo "deb http://packages.stamus-networks.com/selks5/debian-kernel/ stretch main" > config/archives/stamus-kernel.list.chroot
wget -O config/archives/packages-stamus-networks-gpg.key.chroot http://packages.stamus-networks.com/packages.selks5.stamus-networks.com.gpg.key
fi
# Create dirs if not existing for the custom config files
mkdir -p config/includes.chroot/etc/logstash/conf.d/
mkdir -p config/includes.chroot/etc/skel/Desktop/
mkdir -p config/includes.chroot/usr/share/applications/
mkdir -p config/includes.chroot/usr/share/xfce4/backdrops/
mkdir -p config/includes.chroot/etc/logrotate.d/
mkdir -p config/includes.chroot/etc/systemd/system/
mkdir -p config/includes.chroot/data/moloch/etc/
mkdir -p config/includes.chroot/etc/init.d/
mkdir -p config/includes.binary/isolinux/
mkdir -p config/includes.chroot/var/log/suricata/StatsByDate/
mkdir -p config/includes.chroot/usr/share/images/desktop-base/
mkdir -p config/includes.chroot/etc/suricata/rules/
mkdir -p config/includes.chroot/etc/profile.d/
mkdir -p config/includes.chroot/root/Desktop/
mkdir -p config/includes.chroot/etc/iceweasel/profile/
mkdir -p config/includes.chroot/etc/conky/
mkdir -p config/includes.chroot/etc/alternatives/
mkdir -p config/includes.chroot/etc/systemd/system/
mkdir -p config/includes.chroot/var/backups/
mkdir -p config/includes.chroot/etc/apt/
mkdir -p config/includes.chroot/usr/share/polkit-1/actions/
mkdir -p config/includes.chroot/usr/share/polkit-1/rules.d/
cd ../
#install rst2html on debian 10
apt install docutils-common -y
# cp README and LICENSE files to the user's desktop
cp LICENSE Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/
cp LICENSE Stamus-Live-Build/config/includes.chroot/etc/skel/
# some README adjustments - in order to add a http link
# to point to the latest README version located on SELKS github
# The same as above but for root
cp LICENSE Stamus-Live-Build/config/includes.chroot/root/Desktop/
# some README adjustments - in order to add a http link
# to point to the latest README version located on SELKS github
echo -e "\nPlease make sure you have the latest README copy -> https://github.com/StamusNetworks/SELKS/tree/master \n\n" > TMP.rst
cat README.rst >> TMP.rst
cat TMP.rst | sed -e 's/https:\/\/your.selks.IP.here/http:\/\/selks/' | rst2html > Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/README.html
# same as above but for root
cat TMP.rst | sed -e 's/https:\/\/your.selks.IP.here/http:\/\/selks/' | rst2html > Stamus-Live-Build/config/includes.chroot/root/Desktop/README.html
rm TMP.rst
# cp Scirius desktop shortcuts
cp staging/usr/share/applications/Scirius.desktop Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/
# Same as above but for root
cp staging/usr/share/applications/Scirius.desktop Stamus-Live-Build/config/includes.chroot/root/Desktop/
# Copy scirius config
cp -R staging/etc/scirius Stamus-Live-Build/config/includes.chroot/etc/
# Logstash and Elasticsearch 7 template
cp staging/etc/logstash/conf.d/logstash.conf Stamus-Live-Build/config/includes.chroot/etc/logstash/conf.d/
cp staging/etc/logstash/conf.d/cic.conf Stamus-Live-Build/config/includes.chroot/etc/logstash/conf.d/
cp staging/etc/logstash/conf.d/ray-result.conf Stamus-Live-Build/config/includes.chroot/etc/logstash/conf.d/
cp staging/etc/logstash/conf.d/ray-session.conf Stamus-Live-Build/config/includes.chroot/etc/logstash/conf.d/
cp staging/etc/logstash/elasticsearch7-template.json Stamus-Live-Build/config/includes.chroot/etc/logstash/
cp staging/etc/logstash/elasticsearch7-cic-template.json Stamus-Live-Build/config/includes.chroot/etc/logstash/
cp staging/etc/logstash/elasticsearch6-template.json Stamus-Live-Build/config/includes.chroot/etc/logstash/
cp staging/etc/logstash/elasticsearch6-cic-2017-template.json Stamus-Live-Build/config/includes.chroot/etc/logstash/
cp staging/etc/logstash/elasticsearch6-cic-2018-template.json Stamus-Live-Build/config/includes.chroot/etc/logstash/
cp staging/etc/logstash/elasticsearch6-ray-ppo-experiment-state-template.json Stamus-Live-Build/config/includes.chroot/etc/logstash/
cp staging/etc/logstash/elasticsearch6-ray-ppo-result-template.json Stamus-Live-Build/config/includes.chroot/etc/logstash/
cp staging/etc/logstash/elasticsearch6-ray-ppo-params-template.json Stamus-Live-Build/config/includes.chroot/etc/logstash/
cp staging/etc/logstash/elasticsearch6-ray-ppo-progress-template.json Stamus-Live-Build/config/includes.chroot/etc/logstash/
cp staging/etc/logstash/pipelines.yml Stamus-Live-Build/config/includes.chroot/etc/logstash/
# Moloch for SELKS set up
#cp staging/etc/systemd/system/molochpcapread-selks.service Stamus-Live-Build/config/includes.chroot/etc/systemd/system/
#cp staging/etc/systemd/system/molochviewer-selks.service Stamus-Live-Build/config/includes.chroot/etc/systemd/system/
#cp staging/data/moloch/etc/molochpcapread-selks-config.ini Stamus-Live-Build/config/includes.chroot/data/moloch/etc/
# Iceweasel bookmarks
cp staging/etc/iceweasel/profile/bookmarks.html Stamus-Live-Build/config/includes.chroot/etc/iceweasel/profile/
# Logrotate config for eve.json
cp staging/etc/logrotate.d/suricata Stamus-Live-Build/config/includes.chroot/etc/logrotate.d/
# Add the Stmaus Networs logo for the boot screen
cp staging/splash.png Stamus-Live-Build/config/includes.binary/isolinux/
# Add the SELKS wallpaper
cp staging/wallpaper/joy-wallpaper_1920x1080.svg Stamus-Live-Build/config/includes.chroot/etc/alternatives/desktop-background
#cp staging/wallpaper/joy-wallpaper_1920x1080.svg Stamus-Live-Build/config/includes.chroot/usr/share/xfce4/backdrops/
# Copy banners
cp staging/etc/motd Stamus-Live-Build/config/includes.chroot/etc/
cp staging/etc/issue.net Stamus-Live-Build/config/includes.chroot/etc/
# Copy pythonpath.sh
cp staging/etc/profile.d/pythonpath.sh Stamus-Live-Build/config/includes.chroot/etc/profile.d/
# Copy evebox desktop shortcut.
cp staging/usr/share/applications/Evebox.desktop Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/
# Same as above but for root
cp staging/usr/share/applications/Evebox.desktop Stamus-Live-Build/config/includes.chroot/root/Desktop/
# Copy set up IDS interface desktop shortcut.
cp staging/usr/share/applications/Setup-IDS-Interface.desktop Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/
chmod +x Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/Setup-IDS-Interface.desktop
# Same as above but for root
#cp staging/usr/share/applications/Setup-IDS-Interface.desktop Stamus-Live-Build/config/includes.chroot/root/Desktop/
# Copy first time set up desktop shortcut.
cp staging/usr/share/applications/FirstTime-Setup.desktop Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/
chmod +x Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/FirstTime-Setup.desktop
# Same as above but for root
#cp staging/usr/share/applications/FirstTime-Setup.desktop Stamus-Live-Build/config/includes.chroot/root/Desktop/
# Copy upgrade SELKS desktop shortcut.
cp staging/usr/share/applications/Upgrade-SELKS.desktop Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/
chmod +x Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/Upgrade-SELKS.desktop
# Same as above but for root
#cp staging/usr/share/applications/Upgrade-SELKS.desktop Stamus-Live-Build/config/includes.chroot/root/Desktop/
# copy polkit policies for selks-user to be able to execute as root
# first time setup scripts
cp staging/usr/share/polkit-1/actions/org.stamusnetworks.firsttimesetup.policy Stamus-Live-Build/config/includes.chroot/usr/share/polkit-1/actions/
cp staging/usr/share/polkit-1/actions/org.stamusnetworks.setupidsinterface.policy Stamus-Live-Build/config/includes.chroot/usr/share/polkit-1/actions/
cp staging/usr/share/polkit-1/actions/org.stamusnetworks.update.policy Stamus-Live-Build/config/includes.chroot/usr/share/polkit-1/actions/
cp staging/usr/share/polkit-1/rules.d/org.stamusnetworks.rules Stamus-Live-Build/config/includes.chroot/usr/share/polkit-1/rules.d/
# copy opnsense source
mkdir -p Stamus-Live-Build/chroot/usr/local
mkdir -p Stamus-Live-Build/chroot/usr/local/etc
mkdir -p Stamus-Live-Build/chroot/usr/share
mkdir -p Stamus-Live-Build/chroot/usr/lib/php/20180731/build
mkdir -p Stamus-Live-Build/conf
mkdir -p Stamus-Live-Build/chroot/etc/php/7.3/cli
cp -R staging/usr/local/opnsense Stamus-Live-Build/chroot/usr/local
cp -R staging/usr/local/wizard Stamus-Live-Build/chroot/usr/local
cp -R staging/usr/local/www Stamus-Live-Build/chroot/usr/local
cp -R staging/usr/local/etc/inc Stamus-Live-Build/chroot/usr/local/etc/
cp -R staging/usr/local/etc/ssl Stamus-Live-Build/chroot/usr/local/etc/
cp -R staging/usr/local/etc/config.xml Stamus-Live-Build/chroot/usr/local/etc/
cp -R staging/conf Stamus-Live-Build/chroot/
cp -R staging/usr/share/google-api-php-client Stamus-Live-Build/chroot/usr/share
cp -f staging/etc/php/7.3/cli/php.ini Stamus-Live-Build/chroot/etc/php/7.3/cli/php.ini
#cp -R staging/etc/php/7.3/cli/conf.d /etc/php/7.3/cli/
#cp -R staging/usr/lib/php /usr/lib/
rm -f /usr/lib/php/20180731/phalcon.so
cp -f staging/usr/lib/php/20180731/phalcon.so Stamus-Live-Build/chroot/usr/lib/php/20180731/
cp -R staging/etc/lighttpd Stamus-Live-Build/chroot/etc/
chown -R www-data:www-data Stamus-Live-Build/chroot/conf Stamus-Live-Build/chroot/usr/local/etc
# cp OPNSense desktop shortcuts
cp staging/usr/share/applications/NGFW.desktop Stamus-Live-Build/config/includes.chroot/etc/skel/Desktop/
# copy binaries
mkdir -p /binaries/cache/npm/scirius/hunt && \
ln -sf /var/cache/apt /binaries/cache/apt && \
ln -sf ~/.cargo /binaries/cache/cargo && \
ln -sf ~/.cache/pip /binaries/cache/pip && \
ln -sf ~/.npm /binaries/cache/npm/npm && \
ln -sf /scirius/node_modules /binaries/cache/npm/scirius/node_modules && \
ln -sf /scirius/hunt/node_modules /binaries/cache/npm/scirius/hunt/node_modules
mkdir -p Stamus-Live-Build/chroot/binaries/cache/apt && \
mkdir -p Stamus-Live-Build/chroot/binaries/cache/cargo && \
mkdir -p Stamus-Live-Build/chroot/binaries/cache/pip && \
mkdir -p Stamus-Live-Build/chroot/binaries/cache/npm/npm && \
mkdir -p Stamus-Live-Build/chroot/binaries/cache/npm/scirius/node_modules && \
mkdir -p Stamus-Live-Build/chroot/binaries/cache/npm/scirius/hunt/node_modules && \
# mkdir -p Stamus-Live-Build/chroot/var/cache/
cp /binaries/megaraid_sas-07.721.02.00-1dkms.noarch.deb Stamus-Live-Build/chroot/binaries/ && \
cp /binaries/cuda-repo-debian10-11-4-local_11.4.2-470.57.02-1_amd64.deb Stamus-Live-Build/chroot/binaries/ && \
cp /binaries/libcudnn8_8.2.4.15-1+cuda11.4_amd64.deb Stamus-Live-Build/chroot/binaries/ && \
cp /binaries/libcudnn8-dev_8.2.4.15-1+cuda11.4_amd64.deb Stamus-Live-Build/chroot/binaries/ && \
cp /binaries/unetbootin-linux64-702.bin Stamus-Live-Build/chroot/binaries/ && \
cp /binaries/moloch_2.7.1-1_amd64.deb Stamus-Live-Build/chroot/binaries/ && \
cp /binaries/kibana-dashboards-stamus_2020122001_amd64.deb Stamus-Live-Build/chroot/binaries/ && \
cp /binaries/selks-scripts-stamus_2020121401_amd64.deb Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/kibana7-dashboards Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/cicflowmeter Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/scirius Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/selks Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/suricata Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/squid Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/c-icap Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/c-icap-modules Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/squidclamav Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/plugins Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/lang Stamus-Live-Build/chroot/binaries/ && \
cp -R /binaries/cache/apt/* Stamus-Live-Build/chroot/binaries/cache/apt/ && \
cp -R /binaries/cache/cargo/* Stamus-Live-Build/chroot/binaries/cache/cargo/ && \
cp -R /binaries/cache/pip/* Stamus-Live-Build/chroot/binaries/cache/pip/ && \
cp -R /binaries/cache/npm/npm/* Stamus-Live-Build/chroot/binaries/cache/npm/npm/ && \
cp -R /binaries/cache/npm/scirius/node_modules/* Stamus-Live-Build/chroot/binaries/cache/npm/scirius/node_modules/ && \
cp -R /binaries/cache/npm/scirius/hunt/node_modules/* Stamus-Live-Build/chroot/binaries/cache/npm/scirius/hunt/node_modules/
# Add core system packages to be installed
echo "
libpcre3 libpcre3-dbg libpcre3-dev ntp
build-essential autoconf automake libtool libpcap-dev libnet1-dev
libyaml-0-2 libyaml-dev zlib1g zlib1g-dev libcap-ng-dev libcap-ng0
make flex bison git git-core libmagic-dev libnuma-dev pkg-config
libnetfilter-queue-dev libnetfilter-queue1 libnfnetlink-dev libnfnetlink0
libjansson-dev libjansson4 libnss3-dev libnspr4-dev libgeoip1 libgeoip-dev
rsync mc python-daemon libnss3-tools curl net-tools
python-crypto libgmp10 libyaml-0-2 python-simplejson python-pygments
python-yaml ssh sudo tcpdump nginx openssl jq patch
python-pip debian-installer-launcher live-build apt-transport-https
gnupg2 dkms util-linux
" \
>> Stamus-Live-Build/config/package-lists/StamusNetworks-CoreSystem.list.chroot
# Add system tools packages to be installed
echo "
ethtool bwm-ng iptraf htop rsync tcpreplay sysstat hping3 screen ngrep
tcpflow dsniff mc python-daemon wget curl vim bootlogd lsof libpolkit-agent-1-0 libpolkit-backend-1-0 libpolkit-gobject-1-0 policykit-1 policykit-1-gnome" \
>> Stamus-Live-Build/config/package-lists/StamusNetworks-Tools.list.chroot
# Unless otherwise specified the ISO will be with a Desktop Environment
if [[ -z "$GUI" ]]; then
#echo "lxde fonts-lyx wireshark terminator conky" \
#>> Stamus-Live-Build/config/package-lists/StamusNetworks-Gui.list.chroot
echo "task-xfce-desktop xfce4-goodies fonts-lyx wireshark terminator" \
>> Stamus-Live-Build/config/package-lists/StamusNetworks-Gui.list.chroot
echo "wireshark terminator open-vm-tools open-vm-tools lxpolkit" \
>> Stamus-Live-Build/config/package-lists/StamusNetworks-Gui.list.chroot
#echo "task-xfce-desktop" >> Stamus-Live-Build/config/package-lists/desktop.list.chroot
# Copy conky conf file
cp staging/etc/conky/conky.conf Stamus-Live-Build/config/includes.chroot/etc/conky/
# Copy the menu shortcuts for Kibana and Scirius
# this is for the lxde menu widgets - not the desktop shortcuts
cp staging/usr/share/applications/Scirius.desktop Stamus-Live-Build/config/includes.chroot/usr/share/applications/
# For Evebox to.
cp staging/usr/share/applications/Evebox.desktop Stamus-Live-Build/config/includes.chroot/usr/share/applications/
# For setting up Suricata IDS interface.
cp staging/usr/share/applications/Setup-IDS-Interface.desktop Stamus-Live-Build/config/includes.chroot/usr/share/applications/
# First time setup/init.
cp staging/usr/share/applications/FirstTime-Setup.desktop Stamus-Live-Build/config/includes.chroot/usr/share/applications/
fi
# If -p (add packages) option is used - add those packages to the build
if [[ -n "${PKG_ADD}" ]]; then
echo " ${PKG_ADD[@]} " >> \
Stamus-Live-Build/config/package-lists/StamusNetworks-UsrPkgAdd.list.chroot
fi
# Add specific tasks(script file) to be executed
# inside the chroot environment
cp staging/config/hooks/live/chroot-inside-Debian-Live.hook.chroot Stamus-Live-Build/config/hooks/live/
cp staging/config/hooks/live/moreutil.hook.chroot Stamus-Live-Build/config/hooks/live/
# Edit menu names for Live and Install
if [[ -n "$KERNEL_VER" ]];
then
# IF custom kernel option is chosen "-k ...":
# remove the live menu since different kernel versions and custom flavors
# can potentially fail to load in LIVE depending on the given environment.
# So we create a file for execution at the binary stage to remove the
# live menu choice. That leaves the options to install.
cp staging/config/hooks/live/menues-changes.hook.binary Stamus-Live-Build/config/hooks/live/
cp staging/config/hooks/live/menues-changes-live-custom-kernel-choice.hook.binary Stamus-Live-Build/config/hooks/live/
else
#cp staging/config/hooks/menues-changes.binary Stamus-Live-Build/config/hooks/
cp staging/config/hooks/live/menues-changes.hook.binary Stamus-Live-Build/config/hooks/live/
fi
cp staging/config/hooks/live/drivers.hook.binary Stamus-Live-Build/config/hooks/live/
# Debian installer preseed.cfg
echo "
d-i netcfg/hostname string SELKS
d-i passwd/user-fullname string selks-user User
d-i passwd/username string selks-user
d-i passwd/user-password password selks-user
d-i passwd/user-password-again password selks-user
d-i passwd/user-default-groups string audio cdrom floppy video dip plugdev scanner bluetooth netdev sudo
d-i passwd/root-password password StamusNetworks
d-i passwd/root-password-again password StamusNetworks
" > Stamus-Live-Build/config/includes.installer/preseed.cfg
# should stop current running db to avoid conflict for later steps
pg_ctlcluster 11 main stop || true
killall -9 postgres || true
# Build the ISO
cd Stamus-Live-Build && ( lb build --quiet 2>&1 | tee build.log )
#cd Stamus-Live-Build && ( lb build &> build.log )
#mv binary.hybrid.iso SELKS.iso
mv live-image-amd64.hybrid.iso SELKS.iso