Como construir un sistema integral de monitorización y Análisis Forense

#!/bin/bash
# Proyecto SMIAF
# Descripcion: Intalacion de sistema de monitorizacion integral, gestion documental, analisis forense y gestor de incidencias
# Autor: Balta
# Año: 2012
# Nota: Este script solo implanta las herramientas no los desarrollos posteriores en la interfaz, ya que dichos desarrollos tienen propiedad intelectual y no es precisamente mia.

## Edita estos parametros segun te convenga
#
MySQLCactiUser=”_cactiuser”     # MYSQL usuario para BD Cacti
MySQLCactiPwd=”_cactipassw”     # Password para Cacti
SystemCactiUser=”usercacti”     # Linux  cacti
MySQLRootPwd=”dbadmin”         # Password para MYSQL usuario “root”

# Instalaciones de plugins
CycleVersion=”1.2-1″             # Cycle
RealTimeVersion=”0.43-1″         # RealTime
LoginModVersion=”1.0″             # LoginMod
MonitorVersion=”1.2-1″             # Monitor
NectarVersion=”0.30″             # Nectar
SpikeKillVersion=”1.2-1″         # SpikeKill
TholdVersion=”0.43″             # Thold
WeatherMapVersion=”0.97a”         # PHP Network WeatherMap
ClogVersion=”1.6-1″             # Clog plugin
ModSecurityVersion=”2.5.11″        # Modsecurity
ModSecurityCRSVersion=”2.1.1″        # Modsecurity CRS

# Instalar arquitectura LAMP para Debian
apt-get update
apt-get install ssh patch zip -y
echo ‘pls use the password (dbadmin) for mysql to autoinstall below’
apt-get install apache2 -y
apt-get install mysql-server -y
apt-get install php5 php5-gd php5-cli php5-mysql -y
apt-get install rrdtool -y
apt-get install snmp snmpd php5-snmp -y

## Instalar Cacti

# Instalar the Cacti 0.8.7e con PA-v2.5 en Debian

cd /tmp
wget http://www.cacti.net/downloads/cacti-0.8.7e.tar.gz
tar zxvf cacti-0.8.7e.tar.gz
cp -R ./cacti-0.8.7e/* /var/www/
chown -R www-data:www-data /var/www

# crear db y dbuser para cacti
mysqladmin -u root -p$MySQLRootPwd create cacti
echo “GRANT ALL ON cacti.* TO $MySQLCactiUser@localhost IDENTIFIED BY ‘$MySQLCactiPwd’;”|mysql -u root -p$MySQLRootPwd mysql
mysql -u $MySQLCactiUser -p$MySQLCactiPwd cacti < /var/www/cacti.sql
cd /var/www/cacti/include/
sed -i -e ‘s/username = “cactiuser”/username = “‘$MySQLCactiUser'”/’ config.php
sed -i -e ‘s/password = “cactiuser”/password = “‘$MySQLCactiPwd'”/’ config.php
useradd $SystemCactiUser -g www-data -d /var/www/cacti -s /bin/false
chown -R $SystemCactiUser:www-data /var/www/cacti/rra/ /var/www/cacti/log/
chmod -R 770 /var/www/cacti/rra/ /var/www/cacti/log/
touch /etc/cron.d/cacti
echo “*/5 * * * * $SystemCactiUser php /var/www/cacti/poller.php >/dev/null 2>&1” > /etc/cron.d/cacti
rm -f /usr/src/cacti-0.8.7e.tar.gz

# patch cacti 0.8.7e
cd /var/www
wget http://www.cacti.net/downloads/patches/0.8.7e/cli_add_graph.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/snmp_invalid_response.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/template_duplication.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/data_source_deactivate.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/html_output.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/ldap_group_authenication.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/script_server_command_line_parse.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/ping.patch
wget http://www.cacti.net/downloads/patches/0.8.7e/poller_interval.patch
patch -p1 -N < cli_add_graph.patch
patch -p1 -N < snmp_invalid_response.patch
patch -p1 -N < template_duplication.patch
patch -p1 -N < data_source_deactivate.patch
patch -p1 -N < html_output.patch
patch -p1 -N < ldap_group_authenication.patch
patch -p1 -N < script_server_command_line_parse.patch
patch -p1 -N < ping.patch
patch -p1 -N < poller_interval.patch
rm cli_add_graph.patch
rm snmp_invalid_response.patch
rm template_duplication.patch
rm data_source_deactivate.patch
rm html_output.patch
rm html_output.patch
rm script_server_command_line_parse.patch
rm ping.patch
rm poller_interval.patch
chown -R www-data:www-data /var/www
mv /var/www/index.html /var/www/index.bak

# Instalar el Cacti-Spine
cd /usr/src/
wget http://www.cacti.net/downloads/spine/cacti-spine-0.8.7e.tar.gz
wget http://www.cacti.net/downloads/spine/patches/0.8.7e/unified_issues.patch
tar zxvf cacti-spine-0.8.7e.tar.gz
cd cacti-spine-0.8.7e/
patch -p1 -N < /usr/src/unified_issues.patch
./configure
make
mkdir /usr/local/spine
mv ./spine /usr/local/spine/
mv ./spine.conf.dist /usr/local/spine/spine.conf
cd /usr/local/spine/
sed -i -e ‘s/DB_User         cactiuser/DB_User         ‘$MySQLCactiUser’/’ spine.conf
sed -i -e ‘s/DB_Pass         cactiuser/DB_Pass         ‘$MySQLCactiPwd’/’ spine.conf
rm -f /usr/src/cacti-spine-0.8.7e.tar.gz
rm -rf /usr/src/cacti-spine-0.8.7e/
rm -f /usr/src/unified_issues.patch

# patch the PA 2.5 para cacti 0.8.7e db
mysql -u cactiuser -pcactiuser cacti < /tmp/pa.sql

#Configurar el snmp
cd /etc/snmp/
sed -i -e ‘s/com2sec paranoid/#com2sec paranoid/’ snmpd.conf
sed -i -e ‘s/#com2sec readonly/com2sec readonly/’ snmpd.conf
/etc/init.d/snmpd restart

# patch PA 2.5 para cacti 0.8.7e
cd /tmp
wget http://forums.cacti.net/download.php?id=18354 -O cacti-plugin-0.8.7e-PA-v2.5.zip
unzip cacti-plugin-0.8.7e-PA-v2.5.zip
cd /var/www
patch -p1 -N < /tmp/cacti-plugin-0.8.7e-PA-v2.5.diff
chown -R www-data:www-data /var/www

#Instalar Plugins de cacti
# Instalar settings
cd /usr/src/
wget http://docs.cacti.net/_media/plugin:settings-v0.7-1.tgz
mv plugin\:settings-v0.7-1.tgz settings-v0.7-1.tgz
tar zxvf ./settings-v0.7-1.tgz
mv /usr/src/settings/ /var/www/cacti/plugins/
rm -f /usr/src/settings-v0.7-1.tgz

# Instalar cycle
cd /usr/src/
wget http://docs.cacti.net/_media/plugin:cycle-v$CycleVersion.tgz
mv plugin\:cycle-v$CycleVersion.tgz cycle-v$CycleVersion.tgz
tar zxvf ./cycle-v$CycleVersion.tgz
mv /usr/src/cycle /var/www/cacti/plugins/cycle/
rm -f /usr/src/cycle-v$CycleVersion.tgz

# Instalar realtime
cd /usr/src/
wget http://docs.cacti.net/_media/plugin:realtime-v$RealTimeVersion.tgz
mv plugin:realtime-v$RealTimeVersion.tgz realtime-v$RealTimeVersion.tgz
tar zxvf ./realtime-v$RealTimeVersion.tgz
mv /usr/src/realtime/ /var/www/cacti/plugins/
mkdir /var/www/cacti/plugins/rt_cache/
chown -R www-data /var/www/cacti/plugins/rt_cache/
rm -f /usr/src/realtime-v$RealTimeVersion.tgz

# Instalar loginmod
cd /usr/src/
wget http://docs.cacti.net/_media/plugin:loginmod-latest.tgz
mv plugin:loginmod-latest.tgz loginmod-latest.tgz
tar zxvf ./loginmod-latest.tgz
mv /usr/src/loginmod-$LoginModVersion /var/www/cacti/plugins/loginmod/
rm -f /usr/src/loginmod-latest.tgz

# Instalar monitor
cd /usr/src/
wget http://docs.cacti.net/_media/plugin:monitor-v$MonitorVersion.tgz
mv plugin:monitor-v$MonitorVersion.tgz monitor-v$MonitorVersion.tgz
tar zxvf ./monitor-v$MonitorVersion.tgz
mv /usr/src/monitor /var/www/cacti/plugins/
rm -f /usr/src/monitor-v$MonitorVersion.tgz

# Instalar nectar
cd /usr/src/
wget http://docs.cacti.net/_media/plugin:nectar-v$NectarVersion.tgz
mv plugin:nectar-v$NectarVersion.tgz nectar-v$NectarVersion.tgz
tar zxvf ./nectar-v$NectarVersion.tgz
mv /usr/src/nectar /var/www/cacti/plugins/
rm -f /usr/src/nectar-v$NectarVersion.tgz

# Instalar spikekill
cd /usr/src/
wget http://docs.cacti.net/_media/plugin:spikekill-v$SpikeKillVersion.tgz
mv plugin:spikekill-v$SpikeKillVersion.tgz spikekill-v$SpikeKillVersion.tgz
tar zxvf ./spikekill-v$SpikeKillVersion.tgz
mv /usr/src/spikekill /var/www/cacti/plugins/
rm -f /usr/src/spikekill-v$SpikeKillVersion.tgz

# Instalar thold
cd /usr/src/
wget http://cactiusers.org/downloads/thold.gzip -O thold.tar.gz
tar zxvf ./thold.tar.gz
mv /usr/src/thold /var/www/cacti/plugins/
rm -f /usr/src/thold.tar.gz
/etc/init.d/apache2 restart
/etc/init.d/mysql restart

# Instalar NetworkWeatherMap
cd /usr/src/
apt-get install unzip php-pear -y
wget http://www.network-weathermap.com/files/php-weathermap-$WeatherMapVersion.zip
unzip ./php-weathermap-$WeatherMapVersion.zip
mv /usr/src/weathermap /var/www/cacti/plugins/weathermap/
rm -f /usr/src/php-weathermap-$WeatherMapVersion.zip
chown -R $SystemCactiUser:www-data /var/www/cacti/plugins/weathermap/output/
chown -R www-data:www-data /var/www/cacti/plugins/weathermap/configs/
# Adding a “strict” security policy to the WeatherMap editor
echo ‘### phpweathermap editor
<Directory /var/www/cacti/plugins/weathermap>
<Files editor.php>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>
</Directory>’ >> /etc/apache2/httpd.conf
sed -i -e ‘s/$ENABLED=false;/$ENABLED=true;/’ /var/www/cacti/plugins/weathermap/editor.php
/etc/init.d/apache2 restart

# Instalar clog
cd /usr/src/
wget http://docs.cacti.net/_media/plugin:clog-v$ClogVersion.tgz
tar zxvf ./clog-v$ClogVersion.tgz
mv /usr/src/clog /var/www/cacti/plugins/
rm -f /usr/src/clog-v$ClogVersion.tgz

# Instalar NTOP
apt-get install ntop
cd /usr/src/
wget http://docs.cacti.net/_media/plugin:ntop-v0.2-1.tgz
tar -xvf ntop*
mv /usr/src/ntop/ /var/www/cacti/plugins/
rm rf /usr/src/ntop-v0.2-1.tgz

# Instalar rsyslog
cd /usr/scr/
wget http://docs.cacti.net/_media/plugin:syslog-v1.22-2.tgz
tar -xvf syslog-v1.22-2.tgz
cp -r syslog/ /var/www/cacti/plugins/
chown -R admin:admin /var/www/cacti/plugins/syslog
chmod 775 /var/www/cacti/plugins/syslog
mysqladmin -u root -p$MySQLRootPwd create syslog
echo “GRANT ALL ON syslog.* TO $MySQLCactiUser@localhost IDENTIFIED BY ‘$MySQLCactiPwd’;”|mysql -u root -p$MySQLRootPwd mysql
cd syslog
mysql -u $MySQLCactiUser -p$MySQLCactiPwd syslog < syslog.sql
#hay que editar el archivo config.php poniendo los datos de conexion#
apt-key adv –recv-keys –keyserver keyserver.ubuntu.com AEF0CF8E -y
echo “deb http://ubuntu.adiscon.com/v7-devel precise/” >> /etc/apt/source.list
echo “deb-src http://ubuntu.adiscon.com/v7-devel precise/” >> /etc/apt/source.list
apt-get update
apt-get install rsyslog rsyslog-mysql
/etc/init.d/rsyslog restart

## Instalar Nagios
apt-get install build-essential libgd2-xpm-dev libssl-dev
/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd www-data
cd /usr/src
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.5.1.tar.gz
wget http://prdownloads.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.16.tar.gz
tar xzf nagios-3.5.1.tar.gz
./configure –with-command-group=nagcmd
make all
make install
make install-init
make install-config
make install-commandmode
make install-webconf
/etc/init.d/apache2 reload
cd ..
tar xzf nagios-plugins-1.4.16
cd nagios-plugins-1.4.16
./configure –with-nagios-user=nagios –with-nagios-group=nagios
make
make install
ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
/etc/init.d/nagios start

# Instalar plugin de Nagios para Cacti
apt-get install libg2-dev pkg-config libglib2.0-dev libmysqlclient-dev libmysql++-dev
cd /usr/src/
wget http://sourceforge.net/projects/nagios/files/ndoutils-1.x/ndoutils-1.5.2/ndoutils-1.5.2.tar.gz
tar xzf ndoutils-1.5.2.tar.gz
cd ndoutils-1.5.2
./configure
make
cp src/ndomod-3x.o /usr/local/nagios/bin/ndomod.o
cp config/ndomod.cfg-sample /usr/local/nagios/etc/ndomod.cfg
cp src/ndo2db-3x /usr/local/nagios/bin/ndo2db
cp config/ndo2db.cfg-sample /usr/local/nagios/etc/ndo2db.cfg
cd /usr/local/nagios/etc/
chown nagios:nagios ndomod.cfg ndo2db.cfg
cd /usr/local/nagios/bin/
chown nagios:nagios ndomod.o ndo2db
wget  http://www.constructaegis.com/downloads/npc-2.0.4.tar.gz
tar -xvf npc*
mv /usr/src/npc/ /var/www/cacti/plugins/
#Editar los ficheros nagios.conf para que apunte a Cacti#
mysql -u root -p$MySQLRootPwd
use cacti;
ALTER TABLE `npc_hostchecks` ADD COLUMN `long_output` varchar(8192) NOT NULL default ” AFTER `output`;
ALTER TABLE `npc_hoststatus` ADD COLUMN `long_output` varchar(8192) NOT NULL default ” AFTER `output`;
ALTER TABLE `npc_servicechecks` ADD COLUMN `long_output` varchar(8192) NOT NULL default ” AFTER `output`;
ALTER TABLE `npc_servicestatus` ADD COLUMN `long_output` varchar(8192) NOT NULL default ” AFTER `output`;
ALTER TABLE `npc_statehistory` ADD COLUMN `long_output` varchar(8192) NOT NULL default ” AFTER `output`;
ALTER TABLE `npc_eventhandlers` ADD COLUMN `long_output` varchar(8192) NOT NULL default ” AFTER `output`;
ALTER TABLE `npc_systemcommands` ADD COLUMN `long_output` varchar(8192) NOT NULL default ” AFTER `output`;
ALTER TABLE `npc_notifications` ADD COLUMN `long_output` varchar(8192) NOT NULL default ” AFTER `output`;
exit
/usr/local/nagios/bin/ndo2db -c /usr/local/nagios/etc/ndo2db.cfg
/etc/init.d/nagios restart

## Instalar Racktables
cd /tmp/
wget –no-check-certificate https://downloads.sourceforge.net/project/racktables/RackTables-0.19.6.tar.gz
tar -xvzf RackTables-0.19.6.tar.gz
sudo cp -r RackTables-0.19.6/wwwroot /var/www/racktables
mysqladmin -u root -p$MySQLRootPwd create ractables
echo “GRANT ALL ON racktables.* TO $MySQLCactiUser@localhost IDENTIFIED BY ‘$MySQLCactiPwd’;”|mysql -u root -p$MySQLRootPwd mysql
echo ‘Instalar Manualmente http://localhost/racktables&#8217;

#Instalar Plugin de Racktables para Cacti
cd /tmp
wget http://dc300.4shared.com/download/06Ixf4mYce/racktablestar.gz?tsid=20150116-224443-53a0bf8b&lgfp=2000
tar -xvf racktables.tar.gz
mv racktables /var/www/cacti/plugins/

## Instalar Mantis
apt-get install mantis

# reiniciar the apache2
/etc/init.d/apache2 restart

echo ‘usa http://localshot para acceso a cacti’


Para descargar el script completo.


Tampoco viene mal montar el vhost por eso de que quede la cosa mas o menos decentilla.

Anuncios

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s