From 25f3cdf0405638da91e0b5ce5f225dc5f52d5987 Mon Sep 17 00:00:00 2001 From: Oliver Gwyther Date: Mon, 15 Apr 2024 22:17:43 +0100 Subject: [PATCH] Added uo-to-date graylog and netbox installation sripts. --- .../ubuntu}/install-docker.sh | 0 graylog/install.sh | 101 +++++++++++++ netbox/install.sh | 139 ++++++++++++++++++ 3 files changed, 240 insertions(+) rename {ubuntu => !archived/ubuntu}/install-docker.sh (100%) create mode 100644 graylog/install.sh create mode 100644 netbox/install.sh diff --git a/ubuntu/install-docker.sh b/!archived/ubuntu/install-docker.sh similarity index 100% rename from ubuntu/install-docker.sh rename to !archived/ubuntu/install-docker.sh diff --git a/graylog/install.sh b/graylog/install.sh new file mode 100644 index 0000000..6d4d0bb --- /dev/null +++ b/graylog/install.sh @@ -0,0 +1,101 @@ +#!/bin/bash + +# Check if the script is being run as root +if [ "$(id -u)" -ne 0 ]; then + echo "This script must be run as root" 1>&2 + exit 1 +fi + +echo "Updating system..." +# Update the system +apt update && apt upgrade -y + +echo "Installing dependencies..." +# Install prerequisites for Graylog, OpenSearch, and MongoDB +apt install -y apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen wget gnupg + +# Disable huge pages support +echo "Disabling huge pages support..." +echo never > /sys/kernel/mm/transparent_hugepage/enabled +echo never > /sys/kernel/mm/transparent_hugepage/defrag + +# Set maximum file count for OpenSearch +echo "Setting maximum file count for OpenSearch..." +sysctl -w vm.max_map_count=262144 +echo "vm.max_map_count=262144" >> /etc/sysctl.conf + +# Add the OpenSearch repository and its GPG key +echo "Adding OpenSearch repository..." +wget -qO - https://d3g5vo6xdbdb9a.cloudfront.net/GPG-KEY-opensearch | apt-key add - +echo "deb https://d3g5vo6xdbdb9a.cloudfront.net/debian stable main" | tee /etc/apt/sources.list.d/opensearch.list + +# Add the MongoDB repository +echo "Adding MongoDB repository..." +wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | apt-key add - +echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/debian buster/mongodb-org/6.0 main" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list + +# Add the Graylog repository and its GPG key +echo "Adding Graylog repository..." +wget -qO - https://packages.graylog2.org/repo/packages/graylog-5.3-repository_latest.deb | dpkg -i - + +# Update the package index again +echo "Updating package index..." +apt update + +#Add OpenSearch User +echo "Adding Opensearch User" +adduser --system --disabled-password --disabled-login --home /var/empty --no-create-home --quiet --force-badname --group opensearch + +# Install OpenSearch and MongoDB +echo "Installing OpenSearch" +apt install -y opensearch + +#Create OpenSearch Directories +mkdir -p /graylog/opensearch/data +mkdir /var/log/opensearch + +#Extract Contents from tar +tar -zxf opensearch-2.0.1-linux-x64.tar.gz +mv opensearch-2.0.1/* /graylog/opensearch/ + +#Create empty log file +sudo -u opensearch touch /var/log/opensearch/graylog.log + +#Set Permissions +chown -R opensearch:opensearch /graylog/opensearch/ +chown -R opensearch:opensearch /var/log/opensearch +chmod -R 2750 /graylog/opensearch/ +chmod -R 2750 /var/log/opensearch/ + +#Install MongoDB +echo "Installing MongoDB" +sudo apt install -y MongoDB + +# Install Graylog +echo "Installing Graylog..." +apt install -y graylog-server + +# Prompt user to enter admin user password +read -sp "Enter your desired admin password for Graylog: " GRAYLOG_ADMIN_PASSWORD +echo + +# Generate a secret key for Graylog +echo "Generating secret key for Graylog..." +GRAYLOG_SECRET=$(pwgen -N 1 -s 96) +sed -i "s/password_secret =.*/password_secret = $GRAYLOG_SECRET/" /etc/graylog/server/server.conf + +# Generate a hash password for the admin user +echo "Generating hash password for the admin user..." +GRAYLOG_PASSWORD=$(echo -n "$GRAYLOG_ADMIN_PASSWORD" | sha256sum | awk '{print $1}') +sed -i "s/root_password_sha2 =.*/root_password_sha2 = $GRAYLOG_PASSWORD/" /etc/graylog/server/server.conf + +# Reload systemd +echo "Reloading systemd..." +systemctl daemon-reload + +# Enable and start Graylog service +echo "Enabling and starting Graylog service..." +systemctl enable graylog-server +systemctl start graylog-server + +echo "Graylog installation complete. You can access it at http://your-server-ip:9000" \ No newline at end of file diff --git a/netbox/install.sh b/netbox/install.sh new file mode 100644 index 0000000..b305de2 --- /dev/null +++ b/netbox/install.sh @@ -0,0 +1,139 @@ +#!/bin/bash + +# Check if running as root +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" + exit 1 +fi + +# Update and upgrade the system +echo "Updating and upgrading the system..." +apt update && apt upgrade -y + +# Install dependencies +echo "Installing dependencies..." +apt install -y python3 python3-pip python3-dev build-essential libxml2 libxml2-dev libxslt1-dev libffi-dev graphviz git libpq-dev libssl-dev redis-server postgresql postgresql-contrib nginx + +# Check Python version +echo "Checking Python version. Please ensure this meets the minimum requirements of Python 3.8, 3.9, 3.10 or 3.11.:" +python3 --version + +# Prompt user to confirm if the currently installed Python version meets the minimum requirements +read -p "Does the installed Python version meet the minimum requirements? (y/n): " PYTHON_CONFIRM +if [[ $PYTHON_CONFIRM != "y" ]]; then + echo "Please install the required version of Python and rerun this script." + exit 1 +fi + +# Add Netbox repository +echo "Adding Netbox repository..." +echo "deb https://packagecloud.io/netbox-community/netbox/ubuntu/ $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/netbox-community.list +curl -L https://packagecloud.io/netbox-community/netbox/gpgkey | apt-key add - + +# Prompt user for PostgreSQL and Netbox password +read -p "Enter PostgreSQL password for 'netbox' user: " PG_PASSWORD +read -p "Enter password for Netbox application: " NETBOX_PASSWORD + +# Create PostgreSQL user and database +echo "Creating PostgreSQL user and database..." +sudo -u postgres psql -c "CREATE DATABASE netbox;" +sudo -u postgres psql -c "CREATE USER netbox WITH PASSWORD '$PG_PASSWORD';" +sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox;" + +# Create new user for Netbox +echo "Creating new user for Netbox..." +useradd -m -s /bin/bash netbox + +# Install Netbox +echo "Installing Netbox..." +apt update +apt install -y netbox + +# Move into NetBox configuration directory and make a copy of configuration_example.py +echo "Copying Netbox configuration file..." +cd /opt/netbox/netbox/netbox/ +cp configuration.example.py configuration.py + +# Populate database fields in configuration.py with PostgreSQL information +echo "Populating the Netbox configuration file with prior PostgreSQL information..." +sed -i "s/'USER': '',/'USER': 'netbox',/g" configuration.py +sed -i "s/'NAME': '',/'NAME': 'netbox',/g" configuration.py +sed -i "s/'PASSWORD': '',/'PASSWORD': '$PG_PASSWORD',/g" configuration.py +sed -i "s/'HOST': '',/'HOST': 'localhost',/g" configuration.py + +# Prompt user to enter ALLOWED_HOSTS, REDIS, and SECRET_KEY +echo "Please enter manually input the following inforation..." +read -p "Enter ALLOWED_HOSTS (separated by commas): " ALLOWED_HOSTS +read -p "Enter REDIS server (usually 'localhost'): " REDIS +read -p "Enter SECRET_KEY: " SECRET_KEY + +# Parse user input into configuration.py +echo "Parsing the entered information to configuration.py..." +sed -i "s/ALLOWED_HOSTS = \[\]/ALLOWED_HOSTS = \[$ALLOWED_HOSTS\]/g" configuration.py +sed -i "s/REDIS = {}/REDIS = {'HOST': '$REDIS', 'PORT': 6379, 'PASSWORD': '', 'DATABASE': 0}/g" configuration.py +sed -i "s/SECRET_KEY = ''/SECRET_KEY = '$SECRET_KEY'/g" configuration.py + +# Perform initial database migration +echo "Performing initial database migration..." +sudo -u netbox /opt/netbox/upgrade.sh + +# Create directory for Netbox reports +echo "Creating directory for Netbox reports..." +mkdir -p /opt/netbox/netbox/media/reports + +# Check if directories exist +echo "Checking if directories exist..." +if [ ! -d "/opt/netbox/netbox/media/reports" ] || [ ! -d "/opt/netbox/netbox/media/" ] || [ ! -d "/opt/netbox/netbox/static/" ]; then + read -p "Required directories are missing. Do you want to create them? (y/n): " CREATE_DIRS + if [[ $CREATE_DIRS == "y" ]]; then + mkdir -p /opt/netbox/netbox/media/reports + mkdir -p /opt/netbox/netbox/media/ + mkdir -p /opt/netbox/netbox/static/ + else + echo "Please create the required directories manually and rerun the script." + exit 1 + fi +fi + +# Collect static files +echo "Collecting static files..." +sudo -u netbox /opt/netbox/manage.py collectstatic --no-input + +# Set file and directory permissions +echo "Setting file permissions..." +chown -R netbox:netbox /opt/netbox/netbox/media +chown -R netbox:netbox /opt/netbox/netbox/static +chown -R netbox:netbox /opt/netbox/netbox/media/reports + +# Restart services +echo "Restarting services..." +systemctl restart nginx +systemctl restart redis-server +systemctl restart postgresql + +# NGINX reverse proxy config +echo "NGINX reverse proxy configuration for Netbox:" +echo " +server { + listen 80; + server_name netbox.example.com; + + location / { + proxy_pass http://localhost:8001; + proxy_set_header X-Forwarded-Host \$server_name; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + } + + location /static/ { + alias /opt/netbox/netbox/static/; + } + + location /media/ { + alias /opt/netbox/netbox/media/; + } +} +" + +echo "Netbox installation completed successfully!" \ No newline at end of file