2018-12-10 19:08:59 +08:00
|
|
|
#!/bin/bash
|
|
|
|
|
2020-01-05 04:55:00 +08:00
|
|
|
exists() {
|
|
|
|
command -v "$1" >/dev/null 2>&1
|
|
|
|
}
|
|
|
|
|
2020-01-05 05:17:48 +08:00
|
|
|
is_root() {
|
|
|
|
return $(id -u)
|
|
|
|
}
|
|
|
|
|
|
|
|
has_sudo() {
|
|
|
|
# 0 true, 1 false
|
2020-12-08 23:01:36 +08:00
|
|
|
return $(sudo -nv > /dev/null 2>&1)
|
2020-01-05 05:17:48 +08:00
|
|
|
}
|
|
|
|
|
2020-01-20 15:43:45 +08:00
|
|
|
handle_error() {
|
|
|
|
echo "Fix the errors above and rerun the script"
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
|
|
|
log_message() {
|
|
|
|
echo -e "\n\n"
|
|
|
|
echo -e "DEPLOYMENT SCRIPT: $1"
|
|
|
|
}
|
|
|
|
|
2020-12-08 21:45:49 +08:00
|
|
|
if is_root; then
|
|
|
|
log_message "Please don't run this script as root"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2020-01-05 05:17:48 +08:00
|
|
|
config_branch=${2:-"develop"}
|
2020-02-03 14:43:35 +08:00
|
|
|
config_url="https://raw.githubusercontent.com/guardicore/monkey/${config_branch}/deployment_scripts/config"
|
2020-01-05 05:17:48 +08:00
|
|
|
|
2020-02-09 15:13:13 +08:00
|
|
|
if (! exists curl) && (! exists wget); then
|
2020-02-10 19:50:32 +08:00
|
|
|
log_message 'Your system does not have curl or wget, exiting'
|
2020-02-09 05:24:25 +08:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
file=$(mktemp)
|
2020-02-09 15:13:13 +08:00
|
|
|
# shellcheck disable=SC2086
|
|
|
|
if exists wget; then
|
2020-02-09 05:24:25 +08:00
|
|
|
# shellcheck disable=SC2086
|
2020-02-09 15:13:13 +08:00
|
|
|
wget --output-document=$file "$config_url"
|
2020-01-05 05:17:48 +08:00
|
|
|
else
|
2020-02-09 05:24:25 +08:00
|
|
|
# shellcheck disable=SC2086
|
2020-02-09 15:13:13 +08:00
|
|
|
curl -s -o $file "$config_url"
|
2020-01-05 05:17:48 +08:00
|
|
|
fi
|
|
|
|
|
2020-02-09 05:24:25 +08:00
|
|
|
log_message "downloaded configuration"
|
|
|
|
# shellcheck source=deployment_scripts/config
|
|
|
|
# shellcheck disable=SC2086
|
|
|
|
source $file
|
|
|
|
log_message "loaded configuration"
|
|
|
|
# shellcheck disable=SC2086
|
2020-02-09 15:13:13 +08:00
|
|
|
# rm $file
|
2020-02-09 05:24:25 +08:00
|
|
|
|
2018-12-10 19:08:59 +08:00
|
|
|
# Setup monkey either in dir required or current dir
|
2020-01-05 04:55:00 +08:00
|
|
|
monkey_home=${1:-$(pwd)}
|
|
|
|
if [[ $monkey_home == $(pwd) ]]; then
|
|
|
|
monkey_home="$monkey_home/$MONKEY_FOLDER_NAME"
|
2018-12-10 19:08:59 +08:00
|
|
|
fi
|
|
|
|
|
|
|
|
# We can set main paths after we know the home dir
|
|
|
|
ISLAND_PATH="$monkey_home/monkey/monkey_island"
|
|
|
|
MONGO_PATH="$ISLAND_PATH/bin/mongodb"
|
|
|
|
ISLAND_BINARIES_PATH="$ISLAND_PATH/cc/binaries"
|
2019-10-09 16:23:20 +08:00
|
|
|
INFECTION_MONKEY_DIR="$monkey_home/monkey/infection_monkey"
|
|
|
|
MONKEY_BIN_DIR="$INFECTION_MONKEY_DIR/bin"
|
2018-12-10 19:08:59 +08:00
|
|
|
|
2020-12-08 23:01:36 +08:00
|
|
|
if ! has_sudo; then
|
2020-12-08 23:23:53 +08:00
|
|
|
log_message "You need root permissions for some of this script operations. \
|
|
|
|
Run \`sudo -v\`, enter your password, and then re-run this script."
|
2020-01-05 04:55:00 +08:00
|
|
|
exit 1
|
2018-12-10 19:08:59 +08:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ ! -d ${monkey_home} ]]; then
|
2020-01-17 01:57:20 +08:00
|
|
|
mkdir -p "${monkey_home}"
|
2018-12-10 19:08:59 +08:00
|
|
|
fi
|
|
|
|
|
2020-01-17 01:54:02 +08:00
|
|
|
if ! exists git; then
|
2020-02-10 19:50:32 +08:00
|
|
|
log_message "Please install git and re-run this script"
|
2020-01-05 04:55:00 +08:00
|
|
|
exit 1
|
2018-12-10 19:08:59 +08:00
|
|
|
fi
|
|
|
|
|
|
|
|
log_message "Cloning files from git"
|
|
|
|
branch=${2:-"develop"}
|
|
|
|
if [[ ! -d "$monkey_home/monkey" ]]; then # If not already cloned
|
2020-03-25 19:12:40 +08:00
|
|
|
git clone --single-branch --recurse-submodules -b "$branch" "${MONKEY_GIT_URL}" "${monkey_home}" 2>&1 || handle_error
|
2020-01-17 01:57:20 +08:00
|
|
|
chmod 774 -R "${monkey_home}"
|
2018-12-10 19:08:59 +08:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Create folders
|
|
|
|
log_message "Creating island dirs under $ISLAND_PATH"
|
2020-02-09 17:53:06 +08:00
|
|
|
mkdir -p "${MONGO_PATH}" || handle_error
|
2020-01-17 01:57:20 +08:00
|
|
|
mkdir -p "${ISLAND_BINARIES_PATH}" || handle_error
|
2018-12-10 19:08:59 +08:00
|
|
|
|
2019-10-09 16:23:20 +08:00
|
|
|
# Detecting command that calls python 3.7
|
|
|
|
python_cmd=""
|
2020-01-05 04:55:00 +08:00
|
|
|
if [[ $(python --version 2>&1) == *"Python 3.7"* ]]; then
|
2019-10-09 16:23:20 +08:00
|
|
|
python_cmd="python"
|
|
|
|
fi
|
2020-01-05 04:55:00 +08:00
|
|
|
if [[ $(python37 --version 2>&1) == *"Python 3.7"* ]]; then
|
2019-10-09 16:23:20 +08:00
|
|
|
python_cmd="python37"
|
|
|
|
fi
|
2020-01-05 04:55:00 +08:00
|
|
|
if [[ $(python3.7 --version 2>&1) == *"Python 3.7"* ]]; then
|
2019-10-09 16:23:20 +08:00
|
|
|
python_cmd="python3.7"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ ${python_cmd} == "" ]]; then
|
|
|
|
log_message "Python 3.7 command not found. Installing python 3.7."
|
2019-10-23 20:11:58 +08:00
|
|
|
sudo add-apt-repository ppa:deadsnakes/ppa
|
2019-11-18 18:53:20 +08:00
|
|
|
sudo apt-get update
|
2020-02-03 15:15:22 +08:00
|
|
|
sudo apt install python3.7 python3.7-dev
|
2019-10-09 16:23:20 +08:00
|
|
|
log_message "Python 3.7 is now available with command 'python3.7'."
|
|
|
|
python_cmd="python3.7"
|
2018-12-10 19:08:59 +08:00
|
|
|
fi
|
|
|
|
|
2020-02-11 01:06:39 +08:00
|
|
|
log_message "Installing build-essential"
|
|
|
|
sudo apt install build-essential
|
2020-02-09 17:04:45 +08:00
|
|
|
|
2020-12-09 01:38:04 +08:00
|
|
|
log_message "Installing python3-distutils"
|
|
|
|
sudo apt install python3-distutils
|
|
|
|
|
2020-02-09 17:20:43 +08:00
|
|
|
log_message "Installing or updating pip"
|
2020-02-09 15:13:13 +08:00
|
|
|
# shellcheck disable=SC2086
|
2020-02-10 19:53:24 +08:00
|
|
|
pip_url=https://bootstrap.pypa.io/get-pip.py
|
2020-02-09 15:13:13 +08:00
|
|
|
if exists wget; then
|
2020-02-10 19:53:24 +08:00
|
|
|
wget --output-document=get-pip.py $pip_url
|
2020-02-09 05:24:25 +08:00
|
|
|
else
|
2020-02-10 19:53:24 +08:00
|
|
|
curl $pip_url -o get-pip.py
|
2020-02-09 05:24:25 +08:00
|
|
|
fi
|
2020-02-03 15:16:11 +08:00
|
|
|
${python_cmd} get-pip.py
|
2020-02-09 05:24:25 +08:00
|
|
|
rm get-pip.py
|
2020-02-03 15:16:11 +08:00
|
|
|
|
2020-02-09 18:02:57 +08:00
|
|
|
log_message "Installing island requirements"
|
2020-02-03 14:43:35 +08:00
|
|
|
requirements_island="$ISLAND_PATH/requirements.txt"
|
|
|
|
${python_cmd} -m pip install -r "${requirements_island}" --user --upgrade || handle_error
|
2018-12-10 19:08:59 +08:00
|
|
|
|
2020-02-09 18:02:57 +08:00
|
|
|
log_message "Installing monkey requirements"
|
2019-10-23 15:17:47 +08:00
|
|
|
sudo apt-get install libffi-dev upx libssl-dev libc++1
|
2020-02-03 14:43:35 +08:00
|
|
|
requirements_monkey="$INFECTION_MONKEY_DIR/requirements.txt"
|
|
|
|
${python_cmd} -m pip install -r "${requirements_monkey}" --user --upgrade || handle_error
|
2019-10-23 15:17:47 +08:00
|
|
|
|
2020-02-10 19:48:12 +08:00
|
|
|
|
|
|
|
agents=${3:-true}
|
2018-12-10 19:08:59 +08:00
|
|
|
# Download binaries
|
2020-02-10 19:48:12 +08:00
|
|
|
if [ "$agents" = true ] ; then
|
|
|
|
log_message "Downloading binaries"
|
|
|
|
if exists wget; then
|
|
|
|
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_32_BINARY_URL}
|
|
|
|
wget -c -N -P ${ISLAND_BINARIES_PATH} ${LINUX_64_BINARY_URL}
|
|
|
|
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_32_BINARY_URL}
|
|
|
|
wget -c -N -P ${ISLAND_BINARIES_PATH} ${WINDOWS_64_BINARY_URL}
|
|
|
|
else
|
|
|
|
curl -o ${ISLAND_BINARIES_PATH}\monkey-linux-32 ${LINUX_32_BINARY_URL}
|
|
|
|
curl -o ${ISLAND_BINARIES_PATH}\monkey-linux-64 ${LINUX_64_BINARY_URL}
|
|
|
|
curl -o ${ISLAND_BINARIES_PATH}\monkey-windows-32.exe ${WINDOWS_32_BINARY_URL}
|
|
|
|
curl -o ${ISLAND_BINARIES_PATH}\monkey-windows-64.exe ${WINDOWS_64_BINARY_URL}
|
|
|
|
fi
|
2020-02-09 05:24:25 +08:00
|
|
|
fi
|
|
|
|
|
2018-12-10 19:08:59 +08:00
|
|
|
# Allow them to be executed
|
|
|
|
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_32_BINARY_NAME"
|
|
|
|
chmod a+x "$ISLAND_BINARIES_PATH/$LINUX_64_BINARY_NAME"
|
2019-05-11 23:33:32 +08:00
|
|
|
|
2018-12-10 19:08:59 +08:00
|
|
|
# If a user haven't installed mongo manually check if we can install it with our script
|
2020-02-09 17:20:43 +08:00
|
|
|
if ! exists mongod; then
|
|
|
|
log_message "Installing MongoDB"
|
|
|
|
"${ISLAND_PATH}"/linux/install_mongo.sh ${MONGO_PATH} || handle_error
|
|
|
|
fi
|
2018-12-10 19:08:59 +08:00
|
|
|
log_message "Installing openssl"
|
|
|
|
sudo apt-get install openssl
|
|
|
|
|
|
|
|
# Generate SSL certificate
|
|
|
|
log_message "Generating certificate"
|
2020-02-09 17:37:25 +08:00
|
|
|
|
2020-12-09 01:39:07 +08:00
|
|
|
chmod u+x "${ISLAND_PATH}"/linux/create_certificate.sh
|
2020-02-09 17:37:25 +08:00
|
|
|
"${ISLAND_PATH}"/linux/create_certificate.sh ${ISLAND_PATH}/cc
|
2018-12-10 19:08:59 +08:00
|
|
|
|
2019-10-09 16:23:20 +08:00
|
|
|
# Update node
|
2020-02-09 17:31:12 +08:00
|
|
|
if ! exists npm; then
|
|
|
|
log_message "Installing nodejs"
|
2020-02-10 19:53:24 +08:00
|
|
|
node_src=https://deb.nodesource.com/setup_12.x
|
2020-02-09 17:31:12 +08:00
|
|
|
if exists curl; then
|
2020-02-10 19:53:24 +08:00
|
|
|
curl -sL $node_src | sudo -E bash -
|
2020-02-09 17:31:12 +08:00
|
|
|
else
|
2020-02-10 19:53:24 +08:00
|
|
|
wget -q -O - $node_src | sudo -E bash -
|
2020-02-09 17:31:12 +08:00
|
|
|
fi
|
|
|
|
sudo apt-get install -y nodejs
|
2020-02-09 05:24:25 +08:00
|
|
|
fi
|
2020-02-09 17:13:17 +08:00
|
|
|
|
2020-02-09 17:53:06 +08:00
|
|
|
pushd "$ISLAND_PATH/cc/ui" || handle_error
|
2019-10-24 16:17:10 +08:00
|
|
|
npm install sass-loader node-sass webpack --save-dev
|
2019-10-09 16:23:20 +08:00
|
|
|
npm update
|
2018-12-11 23:07:45 +08:00
|
|
|
|
2018-12-10 19:08:59 +08:00
|
|
|
log_message "Generating front end"
|
|
|
|
npm run dist
|
2020-02-09 17:53:06 +08:00
|
|
|
popd || handle_error
|
2018-12-10 19:08:59 +08:00
|
|
|
|
2019-10-09 16:23:20 +08:00
|
|
|
# Making dir for binaries
|
2020-01-17 01:57:20 +08:00
|
|
|
mkdir "${MONKEY_BIN_DIR}"
|
2019-10-09 16:23:20 +08:00
|
|
|
|
|
|
|
# Download sambacry binaries
|
|
|
|
log_message "Downloading sambacry binaries"
|
2020-02-09 15:13:13 +08:00
|
|
|
# shellcheck disable=SC2086
|
|
|
|
if exists wget; then
|
2020-02-09 05:24:25 +08:00
|
|
|
wget -c -N -P "${MONKEY_BIN_DIR}" ${SAMBACRY_64_BINARY_URL}
|
|
|
|
wget -c -N -P "${MONKEY_BIN_DIR}" ${SAMBACRY_32_BINARY_URL}
|
|
|
|
else
|
2020-02-09 17:27:10 +08:00
|
|
|
curl -o ${MONKEY_BIN_DIR}/sc_monkey_runner64.so ${SAMBACRY_64_BINARY_URL}
|
|
|
|
curl -o ${MONKEY_BIN_DIR}/sc_monkey_runner32.so ${SAMBACRY_32_BINARY_URL}
|
2020-02-09 05:24:25 +08:00
|
|
|
fi
|
2019-10-09 16:23:20 +08:00
|
|
|
# Download traceroute binaries
|
2019-10-23 19:46:59 +08:00
|
|
|
log_message "Downloading traceroute binaries"
|
2020-02-09 15:13:13 +08:00
|
|
|
# shellcheck disable=SC2086
|
|
|
|
if exists wget; then
|
2020-02-09 05:24:25 +08:00
|
|
|
wget -c -N -P "${MONKEY_BIN_DIR}" ${TRACEROUTE_64_BINARY_URL}
|
|
|
|
wget -c -N -P "${MONKEY_BIN_DIR}" ${TRACEROUTE_32_BINARY_URL}
|
|
|
|
else
|
2020-02-09 17:27:10 +08:00
|
|
|
curl -o ${MONKEY_BIN_DIR}/traceroute64 ${TRACEROUTE_64_BINARY_URL}
|
|
|
|
curl -o ${MONKEY_BIN_DIR}/traceroute32 ${TRACEROUTE_32_BINARY_URL}
|
2020-02-09 05:24:25 +08:00
|
|
|
fi
|
2019-10-09 16:23:20 +08:00
|
|
|
|
2020-02-03 14:43:35 +08:00
|
|
|
sudo chmod +x "${INFECTION_MONKEY_DIR}/build_linux.sh"
|
2018-12-10 19:08:59 +08:00
|
|
|
|
|
|
|
log_message "Deployment script finished."
|
2019-02-04 16:35:39 +08:00
|
|
|
exit 0
|