#!/bin/bash
set -e
clear
wait () {
secs=${1}
while [ $secs -gt 0 ]; do
echo -ne "$secs\033[0K\r"
sleep 1
: $((secs--))
done
}
echo "By default, all services except OPENSEARCH are public!"
echo "The configuration file access.ips is used to limit access to the services only to the configured IP ranges."
echo "Do you want to modify/edit this file now?"
read -p "(yes|no) [no] : " MODIFY
MODIFY=${MODIFY:-no}
case $MODIFY in
yes|Yes|YES )
echo modify
echo "Please enter which editor (command) you want to use for editing this file"
read -p "[vi] : " EDITOR
EDITOR=${EDITOR:-vi}
if [[ ( $EDITOR = "vi" ) || $EDITOR = "vim" ]]; then
if `which $EDITOR > /dev/null 2>&1`; then
echo "Instruction: "
echo -e "\t 1. press i to edit file"
echo -e "\t 2. modify file based on your needs"
echo -e "\t 3. to save changes use following sequence: 'Esc : wq' and press enter"
echo "to discard changes, use: 'Esc : q!' and press enter"
read -p "press enter to continue ..." CONTINUE
$EDITOR access.ips
else
echo "$EDITOR not found. install it and start over"
exit 1
fi
else
if `which $EDITOR > /dev/null 2>&1`; then
$EDITOR access.ips
else
echo "$EDITOR not found. install it and start over"
exit 1
fi
fi
;;
no|No|NO )
echo no
;;
* )
echo "Unknown answer, not modifying access rules!"
;;
esac
./generate_haproxy_whitelist_files.sh
if [ $? -gt 0 ]; then
echo "Error occurred, please check access.ips file structure. lines starting with '###' should not be modified"
exit 1
else
echo "Access restrictions configured successfully"
echo ""
fi
if [ -f group_vars/all/variables.yml ]; then
echo "Variables file (group_vars/all/variables.yml) is already configured manually. Please take a look if everything is correct and move to the next step"
echo
echo "group_vars/all/variables.yml:"
echo "============================================================"
cat group_vars/all/variables.yml
echo "============================================================"
else
echo "Set the FQDN which will be used to access the soctools services (the DNS record should already be in place)"
read -p "[$(hostname -f)]: " soctoolsproxy
soctoolsproxy=${soctoolsproxy:-$(hostname -f)}
echo
echo "Name of your organization (it will be used as organization name in MISP, The Hive and Cortex)"
read -p 'organization: ' organization
if [ -z $organization ]; then
echo "Error: Empty string for organization! exiting..."
exit 1
fi
echo
echo
echo
echo "Please provide the following parameters for the first SOCTools user, which will be created during the initialization with organization admin privileges (other user accounts can be created later via a web GUI):"
echo "username - Username of the user"
echo "firstname - First name of the user"
echo "lastname - Last name of the user"
echo "email - Email of the user"
#echo "DN - Distinguished Name of the user, for user certificate"
#echo "CN - Common Name of the user, for user certificate"
echo ""
read -p "username: " username
if [ -z "$username" ]; then
echo "Error: Empty username! exiting..."
exit 1
fi
read -p "firstname: " firstname
read -p "lastname: " lastname
read -p "email: " email
#read -p "Enter CN for Certificate [${firstname}${lastname}]: " CN
#CN=${CN:-${firstname}${lastname}}
CN="$username"
DN="CN=${CN}"
echo
echo
echo "Please provide the configuration for sending emails via SMTP (used by user management web GUI to send emails to users)."
echo "You can leave it empty if you are just testing and don't plan to add more users."
echo " host - Hostname of the SMTP server"
echo " sender - Email address used as the sender (e.g. 'soctools@${soctoolsproxy}')"
echo " username - Authenticate using this username (leave empty to send emails without authentication)"
echo " password - Authenticate using this password (WARNING: Password is stored in clear in a configuration file)"
echo
read -p "host []: " smtp_host
read -p "sender [soctools@${soctoolsproxy}]: " smtp_sender
if [ -z "$smtp_sender" ]; then
smtp_sender=soctools@${soctoolsproxy}
fi
read -p "username []: " smtp_username
read -p "password []: " smtp_password
echo
echo
echo "Please check the gathered variables and type 'yes' if everything is correct:"
echo "soctoolsproxy: $soctoolsproxy"
echo "organization: $organization"
echo "user:"
echo " firstname: $firstname"
echo " lastname: $lastname"
echo " username: $username"
echo " email: $email"
echo " DN: $DN"
echo " CN: $CN"
echo "smtp config:"
echo " host: $smtp_host"
echo " sender: $smtp_sender"
echo " username: $smtp_username"
echo " password: $smtp_password"
echo
echo
read -p "Correct? type 'yes' or 'no': " ANSWER
if [ "$ANSWER" = "yes" ]; then
if ! [ -f group_vars/all/variables.template ]; then
echo "template file(group_vars/all/variables.template) does not exists! exiting ..."
exit 1
else
cp -f group_vars/all/variables.template group_vars/all/variables.yml
sed -i "s/CHANGE_ME_TO_FQDN/${soctoolsproxy}/g" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_ORG/${organization}/g" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_SMTP_HOST/${smtp_host}/g" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_SMTP_SENDER/${smtp_sender}/g" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_SMTP_USERNAME/${smtp_username}/g" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_SMTP_PASSWORD/${smtp_password}/g" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_FIRST_NAME/${firstname}/" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_LAST_NAME/${lastname}/" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_USERNAME/${username}/" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_EMAIL/${email}/" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_DN/${DN}/" group_vars/all/variables.yml
sed -i "s/CHANGE_ME_CN/${CN}/" group_vars/all/variables.yml
echo
echo
echo "variables file generated (group_vars/all/variables.yml)"
echo "We have configured for you the following config files: access.ips, group_vars/all/variables.yml and we have also generated HAProxy Access Control Lists in the following directory: roles/haproxy/files"
echo ""
echo "move to next command to deploy the soctools cluster."
echo 'Thank You!'
fi
else
echo "Exiting based of user input ..."
exit 0
fi
fi