Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated support for openSUSE #285

Merged
merged 3 commits into from
Oct 17, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,9 @@ If there is the need for other distros, "someone" has to check and maintain the
## Installation

Reference the following files for OS-specific installation instructions:
[Raspbian](docs/install-instructions/Raspbian.md) (Recommended)
[Ubuntu](docs/install-instructions/Ubuntu.md)
[openSUSE](docs/install-instructions/openSUSE.md)
[Raspbian](docs/install-instructions/Raspbian.md) (Recommended),
[Ubuntu](docs/install-instructions/Ubuntu.md),
[openSUSE](docs/install-instructions/openSUSE.md) and
[AWS](docs/install-instructions/AWS.md)

## Background: `install.sh`
Expand Down
60 changes: 23 additions & 37 deletions bin/install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -519,17 +519,11 @@ if [ "$ID" == "opensuse-tumbleweed" ]; then
distversion=Tumbleweed
fi

if [ "$ID" == "opensuse-leap" ]; then
ID="opensuse"
dist='yum'
distversion=Leap
fi

dlog "dist: ${dist}, distversion: ${distversion}"

if [ "$dist" == "invalid" ]; then
outlog "You are not running a supported operating system. Right now, this script only works for Raspbian,"
outlog "openSUSE Tumbleweed/Leap and Amazon Linux AMI."
outlog "openSUSE Tumbleweed and Amazon Linux AMI."
outlog "Please ask [email protected] for help to add support for your OS. Include the /etc/os-release file."
exit 9
fi
Expand All @@ -540,7 +534,7 @@ if [ "$ID" != "raspbian" ] && [ "$ID" != "opensuse" ] && [ "$ID" != "raspbian" ]
outlog " - Ubuntu 18.04"
outlog " - Ubuntu 20.04"
outlog " - Ubuntu 22.04"
outlog " - openSUSE Tumbleweed/Leap."
outlog " - openSUSE Tumbleweed."
outlog "It may or may not work with your distro. Feel free to test and contribute."
outlog "Press ENTER to continue, CTRL+C to abort."
read lala
Expand Down Expand Up @@ -625,23 +619,15 @@ if [ "$FAST" == "0" ]; then

if [ "$ID" == "opensuse" ]; then
outlog "Updating your openSUSE Operating System will now be done."
[ "$distversion" = "Tumbleweed" ] && run 'zypper --non-interactive dup --no-recommends'
[ "$distversion" = "Leap" ] && run 'zypper --non-interactive up --no-recommends'
run 'zypper --non-interactive dup --no-recommends'
outlog "Installing additional packages"
[ "$distversion" == "Leap" ] && run 'zypper --non-interactive remove systemd-logger'
[ "$distversion" == "Tumbleweed" ] &&
run 'zypper --non-interactive install --no-recommends cron gcc libffi-devel python38-devel libopenssl-devel rsyslog dialog'
[ "$distversion" == "Leap" ] &&
run 'zypper --non-interactive install --no-recommends cron gcc libffi-devel python3-devel libopenssl-devel rsyslog dialog'
run 'zypper --non-interactive install --no-recommends cron gcc libffi-devel python311-devel libopenssl-devel rsyslog dialog'
run 'zypper --non-interactive install --no-recommends perl-libwww-perl perl-Switch perl-LWP-Protocol-https python3-requests'
run 'zypper --non-interactive install --no-recommends python3-Twisted python3-pycryptodome python3-pyasn1 python3-virtualenv'
run 'zypper --non-interactive install --no-recommends python3-zope.interface python3-pip rng-tools curl openssh unzip'
run 'zypper --non-interactive install --no-recommends python3-zope.interface python311-pip rng-tools curl openssh unzip'
run 'zypper --non-interactive install --no-recommends net-tools-deprecated patch logrotate'
run 'zypper --non-interactive install --no-recommends system-user-mail mariadb libmariadb-devel python3-PyMySQL jq'
[ "$distversion" == "Tumbleweed" ] &&
run 'zypper --non-interactive install --no-recommends python3-python-snappy snappy-devel gcc-c++'
[ "$distversion" == "Leap" ] &&
run 'zypper --non-interactive install --no-recommends snappy-devel gcc-c++'
run 'zypper --non-interactive install --no-recommends python3-python-snappy snappy-devel gcc-c++'
# opensuse does not have packet wamerican so copy it
mkdir -p /usr/share/dict
cp $progdir/../dict/american-english /usr/share/dict/
Expand Down Expand Up @@ -1715,7 +1701,7 @@ do_copy $progdir/../srv/dshield/fwlogparser.py ${DSHIELDDIR} 700
do_copy $progdir/status.sh ${DSHIELDDIR} 700
do_copy $progdir/cleanup.sh ${DSHIELDDIR} 700
do_copy $progdir/../srv/dshield/DShield.py ${DSHIELDDIR} 700
[ "$ID" = "opensuse" -a "$distversion" = "Tumbleweed" ] &&
[ "$ID" = "opensuse" ] &&
run "patch ${DSHIELDDIR}/DShield.py $progdir/../srv/dshield/DShield.patch"

# check: automatic updates allowed?
Expand Down Expand Up @@ -1913,8 +1899,11 @@ OLDDIR=$(pwd)

cd ${COWRIEDIR}
dlog "installing global dependencies from ${SCRIPTDIR}/requirements.txt"
run 'pip3 install --upgrade pip'
run "pip3 install -r ${SCRIPTDIR}/requirements.txt"
# openSUSE does not support installation with pip ouside environments
if [ "$ID" != "opensuse" ] ; then
run "pip3 install --upgrade pip"
run "pip3 install -r ${SCRIPTDIR}/requirements.txt"
fi
dlog "setting up virtual environment"
run 'virtualenv --python=python3 cowrie-env'
dlog "activating virtual environment"
Expand All @@ -1938,10 +1927,12 @@ fi
# we only need 'requests'
# dlog "installing dependencies requirements-output.txt"
# run 'pip3 install --upgrade -r requirements-output.txt'
run 'pip3 install --upgrade requests'
if [ ${?} -ne 0 ]; then
outlog "Error installing dependencies from requirements-output.txt. See ${LOGFILE} for details."
exit 9
if [ "$ID" != "opensuse" ] ; then
run "pip3 install --upgrade requests"
if [ ${?} -ne 0 ]; then
outlog "Error installing dependencies from requirements-output.txt. See ${LOGFILE} for details."
exit 9
fi
fi
cd ${OLDDIR}

Expand Down Expand Up @@ -1990,12 +1981,7 @@ run 'chown -R cowrie:cowrie ${COWRIEDIR}'

dlog "copying cowrie system files"

if [ "$ID" != "opensuse" ]; then
systemdpref=""
else # openSUSE
systemdpref="/usr"
fi
do_copy $progdir/../lib/systemd/system/cowrie.service ${systemdpref}/lib/systemd/system/cowrie.service 644
do_copy $progdir/../lib/systemd/system/cowrie.service /lib/systemd/system/cowrie.service 644
do_copy $progdir/../etc/cron.hourly/cowrie /etc/cron.hourly 755

# make sure to remove old cowrie start if they exist
Expand All @@ -2008,7 +1994,7 @@ run 'chown cowrie:cowrie ${COWRIEDIR}/log'
run 'mkdir -p ${COWRIEDIR}/log/tty'
run 'chmod 755 ${COWRIEDIR}/log/tty'
run 'chown cowrie:cowrie ${COWRIEDIR}/log/tty'
find /etc/rc?.d -name '*cowrie*' -delete
[ -d /etc/rc?.d ] && find /etc/rc?.d -name '*cowrie*' -delete
run 'systemctl daemon-reload'
run 'systemctl enable cowrie.service'

Expand All @@ -2024,8 +2010,8 @@ outlog "Installing ISC-Agent"
dlog "installing ISC-Agent"

# support for ubuntu server 22.04.2 LTS
dlog "(re)installing python attrs package"
run "pip3 install --ignore-installed attrs"
[ "$ID" != "opensuse" ] && dlog "(re)installing python attrs package"
[ "$ID" != "opensuse" ] && run "pip3 install --ignore-installed attrs"
run "mkdir -p ${ISC_AGENT_DIR}"
do_copy $progdir/../srv/isc-agent ${ISC_AGENT_DIR}/../
do_copy $progdir/../lib/systemd/system/isc-agent.service ${systemdpref}/lib/systemd/system/ 644
Expand All @@ -2034,7 +2020,7 @@ run "mkdir -m 0700 /srv/isc-agent/run"

OLDPWD=$PWD
cd ${ISC_AGENT_DIR}
run "pip3 install --upgrade pip"
[ "$ID" != "opensuse" ] && run "pip3 install --upgrade pip"
ISCAGENTENV="/srv/isc-agent/virtenv"
run "virtualenv --python=python3 $ISCAGENTENV"
run "pip3 install --ignore-installed -r requirements.txt --prefix $ISCAGENTENV"
Expand Down
53 changes: 19 additions & 34 deletions docs/install-instructions/openSUSE.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@


# dshield

## DShield Raspberry Pi Sensor for openSUSE Leap 15.3 and Tumbleweed system
## DShield Raspberry Pi Sensor for openSUSE Tumbleweed system

This is a set of scripts to setup a Raspberry Pi as a DShield Sensor.

Expand All @@ -14,15 +14,13 @@ Current design goals and prerequisites for using the automated installation proc
- support for IPv4 only (for the internal net)
- one interface only (e.g. eth0)

The current version is tested on Raspberry Pi OS, Ubuntu 22.04 LTS Server and on openSUSE Leap 15.3 and Tumbleweed,
not on other distros, sorry.
If there is the need for other distros, "someone" has to check and maintain the installation script.
The current version is tested on openSUSE Tumbleweed.

## Installation

In order to use the installation script on the Raspberry Pi, you will need to first prepare it. For openSUSE it is assumed that you are using openSUSE for this preparation.

- get the openSUSE image for your Raspberry Pi for Leap 15.3 [RPI3 from](http://download.opensuse.org/ports/aarch64/distribution/leap/15.3/appliances/openSUSE-Leap-15.3-ARM-JeOS-raspberrypi3.aarch64.raw.xz) or [RPi4 from](http://download.opensuse.org/ports/aarch64/distribution/leap/15.3/appliances/openSUSE-Leap-15.3-ARM-JeOS-raspberrypi4.aarch64.raw.xz) for Tumbleweed [RPi3 from](http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/openSUSE-Tumbleweed-ARM-JeOS-raspberrypi4.aarch64.raw.xz) or [RPi4 from](http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/openSUSE-Tumbleweed-ARM-JeOS-raspberrypi3.aarch64.raw.xz)
- get the openSUSE image for your Raspberry Pi for Tumbleweed [RPi3 and RPi4 from](http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/openSUSE-Tumbleweed-ARM-JeOS-raspberrypi3.aarch64.raw.xz)

- put it onto a micro-SD card (e.g. using procedures described [here for RPi3](https://en.opensuse.org/HCL:Raspberry_Pi3) or [here for RPi4](https://en.opensuse.org/HCL:Raspberry_Pi4)
- insert the micro-SD card in the Pi and power it on, to boot the Pi from the micro-SD card.
Expand All @@ -38,13 +36,9 @@ In order to use the installation script on the Raspberry Pi, you will need to fi
- make sure the Pi can reach out to the Internet using http(s), can resolve DNS, ... (DHCP)
- you may use the command *yast language* to set your language as the default language, the layout of the keyboard and the timezone.
- The first thing the install script will do is update the system.
- For Leap 15.3 it uses:

*zypper up --no-recommends*

- For Tumbleweed use:
- For Tumbleweed it uses:

*zypper dup --no-recommends*
*zypper dup --no-interactive --no-recommends*

- reboot

Expand All @@ -56,7 +50,7 @@ In order to use the installation script on the Raspberry Pi, you will need to fi

- get GIT repository

<em>git clone <span>https</span>://github.com/Dshield-ISC/dshield.git<em>
<em>git clone <span>https</span>://github.com/Dshield-ISC/dshield.git</em>

– in case you do a reinstall of a previous system, you should have saved the files `/etc/dshield.ini` and `/etc/dshield.sslca`, copy these files in the same locations; when you run the installation script answers are filled in and you only need to acknowledge the questions

Expand All @@ -76,7 +70,7 @@ In order to use the installation script on the Raspberry Pi, you will need to fi

- from now on you have to use port 12222 to connect to the device by SSH
- expose the Pi to inbound traffic. For example, in many firewalls and home routers
you will be able to configure it as a "DMZ Hosts", "exposed devices", ... see [hints below](#how-to-place-the-dshield-sensor--honeypot) for - well - hints ...
you will be able to configure it as a "DMZ Host", "exposed devices", ... see [hints below](#how-to-place-the-dshield-sensor--honeypot) for - well - hints ...

## Background: `install.sh`

Expand All @@ -87,36 +81,38 @@ This script will:
– openSUSE, from version 88 on, will use nftables instead of the depricated iptables
- change your ssh server to listen on port 12222 for you as administator (access only from configurable IP addresses)
- install the ssh honeypot cowrie (for ssh and telnet)
- install honeypot web server
- install honeypot web server (isc-agent)
- install needed environment (Perl and Python3 packages, bash scripts...)

## Troubleshooting

- logs are sent twice an hour to the [dshield portal](https://www.dshield.org) by the cron job `/etc/cron.d/dshield`, this can be verified by ['My Account' -> 'My Reports'](https://www.dshield.org/myreports.html)
- have a look at the output from the status script: `/root/install/dshield/bin/status.sh`
- if you get strange python / pip errors during installation / updates you may try the following commands as root:
`pip freeze --local | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip install -U`
- have a look at the output from the status script: `/root/install/dshield/bin/status.sh`or /srv/dshield/status.sh

## Updates

### Normal Updates

Inside your "dshield" directory (the directory created above when you run `git clone`), run

*cd install/dshield*
*cd ~/dshield*
*git pull*
*bin/install.sh*
*bin/install.sh --update*

The "--update" parameter will automatically use the existing configuration and not prompt the user for any configuration options.

Configuration parameters like your API Key will be retained. To edit the configuration, edit `/etc/dshield.ini`, rerun the install.sh script to configure the firewall. Editing `/etc/network/iptables` or `/etc/network/ruleset.nft` is not recommended (note: nat table is also used).

Also certificate information is saved in `/etc/dshield.sslca`.
Save these two `/etc/dshield.*` files on another system, and put these back in `/etc/` before you run the installation script, when you start allover again.

A feature is available, especially for automatic updates. At the end of the installation the install.sh script will search for the file `/root/bin/postinstall.sh` and execute its content, if it exists. If you need some extra changes in the newly installed files, this is the location to put them. This file NEEDS execute rights

Please make sure to keep special port and network configuration up to date (e.g. manually configure recently added telnet / web ports in firewall config), e.g. no-log config, no-honey config, ... unfortunately this can't be done automagically as of now. If unsure delete respective lines in `/etc/dshield.ini` and re-run the installation script.

Testing of update procedure is normally done (between two releases) as follows:
- update on Pi 3 from the last version to current
- install on a current clean image of raspbian lite on a Pi 3
- install on a current clean image of openSUSE Tumbleweed on a Pi 4

## Hints

Expand All @@ -141,7 +137,7 @@ To test your set up you may use a public port scanner and point it to the router
- cursor up / down: navigate through form / between input fields
- cursor left / right: navigate within an input field
- TAB: swich between input field and "buttons"
- don't use Pos 1 / End
- don't use Home / End

## Todos

Expand All @@ -151,18 +147,7 @@ To test your set up you may use a public port scanner and point it to the router

- see comments in install.sh
- see GIT commit comments


## DEV Instance - web.py

- It will not change the links at this time - to do
- Any data posted or user request strings will be logged to DB\webserver.sqlite

web.py - it will serve up a very basic page that can accept input and files.
Todo:
- Need to figure out how to serve up vulnerable pages - probably from the path
- SQL Injection - will likely use separate dorked database
- Would like to integrate with cowrie for shell attacks - (BHAG)
- An earlier version did support openSUSE Leap 15.3, which is end of life. The version 15.5 has Python 3.6, which is too old to support the current version of this software, so support for openSUSE Leap has been withdrawn.

Any input appreciated - Please file a bug report / issue via github - thanks!

Expand Down
6 changes: 3 additions & 3 deletions srv/isc-agent/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ defusedxml==0.7.1 ; python_full_version >= "3.7.1" and python_full_version < "4.
dnspython==2.3.0 ; python_full_version >= "3.7.1" and python_version < "4.0"
email-validator==2.0.0.post2 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0"
exceptiongroup==1.1.3 ; python_full_version >= "3.7.1" and python_version < "3.11"
greenlet==2.0.2 ; python_full_version >= "3.7.1" and (platform_machine == "aarch64" or platform_machine == "ppc64le" or platform_machine == "x86_64" or platform_machine == "amd64" or platform_machine == "AMD64" or platform_machine == "win32" or platform_machine == "WIN32") and python_full_version < "4.0.0"
greenlet==3.0.0 ; python_full_version >= "3.7.1" and (platform_machine == "aarch64" or platform_machine == "ppc64le" or platform_machine == "x86_64" or platform_machine == "amd64" or platform_machine == "AMD64" or platform_machine == "win32" or platform_machine == "WIN32") and python_full_version < "4.0.0"
h2==4.1.0 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0"
hpack==4.0.0 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0"
hyperframe==6.0.1 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0"
Expand Down Expand Up @@ -42,6 +42,6 @@ sqlalchemy==1.4.49 ; python_full_version >= "3.7.1" and python_full_version < "4
twisted-iocpsupport==1.0.4 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0" and platform_system == "Windows"
twisted[all-non-platform,http2]==22.10.0 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0"
typing-extensions==4.7.1 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0"
urllib3==1.26.16 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0"
urllib3==1.26.17 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0"
zipp==3.15.0 ; python_full_version >= "3.7.1" and python_version < "3.8"
zope-interface==6.0 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0"
zope-interface==6.1 ; python_full_version >= "3.7.1" and python_full_version < "4.0.0"