Ghiro 0.2.1

by mbeach
0 deployments · 0 still active · last rev. 3 months ago

** This is currently unfinished and should not be deployed **

Installs and configures Ghiro. It will run as the user you provide in the setup, and listen on http://<yourIP>:8000

This heavily depends on Ghiro's documented installation process which may change at any point:
http://docs.getghiro.org/en/ghiro-0.2.1/setup/index.html

Ghiro is downloaded from it's git repo:
https://github.com/ghirensics/ghiro.git

A change to the installation process may break this StackScript.

Compatible with: Ubuntu 16.04 LTS
						#!/bin/bash
#
#
#<UDF name="ssuser" Label="Sudo user username?" example="username" />
#<UDF name="sspassword" Label="Sudo user password?" example="Strong12+CharacterPassword!" />
#<UDF name="sspubkey" Label="SSH pubkey (installed for root and sudo user)?" example="ssh-rsa ..." />
#<UDF name="ssmysqlpassword" Label="MySQL root password?" example="Strong12+CharacterPassword!" />

if [[ ! $SSUSER ]]; then read -p "Sudo user username?" SSUSER; fi
if [[ ! $SSPASSWORD ]]; then read -p "Sudo user password?" SSPASSWORD; fi
if [[ ! $SSPUBKEY ]]; then read -p "SSH pubkey (installed for root and sudo user)?" SSPUBKEY; fi
if [[ ! $SSMYSQLPASSWORD ]]; then read -p "MySQL root password?" SSMYSQLPASSWORD; fi

# initial needfuls
apt-get -o Acquire::ForceIPv4=true update
# console-setup = derp
DEBIAN_FRONTEND=noninteractive apt-get -o Acquire::ForceIPv4=true -y upgrade

# set up user 
adduser $SSUSER --disabled-password --gecos ""
echo "$SSUSER:$SSPASSWORD" | chpasswd
adduser $SSUSER sudo

# set up ssh pubkey
# for x in... loop doesn't work here, sadly
echo Setting up ssh pubkeys...
mkdir -p /root/.ssh
mkdir -p /home/$SSUSER/.ssh
echo "$SSPUBKEY" > /root/.ssh/authorized_keys
echo "$SSPUBKEY" > /home/$SSUSER/.ssh/authorized_keys
chmod -R 700 /root/.ssh
chmod -R 700 /home/${SSUSER}/.ssh
chown -R ${SSUSER}:${SSUSER} /home/${SSUSER}/.ssh
echo ...done

# disable password and root over ssh
echo Disabling passwords and root login over ssh...
sed -i -e "s/PermitRootLogin yes/PermitRootLogin no/" /etc/ssh/sshd_config
sed -i -e "s/#PermitRootLogin no/PermitRootLogin no/" /etc/ssh/sshd_config
sed -i -e "s/PasswordAuthentication yes/PasswordAuthentication no/" /etc/ssh/sshd_config
sed -i -e "s/#PasswordAuthentication no/PasswordAuthentication no/" /etc/ssh/sshd_config
echo Restarting sshd...
systemctl restart sshd
echo ...done

#set up fail2ban
echo Setting up fail2ban...
apt-get -o Acquire::ForceIPv4=true install -y fail2ban
cd /etc/fail2ban
cp fail2ban.conf fail2ban.local
cp jail.conf jail.local
systemctl enable fail2ban
systemctl start fail2ban
echo ...done

# setup ufw
ufw default deny incoming
ufw allow ssh
ufw allow 8000
systemctl enable ufw
systemctl start ufw

# here wee goooo...

apt-get -o Acquire::ForceIPv4=true -y install mongodb

debconf-set-selections <<< "mysql-server mysql-server/root_password password $SSMYSQLPASSWORD"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again password $SSMYSQLPASSWORD"
apt-get -o Acquire::ForceIPv4=true -y install mysql-server python-mysqldb

# apt-get -y install all-the-things
apt-get -o Acquire::ForceIPv4=true -y install python-pip build-essential python-dev python-gi libgexiv2-2 gir1.2-gexiv2-0.10 wkhtmltopdf git
apt-get -o Acquire::ForceIPv4=true -y install libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.5-dev tk8.5-dev python-tk

pip install --upgrade pip

apt-get -o Acquire::ForceIPv4=true -y install xvfb
printf '#!/bin/bash\nxvfb-run --server-args="-screen 0, 1024x768x24" /usr/bin/wkhtmltopdf $*' > /usr/bin/wkhtmltopdf.sh
chmod a+x /usr/bin/wkhtmltopdf.sh
ln -s /usr/bin/wkhtmltopdf.sh /usr/local/bin/wkhtmltopdf

cd /home/$SSUSER

git clone https://github.com/ghirensics/ghiro.git
cd ghiro

pip install -r requirements.txt

# anything below here is pretty much just notes.
exit #no, seriously, stop here.

python manage.py syncdb
# > # python manage.py syncdb
# > Unknown command: 'syncdb'
# > Type 'manage.py help' for usage.
python manage.py migrate

# to-do: try to set up Django superuser automagically -_-
# to-do: add cron @reboot tasks

# python manage.py runserver 0.0.0.0:8000

# python manage.py process

# apt-get install apache2 libapache2-mod-wsgi

# to-do: chown all the things!

# echo All finished! Rebooting...
# (sleep 5; reboot) &