trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added Malcolm

Browse Source
This commit is contained in:
Trinitor
2021-08-06 10:35:01 +02:00
parent f043730066
commit 70f1922e80
751 changed files with 195277 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
Vagrant/resources/malcolm/malcolm-iso/config/archives/docker.key.binary Normal file
View File

@@ -0,0 +1,62 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
=0YYh
-----END PGP PUBLIC KEY BLOCK-----

62
Vagrant/resources/malcolm/malcolm-iso/config/archives/docker.key.chroot Normal file
View File

@@ -0,0 +1,62 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
=0YYh
-----END PGP PUBLIC KEY BLOCK-----

2
Vagrant/resources/malcolm/malcolm-iso/config/archives/docker.list.binary Normal file
View File

@@ -0,0 +1,2 @@
deb [arch=amd64] https://download.docker.com/linux/debian buster stable

2
Vagrant/resources/malcolm/malcolm-iso/config/archives/docker.list.chroot Normal file
View File

@@ -0,0 +1,2 @@
deb [arch=amd64] https://download.docker.com/linux/debian buster stable

7416
Vagrant/resources/malcolm/malcolm-iso/config/archives/virtualbox.key.binary Normal file
View File

File diff suppressed because it is too large Load Diff

7416
Vagrant/resources/malcolm/malcolm-iso/config/archives/virtualbox.key.chroot Normal file
View File

File diff suppressed because it is too large Load Diff

1
Vagrant/resources/malcolm/malcolm-iso/config/archives/virtualbox.list.binary Normal file
View File

@@ -0,0 +1 @@
deb https://people.debian.org/~lucas/virtualbox-buster/ ./

1
Vagrant/resources/malcolm/malcolm-iso/config/archives/virtualbox.list.chroot Normal file
View File

@@ -0,0 +1 @@
deb https://people.debian.org/~lucas/virtualbox-buster/ ./

37
Vagrant/resources/malcolm/malcolm-iso/config/hooks/normal/0168-firefox-install.hook.chroot Executable file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
# Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved.
export LC_ALL=C.UTF-8
export LANG=C.UTF-8
curl -o /tmp/firefox.tar.bz2 -L "https://download.mozilla.org/?product=firefox-latest-ssl&os=linux64&lang=en-US"
if [ $(file -b --mime-type /tmp/firefox.tar.bz2) = 'application/x-bzip2' ]; then
mkdir -p /opt
rm -rvf /opt/firefox
tar -xvf /tmp/firefox.tar.bz2 -C /opt/
rm -vf /tmp/firefox.tar.bz2
if [[ -f /opt/firefox/firefox ]]; then
rm -vf /usr/local/bin/firefox
ln -vrs /opt/firefox/firefox /usr/local/bin/firefox
dpkg -s firefox-esr >/dev/null 2>&1 && apt-get -y --purge remove firefox-esr || true
cat << 'EOF' > /usr/share/applications/firefox.desktop
[Desktop Entry]
Name=Firefox
Comment=Web Browser
GenericName=Web Browser
X-GNOME-FullName=Firefox Web Browser
Exec=/opt/firefox/firefox %u
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/opt/firefox/browser/chrome/icons/default/default128.png
Categories=Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
StartupWMClass=Firefox
StartupNotify=true
EOF
fi
fi # /tmp/firefox.tar.bz2 check
rm -f /tmp/firefox.tar.bz2

8
Vagrant/resources/malcolm/malcolm-iso/config/hooks/normal/0169-pip-installs.hook.chroot Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
export LC_ALL=C.UTF-8
export LANG=C.UTF-8
# python 3
pip3 install --no-compile --no-cache-dir --force-reinstall --upgrade \
debinterface==3.4.0

20
Vagrant/resources/malcolm/malcolm-iso/config/hooks/normal/0900-setup-rc-local.hook.chroot Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/bash
sed -i 's/^exit 0//' /etc/rc.local 2>/dev/null
cat << 'EOF' >> /etc/rc.local
# other agg-specific initialization prior to starting up
/usr/local/bin/agg-init.sh
# hddtemp daemon for querying HDD temperatures
/usr/sbin/hddtemp --daemon --numeric --quiet --unit=C -4 --listen=127.0.0.1 --port=7634 /dev/sd?
systemctl mask ctrl-alt-del.target
exit 0
EOF
sed -i "1i #!/bin/sh" /etc/rc.local
chmod +x /etc/rc.local /usr/local/bin/*.sh /usr/local/bin/configure-*.py

54
Vagrant/resources/malcolm/malcolm-iso/config/hooks/normal/0910-agg-build.hook.chroot Executable file
View File

@@ -0,0 +1,54 @@
#!/bin/bash
BEATS_VER="7.10.2"
BEATS_OSS="-oss"
BEATS_DEB_URL_TEMPLATE_REPLACER="XXXXX"
BEATS_DEB_URL_TEMPLATE="https://artifacts.elastic.co/downloads/beats/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEATS_DEB_URL_TEMPLATE_REPLACER$BEATS_OSS-$BEATS_VER-amd64.deb"
DOCKER_COMPOSE_VER="1.29.1"
DOCKER_COMPOSE_URL="https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VER/docker-compose-$(uname -s)-$(uname -m)"
# install docker-compose
curl -o /usr/local/bin/docker-compose -sSL "$DOCKER_COMPOSE_URL" && chmod 755 /usr/local/bin/docker-compose
# tweak some dashboards for, then install filebeat/metricbeat/auditbeat/packetbeat
for BEAT in filebeat metricbeat auditbeat packetbeat; do
BEATS_URL="$(echo "$BEATS_DEB_URL_TEMPLATE" | sed "s/$BEATS_DEB_URL_TEMPLATE_REPLACER/$BEAT/g")"
BEATS_DEB="$BEAT-$BEATS_VER-amd64.deb"
BEATS_NEW_DEB="$BEAT-dark-$BEATS_VER-amd64.deb"
BEATS_TMP_DIR="$BEAT-deb"
pushd /tmp && \
curl -f -L -o "$BEATS_DEB" "$BEATS_URL" && \
dpkg-deb -x "$BEATS_DEB" "$BEATS_TMP_DIR" && \
dpkg-deb -e "$BEATS_DEB" "$BEATS_TMP_DIR/DEBIAN" && \
sed -i 's@\(\\"darkTheme\\" *: *\)false@\1true@g' "$BEATS_TMP_DIR"/usr/share/$BEAT/kibana/?/dashboard/*.json && \
( [[ "$BEAT" == "metricbeat" ]] && sed -i -e "s@ |\\\\\\\n\[Containers overview\](#/dashboard/CPU-slash-Memory-per-container)@@g" "$BEATS_TMP_DIR"/usr/share/$BEAT/kibana/?/dashboard/* || true ) && \
pushd "$BEATS_TMP_DIR" && ( rm -f DEBIAN/md5sums && find . -type f ! -regex '.*.hg.*' ! -regex '.*?debian-binary.*' ! -regex '.*?DEBIAN.*' -print0 | xargs -l -0 md5sum >> DEBIAN/md5sums ) && popd && \
dpkg-deb -b "$BEATS_TMP_DIR" "$BEATS_NEW_DEB" && \
rm -rf "$BEATS_TMP_DIR" && \
dpkg -i "$BEATS_NEW_DEB" && \
rm -rf "$BEATS_TMP_DIR" "$BEATS_DEB" "$BEATS_NEW_DEB" && \
popd
done
# add symlinks to our custom dashboards
FILES=$(shopt -s nullglob dotglob; echo /usr/share/filebeat/kibana/7/dashboard-custom/*)
if (( ${#FILES} )) ; then
ln -s -r -f /usr/share/filebeat/kibana/7/dashboard-custom/* /usr/share/filebeat/kibana/7/dashboard/
fi
FILES=$(shopt -s nullglob dotglob; echo /usr/share/metricbeat/kibana/7/dashboard-custom/*)
if (( ${#FILES} )) ; then
ln -s -r -f /usr/share/metricbeat/kibana/7/dashboard-custom/* /usr/share/metricbeat/kibana/7/dashboard/
fi
FILES=$(shopt -s nullglob dotglob; echo /usr/share/auditbeat/kibana/7/dashboard-custom/*)
if (( ${#FILES} )) ; then
ln -s -r -f /usr/share/auditbeat/kibana/7/dashboard-custom/* /usr/share/auditbeat/kibana/7/dashboard/
fi
###
# set up capabilities for network-related tools
chown root:netdev /usr/share/auditbeat/bin/auditbeat && \
setcap 'CAP_AUDIT_READ+eip' /usr/share/auditbeat/bin/auditbeat
###

14
Vagrant/resources/malcolm/malcolm-iso/config/hooks/normal/0911-get-stig-scripts.hook.chroot Executable file
View File

@@ -0,0 +1,14 @@
#!/bin/bash
# Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved.
# clone STIG-4-Debian, harbian-audit and debian-cis and clean up some stuff we don't need
mkdir -p /opt
git clone --depth 1 --recursive --single-branch https://github.com/hardenedlinux/STIG-4-Debian /opt/STIG-4-Debian
git clone --depth 1 --recursive --single-branch https://github.com/hardenedlinux/harbian-audit /opt/harbian-audit
git clone --depth 1 --recursive --single-branch https://github.com/ovh/debian-cis /opt/debian-cis
sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='/opt/harbian-audit'#" /opt/harbian-audit/debian/default.cfg
sed -i "s#CIS_ROOT_DIR=.*#CIS_ROOT_DIR='/opt/debian-cis'#" /opt/debian-cis/debian/default
# cp /opt/harbian-audit/debian/default.cfg /etc/default/cis-hardening
# cp /opt/debian-cis/debian/default /etc/default/cis-hardening
rm -rf /opt/STIG-4-Debian/.git /opt/harbian-audit/.git /opt/debian-cis/.git

45
Vagrant/resources/malcolm/malcolm-iso/config/hooks/normal/0990-remove-unwanted-pkg.hook.chroot Executable file
View File

@@ -0,0 +1,45 @@
#!/bin/bash
# remove development packages
apt-get -y --purge remove build-essential $(dpkg --get-selections | grep -v deinstall$ | cut -f1 | grep -P -- '-dev(:\w+)?$' | grep -Pv -- '^(dpkg|libgcc)') || true
# remove unwanted packages
apt-get -y --purge remove bluez-firmware \
cracklib-runtime \
deluge \
enchant \
ffmpeg \
gdb \
git \
gnome-accessibility-themes \
gucharmap \
libasound2-plugins \
libcupsfilters1 \
libcupsimage2 \
libx264* \
libx265* \
lxmusic \
mailutils \
mpv \
pavucontrol \
prelink \
pulseaudio \
smplayer \
xdg-user-dirs \
yelp \
youtube-dl || true
apt-get -y autoremove
apt-get clean
# remove any residual configs
dpkg -l | awk '/^rc/ { print $2 }' | xargs -r -l dpkg --purge
# disable automatic/initial running of some services (but don't abort if we fail)
systemctl disable systemd-timesyncd.service || true
systemctl disable ctrl-alt-del.target || true
systemctl disable hddtemp.service || true
systemctl disable apt-daily.service || true
systemctl disable apt-daily.timer || true
systemctl disable apt-daily-upgrade.timer || true
systemctl disable apt-daily-upgrade.service || true

173
Vagrant/resources/malcolm/malcolm-iso/config/hooks/normal/0991-security-performance.hook.chroot Executable file
View File

@@ -0,0 +1,173 @@
#!/bin/bash
# configure firewall
sed -i "s/LOGLEVEL=.*/LOGLEVEL=off/" /etc/ufw/ufw.conf
sed -i 's/DEFAULT_FORWARD_POLICY=.*/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
sed -i "s/#net\/ipv4\/ip_forward=1/net\/ipv4\/ip_forward=1/" /etc/ufw/sysctl.conf
read -r -d '' MASQUERADECFG <<- EOM
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING ! -o docker0 -s 172.29.0.0/16 -j MASQUERADE
COMMIT
EOM
awk '1' <(echo "$MASQUERADECFG") /etc/ufw/before.rules > /tmp/before.rules && \
cat /tmp/before.rules > /etc/ufw/before.rules && \
rm -f /tmp/before.rules
/usr/sbin/ufw --force enable
/usr/sbin/ufw default deny incoming
/usr/sbin/ufw default allow outgoing
UFW_ALLOW_RULES=(
https
ntp
ssh
5044
5601/tcp
9200/tcp
)
for i in ${UFW_ALLOW_RULES[@]}; do
ufw allow "$i"
done
# docker (disallow overriding firewall)
mkdir -p /etc/docker/
cat << 'EOF' > /etc/docker/daemon.json
{
"iptables": false,
"default-address-pools":[
{"base":"172.29.0.0/16","size":24}
]
}
EOF
# performance parameters for networking, disk, etc.
cat << 'EOF' >> /etc/sysctl.conf
# don't restrict dmesg to root
kernel.dmesg_restrict=0
# the maximum number of open file handles
fs.file-max=2097152
# increase maximums for inotify watches
fs.inotify.max_user_watches=131072
fs.inotify.max_queued_events=131072
fs.inotify.max_user_instances=512
# the maximum number of memory map areas a process may have
vm.max_map_count=262144
# decrease "swappiness" (swapping out runtime memory vs. dropping pages)
vm.swappiness=1
# the % of system memory fillable with "dirty" pages before flushing
vm.dirty_background_ratio=40
# maximum % of dirty system memory before committing everything
vm.dirty_ratio=80
net.core.netdev_max_backlog=250000
net.core.optmem_max=33554432
net.core.rmem_default=425984
net.core.rmem_max=33554432
net.core.somaxconn=65535
net.core.wmem_default=425984
net.core.wmem_max=33554432
net.ipv4.tcp_rmem=10240 425984 33554432
net.ipv4.tcp_wmem=10240 425984 33554432
net.ipv4.udp_mem=10240 425984 33554432
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.default.accept_source_route=0
net.ipv4.conf.default.send_redirects=0
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.ip_forward=1
net.ipv6.conf.all.accept_source_route=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.default.accept_ra=0
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
EOF
# password requirement hardening
sed -i -e 's/[[:space:]]*nullok[[:alnum:]_]*//g' /etc/pam.d/common-auth
sed -i -r "s/(pam_faildelay.so.*delay)[[:space:]]*=[[:space:]]*[[:digit:]]+/\1=4000000/g" /etc/pam.d/login
sed -i -r "s/([[:space:]]*session[[:space:]]*)[[:alnum:]_]*([[:space:]]*pam_lastlog.so[[:space:]]*)/\1required\2\tshowfailed/g" /etc/pam.d/login
sed -i "s/^[[:space:]]*password[[:space:]]*requisite[[:space:]]*pam_pwquality\.so.*/password requisite pam_pwquality.so retry=3 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 difok=8 minclass=4 maxrepeat=2 maxclassrepeat=4 minlen=15/g" /etc/pam.d/common-password
# enable cryptsetup support on boot
sed -i "s/#CRYPTSETUP=.*/CRYPTSETUP=y/" /etc/cryptsetup-initramfs/conf-hook
# enable guests to mount vmware/etc. fuse-based mounts with allow_other
sed -i "s/#user_allow_other.*/user_allow_other/" /etc/fuse.conf
# some permissions
find /etc/audit -type d -exec chmod 750 "{}" \;
find /etc/audit -type f -exec chmod 640 "{}" \;
chmod 600 /etc/ssh/sshd_config
# set DIR_MODE to 750 for new users
sed -i "s/^DIR_MODE=.*/DIR_MODE=0750/" /etc/adduser.conf
# new directories default to 750, new files to 640
echo -e "\n\n# new directories default to 700, new files to 600" >> /etc/profile
echo "umask 077" >> /etc/profile
echo "export UMASK=077" >> /etc/profile
# enable cron logging
sed -r -i "s@^#(cron\.\*\s+.*/var/log/cron\.log)@\1@" /etc/rsyslog.conf
# enable rsyslog forwarding to localhost:9514 over UDP (for filebeat syslog input)
echo >> /etc/rsyslog.conf
echo '*.* @127.0.0.1:9514' >> /etc/rsyslog.conf
echo >> /etc/rsyslog.conf
# put sudoers log into its own logfile
awk 'FNR==NR{ if (/^Defaults/) p=NR; next} 1; FNR==p{ print "Defaults\t!syslog\nDefaults\tlogfile=/var/log/sudo.log" }' /etc/sudoers /etc/sudoers > /tmp/newsudoers
mv /tmp/newsudoers /etc/sudoers && chmod 440 /etc/sudoers
cat << 'EOF' > /etc/logrotate.d/sudoers
/var/log/sudo.log
{
weekly
missingok
rotate 4
compress
delaycompress
copytruncate
minsize 100k
}
EOF
# tweak some auditd settings
sed -r -i "s/((disk_full_action|disk_error_action)\s*=\s*).*/\1 SYSLOG/" /etc/audit/auditd.conf
sed -r -i "s/(network_failure_action\s*=\s*).*/\1 syslog/" /etc/audisp/audisp-remote.conf
# disable ntp for now, and disable servers, but it could be turned back on later
systemctl disable ntp || true
sed -i "s/^\(pool \)/# \1/" /etc/ntp.conf
sed -i "s/^\(restrict -6\)/# \1/" /etc/ntp.conf
sed -i "s/^\(restrict ::1\)/# \1/" /etc/ntp.conf
sed -r -i "s/^(NTPD_OPTS=).*/\1'-4 -g'/" /etc/default/ntp
usermod -d /var/lib/ntp ntp
# disable htpdate service, we're going to use cron instead
systemctl disable htpdate || true
sed -i "s/#[[:space:]]*HTP_IFUP=.*/HTP_IFUP=no/" /etc/default/htpdate
sed -i "s/#[[:space:]]*HTP_DAEMON=.*/HTP_DAEMON=no/" /etc/default/htpdate
# remove identifying operating system information from /etc/issue
truncate -s 0 /etc/motd
sed -i "s/Debian/Hedgehog/g" /etc/issue
sed -i "s/Debian/Hedgehog/g" /etc/issue.net
# set up /etc/os-release information (override values in /etc/os-release with custom values)
if [[ -f /etc/skel/Malcolm/.os-info ]]; then
awk '
BEGIN {FS = OFS = "="}
{v1[$1] = $2}
END {for (key in v1) {print key, v1[key]}}
' /etc/os-release /etc/skel/Malcolm/.os-info | sort | sponge /etc/os-release
fi

52
Vagrant/resources/malcolm/malcolm-iso/config/includes.binary/boot/grub/grub.cfg Normal file
View File

@@ -0,0 +1,52 @@
# Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved.
set default=0
set timeout=-1
loadfont $prefix/dejavu-bold-16.pf2
loadfont $prefix/dejavu-bold-14.pf2
loadfont $prefix/unicode.pf2
set gfxmode=auto
insmod all_video
insmod gfxterm
set color_normal=cyan/black
set color_highlight=yellow/black
set menu_color_normal=black/light-gray
set menu_color_highlight=yellow/dark-gray
terminal_output gfxterm
insmod play
play 960 440 1 0 4 440 1
menuentry "Live system" {
linux /live/vmlinuz boot=live components username=analyst nosplash random.trust_cpu=on elevator=deadline cgroup_enable=memory swapaccount=1 cgroup.memory=nokmem
initrd /live/initrd.img
}
menuentry "Install Malcolm (quick install)" {
linux /install/vmlinuz preseed/file=/cdrom/install/preseed_multipar.cfg auto=true priority=high vga=normal locales=en_US.UTF-8 keyboard-layouts=us
initrd /install/initrd.gz
}
menuentry "Install Malcolm (encrypted quick install)" {
linux /install/vmlinuz preseed/file=/cdrom/install/preseed_multipar_crypto.cfg auto=true priority=high vga=normal locales=en_US.UTF-8 keyboard-layouts=us
initrd /install/initrd.gz
}
menuentry "Install Malcolm (advanced configuration)" {
linux /install/vmlinuz preseed/file=/cdrom/install/preseed_minimal.cfg auto=true priority=high vga=normal
initrd /install/initrd.gz
}
menuentry "Install Malcolm (virtual machine single partition quick install)" {
linux /install/vmlinuz preseed/file=/cdrom/install/preseed_vmware.cfg auto=true priority=high vga=normal locales=en_US.UTF-8 keyboard-layouts=us
initrd /install/initrd.gz
}
menuentry "Rescue system in text mode" {
linux /install/vmlinuz rescue/enable=true vga=normal
initrd /install/initrd.gz
}

50
Vagrant/resources/malcolm/malcolm-iso/config/includes.binary/install/preseed_base.cfg Normal file
View File

@@ -0,0 +1,50 @@
# Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved.
d-i hw-detect/load_firmware boolean true
d-i clock-setup/utc boolean true
d-i time/zone string Universal
d-i clock-setup/ntp boolean false
d-i clock-setup/ntp-server string 0.debian.pool.ntp.org
d-i popularity-contest/participate boolean false
localepurge localepurge/dontbothernew boolean false
localepurge localepurge/mandelete boolean true
localepurge localepurge/none_selected boolean false
localepurge localepurge/nopurge multiselect en, en_US, en_us.UTF-8, C.UTF-8
localepurge localepurge/quickndirtycalc boolean true
localepurge localepurge/remove_no note
localepurge localepurge/showfreedspace boolean false
localepurge localepurge/use-dpkg-feature boolean false
localepurge localepurge/verbose boolean false
# d-i passwd/username string analyst
# d-i passwd/user-fullname string analyst
d-i passwd/user-default-groups string audio cdrom video netdev plugdev docker vboxsf
d-i passwd/root-login boolean true
# crypted passwords via: mkpasswd -m sha-512 -S $(pwgen -ns 16 1) <password>
# uncomment to preseed passwords; otherwise installer will prompt
# d-i passwd/user-password-crypted password $6$FmMaqNyrr4TFmnJA$I2AViJlyJnRRq6G2omVVUIbvhfMGzS7iXxiexrzvMAtl5sE/kCzdKhWHTfQI2eh.HNTr5EY8gl/eGY2fwOa2u/
# d-i passwd/root-password-crypted password $6$IdgQYj2LVNUML3O1$sW2W75vVk4K4c1XAjqfrswL7GlhXWCW3jf5MVzMYAloY/soCpctkzQLKy0TXo4IS8bvGw4SJH5yZG1ZpHmRVB1
d-i apt-setup/use_mirror boolean false
d-i finish-install/reboot_in_progress note
d-i preseed/late_command string \
echo 'deb http://deb.debian.org/debian buster main contrib non-free' > /target/etc/apt/sources.list; \
echo 'deb http://security.debian.org/debian-security buster/updates main contrib non-free' >> /target/etc/apt/sources.list; \
echo 'deb http://deb.debian.org/debian buster-updates main contrib non-free' >> /target/etc/apt/sources.list; \
in-target bash /usr/local/bin/agg-init.sh; \
in-target bash -c "(dmidecode -s system-product-name | grep -q VMware) || apt-get purge -y open-vm-tools-desktop"; \
in-target bash -c "(dmidecode -s system-product-name | grep -q VirtualBox) || apt-get purge -y virtualbox-guest*"; \
in-target sed -r -i 's@(^.+\s+/(tmp|var/tmp)\s+ext4\s+.*defaults)@\1,nosuid,nodev,noexec@g' /etc/fstab; \
in-target sed -r -i 's@(^.+/media/cdrom[0-9]*.+)(noauto)(.*)@\1\2,nosuid,nodev,noexec\3@g' /etc/fstab; \
in-target sed -r -i 's@(^.+\s+/(home)\s+ext4\s+.*defaults)@\1,nosuid,nodev@g' /etc/fstab; \
in-target bash -c "( echo '\EFI\debian\grubx64.efi' > /boot/efi/startup.nsh ) || true"; \
in-target sed -i 's#^\(GRUB_CMDLINE_LINUX_DEFAULT="quiet\)"$#\1 random.trust_cpu=on elevator=deadline cgroup_enable=memory swapaccount=1 cgroup.memory=nokmem apparmor=1 security=apparmor ipv6.disable=1 audit=1"#' /etc/default/grub; \
in-target sed -i 's#^\(GRUB_CMDLINE_LINUX="\)"$#\1apparmor=1 security=apparmor audit=1"#' /etc/default/grub; \
in-target sed -i 's#^\(GRUB_DISTRIBUTOR=\).*$#\1"Hedgehog"#' /etc/default/grub; \
in-target cp /usr/share/images/desktop-base/Malcolm_background.png /boot/grub; \
in-target bash /usr/local/bin/preseed_late_user_config.sh; \
in-target grub-mkconfig -o /boot/grub/grub.cfg;

151
Vagrant/resources/malcolm/malcolm-iso/config/includes.binary/install/preseed_multipar.cfg Normal file
View File

@@ -0,0 +1,151 @@
# Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved.
d-i debian-installer/locale string en_US.UTF-8
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap skip-config
d-i keyboard-configuration/layout string "American English"
d-i preseed/include string preseed_base.cfg
###################################################################################################
# install root filesystem on smallest non-USB disk
d-i partman/early_command string \
ROOT_DISK=$(sh /preseed_partman_determine_disk.sh); \
pvremove -ff -y "$ROOT_DISK"*; \
debconf-set partman-auto/disk "$ROOT_DISK"; \
debconf-set grub-installer/bootdev "$ROOT_DISK"; \
sed -i.bak 's/-f $id\/skip_erase/-d $id/g' /lib/partman/lib/crypto-base.sh;
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i partman-auto/method string lvm
d-i partman-auto-lvm/new_vg_name string main
d-i partman-auto-lvm/guided_size string max
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-md/confirm boolean true
d-i partman-md/confirm_nooverwrite boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-basicmethods/method_only boolean false
d-i partman-efi/non_efi_system boolean true
d-i partman-basicfilesystems/choose_label string gpt
d-i partman-basicfilesystems/default_label string gpt
d-i partman-partitioning/choose_label string gpt
d-i partman-partitioning/default_label string gpt
d-i partman/choose_label string gpt
d-i partman/default_label string gpt
d-i partman/mount_style select uuid
d-i partman-auto/choose_recipe select custom
d-i partman-auto/expert_recipe string \
custom :: \
1 1 1 free \
$bios_boot{ } \
method{ biosgrub } \
. \
256 256 256 fat32 \
$primary{ } \
$iflabel{ gpt } \
$reusemethod{ } \
method{ efi } format{ } \
mountpoint{ /boot/efi } \
. \
1024 1024 1024 ext4 \
$primary{ } \
$bootable{ } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ /boot } \
. \
8192 8241 16384 linux-swap \
$defaultignore{ } \
$lvmok{ } \
in_vg { main } lv_name{ swap } \
method{ swap } \
format{ } \
. \
12000 16000 24000 ext4 \
$defaultignore{ } \
$lvmok{ } \
in_vg { main } lv_name{ root } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ / } \
. \
18000 24000 28000 ext4 \
$defaultignore{ } \
$lvmok{ } \
in_vg { main } lv_name{ var } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ /var } \
. \
2000 4000 6000 ext4 \
$defaultignore{ } \
$lvmok{ } \
in_vg { main } lv_name{ varlog } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ /var/log } \
. \
2000 4000 6000 ext4 \
$defaultignore{ } \
$lvmok{ } \
in_vg { main } lv_name{ varlogaudit } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ /var/log/audit } \
. \
2000 4000 6000 ext4 \
$defaultignore{ } \
$lvmok{ } \
in_vg { main } lv_name{ vartmp } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ /var/tmp } \
. \
2000 4000 6000 ext4 \
$defaultignore{ } \
$lvmok{ } \
in_vg { main } lv_name{ tmp } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ /tmp } \
. \
6000 8000 1000000000 ext4 \
$defaultignore{ } \
$lvmok{ } \
in_vg { main } lv_name{ home } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ /home } \
.
###################################################################################################

91
Vagrant/resources/malcolm/malcolm-iso/config/includes.binary/install/preseed_vmware.cfg Normal file
View File

@@ -0,0 +1,91 @@
# Copyright (c) 2021 Battelle Energy Alliance, LLC. All rights reserved.
d-i debian-installer/locale string en_US.UTF-8
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap skip-config
d-i keyboard-configuration/layout string "American English"
d-i preseed/include string preseed_base.cfg
###################################################################################################
# install root filesystem on smallest non-USB disk
d-i partman/early_command string \
ROOT_DISK=$(sh /preseed_partman_determine_disk.sh); \
pvremove -ff -y "$ROOT_DISK"*; \
debconf-set partman-auto/disk "$ROOT_DISK"; \
debconf-set grub-installer/bootdev "$ROOT_DISK"; \
sed -i.bak 's/-f $id\/skip_erase/-d $id/g' /lib/partman/lib/crypto-base.sh;
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i partman-auto/method string lvm
d-i partman-auto-lvm/new_vg_name string main
d-i partman-auto-lvm/guided_size string max
d-i partman-lvm/device_remove_lvm boolean true
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-md/device_remove_md boolean true
d-i partman-md/confirm boolean true
d-i partman-md/confirm_nooverwrite boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman-basicmethods/method_only boolean false
d-i partman-efi/non_efi_system boolean true
d-i partman-basicfilesystems/choose_label string gpt
d-i partman-basicfilesystems/default_label string gpt
d-i partman-partitioning/choose_label string gpt
d-i partman-partitioning/default_label string gpt
d-i partman/choose_label string gpt
d-i partman/default_label string gpt
d-i partman/mount_style select uuid
d-i partman-auto/choose_recipe select custom
d-i partman-auto/expert_recipe string \
custom :: \
1 1 1 free \
$bios_boot{ } \
method{ biosgrub } \
. \
256 256 256 fat32 \
$primary{ } \
$iflabel{ gpt } \
$reusemethod{ } \
method{ efi } format{ } \
mountpoint{ /boot/efi } \
. \
1024 1024 1024 ext4 \
$primary{ } \
$bootable{ } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ /boot } \
. \
8192 8241 16384 linux-swap \
$defaultignore{ } \
$lvmok{ } \
in_vg { main } lv_name{ swap } \
method{ swap } \
format{ } \
. \
12000 16000 1000000000 ext4 \
$defaultignore{ } \
$lvmok{ } \
in_vg { main } lv_name{ root } \
method{ format } \
format{ } \
use_filesystem{ } \
filesystem{ ext4 } \
mountpoint{ / } \
.
###################################################################################################

29
Vagrant/resources/malcolm/malcolm-iso/config/includes.binary/isolinux/advanced.cfg Normal file
View File

@@ -0,0 +1,29 @@
label live
menu label ^Live system
kernel /live/vmlinuz
append boot=live components username=analyst nosplash random.trust_cpu=on elevator=deadline cgroup_enable=memory swapaccount=1 cgroup.memory=nokmem initrd=/live/initrd.img --
label install
menu label ^Install Malcolm (quick install)
kernel /install/vmlinuz
append file=/preseed_multipar.cfg initrd=/install/initrd.gz auto=true priority=high locales=en_US.UTF-8 keyboard-layouts=us --
label installenc
menu label ^Install Malcolm (encrypted quick install)
kernel /install/vmlinuz
append file=/preseed_multipar_crypto.cfg initrd=/install/initrd.gz auto=true priority=high locales=en_US.UTF-8 keyboard-layouts=us --
label installadv
menu label ^Install Malcolm (advanced configuration)
kernel /install/vmlinuz
append file=/preseed_minimal.cfg initrd=/install/initrd.gz auto=true priority=high --
label installvm
menu label ^Install Malcolm (virtual machine single partition quick install)
kernel /install/vmlinuz
append file=/preseed_vmware.cfg initrd=/install/initrd.gz auto=true priority=high locales=en_US.UTF-8 keyboard-layouts=us --
label rescue
menu label ^Rescue system in text mode
kernel /install/vmlinuz
append rescue/enable=true initrd=/install/initrd.gz --

0
Vagrant/resources/malcolm/malcolm-iso/config/includes.binary/isolinux/install.cfg Normal file
View File

146
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/audit/rules.d/audit.rules Normal file
View File

@@ -0,0 +1,146 @@
## First rule - delete all
-D
## Increase the buffers to survive stress events.
## Make this bigger for busy systems
-b 8192
## This determine how long to wait in burst of events
--backlog_wait_time 0
## Set failure mode to syslog
-f 1
# exclusions
-a always,exclude -F msgtype=AVC
-a always,exclude -F msgtype=CRYPTO_KEY_USER
-a always,exclude -F msgtype=CWD
-a always,exclude -F msgtype=EOE
# commands
-a always,exit -F path=/bin/fusermount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/bin/mount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/bin/pmount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/bin/pumount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/bin/umount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/etc/audisp/audisp-remote.conf -F perm=wa -k config_file_change
-a always,exit -F path=/etc/audit/auditd.conf -F perm=wa -k config_file_change
-a always,exit -F path=/etc/default/grub -F perm=wa -k config_file_change
-a always,exit -F path=/etc/fstab -F perm=wa -k config_file_change
-a always,exit -F path=/etc/hosts.deny -F perm=wa -k config_file_change
-a always,exit -F path=/etc/login.defs -F perm=wa -k config_file_change
-a always,exit -F path=/etc/profile -F perm=wa -k config_file_change
-a always,exit -F path=/etc/sysctl.conf -F perm=wa -k config_file_change
-a always,exit -F path=/sbin/apparmor_parser -F perm=x -F auid>=1000 -F auid!=4294967295 -k MAC-policy
-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-unix-update
-a always,exit -F path=/usr/bin/bsd-write -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng
-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron
-a always,exit -F path=/usr/bin/dotlock.mailutils -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/expiry -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/fusermount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/ntfs-3g -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/bin/pkexec -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/pmount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/pumount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng
-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/wall -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/lib/dbus-1.0/dbus-daemon-launch-helper -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/lib/eject/dmcrypt-get-device -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/lib/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
-a always,exit -F path=/usr/lib/policykit-1/polkit-agent-helper-1 -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/lib/x86_64-linux-gnu/utempter/utempter -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/lib/xorg/Xorg.wrap -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/addgroup -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/adduser -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/exim4 -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/groupadd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/mount.cifs -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/netfilter-persistent -F perm=x -F auid>=1000 -F auid!=4294967295 -k nft_persistent_use
-a always,exit -F path=/usr/sbin/nft -F perm=x -F auid>=1000 -F auid!=4294967295 -k nft_cmd_use
-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix
-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix
-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/useradd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod
-a always,exit -F path=/usr/sbin/visudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
# privileged files
-w /bin/kmod -p x -k modules
-w /etc/apparmor.d/ -p wa -k MAC-policy
-w /etc/apparmor/ -p wa -k MAC-policy
-w /etc/group -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/hosts -p wa -k system-locale
-w /etc/issue -p wa -k system-locale
-w /etc/issue.net -p wa -k system-locale
-w /etc/localtime -p wa -k time-change
-w /etc/network -p wa -k system-locale
-w /etc/nftables.conf -p wa -k nft_config_file_change
-w /etc/opasswd -p wa -k usergroup_modification
-w /etc/passwd -p wa -k identity
-w /etc/security/opasswd -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/sudoers -p wa -k sudoers
-w /etc/sudoers.d/ -p wa -k sudoers
-w /sbin/insmod -p x -k modules
-w /sbin/modprobe -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /var/log/btmp -p wa -k session
-w /var/log/faillog -p wa -k logins
-w /var/log/lastlog -p wa -k logins
-w /var/log/sudo.log -p wa -k sudoaction
-w /var/log/tallylog -p wa -k logins
-w /var/log/wtmp -p wa -k session
-w /var/run/faillock -p wa -k logins
-w /var/run/utmp -p wa -k session
# syscalls
-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change
-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S clock_settime -k time-change
-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access
-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access
-a always,exit -F arch=b64 -S execve -C gid!=egid -F key=execpriv
-a always,exit -F arch=b64 -S execve -C uid!=euid -F key=execpriv
-a always,exit -F arch=b64 -S init_module -S delete_module -S create_module -S finit_module -k modules
-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k mounts
-a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -S rmdir -F auid>=1000 -F auid!=4294967295 -k delete
-a always,exit -F dir=/etc/audit/rules.d/ -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/pam.d/ -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/profile.d/ -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/security/ -F perm=wa -k config_file_change
-a exit,always -F arch=b64 -S sethostname -S setdomainname -k system-locale
# Make the configuration immutable -- reboot is required to change audit rules
-e 2

29
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/bash.bash_aliases Normal file
View File

@@ -0,0 +1,29 @@
# some more ls aliases
#safety
alias mv='mv -i'
alias rm='rm -I -v'
alias cp='cp -i'
alias chmod='chmod --preserve-root'
alias chown='chown --preserve-root'
#convenience
alias ls="ls --block-size=\"'1\" --color=auto --group-directories-first"
alias la='ls -A'
alias l='ls -oah'
alias ll='ls -l --si --color=auto --group-directories-first'
alias lt='ls -ltr'
alias lld='ls -lUd */'
alias lsize='ls -lSrh'
alias df='df -Th'
alias ln='ln -s'
alias ..='cd ..'
alias cd..='cd ..'
alias cd-='cd -'
alias cdp='cd -P'
alias dump='hexdump -C'
alias findbroken='find . -type l ! -exec test -r {} \; -print'
alias utime='date +%s'
alias dutop='du -csh ./* 2>/dev/null | sort -rh'
alias mountcol='mount | column -t'
alias dmesg='dmesg -wHx'

400
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/bash.bash_functions Normal file
View File

@@ -0,0 +1,400 @@
########################################################################
# text processing
########################################################################
function cols () {
first="awk '{print "
last="}'"
cmd="${first}"
commatime=""
for var in "$@"
do
if [ -z $commatime ]
then
commatime="no"
cmd=${cmd}\$${var}
else
cmd=${cmd}\,\$${var}
fi
done
cmd="${cmd}${last}"
eval $cmd
}
function headtail () {
awk -v offset="$1" '{ if (NR <= offset) print; else { a[NR] = $0; delete a[NR-offset] } } END { { print "--------------------------------" } for (i=NR-offset+1; i<=NR; i++) print a[i] }' ;
}
function wait_file() {
local file="$1"; shift
local wait_seconds="${1:-10}"; shift # 10 seconds as default timeout
until test $((wait_seconds--)) -eq 0 -o -f "$file" ; do sleep 1; done
((++wait_seconds))
}
function taildiff () {
LEFT_FILE=$1
RIGHT_FILE=$2
RIGHT_LINES=$(wc -l "$RIGHT_FILE" | cut -d ' ' -f1)
diff -bwBy --suppress-common-lines <(head -n $RIGHT_LINES "$LEFT_FILE") <(head -n $RIGHT_LINES "$RIGHT_FILE")
}
function fs() {
if du -b /dev/null > /dev/null 2>&1; then
local arg=-sbh;
else
local arg=-sh;
fi
if [[ -n "$@" ]]; then
du $arg -- "$@";
else
du $arg .[^.]* ./*;
fi;
}
function lin () {
sed -n $1p
}
function fsize () {
echo "$1" | awk 'function human(x) {
s=" B KiB MiB GiB TiB EiB PiB YiB ZiB"
while (x>=1024 && length(s)>1)
{x/=1024; s=substr(s,5)}
s=substr(s,1,4)
xf=(s==" B ")?"%5d ":"%0.2f"
return sprintf( xf"%s", x, s)
}
{gsub(/^[0-9]+/, human($1)); print}'
}
function multigrep() { local IFS='|'; grep -rinE "$*" . ; }
function ord() { printf "%d\n" "'$1"; }
function chr() { printf \\$(($1/64*100+$1%64/8*10+$1%8))\\n; }
########################################################################
# math
########################################################################
function calc () { python -c "from math import *; n = $1; print n; print '$'+hex(trunc(n))[2:]; print '&'+oct(trunc(n))[1:]; print '%'+bin(trunc(n))[2:];"; }
function add () {
awk '{s+=$1} END {print s}'
}
########################################################################
# directory navigation/file manipulation
########################################################################
function cd() { if [[ "$1" =~ ^\.\.+$ ]];then local a dir;a=${#1};while [ $a -ne 1 ];do dir=${dir}"../";((a--));done;builtin cd $dir;else builtin cd "$@";fi ;}
function fcd() { [ -f $1 ] && { cd $(dirname $1); } || { cd $1 ; } }
function up { cd $(eval printf '../'%.0s {1..$1}) && pwd; }
function realgo() { fcd $(realpath $(which $1)) && pwd ; }
function realwhich() { realpath $(which $1) ; }
function renmod() {
FILENAME="$@";
TIMESTAMP=$(date -d @$(stat -c%Y "$FILENAME") +"%Y%m%d%H%M%S")
mv -iv "$FILENAME" "$FILENAME.$TIMESTAMP"
}
function upto() {
local EXPRESSION="$1"
if [ -z "$EXPRESSION" ]; then
echo "A folder expression must be provided." >&2
return 1
fi
if [ "$EXPRESSION" = "/" ]; then
cd "/"
return 0
fi
local CURRENT_FOLDER="$(pwd)"
local MATCHED_DIR=""
local MATCHING=true
while [ "$MATCHING" = true ]; do
if [[ "$CURRENT_FOLDER" =~ "$EXPRESSION" ]]; then
MATCHED_DIR="$CURRENT_FOLDER"
CURRENT_FOLDER=$(dirname "$CURRENT_FOLDER")
else
MATCHING=false
fi
done
if [ -n "$MATCHED_DIR" ]; then
cd "$MATCHED_DIR"
return 0
else
echo "No Match." >&2
return 1
fi
}
# complete upto
_upto () {
# necessary locals for _init_completion
local cur prev words cword
_init_completion || return
COMPREPLY+=( $( compgen -W "$( echo ${PWD//\// } )" -- $cur ) )
}
complete -F _upto upto
########################################################################
# history
########################################################################
function h() { if [ -z "$1" ]; then history; else history | grep -i "$@"; fi; }
########################################################################
# searching
########################################################################
function fname() { find . -iname "*$@*"; }
########################################################################
# examine running processes
########################################################################
function auxer() {
ps aux | grep -i "$(echo "$1" | sed "s/^\(.\)\(.*$\)/\[\1\]\2/")"
}
function psgrep() {
ps axuf | grep -v grep | grep "$@" -i --color=auto;
}
function killtree() {
if [ "$1" ]
then
kill $(pstree -p $1 | sed 's/(/\n(/g' | grep '(' | sed 's/(\(.*\)).*/\1/' | tr "\n" " ")
else
echo "No PID specified">&2
fi
}
function howmuchmem () {
PROCNAME="$@";
RAMKILOBYTES=($(ps axo rss,comm|grep $PROCNAME| awk '{ TOTAL += $1 } END { print TOTAL }'));
RAMBYTES=$(echo "$RAMKILOBYTES*1024" | bc);
RAM=$(fsize $RAMBYTES);
echo "$RAM";
}
function mempercent () {
PROCNAME="$@";
ps -eo pmem,comm | grep "$PROCNAME" | awk '{sum+=$1} END {print sum " % of RAM"}'
}
function htopid () {
PROCPID="$1"
htop -p $(pstree -p $PROCPID | perl -ne 'push @t, /\((\d+)\)/g; END { print join ",", @t }')
}
function lport () {
if [ "$1" ]
then
netstat -anp 2>/dev/null|grep "$1"|grep LISTEN|awk '{print $4}'|grep -P -o "\d+"|grep -v "^0$"
else
echo "No process specified">&2
fi
}
########################################################################
# APT package management
########################################################################
function aptsearch() { apt-cache search "$1"; }
function aptsize() {
dpkg-query --show --showformat='${Package;-50}\t${Installed-Size} ${Status}\n' | sort -k 2 -n | grep -v deinstall
}
########################################################################
# date/time
########################################################################
function dateu()
{
if [ "$1" ]
then
echo $(date -u -d @$1);
else
echo "No UNIX time specified">&2
fi
}
function udate()
{
if [ "$1" ]
then
date -u +%s -d "$1"
else
date -u +%s
fi
}
function sec2dhms() {
declare -i SS="$1" D=$(( SS / 86400 )) H=$(( SS % 86400 / 3600 )) M=$(( SS % 3600 / 60 )) S=$(( SS % 60 )) [ "$D" -gt 0 ] && echo -n "${D}:" [ "$H" -gt 0 ] && printf "%02g:" "$H" printf "%02g:%02g\n" "$M" "$S"
}
########################################################################
# system
########################################################################
function ddisousb() {
if [ "$1" ] && [[ -r "$1" ]] ; then
if [ "$2" ] && [[ -r "$2" ]] ; then
echo "dd if=\"$1\" of=\"$2\" bs=4M status=progress oflag=sync"
dd if="$1" of="$2" bs=4M status=progress oflag=sync
else
echo "No destination device specified">&2
fi
else
echo "No iso file specified">&2
fi
}
function find_linux_root_device() {
local PDEVICE=`stat -c %04D /`
for file in $(find /dev -type b 2>/dev/null) ; do
local CURRENT_DEVICE=$(stat -c "%02t%02T" $file)
if [ $CURRENT_DEVICE = $PDEVICE ]; then
ROOTDEVICE="$file"
break;
fi
done
echo "$ROOTDEVICE"
}
function rotationals() {
for f in /sys/block/sd?/queue/rotational; do printf "$f is "; cat $f; done
}
function schedulers() {
for f in /sys/block/sd?/queue/scheduler; do printf "$f is "; cat $f; done
}
function watch_file_size() {
perl -e '
$file = shift; die "no file [$file]" unless ((-f $file) || (-d $file));
$isDir = (-d $file);
$sleep = shift; $sleep = 1 unless $sleep =~ /^[0-9]+$/;
$format = "%0.2f %0.2f\n";
while(1){
if ($isDir) {
$size = `du -0scb $file`;
$size =~ s/\s+.*//;
} else {
$size = ((stat($file))[7]);
}
$change = $size - $lastsize;
printf $format, $size/1024/1024, $change/1024/1024/$sleep;
sleep $sleep;
$lastsize = $size;
}' "$1" "$2"
}
function dux() {
du -x --max-depth=1|sort -rn|awk -F / -v c=$COLUMNS 'NR==1{t=$1} NR>1{r=int($1/t*c+.5); b="\033[1;31m"; for (i=0; i<r; i++) b=b"#"; printf " %5.2f%% %s\033[0m %s\n", $1/t*100, b, $2}'|tac
}
function dirtydev() {
while true; do cat /sys/block/$1/stat|cols 9; grep -P "(Dirty)\b" /proc/meminfo; sleep 1; done
}
function cpuuse() {
if [ "$1" ]; then
SLEEPSEC="$1"
else
SLEEPSEC=1
fi
{ cat /proc/stat; sleep "$SLEEPSEC"; cat /proc/stat; } | \
awk '/^cpu / {usr=$2-usr; sys=$4-sys; idle=$5-idle; iow=$6-iow} \
END {total=usr+sys+idle+iow; printf "%.2f\n", (total-idle)*100/total}'
}
########################################################################
# misc. shell/tmux/etc
########################################################################
function tmux() {
TMUX="$(which tmux)"
# old habits die hard, make "screen -l" and "screen -r" work the way I want them to for tmux
if [ "$#" -eq 1 ] && ([ "$1" = "-list" ] || [ "$1" = "-l" ]); then
shift
"$TMUX" ls
elif ([ "$#" -eq 1 ] || [ "$#" -ge 2 ]) && [ "$1" = "-r" ]; then
shift
if [ "$#" -eq 0 ]; then
"$TMUX" ls >/dev/null 2>&1 && "$TMUX" attach || echo "No tmux sessions found"
else
SID="$1"; shift
"$TMUX" attach -t "$SID" "$@"
fi
else
"$TMUX" "$@"
fi
}
function screen() {
tmux "$@"
}
########################################################################
# helper functions for docker
########################################################################
# run a new container and remove it when done
function drun() {
docker run -t -i -P --rm \
"$@"
}
# Get latest container ID
alias dl="docker ps -l -q"
# Get container process
alias dps="docker ps"
# Get process included stop container
alias dpa="docker ps -a"
# Get images
alias di="docker images | tail -n +2"
alias dis="docker images | tail -n +2 | cols 1 2 | sed \"s/ /:/\""
# Get container IP
alias dip="docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}'"
# Execute in existing interactive container, e.g., $dex base /bin/bash
alias dex="docker exec -i -t"
# backup *all* docker images!
function docker_backup() {
for IMAGE in `dis`; do export FN=$(echo "$IMAGE" | sed -e 's/[^A-Za-z0-9._-]/_/g') ; docker save "$IMAGE" | pv | pigz > "$FN.tgz" ; done
}
# pull updates for docker images
function dockup() {
di | cols 1 2 | tr ' ' ':' | xargs -r -l docker pull
}
function dxl() {
CONTAINER=$(docker ps -l -q)
docker exec -i -t $CONTAINER "$@"
}
# list virtual networks
alias dnl="docker network ls"
# inspect virtual networks
alias dnins="docker network inspect $@"
# Stop all containers
function dstop() { docker stop $(docker ps -a -q); }
# list docker registry catalog
function dregls () {
curl -k -X GET "https://"$1"/v2/_catalog"
}

17
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/chromium/policies/managed/policy.json Normal file
View File

@@ -0,0 +1,17 @@
{
"AllowDinosaurEasterEgg": false,
"BrowserSignin": false,
"EnableMediaRouter": false,
"HomepageIsNewTabPage": false,
"HomepageLocation": "about:blank",
"NewTabPageLocation": "about:blank",
"PromotionalTabsEnabled": false,
"RestoreOnStartup": 4,
"RestoreOnStartupURLs": [
"about:blank"
],
"RestrictSigninToPattern": ".*@example.com",
"SafeBrowsingExtendedReportingEnabled": false,
"ShowCastIconInToolbar": false,
"SyncDisabled": true
}

4
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/docker/daemon.json Normal file
View File

@@ -0,0 +1,4 @@
{
"graph" : "/home/docker"
}

1
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/installer Normal file
View File

@@ -0,0 +1 @@
malcolm

6
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/live/config.conf Normal file
View File

@@ -0,0 +1,6 @@
LIVE_LOCALES="en_US.UTF-8"
LIVE_HOSTNAME="malcolm-live"
LIVE_USERNAME="analyst"
LIVE_USER_FULLNAME="Malcolm Live Analyst"
LIVE_USER_DEFAULT_GROUPS="adm audio cdrom disk docker netdev plugdev sudo video vboxsf"

341
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/login.defs Normal file
View File

@@ -0,0 +1,341 @@
#
# /etc/login.defs - Configuration control definitions for the login package.
#
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
# If unspecified, some arbitrary (and possibly incorrect) value will
# be assumed. All other items are optional - if not specified then
# the described action or option will be inhibited.
#
# Comment lines (lines beginning with "#") and blank lines are ignored.
#
# Modified for Linux. --marekm
# REQUIRED for useradd/userdel/usermod
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
# MAIL_DIR takes precedence.
#
# Essentially:
# - MAIL_DIR defines the location of users mail spool files
# (for mbox use) by appending the username to MAIL_DIR as defined
# below.
# - MAIL_FILE defines the location of the users mail spool files as the
# fully-qualified filename obtained by prepending the user home
# directory before $MAIL_FILE
#
# NOTE: This is no more used for setting up users MAIL environment variable
# which is, starting from shadow 4.0.12-1 in Debian, entirely the
# job of the pam_mail PAM modules
# See default PAM configuration files provided for
# login, su, etc.
#
# This is a temporary situation: setting these variables will soon
# move to /etc/default/useradd and the variables will then be
# no more supported
MAIL_DIR /var/mail
#MAIL_FILE .mail
#
# Enable logging and display of /var/log/faillog login failure info.
# This option conflicts with the pam_tally PAM module.
#
FAILLOG_ENAB yes
#
# Enable display of unknown usernames when login failures are recorded.
#
# WARNING: Unknown usernames may become world readable.
# See #290803 and #298773 for details about how this could become a security
# concern
LOG_UNKFAIL_ENAB no
#
# Enable logging of successful logins
#
LOG_OK_LOGINS no
#
# Enable "syslog" logging of su activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg.
#
SYSLOG_SU_ENAB yes
SYSLOG_SG_ENAB yes
#
# If defined, all su activity is logged to this file.
#
#SULOG_FILE /var/log/sulog
#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100 tty01".
#
#TTYTYPE_FILE /etc/ttytype
#
# If defined, login failures will be logged here in a utmp format
# last, when invoked as lastb, will read /var/log/btmp, so...
#
FTMP_FILE /var/log/btmp
#
# If defined, the command name to display when running "su -". For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su". If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
SU_NAME su
#
# If defined, file which inhibits all the usual chatter during the login
# sequence. If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file. If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
#
# Terminal permissions
#
# TTYGROUP Login tty will be assigned this group ownership.
# TTYPERM Login tty will be set to this permission.
#
# If you have a "write" program which is "setgid" to a special group
# which owns the terminals, define TTYGROUP to the group number and
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
# TTYPERM to either 622 or 600.
#
# In Debian /usr/bin/bsd-write or similar programs are setgid tty
# However, the default and recommended value for TTYPERM is still 0600
# to not allow anyone to write to anyone else console or terminal
# Users can still allow other people to write them by issuing
# the "mesg y" command.
TTYGROUP tty
TTYPERM 0600
#
# Login configuration initializations:
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
# UMASK Default "umask" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
#
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
# for private user groups, i. e. the uid is the same as gid, and username is
# the same as the primary group name: for these, the user permissions will be
# used as group permissions, e. g. 022 will become 002.
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
KILLCHAR 025
UMASK 077
#
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
#SYS_UID_MIN 100
#SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
#SYS_GID_MIN 100
#SYS_GID_MAX 999
#
# Max number of login retries if password is bad. This will most likely be
# overriden by PAM, since the default pam_unix module has it's own built
# in of 3 retries. However, this is a safe fallback in case you are using
# an authentication module that does not enforce PAM_MAXTRIES.
#
LOGIN_RETRIES 5
#
# Max time in seconds for login
#
LOGIN_TIMEOUT 60
#
# Which fields may be changed by regular users using chfn - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
#
CHFN_RESTRICT rwh
#
# Should login be allowed if we can't cd to the home directory?
# Default in no.
#
DEFAULT_HOME yes
CREATE_HOME yes
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local
#
# If set to yes, userdel will remove the user's group if it contains no
# more members, and useradd will create by default a group with the name
# of the user.
#
# Other former uses of this variable such as setting the umask when
# user==primary group are not used in PAM environments, such as Debian
#
USERGROUPS_ENAB yes
#
# Instead of the real user shell, the program specified by this parameter
# will be launched, although its visible name (argv[0]) will be the shell's.
# The program may do whatever it wants (logging, additional authentification,
# banner, ...) before running the actual shell.
#
# FAKE_SHELL /bin/fakeshell
#
# If defined, either full pathname of a file containing device names or
# a ":" delimited list of device names. Root logins will be allowed only
# upon these devices.
#
# This variable is used by login and su.
#
#CONSOLE /etc/consoles
#CONSOLE console:tty01:tty02:tty03:tty04
#
# List of groups to add to the user's supplementary group set
# when logging in on the console (as determined by the CONSOLE
# setting). Default is none.
#
# Use with caution - it is possible for users to gain permanent
# access to these groups, even when not logged in on the console.
# How to do it is left as an exercise for the reader...
#
# This variable is used by login and su.
#
#CONSOLE_GROUPS floppy:audio:cdrom
#
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings.
# Set to "no" if you need to copy encrypted passwords to other systems
# which don't understand the new algorithm. Default is "no".
#
# This variable is deprecated. You should use ENCRYPT_METHOD.
#
#MD5_CRYPT_ENAB no
#
# If set to MD5 , MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
# If set to DES, DES-based algorithm will be used for encrypting password (default)
# Overrides the MD5_CRYPT_ENAB option
#
# Note: It is recommended to use a value consistent with
# the PAM modules configuration.
#
ENCRYPT_METHOD SHA512
#
# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
#
# Define the number of SHA rounds.
# With a lot of rounds, it is more difficult to brute forcing the password.
# But note also that it more CPU resources will be needed to authenticate
# users.
#
# If not specified, the libc will choose the default number of rounds (5000).
# The values must be inside the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
#
# SHA_CRYPT_MIN_ROUNDS 5000
# SHA_CRYPT_MAX_ROUNDS 5000
################# OBSOLETED BY PAM ##############
# #
# These options are now handled by PAM. Please #
# edit the appropriate file in /etc/pam.d/ to #
# enable the equivelants of them.
#
###############
#MOTD_FILE
#DIALUPS_CHECK_ENAB
#LASTLOG_ENAB
#MAIL_CHECK_ENAB
#OBSCURE_CHECKS_ENAB
#PORTTIME_CHECKS_ENAB
#SU_WHEEL_ONLY
#CRACKLIB_DICTPATH
#PASS_CHANGE_TRIES
#PASS_ALWAYS_WARN
#ENVIRON_FILE
#NOLOGINS_FILE
#ISSUE_FILE
#PASS_MIN_LEN
#PASS_MAX_LEN
#ULIMIT
#ENV_HZ
#CHFN_AUTH
#CHSH_AUTH
#FAIL_DELAY
################# OBSOLETED #######################
# #
# These options are no more handled by shadow. #
# #
# Shadow utilities will display a warning if they #
# still appear. #
# #
###################################################
# CLOSE_SESSIONS
# LOGIN_STRING
# NO_PASSWORD_CONSOLE
# QMAIL_DIR

8
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/security/limits.d/limits.conf Normal file
View File

@@ -0,0 +1,8 @@
* soft nofile 65535
* hard nofile 65535
* soft memlock unlimited
* hard memlock unlimited
* soft core 0
* hard core 0
* hard maxlogins 10

2
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.Xresources Normal file
View File

@@ -0,0 +1,2 @@
xscreensaver.mode: blank
xscreensaver.lock: true

86
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.bashrc Normal file
View File

@@ -0,0 +1,86 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# new directories default to 700, new files to 600
umask 077
export UMASK=077
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history and ignore same sucessive entries.
export HISTCONTROL=ignoreboth:erasedups
export HISTIGNORE="&:ls:ll:cd:history:h:[bf]g:exit:pwd:clear"
export HISTFILESIZE=1000000000
export HISTSIZE=1000000
export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] "
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
;;
*)
;;
esac
# enable programmable completion features
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
###############################################################################
# PATH
###############################################################################
if [ -d ~/bin ]; then
PATH=~/bin:$PATH
fi
if [ -d ~/.local/bin ]; then
PATH=~/.local/bin:$PATH
fi
export PATH
###############################################################################
# ALIASES AND FUNCTIONS
###############################################################################
if [ -f /etc/bash.bash_aliases ]; then
. /etc/bash.bash_aliases
fi
if [ -f /etc/bash.bash_functions ]; then
. /etc/bash.bash_functions
fi
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
if [ -f ~/.bash_functions ]; then
. ~/.bash_functions
fi
###############################################################################
# BASH OPTIONS
###############################################################################
shopt -s extglob
shopt -s dotglob
shopt -s cdspell
shopt -s histverify
shopt -s histappend
shopt -u progcomp
PROMPT_COMMAND="history -a;$PROMPT_COMMAND"
###############################################################################
# BASH PROMPT
###############################################################################
PS1="\[\033[00;32m\]\u\[\033[00;34m\]@\h\[\033[1;30m\]:\[\033[00;35m\]\W\[\033[00m\]\[\033[01;37m\]\$ \[\033[00;37m\]"

27
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.config/clipit/clipitrc Normal file
View File

@@ -0,0 +1,27 @@
[rc]
use_copy=true
use_primary=false
synchronize=false
automatic_paste=false
show_indexes=false
save_uris=true
use_rmb_menu=false
save_history=false
history_limit=50
history_timeout_seconds=300
history_timeout=true
items_menu=10
statics_show=false
statics_items=0
hyperlinks_only=true
confirm_clear=false
single_line=true
reverse_history=true
item_length=0
ellipsize=0
history_key=<Ctrl><Alt>H
actions_key=<Ctrl><Alt>A
menu_key=<Ctrl><Alt>P
search_key=<Ctrl><Alt>F
offline_key=<Ctrl><Alt>O
offline_mode=false

15
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.config/gtk-3.0/settings.ini Normal file
View File

@@ -0,0 +1,15 @@
[Settings]
gtk-theme-name=Adwaita-dark
gtk-icon-theme-name=gnome
gtk-font-name=Sans 10
gtk-cursor-theme-size=18
gtk-toolbar-style=GTK_TOOLBAR_BOTH_HORIZ
gtk-toolbar-icon-size=GTK_ICON_SIZE_LARGE_TOOLBAR
gtk-button-images=1
gtk-menu-images=1
gtk-enable-event-sounds=0
gtk-enable-input-feedback-sounds=0
gtk-xft-antialias=1
gtk-xft-hinting=1
gtk-xft-hintstyle=hintslight
gtk-xft-rgba=rgb

149
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.config/lxpanel/LXDE/panels/malcolm Normal file
View File

@@ -0,0 +1,149 @@
# lxpanel <profile> config file. Manually editing is not recommended.
# Use preference dialog in lxpanel to adjust config when you can.
Global {
edge=top
monitor=0
height=32
align=left
widthtype=percent
width=100
transparent=0
background=0
autohide=0
heightwhenhidden=4
tintcolor=#a0a0a0
alpha=255
setpartialstrut=1
iconsize=24
}
Plugin {
type=menu
Config {
system {
}
separator {
}
item {
command=run
}
separator {
}
item {
command=logout
image=gnome-logout
}
image=/usr/share/icons/gnome/32x32/places/start-here.png
}
}
Plugin {
type=separator
Config {
}
}
Plugin {
type=launchtaskbar
Config {
Button {
id=terminator.desktop
}
Button {
id=firefox.desktop
}
Button {
id=malcolm-readme.desktop
}
Button {
id=malcolm-moloch.desktop
}
Button {
id=malcolm-kibana.desktop
}
Button {
id=malcolm-upload.desktop
}
Button {
id=malcolm-mapping.desktop
}
Button {
id=malcolm-users.desktop
}
Button {
id=malcolm-cyberchef.desktop
}
Button {
id=malcolm-start.desktop
}
Button {
id=malcolm-restart.desktop
}
Button {
id=malcolm-logs.desktop
}
Button {
id=malcolm-stop.desktop
}
IconsOnly=0
FlatButton=0
UseMouseWheel=0
GroupedTasks=1
DisableUpscale=0
UseSmallerIcons=-1
spacing=1
ShowAllDesks=0
}
}
Plugin {
type=space
Config {
}
expand=1
}
Plugin {
type=separator
Config {
}
}
Plugin {
type=pager
Config {
}
}
Plugin {
type=separator
Config {
}
}
Plugin {
type=dclock
Config {
ClockFmt=%R
TooltipFmt=%A %x
BoldFont=0
IconOnly=0
CenterText=0
}
}
Plugin {
type=separator
Config {
}
}
Plugin {
type=tray
Config {
}
}
Plugin {
type=separator
Config {
}
}
Plugin {
type=launchbar
Config {
Button {
id=lxde-logout.desktop
}
}
}

48
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.config/lxsession/LXDE/desktop.conf Normal file
View File

@@ -0,0 +1,48 @@
[Session]
window_manager=openbox-lxde
disable_autostart=no
polkit/command=lxpolkit
clipboard/command=lxclipboard
xsettings_manager/command=build-in
proxy_manager/command=build-in
keyring/command=ssh-agent
quit_manager/command=lxsession-logout
lock_manager/command=lxlock
terminal_manager/command=lxterminal
[GTK]
sNet/ThemeName=Adwaita-dark
sNet/IconThemeName=gnome
sGtk/FontName=Sans 10
iGtk/ToolbarStyle=3
iGtk/ButtonImages=1
iGtk/MenuImages=1
iGtk/CursorThemeSize=18
iXft/Antialias=1
iXft/Hinting=1
sXft/HintStyle=hintslight
sXft/RGBA=rgb
iNet/EnableEventSounds=1
iNet/EnableInputFeedbackSounds=1
sGtk/ColorScheme=
iGtk/ToolbarIconSize=3
sGtk/CursorThemeName=DMZ-White
[Mouse]
AccFactor=20
AccThreshold=10
LeftHanded=0
[Keyboard]
Delay=500
Interval=30
Beep=1
[State]
guess_default=true
[Dbus]
lxde=true
[Environment]
menu_prefix=lxde-

14
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.config/pcmanfm/LXDE/desktop-items-0.conf Normal file
View File

@@ -0,0 +1,14 @@
[*]
wallpaper_mode=crop
wallpaper_common=1
wallpaper=/usr/share/images/desktop-base/Malcolm_background.png
desktop_bg=#000000
desktop_fg=#ffffff
desktop_shadow=#000000
desktop_font=Sans 12
show_wm_menu=0
sort=mtime;ascending;
show_documents=0
show_trash=0
show_mounts=1

26
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.config/pcmanfm/LXDE/pcmanfm.conf Normal file
View File

@@ -0,0 +1,26 @@
[config]
bm_open_method=0
[volume]
mount_on_startup=0
mount_removable=0
autorun=0
[ui]
always_show_tabs=0
max_tab_chars=32
win_width=640
win_height=480
splitter_pos=150
media_in_new_tab=0
desktop_folder_new_win=0
change_tab_on_drop=1
close_on_unmount=1
focus_previous=0
side_pane_mode=places
view_mode=list
show_hidden=0
sort=name;ascending;
toolbar=newtab;navigation;home;
show_statusbar=1
pathbar_mode_buttons=0

0
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.hushlogin Normal file
View File

1
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.selected_editor Normal file
View File

@@ -0,0 +1 @@
SELECTED_EDITOR="/usr/bin/vim.tiny"

47
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.tmux.conf Normal file
View File

@@ -0,0 +1,47 @@
unbind C-b
set -g prefix C-a
bind a send-prefix
bind-key C-a last-window
# Make shift+arrows, ctrl+arrows etc work in Vim.
set -g xterm-keys on
# See if this fixes slow ESC issues.
# http://unix.stackexchange.com/questions/23138/esc-key-causes-a-small-delay-in-terminal-due-to-its-alt-behavior
set -s escape-time 0
# Start window and pane indices at 1.
set -g base-index 1
set -g pane-base-index 1
# Status bar styling and content.
set -g status-bg black
set -g status-fg white
set -g status-left '#S '
# Highlight the active window in the status bar.
set-window-option -g window-status-current-bg yellow
set-window-option -g window-status-current-fg black
# More intuitive split-window mappings.
bind "'" split-window -h
bind - split-window -v
# Maximize pane, e.g. for copying.
bind-key z resize-pane -Z
# Switch pane and zoom
# https://twitter.com/tskogberg/status/792025881573199872
bind C-z select-pane -t :.+ \; resize-pane -Z
# toggle synchronize panes
bind C-x set-window-option synchronize-panes\; display-message "synchronize-panes is now #{?pane_synchronized,on,off}"
# Reload tmux conf.
unbind r
bind r source-file ~/.tmux.conf\; display "Reloaded conf."
# Use vim keybindings in copy mode
setw -g mode-keys vi

2
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.vimrc Normal file
View File

@@ -0,0 +1,2 @@
set nocompatible

281
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/skel/.xscreensaver Normal file
View File

@@ -0,0 +1,281 @@
# XScreenSaver Preferences File
# Written by xscreensaver-demo 5.36 for sensor on Wed Jul 3 15:35:13 2019.
# https://www.jwz.org/xscreensaver/
timeout: 0:10:00
cycle: 0:10:00
lock: True
lockTimeout: 0:00:00
passwdTimeout: 0:00:30
visualID: default
installColormap: True
verbose: False
timestamp: True
splash: True
splashDuration: 0:00:05
demoCommand: xscreensaver-demo
prefsCommand: xscreensaver-demo -prefs
nice: 10
memoryLimit: 0
fade: False
unfade: False
fadeSeconds: 0:00:03
fadeTicks: 20
captureStderr: True
ignoreUninstalledPrograms:True
font: *-medium-r-*-140-*-m-*
dpmsEnabled: False
dpmsQuickOff: False
dpmsStandby: 2:00:00
dpmsSuspend: 2:00:00
dpmsOff: 4:00:00
grabDesktopImages: False
grabVideoFrames: False
chooseRandomImages: False
imageDirectory:
mode: blank
selected: -1
textMode: date
textLiteral: XScreenSaver
textFile:
textProgram: fortune
textURL: http://planet.debian.org/rss20.xml
programs: \
maze -root \n\
- GL: superquadrics -root \n\
attraction -root \n\
blitspin -root \n\
greynetic -root \n\
helix -root \n\
hopalong -root \n\
imsmap -root \n\
- noseguy -root \n\
- pyro -root \n\
qix -root \n\
- rocks -root \n\
rorschach -root \n\
decayscreen -root \n\
flame -root \n\
halo -root \n\
slidescreen -root \n\
pedal -root \n\
bouboule -root \n\
- braid -root \n\
coral -root \n\
deco -root \n\
drift -root \n\
- fadeplot -root \n\
galaxy -root \n\
goop -root \n\
grav -root \n\
ifs -root \n\
unicode -root \n\
- GL: jigsaw -root \n\
julia -root \n\
- kaleidescope -root \n\
- GL: moebius -root \n\
moire -root \n\
- GL: morph3d -root \n\
mountain -root \n\
munch -root \n\
penrose -root \n\
- GL: pipes -root \n\
rd-bomb -root \n\
- GL: rubik -root \n\
- sierpinski -root \n\
slip -root \n\
- GL: sproingies -root \n\
starfish -root \n\
strange -root \n\
swirl -root \n\
triangle -root \n\
xjack -root \n\
xlyap -root \n\
- GL: atlantis -root \n\
bsod -root \n\
- GL: bubble3d -root \n\
- GL: cage -root \n\
- crystal -root \n\
cynosure -root \n\
discrete -root \n\
distort -root \n\
epicycle -root \n\
flow -root \n\
- GL: glplanet -root \n\
interference -root \n\
kumppa -root \n\
- GL: lament -root \n\
moire2 -root \n\
- GL: sonar -root \n\
- GL: stairs -root \n\
truchet -root \n\
- vidwhacker -root \n\
blaster -root \n\
bumps -root \n\
ccurve -root \n\
compass -root \n\
deluxe -root \n\
- demon -root \n\
- GL: extrusion -root \n\
- loop -root \n\
penetrate -root \n\
petri -root \n\
phosphor -root \n\
- GL: pulsar -root \n\
ripples -root \n\
shadebobs -root \n\
- GL: sierpinski3d -root \n\
spotlight -root \n\
squiral -root \n\
wander -root \n\
- webcollage -root \n\
xflame -root \n\
xmatrix -root \n\
- GL: gflux -root \n\
- nerverot -root \n\
xrayswarm -root \n\
xspirograph -root \n\
- GL: circuit -root \n\
- GL: dangerball -root \n\
- GL: engine -root \n\
- GL: flipscreen3d -root \n\
- GL: gltext -root \n\
- GL: menger -root \n\
- GL: molecule -root \n\
rotzoomer -root \n\
speedmine -root \n\
- GL: starwars -root \n\
- GL: stonerview -root \n\
vermiculate -root \n\
whirlwindwarp -root \n\
zoom -root \n\
anemone -root \n\
apollonian -root \n\
- GL: boxed -root \n\
- GL: cubenetic -root \n\
- GL: endgame -root \n\
euler2d -root \n\
fluidballs -root \n\
- GL: flurry -root \n\
- GL: glblur -root \n\
- GL: glsnake -root \n\
halftone -root \n\
- GL: juggler3d -root \n\
- GL: lavalite -root \n\
- polyominoes -root \n\
- GL: queens -root \n\
- GL: sballs -root \n\
- GL: spheremonics -root \n\
- thornbird -root \n\
twang -root \n\
- GL: antspotlight -root \n\
apple2 -root \n\
- GL: atunnel -root \n\
barcode -root \n\
- GL: blinkbox -root \n\
- GL: blocktube -root \n\
- GL: bouncingcow -root \n\
cloudlife -root \n\
- GL: cubestorm -root \n\
eruption -root \n\
- GL: flipflop -root \n\
- GL: flyingtoasters -root \n\
fontglide -root \n\
- GL: gleidescope -root \n\
- GL: glknots -root \n\
- GL: glmatrix -root \n\
- GL: glslideshow -root \n\
- GL: hypertorus -root \n\
- GL: jigglypuff -root \n\
metaballs -root \n\
- GL: mirrorblob -root \n\
piecewise -root \n\
- GL: polytopes -root \n\
pong -root \n\
popsquares -root \n\
- GL: surfaces -root \n\
xanalogtv -root \n\
abstractile -root \n\
anemotaxis -root \n\
- GL: antinspect -root \n\
fireworkx -root \n\
fuzzyflakes -root \n\
interaggregate -root \n\
intermomentary -root \n\
memscroller -root \n\
- GL: noof -root \n\
pacman -root \n\
- GL: pinion -root \n\
- GL: polyhedra -root \n\
- GL: providence -root \n\
substrate -root \n\
wormhole -root \n\
- GL: antmaze -root \n\
- GL: boing -root \n\
boxfit -root \n\
- GL: carousel -root \n\
celtic -root \n\
- GL: crackberg -root \n\
- GL: cube21 -root \n\
fiberlamp -root \n\
- GL: fliptext -root \n\
- GL: glhanoi -root \n\
- GL: tangram -root \n\
- GL: timetunnel -root \n\
- GL: glschool -root \n\
- GL: topblock -root \n\
- GL: cubicgrid -root \n\
cwaves -root \n\
- GL: gears -root \n\
- GL: glcells -root \n\
- GL: lockward -root \n\
m6502 -root \n\
- GL: moebiusgears -root \n\
- GL: voronoi -root \n\
- GL: hypnowheel -root \n\
- GL: klein -root \n\
- lcdscrub -root \n\
- GL: photopile -root \n\
- GL: skytentacles -root \n\
- GL: rubikblocks -root \n\
- GL: companioncube -root \n\
- GL: hilbert -root \n\
- GL: tronbit -root \n\
- GL: geodesic -root \n\
hexadrop -root \n\
- GL: kaleidocycle -root \n\
- GL: quasicrystal -root \n\
- GL: unknownpleasures -root \n\
binaryring -root \n\
- GL: cityflow -root \n\
- GL: geodesicgears -root \n\
- GL: projectiveplane -root \n\
- GL: romanboy -root \n\
tessellimage -root \n\
- GL: winduprobot -root \n\
- GL: splitflap -root \n\
- GL: cubestack -root \n\
- GL: cubetwist -root \n\
- GL: discoball -root \n\
- GL: dymaxionmap -root \n\
- GL: energystream -root \n\
- GL: hexstrut -root \n\
- GL: hydrostat -root \n\
- GL: raverhoop -root \n\
- GL: splodesic -root \n\
- GL: unicrud -root \n\
pointerPollTime: 0:00:05
pointerHysteresis: 10
windowCreationTimeout:0:00:30
initialDelay: 0:00:00
GetViewPortIsFullOfLies:False
procInterrupts: True
xinputExtensionDev: False
overlayStderr: True
authWarningSlack: 20

127
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/ssh/sshd_config Normal file
View File

@@ -0,0 +1,127 @@
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Protocol 2
#Port 22
AddressFamily inet
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-256,hmac-sha2-512
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 60
PermitRootLogin no
StrictModes yes
MaxAuthTries 4
#MaxSessions 10
PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
RhostsRSAAuthentication no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox
PermitUserEnvironment no
Compression no
ClientAliveInterval 300
ClientAliveCountMax 0
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
Banner=/etc/issue
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

4
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/etc/xdg/lxsession/LXDE/autostart Normal file
View File

@@ -0,0 +1,4 @@
@lxpanel --profile LXDE
@pcmanfm --desktop --profile LXDE
@xscreensaver -no-splash
@/usr/local/bin/docker-load-wait.sh

1
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/root/.selected_editor Normal file
View File

@@ -0,0 +1 @@
SELECTED_EDITOR="/usr/bin/vim.tiny"

1
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/root/.vimrc Normal file
View File

@@ -0,0 +1 @@
set nocompatible

11
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-cyberchef.desktop Normal file
View File

@@ -0,0 +1,11 @@
[Desktop Entry]
Version=1.0
Name=Malcolm - CyberChef
Exec=/opt/firefox/firefox https://localhost/cyberchef/
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=applications-science.png
Categories=Network;
StartupWMClass=Firefox
StartupNotify=true

11
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-kibana.desktop Normal file
View File

@@ -0,0 +1,11 @@
[Desktop Entry]
Version=1.0
Name=Malcolm - Kibana
Exec=/opt/firefox/firefox https://localhost/kibana/
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/usr/share/icons/hicolor/48x48/kibana.png
Categories=Network;
StartupWMClass=Firefox
StartupNotify=true

8
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-logs.desktop Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env xdg-open
[Desktop Entry]
Name=Malcolm Debug Logs
Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3\ ~/Malcolm/scripts/control.py\ --logs"
Comment=Monitor the debug output of Malcolm containers
Terminal=false
Type=Application
Icon=terminal.png

11
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-mapping.desktop Normal file
View File

@@ -0,0 +1,11 @@
[Desktop Entry]
Version=1.0
Name=Malcolm - Host and Subnet Name Mapping
Exec=/opt/firefox/firefox https://localhost/name-map-ui/
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=server.png
Categories=Network;
StartupWMClass=Firefox
StartupNotify=true

11
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-moloch.desktop Normal file
View File

@@ -0,0 +1,11 @@
[Desktop Entry]
Version=1.0
Name=Malcolm - Arkime
Exec=/opt/firefox/firefox https://localhost/
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=/usr/share/icons/hicolor/128x128/moloch.png
Categories=Network;
StartupWMClass=Firefox
StartupNotify=true

11
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-readme.desktop Normal file
View File

@@ -0,0 +1,11 @@
[Desktop Entry]
Version=1.0
Name=Malcolm - README
Exec=/opt/firefox/firefox https://localhost/readme
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=help-browser
Categories=Network;
StartupWMClass=Firefox
StartupNotify=true

8
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-restart.desktop Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env xdg-open
[Desktop Entry]
Name=Restart Malcolm
Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3\ ~/Malcolm/scripts/control.py\ --restart"
Comment=Restart Malcolm
Terminal=false
Type=Application
Icon=redo.png

8
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-start.desktop Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env xdg-open
[Desktop Entry]
Name=Start Malcolm
Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3\ ~/Malcolm/scripts/control.py\ --start"
Comment=Start Malcolm
Terminal=false
Type=Application
Icon=/usr/share/icons/hicolor/64x64/malcolm.png

8
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-stop.desktop Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env xdg-open
[Desktop Entry]
Name=Stop Malcolm
Exec=lxterminal --command=/bin/bash\ -l\ -c\ "/usr/bin/python3\ ~/Malcolm/scripts/control.py\ --stop"
Comment=Stop Malcolm
Terminal=false
Type=Application
Icon=exit.png

11
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-upload.desktop Normal file
View File

@@ -0,0 +1,11 @@
[Desktop Entry]
Version=1.0
Name=Malcolm - Upload
Exec=/opt/firefox/firefox https://localhost/upload/
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=up.png
Categories=Network;
StartupWMClass=Firefox
StartupNotify=true

11
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/applications/malcolm-users.desktop Normal file
View File

@@ -0,0 +1,11 @@
[Desktop Entry]
Version=1.0
Name=Malcolm - User Management
Exec=/opt/firefox/firefox https://localhost:488/
Terminal=false
X-MultipleArgs=false
Type=Application
Icon=config-users.png
Categories=Network;
StartupWMClass=Firefox
StartupNotify=true

142
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/auditbeat/kibana/7/dashboard-custom/Auditbeat-auditd-overview-custom.json Normal file
View File

@@ -0,0 +1,142 @@
{
"version": "7.6.2",
"objects": [
{
"id": "072befc0-ffba-11e8-a854-ad7782ef6a55",
"type": "dashboard",
"updated_at": "2019-12-23T19:07:39.093Z",
"version": "WzE2MDIsMV0=",
"attributes": {
"description": "Summary of Linux kernel audit events.",
"hits": 0,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"version\":true,\"highlightAll\":true}"
},
"optionsJSON": "{\"darkTheme\":true,\"useMargins\":false}",
"panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":26,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelIndex\":\"1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":26,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelIndex\":\"4\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":38,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelIndex\":\"5\",\"embeddableConfig\":{\"columns\":[\"beat.hostname\",\"auditd.summary.actor.primary\",\"auditd.summary.actor.secondary\",\"auditd.summary.object.type\",\"event.action\",\"auditd.summary.object.primary\",\"auditd.summary.object.secondary\",\"auditd.summary.how\",\"auditd.result\"]},\"panelRefName\":\"panel_2\"}]",
"timeRestore": false,
"title": "[Auditbeat auditd] Overview dashboard",
"version": 1
},
"references": [
{
"name": "panel_0",
"type": "visualization",
"id": "97680df0-c1c0-11e7-8995-936807a28b16"
},
{
"name": "panel_1",
"type": "visualization",
"id": "08679220-c25a-11e7-8692-232bd1143e8a"
},
{
"name": "panel_2",
"type": "search",
"id": "0f10c430-c1c3-11e7-8995-936807a28b16"
}
],
"migrationVersion": {
"dashboard": "7.3.0"
}
},
{
"id": "97680df0-c1c0-11e7-8995-936807a28b16",
"type": "visualization",
"updated_at": "2019-12-23T19:07:39.093Z",
"version": "WzE1OTksMV0=",
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{}"
},
"title": "Event Actions [Auditbeat Auditd Overview]",
"uiStateJSON": "{}",
"version": 1,
"visState": "{\"type\":\"metrics\",\"params\":{\"bar_color_rules\":[{\"id\":\"5bfc71a0-c1bd-11e7-938f-ab0645b6c431\"}],\"gauge_color_rules\":[{\"id\":\"5d20a650-c1bd-11e7-938f-ab0645b6c431\"}],\"background_color_rules\":[{\"id\":\"58c95a20-c1bd-11e7-938f-ab0645b6c431\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"auditbeat-*\",\"gauge_inner_width\":10,\"series\":[{\"line_width\":1,\"terms_field\":\"event.action\",\"point_size\":1,\"color\":\"#68BC00\",\"label\":\"Actions\",\"metrics\":[{\"type\":\"count\",\"id\":\"6b9fb2d0-c1bc-11e7-938f-ab0645b6c431\"}],\"seperate_axis\":0,\"split_mode\":\"terms\",\"chart_type\":\"line\",\"stacked\":\"none\",\"axis_position\":\"right\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"fill\":0.5}],\"axis_formatter\":\"number\",\"interval\":\"auto\",\"filter\":{\"query\":\"event.module:auditd\",\"language\":\"lucene\"},\"legend_position\":\"left\",\"show_legend\":1,\"show_grid\":1,\"gauge_style\":\"half\",\"axis_position\":\"left\",\"gauge_width\":10,\"type\":\"timeseries\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\"},\"aggs\":[],\"title\":\"Event Actions [Auditbeat Auditd Overview]\"}"
},
"references": [],
"migrationVersion": {
"visualization": "7.4.2"
}
},
{
"id": "08679220-c25a-11e7-8692-232bd1143e8a",
"type": "visualization",
"updated_at": "2019-12-23T19:07:39.093Z",
"version": "WzE2MDAsMV0=",
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
},
"title": "Event Categories [Auditbeat Auditd]",
"uiStateJSON": "{}",
"version": 1,
"visState": "{\"type\":\"pie\",\"params\":{\"legendPosition\":\"right\",\"type\":\"pie\",\"isDonut\":true,\"addTooltip\":true,\"addLegend\":true},\"aggs\":[{\"params\":{},\"type\":\"count\",\"enabled\":true,\"id\":\"1\",\"schema\":\"metric\"},{\"params\":{\"orderBy\":\"1\",\"field\":\"event.category\",\"customLabel\":\"Category\",\"order\":\"desc\",\"size\":5},\"type\":\"terms\",\"enabled\":true,\"id\":\"2\",\"schema\":\"segment\"},{\"params\":{\"orderBy\":\"1\",\"field\":\"event.action\",\"customLabel\":\"Action\",\"order\":\"desc\",\"size\":20},\"type\":\"terms\",\"enabled\":true,\"id\":\"3\",\"schema\":\"segment\"}],\"title\":\"Event Categories [Auditbeat Auditd]\"}",
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "auditbeat-*"
},
{
"type": "search",
"name": "search_0",
"id": "0f10c430-c1c3-11e7-8995-936807a28b16"
}
],
"migrationVersion": {
"visualization": "7.4.2"
}
},
{
"id": "0f10c430-c1c3-11e7-8995-936807a28b16",
"type": "search",
"updated_at": "2019-12-23T19:07:39.093Z",
"version": "WzE2MDEsMV0=",
"attributes": {
"columns": [
"beat.hostname",
"auditd.summary.actor.primary",
"auditd.summary.actor.secondary",
"event.action",
"auditd.summary.object.type",
"auditd.summary.object.primary",
"auditd.summary.object.secondary",
"auditd.summary.how",
"auditd.result"
],
"description": "",
"hits": 0,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[{\"query\":{\"match\":{\"event.module\":{\"query\":\"auditd\",\"type\":\"phrase\"}}},\"meta\":{\"value\":\"auditd\",\"disabled\":false,\"alias\":null,\"params\":{\"query\":\"auditd\",\"type\":\"phrase\"},\"key\":\"event.module\",\"negate\":false,\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"version\":true,\"highlightAll\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
},
"sort": [
[
"@timestamp",
"desc"
]
],
"title": "Audit Event Table [Auditbeat Auditd]",
"version": 1
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "auditbeat-*"
},
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"type": "index-pattern",
"id": "auditbeat-*"
}
],
"migrationVersion": {
"search": "7.4.0"
}
}
]
}

167
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/filebeat/kibana/7/dashboard-custom/Filebeat-syslog-custom.json Normal file
View File

@@ -0,0 +1,167 @@
{
"version": "7.6.2",
"objects": [
{
"id": "1ca59220-ffb0-11e8-a854-ad7782ef6a55",
"type": "dashboard",
"updated_at": "2019-12-23T19:04:34.880Z",
"version": "WzE0MzcsMV0=",
"attributes": {
"description": "",
"hits": 0,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"
},
"optionsJSON": "{\"darkTheme\":true,\"hidePanelTitles\":false,\"useMargins\":false}",
"panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":41,\"i\":\"1\"},\"panelIndex\":\"1\",\"title\":\"Syslog Events\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":27,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":17,\"y\":0,\"w\":13,\"h\":27,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":17,\"h\":27,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelIndex\":\"5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"}]",
"timeRestore": false,
"title": "[Filebeat] Syslog dashboard",
"version": 1
},
"references": [
{
"name": "panel_0",
"type": "search",
"id": "c1e3d120-ffb0-11e8-a854-ad7782ef6a55"
},
{
"name": "panel_1",
"type": "visualization",
"id": "462e04d0-ffb3-11e8-a854-ad7782ef6a55"
},
{
"name": "panel_2",
"type": "visualization",
"id": "cc3f9cf0-ffb3-11e8-a854-ad7782ef6a55"
},
{
"name": "panel_3",
"type": "visualization",
"id": "96e77ef0-ffb4-11e8-a854-ad7782ef6a55"
}
],
"migrationVersion": {
"dashboard": "7.3.0"
}
},
{
"id": "c1e3d120-ffb0-11e8-a854-ad7782ef6a55",
"type": "search",
"updated_at": "2019-12-23T19:04:34.880Z",
"version": "WzE0MzMsMV0=",
"attributes": {
"columns": [
"host.name",
"syslog.severity_label",
"syslog.facility_label",
"process.program",
"message"
],
"description": "",
"hits": 0,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"_exists_:syslog\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
},
"sort": [
[
"@timestamp",
"desc"
]
],
"title": "[Filebeat] Syslog search",
"version": 1
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "filebeat-*"
}
],
"migrationVersion": {
"search": "7.4.0"
}
},
{
"id": "462e04d0-ffb3-11e8-a854-ad7782ef6a55",
"type": "visualization",
"updated_at": "2019-12-23T19:04:34.880Z",
"version": "WzE0MzQsMV0=",
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"title": "[Filebeat] Syslog by Host Timeline",
"uiStateJSON": "{}",
"version": 1,
"visState": "{\"title\":\"[Filebeat] Syslog by Host Timeline\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"host.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"}}]}",
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "c1e3d120-ffb0-11e8-a854-ad7782ef6a55"
}
],
"migrationVersion": {
"visualization": "7.4.2"
}
},
{
"id": "cc3f9cf0-ffb3-11e8-a854-ad7782ef6a55",
"type": "visualization",
"updated_at": "2019-12-23T19:04:34.880Z",
"version": "WzE0MzUsMV0=",
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"title": "[Filebeat] Syslog Process Cloud",
"uiStateJSON": "{}",
"version": 1,
"visState": "{\"title\":\"[Filebeat] Syslog Process Cloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"log\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"process.program\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process\"}}]}",
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "c1e3d120-ffb0-11e8-a854-ad7782ef6a55"
}
],
"migrationVersion": {
"visualization": "7.4.2"
}
},
{
"id": "96e77ef0-ffb4-11e8-a854-ad7782ef6a55",
"type": "visualization",
"updated_at": "2019-12-23T19:04:34.880Z",
"version": "WzE0MzYsMV0=",
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"title": "[Filebeat] Syslog Facility by Host Pie Chart",
"uiStateJSON": "{}",
"version": 1,
"visState": "{\"title\":\"[Filebeat] Syslog Facility by Host Pie Chart\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"labels\":{\"show\":false,\"values\":true,\"last_level\":false,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog.facility_label\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Syslog Facility\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"}}]}",
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "c1e3d120-ffb0-11e8-a854-ad7782ef6a55"
}
],
"migrationVersion": {
"visualization": "7.4.2"
}
}
]
}

BIN
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/icons/hicolor/128x128/moloch.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

BIN
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/icons/hicolor/48x48/kibana.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 645 B

112
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/protologbeat/kibana/7/dashboard/Protologbeat-temperatures-dashboard.json Normal file
View File

@@ -0,0 +1,112 @@
{
"objects": [
{
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"protologbeat-*\",\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"title": "Temperature Timeline",
"uiStateJSON": "{}",
"version": 1,
"visState": "{\"title\":\"Temperature Timeline\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Max cpu_temp_avg\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Maximum CPU °C\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":false,\"interpolate\":\"cardinal\"},{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":false,\"interpolate\":\"cardinal\",\"data\":{\"id\":\"3\",\"label\":\"Maximum Other °C\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":false,\"interpolate\":\"cardinal\",\"data\":{\"id\":\"4\",\"label\":\"Maximum GPU °C\"},\"valueAxis\":\"ValueAxis-1\"},{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":false,\"interpolate\":\"cardinal\",\"data\":{\"id\":\"8\",\"label\":\"Maximum Storage °C\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"cpu_temp_avg\",\"customLabel\":\"Maximum CPU °C\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-12h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"time_zone\":\"America/Denver\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"other_temp_avg\",\"customLabel\":\"Maximum Other °C\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"gpu_temp_avg\",\"customLabel\":\"Maximum GPU °C\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"hdd_temp_avg\",\"customLabel\":\"Maximum Storage °C\"}}]}"
},
"id": "752a7e30-03af-11e9-bf7f-6138c205dfb3",
"type": "visualization",
"updated_at": "2018-12-20T18:16:43.966Z",
"version": 1
},
{
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"title": "Host Chooser",
"uiStateJSON": "{}",
"version": 1,
"visState": "{\"title\":\"Host Chooser\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1545248066352\",\"indexPattern\":\"protologbeat-*\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"}}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"
},
"id": "293d13a0-03c5-11e9-b42b-a7822d24ca20",
"type": "visualization",
"updated_at": "2018-12-19T19:34:54.681Z",
"version": 1
},
{
"attributes": {
"columns": [
"host.name",
"cpu_temp_avg",
"hdd_temp_avg",
"other_temp_avg"
],
"description": "",
"hits": 0,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"protologbeat-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"sort": [
"@timestamp",
"desc"
],
"title": "Protologbeat search",
"version": 1
},
"id": "65345580-03c5-11e9-b42b-a7822d24ca20",
"type": "search",
"updated_at": "2018-12-20T18:16:42.939Z",
"version": 1
},
{
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"protologbeat-*\",\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"title": "CPU and Storage Temperature Gauge",
"uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 60\":\"rgb(0,104,55)\",\"60 - 70\":\"rgb(255,255,190)\",\"70 - 90\":\"rgb(165,0,38)\"}}}",
"version": 1,
"visState": "{\"title\":\"CPU and Storage Temperature Gauge\",\"type\":\"gauge\",\"params\":{\"type\":\"gauge\",\"addTooltip\":true,\"addLegend\":false,\"isDisplayWarning\":false,\"gauge\":{\"verticalSplit\":false,\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":60},{\"from\":60,\"to\":70},{\"from\":70,\"to\":90}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"\",\"fontSize\":60,\"labelColor\":true}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"cpu_temp_avg\",\"customLabel\":\"Maximum CPU °C\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"hdd_temp_avg\",\"customLabel\":\"Maximum Storage °C\"}}]}"
},
"id": "db628ba0-03c5-11e9-b42b-a7822d24ca20",
"type": "visualization",
"updated_at": "2018-12-20T18:16:43.991Z",
"version": 1
},
{
"attributes": {
"description": "",
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"index\":\"protologbeat-*\",\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"title": "Maximum Sensor CPU and Storage Temperatures",
"uiStateJSON": "{}",
"version": 1,
"visState": "{\"title\":\"Maximum Sensor CPU and Storage Temperatures\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"ValueAxis-1\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\",\"defaultYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Maximum CPU °C\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Maximum CPU °C\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"data\":{\"id\":\"3\",\"label\":\"Maximum Storage °C\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"orderBucketsBySum\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"cpu_temp_avg\",\"customLabel\":\"Maximum CPU °C\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Sensor Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"hdd_temp_avg\",\"customLabel\":\"Maximum Storage °C\"}}]}"
},
"id": "923c3ce0-03c6-11e9-b42b-a7822d24ca20",
"type": "visualization",
"updated_at": "2018-12-20T18:16:43.961Z",
"version": 1
},
{
"attributes": {
"description": "",
"hits": 0,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"
},
"optionsJSON": "{\"darkTheme\":true,\"hidePanelTitles\":false,\"useMargins\":false}",
"panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":31,\"w\":48,\"h\":35,\"i\":\"1\"},\"id\":\"752a7e30-03af-11e9-bf7f-6138c205dfb3\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.5.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":20,\"h\":11,\"i\":\"2\"},\"id\":\"293d13a0-03c5-11e9-b42b-a7822d24ca20\",\"panelIndex\":\"2\",\"title\":\"Sensor Filter\",\"type\":\"visualization\",\"version\":\"6.5.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":29,\"i\":\"3\"},\"id\":\"65345580-03c5-11e9-b42b-a7822d24ca20\",\"panelIndex\":\"3\",\"title\":\"Sensor Metrics\",\"type\":\"search\",\"version\":\"6.5.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":11,\"w\":20,\"h\":20,\"i\":\"4\"},\"id\":\"db628ba0-03c5-11e9-b42b-a7822d24ca20\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.5.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":20,\"y\":0,\"w\":28,\"h\":31,\"i\":\"5\"},\"id\":\"923c3ce0-03c6-11e9-b42b-a7822d24ca20\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.5.3\"}]",
"timeRestore": false,
"title": "Sensor Temperature dashboard",
"version": 1
},
"id": "3c519150-03c5-11e9-b42b-a7822d24ca20",
"type": "dashboard",
"updated_at": "2018-12-20T18:16:43.882Z",
"version": 1
}
],
"version": "6.5.3"
}

16
Vagrant/resources/malcolm/malcolm-iso/config/includes.chroot/usr/share/protologbeat/kibana/7/index-pattern/protologbeat.json Normal file
View File

File diff suppressed because one or more lines are too long

6
Vagrant/resources/malcolm/malcolm-iso/config/package-lists/apps.list.chroot Normal file
View File

@@ -0,0 +1,6 @@
file-roller
galculator
mousepad
mupdf
terminator
xdiskusage

20
Vagrant/resources/malcolm/malcolm-iso/config/package-lists/desktopmanager.list.chroot Normal file
View File

@@ -0,0 +1,20 @@
arandr
dconf-cli
fonts-symbola
libnotify-bin
lightdm
lxde
lxpanel
lxsession
open-vm-tools-desktop
x11-apps
x11-session-utils
x11-xfs-utils
x11-xserver-utils
xinit
xorg
xscreensaver
xserver-xorg
xserver-xorg-core
xserver-xorg-video-qxl
xserver-xorg-video-vmware

3
Vagrant/resources/malcolm/malcolm-iso/config/package-lists/docker.list.chroot Normal file
View File

@@ -0,0 +1,3 @@
docker-ce
docker-ce-cli
containerd.io

3
Vagrant/resources/malcolm/malcolm-iso/config/package-lists/grub.list.binary Normal file
View File

@@ -0,0 +1,3 @@
grub-pc-bin
grub-efi-amd64-bin
grub-efi-amd64

22
Vagrant/resources/malcolm/malcolm-iso/config/package-lists/net.list.chroot Normal file
View File

@@ -0,0 +1,22 @@
curl
ethtool
htpdate
iproute2
iputils-arping
iputils-ping
iputils-tracepath
libcurl4
libssh2-1
macchanger
netcat-openbsd
ntp
openssh-client
openssh-server
openvpn
rsync
snmp
ssh-askpass
socat
traceroute
ufw
wget

9
Vagrant/resources/malcolm/malcolm-iso/config/package-lists/python.list.chroot Normal file
View File

@@ -0,0 +1,9 @@
python3
python3-pip
python3-bs4
python3-colorama
python3-netifaces
python3-psutil
python3-pycryptodome
python3-dialog
python3-requests

147
Vagrant/resources/malcolm/malcolm-iso/config/package-lists/system.list.chroot Normal file
View File

@@ -0,0 +1,147 @@
accountsservice
apache2-utils
apparmor
apparmor-profiles
apparmor-utils
apt
arj
atop
audispd-plugins
auditd
bash-completion
bc
bcrypt
bridge-utils
btrfs-progs
busybox
bzip2
ccache
cifs-utils
coreutils
cpio
cpufrequtils
cracklib-runtime
cryptsetup
cryptsetup-bin
curl
debsums
dialog
dmidecode
dosfstools
ebtables
efibootmgr
eject
fatresize
fonts-dejavu
fuse
fuseext2
fusefat
fuseiso
fusesmb
gawk
gdb
gdebi
gettext
ghostscript
ghostscript-x
git
gnupg
gnupg1
gnupg2
gpart
gparted
gvfs
gvfs-backends
gvfs-daemons
gvfs-fuse
gzip
hddtemp
hdparm
hfsplus
hfsprogs
hfsutils
htop
hwdata
javascript-common
less
libffi6
libffi-dev
libgtk2.0-bin
libnl-3-200
libnl-genl-3-200
libnl-route-3-200
libpam-pwquality
libssl-dev
libykpers-1-1
libyubikey0
lm-sensors
localepurge
lshw
lsof
lvm2
lzma
make
mcrypt
md5deep
menu
miscfiles
moreutils
mtools
multitail
ncdu
neofetch
net-tools
ntfs-3g
openssl
p7zip
p7zip-full
p7zip-rar
parprouted
partclone
parted
pciutils
pcregrep
pigz
pmount
policykit-1
prelink
procps
psmisc
pv
pwgen
rar
rtkit
samba-libs
screen
sed
sharutils
shed
smartmontools
smbclient
sparse
speedometer
squashfs-tools
strace
sudo
swig
sysstat
tar
tmux
tofrodos
tree
udisks2
unrar
unzip
upower
usbutils
user-setup
uuid-runtime
whois
xbitmaps
xfsprogs
xsltproc
xz-utils
zenity
zenity-common
zip
zlib1g-dev

3
Vagrant/resources/malcolm/malcolm-iso/config/package-lists/vbox.list.chroot Normal file
View File

@@ -0,0 +1,3 @@
virtualbox-guest-dkms
virtualbox-guest-utils
virtualbox-guest-x11