trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added Malcolm

Browse Source
This commit is contained in:
Trinitor
2021-08-06 10:35:01 +02:00
parent f043730066
commit 70f1922e80
751 changed files with 195277 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/audit/rules.d/audit.rules Normal file
View File

@@ -0,0 +1,146 @@
## First rule - delete all
-D
## Increase the buffers to survive stress events.
## Make this bigger for busy systems
-b 8192
## This determine how long to wait in burst of events
--backlog_wait_time 0
## Set failure mode to syslog
-f 1
# exclusions
-a always,exclude -F msgtype=AVC
-a always,exclude -F msgtype=CRYPTO_KEY_USER
-a always,exclude -F msgtype=CWD
-a always,exclude -F msgtype=EOE
# commands
-a always,exit -F path=/bin/fusermount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/bin/mount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/bin/pmount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/bin/pumount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/bin/umount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/etc/audisp/audisp-remote.conf -F perm=wa -k config_file_change
-a always,exit -F path=/etc/audit/auditd.conf -F perm=wa -k config_file_change
-a always,exit -F path=/etc/default/grub -F perm=wa -k config_file_change
-a always,exit -F path=/etc/fstab -F perm=wa -k config_file_change
-a always,exit -F path=/etc/hosts.deny -F perm=wa -k config_file_change
-a always,exit -F path=/etc/login.defs -F perm=wa -k config_file_change
-a always,exit -F path=/etc/profile -F perm=wa -k config_file_change
-a always,exit -F path=/etc/sysctl.conf -F perm=wa -k config_file_change
-a always,exit -F path=/sbin/apparmor_parser -F perm=x -F auid>=1000 -F auid!=4294967295 -k MAC-policy
-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-unix-update
-a always,exit -F path=/usr/bin/bsd-write -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng
-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron
-a always,exit -F path=/usr/bin/dotlock.mailutils -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/expiry -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/fusermount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/bin/mount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/ntfs-3g -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/bin/pkexec -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/pmount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/pumount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng
-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
-a always,exit -F path=/usr/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/umount -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/bin/wall -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/lib/dbus-1.0/dbus-daemon-launch-helper -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/lib/eject/dmcrypt-get-device -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/lib/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
-a always,exit -F path=/usr/lib/policykit-1/polkit-agent-helper-1 -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/lib/x86_64-linux-gnu/utempter/utempter -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/lib/xorg/Xorg.wrap -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/addgroup -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/adduser -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/exim4 -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/groupadd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/mount.cifs -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/netfilter-persistent -F perm=x -F auid>=1000 -F auid!=4294967295 -k nft_persistent_use
-a always,exit -F path=/usr/sbin/nft -F perm=x -F auid>=1000 -F auid!=4294967295 -k nft_cmd_use
-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix
-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix
-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/useradd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/userhelper -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod
-a always,exit -F path=/usr/sbin/visudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged
# privileged files
-w /bin/kmod -p x -k modules
-w /etc/apparmor.d/ -p wa -k MAC-policy
-w /etc/apparmor/ -p wa -k MAC-policy
-w /etc/group -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/hosts -p wa -k system-locale
-w /etc/issue -p wa -k system-locale
-w /etc/issue.net -p wa -k system-locale
-w /etc/localtime -p wa -k time-change
-w /etc/network -p wa -k system-locale
-w /etc/nftables.conf -p wa -k nft_config_file_change
-w /etc/opasswd -p wa -k usergroup_modification
-w /etc/passwd -p wa -k identity
-w /etc/security/opasswd -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/sudoers -p wa -k sudoers
-w /etc/sudoers.d/ -p wa -k sudoers
-w /sbin/insmod -p x -k modules
-w /sbin/modprobe -p x -k modules
-w /sbin/rmmod -p x -k modules
-w /var/log/btmp -p wa -k session
-w /var/log/faillog -p wa -k logins
-w /var/log/lastlog -p wa -k logins
-w /var/log/sudo.log -p wa -k sudoaction
-w /var/log/tallylog -p wa -k logins
-w /var/log/wtmp -p wa -k session
-w /var/run/faillock -p wa -k logins
-w /var/run/utmp -p wa -k session
# syscalls
-a always,exit -F arch=b64 -S adjtimex -S settimeofday -k time-change
-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -F auid>=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S chown -S fchown -S fchownat -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S clock_settime -k time-change
-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -k access
-a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access
-a always,exit -F arch=b64 -S open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access
-a always,exit -F arch=b64 -S execve -C gid!=egid -F key=execpriv
-a always,exit -F arch=b64 -S execve -C uid!=euid -F key=execpriv
-a always,exit -F arch=b64 -S init_module -S delete_module -S create_module -S finit_module -k modules
-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k mounts
-a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod
-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -S rmdir -F auid>=1000 -F auid!=4294967295 -k delete
-a always,exit -F dir=/etc/audit/rules.d/ -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/pam.d/ -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/profile.d/ -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/security/ -F perm=wa -k config_file_change
-a exit,always -F arch=b64 -S sethostname -S setdomainname -k system-locale
# Make the configuration immutable -- reboot is required to change audit rules
-e 2

33
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/bash.bash_aliases Normal file
View File

@@ -0,0 +1,33 @@
# some more ls aliases
# sensor
alias configure-interfaces="su -l -c /usr/local/bin/configure-interfaces.py"
alias configure-capture="/usr/local/bin/configure-capture.py"
#safety
alias mv='mv -i'
alias rm='rm -I -v'
alias cp='cp -i'
alias chmod='chmod --preserve-root'
alias chown='chown --preserve-root'
#convenience
alias ls="ls --block-size=\"'1\" --color=auto --group-directories-first"
alias la='ls -A'
alias l='ls -oah'
alias ll='ls -l --si --color=auto --group-directories-first'
alias lt='ls -ltr'
alias lld='ls -lUd */'
alias lsize='ls -lSrh'
alias df='df -Th'
alias ln='ln -s'
alias ..='cd ..'
alias cd..='cd ..'
alias cd-='cd -'
alias cdp='cd -P'
alias dump='hexdump -C'
alias findbroken='find . -type l ! -exec test -r {} \; -print'
alias utime='date +%s'
alias dutop='du -csh ./* 2>/dev/null | sort -rh'
alias mountcol='mount | column -t'
alias dmesg='dmesg -wHx'

384
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/bash.bash_functions Normal file
View File

@@ -0,0 +1,384 @@
########################################################################
# text processing
########################################################################
function cols () {
first="awk '{print "
last="}'"
cmd="${first}"
commatime=""
for var in "$@"
do
if [ -z $commatime ]
then
commatime="no"
cmd=${cmd}\$${var}
else
cmd=${cmd}\,\$${var}
fi
done
cmd="${cmd}${last}"
eval $cmd
}
function headtail () {
awk -v offset="$1" '{ if (NR <= offset) print; else { a[NR] = $0; delete a[NR-offset] } } END { { print "--------------------------------" } for (i=NR-offset+1; i<=NR; i++) print a[i] }' ;
}
function wait_file() {
local file="$1"; shift
local wait_seconds="${1:-10}"; shift # 10 seconds as default timeout
until test $((wait_seconds--)) -eq 0 -o -f "$file" ; do sleep 1; done
((++wait_seconds))
}
function taildiff () {
LEFT_FILE=$1
RIGHT_FILE=$2
RIGHT_LINES=$(wc -l "$RIGHT_FILE" | cut -d ' ' -f1)
diff -bwBy --suppress-common-lines <(head -n $RIGHT_LINES "$LEFT_FILE") <(head -n $RIGHT_LINES "$RIGHT_FILE")
}
function fs() {
if du -b /dev/null > /dev/null 2>&1; then
local arg=-sbh;
else
local arg=-sh;
fi
if [[ -n "$@" ]]; then
du $arg -- "$@";
else
du $arg .[^.]* ./*;
fi;
}
function lin () {
sed -n $1p
}
function fsize () {
echo "$1" | awk 'function human(x) {
s=" B KiB MiB GiB TiB EiB PiB YiB ZiB"
while (x>=1024 && length(s)>1)
{x/=1024; s=substr(s,5)}
s=substr(s,1,4)
xf=(s==" B ")?"%5d ":"%0.2f"
return sprintf( xf"%s", x, s)
}
{gsub(/^[0-9]+/, human($1)); print}'
}
function multigrep() { local IFS='|'; grep -rinE "$*" . ; }
function ord() { printf "%d\n" "'$1"; }
function chr() { printf \\$(($1/64*100+$1%64/8*10+$1%8))\\n; }
########################################################################
# math
########################################################################
function calc () { python -c "from math import *; n = $1; print n; print '$'+hex(trunc(n))[2:]; print '&'+oct(trunc(n))[1:]; print '%'+bin(trunc(n))[2:];"; }
function add () {
awk '{s+=$1} END {print s}'
}
########################################################################
# directory navigation/file manipulation
########################################################################
function cd() { if [[ "$1" =~ ^\.\.+$ ]];then local a dir;a=${#1};while [ $a -ne 1 ];do dir=${dir}"../";((a--));done;builtin cd $dir;else builtin cd "$@";fi ;}
function fcd() { [ -f $1 ] && { cd $(dirname $1); } || { cd $1 ; } }
function up { cd $(eval printf '../'%.0s {1..$1}) && pwd; }
function realgo() { fcd $(realpath $(which $1)) && pwd ; }
function realwhich() { realpath $(which $1) ; }
function renmod() {
FILENAME="$@";
TIMESTAMP=$(date -d @$(stat -c%Y "$FILENAME") +"%Y%m%d%H%M%S")
mv -iv "$FILENAME" "$FILENAME.$TIMESTAMP"
}
function upto() {
local EXPRESSION="$1"
if [ -z "$EXPRESSION" ]; then
echo "A folder expression must be provided." >&2
return 1
fi
if [ "$EXPRESSION" = "/" ]; then
cd "/"
return 0
fi
local CURRENT_FOLDER="$(pwd)"
local MATCHED_DIR=""
local MATCHING=true
while [ "$MATCHING" = true ]; do
if [[ "$CURRENT_FOLDER" =~ "$EXPRESSION" ]]; then
MATCHED_DIR="$CURRENT_FOLDER"
CURRENT_FOLDER=$(dirname "$CURRENT_FOLDER")
else
MATCHING=false
fi
done
if [ -n "$MATCHED_DIR" ]; then
cd "$MATCHED_DIR"
return 0
else
echo "No Match." >&2
return 1
fi
}
# complete upto
_upto () {
# necessary locals for _init_completion
local cur prev words cword
_init_completion || return
COMPREPLY+=( $( compgen -W "$( echo ${PWD//\// } )" -- $cur ) )
}
complete -F _upto upto
########################################################################
# history
########################################################################
function h() { if [ -z "$1" ]; then history; else history | grep -i "$@"; fi; }
########################################################################
# searching
########################################################################
function fname() { find . -iname "*$@*"; }
########################################################################
# examine running processes
########################################################################
function auxer() {
ps aux | grep -i "$(echo "$1" | sed "s/^\(.\)\(.*$\)/\[\1\]\2/")"
}
function psgrep() { ps axuf | grep -v grep | grep "$@" -i --color=auto; }
function killtree() {
if [ "$1" ]
then
kill $(pstree -p $1 | sed 's/(/\n(/g' | grep '(' | sed 's/(\(.*\)).*/\1/' | tr "\n" " ")
else
echo "No PID specified">&2
fi
}
function howmuchmem () {
PROCNAME="$@";
RAMKILOBYTES=($(ps axo rss,comm|grep $PROCNAME| awk '{ TOTAL += $1 } END { print TOTAL }'));
RAMBYTES=$(echo "$RAMKILOBYTES*1024" | bc);
RAM=$(fsize $RAMBYTES);
echo "$RAM";
}
function mempercent () {
PROCNAME="$@";
ps -eo pmem,comm | grep "$PROCNAME" | awk '{sum+=$1} END {print sum " % of RAM"}'
}
function htopid () {
PROCPID="$1"
htop -p $(pstree -p $PROCPID | perl -ne 'push @t, /\((\d+)\)/g; END { print join ",", @t }')
}
function lport () {
if [ "$1" ]
then
netstat -anp 2>/dev/null|grep "$1"|grep LISTEN|awk '{print $4}'|grep -P -o "\d+"|grep -v "^0$"
else
echo "No process specified">&2
fi
}
########################################################################
# APT package management
########################################################################
function aptsearch() { apt-cache search "$1"; }
function aptsize() {
dpkg-query --show --showformat='${Package;-50}\t${Installed-Size} ${Status}\n' | sort -k 2 -n | grep -v deinstall
}
########################################################################
# date/time
########################################################################
function dateu()
{
if [ "$1" ]
then
echo $(date -u -d @$1);
else
echo "No UNIX time specified">&2
fi
}
function udate()
{
if [ "$1" ]
then
date -u +%s -d "$1"
else
date -u +%s
fi
}
function sec2dhms() {
declare -i SS="$1" D=$(( SS / 86400 )) H=$(( SS % 86400 / 3600 )) M=$(( SS % 3600 / 60 )) S=$(( SS % 60 )) [ "$D" -gt 0 ] && echo -n "${D}:" [ "$H" -gt 0 ] && printf "%02g:" "$H" printf "%02g:%02g\n" "$M" "$S"
}
########################################################################
# system
########################################################################
function ddisousb() {
if [ "$1" ] && [[ -r "$1" ]] ; then
if [ "$2" ] && [[ -r "$2" ]] ; then
echo "dd if=\"$1\" of=\"$2\" bs=4M status=progress oflag=sync"
dd if="$1" of="$2" bs=4M status=progress oflag=sync
else
echo "No destination device specified">&2
fi
else
echo "No iso file specified">&2
fi
}
function find_linux_root_device() {
local PDEVICE=`stat -c %04D /`
for file in $(find /dev -type b 2>/dev/null) ; do
local CURRENT_DEVICE=$(stat -c "%02t%02T" $file)
if [ $CURRENT_DEVICE = $PDEVICE ]; then
ROOTDEVICE="$file"
break;
fi
done
echo "$ROOTDEVICE"
}
function rotationals() {
for f in /sys/block/sd?/queue/rotational; do printf "$f is "; cat $f; done
}
function schedulers() {
for f in /sys/block/sd?/queue/scheduler; do printf "$f is "; cat $f; done
}
function watch_file_size() {
perl -e '
$file = shift; die "no file [$file]" unless ((-f $file) || (-d $file));
$isDir = (-d $file);
$sleep = shift; $sleep = 1 unless $sleep =~ /^[0-9]+$/;
$format = "%0.2f %0.2f\n";
while(1){
if ($isDir) {
$size = `du -0scb $file`;
$size =~ s/\s+.*//;
} else {
$size = ((stat($file))[7]);
}
$change = $size - $lastsize;
printf $format, $size/1024/1024, $change/1024/1024/$sleep;
sleep $sleep;
$lastsize = $size;
}' "$1" "$2"
}
function dux() {
du -x --max-depth=1|sort -rn|awk -F / -v c=$COLUMNS 'NR==1{t=$1} NR>1{r=int($1/t*c+.5); b="\033[1;31m"; for (i=0; i<r; i++) b=b"#"; printf " %5.2f%% %s\033[0m %s\n", $1/t*100, b, $2}'|tac
}
function dirtydev() {
while true; do cat /sys/block/$1/stat|cols 9; grep -P "(Dirty)\b" /proc/meminfo; sleep 1; done
}
function cpuuse() {
if [ "$1" ]; then
SLEEPSEC="$1"
else
SLEEPSEC=1
fi
{ cat /proc/stat; sleep "$SLEEPSEC"; cat /proc/stat; } | \
awk '/^cpu / {usr=$2-usr; sys=$4-sys; idle=$5-idle; iow=$6-iow} \
END {total=usr+sys+idle+iow; printf "%.2f\n", (total-idle)*100/total}'
}
########################################################################
# misc. shell/tmux/etc
########################################################################
function tmux() {
TMUX="$(which tmux)"
# old habits die hard, make "screen -l" and "screen -r" work the way I want them to for tmux
if [ "$#" -eq 1 ] && ([ "$1" = "-list" ] || [ "$1" = "-l" ]); then
shift
"$TMUX" ls
elif ([ "$#" -eq 1 ] || [ "$#" -ge 2 ]) && [ "$1" = "-r" ]; then
shift
if [ "$#" -eq 0 ]; then
"$TMUX" ls >/dev/null 2>&1 && "$TMUX" attach || echo "No tmux sessions found"
else
SID="$1"; shift
"$TMUX" attach -t "$SID" "$@"
fi
else
"$TMUX" "$@"
fi
}
function screen() {
tmux "$@"
}
########################################################################
# sensor-specific
########################################################################
function sensorwatch () {
if [ "$1" ]; then
SLEEPSEC="$1"
else
SLEEPSEC=1
fi
if [ -f /opt/sensor/sensor_ctl/control_vars.conf ] ; then
. /opt/sensor/sensor_ctl/control_vars.conf
if [ -d "$ZEEK_LOG_PATH" ] && [ -d "$PCAP_PATH" ] ; then
while true; do
clear
find "$PCAP_PATH" "$ZEEK_LOG_PATH" -type f \( -name "*.pcap*" -o -name "*.log*" \) -print0 | \
xargs -0 stat --format '%Y: %y %s %n' | \
sort -nr | \
cut -d: -f2- | \
sed -r "s/\..*\\+0000//" | \
head -n 10 | \
awk 'function human(x) {
s=" B KiB MiB GiB TiB EiB PiB YiB ZiB"
while (x>=1024 && length(s)>1)
{x/=1024; s=substr(s,5)}
s=substr(s,1,4)
xf=(s==" B ")?"%5d ":"%0.2f"
return sprintf( xf"%s", x, s)
};
{
$3 = human($3);
print
}'
echo
du -sh "$PCAP_PATH" "$ZEEK_LOG_PATH"
echo
df -h "$PCAP_PATH" "$ZEEK_LOG_PATH"
sleep $SLEEPSEC
done
fi
fi
}

17
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/chromium/policies/managed/policy.json Normal file
View File

@@ -0,0 +1,17 @@
{
"AllowDinosaurEasterEgg": false,
"BrowserSignin": false,
"EnableMediaRouter": false,
"HomepageIsNewTabPage": false,
"HomepageLocation": "http://127.0.0.1:5000",
"NewTabPageLocation": "about:blank",
"PromotionalTabsEnabled": false,
"RestoreOnStartup": 4,
"RestoreOnStartupURLs": [
"http://127.0.0.1:5000"
],
"RestrictSigninToPattern": ".*@example.com",
"SafeBrowsingExtendedReportingEnabled": false,
"ShowCastIconInToolbar": false,
"SyncDisabled": true
}

1
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/installer Normal file
View File

@@ -0,0 +1 @@
sensor

5
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/live/config.conf Normal file
View File

@@ -0,0 +1,5 @@
LIVE_LOCALES="en_US.UTF-8"
LIVE_HOSTNAME="sensor-live"
LIVE_USERNAME="sensor"
LIVE_USER_FULLNAME="sensor"
LIVE_USER_DEFAULT_GROUPS="adm audio cdrom disk netdev plugdev sudo video vboxsf"

341
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/login.defs Normal file
View File

@@ -0,0 +1,341 @@
#
# /etc/login.defs - Configuration control definitions for the login package.
#
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
# If unspecified, some arbitrary (and possibly incorrect) value will
# be assumed. All other items are optional - if not specified then
# the described action or option will be inhibited.
#
# Comment lines (lines beginning with "#") and blank lines are ignored.
#
# Modified for Linux. --marekm
# REQUIRED for useradd/userdel/usermod
# Directory where mailboxes reside, _or_ name of file, relative to the
# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
# MAIL_DIR takes precedence.
#
# Essentially:
# - MAIL_DIR defines the location of users mail spool files
# (for mbox use) by appending the username to MAIL_DIR as defined
# below.
# - MAIL_FILE defines the location of the users mail spool files as the
# fully-qualified filename obtained by prepending the user home
# directory before $MAIL_FILE
#
# NOTE: This is no more used for setting up users MAIL environment variable
# which is, starting from shadow 4.0.12-1 in Debian, entirely the
# job of the pam_mail PAM modules
# See default PAM configuration files provided for
# login, su, etc.
#
# This is a temporary situation: setting these variables will soon
# move to /etc/default/useradd and the variables will then be
# no more supported
MAIL_DIR /var/mail
#MAIL_FILE .mail
#
# Enable logging and display of /var/log/faillog login failure info.
# This option conflicts with the pam_tally PAM module.
#
FAILLOG_ENAB yes
#
# Enable display of unknown usernames when login failures are recorded.
#
# WARNING: Unknown usernames may become world readable.
# See #290803 and #298773 for details about how this could become a security
# concern
LOG_UNKFAIL_ENAB no
#
# Enable logging of successful logins
#
LOG_OK_LOGINS no
#
# Enable "syslog" logging of su activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg.
#
SYSLOG_SU_ENAB yes
SYSLOG_SG_ENAB yes
#
# If defined, all su activity is logged to this file.
#
#SULOG_FILE /var/log/sulog
#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100 tty01".
#
#TTYTYPE_FILE /etc/ttytype
#
# If defined, login failures will be logged here in a utmp format
# last, when invoked as lastb, will read /var/log/btmp, so...
#
FTMP_FILE /var/log/btmp
#
# If defined, the command name to display when running "su -". For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su". If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
SU_NAME su
#
# If defined, file which inhibits all the usual chatter during the login
# sequence. If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file. If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin
#
# Terminal permissions
#
# TTYGROUP Login tty will be assigned this group ownership.
# TTYPERM Login tty will be set to this permission.
#
# If you have a "write" program which is "setgid" to a special group
# which owns the terminals, define TTYGROUP to the group number and
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
# TTYPERM to either 622 or 600.
#
# In Debian /usr/bin/bsd-write or similar programs are setgid tty
# However, the default and recommended value for TTYPERM is still 0600
# to not allow anyone to write to anyone else console or terminal
# Users can still allow other people to write them by issuing
# the "mesg y" command.
TTYGROUP tty
TTYPERM 0600
#
# Login configuration initializations:
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
# UMASK Default "umask" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
#
# UMASK is the default umask value for pam_umask and is used by
# useradd and newusers to set the mode of the new home directories.
# 022 is the "historical" value in Debian for UMASK
# 027, or even 077, could be considered better for privacy
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
# for private user groups, i. e. the uid is the same as gid, and username is
# the same as the primary group name: for these, the user permissions will be
# used as group permissions, e. g. 022 will become 002.
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
KILLCHAR 025
UMASK 077
#
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_WARN_AGE 7
#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000
# System accounts
#SYS_UID_MIN 100
#SYS_UID_MAX 999
#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 1000
GID_MAX 60000
# System accounts
#SYS_GID_MIN 100
#SYS_GID_MAX 999
#
# Max number of login retries if password is bad. This will most likely be
# overriden by PAM, since the default pam_unix module has it's own built
# in of 3 retries. However, this is a safe fallback in case you are using
# an authentication module that does not enforce PAM_MAXTRIES.
#
LOGIN_RETRIES 5
#
# Max time in seconds for login
#
LOGIN_TIMEOUT 60
#
# Which fields may be changed by regular users using chfn - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
#
CHFN_RESTRICT rwh
#
# Should login be allowed if we can't cd to the home directory?
# Default in no.
#
DEFAULT_HOME yes
CREATE_HOME yes
#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD /usr/sbin/userdel_local
#
# If set to yes, userdel will remove the user's group if it contains no
# more members, and useradd will create by default a group with the name
# of the user.
#
# Other former uses of this variable such as setting the umask when
# user==primary group are not used in PAM environments, such as Debian
#
USERGROUPS_ENAB yes
#
# Instead of the real user shell, the program specified by this parameter
# will be launched, although its visible name (argv[0]) will be the shell's.
# The program may do whatever it wants (logging, additional authentification,
# banner, ...) before running the actual shell.
#
# FAKE_SHELL /bin/fakeshell
#
# If defined, either full pathname of a file containing device names or
# a ":" delimited list of device names. Root logins will be allowed only
# upon these devices.
#
# This variable is used by login and su.
#
#CONSOLE /etc/consoles
#CONSOLE console:tty01:tty02:tty03:tty04
#
# List of groups to add to the user's supplementary group set
# when logging in on the console (as determined by the CONSOLE
# setting). Default is none.
#
# Use with caution - it is possible for users to gain permanent
# access to these groups, even when not logged in on the console.
# How to do it is left as an exercise for the reader...
#
# This variable is used by login and su.
#
#CONSOLE_GROUPS floppy:audio:cdrom
#
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings.
# Set to "no" if you need to copy encrypted passwords to other systems
# which don't understand the new algorithm. Default is "no".
#
# This variable is deprecated. You should use ENCRYPT_METHOD.
#
#MD5_CRYPT_ENAB no
#
# If set to MD5 , MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
# If set to DES, DES-based algorithm will be used for encrypting password (default)
# Overrides the MD5_CRYPT_ENAB option
#
# Note: It is recommended to use a value consistent with
# the PAM modules configuration.
#
ENCRYPT_METHOD SHA512
#
# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
#
# Define the number of SHA rounds.
# With a lot of rounds, it is more difficult to brute forcing the password.
# But note also that it more CPU resources will be needed to authenticate
# users.
#
# If not specified, the libc will choose the default number of rounds (5000).
# The values must be inside the 1000-999999999 range.
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
#
# SHA_CRYPT_MIN_ROUNDS 5000
# SHA_CRYPT_MAX_ROUNDS 5000
################# OBSOLETED BY PAM ##############
# #
# These options are now handled by PAM. Please #
# edit the appropriate file in /etc/pam.d/ to #
# enable the equivelants of them.
#
###############
#MOTD_FILE
#DIALUPS_CHECK_ENAB
#LASTLOG_ENAB
#MAIL_CHECK_ENAB
#OBSCURE_CHECKS_ENAB
#PORTTIME_CHECKS_ENAB
#SU_WHEEL_ONLY
#CRACKLIB_DICTPATH
#PASS_CHANGE_TRIES
#PASS_ALWAYS_WARN
#ENVIRON_FILE
#NOLOGINS_FILE
#ISSUE_FILE
#PASS_MIN_LEN
#PASS_MAX_LEN
#ULIMIT
#ENV_HZ
#CHFN_AUTH
#CHSH_AUTH
#FAIL_DELAY
################# OBSOLETED #######################
# #
# These options are no more handled by shadow. #
# #
# Shadow utilities will display a warning if they #
# still appear. #
# #
###################################################
# CLOSE_SESSIONS
# LOGIN_STRING
# NO_PASSWORD_CONSOLE
# QMAIL_DIR

8
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/security/limits.d/limits.conf Normal file
View File

@@ -0,0 +1,8 @@
* soft nofile 65535
* hard nofile 65535
* soft memlock unlimited
* hard memlock unlimited
* soft core 0
* hard core 0
* hard maxlogins 10

2
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.Xresources Normal file
View File

@@ -0,0 +1,2 @@
xscreensaver.mode: blank
xscreensaver.lock: false

88
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.bashrc Normal file
View File

@@ -0,0 +1,88 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# new directories default to 700, new files to 600
umask 077
export UMASK=077
# If not running interactively, don't do anything
[ -z "$PS1" ] && return
# don't put duplicate lines in the history and ignore same sucessive entries.
export HISTCONTROL=ignoreboth:erasedups
export HISTIGNORE="&:ls:ll:cd:history:h:[bf]g:exit:pwd:clear"
export HISTFILESIZE=1000000000
export HISTSIZE=1000000
export HISTTIMEFORMAT="[%Y-%m-%d %H:%M:%S] "
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"'
;;
*)
;;
esac
# enable programmable completion features
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
###############################################################################
# PATH
###############################################################################
PATH=/opt/zeek/bin:/opt/spicy/bin:/opt/moloch/bin:/usr/sbin:$PATH
if [ -d ~/bin ]; then
PATH=~/bin:$PATH
fi
if [ -d ~/.local/bin ]; then
PATH=~/.local/bin:$PATH
fi
export PATH
###############################################################################
# ALIASES AND FUNCTIONS
###############################################################################
if [ -f /etc/bash.bash_aliases ]; then
. /etc/bash.bash_aliases
fi
if [ -f /etc/bash.bash_functions ]; then
. /etc/bash.bash_functions
fi
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
if [ -f ~/.bash_functions ]; then
. ~/.bash_functions
fi
###############################################################################
# BASH OPTIONS
###############################################################################
shopt -s extglob
shopt -s dotglob
shopt -s cdspell
shopt -s histverify
shopt -s histappend
shopt -u progcomp
PROMPT_COMMAND="history -a;$PROMPT_COMMAND"
###############################################################################
# BASH PROMPT
###############################################################################
PS1="\[\033[00;32m\]\u\[\033[00;34m\]@\h\[\033[1;30m\]:\[\033[00;35m\]\W\[\033[00m\]\[\033[01;37m\]\$ \[\033[00;37m\]"

27
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.config/clipit/clipitrc Normal file
View File

@@ -0,0 +1,27 @@
[rc]
use_copy=true
use_primary=false
synchronize=false
automatic_paste=false
show_indexes=false
save_uris=true
use_rmb_menu=false
save_history=false
history_limit=50
history_timeout_seconds=300
history_timeout=true
items_menu=10
statics_show=false
statics_items=0
hyperlinks_only=true
confirm_clear=false
single_line=true
reverse_history=true
item_length=0
ellipsize=0
history_key=<Ctrl><Alt>H
actions_key=<Ctrl><Alt>A
menu_key=<Ctrl><Alt>P
search_key=<Ctrl><Alt>F
offline_key=<Ctrl><Alt>O
offline_mode=false

15
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.config/gtk-3.0/settings.ini Normal file
View File

@@ -0,0 +1,15 @@
[Settings]
gtk-theme-name=Adwaita-dark
gtk-icon-theme-name=gnome
gtk-font-name=Sans 10
gtk-cursor-theme-size=18
gtk-toolbar-style=GTK_TOOLBAR_BOTH_HORIZ
gtk-toolbar-icon-size=GTK_ICON_SIZE_LARGE_TOOLBAR
gtk-button-images=1
gtk-menu-images=1
gtk-enable-event-sounds=0
gtk-enable-input-feedback-sounds=0
gtk-xft-antialias=1
gtk-xft-hinting=1
gtk-xft-hintstyle=hintslight
gtk-xft-rgba=rgb

134
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.config/lxpanel/LXDE/panels/hedgehog Normal file
View File

@@ -0,0 +1,134 @@
# lxpanel <profile> config file. Manually editing is not recommended.
# Use preference dialog in lxpanel to adjust config when you can.
Global {
edge=top
monitor=0
height=32
align=left
widthtype=percent
width=100
transparent=0
background=0
autohide=0
heightwhenhidden=4
tintcolor=#a0a0a0
alpha=255
setpartialstrut=1
iconsize=24
}
Plugin {
type=menu
Config {
system {
}
separator {
}
item {
command=run
}
separator {
}
item {
command=logout
image=gnome-logout
}
image=/usr/share/icons/gnome/32x32/places/start-here.png
}
}
Plugin {
type=separator
Config {
}
}
Plugin {
type=launchtaskbar
Config {
Button {
id=terminator.desktop
}
Button {
id=firefox.desktop
}
Button {
id=hedgehog-kiosk.desktop
}
Button {
id=hedgehog-readme.desktop
}
Button {
id=sensor-services-status.desktop
}
Button {
id=configure-capture.desktop
}
Button {
id=configure-interfaces.desktop
}
Button {
id=sensor-services-full-restart.desktop
}
IconsOnly=0
FlatButton=0
UseMouseWheel=0
GroupedTasks=1
DisableUpscale=0
UseSmallerIcons=-1
spacing=1
ShowAllDesks=0
}
}
Plugin {
type=space
Config {
}
expand=1
}
Plugin {
type=separator
Config {
}
}
Plugin {
type=pager
Config {
}
}
Plugin {
type=separator
Config {
}
}
Plugin {
type=dclock
Config {
ClockFmt=%R
TooltipFmt=%A %x
BoldFont=0
IconOnly=0
CenterText=0
}
}
Plugin {
type=separator
Config {
}
}
Plugin {
type=tray
Config {
}
}
Plugin {
type=separator
Config {
}
}
Plugin {
type=launchbar
Config {
Button {
id=lxde-logout.desktop
}
}
}

48
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.config/lxsession/LXDE/desktop.conf Normal file
View File

@@ -0,0 +1,48 @@
[Session]
window_manager=openbox-lxde
disable_autostart=no
polkit/command=lxpolkit
clipboard/command=lxclipboard
xsettings_manager/command=build-in
proxy_manager/command=build-in
keyring/command=ssh-agent
quit_manager/command=lxsession-logout
lock_manager/command=lxlock
terminal_manager/command=lxterminal
[GTK]
sNet/ThemeName=Adwaita-dark
sNet/IconThemeName=gnome
sGtk/FontName=Sans 10
iGtk/ToolbarStyle=3
iGtk/ButtonImages=1
iGtk/MenuImages=1
iGtk/CursorThemeSize=18
iXft/Antialias=1
iXft/Hinting=1
sXft/HintStyle=hintslight
sXft/RGBA=rgb
iNet/EnableEventSounds=1
iNet/EnableInputFeedbackSounds=1
sGtk/ColorScheme=
iGtk/ToolbarIconSize=3
sGtk/CursorThemeName=DMZ-White
[Mouse]
AccFactor=20
AccThreshold=10
LeftHanded=0
[Keyboard]
Delay=500
Interval=30
Beep=1
[State]
guess_default=true
[Dbus]
lxde=true
[Environment]
menu_prefix=lxde-

13
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.config/pcmanfm/LXDE/desktop-items-0.conf Normal file
View File

@@ -0,0 +1,13 @@
[*]
wallpaper_mode=fit
wallpaper_common=1
wallpaper=/usr/share/images/desktop-base/hedgehog-wallpaper.png
desktop_bg=#1c0522
desktop_fg=#ffffff
desktop_shadow=#000000
desktop_font=Ubuntu Medium 12
show_wm_menu=0
sort=mtime;ascending;
show_documents=0
show_trash=0
show_mounts=1

26
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.config/pcmanfm/LXDE/pcmanfm.conf Normal file
View File

@@ -0,0 +1,26 @@
[config]
bm_open_method=0
[volume]
mount_on_startup=0
mount_removable=0
autorun=0
[ui]
always_show_tabs=0
max_tab_chars=32
win_width=640
win_height=480
splitter_pos=150
media_in_new_tab=0
desktop_folder_new_win=0
change_tab_on_drop=1
close_on_unmount=1
focus_previous=0
side_pane_mode=places
view_mode=list
show_hidden=0
sort=name;ascending;
toolbar=newtab;navigation;home;
show_statusbar=1
pathbar_mode_buttons=0

0
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.hushlogin Normal file
View File

1
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.selected_editor Normal file
View File

@@ -0,0 +1 @@
SELECTED_EDITOR="/usr/bin/vim.tiny"

47
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.tmux.conf Normal file
View File

@@ -0,0 +1,47 @@
unbind C-b
set -g prefix C-a
bind a send-prefix
bind-key C-a last-window
# Make shift+arrows, ctrl+arrows etc work in Vim.
set -g xterm-keys on
# See if this fixes slow ESC issues.
# http://unix.stackexchange.com/questions/23138/esc-key-causes-a-small-delay-in-terminal-due-to-its-alt-behavior
set -s escape-time 0
# Start window and pane indices at 1.
set -g base-index 1
set -g pane-base-index 1
# Status bar styling and content.
set -g status-bg black
set -g status-fg white
set -g status-left '#S '
# Highlight the active window in the status bar.
set-window-option -g window-status-current-bg yellow
set-window-option -g window-status-current-fg black
# More intuitive split-window mappings.
bind "'" split-window -h
bind - split-window -v
# Maximize pane, e.g. for copying.
bind-key z resize-pane -Z
# Switch pane and zoom
# https://twitter.com/tskogberg/status/792025881573199872
bind C-z select-pane -t :.+ \; resize-pane -Z
# toggle synchronize panes
bind C-x set-window-option synchronize-panes\; display-message "synchronize-panes is now #{?pane_synchronized,on,off}"
# Reload tmux conf.
unbind r
bind r source-file ~/.tmux.conf\; display "Reloaded conf."
# Use vim keybindings in copy mode
setw -g mode-keys vi

2
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.vimrc Normal file
View File

@@ -0,0 +1,2 @@
set nocompatible

281
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/skel/.xscreensaver Normal file
View File

@@ -0,0 +1,281 @@
# XScreenSaver Preferences File
# Written by xscreensaver-demo 5.36 for sensor on Wed Jul 3 15:35:13 2019.
# https://www.jwz.org/xscreensaver/
timeout: 0:10:00
cycle: 0:10:00
lock: False
lockTimeout: 0:00:00
passwdTimeout: 0:00:30
visualID: default
installColormap: True
verbose: False
timestamp: True
splash: True
splashDuration: 0:00:05
demoCommand: xscreensaver-demo
prefsCommand: xscreensaver-demo -prefs
nice: 10
memoryLimit: 0
fade: False
unfade: False
fadeSeconds: 0:00:03
fadeTicks: 20
captureStderr: True
ignoreUninstalledPrograms:True
font: *-medium-r-*-140-*-m-*
dpmsEnabled: False
dpmsQuickOff: False
dpmsStandby: 2:00:00
dpmsSuspend: 2:00:00
dpmsOff: 4:00:00
grabDesktopImages: False
grabVideoFrames: False
chooseRandomImages: False
imageDirectory:
mode: blank
selected: -1
textMode: date
textLiteral: XScreenSaver
textFile:
textProgram: fortune
textURL: http://planet.debian.org/rss20.xml
programs: \
maze -root \n\
- GL: superquadrics -root \n\
attraction -root \n\
blitspin -root \n\
greynetic -root \n\
helix -root \n\
hopalong -root \n\
imsmap -root \n\
- noseguy -root \n\
- pyro -root \n\
qix -root \n\
- rocks -root \n\
rorschach -root \n\
decayscreen -root \n\
flame -root \n\
halo -root \n\
slidescreen -root \n\
pedal -root \n\
bouboule -root \n\
- braid -root \n\
coral -root \n\
deco -root \n\
drift -root \n\
- fadeplot -root \n\
galaxy -root \n\
goop -root \n\
grav -root \n\
ifs -root \n\
unicode -root \n\
- GL: jigsaw -root \n\
julia -root \n\
- kaleidescope -root \n\
- GL: moebius -root \n\
moire -root \n\
- GL: morph3d -root \n\
mountain -root \n\
munch -root \n\
penrose -root \n\
- GL: pipes -root \n\
rd-bomb -root \n\
- GL: rubik -root \n\
- sierpinski -root \n\
slip -root \n\
- GL: sproingies -root \n\
starfish -root \n\
strange -root \n\
swirl -root \n\
triangle -root \n\
xjack -root \n\
xlyap -root \n\
- GL: atlantis -root \n\
bsod -root \n\
- GL: bubble3d -root \n\
- GL: cage -root \n\
- crystal -root \n\
cynosure -root \n\
discrete -root \n\
distort -root \n\
epicycle -root \n\
flow -root \n\
- GL: glplanet -root \n\
interference -root \n\
kumppa -root \n\
- GL: lament -root \n\
moire2 -root \n\
- GL: sonar -root \n\
- GL: stairs -root \n\
truchet -root \n\
- vidwhacker -root \n\
blaster -root \n\
bumps -root \n\
ccurve -root \n\
compass -root \n\
deluxe -root \n\
- demon -root \n\
- GL: extrusion -root \n\
- loop -root \n\
penetrate -root \n\
petri -root \n\
phosphor -root \n\
- GL: pulsar -root \n\
ripples -root \n\
shadebobs -root \n\
- GL: sierpinski3d -root \n\
spotlight -root \n\
squiral -root \n\
wander -root \n\
- webcollage -root \n\
xflame -root \n\
xmatrix -root \n\
- GL: gflux -root \n\
- nerverot -root \n\
xrayswarm -root \n\
xspirograph -root \n\
- GL: circuit -root \n\
- GL: dangerball -root \n\
- GL: engine -root \n\
- GL: flipscreen3d -root \n\
- GL: gltext -root \n\
- GL: menger -root \n\
- GL: molecule -root \n\
rotzoomer -root \n\
speedmine -root \n\
- GL: starwars -root \n\
- GL: stonerview -root \n\
vermiculate -root \n\
whirlwindwarp -root \n\
zoom -root \n\
anemone -root \n\
apollonian -root \n\
- GL: boxed -root \n\
- GL: cubenetic -root \n\
- GL: endgame -root \n\
euler2d -root \n\
fluidballs -root \n\
- GL: flurry -root \n\
- GL: glblur -root \n\
- GL: glsnake -root \n\
halftone -root \n\
- GL: juggler3d -root \n\
- GL: lavalite -root \n\
- polyominoes -root \n\
- GL: queens -root \n\
- GL: sballs -root \n\
- GL: spheremonics -root \n\
- thornbird -root \n\
twang -root \n\
- GL: antspotlight -root \n\
apple2 -root \n\
- GL: atunnel -root \n\
barcode -root \n\
- GL: blinkbox -root \n\
- GL: blocktube -root \n\
- GL: bouncingcow -root \n\
cloudlife -root \n\
- GL: cubestorm -root \n\
eruption -root \n\
- GL: flipflop -root \n\
- GL: flyingtoasters -root \n\
fontglide -root \n\
- GL: gleidescope -root \n\
- GL: glknots -root \n\
- GL: glmatrix -root \n\
- GL: glslideshow -root \n\
- GL: hypertorus -root \n\
- GL: jigglypuff -root \n\
metaballs -root \n\
- GL: mirrorblob -root \n\
piecewise -root \n\
- GL: polytopes -root \n\
pong -root \n\
popsquares -root \n\
- GL: surfaces -root \n\
xanalogtv -root \n\
abstractile -root \n\
anemotaxis -root \n\
- GL: antinspect -root \n\
fireworkx -root \n\
fuzzyflakes -root \n\
interaggregate -root \n\
intermomentary -root \n\
memscroller -root \n\
- GL: noof -root \n\
pacman -root \n\
- GL: pinion -root \n\
- GL: polyhedra -root \n\
- GL: providence -root \n\
substrate -root \n\
wormhole -root \n\
- GL: antmaze -root \n\
- GL: boing -root \n\
boxfit -root \n\
- GL: carousel -root \n\
celtic -root \n\
- GL: crackberg -root \n\
- GL: cube21 -root \n\
fiberlamp -root \n\
- GL: fliptext -root \n\
- GL: glhanoi -root \n\
- GL: tangram -root \n\
- GL: timetunnel -root \n\
- GL: glschool -root \n\
- GL: topblock -root \n\
- GL: cubicgrid -root \n\
cwaves -root \n\
- GL: gears -root \n\
- GL: glcells -root \n\
- GL: lockward -root \n\
m6502 -root \n\
- GL: moebiusgears -root \n\
- GL: voronoi -root \n\
- GL: hypnowheel -root \n\
- GL: klein -root \n\
- lcdscrub -root \n\
- GL: photopile -root \n\
- GL: skytentacles -root \n\
- GL: rubikblocks -root \n\
- GL: companioncube -root \n\
- GL: hilbert -root \n\
- GL: tronbit -root \n\
- GL: geodesic -root \n\
hexadrop -root \n\
- GL: kaleidocycle -root \n\
- GL: quasicrystal -root \n\
- GL: unknownpleasures -root \n\
binaryring -root \n\
- GL: cityflow -root \n\
- GL: geodesicgears -root \n\
- GL: projectiveplane -root \n\
- GL: romanboy -root \n\
tessellimage -root \n\
- GL: winduprobot -root \n\
- GL: splitflap -root \n\
- GL: cubestack -root \n\
- GL: cubetwist -root \n\
- GL: discoball -root \n\
- GL: dymaxionmap -root \n\
- GL: energystream -root \n\
- GL: hexstrut -root \n\
- GL: hydrostat -root \n\
- GL: raverhoop -root \n\
- GL: splodesic -root \n\
- GL: unicrud -root \n\
pointerPollTime: 0:00:05
pointerHysteresis: 10
windowCreationTimeout:0:00:30
initialDelay: 0:00:00
GetViewPortIsFullOfLies:False
procInterrupts: True
xinputExtensionDev: False
overlayStderr: True
authWarningSlack: 20

127
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/ssh/sshd_config Normal file
View File

@@ -0,0 +1,127 @@
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Protocol 2
#Port 22
AddressFamily inet
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-256,hmac-sha2-512
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 60
PermitRootLogin no
StrictModes yes
MaxAuthTries 4
#MaxSessions 10
PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Kerberos options
KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
RhostsRSAAuthentication no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
UsePrivilegeSeparation sandbox
PermitUserEnvironment no
Compression no
ClientAliveInterval 300
ClientAliveCountMax 0
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
Banner=/etc/issue
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

2
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/sudoers.d/nic_capture_setup Normal file
View File

@@ -0,0 +1,2 @@
# allow unprivileged mgmt of interface flags via ethtool prior to starting capture
%netdev ALL=(root) NOPASSWD: /usr/local/bin/nic-capture-setup.sh

2
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/sudoers.d/ufw_moloch_viewer Normal file
View File

@@ -0,0 +1,2 @@
# allow unprivileged mgmt of UFW access for the local Arkime viewer instance
%netdev ALL=(root) NOPASSWD: /usr/local/bin/ufw_allow_viewer.sh

5
Vagrant/resources/malcolm/sensor-iso/config/includes.chroot/etc/xdg/lxsession/LXDE/autostart Normal file
View File

@@ -0,0 +1,5 @@
@lxpanel --profile LXDE
@pcmanfm --desktop --profile LXDE
@xscreensaver -no-splash
@/usr/local/bin/capture-format-wait.sh
@/opt/firefox/firefox --setDefaultBrowser --no-remote --private --kiosk http://127.0.0.1:5000