Add synterloper/synterloper.sh
This commit is contained in:
parent
02d694a49a
commit
7a3cbf5630
1 changed files with 163 additions and 0 deletions
163
synterloper/synterloper.sh
Normal file
163
synterloper/synterloper.sh
Normal file
|
@ -0,0 +1,163 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# SYNterloper - A Lightweight Connection Logger
|
||||||
|
#
|
||||||
|
# This is a self-contained script for installing and uninstalling the SYNterloper
|
||||||
|
# connection logging service.
|
||||||
|
#
|
||||||
|
# Usage for installation:
|
||||||
|
# sudo ./synterloper.sh
|
||||||
|
# sudo ./synterloper.sh install
|
||||||
|
#
|
||||||
|
# Usage for uninstallation:
|
||||||
|
# sudo /usr/local/sbin/synterloper uninstall
|
||||||
|
#
|
||||||
|
|
||||||
|
# --- Configuration ---
|
||||||
|
LOG_DIR="/var/log/synterloper"
|
||||||
|
CAPTURE_PORT="22"
|
||||||
|
ROTATE_SECONDS="3600" # 1 hour
|
||||||
|
RETENTION_DAYS="7"
|
||||||
|
SNAP_LEN="128" # Bytes to capture per packet
|
||||||
|
INSTALL_PATH="/usr/local/sbin/synterloper"
|
||||||
|
|
||||||
|
# --- Main Functions ---
|
||||||
|
|
||||||
|
install_synterloper() {
|
||||||
|
# Ensure script is run as root
|
||||||
|
if [ "$(id -u)" -ne 0 ]; then
|
||||||
|
echo "Error: Installation must be run as root." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Starting SYNterloper installation..."
|
||||||
|
|
||||||
|
# Detect OS and install dependencies
|
||||||
|
OS_TYPE=$(uname)
|
||||||
|
echo "OS Type detected: ${OS_TYPE}"
|
||||||
|
if [ "${OS_TYPE}" = "Linux" ]; then
|
||||||
|
echo "Installing dependencies (tcpdump) using apt..."
|
||||||
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
|
if ! apt-get update >/dev/null; then echo "Error: apt-get update failed."; exit 1; fi
|
||||||
|
if ! apt-get install -y tcpdump >/dev/null; then echo "Error: apt-get install failed."; exit 1; fi
|
||||||
|
elif [ "${OS_TYPE}" = "FreeBSD" ]; then
|
||||||
|
echo "Installing dependencies (tcpdump) using pkg..."
|
||||||
|
if ! pkg install -y tcpdump >/dev/null; then echo "Error: pkg install failed."; exit 1; fi
|
||||||
|
else
|
||||||
|
echo "Error: Unsupported OS type '${OS_TYPE}'" >&2; exit 1
|
||||||
|
fi
|
||||||
|
echo "Dependency installation complete."
|
||||||
|
|
||||||
|
# Create log directory
|
||||||
|
echo "Creating log directory: ${LOG_DIR}"
|
||||||
|
mkdir -p "${LOG_DIR}" && chown root:root "${LOG_DIR}" && chmod 700 "${LOG_DIR}"
|
||||||
|
|
||||||
|
# Create the system service
|
||||||
|
if [ "${OS_TYPE}" = "Linux" ]; then
|
||||||
|
echo "Creating systemd service: synterloper.service"
|
||||||
|
cat > /etc/systemd/system/synterloper.service <<EOF
|
||||||
|
[Unit]
|
||||||
|
Description=SYNterloper - TCP Port Connection Logger
|
||||||
|
After=network.target
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
ExecStart=/bin/sh -c 'exec /usr/sbin/tcpdump -i \$(ip -4 route get 1.1.1.1 | grep -oP "dev \\K\\S+") -s ${SNAP_LEN} -w ${LOG_DIR}/capture-%Y-%m-%d_%H-%M.pcap -G ${ROTATE_SECONDS} "tcp port ${CAPTURE_PORT}"'
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=5
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
echo "Enabling and starting synterloper service (systemd)..."
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable synterloper.service
|
||||||
|
systemctl start synterloper.service
|
||||||
|
elif [ "${OS_TYPE}" = "FreeBSD" ]; then
|
||||||
|
echo "Creating rc.d script: /usr/local/etc/rc.d/synterloper"
|
||||||
|
cat > /usr/local/etc/rc.d/synterloper <<'EOF'
|
||||||
|
#!/bin/sh
|
||||||
|
# PROVIDE: synterloper
|
||||||
|
# REQUIRE: NETWORKING
|
||||||
|
. /etc/rc.subr
|
||||||
|
name="synterloper"; rcvar="synterloper_enable"; load_rc_config \$name
|
||||||
|
: \${synterloper_enable:="NO"}; : \${synterloper_port:="22"}; : \${synterloper_logdir:="/var/log/synterloper"}
|
||||||
|
: \${synterloper_rotate_sec:="3600"}; : \${synterloper_snaplen:="128"}
|
||||||
|
default_iface=\$(route -n get default | grep 'interface:' | awk '{print \$2}'); command="/usr/sbin/tcpdump"
|
||||||
|
command_args="-i \${default_iface} -s \${synterloper_snaplen} -w \${synterloper_logdir}/capture-%Y-%m-%d_%H-%M.pcap -G \${synterloper_rotate_sec} \"tcp port \${synterloper_port}\""
|
||||||
|
pidfile="/var/run/\${name}.pid"; start_cmd="daemon -p \${pidfile} \${command} \${command_args}"
|
||||||
|
run_rc_command "\$1"
|
||||||
|
EOF
|
||||||
|
chmod +x /usr/local/etc/rc.d/synterloper
|
||||||
|
echo "Enabling and starting synterloper service (rc.d)..."
|
||||||
|
sysrc synterloper_enable=YES synterloper_port="${CAPTURE_PORT}" synterloper_logdir="${LOG_DIR}" synterloper_rotate_sec="${ROTATE_SECONDS}" synterloper_snaplen="${SNAP_LEN}"
|
||||||
|
service synterloper start
|
||||||
|
fi
|
||||||
|
echo "Service configuration complete."
|
||||||
|
|
||||||
|
# Create the log rotation cron job
|
||||||
|
echo "Creating daily log cleanup cron job..."
|
||||||
|
cat > /etc/cron.daily/synterloper-cleanup <<EOF
|
||||||
|
#!/bin/sh
|
||||||
|
find "${LOG_DIR}" -name "*.pcap" -type f -mtime +${RETENTION_DAYS} -delete
|
||||||
|
EOF
|
||||||
|
chmod +x /etc/cron.daily/synterloper-cleanup
|
||||||
|
|
||||||
|
# Copy self to a system path for easy uninstallation
|
||||||
|
echo "Copying script to ${INSTALL_PATH} for future management."
|
||||||
|
cp -- "$0" "${INSTALL_PATH}"
|
||||||
|
chmod +x "${INSTALL_PATH}"
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "--- SYNterloper Setup Complete ---"
|
||||||
|
}
|
||||||
|
|
||||||
|
uninstall_synterloper() {
|
||||||
|
if [ "$(id -u)" -ne 0 ]; then
|
||||||
|
echo "Error: Uninstallation must be run as root." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Starting SYNterloper uninstallation..."
|
||||||
|
|
||||||
|
OS_TYPE=$(uname)
|
||||||
|
if [ "${OS_TYPE}" = "Linux" ]; then
|
||||||
|
echo "Stopping and disabling systemd service..."
|
||||||
|
systemctl stop synterloper.service
|
||||||
|
systemctl disable synterloper.service
|
||||||
|
rm -f /etc/systemd/system/synterloper.service
|
||||||
|
systemctl daemon-reload
|
||||||
|
elif [ "${OS_TYPE}" = "FreeBSD" ]; then
|
||||||
|
echo "Stopping and disabling rc.d service..."
|
||||||
|
if [ -f /usr/local/etc/rc.d/synterloper ]; then
|
||||||
|
service synterloper stop
|
||||||
|
fi
|
||||||
|
sysrc -x synterloper_enable synterloper_port synterloper_logdir synterloper_rotate_sec synterloper_snaplen
|
||||||
|
rm -f /usr/local/etc/rc.d/synterloper
|
||||||
|
fi
|
||||||
|
echo "Service has been removed."
|
||||||
|
|
||||||
|
echo "Removing cleanup cron job..."
|
||||||
|
rm -f /etc/cron.daily/synterloper-cleanup
|
||||||
|
|
||||||
|
echo "Removing log directory: ${LOG_DIR}"
|
||||||
|
rm -rf "${LOG_DIR}"
|
||||||
|
|
||||||
|
echo "Removing management script: ${INSTALL_PATH}"
|
||||||
|
rm -f "${INSTALL_PATH}"
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "--- Uninstallation Complete ---"
|
||||||
|
}
|
||||||
|
|
||||||
|
# --- Main Execution Logic ---
|
||||||
|
case "$1" in
|
||||||
|
install|'')
|
||||||
|
install_synterloper
|
||||||
|
;;
|
||||||
|
uninstall)
|
||||||
|
uninstall_synterloper
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 [install|uninstall]"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
Loading…
Add table
Add a link
Reference in a new issue