Merge pull request #122 from rocknsm/devel

ROCK 2.0 (1703) Final Release

Author: dcode

.gitignore

@@ -1,4 +1,22 @@
-tmp/
+*#
+*.iso
+*.pcap
+*.retry
+*.un~
+*~
+.#*
+.*.sw[a-z]
+.DS_Store
+.bundle/*
+.kitchen
+.kitchen.local.yml
+.kitchen/
 .vagrant
+/cookbooks
+Berksfile.lock
+Gemfile.lock
 Vagrantfile.vmware
-*.pcap
+\#*#
+pkg/
+repo/
+tmp/

README.md

@@ -1,28 +1,35 @@
 ## Response Operation Collections Kit Reference Build
 
-This build was created and tested using CentOS 7.2. I pretty much guarantee that it won't work with anything else other than RHEL 7.  Unless you have an operational need, I would suggest basing your system off of CentOS 7.2 (build 1511), as that is where the bulk of the testing of this has happened.
+See the [ROCK 2.0 User Guide](https://rocknsm.gitbooks.io/rocknsm-guide/content/).
+
+
+This build was created and tested using CentOS 7.3. I pretty much guarantee that it won't work with anything else other than RHEL 7.  Unless you have an operational need, I would suggest basing your system off of CentOS 7.3 (build 1611), as that is where the bulk of the testing of this has happened.
 
 **BE ADVISED:**  This build process takes 3-10 minutes depending on your underlying hardware.  There will be times where it seems like it quit.  Be patient.  You'll know when it's done, for better or worse.
 
+### Differences in ROCK 2.0
+
+See [Getting Started with ROCK 2.0](docs/guide/getting-started.adoc).
+
 ### Vagrant
-**NOTE:**   
+**NOTE:**
 This Vagrantfile is configured to give the VM 8GB of RAM.  If your system can't do that you should buy a new system or adjust the `vm.memory` value.  Anything below 8 is going to run like poopoo. You will also need to have a host-only adapter configured named `vboxnet0`.
 ``` 
-git clone https://github.com/CyberAnalyticDevTeam/SimpleRock.git
-cd SimpleRock
+git clone https://github.com/rocknsm/rock.git
+cd rock
 vagrant up
 ```
 
 ### Physical/Virtual/Non-Vagrant
 **NOTE:**   
-The system you run this on should have at least 2 network interfaces and more than 4GB of RAM, with an OS (RHEL or CentOS 7) already installed.
+The system you run this on should have at least 2 network interfaces and more than 8GB of RAM, with an OS (RHEL or CentOS 7) already installed.
 ```
-yum update -y && reboot
-sudo rpm -Uvh https://packages.chef.io/stable/el/7/chef-12.9.38-1.el7.x86_64.rpm
-sudo yum install git -y
-git clone https://github.com/CyberAnalyticDevTeam/SimpleRock.git
-cd SimpleRock
-sudo chef-client -z -r "recipe[simplerock]"
+sudo yum update -y && reboot
+sudo yum install -y epel-release
+sudo yum install -y git ansible
+git clone https://github.com/rocknsm/rock.git
+cd rock/ansible
+sudo ./deploy_rock.sh
 ```
 
 ## Minimum Hardware Recommendations 
@@ -39,7 +46,6 @@ sudo chef-client -z -r "recipe[simplerock]"
 *  Network
   *  The system needs at least 2 network interfaces, one for management and one for collection.
 
-
 **GOLDEN RULE:** If you throw hardware at it, ROCK will use it.  It will require some tuning to do so, but we'll be documenting that soon enough.
 
 ## Usage
@@ -159,25 +165,21 @@ sudo netstat -planet | grep node
 
 IPADDRESS = The management interface of the box, or "localhost" if you did the vagrant build.
 
-http://IPADDRESS - Kibana & Marvel
-
-http://IPADDRESS/_plugin/hq - Elastic HQ (To watch the health of elasticsearch.)
+http://IPADDRESS - Kibana
 
-http://IPADDRESS/_plugin/sql - Query your ES data with SQL.   
-**NOTE:** When using the elasticsearch-sql plugin, you must set the address of your ES node in the upper right to `http://IPADDRESS:9200/`.
 
 ## Full Packet Capture
 
 Google's Stenographer is installed and configured in this build.  However, it is disabled by default.  There are a few reasons for this: First, it can be too much for Vagrant builds on meager hardware.  Second, you really need to make sure you've mounted /data over sufficient storage before you start saving full packets.  Once you're ready to get nuts, enable and start the service with `systemctl enable stenographer.service` and then `systemctl start stenographer.service`.  Stenographer is already stubbed into the `/usr/local/bin/rock_{start,stop,status}` scripts, you just need to uncomment it if you're going to use it. 
 
 ## THANKS
 
-This architecture is made possible by the efforts of the Missouri National Guard Cyber Team, and especially Critical Stack and BroEZ for donating talent and resources to further development.
+This architecture is made possible by the efforts of the Missouri National Guard Cyber Team for donating talent and resources to further development.
 
 
 ## Approach
-   
-The Chef recipe that drives this build strives not to use external recipes and cookbooks where possible.  The reasoning behind this is to make the simplerock recipe a "one-stop" reference for a manual build.  This allows users to use the build process as a guide when doing larger scale production roll outs without having to decypher a labrynth of dependencies.
+
+The Ansible playbook that drives this build strives not to use any external roles or other dependencies. The reasoning behind this is to make the rock playbook a "one-stop" reference for a manual build. This allows users to use the build process as a guide when doing larger scale production roll outs without having to decipher a labyrinth of dependencies.
 
 Templated config files have comment sections added near key config items with useful info.  They don't all have it, but they get added as remembered.
 

TODO.md

@@ -2,34 +2,57 @@
 # vi: set ft=ruby :
 
 Vagrant.configure(2) do |config|
-  #config.vm.box = "relativkreativ/centos-7-minimal"
-  config.vm.box = "bento/centos-7.2"
+  config.vm.box = "bento/centos-7.3"
+
   config.ssh.forward_agent = true
   config.ssh.username = 'vagrant'
   config.ssh.password = 'vagrant'
-  config.vm.network "forwarded_port", guest: 5601, host: 5601
-  config.vm.network "forwarded_port", guest: 9200, host: 9200
-  config.vm.network "forwarded_port", guest: 80, host: 8080
+
+
+  # Configure overall network interfaces
+  #config.vm.network "public_network", bridge: "en4: Apple USB Ethernet Adapter", auto_config: false
+  config.vm.network "public_network", bridge: "en0: Wi-Fi", auto_config: false
+  #config.vm.network "private_network", auto_config: false
+
   config.vm.provider "virtualbox" do |vb|
-    vb.memory = 8192
+    vb.memory = 8704
     vb.cpus   = 4
     vb.customize ["modifyvm", :id, "--nic1", "nat"]
     vb.customize ["modifyvm", :id, "--nic2", "hostonly"]
     vb.customize ["modifyvm", :id, "--hostonlyadapter2", "vboxnet0"]
     vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-vms"]
+
+    # Forward exposed service ports - these are directly accesible on vmware
+    #config.vm.network "forwarded_port", guest: 80, host: 8000
   end
 
-  #config.vm.provision "shell", inline: <<-SHELL
-     #hostnamectl set-hostname simplerockbuild.simplerock.lan
-     #echo -e "127.0.0.2\tsimplerockbuild.simplerock.lan\tsimplerockbuild" >> /etc/hosts
-#SHELL
-
-  config.vm.provision "chef_solo" do |chef|
-    chef.log_level = "info"
-    #chef.version = "12.3.0"
-    chef.cookbooks_path = "cookbooks" # path to your cookbooks
-    #chef.roles_path = "roles"
-    chef.add_recipe "simplerock"
-    #chef.node_name = "simplerockbuild"
+  config.vm.provider "vmware_fusion" do |v|
+    v.vmx["memsize"] = 8704
+    v.vmx["numvcpus"] = 8
+    v.vmx["ethernet1.noPromisc"]  = "false"
+    v.vmx["ethernet2.noPromisc"]  = "false"
+
+    # Ensure vmware-tools are auto-updated when we update the kernel
+    config.vm.provision "shell", inline: <<-SHELL
+      sed -i.bak 's/answer AUTO_KMODS_ENABLED_ANSWER no/answer AUTO_KMODS_ENABLED_ANSWER yes/g' /etc/vmware-tools/locations
+      sed -i 's/answer AUTO_KMODS_ENABLED no/answer AUTO_KMODS_ENABLED yes/g' /etc/vmware-tools/locations
+    SHELL
   end
+
+  # ansible required for ROCK 2.0 deployment
+  # git required to clone ROCK repo
+  # vim & tmux because of my sanity
+  config.vm.provision "shell", inline: <<-SHELL
+    yum -y install epel-release
+    sed -i 's/^mirrorlist/#mirrorlist/; s/^#baseurl/baseurl/' /etc/yum.repos.d/{CentOS-Base.repo,epel.repo}
+    yum -y update
+    yum -y install ansible vim git tmux
+  SHELL
+
+  # Enable selinux
+  config.vm.provision "shell", inline: <<-SHELL
+    sed -i 's/^SELINUX=.*/SELINUX=enforcing/' /etc/selinux/config
+    setenforce 1
+  SHELL
+
 end