XDR-2411: add laurel installation steps (#5)

* XDR-2411: add laurel installation steps * XDR-2411: fix repo url * XDR-2411: add plugin.d OS * XDR-2411: remove pkill restart
armor · Apr 19, 2022 · d625291 · d625291
1 parent 5807976
commit d625291
Showing 1 changed file with 62 additions and 1 deletion.
diff --git a/.tools/autoinstall b/.tools/autoinstall
@@ -114,6 +114,61 @@ function install_auditd() {
   esac
 }
 
+function install_laurel() {
+  display_installation_step "Installing Laurel"
+
+  curl -LOs https://github.com/quantum-sec/laurel/releases/download/v0.3.1/laurel-v0.3.1-x86_64-musl.tar.gz
+  trap 'rm laurel-v0.3.1-x86_64-musl.tar.gz' EXIT
+  sudo tar -zxf laurel-v0.3.1-x86_64-musl.tar.gz -C /usr/local/sbin laurel
+  if ! id -u "_laurel" >/dev/null 2>&1; then
+    sudo useradd --system --home-dir /var/log/laurel --create-home _laurel
+  fi
+}
+
+function configure_laurel() {
+  display_installation_step "Configuring Laurel"
+
+  readonly LAUREL_CONFIG_FILE='/etc/laurel/config.toml'
+  sudo mkdir /etc/laurel
+  curl -s https://raw.githubusercontent.com/quantum-sec/laurel/master/etc/laurel/config.toml \
+  | sudo tee "$LAUREL_CONFIG_FILE" > /dev/null
+  sudo sed -i "s/\(read-users *= *\).*/\1\[ \"$(whoami)\" \]/" "$LAUREL_CONFIG_FILE"
+
+  case "$OS_NAME" in
+  Ubuntu)
+    AUDITD_PLUGIN_DIR='/etc/audisp/plugins.d'
+    trap 'sudo chmod 640 $LAUREL_CONFIG_FILE "$AUDITD_PLUGIN_DIR"/laurel.conf; trap - RETURN' RETURN
+    curl -s https://raw.githubusercontent.com/quantum-sec/laurel/master/etc/audit/plugins.d/laurel.conf \
+    | sudo tee "$AUDITD_PLUGIN_DIR"/laurel.conf > /dev/null
+    sudo sed -i '/#dispatcher/s/^#//g' "$AUDITD_CONFIG_FILE"
+    ;;
+  CentOS)
+    AUDITD_PLUGIN_DIR='/etc/audit/plugins.d'
+    trap 'sudo chmod 640 $LAUREL_CONFIG_FILE "$AUDITD_PLUGIN_DIR"/laurel.conf; trap - RETURN' RETURN
+    curl -s https://raw.githubusercontent.com/quantum-sec/laurel/master/etc/audit/plugins.d/laurel.conf \
+    | sudo tee "$AUDITD_PLUGIN_DIR"/laurel.conf > /dev/null
+    sudo sed -i '/#plugin_dir/s/^#//g' "$AUDITD_CONFIG_FILE"
+    ;;
+  esac
+}
+
+function configure_laurel_with_os_specific_config() {
+  #SeLinux
+  case "$OS_NAME" in
+  Ubuntu)
+    ;;
+  CentOS)
+    sudo yum -y install make
+    TEMP_DIR="$(mktemp -d)"
+    trap 'rm -rf "$TEMP_DIR"' EXIT
+    git clone https://github.com/quantum-sec/laurel.git "$TEMP_DIR"/laurel
+    make -C "$TEMP_DIR"/laurel/contrib/selinux
+    sudo semodule -i "$TEMP_DIR"/laurel/contrib/selinux/laurel.pp
+    sudo restorecon -v -R -F /usr/local/sbin/laurel /etc/laurel /var/log/laurel
+    ;;
+  esac
+}
+
 function main() {
   set_os_vars
   check_sudo
@@ -123,6 +178,12 @@ function main() {
   configure_auditd_with_os_specific_config
   enable_newer_auditd_config
   restart_auditd
+  if [ "$1" == '--enable-laurel' ]; then
+    install_laurel
+    configure_laurel
+    configure_laurel_with_os_specific_config
+    restart_auditd
+  fi
 }
 
-main
+main "$1"