#!/bin/bash

echo "[+] Verification des droits d acces a ROOT"
if [ "$EUID" -ne 0 ];then
    echo "Veuillez executer ce script en tant que ROOT"
    exit 1
fi

echo "[+] Regler le redemarrage sur automatique pour eviter les pop ups de redemarrage"
sed -i 's/#$nrconf{restart} = '"'"'i'"'"';/$nrconf{restart} = '"'"'a'"'"';/g' /etc/needrestart/needrestart.conf

echo "[+] Verification des mises a jour"
apt-get update
apt-get full-upgrade -y

echo "[+] Definition du nombre maximum de fichiers pour opensearch"
sysctl -w vm.max_map_count=262144
echo 'vm.max_map_count=262144' >> /etc/sysctl.conf

echo "[+] Installation des depenbdancies"
apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common -y
apt install apt-transport-https uuid-runtime pwgen net-tools gnupg curl dirmngr -y

echo "[+] Installation de MongoDB"
wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | apt-key add -
echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/6.0 main" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list

apt update
apt install -y mongodb-org

echo "[+] Demarrer de Mongod"
systemctl daemon-reload
systemctl enable mongod
systemctl restart mongod
systemctl --type=service --state=active | grep mongod

echo "[+] Desactivation de la prise en charge des pages volumineuses"
cat > /etc/systemd/system/disable-transparent-huge-pages.service <<EOF
Description=Disable Transparent Huge Pages (THP)
DefaultDependencies=no
After=sysinit.target local-fs.target
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'echo never | tee /sys/kernel/mm/transparent_hugepage/enabled > /dev/null'
[Install]
WantedBy=basic.target
EOF

echo "[+] Demarrer de Disable-transparent-huge-pages"
systemctl daemon-reload
systemctl enable disable-transparent-huge-pages.service
systemctl start disable-transparent-huge-pages.service

echo "[+] Creation utilisateur Opensearch"
adduser --system --disabled-password --disabled-login --home /var/empty --no-create-home --quiet --force-badname --group opensearch

echo "[+] Installion Opensearch"
curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | apt-key add -
echo "deb https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" | tee -a /etc/apt/sources.list.d/opensearch-2.x.list

apt update
apt install opensearch=2.5.0

echo "[+] Sauvegarde d opensearch et creation d un nouvel opensearch pour Graylog"
cp /etc/opensearch/opensearch.yml /etc/opensearch/opensearch.yml.bak
rm /etc/opensearch/opensearch.yml
touch /etc/opensearch/opensearch.yml
chown opensearch:opensearch /etc/opensearch/opensearch.yml
chmod 2750 /etc/opensearch/opensearch.yml

cat > /etc/opensearch/opensearch.yml <<EOF
cluster.name: graylog
node.name: ${HOSTNAME}
path.data: /var/lib/opensearch
path.logs: /var/log/opensearch
discovery.type: single-node
#network.host: 0.0.0.0
action.auto_create_index: false
plugins.security.disabled: true
EOF

echo "[+] Demarrer de Opensearch"
systemctl daemon-reload
systemctl enable opensearch.service
systemctl start opensearch.service

echo "[+] Installion Elasticsearch "
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-7.x.list

apt update
apt install elasticsearch=7.10.2

echo "[+] Configuration Elasticsearch"
echo "cluster.name: graylog" | tee /etc/elasticsearch/elasticsearch.yml

echo "[+] Installion Graylog"
wget https://packages.graylog2.org/repo/packages/graylog-5.0-repository_latest.deb
dpkg -i graylog-5.0-repository_latest.deb

apt update
apt install graylog-server -y

echo "[+] Configuration Graylog"
cp /etc/graylog/server/server.conf /etc/graylog/server/server.conf.bak

PASSWORDSECRET=`pwgen -N 1 -s 96`
echo -n "Entrer un mot de passe pour le compte admin de l interface Web : "
read passwd
PASSWORDADMIN=`echo $passwd| tr -d '\n' | sha256sum | cut -d" " -f1`
echo "Le mot de passe genere est : " $PASSWORDSECRET
echo "Le hachage de l administrateur genere est : " $PASSWORDADMIN

echo "[+] Ajustement du fichier de configuration du serveur Graylog"
CONFIGSECRET=`echo "password_secret = "$PASSWORDSECRET`
CONFIGADMIN=`echo "root_password_sha2 = "$PASSWORDADMIN`

echo "[+] Remplacement dans les fichiers de configuration"
sed -r "s/password_secret =/${CONFIGSECRET}/g" -i /etc/graylog/server/server.conf
sed -r "s/root_password_sha2 =/${CONFIGADMIN}/g" -i /etc/graylog/server/server.conf
sed -i 's/#http_bind_address = 127.0.0.1:9000/http_bind_address = 0.0.0.0:9000/g' /etc/graylog/server/server.conf

echo "[+] Desactivation des controles de version de Graylog"
echo "versionchecks = false" >> /etc/graylog/server/server.conf

echo "[+] Demarrer de Graylog"
systemctl daemon-reload
systemctl enable graylog-server.service
systemctl restart graylog-server.service

echo "#######################################################################################"
echo "##                                                                                   ##" 
echo "## Definissez les options de memoire de la JVM pour votre serveur comme suit         ##"
echo "##                                                                                   ##" 
echo "## /etc/default/graylog-server                                                       ##"
echo "## /opt/graylog/opensearch/config/jvm.options.d                                      ##"
echo "##                                                                                   ##" 
echo "## Apres la configuration, redemarrer Opensearch et Graylog                          ##"
echo "##                                                                                   ##" 
echo "#######################################################################################"