strongdm · devlucassantos · Mar 10, 2022 · Feb 24, 2022 · Feb 24, 2022 · Feb 25, 2022
diff --git a/Gemfile b/Gemfile
@@ -5,6 +5,7 @@ source 'https://rubygems.org'
 git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
 
 gem 'fluent'
+gem 'fluentd'
 gem 'fluent-plugin-rewrite-tag-filter'
 gem 'fluent-plugin-s3'
 gem 'fluent-plugin-cloudwatch-logs'

diff --git a/ami-cloud-init-user-data.sh b/ami-cloud-init-user-data.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+apt install --yes curl
+curl -O https://raw.githubusercontent.com/strongdm/log-export-container/feat/ansible/setup-ansible-and-lec.sh
+chmod +x setup-ansible-and-lec.sh
+curl -O https://raw.githubusercontent.com/strongdm/log-export-container/feat/ansible/lec-playbook.yml
+curl -o env-file https://raw.githubusercontent.com/strongdm/log-export-container/feat/ansible/env-file.example
+./setup-ansible-and-lec.sh
diff --git a/ami-variables-user-data.sh.example b/ami-variables-user-data.sh.example
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+echo "LOG_EXPORT_CONTAINER_OUTPUT=mongo" >> /etc/sysconfig/log-export-container
+echo "MONGO_URI=mongodb://username:[email protected]" >> /etc/sysconfig/log-export-container
+
+# Needed for applying the new variables configured above
+systemctl restart log-export-container
diff --git a/build-utils/clean-up-credentials.sh b/build-utils/clean-up-credentials.sh
@@ -0,0 +1,5 @@
+sed -i 's/#PermitRootLogin.\+/PermitRootLogin without-password/g' /etc/ssh/sshd_config
+passwd -l root
+shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
+sed -i 's/#UseDNS.\+/UseDNS no/g' /etc/ssh/sshd_config
+rm /root/.ssh/authorized_keys
diff --git a/build-utils/install-fluentd-dependencies-ubuntu.sh b/build-utils/install-fluentd-dependencies-ubuntu.sh
@@ -0,0 +1 @@
+apt install --yes build-essential zlib1g
diff --git a/build-utils/install-ruby-dependencies.sh b/build-utils/install-ruby-dependencies.sh
@@ -0,0 +1,3 @@
+apt install --yes ruby-dev
+gem install bundler -v '~> 2.3.3'
+bundle install
diff --git a/build-utils/install-sdm-cli.sh b/build-utils/install-sdm-cli.sh
@@ -0,0 +1,8 @@
+apt update
+apt install --yes curl
+curl -J -O -L https://app.strongdm.com/releases/cli/linux
+
+unzip -x sdm*.zip
+rm sdm*.zip
+mkdir /home/fluent
+mv sdm /home/fluent/
diff --git a/build-utils/log-export-container.service b/build-utils/log-export-container.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=log export container daemon
+After=network.target
+
+[Service]
+EnvironmentFile=-/etc/sysconfig/log-export-container
+WorkingDirectory=/opt/log-export-container
+ExecStart=/opt/log-export-container/start.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/build-utils/setup-os-ubuntu.sh b/build-utils/setup-os-ubuntu.sh
@@ -0,0 +1,5 @@
+apt update
+ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
+export DEBIAN_FRONTEND=noninteractive
+apt-get install -y tzdata
+dpkg-reconfigure --frontend noninteractive tzdata
diff --git a/env-file.example b/env-file.example
@@ -0,0 +1,3 @@
+FLUENTD_DIR=fluentd
+LOG_EXPORT_CONTAINER_INPUT=syslog-json
+LOG_EXPORT_CONTAINER_OUTPUT=stdout
diff --git a/lec-playbook.yml b/lec-playbook.yml
@@ -0,0 +1,66 @@
+---
+  - name: "Installing Log Export Container with Ansible"
+    hosts: localhost
+    connection: local
+
+    tasks:
+
+    - name: Install Git
+      shell: apt install --yes git
+
+    - name: Clone Log Export Container
+      shell: git clone https://github.com/strongdm/log-export-container.git /opt/log-export-container/
+
+    - name: Update PATH variable
+      shell: export PATH=/home/fluent:$PATH
+
+    - name: Modify install-dependencies.sh permissions
+      file: dest=/opt/log-export-container/build-utils owner=root group=root mode=777 recurse=yes
+
+    - name: Configure Ubuntu
+      shell: /opt/log-export-container/build-utils/setup-os-ubuntu.sh
+
+    - name: Install Ubuntu packages
+      shell: /opt/log-export-container/build-utils/install-fluentd-dependencies-ubuntu.sh
+
+    - name: Install Ruby and Gem dependencies
+      shell: /opt/log-export-container/build-utils/install-ruby-dependencies.sh
+      args:
+        chdir: /opt/log-export-container
+
+    - name: Install StrongDM CLI
+      shell: /opt/log-export-container/build-utils/install-sdm-cli.sh
+
+    - name: Modify start.sh permissions
+      ansible.builtin.file:
+        path: /opt/log-export-container/start.sh
+        owner: root
+        group: root
+        mode: '777'
+
+    - name: Create /etc/sysconfig directory if it does not exist
+      ansible.builtin.file:
+        path: /etc/sysconfig
+        state: directory
+        mode: '777'
+
+    - name: Copy Log Export Container env file
+      ansible.builtin.copy:
+        src: env-file
+        dest: /etc/sysconfig/log-export-container
+        mode: '777'
+
+    - name: Copy Log Export Container service file
+      ansible.builtin.copy:
+        src: /opt/log-export-container/build-utils/log-export-container.service
+        dest: /etc/systemd/system/
+        mode: '777'
+
+    - name: Enable and start Log Export Container service
+      shell: systemctl enable log-export-container.service && systemctl start log-export-container.service
+
+    - name: Copy clean-up-credentials.sh script
+        ansible.builtin.copy:
+          src: /opt/log-export-container/build-utils/clean-up-credentials.sh
+          dest: /
+          mode: '777'
diff --git a/setup-ansible-and-lec.sh b/setup-ansible-and-lec.sh
@@ -0,0 +1,5 @@
+apt update
+apt install --yes software-properties-common
+add-apt-repository --yes --update ppa:ansible/ansible
+apt install --yes ansible
+ansible-playbook lec-playbook.yml