lids/install.sh at main · Yescrypt/lids · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
#!/bin/bash
# ─────────────────────────────────────────────
#   LIDS - Linux Intrusion Detection System
#   Installer
# ─────────────────────────────────────────────

set -e

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
CYAN='\033[0;36m'
BOLD='\033[1m'
NC='\033[0m'

LIDS_DIR="/opt/lids"
LIDS_CONF="/etc/lids"
LIDS_LOG="/var/log/lids"
API_URL="https://lids.yescrypt.uz"
SERVICE_FILE="/etc/systemd/system/lids.service"


echo ""
echo -e "${CYAN}${BOLD}"
echo "                             ██╗     ██╗██████╗ ███████╗"
echo "                             ██║     ██║██╔══██╗██╔════╝"
echo "                             ██║     ██║██║  ██║███████╗"
echo "                             ██║     ██║██║  ██║╚════██║"
echo "                             ███████╗██║██████╔╝███████║"
echo "                             ╚══════╝╚═╝╚═════╝ ╚══════╝"
echo -e "${NC}"
echo -e "                        ${CYAN}${BOLD}  Linux Intrusion Detection System${NC}"
echo -e "  ${CYAN}${NC}GitHub:${NC}${CYAN} https://github.com/Yescrypt/lids${NC}  ${YELLOW}|${NC}  Yordam TG: ${CYAN}https://t.me/anonim_xatbot${NC}"

echo -e "  ${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo ""

# Root check
if [[ $EUID -ne 0 ]]; then
    echo -e "${RED}[!] Run as root: sudo bash ./install.sh${NC}"
    exit 1
fi

# Detect OS
detect_os() {
    if command -v apt &>/dev/null; then
        PKG_MANAGER="apt"
        OS_TYPE="debian"
    elif command -v pacman &>/dev/null; then
        PKG_MANAGER="pacman"
        OS_TYPE="arch"
    else
        echo -e "${RED}[!] Unsupported OS${NC}"
        exit 1
    fi
    echo -e "${GREEN}[✓] Detected OS: $OS_TYPE (${PKG_MANAGER})${NC}"
}

# Install dependencies
install_deps() {
    echo -e "${YELLOW}[*] Installing dependencies...${NC}"
    if [[ "$PKG_MANAGER" == "apt" ]]; then
        apt-get update -qq
        apt-get install -y python3 python3-pip rkhunter chkrootkit iproute2 ufw 2>/dev/null || true
    elif [[ "$PKG_MANAGER" == "pacman" ]]; then
        pacman -Sy --noconfirm python python-pip rkhunter iproute2 ufw 2>/dev/null || true
    fi
    pip3 install requests --break-system-packages -q 2>/dev/null || pip3 install requests -q
    echo -e "${GREEN}[✓] Dependencies installed${NC}"
}

# Get user input
get_input() {
    echo ""
    echo -e "${BOLD}Setup${NC}"
    echo "────────────────────────────"

    read -p "  Hostname label [$(hostname)]: " HOST_LABEL
    HOST_LABEL=${HOST_LABEL:-$(hostname)}

    read -p "  OS name [Kali / Parrot / Arch]: " OS_NAME
    OS_NAME=${OS_NAME:-$(cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2 | tr -d '"')}

    read -p "  Telegram User ID: " TG_USER_ID
    if [[ -z "$TG_USER_ID" ]]; then
        echo -e "${RED}[!] Telegram User ID required${NC}"
        exit 1
    fi

    echo ""
    echo -e "${YELLOW}[*] Registering agent...${NC}"
}

# Register with API
register_agent() {
    RESPONSE=$(curl -s -X POST "$API_URL/api/register" \
        -H "Content-Type: application/json" \
        -H "X-Lids-Agent: yes" \
        -d "{
            \"hostname\": \"$HOST_LABEL\",
            \"os\": \"$OS_NAME\",
            \"kernel\": \"$(uname -r)\",
            \"ip\": \"$(hostname -I | awk '{print $1}')\",
            \"telegram_user_id\": \"$TG_USER_ID\"
        }" 2>/dev/null)

    AGENT_ID=$(echo "$RESPONSE" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('agent_id',''))" 2>/dev/null)
    AUTH_KEY=$(echo "$RESPONSE" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('auth_key',''))" 2>/dev/null)

    if [[ -z "$AGENT_ID" ]]; then
        echo -e "${RED}[!] Royxatdan otish xato.${NC}"
        echo -e "${RED}    Server javobi: $RESPONSE${NC}"
        echo -e "${YELLOW}    Tekshiring: API URL togri? Internet bor?${NC}"
        exit 1
    fi
    echo -e "${GREEN}[✓] Registered. Agent ID: $AGENT_ID${NC}"
}

# Install files
install_files() {
    echo -e "${YELLOW}[*] Installing LIDS...${NC}"

    mkdir -p "$LIDS_DIR" "$LIDS_CONF" "$LIDS_LOG"
    cp -r ./agent/* "$LIDS_DIR/"

    cat > "$LIDS_CONF/lids.conf" <<EOF
{
    "api_url": "$API_URL",
    "agent_id": "$AGENT_ID",
    "auth_key": "$AUTH_KEY",
    "hostname": "$HOST_LABEL",
    "scan_interval": 30,
    "whitelist_ports": [80, 443, 22, 53],
    "whitelist_processes": ["nmap", "netcat", "nc", "msfconsole"],
    "whitelist_ips": [],
    "log_level": "INFO"
}
EOF

    chmod 600 "$LIDS_CONF/lids.conf"
    echo -e "${GREEN}[✓] Files installed${NC}"
}

# Create systemd service
install_service() {
    cat > "$SERVICE_FILE" <<EOF
[Unit]
Description=LIDS - Linux Intrusion Detection System
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/bin/python3 $LIDS_DIR/lids_agent.py
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF

    systemctl daemon-reload
    systemctl enable lids
    systemctl start lids
    echo -e "${GREEN}[✓] LIDS service started${NC}"
}

# ── Main ──────────────────────────────────────
detect_os
install_deps
get_input
register_agent
install_files
install_service

echo ""
echo -e "  ${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo -e "  ${GREEN}${BOLD}✅  LIDS muvaffaqiyatli o'rnatildi!${NC}"
echo ""
echo -e "  ${BOLD}Nazorat qilinadi:${NC}"
echo -e "  ${GREEN}✓${NC}  Portlar        — yangi ochilgan portlar"
echo -e "  ${GREEN}✓${NC}  SSH            — zaif konfiguratsiya, brute force"
echo -e "  ${GREEN}✓${NC}  Backdoor       — reverse shell, cron, SUID, webshell"
echo -e "  ${GREEN}✓${NC}  Jarayonlar     — miner, C2, /tmp executable"
echo -e "  ${GREEN}✓${NC}  Loglar         — brute force, root login, sudo abuse"
echo -e "  ${GREEN}✓${NC}  Malware        — rkhunter, chkrootkit"
echo ""
echo -e "  ${BOLD}Buyruqlar:${NC}"
echo -e "  Status   : ${CYAN}systemctl status lids${NC}"
echo -e "  Loglar   : ${CYAN}tail -f /var/log/lids/lids.log${NC}"
echo -e "  Config   : ${CYAN}$LIDS_CONF/lids.conf${NC}"
echo -e "  Restart  : ${CYAN}systemctl restart lids${NC}"
echo -e "  O'chirish: ${CYAN}sudo bash uninstall.sh${NC}"
echo ""
echo -e "  ${BOLD}Telegram:${NC}"
echo -e "  Alertlar ${BOLD}${TG_USER_ID}${NC} ga yuboriladi"
echo -e "  Bot: ${CYAN}@lids_osf_bot${NC}"
echo ""
echo -e "  ${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo -e "  ${YELLOW}Telegram da tasdiqlov xabarini tekshiring!${NC}"
echo -e "  ${YELLOW}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo ""

systemctl restart lids 2>/dev/null || true