Merge pull request #3100 from Security-Onion-Solutions/kilo

Add so-preflight + usage to so-monitor-add, fix managersearch missing from so-rule

salt/common/tools/sbin/so-monitor-add

@@ -2,4 +2,22 @@
 
 . /usr/sbin/so-common
 
+usage() {
+  read -r -d '' message <<- EOM
+		usage: so-monitor-add [-h] NIC
+
+    positional arguments:
+      NIC           The interface to add to the monitor bond (ex: eth2)
+
+    optional arguments:
+      -h, --help    Show this help message and exit
+	EOM
+  echo "$message"
+  exit 1
+}
+
+if [[ $# -eq 0 || $# -gt 1 ]] || [[ $1 == '-h' || $1 == '--help' ]]; then
+  usage
+fi
+
 add_interface_bond0 "$1"

salt/common/tools/sbin/so-rule

@@ -58,7 +58,7 @@ def check_apply(args: dict, prompt: bool = True):
 
 
 def find_minion_pillar() -> str:
-  regex = '^.*_(manager|standalone|import|eval)\.sls$'
+  regex = '^.*_(manager|managersearch|standalone|import|eval)\.sls$'
   
   result = []
   for root, _, files in os.walk(minion_pillar_dir):
@@ -67,7 +67,7 @@ def find_minion_pillar() -> str:
         result.append(os.path.join(root, f_minion_id))
   
   if len(result) == 0:
-    print_err('Could not find manager-type pillar (eval, standalone, manager, import). Are you running this script on the manager?')
+    print_err('Could not find manager-type pillar (eval, standalone, manager, managersearch, import). Are you running this script on the manager?')
     sys.exit(3)
   elif len(result) > 1:
     res_str = ', '.join(f'\"{result}\"')

setup/so-functions

@@ -905,9 +905,10 @@ detect_cloud() {
 }
 
 detect_os() {
+	local log=${1:-${setup_log}}
 
 	# Detect Base OS
-	echo "Detecting Base OS" >> "$setup_log" 2>&1
+	echo "Detecting Base OS" >> "$log" 2>&1
 	if [ -f /etc/redhat-release ]; then
 		OS=centos
 		if grep -q "CentOS Linux release 7" /etc/redhat-release; then
@@ -937,7 +938,7 @@ detect_os() {
 		exit 1
 	fi
 
-	echo "Found OS: $OS $OSVER" >> "$setup_log" 2>&1
+	echo "Found OS: $OS $OSVER" >> "$log" 2>&1
 
 }
 

setup/so-preflight

@@ -0,0 +1,137 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+source ../salt/common/tools/sbin/so-common
+source ./so-functions
+
+preflight_log='/root/preflight.log'
+
+check_default_repos() {
+	local ret_code=0
+
+	printf '  Checking OS default repos with ' | tee -a "$preflight_log"
+	if [[ $OS == 'centos' ]]; then
+		printf '%s' 'yum update.' | tee -a "$preflight_log"
+		echo "" >> "$preflight_log"
+		yum -y update >> $preflight_log 2>&1
+		ret_code=$?
+	else
+		printf '%s' 'apt update.' | tee -a "$preflight_log"
+		echo "" >> "$preflight_log"
+		retry 50 10 "apt-get -y update" >> $preflight_log 2>&1
+		ret_code=$?
+	fi
+
+	[[ $ret_code == 0 ]] && printf '%s\n' '  SUCCESS' || printf '%s\n' '  FAILURE'
+	return $ret_code
+}
+
+check_new_repos() {
+	printf '  Checking repo URLs added by setup.' | tee -a "$preflight_log"
+
+	if [[ $OS == 'centos' ]]; then
+		local repo_arr=( 
+			"https://download.docker.com/linux/centos/docker-ce.repo"
+			"https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.2/SALTSTACK-GPG-KEY.pub"
+			"https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub"
+			"https://download.docker.com/linux/ubuntu/gpg"
+			"https://packages.wazuh.com/key/GPG-KEY-WAZUH"
+			"https://packages.wazuh.com/3.x/yum/"
+			)
+	else
+		local ubuntu_version
+		ubuntu_version=$(grep VERSION_ID /etc/os-release 2> /dev/null | awk -F '[ "]' '{print $2}')
+		if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi
+		local repo_arr=(
+			"https://download.docker.com/linux/ubuntu/gpg"
+			"https://download.docker.com/linux/ubuntu"
+			"https://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub"
+			"https://packages.wazuh.com/key/GPG-KEY-WAZUH"
+			"https://packages.wazuh.com"
+		)
+	fi
+
+	__check_url_arr "${repo_arr[@]}"
+	local ret_code=$?
+	[[ $ret_code == 0 ]] && printf '%s\n' '  SUCCESS' || printf '%s\n' '  FAILURE'
+	return $ret_code
+}
+
+check_misc_urls() {
+	printf '  Checking various other URLs used by setup.' | tee -a "$preflight_log"
+
+	local so_version=$(cat ../VERSION)
+	local url_arr=(
+		"https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS"
+		"https://github.com/Neo23x0/signature-base"
+		"https://sigs.securityonion.net/$so_version/securityonion-$so_version.iso.sig"
+		"https://ghcr.io/"
+		"https://rules.emergingthreats.net/open/"
+		"https://rules.emergingthreatspro.com/"
+	)
+
+	__check_url_arr "${url_arr[@]}"
+	local ret_code=$?
+	[[ $ret_code == 0 ]] && printf '%s\n' '  SUCCESS' || printf '%s\n' '  FAILURE'
+	return $ret_code
+}
+
+__check_url_arr() {
+	local ret_code=0
+	echo "" >> "$preflight_log"
+	for url in "$@"; do
+		local status
+		status=$(curl -s -o /dev/null -w "%{http_code}" -L "$url" 2> /dev/null)
+		local ret=$?
+		if [[ $ret == 0 ]]; then
+			printf '%s' "    - Successfully reached $url" >> "$preflight_log"
+			if [[ $status -ge 400 ]]; then
+				printf '%s\n' " but server responded with error code $status" >> "$preflight_log"
+			else
+				printf '\n' >> "$preflight_log"
+			fi
+		else
+			ret_code=1
+			echo "    - [ERROR]: Could not reach $url" >> "$preflight_log"
+		fi
+	done
+	echo "" >> "$preflight_log"
+	return $ret_code
+}
+
+main() {
+	detect_os "$preflight_log"
+
+	[[ -f $preflight_log ]] || touch "$preflight_log"
+	echo "Beginning pre-flight checks." | tee "$preflight_log"
+	check_default_repos &&\
+	check_new_repos &&\
+	check_misc_urls
+
+	local success=$?
+	
+	echo ""
+	if [[ $success == 0 ]]; then
+		echo -e "Pre-flight checks completed successfully!\n" | tee -a "$preflight_log"
+	else
+		echo -e "Pre-flight checks could not complete." | tee -a "$preflight_log"
+		echo -e "  Check $preflight_log for details.\n"
+		exit 1
+	fi
+}
+
+main