Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into dev

.gitignore

@@ -1,2 +1,59 @@
+
+# Created by https://www.gitignore.io/api/macos,windows
+# Edit at https://www.gitignore.io/?templates=macos,windows
+
+### macOS ###
+# General
 .DS_Store
-.idea
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# End of https://www.gitignore.io/api/macos,windows

salt/fleet/init.sls

@@ -13,6 +13,9 @@
   {% set MAINIP = salt['pillar.get']('static:masterip') %}
 {% endif %}
 
+include:
+  - mysql
+
 #{% if grains.id.split('_')|last in ['master', 'eval', 'fleet'] %}
 #so/fleet:
 #  event.send:
@@ -86,6 +89,8 @@ fleetdb:
     - connection_port: 3306
     - connection_user: root
     - connection_pass: {{ MYSQLPASS }}
+    - require: 
+      - sls: mysql
 
 fleetdbuser:
   mysql_user.present:
@@ -95,6 +100,8 @@ fleetdbuser:
     - connection_port: 3306
     - connection_user: root
     - connection_pass: {{ MYSQLPASS }}
+    - require: 
+      - fleetdb
 
 fleetdbpriv:
   mysql_grants.present:
@@ -106,6 +113,8 @@ fleetdbpriv:
     - connection_port: 3306
     - connection_user: root
     - connection_pass: {{ MYSQLPASS }}
+    - require: 
+      - fleetdb
 
 
 {% if FLEETPASS == None or FLEETJWT == None %}

salt/mysql/init.sls

@@ -85,4 +85,9 @@ so-mysql:
       - /opt/so/log/mysql:/var/log/mysql:rw
     - watch:
       - /opt/so/conf/mysql/etc
+  cmd.run:
+    - name: until nc -z {{ MAINIP }} 3306; do sleep 1; done
+    - timeout: 120
+    - onchanges:
+      - docker_container: so-mysql
 {% endif %}

salt/nginx/etc/nginx.conf.so-eval

@@ -146,6 +146,20 @@ http {
 
         }
 
+        location /cyberchef/ {
+          auth_request          /auth/sessions/whoami;
+          proxy_read_timeout    90;
+          proxy_connect_timeout 90;
+          proxy_set_header      Host $host;
+          proxy_set_header      X-Real-IP $remote_addr;
+          proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header      Proxy "";
+        }
+
+        location /cyberchef {
+          rewrite               ^ /cyberchef/ permanent;
+        }
+
         location /packages/ {
           try_files $uri =206;
           auth_request          /auth/sessions/whoami;

salt/nginx/etc/nginx.conf.so-master

@@ -146,6 +146,20 @@ http {
 
         }
 
+        location /cyberchef/ {
+          auth_request          /auth/sessions/whoami;
+          proxy_read_timeout    90;
+          proxy_connect_timeout 90;
+          proxy_set_header      Host $host;
+          proxy_set_header      X-Real-IP $remote_addr;
+          proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header      Proxy "";
+        }
+
+        location /cyberchef {
+          rewrite               ^ /cyberchef/ permanent;
+        }
+
         location /packages/ {
           try_files $uri =206;
           auth_request          /auth/sessions/whoami;

salt/nginx/etc/nginx.conf.so-mastersearch

@@ -146,6 +146,20 @@ http {
 
         }
 
+        location /cyberchef/ {
+          auth_request          /auth/sessions/whoami;
+          proxy_read_timeout    90;
+          proxy_connect_timeout 90;
+          proxy_set_header      Host $host;
+          proxy_set_header      X-Real-IP $remote_addr;
+          proxy_set_header      X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header      Proxy "";
+        }
+
+        location /cyberchef {
+          rewrite               ^ /cyberchef/ permanent;
+        }
+
         location /packages/ {
           try_files $uri =206;
           auth_request          /auth/sessions/whoami;

setup/install_scripts/99-so-checksum-offload-disable

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-if [[ "$DEVICE_IFACE" != "$MAININT" && "$DEVICE_IFACE" != *"docker"* ]]; then
+if [[ "$DEVICE_IFACE" != "$MNIC" && "$DEVICE_IFACE" != *"docker"* ]]; then
 	for i in rx tx sg tso ufo gso gro lro; do
 		ethtool -K "$DEVICE_IFACE" "$i" off;
   	done

setup/public_keys/salt.pem

@@ -0,0 +1,31 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9
+m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW
+tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw
+WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts
+kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA
+gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr
+YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT
+qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q
+WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1
+yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o
+nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU
+4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA
+/NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q
+9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb
+9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx
+uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ
+zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr
+GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E
+PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ
+AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK
+WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4
+vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f
+T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N
+1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx
+fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS
+MA==
+=dtMN
+-----END PGP PUBLIC KEY BLOCK-----

setup/so-common-functions

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+source ./so-variables
+
+# Helper functions
+
+filter_unused_nics() {
+
+	if [[ $MNIC ]]; then local grep_string="$MNIC\|bond0"; else local grep_string="bond0"; fi
+
+	# If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string
+	if [[ $BNICS ]]; then
+		grep_string="$grep_string"
+		for BONDNIC in "${BNICS[@]}"; do
+			grep_string="$grep_string\|$BONDNIC"
+		done
+	fi
+
+	# Finally, set filtered_nics to any NICs we aren't using (and ignore interfaces that aren't of use)
+	filtered_nics=$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string"  | sed 's/ //g')
+	readarray -t filtered_nics <<< "$filtered_nics"
+	
+	nic_list=()
+	for nic in "${filtered_nics[@]}"; do
+		nic_list+=("$nic" "" "OFF")
+	done
+
+	export nic_list
+}
+
+calculate_useable_cores() {
+
+	# Calculate reasonable core usage
+	local cores_for_bro=$(( (num_cpu_cores/2) - 1 ))
+	local lb_procs_round
+	lb_procs_round=$(printf "%.0f\n" $cores_for_bro)
+
+	if [ "$lb_procs_round" -lt 1 ]; then lb_procs=1; else lb_procs=$lb_procs_round; fi
+    export lb_procs
+}
+
+set_defaul_log_size() {
+    local percentage
+
+	case $INSTALLTYPE in
+		EVAL | HEAVYNODE)
+			percentage=50
+			;;
+		*)
+            percentage=80
+			;;
+		esac
+
+	local disk_dir="/"
+	if [ -d /nsm ]; then
+		disk_dir="/nsm"
+	fi
+	local disk_size_1k
+	disk_size_1k=$(df $disk_dir | grep -v "^Filesystem" | awk '{print $2}')
+
+    local ratio="1048576"
+
+    local disk_size_gb
+    disk_size_gb=$( echo "$disk_size_1k" "$ratio" | awk '{print($1/$2)}' )
+
+	log_size_limit=$( echo "$disk_size_gb" "$percentage" | awk '{printf("%.0f", $1 * ($2/100))}')
+	export log_size_limit
+}

setup/so-variables

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//')
+export total_mem
+
+num_cpu_cores=$(nproc)
+export num_cpu_cores
+
+readarray -t cpu_core_list <<< "$(grep "processor" /proc/cpuinfo | grep -v "KVM" | awk '{print $3}')"
+export cpu_core_list
+
+random_uid=$(</dev/urandom tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)
+export random_uid
+
+node_es_port=9200
+export node_es_port
+
+setup_log="/root/sosetup.log"
+export setup_log
+
+filesystem_root=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
+export filesystem_root
+
+mkdir -p /nsm
+filesystem_nsm=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
+export filesystem_nsm
+
+mkdir -p /root/installtmp/pillar/minions
+export temp_install_dir=/root/installtmp
+
+export percentage_str='Getting started'
+
+export DEBIAN_FRONTEND=noninteractive

setup/so-whiptail

@@ -15,20 +15,27 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+source ./so-variables
+source ./so-common-functions
+
+
 whiptail_basic_bro() {
 
+	[ -n "$QUIET" ] && return
+
 	BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \
-  "Enter the number of bro processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3)
+	"Enter the number of bro processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
-
 }
 
 whiptail_basic_suri() {
 
+	[ -n "$QUIET" ] && return
+
 	BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \
-  "Enter the number of Suricata Processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3)
+	"Enter the number of Suricata processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -37,15 +44,26 @@ whiptail_basic_suri() {
 
 whiptail_bro_pins() {
 
-  BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please Select $LBPROCS cores to pin Bro to:" 20 75 12 ${LISTCORES[@]} 3>&1 1>&2 2>&3 )
+	[ -n "$QUIET" ] && return
 
+	local cpu_core_list_whiptail=()
+	for item in "${cpu_core_list[@]}"; do
+		cpu_core_list_whiptail+=("$item" "OFF")
+	done
+
+	BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please select $lb_procs cores to pin Bro to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
+	BROPINS=$(echo "$BROPINS" | tr -d '"')
+
+	IFS=' ' read -ra BROPINS <<< "$BROPINS"
 }
 
 whiptail_bro_version() {
 
+	[ -n "$QUIET" ] && return
+
 	BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)"  ON \
 	"SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3)
 
@@ -56,26 +74,30 @@ whiptail_bro_version() {
 
 whiptail_bond_nics() {
 
-  local nic_list=()
-  for FNIC in ${FNICS[@]}; do
-    nic_list+=($FNIC "Interface" "OFF")
-  done
+	[ -n "$QUIET" ] && return
 
-  BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 ${nic_list[@]} 3>&1 1>&2 2>&3 )
+	filter_unused_nics
+
+	BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
 	while [ -z "$BNICS" ]
 	do
-    BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 ${nic_list[@]} 3>&1 1>&2 2>&3 )
+		BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
 		local exitstatus=$?
 		whiptail_check_exitstatus $exitstatus
 	done
 
+	BNICS=$(echo "$BNICS" | tr -d '"')
+
+	IFS=' ' read -ra BNICS <<< "$BNICS"
 }
 
 whiptail_bond_nics_mtu() {
 
+	[ -n "$QUIET" ] && return
+
 	# Set the MTU on the monitor interface
 	MTU=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter the MTU for the monitor NICs" 10 75 1500 3>&1 1>&2 2>&3)
@@ -89,25 +111,32 @@ whiptail_cancel() {
 
 	whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
 	if [ -d "/root/installtmp" ]; then
-    echo "/root/installtmp exists" >> $SETUPLOG 2>&1
-    install_cleanup >> $SETUPLOG 2>&1
-    echo "/root/installtmp removed" >> $SETUPLOG 2>&1
+		{
+			echo "/root/installtmp exists";
+			install_cleanup;
+			echo "/root/installtmp removed";
+		} >> $setup_log 2>&1
 	fi
 	exit
 
 }
 
 whiptail_check_exitstatus() {
-
-  if [ $1 == '1' ]; then
-    echo "They hit cancel"
+	case $1 in
+		1)
 			whiptail_cancel
-  fi
-
+			;;
+		255)
+			whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75
+			exit
+			;;
+	esac
 }
 
 whiptail_create_admin_user() {
 
+	[ -n "$QUIET" ] && return
+
 	ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
 	"Please enter a username for your new admin user. The onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
 
@@ -115,6 +144,8 @@ whiptail_create_admin_user() {
 
 whiptail_create_admin_user_password1() {
 
+	[ -n "$QUIET" ] && return
+
 	ADMINPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
 	"Enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3)
 
@@ -124,6 +155,8 @@ whiptail_create_admin_user_password1() {
 
 whiptail_create_admin_user_password2() {
 
+	[ -n "$QUIET" ] && return
+
 	ADMINPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
 	"Re-enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3)
 
@@ -134,12 +167,16 @@ whiptail_create_admin_user_password2() {
 
 whiptail_create_soremote_user() {
 
+	[ -n "$QUIET" ] && return
+
 	whiptail --title "Security Onion Setup" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75
 
 }
 
 whiptail_create_soremote_user_password1() {
 
+	[ -n "$QUIET" ] && return
+
 	SOREMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
 	"Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
 
@@ -150,6 +187,8 @@ whiptail_create_soremote_user_password1() {
 
 whiptail_create_soremote_user_password2() {
 
+	[ -n "$QUIET" ] && return	
+
 	SOREMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
 	"Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
 
@@ -160,6 +199,8 @@ whiptail_create_soremote_user_password2() {
 
 whiptail_create_web_user() {
 
+	[ -n "$QUIET" ] && return
+
 	WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \
 	"Please enter an email address to create an administrator account for the web interface." 10 60 3>&1 1>&2 2>&3)
 
@@ -168,11 +209,16 @@ whiptail_create_web_user() {
 }
 
 whiptail_invalid_user_warning() {
+
+	[ -n "$QUIET" ] && return
+	
 	whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
 }
 
 whiptail_create_web_user_password1() {
 
+	[ -n "$QUIET" ] && return
+
 	WEBPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \
 	"Enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
 
@@ -182,6 +228,8 @@ whiptail_create_web_user_password1() {
 
 whiptail_create_web_user_password2() {
 
+	[ -n "$QUIET" ] && return
+
 	WEBPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \
 	"Re-enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
 
@@ -191,11 +239,16 @@ whiptail_create_web_user_password2() {
 }
 
 whiptail_invalid_pass_warning() {
+
+	[ -n "$QUIET" ] && return
+
 	whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75
 }
 
 whiptail_cur_close_days() {
 
+	[ -n "$QUIET" ] && return
+
 	CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 75 $CURCLOSEDAYS 3>&1 1>&2 2>&3)
 
@@ -206,31 +259,48 @@ whiptail_cur_close_days() {
 
 whiptail_dhcp_or_static() {
 
-  ADDRESSTYPE=$(whiptail --title "Security Onion Setup" --radiolist \
+	[ -n "$QUIET" ] && return
+
+	address_type=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Choose how to set up your management interface:" 20 78 4 \
 	"STATIC" "Set a static IPv4 address" ON  \
 	"DHCP" "Use DHCP to configure the Management Interface" OFF 3>&1 1>&2 2>&3 )
-
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
+
+	export address_type
+
 }
 
 whiptail_enable_components() {
+
+	[ -n "$QUIET" ] && return
+
 	COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \
 	"Select Components to install" 20 75 8 \
-  "GRAFANA" "Enable Grafana for system monitoring" ON \
-  "OSQUERY" "Enable Fleet with osquery" ON \
-  "WAZUH" "Enable Wazuh" ON \
-  "THEHIVE" "Enable TheHive" ON \
-  "PLAYBOOK" "Enable Playbook" ON \
-  "STRELKA" "Enable Strelka" ON 3>&1 1>&2 2>&3 )
-
+	GRAFANA "Enable Grafana for system monitoring" ON \
+	OSQUERY "Enable Fleet with osquery" ON \
+	WAZUH "Enable Wazuh" ON \
+	THEHIVE "Enable TheHive" ON \
+	PLAYBOOK "Enable Playbook" ON \
+	STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
+	COMPONENTS=$(echo "$COMPONENTS" | tr -d '"')
+
+	IFS=' ' read -ra COMPONENTS <<< "$COMPONENTS"
+
+	# Set any variables to 1 if they exist in COMPONENTS
+	for component in "${COMPONENTS[@]}"; do
+    	export "$component=1"
+	done
 }
 
 whiptail_eval_adv() {
+
+	[ -n "$QUIET" ] && return
+
 	EVALADVANCED=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Choose your eval install:" 20 75 4 \
 	"BASIC" "Install basic components for evaluation" ON  \
@@ -240,11 +310,17 @@ whiptail_eval_adv() {
 	whiptail_check_exitstatus $exitstatus
 }
 
-whiptail_eval_adv_warning() {
+whiptail_components_adv_warning() {
+
+	[ -n "$QUIET" ] && return
+
 	whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75
 }
 
 whiptail_helix_apikey() {
+
+	[ -n "$QUIET" ] && return
+
 	HELIXAPIKEY=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter your Helix API Key: \n \nThis can be set later using so-helix-apikey" 10 75 3>&1 1>&2 2>&3)
 
@@ -255,36 +331,45 @@ whiptail_helix_apikey() {
 
 whiptail_homenet_master() {
 
-  # Ask for the HOME_NET on the master
+	[ -n "$QUIET" ] && return
+
 	HNMASTER=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
-
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
+	export HNMASTER
 }
 
 whiptail_homenet_sensor() {
 
+	[ -n "$QUIET" ] && return
+
 	# Ask to inherit from master
 	whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Master?" 8 75
 
 	local exitstatus=$?
+
 	if [ $exitstatus == 0 ]; then
-    HNSENSOR=inherit
+		export HNSENSOR=inherit
 	else
 		HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
 		"Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
 		local exitstatus=$?
 		whiptail_check_exitstatus $exitstatus
+
+		export HNSENSOR
+
 	fi
 
 }
 
 whiptail_install_type() {
 
+	[ -n "$QUIET" ] && return
+
 	# What kind of install are we doing?
-  INSTALLTYPE=$(whiptail --title "Security Onion Setup" --radiolist \
+	install_type=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Choose Install Type:" 20 75 13 \
 	"SENSOR" "Create a forward only sensor" ON \
 	"SEARCHNODE" "Add a Search Node with parsing" OFF \
@@ -303,13 +388,20 @@ whiptail_install_type() {
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
+	export install_type
+
+
 }
 
 whiptail_log_size_limit() {
 
-   LOG_SIZE_LIMIT=$(whiptail --title "Security Onion Setup" --inputbox \
+	[ -n "$QUIET" ] && return
+	
+	set_defaul_log_size
+
+	log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \
-  By default, this is set to 80% of the disk space allotted for /nsm." 10 75 $LOG_SIZE_LIMIT 3>&1 1>&2 2>&3)
+	By default, this is set to 80% of the disk space allotted for /nsm." 10 75 "$log_size_limit" 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -318,6 +410,8 @@ whiptail_log_size_limit() {
 
 whiptail_management_interface_dns() {
 
+	[ -n "$QUIET" ] && return
+
 	MDNS=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter your DNS server using space between multiple" 10 60 8.8.8.8 8.8.4.4 3>&1 1>&2 2>&3)
 
@@ -325,6 +419,8 @@ whiptail_management_interface_dns() {
 
 whiptail_management_interface_dns_search() {
 
+	[ -n "$QUIET" ] && return
+
 	MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter your DNS search domain" 10 60 searchdomain.local 3>&1 1>&2 2>&3)
 
@@ -332,6 +428,8 @@ whiptail_management_interface_dns_search() {
 
 whiptail_management_interface_gateway() {
 
+	[ -n "$QUIET" ] && return
+
 	MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter your gateway" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
 
@@ -339,6 +437,8 @@ whiptail_management_interface_gateway() {
 
 whiptail_management_interface_ip() {
 
+	[ -n "$QUIET" ] && return
+
 	MIP=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter your IP address" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
 
@@ -346,6 +446,8 @@ whiptail_management_interface_ip() {
 
 whiptail_management_interface_mask() {
 
+	[ -n "$QUIET" ] && return
+
 	MMASK=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter the bit mask for your subnet" 10 60 24 3>&1 1>&2 2>&3)
 
@@ -353,13 +455,17 @@ whiptail_management_interface_mask() {
 
 whiptail_management_nic() {
 
-  MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 ${NICS[@]} 3>&1 1>&2 2>&3 )
+	[ -n "$QUIET" ] && return
+
+	filter_unused_nics
+
+	MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )	
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
 	while [ -z "$MNIC" ]
 	do
-    MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 ${NICS[@]} 3>&1 1>&2 2>&3 )
+		MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )	
 		local exitstatus=$?
 		whiptail_check_exitstatus $exitstatus
 	done
@@ -368,6 +474,8 @@ whiptail_management_nic() {
 
 whiptail_nids() {
 
+	[ -n "$QUIET" ] && return
+
 	NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Choose which IDS to run:" 20 75 4 \
 	"Suricata" "Suricata 4.X" ON  \
@@ -380,6 +488,8 @@ whiptail_nids() {
 
 whiptail_oinkcode() {
 
+	[ -n "$QUIET" ] && return
+
 	OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter your oinkcode" 10 75 XXXXXXX 3>&1 1>&2 2>&3)
 
@@ -390,7 +500,9 @@ whiptail_oinkcode() {
 
 whiptail_make_changes() {
 
-  whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $INSTALLTYPE. Please hit YES to make changes or NO to cancel." 8 75
+	[ -n "$QUIET" ] && return
+
+	whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please hit YES to make changes or NO to cancel." 8 75
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -399,16 +511,15 @@ whiptail_make_changes() {
 
 whiptail_management_server() {
 
+	[ -n "$QUIET" ] && return
+
 	MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
-  "Enter your Master Server HOSTNAME. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
+	"Enter your Master Server hostname. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
-  # See if it resolves. Otherwise prompt to add to host file
-  TESTHOST=$(host $MSRV)
-
-  if [[ $TESTHOST = *"not found"* ]] || [ -z $TESTHOST ] || [[ $TESTHOST = *"connection timed out"* ]]; then
+	if ! getent hosts "$MSRV"; then
 		add_master_hostfile
 	fi
 
@@ -417,6 +528,8 @@ whiptail_management_server() {
 # Ask if you want to do advanced setup of the Master
 whiptail_master_adv() {
 
+	[ -n "$QUIET" ] && return
+
 	MASTERADV=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Choose what type of master install:" 20 75 4 \
 	"BASIC" "Install master with recommended settings" ON  \
@@ -430,7 +543,9 @@ whiptail_master_adv() {
 # Ask which additional components to install
 whiptail_master_adv_service_brologs() {
 
-  BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 75 12 \
+	[ -n "$QUIET" ] && return
+
+	BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please select Logs to Send:" 24 75 12 \
 	"conn" "Connection Logging" ON \
 	"dce_rpc" "RPC Logs" ON \
 	"dhcp" "DHCP Logs" ON \
@@ -473,10 +588,16 @@ whiptail_master_adv_service_brologs() {
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
+	BLOGS=$(echo "$BLOGS" | tr -d '"')
+
+	IFS=' ' read -ra BLOGS <<< "$BLOGS"
+
 }
 
 whiptail_network_notice() {
 
+	[ -n "$QUIET" ] && return
+
 	whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Hit YES to continue." 8 75
 
 	local exitstatus=$?
@@ -486,6 +607,8 @@ whiptail_network_notice() {
 
 whiptail_node_advanced() {
 
+	[ -n "$QUIET" ] && return
+
 	NODESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
 	"What type of config would you like to use?:" 20 75 4 \
 	"NODEBASIC" "Install Search Node with recommended settings" ON \
@@ -498,7 +621,8 @@ whiptail_node_advanced() {
 
 whiptail_node_es_heap() {
 
-  es_heapsize
+	[ -n "$QUIET" ] && return
+
 	NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
 	"\nEnter ES Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $ES_HEAP_SIZE 3>&1 1>&2 2>&3)
 
@@ -509,7 +633,8 @@ whiptail_node_es_heap() {
 
 whiptail_node_ls_heap() {
 
-  ls_heapsize
+	[ -n "$QUIET" ] && return
+
 	NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
 	"\nEnter LogStash Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $LS_HEAP_SIZE 3>&1 1>&2 2>&3)
 
@@ -520,8 +645,10 @@ whiptail_node_ls_heap() {
 
 whiptail_node_ls_pipeline_worker() {
 
+	[ -n "$QUIET" ] && return
+
 	LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
-  "\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 $CPUCORES 3>&1 1>&2 2>&3)
+	"\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -530,6 +657,8 @@ whiptail_node_ls_pipeline_worker() {
 
 whiptail_node_ls_pipline_batchsize() {
 
+	[ -n "$QUIET" ] && return
+
 	LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
 	"\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
 
@@ -540,6 +669,8 @@ whiptail_node_ls_pipline_batchsize() {
 
 whiptail_node_ls_input_threads() {
 
+	[ -n "$QUIET" ] && return
+
 	LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \
 		"\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)
 
@@ -550,6 +681,8 @@ whiptail_node_ls_input_threads() {
 
 whiptail_node_ls_input_batch_count() {
 
+	[ -n "$QUIET" ] && return
+
 	LSINPUTBATCHCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
 	"\nEnter LogStash Input Batch Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
 
@@ -558,6 +691,10 @@ whiptail_node_ls_input_batch_count() {
 
 }
 
+
+#TODO: helper function to display error message or exit if batch mode
+# exit_if_batch <"Error string"> <Error code (int)>
+
 whiptail_passwords_dont_match() {
 
 	whiptail --title "Security Onion Setup" --msgbox "Passwords don't match. Please re-enter." 8 75
@@ -566,6 +703,8 @@ whiptail_passwords_dont_match() {
 
 whiptail_patch_name_new_schedule() {
 
+	[ -n "$QUIET" ] && return
+
 	PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
 	"What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3)
 
@@ -585,8 +724,10 @@ whiptail_patch_name_new_schedule() {
 
 whiptail_patch_schedule() {
 
-  # What kind of patch schedule are we doing?
-  PATCHSCHEDULE=$(whiptail --title "Security Onion Setup" --radiolist \
+	[ -n "$QUIET" ] && return
+
+	local patch_schedule
+	patch_schedule=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Choose OS patch schedule. This will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 15 75 5 \
 	"Automatic" "Updates installed every 8 hours if available" ON \
 	"Manual" "Updates will be installed manually" OFF \
@@ -596,10 +737,32 @@ whiptail_patch_schedule() {
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
+
+	case $patch_schedule in
+	'New Schedule')
+		whiptail_patch_schedule_select_days
+		whiptail_patch_schedule_select_hours
+		whiptail_patch_name_new_schedule
+		patch_schedule_os_new
+		;;
+	'Import Schedule')
+		whiptail_patch_schedule_import
+		;;
+	'Automatic')
+		PATCHSCHEDULENAME='auto'
+		;;
+	'Manual')
+		PATCHSCHEDULENAME='manual'
+		;;
+	esac
+
+
 }
 
 whiptail_patch_schedule_import() {
 
+	[ -n "$QUIET" ] && return
+
 	unset PATCHSCHEDULENAME
 	PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3)
@@ -619,63 +782,81 @@ whiptail_patch_schedule_import() {
 }
 
 whiptail_patch_schedule_select_days() {
+	
+	[ -n "$QUIET" ] && return
+
 	 # Select the days to patch
-  PATCHSCHEDULEDAYS=($(whiptail --title "Security Onion Setup" --checklist \
+	PATCHSCHEDULEDAYS=$(whiptail --title "Security Onion Setup" --checklist \
 	"Which days do you want to apply OS patches?" 15 75 8 \
-  "Monday" "" OFF \
-  "Tuesday" "" ON \
-  "Wednesday" "" OFF \
-  "Thursday" "" OFF \
-  "Friday" "" OFF \
-  "Saturday" "" OFF \
-  "Sunday" "" OFF 3>&1 1>&2 2>&3 ))
+	Monday "" OFF \
+	Tuesday "" ON \
+	Wednesday "" OFF \
+	Thursday "" OFF \
+	Friday "" OFF \
+	Saturday "" OFF \
+	Sunday "" OFF 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
+
+	PATCHSCHEDULEDAYS=$(echo "$PATCHSCHEDULEDAYS" | tr -d '"')
+
+	IFS=' ' read -ra PATCHSCHEDULEDAYS <<< "$PATCHSCHEDULEDAYS"
+
 }
 
 whiptail_patch_schedule_select_hours() {
+	
+	[ -n "$QUIET" ] && return
+
 	# Select the hours to patch
-  PATCHSCHEDULEHOURS=($(whiptail --title "Security Onion Setup" --checklist \
+	PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \
 	"At which time, UTC, do you want to apply OS patches on the selected days? Hours 12 through 23 can be selected on the next screen." 22 75 13 \
-  "00:00" "" OFF \
-  "01:00" "" OFF \
-  "02:00" "" OFF \
-  "03:00" "" OFF \
-  "04:00" "" OFF \
-  "05:00" "" OFF \
-  "06:00" "" OFF \
-  "07:00" "" OFF \
-  "08:00" "" OFF \
-  "09:00" "" OFF \
-  "10:00" "" OFF \
-  "11:00" "" OFF 3>&1 1>&2 2>&3 ))
+	00:00 "" OFF \
+	01:00 "" OFF \
+	02:00 "" OFF \
+	03:00 "" OFF \
+	04:00 "" OFF \
+	05:00 "" OFF \
+	06:00 "" OFF \
+	07:00 "" OFF \
+	08:00 "" OFF \
+	09:00 "" OFF \
+	10:00 "" OFF \
+	11:00 "" OFF 3>&1 1>&2 2>&3 )
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
 	# Select the hours to patch
-  PATCHSCHEDULEHOURS+=($(whiptail --title "Security Onion Setup" --checklist \
+	PATCHSCHEDULEHOURS+=$(whiptail --title "Security Onion Setup" --checklist \
 	"At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \
-  "12:00" "" OFF \
-  "13:00" "" OFF \
-  "14:00" "" OFF \
-  "15:00" "" ON \
-  "16:00" "" OFF \
-  "17:00" "" OFF \
-  "18:00" "" OFF \
-  "19:00" "" OFF \
-  "20:00" "" OFF \
-  "21:00" "" OFF \
-  "22:00" "" OFF \
-  "23:00" "" OFF 3>&1 1>&2 2>&3 ))
+	12:00 "" OFF \
+	13:00 "" OFF \
+	14:00 "" OFF \
+	15:00 "" ON \
+	16:00 "" OFF \
+	17:00 "" OFF \
+	18:00 "" OFF \
+	19:00 "" OFF \
+	20:00 "" OFF \
+	21:00 "" OFF \
+	22:00 "" OFF \
+	23:00 "" OFF 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
+
+	PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"')
+
+	IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS"
+
 }
 
 whiptail_rule_setup() {
 
+	[ -n "$QUIET" ] && return
+
 	# Get pulled pork info
 	RULESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Which IDS ruleset would you like to use?\n\nThis master server is responsible for downloading the IDS ruleset from the Internet.\n\nSensors then pull a copy of this ruleset from the master server.\n\nIf you select a commercial ruleset, it is your responsibility to purchase enough licenses for all of your sensors in compliance with your vendor's policies." 20 75 4 \
@@ -692,6 +873,8 @@ whiptail_rule_setup() {
 
 whiptail_sensor_config() {
 
+	[ -n "$QUIET" ] && return
+
 	NSMSETUP=$(whiptail --title "Security Onion Setup" --radiolist \
 	"What type of configuration would you like to use?:" 20 75 4 \
 	"BASIC" "Install NSM components with recommended settings" ON \
@@ -704,8 +887,10 @@ whiptail_sensor_config() {
 
 whiptail_set_hostname() {
 
+	[ -n "$QUIET" ] && return
+
 	HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
-  "Enter the Hostname you would like to set." 10 75 $HOSTNAME 3>&1 1>&2 2>&3)
+	"Enter the Hostname you would like to set." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -713,7 +898,7 @@ whiptail_set_hostname() {
 	while [[ "$HOSTNAME" == *'localhost'* ]] ; do
 		whiptail --title "Security Onion Setup" --msgbox "Please choose a hostname that doesn't contain localhost." 8 75
 		HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
-    "Enter the Hostname you would like to set." 10 75 $HOSTNAME 3>&1 1>&2 2>&3)
+		"Enter the Hostname you would like to set." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
 		local exitstatus=$?
 		whiptail_check_exitstatus $exitstatus
 	done
@@ -721,43 +906,58 @@ whiptail_set_hostname() {
 }
 
 whiptail_set_redirect() {
+
+	[ -n "$QUIET" ] && return
+
 	REDIRECTINFO=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Choose the access method for the web interface:" 20 75 4 \
 	"IP" "Use IP to access the web interface" ON  \
-  "HOSTNAME" "Use Hostname ($HOSTNAME) to access the web interface" OFF \
+	"HOSTNAME" "Use hostname to access the web interface" OFF \
 	"OTHER" "Use a different name like a FQDN or Load Balancer" OFF 3>&1 1>&2 2>&3 )
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 }
 
 whiptail_set_redirect_host() {
+
+	[ -n "$QUIET" ] && return
+
 	REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
-    "Enter the Hostname or IP you would like to use for the web interface." 10 75 $HOSTNAME 3>&1 1>&2 2>&3)
+	"Enter the Hostname or IP you would like to use for the web interface." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 }
 
 whiptail_set_redirect_info() {
+
+	[ -n "$QUIET" ] && return
+
 	whiptail --title "Security Onion Setup" --msgbox "The following selection refers to accessing the web interface. \n
 For security reasons, we use strict cookie enforcement." 10 75
 }
 
 whiptail_setup_complete() {
 
-  whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75
-  install_cleanup >> $SETUPLOG 2>&1
+	[ -n "$QUIET" ] && return
+
+	whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $install_type. Press Enter to reboot." 8 75
+	install_cleanup >> $setup_log 2>&1
 
 }
 
 whiptail_setup_failed() {
 
-  whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75
-  install_cleanup >> $SETUPLOG 2>&1
+	[ -n "$QUIET" ] && return
+
+	whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $setup_log for details. Press Enter to reboot." 8 75
+	install_cleanup >> $setup_log 2>&1
 
 }
 
 whiptail_shard_count() {
 
+	[ -n "$QUIET" ] && return
+
 	SHARDCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
 	"\nEnter ES Shard Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
 
@@ -768,28 +968,54 @@ whiptail_shard_count() {
 
 whiptail_suricata_pins() {
 
-  FILTEREDCORES=$(echo ${LISTCORES[@]} ${BROPINS[@]} | tr -d '"' | tr ' ' '\n' | sort | uniq -u | awk '{print $1 " \"" "core" "\""}')
-  SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please Select $LBPROCS cores to pin Suricata to:" 20 75 12 ${FILTEREDCORES[@]} 3>&1 1>&2 2>&3 )
+	[ -n "$QUIET" ] && return
 
+	local filtered_core_list
+	readarray -t filtered_core_list <<< "$(echo "${cpu_core_list[@]}" "${BROPINS[@]}" | xargs -n1 | sort | uniq -u | awk '{print $1}')"
+
+	local filtered_core_str=()
+    for item in "${filtered_core_list[@]}"; do
+        filtered_core_str+=("$item" "")
+    done
+
+	SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please select $lb_procs cores to pin Suricata to:" 20 75 12 "${filtered_core_str[@]}" 3>&1 1>&2 2>&3 )
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
+	SURIPINS=$(echo "$SURIPINS" | tr -d '"')
+
+	IFS=' ' read -ra SURIPINS <<< "$SURIPINS"
+
 }
 
 whiptail_master_updates() {
 
-  MASTERUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
+	[ -n "$QUIET" ] && return
+
+	local update_string
+	update_string=$(whiptail --title "Security Onion Setup" --radiolist \
 	"How would you like to download updates for your grid?:" 20 75 4 \
 	"MASTER" "Master node is proxy for OS/Docker updates." ON \
 	"OPEN" "Each node connect to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
-
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
+	case "$update_string" in
+		'MASTER')
+			MASTERUPDATES='1'
+			;;
+		*)
+			MASTERUPDATES='0'
+			;;
+	esac
+
+
 }
 
 whiptail_node_updates() {
 
+	[ -n "$QUIET" ] && return
+
 	NODEUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
 	"How would you like to download updates for this node?:" 20 75 4 \
 	"MASTER" "Download OS/Docker updates from the Master." ON \
@@ -802,11 +1028,11 @@ whiptail_node_updates() {
 
 whiptail_you_sure() {
 
-  echo "whiptail_you_sure called" >> $SETUPLOG 2>&1
+	[ -n "$QUIET" ] && return
+
 	whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 75
 
 	local exitstatus=$?
-  echo "whiptail_you_sure returning $exitstatus" >> $SETUPLOG 2>&1
 	return $exitstatus
 
 }

setup/yum_repos/salt-2019-2.repo

@@ -0,0 +1,6 @@
+[saltstack-repo]
+name=SaltStack repo for RHEL/CentOS $releasever PY3
+baseurl=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/2019.2
+enabled=1
+gpgcheck=1
+gpgkey=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/2019.2/SALTSTACK-GPG-KEY.pub

setup/yum_repos/salt-latest.repo

@@ -0,0 +1,7 @@
+[salt-latest]
+name=SaltStack Latest Release Channel for RHEL/Centos $releasever
+baseurl=https://repo.saltstack.com/py3/redhat/7/$basearch/latest
+failovermethod=priority
+enabled=1
+gpgcheck=1
+gpgkey=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub

setup/yum_repos/wazuh.repo

@@ -0,0 +1,7 @@
+[wazuh_repo]
+gpgcheck=1
+gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+enabled=1
+name=Wazuh repository
+baseurl=https://packages.wazuh.com/3.x/yum/
+protect=1