diff --git a/files/salt/master/master b/files/salt/master/master
index 42e7866d9..93e8ff938 100644
--- a/files/salt/master/master
+++ b/files/salt/master/master
@@ -13,6 +13,8 @@
 # user: socore
 
 log_file: /opt/so/log/salt/master
+log_level_logfile: info
+log_level: info
 
 #####      File Server settings      #####
 ##########################################
diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index e3b01886b..791443340 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -157,9 +157,7 @@ set_version() {
 }
 
 require_manager() {
-	# Check to see if this is a manager
-	MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
-	if [ $MANAGERCHECK == 'so-eval' ] || [ $MANAGERCHECK == 'so-manager' ] || [ $MANAGERCHECK == 'so-managersearch' ] || [ $MANAGERCHECK == 'so-standalone' ] || [ $MANAGERCHECK == 'so-helix' ] || [ $MANAGERCHECK == 'so-import' ]; then
+	if is_manager; then
 		echo "This is a manager, We can proceed."
 	else
 		echo "Please run this command on the manager; the manager controls the grid."
@@ -167,12 +165,32 @@ require_manager() {
 	fi
 }
 
+is_manager() {
+	# Check to see if this is a manager node
+	role=$(lookup_role)
+	is_single_node_grid && return 0
+	[ $role == 'manager' ] && return 0
+	[ $role == 'managersearch' ] && return 0
+	[ $role == 'helix' ] && return 0
+	return 1
+}
+
+is_sensor() {
+	# Check to see if this is a sensor (forward) node
+	role=$(lookup_role)
+	is_single_node_grid && return 0
+	[ $role == 'sensor' ] && return 0
+	[ $role == 'heavynode' ] && return 0
+	[ $role == 'helix' ] && return 0
+	return 1
+}
+
 is_single_node_grid() {
 	role=$(lookup_role)
-	if [ "$role" != "eval" ] && [ "$role" != "standalone" ] && [ "$role" != "import" ]; then
-		return 1
-	fi
-	return 0
+	[ $role == 'eval' ] && return 0
+	[ $role == 'standalone' ] && return 0
+	[ $role == 'import' ] && return 0
+	return 1
 }
 
 fail() {
@@ -187,6 +205,34 @@ get_random_value() {
 	head -c 5000 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1
 }
 
+retry() {
+	maxAttempts=$1
+	sleepDelay=$2
+	cmd=$3
+	expectedOutput=$4
+	attempt=0
+	while [[ $attempt -lt $maxAttempts ]]; do			
+		attempt=$((attempt+1))
+		info "Executing command with retry support: $cmd"
+		output=$($cmd)
+		info "Results: $output"
+		exitcode=$?
+		if [ -n "$expectedOutput" ]; then
+			if [[ "$output" =~ "$expectedOutput" ]]; then
+				return $exitCode
+			else
+				info "Expected '$expectedOutput' but got '$output'"
+			fi
+		elif [[ $exitcode -eq 0 ]]; then
+			return $exitCode
+		fi
+		info "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
+		sleep $sleepDelay
+	done
+	error "Command continues to fail; giving up."
+	return 1
+}
+
 wait_for_apt() {
 	local progress_callback=$1
 
diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status
index 8dd607bd6..bb05d5f2e 100755
--- a/salt/common/tools/sbin/so-status
+++ b/salt/common/tools/sbin/so-status
@@ -20,10 +20,25 @@ if ! [ "$(id -u)" = 0 ]; then
    exit 1
 fi
 
+display_help() {
+cat <<HELP_USAGE
+
+    $0  [-h] [-q|--quiet]
+
+   -h             Show this message.
+   -q|--quiet     Suppress the output and only return a
+	              single status code for overall status
+	0:Ok, 1:Error, 2:Starting/Pending, 99:Installing SO
+HELP_USAGE
+}
+
 # Constants
+QUIET=false
+EXITCODE=0
 SYSTEM_START_TIME=$(date -d "$(</proc/uptime awk '{print $1}') seconds ago" +%s)
 # file populated by salt.lasthighstate state at end of successful highstate run
 LAST_HIGHSTATE_END=$([ -e "/opt/so/log/salt/lasthighstate" ] && date -r /opt/so/log/salt/lasthighstate +%s || echo 0)
+LAST_SOSETUP_LOG=$([ -e "/root/sosetup.log" ] && date -r /root/sosetup.log +%s || echo 0)
 HIGHSTATE_RUNNING=$(salt-call --local saltutil.running --out=json | jq -r '.local[].fun' | grep -q 'state.highstate' && echo $?)
 ERROR_STRING="ERROR"
 SUCCESS_STRING="OK"
@@ -81,7 +96,7 @@ compare_lists() {
 
 create_expected_container_list() {
 
-    mapfile -t expected_container_list < <(sort -u /opt/so/conf/so-status/so-status.conf | tr -d "#")    
+    mapfile -t expected_container_list < <(sort -u /opt/so/conf/so-status/so-status.conf | tr -d "#")
 
 }
 
@@ -111,43 +126,43 @@ populate_container_lists() {
 }
 
 parse_status() {
-    local container_state=${1}
-    local service_name=${2}
+    local service_name=${1}
+    local container_state=${2}
 
     for state in "${GOOD_STATUSES[@]}"; do
-        [[ $container_state = "$state" ]] && printf $SUCCESS_STRING && return 0
+        [[ $container_state = "$state" ]] && [[ $QUIET = "false" ]] && printf $SUCCESS_STRING && return 0 || [[ $container_state = "$state" ]] && return 0
     done
 
     for state in "${BAD_STATUSES[@]}"; do
-        [[ " ${DISABLED_CONTAINERS[@]} " =~ " ${service_name} " ]] && printf $DISABLED_STRING && return 0
+        [[ " ${DISABLED_CONTAINERS[@]} " =~ " ${service_name} " ]] && [[ $QUIET = "false" ]] && printf $DISABLED_STRING && return 0 || [[ " ${DISABLED_CONTAINERS[@]} " =~ " ${service_name} " ]] && return 0
     done
 
     # if a highstate has finished running since the system has started
     # then the containers should be running so let's check the status
     if [ $LAST_HIGHSTATE_END -ge $SYSTEM_START_TIME ]; then
 
-        [[ $container_state = "missing" ]] && printf $MISSING_STRING && return 1
+        [[ $container_state = "missing" ]] && [[ $QUIET = "false" ]] && printf $MISSING_STRING && return 1 || [[ $container_state = "missing" ]] && [[ "$EXITCODE" -lt 2 ]] && EXITCODE=1  && return 1
 
         for state in "${PENDING_STATUSES[@]}"; do
-            [[ $container_state = "$state" ]] && printf $PENDING_STRING && return 0
+            [[ $container_state = "$state" ]] && [[ $QUIET = "false" ]] && printf $PENDING_STRING && return 0
         done
 
         # This is technically not needed since the default is error state
         for state in "${BAD_STATUSES[@]}"; do
-            [[ $container_state = "$state" ]] &&  printf $ERROR_STRING && return 1
+            [[ $container_state = "$state" ]] && [[ $QUIET = "false" ]] && printf $ERROR_STRING && return 1 || [[ $container_state = "$state" ]] && [[ "$EXITCODE" -lt 2 ]] && EXITCODE=1  && return 1
         done
 
-        printf $ERROR_STRING && return 1
-    
+        [[ $QUIET = "false" ]] && printf $ERROR_STRING && return 1 || [[ "$EXITCODE" -lt 2 ]] && EXITCODE=1 && return 1
+
     # if a highstate has not run since system start time, but a highstate is currently running
     # then show that the containers are STARTING
     elif [[ "$HIGHSTATE_RUNNING" == 0 ]]; then
-        printf $STARTING_STRING && return 0
+        [[ $QUIET = "false" ]] && printf $STARTING_STRING && return 2 || EXITCODE=2 && return 2
 
     # if a highstate has not finished running since system startup and isn't currently running
     # then just show that the containers are WAIT_START; waiting to be started
     else
-        printf $WAIT_START_STRING && return 1
+        [[ $QUIET = "false" ]] && printf $WAIT_START_STRING && return 2 || EXITCODE=2 && return 2
 
     fi
 }
@@ -156,18 +171,22 @@ parse_status() {
 
 print_line() {
     local service_name=${1}
-    local service_state="$( parse_status ${2} ${1} )"
+    local service_state="$( parse_status ${1} ${2} )"
     local columns=$(tput cols)
     local state_color="\e[0m"
 
     local PADDING_CONSTANT=15
 
-    if [[ $service_state = "$ERROR_STRING" ]] || [[ $service_state = "$MISSING_STRING" ]] || [[ $service_state = "$WAIT_START_STRING" ]]; then
+    if [[ $service_state = "$ERROR_STRING" ]] || [[ $service_state = "$MISSING_STRING" ]]; then
         state_color="\e[1;31m"
+        if [[ "$EXITCODE" -eq 0 ]]; then
+            EXITCODE=1
+        fi
     elif [[ $service_state = "$SUCCESS_STRING" ]]; then
         state_color="\e[1;32m"
-    elif [[ $service_state = "$PENDING_STRING" ]] || [[ $service_state = "$DISABLED_STRING" ]] || [[ $service_state = "$STARTING_STRING" ]]; then
+    elif [[ $service_state = "$PENDING_STRING" ]] || [[ $service_state = "$DISABLED_STRING" ]] || [[ $service_state = "$STARTING_STRING" ]] || [[ $service_state = "$WAIT_START_STRING" ]]; then
         state_color="\e[1;33m"
+        EXITCODE=2
     fi
 
     printf "    $service_name "
@@ -181,7 +200,15 @@ print_line() {
 
 non_term_print_line() {
     local service_name=${1}
-    local service_state="$( parse_status ${2} ${1} )"
+    local service_state="$( parse_status ${1} ${2} )"
+
+    if [[ $service_state = "$ERROR_STRING" ]] || [[ $service_state = "$MISSING_STRING" ]]; then
+        if [[ "$EXITCODE" -eq 0 ]]; then
+            EXITCODE=1
+        fi
+    elif [[ $service_state = "$PENDING_STRING" ]] || [[ $service_state = "$DISABLED_STRING" ]] || [[ $service_state = "$STARTING_STRING" ]] || [[ $service_state = "$WAIT_START_STRING" ]]; then
+        EXITCODE=2
+    fi
 
     printf "    $service_name "
     for i in $(seq 0 $(( 35 - ${#service_name} - ${#service_state} ))); do
@@ -218,37 +245,67 @@ main() {
       done
 
       printf "\n"
-    
+
     # else if running from a terminal
     else
 
-      local focus_color="\e[1;34m"
-      printf "\n"
-      printf "${focus_color}%b\e[0m" "Checking Docker status\n\n"
+      if [ "$QUIET" = true ]; then
+          if [ $SYSTEM_START_TIME -lt $LAST_SOSETUP_LOG ]; then
+            exit 99
+          fi
+          print_or_parse="parse_status"
+      else
+          print_or_parse="print_line"
+
+          local focus_color="\e[1;34m"
+          printf "\n"
+          printf "${focus_color}%b\e[0m" "Checking Docker status\n\n"
+      fi
 
       systemctl is-active --quiet docker
       if [[ $? = 0 ]]; then
-          print_line "Docker" "running"
+          ${print_or_parse} "Docker" "running"
       else
-          print_line "Docker" "exited"
+          ${print_or_parse} "Docker" "exited"
       fi
 
       populate_container_lists
 
-      printf "\n"
-      printf "${focus_color}%b\e[0m" "Checking container statuses\n\n"
+      if [ "$QUIET" = false ]; then
+          printf "\n"
+          printf "${focus_color}%b\e[0m" "Checking container statuses\n\n"
+      fi
 
       local num_containers=${#container_name_list[@]}
 
       for i in $(seq 0 $(($num_containers - 1 ))); do
-          print_line ${container_name_list[$i]} ${container_state_list[$i]}
+          ${print_or_parse} ${container_name_list[$i]} ${container_state_list[$i]}
       done
 
-      printf "\n"
+      if [ "$QUIET" = false ]; then
+          printf "\n"
+      fi
     fi
 }
 
 # {% endraw %}
 
+while getopts ':hq' OPTION; do
+  case "$OPTION" in
+    h)
+      display_help
+      exit 0
+      ;;
+    q)
+      QUIET=true
+      ;;
+    \?)
+      display_help
+      exit 0
+      ;;
+  esac
+done
 
-main
\ No newline at end of file
+main
+
+exit $EXITCODE
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-tcpreplay b/salt/common/tools/sbin/so-tcpreplay
index fa992bdd8..e8e24a474 100755
--- a/salt/common/tools/sbin/so-tcpreplay
+++ b/salt/common/tools/sbin/so-tcpreplay
@@ -47,13 +47,26 @@ if ! docker ps | grep -q so-tcpreplay; then
   echo "Replay functionality not enabled; attempting to enable now (may require Internet access)..."
   echo
 
-  TRUSTED_CONTAINERS=("so-tcpreplay")
-  mkdir -p /opt/so/log/tcpreplay
-  update_docker_containers "tcpreplay" "" "" "/opt/so/log/tcpreplay/init.log"
-  so-tcpreplay-start || fail "Unable to initialize tcpreplay"
+  if is_manager; then
+	  TRUSTED_CONTAINERS=("so-tcpreplay")
+	  mkdir -p /opt/so/log/tcpreplay
+	  update_docker_containers "tcpreplay" "" "" "/opt/so/log/tcpreplay/init.log"
+	fi
+	if is_sensor; then
+		if ! is_manager; then
+			echo "Attempting to start replay container. If this fails then you may need to run this command on the manager first."
+		fi
+  	so-tcpreplay-start || fail "Unable to initialize tcpreplay"
+  fi
 fi
 
-echo "Replaying PCAP(s) at ${REPLAYSPEED} Mbps on interface ${REPLAYIFACE}..."
-docker exec so-tcpreplay /usr/bin/bash -c "/usr/local/bin/tcpreplay -i ${REPLAYIFACE} -M${REPLAYSPEED} $@"
+if is_sensor; then
+	echo "Replaying PCAP(s) at ${REPLAYSPEED} Mbps on interface ${REPLAYIFACE}..."
+	docker exec so-tcpreplay /usr/bin/bash -c "/usr/local/bin/tcpreplay -i ${REPLAYIFACE} -M${REPLAYSPEED} $@"
 
-echo "Replay completed. Warnings shown above are typically expected."
+	echo "Replay completed. Warnings shown above are typically expected."
+elif is_manager; then
+	echo "The sensor nodes in this grid can now replay traffic."
+else
+	echo "Unable to replay traffic since this node is not a sensor node."
+fi
diff --git a/salt/pcap/files/config b/salt/pcap/files/config
index 4a612fbf1..048775ef7 100644
--- a/salt/pcap/files/config
+++ b/salt/pcap/files/config
@@ -1,10 +1,12 @@
 {%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
+{%- set diskfreepercentage = salt['pillar.get']('steno:diskfreepercentage', 10) %}
+
 {
   "Threads": [
     { "PacketsDirectory": "/nsm/pcap"
     , "IndexDirectory": "/nsm/pcapindex"
     , "MaxDirectoryFiles": 30000
-    , "DiskFreePercentage": 10
+    , "DiskFreePercentage": {{ diskfreepercentage }}
     }
   ]
   , "StenotypePath": "/usr/bin/stenotype"
@@ -13,4 +15,4 @@
   , "Host": "127.0.0.1"
   , "Flags": ["-v", "--uid=stenographer", "--gid=stenographer"{{ BPF_COMPILED }}]
   , "CertPath": "/etc/stenographer/certs"
-}
+}
\ No newline at end of file
diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls
index c4b5346ae..1bd9e3aad 100644
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -1,4 +1,4 @@
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -17,8 +17,8 @@
 
 {% if 'strelka' in top_states %}
 
-{%- set MANAGER = salt['grains.get']('master') %}
-{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
+{% set MANAGER = salt['grains.get']('master') %}
+{% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') %}
@@ -47,7 +47,7 @@ strelkasync:
     - group: 939
     - template: jinja
 
-{%- if STRELKA_RULES == 1 %}
+{% if STRELKA_RULES == 1 %}
 
 strelkarules:
   file.recurse:
@@ -56,13 +56,15 @@ strelkarules:
     - user: 939
     - group: 939
 
+{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %}
 strelkarepos:
   file.managed:
     - name: /opt/so/saltstack/default/salt/strelka/rules/repos.txt
     - source: salt://strelka/rules/repos.txt.jinja
     - template: jinja
-    
-{%- endif %}
+
+{% endif %}
+{% endif %}
 
 strelkadatadir:
    file.directory:
diff --git a/salt/telegraf/scripts/suriloss.sh b/salt/telegraf/scripts/suriloss.sh
index 7ef8de2ee..9f8ad8cc6 100644
--- a/salt/telegraf/scripts/suriloss.sh
+++ b/salt/telegraf/scripts/suriloss.sh
@@ -33,20 +33,20 @@ if [ $CHECKIT == 2 ]; then
 
   CURRENTDROP=${RESULT[4]}
   PASTDROP=${RESULT[14]}
-  DROPPED=$(($CURRENTDROP - $PASTDROP))
+  DROPPED=$((CURRENTDROP - PASTDROP))
   if [ $DROPPED == 0 ]; then
     LOSS=0
     echo "suridrop drop=0"
   else
     CURRENTPACKETS=${RESULT[9]}
     PASTPACKETS=${RESULT[19]}
-    TOTALCURRENT=$(($CURRENTPACKETS + $CURRENTDROP))
-    TOTALPAST=$(($PASTPACKETS + $PASTDROP))
-    TOTAL=$(($TOTALCURRENT - $TOTALPAST))
+    TOTALCURRENT=$((CURRENTPACKETS + CURRENTDROP))
+    TOTALPAST=$((PASTPACKETS + PASTDROP))
+    TOTAL=$((TOTALCURRENT - TOTALPAST))
 
     LOSS=$(echo 4 k $DROPPED $TOTAL / p | dc)
     echo "suridrop drop=$LOSS"
   fi
 else
   echo "suridrop drop=0"
-fi
+fi
\ No newline at end of file
diff --git a/salt/telegraf/scripts/zeekloss.sh b/salt/telegraf/scripts/zeekloss.sh
index 9a64ef4dd..966de8e4d 100644
--- a/salt/telegraf/scripts/zeekloss.sh
+++ b/salt/telegraf/scripts/zeekloss.sh
@@ -29,15 +29,22 @@ echo $$ > $lf
 ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
 declare RESULT=($ZEEKLOG)
 CURRENTDROP=${RESULT[3]}
-PASTDROP=${RESULT[9]}
-DROPPED=$((CURRENTDROP - PASTDROP))
-if [ $DROPPED == 0 ]; then
+# zeek likely not running if this is true
+if [[ $CURRENTDROP == "rcvd:" ]]; then
+  CURRENTDROP=0
+  PASTDROP=0
+  DROPPED=0
+else
+  PASTDROP=${RESULT[9]}
+  DROPPED=$((CURRENTDROP - PASTDROP))
+fi
+if [[ "$DROPPED" -le 0 ]]; then
   LOSS=0
   echo "zeekdrop drop=0"
 else
   CURRENTPACKETS=${RESULT[5]}
   PASTPACKETS=${RESULT[11]}
   TOTAL=$((CURRENTPACKETS - PASTPACKETS))
-  LOSS=$(echo $DROPPED $TOTAL / p | dc)
+  LOSS=$(echo 4 k $DROPPED $TOTAL / p | dc)
   echo "zeekdrop drop=$LOSS"
-fi
+fi
\ No newline at end of file
diff --git a/setup/automation/distributed-airgap-manager b/setup/automation/distributed-airgap-manager
new file mode 100644
index 000000000..051212cdd
--- /dev/null
+++ b/setup/automation/distributed-airgap-manager
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+#BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=distributed-manager
+install_type=MANAGER
+INTERWEBS=AIRGAP
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=IP
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/distributed-airgap-search b/setup/automation/distributed-airgap-search
new file mode 100644
index 000000000..aec7afd31
--- /dev/null
+++ b/setup/automation/distributed-airgap-search
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+# ALLOW_CIDR=0.0.0.0/0
+# ALLOW_ROLE=a
+# BASICZEEK=7
+# BASICSURI=7
+# BLOGS=
+# BNICS=eth1
+# ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+# GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=distributed-search
+install_type=SEARCHNODE
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+# MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+MSRV=distributed-manager
+MSRVIP=10.66.166.42
+# MTU=
+# NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+# OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+# PLAYBOOK=1
+# REDIRECTHOST=
+# REDIRECTINFO=IP
+# RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+# STRELKA=1
+# THEHIVE=1
+# WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/distributed-airgap-sensor b/setup/automation/distributed-airgap-sensor
new file mode 100644
index 000000000..4cc3f6a75
--- /dev/null
+++ b/setup/automation/distributed-airgap-sensor
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+# ALLOW_CIDR=0.0.0.0/0
+# ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+# GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=distributed-sensor
+install_type=SENSOR
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+# MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+MSRV=distributed-manager
+MSRVIP=10.66.166.42
+# MTU=
+# NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+# NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+# OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+# PLAYBOOK=1
+# REDIRECTHOST=
+# REDIRECTINFO=IP
+# RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+# STRELKA=1
+# THEHIVE=1
+# WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/distributed-ami-forwardnode b/setup/automation/distributed-ami-forwardnode
new file mode 100644
index 000000000..a3cd2cccb
--- /dev/null
+++ b/setup/automation/distributed-ami-forwardnode
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+#ALLOW_CIDR=0.0.0.0/0
+#ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=ens6
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+#GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=forwardnode-aws
+install_type=SENSOR
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+#MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=ens5
+# MSEARCH=
+MSRV=manager-aws
+MSRVIP=172.16.163.10
+# MTU=
+#NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+#NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+#OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+#PLAYBOOK=1
+# REDIRECTHOST=
+#REDIRECTINFO=HOSTNAME
+#RULESETUP=ETOPEN
+# SHARDCOUNT=
+SKIP_REBOOT=0
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+#STRELKA=1
+#THEHIVE=1
+#WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/distributed-ami-manager b/setup/automation/distributed-ami-manager
new file mode 100644
index 000000000..b1effcf7a
--- /dev/null
+++ b/setup/automation/distributed-ami-manager
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=ens6
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=manager-aws
+install_type=MANAGER
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=ens5
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=HOSTNAME
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+SKIP_REBOOT=0
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/distributed-ami-searchnode b/setup/automation/distributed-ami-searchnode
new file mode 100644
index 000000000..e50e18475
--- /dev/null
+++ b/setup/automation/distributed-ami-searchnode
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+#ALLOW_CIDR=0.0.0.0/0
+#ALLOW_ROLE=a
+#BASICZEEK=7
+#BASICSURI=7
+# BLOGS=
+#BNICS=ens6
+#ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+#GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=searchnode-aws
+install_type=SEARCHNODE
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+#MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=ens5
+# MSEARCH=
+MSRV=manager-aws
+MSRVIP=172.16.163.10
+# MTU=
+#NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+#OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+#PLAYBOOK=1
+# REDIRECTHOST=
+#REDIRECTINFO=HOSTNAME
+#RULESETUP=ETOPEN
+# SHARDCOUNT=
+SKIP_REBOOT=0
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+#STRELKA=1
+#THEHIVE=1
+#WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/distributed-iso-manager b/setup/automation/distributed-iso-manager
new file mode 100644
index 000000000..cbf803dd2
--- /dev/null
+++ b/setup/automation/distributed-iso-manager
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=7
+BASICSURI=7
+# BLOGS=
+#BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=distributed-manager
+install_type=MANAGER
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=IP
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/distributed-iso-search b/setup/automation/distributed-iso-search
new file mode 100644
index 000000000..aec7afd31
--- /dev/null
+++ b/setup/automation/distributed-iso-search
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+# ALLOW_CIDR=0.0.0.0/0
+# ALLOW_ROLE=a
+# BASICZEEK=7
+# BASICSURI=7
+# BLOGS=
+# BNICS=eth1
+# ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+# GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=distributed-search
+install_type=SEARCHNODE
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+# MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+MSRV=distributed-manager
+MSRVIP=10.66.166.42
+# MTU=
+# NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+# OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+# PLAYBOOK=1
+# REDIRECTHOST=
+# REDIRECTINFO=IP
+# RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+# STRELKA=1
+# THEHIVE=1
+# WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/distributed-iso-sensor b/setup/automation/distributed-iso-sensor
new file mode 100644
index 000000000..4cc3f6a75
--- /dev/null
+++ b/setup/automation/distributed-iso-sensor
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+# ALLOW_CIDR=0.0.0.0/0
+# ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+# GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=distributed-sensor
+install_type=SENSOR
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+# MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+MSRV=distributed-manager
+MSRVIP=10.66.166.42
+# MTU=
+# NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+# NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+# OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+# PLAYBOOK=1
+# REDIRECTHOST=
+# REDIRECTINFO=IP
+# RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+# STRELKA=1
+# THEHIVE=1
+# WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/distributed_forwardnode_ami b/setup/automation/distributed_forwardnode_ami
index 99d8f21be..a3cd2cccb 100644
--- a/setup/automation/distributed_forwardnode_ami
+++ b/setup/automation/distributed_forwardnode_ami
@@ -23,8 +23,8 @@ ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 #ALLOW_CIDR=0.0.0.0/0
 #ALLOW_ROLE=a
-BASICZEEK=1
-BASICSURI=1
+BASICZEEK=2
+BASICSURI=2
 # BLOGS=
 BNICS=ens6
 ZEEKVERSION=ZEEK
@@ -70,9 +70,9 @@ PATCHSCHEDULENAME=auto
 SKIP_REBOOT=0
 SOREMOTEPASS1=onionuser
 SOREMOTEPASS2=onionuser
-STRELKA=1
+#STRELKA=1
 #THEHIVE=1
-WAZUH=1
-WEBUSER=onionuser@somewhere.invalid
-WEBPASSWD1=0n10nus3r
-WEBPASSWD2=0n10nus3r
+#WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/distributed_manager_ami b/setup/automation/distributed_manager_ami
index 2ca5c2a04..b1effcf7a 100644
--- a/setup/automation/distributed_manager_ami
+++ b/setup/automation/distributed_manager_ami
@@ -23,8 +23,8 @@ ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 ALLOW_CIDR=0.0.0.0/0
 ALLOW_ROLE=a
-BASICZEEK=7
-BASICSURI=7
+BASICZEEK=2
+BASICSURI=2
 # BLOGS=
 BNICS=ens6
 ZEEKVERSION=ZEEK
diff --git a/setup/automation/distributed_searchnode_ami b/setup/automation/distributed_searchnode_ami
index 3c2ff4df5..e50e18475 100644
--- a/setup/automation/distributed_searchnode_ami
+++ b/setup/automation/distributed_searchnode_ami
@@ -22,7 +22,7 @@ ADMINUSER=onionuser
 ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 #ALLOW_CIDR=0.0.0.0/0
-ALLOW_ROLE=a
+#ALLOW_ROLE=a
 #BASICZEEK=7
 #BASICSURI=7
 # BLOGS=
@@ -72,7 +72,7 @@ SOREMOTEPASS1=onionuser
 SOREMOTEPASS2=onionuser
 #STRELKA=1
 #THEHIVE=1
-WAZUH=1
-WEBUSER=onionuser@somewhere.invalid
-WEBPASSWD1=0n10nus3r
-WEBPASSWD2=0n10nus3r
+#WAZUH=1
+# WEBUSER=onionuser@somewhere.invalid
+# WEBPASSWD1=0n10nus3r
+# WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/eval-airgap b/setup/automation/eval-airgap
new file mode 100644
index 000000000..4ab28a795
--- /dev/null
+++ b/setup/automation/eval-airgap
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=eval
+install_type=EVAL
+INTERWEBS=AIRGAP
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=IP
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/eval-ami b/setup/automation/eval-ami
new file mode 100644
index 000000000..a1192c93e
--- /dev/null
+++ b/setup/automation/eval-ami
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=eval-aws
+install_type=EVAL
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4)
+REDIRECTINFO=OTHER
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/eval-iso b/setup/automation/eval-iso
new file mode 100644
index 000000000..81b04b9dc
--- /dev/null
+++ b/setup/automation/eval-iso
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=eval
+install_type=EVAL
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=IP
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/eval-net-centos b/setup/automation/eval-net-centos
new file mode 100644
index 000000000..d8df5631a
--- /dev/null
+++ b/setup/automation/eval-net-centos
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+# address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=standalone
+install_type=EVAL
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=IP
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/eval-net-ubuntu b/setup/automation/eval-net-ubuntu
new file mode 100644
index 000000000..a6ec2edad
--- /dev/null
+++ b/setup/automation/eval-net-ubuntu
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+# address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=ens19
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=standalone
+install_type=STANDALONE
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=ens18
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=IP
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/eval_ami b/setup/automation/eval_ami
index 2c5a8a52d..91f418b14 100644
--- a/setup/automation/eval_ami
+++ b/setup/automation/eval_ami
@@ -23,10 +23,10 @@ ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 ALLOW_CIDR=0.0.0.0/0
 ALLOW_ROLE=a
-BASICZEEK=7
-BASICSURI=7
+BASICZEEK=2
+BASICSURI=2
 # BLOGS=
-BNICS=ens6
+BNICS=eth1
 ZEEKVERSION=ZEEK
 # CURCLOSEDAYS=
 # EVALADVANCED=BASIC
@@ -34,7 +34,7 @@ GRAFANA=1
 # HELIXAPIKEY=
 HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
 HNSENSOR=inherit
-HOSTNAME=eval-aws
+HOSTNAME=eval
 install_type=EVAL
 # LSINPUTBATCHCOUNT=
 # LSINPUTTHREADS=
@@ -46,7 +46,7 @@ MANAGERUPDATES=1
 # MGATEWAY=
 # MIP=
 # MMASK=
-MNIC=ens5
+MNIC=eth0
 # MSEARCH=
 # MSRV=
 # MTU=
@@ -63,10 +63,14 @@ OSQUERY=1
 PATCHSCHEDULENAME=auto
 PLAYBOOK=1
 # REDIRECTHOST=
-REDIRECTINFO=HOSTNAME
+REDIRECTINFO=IP
 RULESETUP=ETOPEN
 # SHARDCOUNT=
+<<<<<<< HEAD:setup/automation/eval_ami
 # SKIP_REBOOT=0
+=======
+# SKIP_REBOOT=
+>>>>>>> dev:setup/automation/eval-iso
 SOREMOTEPASS1=onionuser
 SOREMOTEPASS2=onionuser
 STRELKA=1
diff --git a/setup/automation/standalone-airgap b/setup/automation/standalone-airgap
new file mode 100644
index 000000000..df6dca6b2
--- /dev/null
+++ b/setup/automation/standalone-airgap
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=standalone
+install_type=STANDALONE
+INTERWEBS=AIRGAP
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=IP
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/standalone-ami b/setup/automation/standalone-ami
new file mode 100644
index 000000000..d9e84ebe8
--- /dev/null
+++ b/setup/automation/standalone-ami
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=standalone-aws
+install_type=STANDALONE
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4)
+REDIRECTINFO=OTHER
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/standalone-iso b/setup/automation/standalone-iso
new file mode 100644
index 000000000..15b21e2df
--- /dev/null
+++ b/setup/automation/standalone-iso
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=standalone
+install_type=STANDALONE
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=IP
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/standalone-net-centos b/setup/automation/standalone-net-centos
new file mode 100644
index 000000000..9d223fb4d
--- /dev/null
+++ b/setup/automation/standalone-net-centos
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+# address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=eth1
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=standalone
+install_type=STANDALONE
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=eth0
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=IP
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/standalone-net-ubuntu b/setup/automation/standalone-net-ubuntu
new file mode 100644
index 000000000..a6ec2edad
--- /dev/null
+++ b/setup/automation/standalone-net-ubuntu
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TESTING=true
+
+# address_type=DHCP
+ADMINUSER=onionuser
+ADMINPASS1=onionuser
+ADMINPASS2=onionuser
+ALLOW_CIDR=0.0.0.0/0
+ALLOW_ROLE=a
+BASICZEEK=2
+BASICSURI=2
+# BLOGS=
+BNICS=ens19
+ZEEKVERSION=ZEEK
+# CURCLOSEDAYS=
+# EVALADVANCED=BASIC
+GRAFANA=1
+# HELIXAPIKEY=
+HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+HNSENSOR=inherit
+HOSTNAME=standalone
+install_type=STANDALONE
+# LSINPUTBATCHCOUNT=
+# LSINPUTTHREADS=
+# LSPIPELINEBATCH=
+# LSPIPELINEWORKERS=
+MANAGERADV=BASIC
+MANAGERUPDATES=1
+# MDNS=
+# MGATEWAY=
+# MIP=
+# MMASK=
+MNIC=ens18
+# MSEARCH=
+# MSRV=
+# MTU=
+NIDS=Suricata
+# NODE_ES_HEAP_SIZE=
+# NODE_LS_HEAP_SIZE=
+NODESETUP=NODEBASIC
+NSMSETUP=BASIC
+NODEUPDATES=MANAGER
+# OINKCODE=
+OSQUERY=1
+# PATCHSCHEDULEDAYS=
+# PATCHSCHEDULEHOURS=
+PATCHSCHEDULENAME=auto
+PLAYBOOK=1
+# REDIRECTHOST=
+REDIRECTINFO=IP
+RULESETUP=ETOPEN
+# SHARDCOUNT=
+# SKIP_REBOOT=
+SOREMOTEPASS1=onionuser
+SOREMOTEPASS2=onionuser
+STRELKA=1
+THEHIVE=1
+WAZUH=1
+WEBUSER=onionuser@somewhere.invalid
+WEBPASSWD1=0n10nus3r
+WEBPASSWD2=0n10nus3r
diff --git a/setup/automation/standalone_ami b/setup/automation/standalone_ami
index d32e1fad7..ae1101574 100644
--- a/setup/automation/standalone_ami
+++ b/setup/automation/standalone_ami
@@ -23,8 +23,8 @@ ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 ALLOW_CIDR=0.0.0.0/0
 ALLOW_ROLE=a
-BASICZEEK=7
-BASICSURI=7
+BASICZEEK=2
+BASICSURI=2
 # BLOGS=
 BNICS=eth1
 ZEEKVERSION=ZEEK
@@ -34,8 +34,9 @@ GRAFANA=1
 # HELIXAPIKEY=
 HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
 HNSENSOR=inherit
-HOSTNAME=standalone-aws
+HOSTNAME=standalone
 install_type=STANDALONE
+INTERWEBS=AIRGAP
 # LSINPUTBATCHCOUNT=
 # LSINPUTTHREADS=
 # LSPIPELINEBATCH=
@@ -62,8 +63,13 @@ OSQUERY=1
 # PATCHSCHEDULEHOURS=
 PATCHSCHEDULENAME=auto
 PLAYBOOK=1
+<<<<<<< HEAD:setup/automation/standalone_ami
 REDIRECTHOST=$(curl http://169.254.169.254/latest/meta-data/public-ipv4)
 REDIRECTINFO=OTHER
+=======
+# REDIRECTHOST=
+REDIRECTINFO=IP
+>>>>>>> dev:setup/automation/standalone-airgap
 RULESETUP=ETOPEN
 # SHARDCOUNT=
 # SKIP_REBOOT=
diff --git a/setup/automation/standalone_iso b/setup/automation/standalone_iso
index 0561a2883..15b21e2df 100644
--- a/setup/automation/standalone_iso
+++ b/setup/automation/standalone_iso
@@ -23,8 +23,8 @@ ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 ALLOW_CIDR=0.0.0.0/0
 ALLOW_ROLE=a
-BASICZEEK=7
-BASICSURI=7
+BASICZEEK=2
+BASICSURI=2
 # BLOGS=
 BNICS=eth1
 ZEEKVERSION=ZEEK
diff --git a/setup/so-functions b/setup/so-functions
index f1728dd71..b7605506a 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -97,8 +97,6 @@ airgap_rules() {
 
 	# Don't leave Strelka out
 	cp -Rv /root/SecurityOnion/agrules/strelka /nsm/repo/rules/
-
-
 }
 
 analyze_system() {
@@ -116,13 +114,11 @@ accept_salt_key_remote() {
 	
 	echo "Accept the key remotely on the manager" >> "$setup_log" 2>&1
 	# Delete the key just in case.
-	ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -d "$MINION_ID" -y
+	$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -d "$MINION_ID" -y
 	salt-call state.apply ca >> /dev/null 2>&1
-	ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -a "$MINION_ID" -y
-
+	$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -a "$MINION_ID" -y
 }
 
-
 add_admin_user() {
 	# Add an admin user with full sudo rights if this is an ISO install. 
 	{
@@ -753,6 +749,8 @@ configure_minion() {
 	printf '%s\n'\
 		"use_superseded:"\
 		"  - module.run"\
+		"log_level: info"\
+		"log_level_logfile: info"\
 		"log_file: /opt/so/log/salt/minion" >> "$minion_config"
 
 	{
@@ -840,7 +838,7 @@ check_requirements() {
 }
 
 compare_versions() {
-	manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion)
+	manager_ver=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion)
 
 	if [[ $manager_ver == "" ]]; then
 		rm /root/install_opt
@@ -910,6 +908,7 @@ copy_salt_master_config() {
 }
 
 copy_minion_tmp_files() {
+
 	case "$install_type" in
 		'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
 			echo "Copying pillar and salt files in $temp_install_dir to $local_salt_dir"
@@ -921,15 +920,15 @@ copy_minion_tmp_files() {
 		*)
 			{
 				echo "scp pillar and salt files in $temp_install_dir to manager $local_salt_dir";
-				ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar;
-				ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules;
-				scp -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
+				$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar;
+				$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules;
+				$scpcmd -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
 				if [ -d $temp_install_dir/salt/patch/os/schedules/ ]; then
 					if [ "$(ls -A $temp_install_dir/salt/patch/os/schedules/)" ]; then
-						scp -prv -i /root/.ssh/so.key $temp_install_dir/salt/patch/os/schedules/* soremote@$MSRV:/tmp/$MINION_ID/schedules;
+						$scpcmd -prv -i /root/.ssh/so.key $temp_install_dir/salt/patch/os/schedules/* soremote@$MSRV:/tmp/$MINION_ID/schedules;
 					fi
 				fi
-				ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/manager/files/add_minion.sh "$MINION_ID";
+				$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/manager/files/add_minion.sh "$MINION_ID";
 			} >> "$setup_log" 2>&1
 			;;
 	esac
@@ -948,7 +947,7 @@ copy_ssh_key() {
 
 	echo "Copying the SSH key to the manager"
 	#Copy the key over to the manager
-	ssh-copy-id -f -i /root/.ssh/so.key soremote@"$MSRV"
+	$sshcopyidcmd -f -i /root/.ssh/so.key soremote@"$MSRV"
 }
 
 create_local_directories() {
@@ -2022,7 +2021,7 @@ saltify() {
 				# Copy down the gpg keys and install them from the manager
 				mkdir "$temp_install_dir"/gpg >> "$setup_log" 2>&1
 				echo "scp the gpg keys and install them from the manager" >> "$setup_log" 2>&1
-				scp -v -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/gpg/* "$temp_install_dir"/gpg >> "$setup_log" 2>&1
+				$scpcmd -v -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/gpg/* "$temp_install_dir"/gpg >> "$setup_log" 2>&1
 				echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1
 				apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
 				apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
@@ -2218,12 +2217,28 @@ set_progress_str() {
 
 	echo -e "$percentage_str"
 
+	info "Progressing ($percentage%): $progress_bar_text"
+
 	printf '%s\n' \
 	'----'\
 	"$percentage% - ${progress_bar_text^^}"\
 	"----" >> "$setup_log" 2>&1
 }
 
+set_ssh_cmds() {
+	local automated=$1
+
+	if [ $automated == yes ]; then
+		sshcmd="sshpass -p $SOREMOTEPASS1 ssh -o StrictHostKeyChecking=no"
+		sshcopyidcmd="sshpass -p $SOREMOTEPASS1 ssh-copy-id -o StrictHostKeyChecking=no"
+		scpcmd="sshpass -p $SOREMOTEPASS1 scp -o StrictHostKeyChecking=no"
+	else
+		sshcmd='ssh'
+		sshcopyidcmd='ssh-copy-id'
+		scpcmd='scp'
+	fi
+}
+
 sensor_pillar() {
 
 	local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
@@ -2341,24 +2356,24 @@ set_initial_firewall_policy() {
             $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost sensor "$MAINIP"
 			;;
 		'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET')
-			ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
+			$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
 			case "$install_type" in
 				'SENSOR')
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost sensor "$MAINIP"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" "$INTERFACE"
+					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost sensor "$MAINIP"
+					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" "$INTERFACE"
 					;;
 				'SEARCHNODE')
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
+					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP"
+					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
 					;;
 				'HEAVYNODE')
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost heavy_node "$MAINIP"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" "$INTERFACE"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
+					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP"
+					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost heavy_node "$MAINIP"
+					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" "$INTERFACE"
+					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
 					;;
 				'FLEET')
-				    ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost beats_endpoint_ssl "$MAINIP"
+				    $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost beats_endpoint_ssl "$MAINIP"
 					;;
 			esac
 			;;
@@ -2454,6 +2469,13 @@ mark_version() {
 	echo "$SOVERSION" > /etc/soversion
 }
 
+update_sudoers_for_testing() {
+	if [ -n "$TESTING" ]; then
+		info "Ensuring $INSTALLUSERNAME has password-less sudo access for automated testing purposes."
+		sed -i "s/^$INSTALLUSERNAME   ALL=(ALL)       ALL/$INSTALLUSERNAME   ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers
+	fi
+}
+
 update_sudoers() {
 
 	if ! grep -qE '^soremote\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers; then
diff --git a/setup/so-setup b/setup/so-setup
index 5707212c6..a4bf034cc 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -124,6 +124,15 @@ if [[ -f automation/$automation && $(basename $automation) == $automation ]]; th
 		ip a | grep "$MNIC:" | grep "state UP" >> $setup_log 2>&1
 	done
 	echo "Network is up on $MNIC" >> $setup_log 2>&1
+
+	if [[ ! $is_iso ]]; then
+		echo "Installing sshpass for automated testing." >> $setup_log 2>&1
+		if [ "$OS" == ubuntu ]; then
+			apt-get -y install sshpass >> $setup_log 2>&1
+		else
+			yum -y install sshpass >> $setup_log 2>&1
+		fi
+	fi
 fi
 
 case "$setup_type" in
@@ -136,6 +145,9 @@ case "$setup_type" in
 		;;
 esac
 
+#set ssh commands that will be used based on if this is an automated test install or not
+set_ssh_cmds $automated
+
 # Allow execution of SO tools during setup
 local_sbin="$(pwd)/../salt/common/tools/sbin"
 export PATH=$PATH:$local_sbin
@@ -285,7 +297,7 @@ if ! [[ -f $install_opt_file ]]; then
 	fi
 
 	if [[ $is_minion ]]; then
-		[ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1
+		copy_ssh_key >> $setup_log 2>&1
 	fi
 
 	if [[ $is_minion ]] && ! (compare_versions); then
@@ -586,6 +598,8 @@ set_redirect >> $setup_log 2>&1
 	set_progress_str 8 'Initializing Salt minion'
 	configure_minion "$minion_type" >> $setup_log 2>&1
 
+	update_sudoers_for_testing >> $setup_log 2>&1
+
 	if [[ $is_manager || $is_helix || $is_import ]]; then
 		set_progress_str 9 'Configuring Salt master'
 		{
@@ -628,12 +642,12 @@ set_redirect >> $setup_log 2>&1
 
 	if [[ $is_minion ]]; then
 		set_progress_str 20 'Accepting Salt key on manager'
-		accept_salt_key_remote >> $setup_log 2>&1
+		retry 20 10	accept_salt_key_remote "going to be accepted"
 	fi
 
 	if [[ $is_manager || $is_import || $is_helix ]]; then
 		set_progress_str 20 'Accepting Salt key'
-		salt-key -ya "$MINION_ID" >> $setup_log 2>&1
+		retry 20 10 "salt-key -ya $MINION_ID" "going to be accepted"
 	fi
 
 	set_progress_str 21 'Copying minion pillars to manager'
@@ -842,7 +856,7 @@ if [[ -n $SO_ERROR ]]; then
 else 
 	echo "Successfully completed setup! Continuing with post-installation steps" >> $setup_log 2>&1
 	{
-		[ -n "$TESTING" ] && logCmd so-test
+		[[ -n "$TESTING" ]] && logCmd so-test
 
 		export percentage=95 # set to last percentage used in previous subshell
 		if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then