From 344dd7d61fac0c4802eed7baafa6f6c69ebb1381 Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Wed, 1 Nov 2023 16:50:20 -0400
Subject: [PATCH 1/4] Add Elastic Fleet reset script

---
 .../tools/sbin_jinja/so-elastic-fleet-reset   | 65 +++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 salt/manager/tools/sbin_jinja/so-elastic-fleet-reset

diff --git a/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset b/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset
new file mode 100644
index 000000000..197ea0912
--- /dev/null
+++ b/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset
@@ -0,0 +1,65 @@
+#!/bin/bash
+#
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+{% from 'vars/globals.map.jinja' import GLOBALS %}
+
+
+. /usr/sbin/so-common
+
+require_manager
+
+
+# Inform user we are about to remove Elastic Fleet data
+echo
+echo "This script will remove the current Elastic Fleet install & all of its data and rerun Elastic Fleet setup."
+echo
+echo "If you would like to proceed, please type "AGREE" and hit ENTER."
+echo
+# Read user input
+read INPUT
+if [ "$INPUT" != "AGREE" ] ; then exit 0; fi
+
+
+printf  "\nUninstalling all Elastic Agents on all Grid Nodes...\n\n"
+salt \* cmd.run "elastic-agent uninstall -f" queue=True
+
+printf  "\nStopping Fleet Container...\n"
+so-elastic-fleet-stop --force
+
+printf "\nDeleting Fleet Data from Pillars...\n"
+sed -i -z "s/elasticfleet:.*grid_enrollment_heavy.*'//" /opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls
+sed -i "/fleet_grid_enrollment_token_general.*/d" /opt/so/saltstack/local/pillar/global/soc_global.sls
+sed -i "/fleet_grid_enrollment_token_heavy.*/d" /opt/so/saltstack/local/pillar/global/soc_global.sls
+
+printf "\n\nDeleting Elastic Fleet data...\n\n"
+
+ALIASES=".fleet-servers .fleet-policies-leader .fleet-agents .fleet-artifacts .fleet-enrollment-api-keys .kibana_ingest"
+for ALIAS in ${ALIASES}
+do
+    # Get all concrete indices from alias
+    INDXS=$(curl -K /opt/so/conf/kibana/curl.config -s -k -L -H "Content-Type: application/json" "https://localhost:9200/_resolve/index/${ALIAS}"  | jq -r '.aliases[].indices[]')
+
+    # Delete all resolved indices
+    for INDX in ${INDXS}
+    do
+            printf "\nDeleting $INDX \n"
+            curl -K /opt/so/conf/kibana/curl.config -s -k -L -H "Content-Type: application/json" "https://localhost:9200/${INDX}" -XDELETE
+    done
+done
+
+printf "\n\nRestarting Kibana..\n"
+so-kibana-restart --force
+
+wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
+
+printf "\nStarting Elastic Fleet Setup...\n"
+so-elastic-fleet-setup
+
+
+printf  "\nRe-installing Elastic Agent on all Grid Nodes...\n\n"
+salt \* state.apply elasticfleet.install_agent_grid queue=True
+
+printf "\nElastic Fleet Reset complete....\n"
\ No newline at end of file

From c230cf4eb7c197b554bd43dfbb8af11dd8144300 Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Wed, 1 Nov 2023 17:00:32 -0400
Subject: [PATCH 2/4] Formatting

---
 salt/manager/tools/sbin_jinja/so-elastic-fleet-reset | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset b/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset
index 197ea0912..35f867884 100644
--- a/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset
+++ b/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset
@@ -16,7 +16,7 @@ require_manager
 echo
 echo "This script will remove the current Elastic Fleet install & all of its data and rerun Elastic Fleet setup."
 echo
-echo "If you would like to proceed, please type "AGREE" and hit ENTER."
+echo "If you would like to proceed, please type AGREE and hit ENTER."
 echo
 # Read user input
 read INPUT
@@ -50,7 +50,7 @@ do
     done
 done
 
-printf "\n\nRestarting Kibana..\n"
+printf "\n\nRestarting Kibana...\n"
 so-kibana-restart --force
 
 wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"

From 5388b92865bfc4c2903322ba5cadfcb54398932c Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Thu, 2 Nov 2023 10:20:32 -0400
Subject: [PATCH 3/4] Refactor & cleanup

---
 salt/common/tools/sbin/so-common              |  4 ++
 .../tools/sbin_jinja/so-elastic-fleet-setup   | 11 +++++
 .../tools/sbin_jinja/so-elastic-fleet-reset   | 44 +++++++++++++------
 setup/so-setup                                |  6 ++-
 4 files changed, 49 insertions(+), 16 deletions(-)

diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index bfa61f1b7..8089db28b 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -551,6 +551,10 @@ set_version() {
 	fi
 }
 
+status () {
+    printf "\n=========================================================================\n$(date) | $1\n=========================================================================\n"
+}
+
 systemctl_func() {
 	local action=$1
 	local echo_action=$1
diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup
index 83a155ae6..d908d1df7 100755
--- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup
+++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup
@@ -8,8 +8,19 @@
 
 INTCA=/etc/pki/tls/certs/intca.crt
 
+. /usr/sbin/so-common
 . /usr/sbin/so-elastic-fleet-common
 
+# Check to make sure that Kibana API is up & ready
+RETURN_CODE=0
+wait_for_web_response "http://localhost:5601/api/fleet/settings" "fleet" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
+RETURN_CODE=$?
+
+if [[ "$RETURN_CODE" != "0" ]]; then
+    printf "Kibana API not accessible, exiting Elastic Fleet setup..."
+    exit 1
+fi
+
 printf "\n### Create ES Token ###\n"
 ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5601/api/fleet/service_tokens" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' |  jq -r .value)
 
diff --git a/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset b/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset
index 35f867884..5a7be9e60 100644
--- a/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset
+++ b/salt/manager/tools/sbin_jinja/so-elastic-fleet-reset
@@ -11,30 +11,39 @@
 
 require_manager
 
-
 # Inform user we are about to remove Elastic Fleet data
 echo
 echo "This script will remove the current Elastic Fleet install & all of its data and rerun Elastic Fleet setup."
 echo
-echo "If you would like to proceed, please type AGREE and hit ENTER."
+echo "If you would like to proceed, type AGREE and hit ENTER."
 echo
 # Read user input
 read INPUT
-if [ "$INPUT" != "AGREE" ] ; then exit 0; fi
+if [ "${INPUT^^}" != 'AGREE' ]; then exit 0; fi
 
 
-printf  "\nUninstalling all Elastic Agents on all Grid Nodes...\n\n"
+status "Uninstalling all Elastic Agents on all Grid Nodes..."
 salt \* cmd.run "elastic-agent uninstall -f" queue=True
 
-printf  "\nStopping Fleet Container...\n"
+status "Stopping Fleet Container..."
 so-elastic-fleet-stop --force
 
-printf "\nDeleting Fleet Data from Pillars...\n"
+status "Deleting Fleet Data from Pillars..."
 sed -i -z "s/elasticfleet:.*grid_enrollment_heavy.*'//" /opt/so/saltstack/local/pillar/minions/{{ GLOBALS.minion_id }}.sls
 sed -i "/fleet_grid_enrollment_token_general.*/d" /opt/so/saltstack/local/pillar/global/soc_global.sls
 sed -i "/fleet_grid_enrollment_token_heavy.*/d" /opt/so/saltstack/local/pillar/global/soc_global.sls
 
-printf "\n\nDeleting Elastic Fleet data...\n\n"
+status "Deleting Elastic Fleet data..."
+
+# Check to make sure that Elasticsearch is up & ready
+RETURN_CODE=0
+wait_for_web_response "https://localhost:9200/_cat/indices/.kibana*" "green open" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
+RETURN_CODE=$?
+
+if [[ "$RETURN_CODE" != "0" ]]; then
+    status "Elasticsearch not accessible, exiting script..."
+    exit 1
+fi
 
 ALIASES=".fleet-servers .fleet-policies-leader .fleet-agents .fleet-artifacts .fleet-enrollment-api-keys .kibana_ingest"
 for ALIAS in ${ALIASES}
@@ -45,21 +54,28 @@ do
     # Delete all resolved indices
     for INDX in ${INDXS}
     do
-            printf "\nDeleting $INDX \n"
+            status "Deleting $INDX"
             curl -K /opt/so/conf/kibana/curl.config -s -k -L -H "Content-Type: application/json" "https://localhost:9200/${INDX}" -XDELETE
     done
 done
 
-printf "\n\nRestarting Kibana...\n"
+status "Restarting Kibana..."
 so-kibana-restart --force
 
-wait_for_web_response "http://localhost:5601/app/kibana" "Elastic" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
+status "Checking to make sure that Kibana API is up & ready..."
+RETURN_CODE=0
+wait_for_web_response "http://localhost:5601/api/fleet/settings" "fleet" 300 "curl -K /opt/so/conf/elasticsearch/curl.config"
+RETURN_CODE=$?
 
-printf "\nStarting Elastic Fleet Setup...\n"
+if [[ "$RETURN_CODE" != "0" ]]; then
+    status "Kibana API not accessible, exiting script..."
+    exit 1
+fi
+
+status "Starting Elastic Fleet Setup..."
 so-elastic-fleet-setup
 
-
-printf  "\nRe-installing Elastic Agent on all Grid Nodes...\n\n"
+status "Re-installing Elastic Agent on all Grid Nodes..."
 salt \* state.apply elasticfleet.install_agent_grid queue=True
 
-printf "\nElastic Fleet Reset complete....\n"
\ No newline at end of file
+status "Elastic Fleet Reset complete...."
\ No newline at end of file
diff --git a/setup/so-setup b/setup/so-setup
index 543ac0156..2ea2809d5 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -768,8 +768,10 @@ if ! [[ -f $install_opt_file ]]; then
 		info "Restarting SOC to pick up initial user"
 		logCmd "so-soc-restart"
 		title "Setting up Elastic Fleet"
-		logCmd "salt-call state.apply elasticfleet.config"
-        	logCmd "so-elastic-fleet-setup"
+		logCmd "salt-call state.apply elasticfleet.config"	
+		if ! logCmd so-setup-elastic-fleet; then
+			fail_setup
+		fi
 		if [[ ! $is_import ]]; then
 			title "Setting up Playbook"
 			logCmd "so-playbook-reset"

From 2c0e287f8c320f3d0f1d800a0916e90d59a93ca7 Mon Sep 17 00:00:00 2001
From: Josh Brower <josh@defensivedepth.com>
Date: Thu, 2 Nov 2023 10:34:24 -0400
Subject: [PATCH 4/4] Fix name

---
 setup/so-setup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-setup b/setup/so-setup
index 2ea2809d5..26955b893 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -769,7 +769,7 @@ if ! [[ -f $install_opt_file ]]; then
 		logCmd "so-soc-restart"
 		title "Setting up Elastic Fleet"
 		logCmd "salt-call state.apply elasticfleet.config"	
-		if ! logCmd so-setup-elastic-fleet; then
+		if ! logCmd so-elastic-fleet-setup; then
 			fail_setup
 		fi
 		if [[ ! $is_import ]]; then