diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 551cff0ac..53c8664d2 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -210,7 +210,7 @@ gpg_rpm_import() { rpm --import $RPMKEYSLOC/$RPMKEY echo "Imported $RPMKEY" done - else + elif [[ $is_rpm ]]; then info "Importing the security onion GPG key" rpm --import ../salt/repo/client/files/oracle/keys/securityonion.pub fi diff --git a/setup/so-functions b/setup/so-functions index de2e5cd40..491b2563a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1054,12 +1054,8 @@ installer_prereq_packages() { if ! command -v nmcli > /dev/null 2>&1; then info "Installing network-manager" retry 150 10 "apt-get -y install network-manager ethtool" >> "$setup_log" 2>&1 || fail_setup - if [[ $is_debian ]]; then - info "Enabling network manager for the main interface" - logCmd "sed -i 's/managed=false/managed=true/g' /etc/NetworkManager/NetworkManager.conf" - fi - logCmd systemctl enable NetworkManager - logCmd systemctl start NetworkManager + logCmd "systemctl enable NetworkManager" + logCmd "systemctl start NetworkManager" fi if ! command -v curl > /dev/null 2>&1; then retry 150 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || fail_setup diff --git a/setup/so-setup b/setup/so-setup index b696b6f7b..47b9416ea 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -86,6 +86,16 @@ if [[ $not_supported ]]; then fi fi +# we need to upgrade packages on debian prior to install and reboot if there are due to iptables-restore not running properly +# if packages are updated and the box isn't rebooted +if [[ $is_debian ]]; then + update_packages + if [[ -f "/var/run/reboot-required" ]]; then + whiptail_debian_reboot_required + reboot + fi +fi + # Check to see if this is the setup type of "desktop". is_desktop= if [ "$setup_type" = 'desktop' ]; then @@ -459,7 +469,6 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_sensor ]]; then info "Setting up as node type sensor" - installer_prereq_packages monints=true check_requirements "sensor" calculate_useable_cores @@ -489,7 +498,6 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_searchnode ]]; then info "Setting up as node type searchnode" - installer_prereq_packages check_requirements "elasticsearch" networking_needful check_network_manager_conf @@ -503,7 +511,6 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_heavynode ]]; then info "Setting up as node type heavynode" - installer_prereq_packages monints=true check_requirements "heavynode" calculate_useable_cores @@ -520,7 +527,6 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_idh ]]; then info "Setting up as node type idh" - installer_prereq_packages check_requirements "idh" networking_needful collect_mngr_hostname @@ -553,7 +559,6 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_receiver ]]; then info "Setting up as node type receiver" - installer_prereq_packages check_requirements "receiver" networking_needful collect_mngr_hostname diff --git a/setup/so-whiptail b/setup/so-whiptail index 3c5a2504e..4e9ccea60 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -27,6 +27,23 @@ whiptail_airgap() { fi } +whiptail_debian_reboot_required() { + + [ -n "$TESTING" ] && return + + read -r -d '' message <<- EOM + + Packages were upgraded and a reboot is required prior to Security Onion installation. + + Once the reboot has completed, rerun Security Onion setup. + + Press TAB and then the ENTER key to reboot the system. + + EOM + + whiptail --title "$whiptail_title" --msgbox "$message" 24 75 --scrolltext +} + whiptail_desktop_install() { [ -n "$TESTING" ] && return