Merge remote-tracking branch 'origin/2.4/dev' into iptables

salt/common/tools/sbin/so-common

@@ -210,7 +210,7 @@ gpg_rpm_import() {
     	        rpm --import $RPMKEYSLOC/$RPMKEY
 	        echo "Imported $RPMKEY"
 	    done
-	else
+	elif [[ $is_rpm ]]; then
 		info "Importing the security onion GPG key"
 		rpm --import ../salt/repo/client/files/oracle/keys/securityonion.pub
 	fi

setup/so-functions

@@ -1054,12 +1054,8 @@ installer_prereq_packages() {
 		if ! command -v nmcli > /dev/null 2>&1; then
 			info "Installing network-manager"
 			retry 150 10 "apt-get -y install network-manager ethtool" >> "$setup_log" 2>&1 || fail_setup
-			if [[ $is_debian ]]; then
+			logCmd "systemctl enable NetworkManager"
-				info "Enabling network manager for the main interface"
+			logCmd "systemctl start NetworkManager"
-				logCmd "sed -i 's/managed=false/managed=true/g' /etc/NetworkManager/NetworkManager.conf" 
-			fi
-			logCmd systemctl enable NetworkManager
-			logCmd systemctl start NetworkManager			
 		fi
 		if ! command -v curl > /dev/null 2>&1; then
 			retry 150 10 "apt-get -y install curl"  >> "$setup_log" 2>&1 || fail_setup

setup/so-setup

@@ -86,6 +86,16 @@ if [[ $not_supported ]]; then
 	fi
 fi
 
+# we need to upgrade packages on debian prior to install and reboot if there are due to iptables-restore not running properly
+# if packages are updated and the box isn't rebooted
+if [[ $is_debian ]]; then
+	update_packages
+	if [[ -f "/var/run/reboot-required" ]]; then
+		whiptail_debian_reboot_required
+		reboot
+	fi
+fi
+
 # Check to see if this is the setup type of "desktop".
 is_desktop=
 if [ "$setup_type" = 'desktop' ]; then
@@ -459,7 +469,6 @@ if ! [[ -f $install_opt_file ]]; then
 		whiptail_end_settings
 	elif [[ $is_sensor ]]; then
 		info "Setting up as node type sensor"
-		installer_prereq_packages
 		monints=true
 		check_requirements "sensor"
 		calculate_useable_cores
@@ -489,7 +498,6 @@ if ! [[ -f $install_opt_file ]]; then
 
 	elif [[ $is_searchnode ]]; then
 		info "Setting up as node type searchnode"
-		installer_prereq_packages
 		check_requirements "elasticsearch"
 		networking_needful
 		check_network_manager_conf
@@ -503,7 +511,6 @@ if ! [[ -f $install_opt_file ]]; then
 
 	elif [[ $is_heavynode ]]; then
 		info "Setting up as node type heavynode"
-		installer_prereq_packages
 		monints=true
 		check_requirements "heavynode"
 		calculate_useable_cores
@@ -520,7 +527,6 @@ if ! [[ -f $install_opt_file ]]; then
 
 	elif [[ $is_idh ]]; then
 		info "Setting up as node type idh"
-		installer_prereq_packages
 		check_requirements "idh"
 		networking_needful
 		collect_mngr_hostname
@@ -553,7 +559,6 @@ if ! [[ -f $install_opt_file ]]; then
 
 	elif [[ $is_receiver ]]; then
 		info "Setting up as node type receiver"
-		installer_prereq_packages
 		check_requirements "receiver"
 		networking_needful
 		collect_mngr_hostname

setup/so-whiptail

@@ -27,6 +27,23 @@ whiptail_airgap() {
 	fi
 }
 
+whiptail_debian_reboot_required() {
+
+	[ -n "$TESTING" ] && return
+
+	read -r -d '' message <<- EOM
+
+	Packages were upgraded and a reboot is required prior to Security Onion installation.
+
+	Once the reboot has completed, rerun Security Onion setup.
+
+	Press TAB and then the ENTER key to reboot the system.
+
+	EOM
+
+	whiptail --title "$whiptail_title" --msgbox "$message" 24 75 --scrolltext
+}
+
 whiptail_desktop_install() {
 
 	[ -n "$TESTING" ] && return