From 3c855ed793918385220270d7514525e52e9ee51f Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Fri, 17 Jul 2020 15:38:14 -0400
Subject: [PATCH 1/5] [fix] Set $percentage since it only exists in previous
 subshell

---
 setup/so-setup | 1 +
 1 file changed, 1 insertion(+)

diff --git a/setup/so-setup b/setup/so-setup
index b0aabbb89..978a3b665 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -631,6 +631,7 @@ if [[ -n $SO_ERROR ]]; then
 	whiptail_setup_failed
 else 
 	{
+		export percentage=95 # set to last percentage used in previous subshell
 		if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then 
 			set_progress_str 98 "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}"
 			IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1

From 2e2bcfb3b7e26e1e546e104f292526ddb85a3ad3 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Fri, 17 Jul 2020 17:33:36 -0400
Subject: [PATCH 2/5] Fix functions so pillars are correct

---
 setup/so-functions | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/setup/so-functions b/setup/so-functions
index 7493b3f0d..fe0ea8cb5 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -987,11 +987,7 @@ manager_pillar() {
 		"    ruleset: $RULESETUP"\
 		"    oinkcode: $OINKCODE"\
 		"    url:"\
-		"  sids:"\
-		"    enabled:"\
-		"    disabled:"\
-		"    modify:"\
-		""
+		""\
 		"kratos:" >> "$pillar_file"
 		
 

From aaca5c7ff2adb8f97d981a1bdfd0b94c68cfff70 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Fri, 17 Jul 2020 17:35:16 -0400
Subject: [PATCH 3/5] Update rulecat.conf

---
 salt/idstools/etc/rulecat.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf
index 59a5ccda5..b671d036e 100644
--- a/salt/idstools/etc/rulecat.conf
+++ b/salt/idstools/etc/rulecat.conf
@@ -1,4 +1,4 @@
-{% set URLS = salt['pillar.get']('idstools:config:urls') -%}
+{% set URLS = salt['pillar.get']('idstools:config:urls, {}') -%}
 {% set RULESET = salt['pillar.get']('idstools:config:ruleset') -%}
 {% set OINKCODE = salt['pillar.get']('idstools:config:oinkcode') -%}
 --suricata-version=5.0
@@ -16,4 +16,4 @@
 {%- endif %}
 {%- for URL in URLS %}
 --url={{ URL }}
-{%- endfor %}
\ No newline at end of file
+{%- endfor %}

From b75487dc743201c0f7a48bbfa2f03878ca8481a1 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Fri, 17 Jul 2020 17:36:13 -0400
Subject: [PATCH 4/5] Update so-functions

---
 setup/so-functions | 1 -
 1 file changed, 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index fe0ea8cb5..175471bd2 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -986,7 +986,6 @@ manager_pillar() {
 		"  config:"\
 		"    ruleset: $RULESETUP"\
 		"    oinkcode: $OINKCODE"\
-		"    url:"\
 		""\
 		"kratos:" >> "$pillar_file"
 		

From 23420ace560ce032608ddd4582699926e81b79f8 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Sat, 18 Jul 2020 08:36:01 -0400
Subject: [PATCH 5/5] Prevent nmcli, setterm, and echo output from leaking to
 console and crontab output

---
 setup/so-functions | 16 ++++++++--------
 setup/so-setup     |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/setup/so-functions b/setup/so-functions
index 175471bd2..cee4a84fd 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -522,7 +522,7 @@ configure_network_sensor() {
 
 	# Create the bond interface only if it doesn't already exist
 	
-	nmcli -f name,uuid -p con | grep -q "$INTERFACE"
+	nmcli -f name,uuid -p con | grep -q "$INTERFACE" >> "$setup_log" 2>&1
 	local found_int=$?
 
 	if [[ $found_int != 0 ]]; then
@@ -561,7 +561,7 @@ configure_network_sensor() {
 			nmcli con up "$BNIC" >> "$setup_log" 2>&1
 		else
 			# Check if the bond slave connection has already been created
-			nmcli -f name,uuid -p con | grep -q "bond0-slave-$BNIC"
+			nmcli -f name,uuid -p con | grep -q "bond0-slave-$BNIC" >> "$setup_log" 2>&1
 			local found_int=$?
 			
 			if [[ $found_int != 0 ]]; then
@@ -588,7 +588,7 @@ configure_network_sensor() {
 }
 
 detect_cloud() {
-  echo "Testing if setup is running on a cloud instance..."
+  echo "Testing if setup is running on a cloud instance..." >> "$setup_log" 2>&1
   if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || ( dmidecode -s bios-vendor | grep -q Google > /dev/null); then export is_cloud="true"; fi
 }
 
@@ -609,7 +609,7 @@ detect_os() {
 			exit 1
 		fi
 
-		echo "Installing required packages to run installer..."
+		echo "Installing required packages to run installer..." >> "$setup_log" 2>&1
 		# Install bind-utils so the host command exists
 		if ! command -v host > /dev/null 2>&1; then
 			yum -y install bind-utils >> "$setup_log" 2>&1
@@ -1634,8 +1634,8 @@ set_initial_firewall_policy() {
 set_management_interface() {
 
 	if [ "$address_type" = 'DHCP' ]; then
-		nmcli con mod "$MNIC" connection.autoconnect yes
-		nmcli con up "$MNIC"
+		nmcli con mod "$MNIC" connection.autoconnect yes >> "$setup_log" 2>&1
+		nmcli con up "$MNIC" >> "$setup_log" 2>&1
 	else
 		# Set Static IP
 		nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\
@@ -1643,8 +1643,8 @@ set_management_interface() {
 			ipv4.dns "$MDNS"\
 			ipv4.dns-search "$MSEARCH"\
 			connection.autoconnect yes\
-			ipv4.method manual
-		nmcli con up "$MNIC"
+			ipv4.method manual >> "$setup_log" 2>&1
+		nmcli con up "$MNIC" >> "$setup_log" 2>&1
 	fi
 }
 
diff --git a/setup/so-setup b/setup/so-setup
index 978a3b665..b9a19e9c6 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -118,7 +118,7 @@ if [ "$OS" == ubuntu ]; then
 	update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1
 fi
 
-setterm -blank 0
+setterm -blank 0 > /dev/null
 
 if [ "$setup_type" == 'iso' ] || (whiptail_you_sure); then
 	true