CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into fix/idstools

Browse Source
This commit is contained in:
Mike Reeves
2020-07-18 17:32:54 -04:00
committed by GitHub
parent 3de2afe618 23420ace56
commit 16906b8361
3 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/idstools/etc/rulecat.conf
View File

@@ -10,7 +10,7 @@
{%- if RULESET == 'ETOPEN' %}
--etopen
{%- elif RULESET == 'ETPRO' %}
--etpro={{ OINCODE }}
--etpro={{ OINKCODE }}
{%- elif RULESET == 'TALOS' %}
--url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }}
{%- endif %}

16
setup/so-functions
View File

@@ -522,7 +522,7 @@ configure_network_sensor() {
# Create the bond interface only if it doesn't already exist
nmcli -f name,uuid -p con | grep -q "$INTERFACE"
nmcli -f name,uuid -p con | grep -q "$INTERFACE" >> "$setup_log" 2>&1
local found_int=$?
if [[ $found_int != 0 ]]; then
@@ -561,7 +561,7 @@ configure_network_sensor() {
nmcli con up "$BNIC" >> "$setup_log" 2>&1
else
# Check if the bond slave connection has already been created
nmcli -f name,uuid -p con | grep -q "bond0-slave-$BNIC"
nmcli -f name,uuid -p con | grep -q "bond0-slave-$BNIC" >> "$setup_log" 2>&1
local found_int=$?
if [[ $found_int != 0 ]]; then
@@ -588,7 +588,7 @@ configure_network_sensor() {
}
detect_cloud() {
echo "Testing if setup is running on a cloud instance..."
echo "Testing if setup is running on a cloud instance..." >> "$setup_log" 2>&1
if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || ( dmidecode -s bios-vendor | grep -q Google > /dev/null); then export is_cloud="true"; fi
}
@@ -609,7 +609,7 @@ detect_os() {
exit 1
fi
echo "Installing required packages to run installer..."
echo "Installing required packages to run installer..." >> "$setup_log" 2>&1
# Install bind-utils so the host command exists
if ! command -v host > /dev/null 2>&1; then
yum -y install bind-utils >> "$setup_log" 2>&1
@@ -1641,8 +1641,8 @@ set_initial_firewall_policy() {
set_management_interface() {
if [ "$address_type" = 'DHCP' ]; then
nmcli con mod "$MNIC" connection.autoconnect yes
nmcli con up "$MNIC"
nmcli con mod "$MNIC" connection.autoconnect yes >> "$setup_log" 2>&1
nmcli con up "$MNIC" >> "$setup_log" 2>&1
else
# Set Static IP
nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\
@@ -1650,8 +1650,8 @@ set_management_interface() {
ipv4.dns "$MDNS"\
ipv4.dns-search "$MSEARCH"\
connection.autoconnect yes\
ipv4.method manual
nmcli con up "$MNIC"
ipv4.method manual >> "$setup_log" 2>&1
nmcli con up "$MNIC" >> "$setup_log" 2>&1
fi
}

3
setup/so-setup
View File

@@ -118,7 +118,7 @@ if [ "$OS" == ubuntu ]; then
update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1
fi
setterm -blank 0
setterm -blank 0 > /dev/null
if [ "$setup_type" == 'iso' ] || (whiptail_you_sure); then
true
@@ -631,6 +631,7 @@ if [[ -n $SO_ERROR ]]; then
whiptail_setup_failed
else
{
export percentage=95 # set to last percentage used in previous subshell
if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then
set_progress_str 98 "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}"
IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1