Merge pull request #10995 from Security-Onion-Solutions/fix/desktop

Fix/desktop

salt/common/tools/sbin_jinja/so-desktop-install

@@ -5,15 +5,15 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
+source /usr/sbin/so-common
+doc_desktop_url="$DOC_BASE_URL/desktop.html"
 
-{# we only want the script to install the desktop if it is Rocky -#}
+{# we only want the script to install the desktop if it is OEL -#}
-{% if grains.os == 'Rocky' -%}
+{% if grains.os == 'OEL' -%}
 {#   if this is a manager -#}
 {%   if grains.master == grains.id.split('_')|first -%}
 
-source /usr/sbin/so-common
+pillar_file="/opt/so/saltstack/local/pillar/minions/adv_{{grains.id}}.sls"
-doc_desktop_url="$DOC_BASE_URL/desktop.html"
-pillar_file="/opt/so/saltstack/local/pillar/minions/{{grains.id}}.sls"
 
 if [ -f "$pillar_file" ]; then
   if ! grep -q "^desktop:$" "$pillar_file"; then
@@ -65,7 +65,7 @@ if [ -f "$pillar_file" ]; then
     fi
   else # desktop is already added
     echo "The desktop pillar already exists in $pillar_file."
-    echo "To enable/disable the gui, set 'desktop:gui:enabled' to true or false in $pillar_file."
+    echo "To enable/disable the gui, set 'desktop:gui:enabled' to true or false in $pillar_file. Alternatively, this can be set in the SOC UI under advanced."
     echo "Additional documentation can be found at $doc_desktop_url."
   fi
 else # if the pillar file doesn't exist
@@ -75,17 +75,22 @@ fi
 {#-  if this is not a manager #}
 {%   else -%}
 
-echo "Since this is not a manager, the pillar values to enable Security Onion Desktop must be set manually. Please view the documentation at $doc_desktop_url."
+echo "Since this is not a manager, the pillar values to enable Security Onion Desktop must be set manually. This can be enabled in the SOC UI under advanced by adding the following:"
+echo "desktop:"
+echo "  gui:"
+echo "    enabled: true"
+echo ""
+echo "Please view the documentation at $doc_desktop_url."
 
 {#- endif if this is a manager #}
 {%   endif -%}
 
-{#- if not Rocky #}
+{#- if not OEL #}
 {%- else %}
 
-echo "The Security Onion Desktop can only be installed on Rocky Linux. Please view the documentation at $doc_desktop_url."
+echo "The Security Onion Desktop can only be installed on Oracle Linux. Please view the documentation at $doc_desktop_url."
 
-{#- endif grains.os == Rocky #}
+{#- endif grains.os == OEL #}
 {% endif -%}
 
 exit 0

salt/desktop/packages.sls

@@ -3,7 +3,6 @@
 {# we only want this state to run it is CentOS #}
 {% if GLOBALS.os == 'OEL' %}
 
-
 desktop_packages:
   pkg.installed:
     - pkgs:

salt/desktop/trusted-ca.sls

@@ -31,6 +31,6 @@ update_ca_certs:
 
 desktop_trusted-ca_os_fail:
   test.fail_without_changes:
-    - comment: 'SO Desktop can only be installed on CentOS'
+    - comment: 'SO Desktop can only be installed on Oracle Linux'
 
 {% endif %}

salt/firewall/defaults.yaml

@@ -20,13 +20,12 @@ firewall:
     managersearch: []
     receiver: []
     searchnode: []
-    securityonion_desktop: []
     self: []
     sensor: []
     standalone: []
     strelka_frontend: []
     syslog: []
-    workstation: []
+    desktop: []
     customhostgroup0: []
     customhostgroup1: []
     customhostgroup2: []
@@ -462,7 +461,7 @@ firewall:
             endgame:
               portgroups:
                 - endgame
-            workstation:
+            desktop:
               portgroups:
                 - yum
             customhostgroup0:
@@ -514,7 +513,7 @@ firewall:
             receiver:
               portgroups:
                 - salt_manager
-            workstation:
+            desktop:
               portgroups:
                 - salt_manager
             self:
@@ -650,7 +649,7 @@ firewall:
             endgame:
               portgroups:
                 - endgame
-            workstation:
+            desktop:
               portgroups:
                 - yum
             customhostgroup0:
@@ -702,7 +701,7 @@ firewall:
             receiver:
               portgroups:
                 - salt_manager
-            workstation:
+            desktop:
               portgroups:
                 - salt_manager
             self:
@@ -846,7 +845,7 @@ firewall:
             strelka_frontend:
               portgroups:
                 - strelka_frontend
-            workstation:
+            desktop:
               portgroups:
                 - yum
             customhostgroup0:
@@ -901,7 +900,7 @@ firewall:
             receiver:
               portgroups:
                 - salt_manager
-            workstation:
+            desktop:
               portgroups:
                 - salt_manager
             self:
@@ -1200,7 +1199,7 @@ firewall:
             analyst:
               portgroups:
                 - nginx
-            workstation:
+            desktop:
               portgroups:
                 - yum
             customhostgroup0:

salt/firewall/soc_firewall.yaml

@@ -39,13 +39,12 @@ firewall:
     managersearch: *hostgroupsettings
     receiver: *hostgroupsettings
     searchnode: *hostgroupsettings
-    securityonion_desktop: *hostgroupsettings
     self: *ROhostgroupsettingsadv
     sensor: *hostgroupsettings
     standalone: *hostgroupsettings
     strelka_frontend: *hostgroupsettings
     syslog: *hostgroupsettings
-    workstation: *hostgroupsettings
+    desktop: *hostgroupsettings
     customhostgroup0: &customhostgroupsettings
       description: List of IP or CIDR blocks to allow to this hostgroup.
       forcedType: "[]string"
@@ -216,7 +215,7 @@ firewall:
               portgroups: *portgroupsdocker
             analyst:
               portgroups: *portgroupsdocker
-            workstation:
+            desktop:
               portgroups: *portgroupsdocker
             customhostgroup0:
               portgroups: *portgroupsdocker
@@ -366,7 +365,7 @@ firewall:
               portgroups: *portgroupsdocker
             analyst:
               portgroups: *portgroupsdocker
-            workstation:
+            desktop:
               portgroups: *portgroupsdocker
             customhostgroup0:
               portgroups: *portgroupsdocker
@@ -404,7 +403,7 @@ firewall:
               portgroups: *portgroupshost
             heavynode:
               portgroups: *portgroupshost
-            workstation:
+            desktop:
               portgroups: *portgroupshost
             customhostgroup0:
               portgroups: *portgroupshost
@@ -457,7 +456,7 @@ firewall:
               portgroups: *portgroupsdocker
             analyst:
               portgroups: *portgroupsdocker
-            workstation:
+            desktop:
               portgroups: *portgroupsdocker
             customhostgroup0:
               portgroups: *portgroupsdocker
@@ -495,7 +494,7 @@ firewall:
               portgroups: *portgroupshost
             heavynode:
               portgroups: *portgroupshost
-            workstation:
+            desktop:
               portgroups: *portgroupshost
             customhostgroup0:
               portgroups: *portgroupshost
@@ -554,7 +553,7 @@ firewall:
               portgroups: *portgroupsdocker
             analyst:
               portgroups: *portgroupsdocker
-            workstation:
+            desktop:
               portgroups: *portgroupsdocker
             customhostgroup0:
               portgroups: *portgroupsdocker
@@ -596,7 +595,7 @@ firewall:
               portgroups: *portgroupshost
             heavynode:
               portgroups: *portgroupshost
-            workstation:
+            desktop:
               portgroups: *portgroupshost
             customhostgroup0:
               portgroups: *portgroupshost
@@ -822,7 +821,7 @@ firewall:
               portgroups: *portgroupsdocker
             analyst:
               portgroups: *portgroupsdocker
-            workstation:
+            desktop:
               portgroups: *portgroupsdocker
             customhostgroup0:
               portgroups: *portgroupsdocker

salt/manager/tools/sbin/so-firewall-minion

@@ -79,7 +79,7 @@ fi
 		'RECEIVER')
 			so-firewall includehost receiver "$IP" --apply
 			;;
-		'WORKSTATION')
+		'DESKTOP')
-			so-firewall includehost workstation "$IP" --apply
+			so-firewall includehost desktop "$IP" --apply
 			;;
     esac

salt/top.sls

@@ -277,10 +277,10 @@ base:
     - schedule
     - docker_clean
 
-  'J@desktop:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )':
+  'J@desktop:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:OEL )':
     - match: compound
     - desktop
 
-  'J@desktop:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )':
+  'J@desktop:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:OEL )':
     - match: compound
     - desktop.remove_gui

setup/so-functions

@@ -117,7 +117,7 @@ desktop_pillar() {
 		"  mainint: '$MNIC'"\
 		"desktop:"\
 		"  gui:"\
-		"    enabled: true" >> "$pillar_file"\
+		"    enabled: true"\
 		"sensoroni:"\
 		"  config:"\
 		"    node_description: '${NODE_DESCRIPTION//\'/''}'" > $pillar_file