From ef3c5d1fe03654e6e9b7bd9eabafa175d7c584dd Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 13 Jul 2020 11:31:37 -0400 Subject: [PATCH 1/4] fix patch pillar, select patch hours on 1 screen --- setup/so-whiptail | 71 +++++++++++++++++++++-------------------------- 1 file changed, 32 insertions(+), 39 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 4d3d72c40..943b91f16 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -892,50 +892,43 @@ whiptail_patch_schedule_select_days() { } whiptail_patch_schedule_select_hours() { - - [ -n "$TESTING" ] && return - # Select the hours to patch - PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \ - "At which time, UTC, do you want to apply OS patches on the selected days? Hours 12 through 23 can be selected on the next screen." 22 75 13 \ - 00:00 "" OFF \ - 01:00 "" OFF \ - 02:00 "" OFF \ - 03:00 "" OFF \ - 04:00 "" OFF \ - 05:00 "" OFF \ - 06:00 "" OFF \ - 07:00 "" OFF \ - 08:00 "" OFF \ - 09:00 "" OFF \ - 10:00 "" OFF \ - 11:00 "" OFF 3>&1 1>&2 2>&3 ) + [ -n "$TESTING" ] && return - local exitstatus=$? - whiptail_check_exitstatus $exitstatus + # Select the hours to patch + PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \ + "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \ + 00:00 "" OFF \ + 01:00 "" OFF \ + 02:00 "" ON \ + 03:00 "" OFF \ + 04:00 "" OFF \ + 05:00 "" OFF \ + 06:00 "" OFF \ + 07:00 "" OFF \ + 08:00 "" OFF \ + 09:00 "" OFF \ + 10:00 "" OFF \ + 11:00 "" OFF \ + 12:00 "" OFF \ + 13:00 "" OFF \ + 14:00 "" OFF \ + 15:00 "" OFF \ + 16:00 "" OFF \ + 17:00 "" OFF \ + 18:00 "" OFF \ + 19:00 "" OFF \ + 20:00 "" OFF \ + 21:00 "" OFF \ + 22:00 "" OFF \ + 23:00 "" OFF 3>&1 1>&2 2>&3) - # Select the hours to patch - PATCHSCHEDULEHOURS+=$(whiptail --title "Security Onion Setup" --checklist \ - "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \ - 12:00 "" OFF \ - 13:00 "" OFF \ - 14:00 "" OFF \ - 15:00 "" ON \ - 16:00 "" OFF \ - 17:00 "" OFF \ - 18:00 "" OFF \ - 19:00 "" OFF \ - 20:00 "" OFF \ - 21:00 "" OFF \ - 22:00 "" OFF \ - 23:00 "" OFF 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus - local exitstatus=$? - whiptail_check_exitstatus $exitstatus + PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"') - PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"') - - IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS" + IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS" } From 59c00057b14cf253af5bd7b084b49573a107ac23 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 13 Jul 2020 11:34:30 -0400 Subject: [PATCH 2/4] fix patch pillar, select patch hours on 1 screen --- setup/so-whiptail | 64 +++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 943b91f16..17a75504a 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -893,42 +893,42 @@ whiptail_patch_schedule_select_days() { whiptail_patch_schedule_select_hours() { - [ -n "$TESTING" ] && return + [ -n "$TESTING" ] && return - # Select the hours to patch - PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \ - "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \ - 00:00 "" OFF \ - 01:00 "" OFF \ - 02:00 "" ON \ - 03:00 "" OFF \ - 04:00 "" OFF \ - 05:00 "" OFF \ - 06:00 "" OFF \ - 07:00 "" OFF \ - 08:00 "" OFF \ - 09:00 "" OFF \ - 10:00 "" OFF \ - 11:00 "" OFF \ - 12:00 "" OFF \ - 13:00 "" OFF \ - 14:00 "" OFF \ - 15:00 "" OFF \ - 16:00 "" OFF \ - 17:00 "" OFF \ - 18:00 "" OFF \ - 19:00 "" OFF \ - 20:00 "" OFF \ - 21:00 "" OFF \ - 22:00 "" OFF \ - 23:00 "" OFF 3>&1 1>&2 2>&3) + # Select the hours to patch + PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \ + "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \ + 00:00 "" OFF \ + 01:00 "" OFF \ + 02:00 "" ON \ + 03:00 "" OFF \ + 04:00 "" OFF \ + 05:00 "" OFF \ + 06:00 "" OFF \ + 07:00 "" OFF \ + 08:00 "" OFF \ + 09:00 "" OFF \ + 10:00 "" OFF \ + 11:00 "" OFF \ + 12:00 "" OFF \ + 13:00 "" OFF \ + 14:00 "" OFF \ + 15:00 "" OFF \ + 16:00 "" OFF \ + 17:00 "" OFF \ + 18:00 "" OFF \ + 19:00 "" OFF \ + 20:00 "" OFF \ + 21:00 "" OFF \ + 22:00 "" OFF \ + 23:00 "" OFF 3>&1 1>&2 2>&3) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus + local exitstatus=$? + whiptail_check_exitstatus $exitstatus - PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"') + PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"') - IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS" + IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS" } From 55869c4f81a8e60a3913106a74fa9432f12736c5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 13 Jul 2020 14:25:10 -0400 Subject: [PATCH 3/4] Fix username so install works properly from ISO --- setup/so-functions | 13 +++++++++---- setup/so-setup | 3 +++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 9885c48ff..66dc20ebd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -659,10 +659,10 @@ detect_os() { disable_auto_start() { # Remove the automated setup script from crontab, if it exists - crontab -u $USER -r + crontab -u $INSTALLUSERNAME -r # Truncate last line of the bash profile - sed -i '$ d' /home/$USER/.bash_profile + sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile } @@ -1156,6 +1156,11 @@ elasticsearch_pillar() { cat "$pillar_file" >> "$setup_log" 2>&1 } +parse_install_username() { + # parse out the install username so things copy correctly + INSTALLUSERNAME=$(pwd | sed -E 's/\// /g' | awk '{ print $2 }') +} + patch_pillar() { local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls @@ -1420,8 +1425,8 @@ setup_salt_master_dirs() { # Copy over the salt code and templates if [ "$setup_type" = 'iso' ]; then - rsync -avh --exclude 'TRANS.TBL' /home/$USER/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 - rsync -avh --exclude 'TRANS.TBL' /home/$USER/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 + rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 + rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 else cp -R ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 cp -R ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 diff --git a/setup/so-setup b/setup/so-setup index a0e545b92..2d2275f5f 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -47,6 +47,9 @@ while [[ $# -gt 0 ]]; do done # Begin Installation pre-processing +parse_install_username +echo "Installing as the $INSTALLUSERNAME user." >> $setup_log 2>&1 + echo "---- Starting setup at $(date -u) ----" >> $setup_log 2>&1 automated=no From 00f178197c01d3d80aee2b14bfbe418742bfcb6a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 13 Jul 2020 14:34:11 -0400 Subject: [PATCH 4/4] [fix] Evaluate $success early to avoid checking against other output --- setup/so-setup | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 2d2275f5f..31baf3deb 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -620,11 +620,13 @@ fi success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}') +if [[ $success != 0 ]]; then SO_ERROR=1; fi # evaluate success first so it doesn't check against the output of so-allow + if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 fi -if [[ $success != 0 || $SO_ERROR == 1 ]]; then +if [[ -n $SO_ERROR ]]; then SKIP_REBOOT=1 whiptail_setup_failed else