mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-13 04:32:48 +01:00
[fix] Double quote variables + fix indents
This commit is contained in:
William Wernert
@@ -16,18 +16,18 @@
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
SCRIPTDIR=$(dirname "$0")
|
||||
source $SCRIPTDIR/so-whiptail
|
||||
source "$SCRIPTDIR/so-whiptail"
|
||||
SOVERSION=1.2.1
|
||||
|
||||
accept_salt_key_local() {
|
||||
echo "Accept the key locally on the master" >> $SETUPLOG 2>&1
|
||||
echo "Accept the key locally on the master" >> "$SETUPLOG" 2>&1
|
||||
# Accept the key locally on the master
|
||||
salt-key -ya $MINION_ID
|
||||
|
||||
}
|
||||
|
||||
accept_salt_key_remote() {
|
||||
echo "Accept the key remotely on the master" >> $SETUPLOG 2>&1
|
||||
echo "Accept the key remotely on the master" >> "$SETUPLOG" 2>&1
|
||||
# Delete the key just in case.
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo salt-key -d $MINION_ID -y
|
||||
salt-call state.apply ca
|
||||
@@ -35,6 +35,7 @@ accept_salt_key_remote() {
|
||||
|
||||
}
|
||||
|
||||
|
||||
add_admin_user() {
|
||||
|
||||
# Add an admin user with full sudo rights if this is an ISO install.
|
||||
@@ -44,7 +45,7 @@ add_admin_user() {
|
||||
}
|
||||
|
||||
add_master_hostfile() {
|
||||
echo "Checking if I can resolve master. If not add to hosts file" >> $SETUPLOG 2>&1
|
||||
echo "Checking if I can resolve master. If not add to hosts file" >> "$SETUPLOG" 2>&1
|
||||
# Pop up an input to get the IP address
|
||||
MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \
|
||||
"Enter your Master Server IP Address" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
|
||||
@@ -86,7 +87,7 @@ add_soremote_user_master() {
|
||||
}
|
||||
|
||||
add_socore_user_notmaster() {
|
||||
echo "Add socore user on non master" >> $SETUPLOG 2>&1
|
||||
echo "Add socore user on non master" >> "$SETUPLOG" 2>&1
|
||||
# Add socore user to the non master system. Probably not a bad idea to make system user
|
||||
groupadd --gid 939 socore
|
||||
$ADDUSER --uid 939 --gid 939 --home-dir /opt/so --no-create-home socore
|
||||
@@ -120,7 +121,7 @@ add_web_user() {
|
||||
secrets_pillar(){
|
||||
|
||||
if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
|
||||
echo "Creating Secrets Pillar" >> $SETUPLOG 2>&1
|
||||
echo "Creating Secrets Pillar" >> "$SETUPLOG" 2>&1
|
||||
mkdir -p /opt/so/saltstack/pillar
|
||||
echo "secrets:" >> /opt/so/saltstack/pillar/secrets.sls
|
||||
echo " mysql: $MYSQLPASS" >> /opt/so/saltstack/pillar/secrets.sls
|
||||
@@ -133,7 +134,7 @@ secrets_pillar(){
|
||||
|
||||
# Enable Bro Logs
|
||||
bro_logs_enabled() {
|
||||
echo "Enabling Bro Logs" >> $SETUPLOG 2>&1
|
||||
echo "Enabling Bro Logs" >> "$SETUPLOG" 2>&1
|
||||
|
||||
echo "brologs:" > pillar/brologs.sls
|
||||
echo " enabled:" >> pillar/brologs.sls
|
||||
@@ -235,15 +236,15 @@ check_network_manager_conf() {
|
||||
mv "$gmdconf" "${gmdconf}.bak"
|
||||
touch "$gmdconf"
|
||||
systemctl restart NetworkManager
|
||||
} >> $SETUPLOG 2>&1
|
||||
} >> "$SETUPLOG" 2>&1
|
||||
fi
|
||||
|
||||
if test -f "$nmconf"; then
|
||||
sed -i 's/managed=false/managed=true/g' "$nmconf" >> $SETUPLOG 2>&1
|
||||
sed -i 's/managed=false/managed=true/g' "$nmconf" >> "$SETUPLOG" 2>&1
|
||||
fi
|
||||
|
||||
if [[ ! -d "$preupdir" ]]; then
|
||||
mkdir "$preupdir" >> $SETUPLOG 2>&1
|
||||
mkdir "$preupdir" >> "$SETUPLOG" 2>&1
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -268,13 +269,13 @@ check_web_pass() {
|
||||
}
|
||||
|
||||
checkin_at_boot() {
|
||||
echo "Enabling checkin at boot" >> $SETUPLOG 2>&1
|
||||
echo "Enabling checkin at boot" >> "$SETUPLOG" 2>&1
|
||||
echo "startup_states: highstate" >> /etc/salt/minion
|
||||
}
|
||||
|
||||
chown_salt_master() {
|
||||
|
||||
echo "Chown the salt dirs on the master for socore" >> $SETUPLOG 2>&1
|
||||
echo "Chown the salt dirs on the master for socore" >> "$SETUPLOG" 2>&1
|
||||
chown -R socore:socore /opt/so
|
||||
|
||||
}
|
||||
@@ -283,7 +284,7 @@ clear_master() {
|
||||
# Clear out the old master public key in case this is a re-install.
|
||||
# This only happens if you re-install the master.
|
||||
if [ -f /etc/salt/pki/minion/minion_master.pub ]; then
|
||||
echo "Clearing old master key" >> $SETUPLOG 2>&1
|
||||
echo "Clearing old master key" >> "$SETUPLOG" 2>&1
|
||||
rm /etc/salt/pki/minion/minion_master.pub
|
||||
service salt-minion restart
|
||||
fi
|
||||
@@ -294,7 +295,7 @@ configure_minion() {
|
||||
|
||||
# You have to pass the TYPE to this function so it knows if its a master or not
|
||||
local TYPE=$1
|
||||
echo "Configuring minion type as $TYPE" >> $SETUPLOG 2>&1
|
||||
echo "Configuring minion type as $TYPE" >> "$SETUPLOG" 2>&1
|
||||
touch /etc/salt/grains
|
||||
echo "role: so-$TYPE" > /etc/salt/grains
|
||||
if [ $TYPE == 'master' ] || [ $TYPE == 'eval' ] || [ $TYPE == 'mastersearch' ]; then
|
||||
@@ -346,17 +347,17 @@ copy_minion_tmp_files() {
|
||||
|
||||
if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
|
||||
echo "Copying pillar and salt files in $TMP to /opt/so/saltstack"
|
||||
cp -Rv $TMP/pillar/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
|
||||
cp -Rv $TMP/pillar/ /opt/so/saltstack/ >> "$SETUPLOG" 2>&1
|
||||
if [ -d $TMP/salt ] ; then
|
||||
cp -Rv $TMP/salt/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
|
||||
cp -Rv $TMP/salt/ /opt/so/saltstack/ >> "$SETUPLOG" 2>&1
|
||||
fi
|
||||
else
|
||||
echo "scp pillar and salt files in $TMP to master /opt/so/saltstack"
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/pillar >> $SETUPLOG 2>&1
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/schedules >> $SETUPLOG 2>&1
|
||||
scp -prv -i /root/.ssh/so.key $TMP/pillar/minions/* soremote@$MSRV:/tmp/$MINION_ID/pillar/ >> $SETUPLOG 2>&1
|
||||
scp -prv -i /root/.ssh/so.key $TMP/salt/patch/os/schedules/* soremote@$MSRV:/tmp/$MINION_ID/schedules >> $SETUPLOG 2>&1
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/salt/master/files/add_minion.sh $MINION_ID >> $SETUPLOG 2>&1
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/pillar >> "$SETUPLOG" 2>&1
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/schedules >> "$SETUPLOG" 2>&1
|
||||
scp -prv -i /root/.ssh/so.key $TMP/pillar/minions/* soremote@$MSRV:/tmp/$MINION_ID/pillar/ >> "$SETUPLOG" 2>&1
|
||||
scp -prv -i /root/.ssh/so.key $TMP/salt/patch/os/schedules/* soremote@$MSRV:/tmp/$MINION_ID/schedules >> "$SETUPLOG" 2>&1
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/salt/master/files/add_minion.sh $MINION_ID >> "$SETUPLOG" 2>&1
|
||||
|
||||
fi
|
||||
|
||||
@@ -377,11 +378,11 @@ copy_ssh_key() {
|
||||
|
||||
|
||||
create_sensor_bond() {
|
||||
echo "Setting up sensor bond" >> $SETUPLOG 2>&1
|
||||
echo "Setting up sensor bond" >> "$SETUPLOG" 2>&1
|
||||
|
||||
local nic_error=0
|
||||
|
||||
check_network_manager_conf >> $SETUPLOG 2>&1
|
||||
check_network_manager_conf >> "$SETUPLOG" 2>&1
|
||||
|
||||
# Set the MTU
|
||||
if [[ $NSMSETUP != 'ADVANCED' ]]; then
|
||||
@@ -393,15 +394,15 @@ create_sensor_bond() {
|
||||
ipv4.method disabled \
|
||||
ipv6.method ignore \
|
||||
ethernet.mtu $MTU \
|
||||
connection.autoconnect "yes" >> $SETUPLOG 2>&1
|
||||
connection.autoconnect "yes" >> "$SETUPLOG" 2>&1
|
||||
|
||||
for BNIC in ${BNICS[@]}; do
|
||||
for BNIC in "${BNICS[@]}"; do
|
||||
BONDNIC="$(echo -e "${BNIC}" | tr -d '"')" # Strip the quotes from the NIC names
|
||||
|
||||
# Check if specific offload features are able to be disabled
|
||||
for string in "generic-segmentation-offload" "generic-receive-offload" "tcp-segmentation-offload"; do
|
||||
if ethtool -k $BONDNIC | egrep $string | egrep -q "on [fixed]"; then
|
||||
echo "The hardware or driver for interface ${BONDNIC} is not supported, packet capture may not work as expected." >> $SETUPLOG 2>&1
|
||||
if ethtool -k "$BONDNIC" | grep -e $string | grep -eq "on [fixed]"; then
|
||||
echo "The hardware or driver for interface ${BONDNIC} is not supported, packet capture may not work as expected." >> "$SETUPLOG" 2>&1
|
||||
nic_error=1
|
||||
break
|
||||
fi
|
||||
@@ -409,15 +410,15 @@ create_sensor_bond() {
|
||||
|
||||
# Turn off various offloading settings for the interface
|
||||
for i in rx tx sg tso ufo gso gro lro; do
|
||||
ethtool -K $BONDNIC $i off >> $SETUPLOG 2>&1
|
||||
ethtool -K "$BONDNIC" $i off >> "$SETUPLOG" 2>&1
|
||||
done
|
||||
|
||||
# Create the slave interface and assign it to the bond
|
||||
nmcli con add type ethernet ifname $BONDNIC con-name "bond0-slave-$BONDNIC" master bond0 -- \
|
||||
nmcli con add type ethernet ifname "$BONDNIC" con-name "bond0-slave-$BONDNIC" master bond0 -- \
|
||||
ethernet.mtu $MTU \
|
||||
connection.autoconnect "yes" >> $SETUPLOG 2>&1
|
||||
connection.autoconnect "yes" >> "$SETUPLOG" 2>&1
|
||||
|
||||
nmcli con up bond0-slave-$BONDNIC >> $SETUPLOG 2>&1 # Bring the slave interface up
|
||||
nmcli con up "bond0-slave-$BONDNIC" >> "$SETUPLOG" 2>&1 # Bring the slave interface up
|
||||
done
|
||||
|
||||
if [ $nic_error != 0 ]; then
|
||||
@@ -425,10 +426,11 @@ create_sensor_bond() {
|
||||
fi
|
||||
}
|
||||
|
||||
# keep ">> $SETUPLOG" syntax
|
||||
detect_os() {
|
||||
|
||||
# Detect Base OS
|
||||
echo "Detecting Base OS" >> $SETUPLOG 2>&1
|
||||
echo "Detecting Base OS" >> "$SETUPLOG" 2>&1
|
||||
if [ -f /etc/redhat-release ]; then
|
||||
OS=centos
|
||||
if grep -q "CentOS Linux release 7" /etc/redhat-release; then
|
||||
@@ -443,7 +445,7 @@ detect_os() {
|
||||
fi
|
||||
|
||||
# Install bind-utils so the host command exists
|
||||
yum -y install bind-utils
|
||||
yum -y install bind-utils >> "$SETUPLOG" 2>&1
|
||||
|
||||
|
||||
elif [ -f /etc/os-release ]; then
|
||||
@@ -457,15 +459,18 @@ detect_os() {
|
||||
exit
|
||||
fi
|
||||
# Install network manager so we can do interface stuff
|
||||
apt-get install -y network-manager
|
||||
/bin/systemctl enable NetworkManager
|
||||
/bin/systemctl start NetworkManager
|
||||
{
|
||||
apt-get install -y network-manager;
|
||||
systemctl enable NetworkManager;
|
||||
systemctl start NetworkManager;
|
||||
} >> "$SETUPLOG" 2<&1
|
||||
|
||||
else
|
||||
echo "We were unable to determine if you are using a supported OS." >> $SETUPLOG 2>&1
|
||||
echo "We were unable to determine if you are using a supported OS." >> "$SETUPLOG" 2>&1
|
||||
exit
|
||||
fi
|
||||
|
||||
echo "Found OS: $OS $OSVER" >> $SETUPLOG 2>&1
|
||||
echo "Found OS: $OS $OSVER" >> "$SETUPLOG" 2>&1
|
||||
|
||||
}
|
||||
|
||||
@@ -486,15 +491,15 @@ disable_onion_user() {
|
||||
}
|
||||
|
||||
disable_misc_network_features() {
|
||||
for UNUSED_NIC in ${FNICS[@]}; do
|
||||
for UNUSED_NIC in "${FNICS[@]}"; do
|
||||
# Disable DHCPv4/v6 and autoconnect
|
||||
nmcli con mod "$UNUSED_NIC" \
|
||||
ipv4.method disabled \
|
||||
ipv6.method ignore \
|
||||
connection.autoconnect "no" >> $SETUPLOG 2>&1
|
||||
connection.autoconnect "no" >> "$SETUPLOG" 2>&1
|
||||
|
||||
# Flush any existing IPs
|
||||
ip addr flush "$UNUSED_NIC" >> $SETUPLOG 2>&1
|
||||
ip addr flush "$UNUSED_NIC" >> "$SETUPLOG" 2>&1
|
||||
|
||||
# Disable IPv6
|
||||
{
|
||||
@@ -515,12 +520,12 @@ docker_install() {
|
||||
yum -y install docker-ce python36-docker
|
||||
if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ]; then
|
||||
docker_registry
|
||||
echo "Restarting Docker" >> $SETUPLOG 2>&1
|
||||
echo "Restarting Docker" >> "$SETUPLOG" 2>&1
|
||||
systemctl restart docker
|
||||
systemctl enable docker
|
||||
else
|
||||
docker_registry
|
||||
echo "Restarting Docker" >> $SETUPLOG 2>&1
|
||||
echo "Restarting Docker" >> "$SETUPLOG" 2>&1
|
||||
systemctl restart docker
|
||||
systemctl enable docker
|
||||
fi
|
||||
@@ -528,27 +533,27 @@ docker_install() {
|
||||
else
|
||||
|
||||
if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ]; then
|
||||
apt-get update >> $SETUPLOG 2>&1
|
||||
apt-get update >> "$SETUPLOG" 2>&1
|
||||
if [ $OSVER != "xenial" ]; then
|
||||
apt-get -y install docker-ce python3-docker >> $SETUPLOG 2>&1
|
||||
apt-get -y install docker-ce python3-docker >> "$SETUPLOG" 2>&1
|
||||
else
|
||||
apt-get -y install docker-ce python-docker >> $SETUPLOG 2>&1
|
||||
apt-get -y install docker-ce python-docker >> "$SETUPLOG" 2>&1
|
||||
fi
|
||||
docker_registry >> $SETUPLOG 2>&1
|
||||
echo "Restarting Docker" >> $SETUPLOG 2>&1
|
||||
systemctl restart docker >> $SETUPLOG 2>&1
|
||||
docker_registry >> "$SETUPLOG" 2>&1
|
||||
echo "Restarting Docker" >> "$SETUPLOG" 2>&1
|
||||
systemctl restart docker >> "$SETUPLOG" 2>&1
|
||||
else
|
||||
apt-key add $TMP/gpg/docker.pub >> $SETUPLOG 2>&1
|
||||
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> $SETUPLOG 2>&1
|
||||
apt-get update >> $SETUPLOG 2>&1
|
||||
apt-key add $TMP/gpg/docker.pub >> "$SETUPLOG" 2>&1
|
||||
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> "$SETUPLOG" 2>&1
|
||||
apt-get update >> "$SETUPLOG" 2>&1
|
||||
if [ $OSVER != "xenial" ]; then
|
||||
apt-get -y install docker-ce python3-docker >> $SETUPLOG 2>&1
|
||||
apt-get -y install docker-ce python3-docker >> "$SETUPLOG" 2>&1
|
||||
else
|
||||
apt-get -y install docker-ce python-docker >> $SETUPLOG 2>&1
|
||||
apt-get -y install docker-ce python-docker >> "$SETUPLOG" 2>&1
|
||||
fi
|
||||
docker_registry >> $SETUPLOG 2>&1
|
||||
echo "Restarting Docker" >> $SETUPLOG 2>&1
|
||||
systemctl restart docker >> $SETUPLOG 2>&1
|
||||
docker_registry >> "$SETUPLOG" 2>&1
|
||||
echo "Restarting Docker" >> "$SETUPLOG" 2>&1
|
||||
systemctl restart docker >> "$SETUPLOG" 2>&1
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -556,13 +561,13 @@ docker_install() {
|
||||
|
||||
docker_registry() {
|
||||
|
||||
echo "Setting up Docker Registry" >> $SETUPLOG 2>&1
|
||||
mkdir -p /etc/docker >> $SETUPLOG 2>&1
|
||||
echo "Setting up Docker Registry" >> "$SETUPLOG" 2>&1
|
||||
mkdir -p /etc/docker >> "$SETUPLOG" 2>&1
|
||||
# Make the host use the master docker registry
|
||||
echo "{" > /etc/docker/daemon.json
|
||||
echo " \"registry-mirrors\": [\"https://$MSRV:5000\"]" >> /etc/docker/daemon.json
|
||||
echo "}" >> /etc/docker/daemon.json
|
||||
echo "Docker Registry Setup - Complete" >> $SETUPLOG 2>&1
|
||||
echo "Docker Registry Setup - Complete" >> "$SETUPLOG" 2>&1
|
||||
|
||||
}
|
||||
docker_seed_registry() {
|
||||
@@ -751,13 +756,11 @@ get_redirect() {
|
||||
}
|
||||
|
||||
got_root() {
|
||||
|
||||
# Make sure you are root
|
||||
if [ "$(id -u)" -ne 0 ]; then
|
||||
echo "This script must be run using sudo!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
install_cleanup() {
|
||||
@@ -784,7 +787,7 @@ install_master() {
|
||||
|
||||
# Install the salt master package
|
||||
if [ $OS == 'centos' ]; then
|
||||
#yum -y install wget salt-common salt-master python36-mysql python36-dateutil python36-m2crypto >> $SETUPLOG 2>&1
|
||||
#yum -y install wget salt-common salt-master python36-mysql python36-dateutil python36-m2crypto >> "$SETUPLOG" 2>&1
|
||||
echo ""
|
||||
# Create a place for the keys for Ubuntu minions
|
||||
#mkdir -p /opt/so/gpg
|
||||
@@ -924,22 +927,22 @@ minio_generate_keys() {
|
||||
}
|
||||
|
||||
network_setup() {
|
||||
echo "Finishing up network setup" >> $SETUPLOG 2>&1
|
||||
echo "Finishing up network setup" >> "$SETUPLOG" 2>&1
|
||||
|
||||
echo "... Verifying all network devices are managed by Network Manager" >> $SETUPLOG 2>&1
|
||||
check_network_manager_conf >> $SETUPLOG 2>&1
|
||||
echo "... Verifying all network devices are managed by Network Manager" >> "$SETUPLOG" 2>&1
|
||||
check_network_manager_conf >> "$SETUPLOG" 2>&1
|
||||
|
||||
echo "... Disabling unused NICs" >> $SETUPLOG 2>&1
|
||||
disable_misc_network_features >> $SETUPLOG 2>&1
|
||||
echo "... Disabling unused NICs" >> "$SETUPLOG" 2>&1
|
||||
disable_misc_network_features >> "$SETUPLOG" 2>&1
|
||||
|
||||
echo "... Setting ONBOOT for management interface" >> $SETUPLOG 2>&1
|
||||
nmcli con mod $MAININT connection.autoconnect "yes" >> $SETUPLOG 2>&1
|
||||
echo "... Setting ONBOOT for management interface" >> "$SETUPLOG" 2>&1
|
||||
nmcli con mod $MAININT connection.autoconnect "yes" >> "$SETUPLOG" 2>&1
|
||||
|
||||
echo "... Copying 99-so-checksum-offload-disable" >> $SETUPLOG 2>&1
|
||||
cp $SCRIPTDIR/install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable >> $SETUPLOG 2>&1
|
||||
echo "... Copying 99-so-checksum-offload-disable" >> "$SETUPLOG" 2>&1
|
||||
cp $SCRIPTDIR/install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable >> "$SETUPLOG" 2>&1
|
||||
|
||||
echo "... Modifying 99-so-checksum-offload-disable" >> $SETUPLOG 2>&1
|
||||
sed -i "s/\$MAININT/${MAININT}/g" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable >> $SETUPLOG 2>&1
|
||||
echo "... Modifying 99-so-checksum-offload-disable" >> "$SETUPLOG" 2>&1
|
||||
sed -i "s/\$MAININT/${MAININT}/g" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable >> "$SETUPLOG" 2>&1
|
||||
}
|
||||
|
||||
node_pillar() {
|
||||
@@ -988,17 +991,17 @@ patch_schedule_os_new() {
|
||||
mkdir -p $OSPATCHSCHEDULEDIR
|
||||
fi
|
||||
|
||||
echo "patch:" > $OSPATCHSCHEDULE
|
||||
echo " os:" >> $OSPATCHSCHEDULE
|
||||
echo " schedule:" >> $OSPATCHSCHEDULE
|
||||
echo "patch:" > "$OSPATCHSCHEDULE"
|
||||
echo " os:" >> "$OSPATCHSCHEDULE"
|
||||
echo " schedule:" >> "$OSPATCHSCHEDULE"
|
||||
for psd in "${PATCHSCHEDULEDAYS[@]}"
|
||||
do
|
||||
psd=$(echo $psd | sed 's/"//g')
|
||||
echo " - $psd:" >> $OSPATCHSCHEDULE
|
||||
psd="${psd//\"/}"
|
||||
echo " - $psd:" >> "$OSPATCHSCHEDULE"
|
||||
for psh in "${PATCHSCHEDULEHOURS[@]}"
|
||||
do
|
||||
psh=$(echo $psh | sed 's/"//g')
|
||||
echo " - '$psh'" >> $OSPATCHSCHEDULE
|
||||
psh="${psh//\"/}"
|
||||
echo " - '$psh'" >> "$OSPATCHSCHEDULE"
|
||||
done
|
||||
done
|
||||
|
||||
@@ -1230,7 +1233,7 @@ EOF
|
||||
|
||||
fi
|
||||
# Add the pre-requisites for installing docker-ce
|
||||
apt-get -y install ca-certificates curl software-properties-common apt-transport-https openssl jq >> $SETUPLOG 2>&1
|
||||
apt-get -y install ca-certificates curl software-properties-common apt-transport-https openssl jq >> "$SETUPLOG" 2>&1
|
||||
|
||||
# Grab the version from the os-release file
|
||||
UVER=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}')
|
||||
@@ -1267,13 +1270,13 @@ EOF
|
||||
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
|
||||
|
||||
# Initialize the new repos
|
||||
apt-get update >> $SETUPLOG 2>&1
|
||||
apt-get update >> "$SETUPLOG" 2>&1
|
||||
if [ $OSVER != "xenial" ]; then
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto sqlite3 argon2 curl jq openssl >> "$SETUPLOG" 2>&1
|
||||
apt-mark hold salt-minion salt-common
|
||||
else
|
||||
# Need to add python packages here
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto sqlite3 argon2 curl jq openssl >> "$SETUPLOG" 2>&1
|
||||
apt-mark hold salt-minion salt-common
|
||||
fi
|
||||
else
|
||||
@@ -1288,13 +1291,13 @@ EOF
|
||||
echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack.list
|
||||
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
|
||||
# Initialize the new repos
|
||||
apt-get update >> $SETUPLOG 2>&1
|
||||
apt-get update >> "$SETUPLOG" 2>&1
|
||||
if [ $OSVER != "xenial" ]; then
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto >> $SETUPLOG 2>&1
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto >> "$SETUPLOG" 2>&1
|
||||
apt-mark hold salt-minion salt-common
|
||||
else
|
||||
# Need to add python packages here
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto >> $SETUPLOG 2>&1
|
||||
apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto >> "$SETUPLOG" 2>&1
|
||||
apt-mark hold salt-minion salt-common
|
||||
fi
|
||||
fi
|
||||
@@ -1307,25 +1310,25 @@ salt_checkin() {
|
||||
# Master State to Fix Mine Usage
|
||||
if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
|
||||
echo "Building Certificate Authority"
|
||||
salt-call state.apply ca >> $SETUPLOG 2>&1
|
||||
salt-call state.apply ca >> "$SETUPLOG" 2>&1
|
||||
echo " *** Restarting Salt to fix any SSL errors. ***"
|
||||
service salt-master restart >> $SETUPLOG 2>&1
|
||||
service salt-master restart >> "$SETUPLOG" 2>&1
|
||||
sleep 5
|
||||
service salt-minion restart >> $SETUPLOG 2>&1
|
||||
service salt-minion restart >> "$SETUPLOG" 2>&1
|
||||
sleep 15
|
||||
echo " Applyng a mine hack "
|
||||
salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt >> $SETUPLOG 2>&1
|
||||
salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt >> "$SETUPLOG" 2>&1
|
||||
echo " Applying SSL state "
|
||||
salt-call state.apply ssl >> $SETUPLOG 2>&1
|
||||
salt-call state.apply ssl >> "$SETUPLOG" 2>&1
|
||||
echo "Still Working... Hang in there"
|
||||
#salt-call state.highstate
|
||||
|
||||
else
|
||||
|
||||
# Run Checkin
|
||||
salt-call state.apply ca >> $SETUPLOG 2>&1
|
||||
salt-call state.apply ssl >> $SETUPLOG 2>&1
|
||||
#salt-call state.highstate >> $SETUPLOG 2>&1
|
||||
salt-call state.apply ca >> "$SETUPLOG" 2>&1
|
||||
salt-call state.apply ssl >> "$SETUPLOG" 2>&1
|
||||
#salt-call state.highstate >> "$SETUPLOG" 2>&1
|
||||
|
||||
fi
|
||||
|
||||
@@ -1334,7 +1337,7 @@ salt_checkin() {
|
||||
salt_firstcheckin() {
|
||||
|
||||
#First Checkin
|
||||
salt-call state.highstate >> $SETUPLOG 2>&1
|
||||
salt-call state.highstate >> "$SETUPLOG" 2>&1
|
||||
|
||||
}
|
||||
|
||||
@@ -1364,7 +1367,7 @@ salt_install_mysql_deps() {
|
||||
yum -y install mariadb-devel
|
||||
elif [ $OS == 'ubuntu' ]; then
|
||||
if [ $OSVER != "xenial" ]; then
|
||||
apt-get -y install python3-mysqldb >> $SETUPLOG 2>&1
|
||||
apt-get -y install python3-mysqldb >> "$SETUPLOG" 2>&1
|
||||
else
|
||||
apt-get -y install python-mysqldb
|
||||
fi
|
||||
@@ -1426,9 +1429,9 @@ set_environment_var() {
|
||||
|
||||
set_hostname() {
|
||||
|
||||
echo 'set_hostname called' >> $SETUPLOG 2>&1
|
||||
echo $TESTHOST >> $SETUPLOG 2>&1
|
||||
echo $INSTALLTYPE >> $SETUPLOG 2>&1
|
||||
echo 'set_hostname called' >> "$SETUPLOG" 2>&1
|
||||
echo $TESTHOST >> "$SETUPLOG" 2>&1
|
||||
echo $INSTALLTYPE >> "$SETUPLOG" 2>&1
|
||||
hostnamectl set-hostname --static $HOSTNAME
|
||||
echo "127.0.0.1 $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost4 localhost4.localdomain" > /etc/hosts
|
||||
echo "::1 localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts
|
||||
|
||||
@@ -17,8 +17,8 @@
|
||||
|
||||
# Source the other pieces of the setup
|
||||
SCRIPTDIR=$(dirname "$0")
|
||||
source $SCRIPTDIR/so-functions
|
||||
source $SCRIPTDIR/so-whiptail
|
||||
source "$SCRIPTDIR/so-functions"
|
||||
source "$SCRIPTDIR/so-whiptail"
|
||||
|
||||
# See if this is an ISO install
|
||||
OPTIONS=$1
|
||||
@@ -44,16 +44,16 @@ SETUPLOG="/root/sosetup.log"
|
||||
# End Global Variables
|
||||
|
||||
# Reset the Install Log
|
||||
date -u >$SETUPLOG 2>&1
|
||||
date -u > $SETUPLOG 2>&1
|
||||
echo "stty size is: $(stty size)" >> $SETUPLOG 2>&1
|
||||
|
||||
# Check for prerequisites
|
||||
got_root
|
||||
detect_os
|
||||
|
||||
if [ $OS == ubuntu ]; then
|
||||
if [ "$OS" == ubuntu ]; then
|
||||
# Override the horrible Ubuntu whiptail color pallete
|
||||
update-alternatives --set newt-palette /etc/newt/palette.original
|
||||
update-alternatives --set newt-palette /etc/newt/palette.original >> $SETUPLOG 2>&1
|
||||
fi
|
||||
|
||||
# Question Time
|
||||
@@ -61,7 +61,7 @@ echo "Asking user if they are sure they want to proceed" >> $SETUPLOG 2>&1
|
||||
if (whiptail_you_sure) ; then
|
||||
|
||||
# Create a temp dir to get started
|
||||
install_prep
|
||||
install_prep >> $SETUPLOG 2>&1
|
||||
setterm -blank 0
|
||||
|
||||
if [ $INSTALLMETHOD == network ]; then
|
||||
@@ -84,7 +84,7 @@ if (whiptail_you_sure) ; then
|
||||
whiptail_dhcp_or_static
|
||||
|
||||
# Do this if it static is selected
|
||||
if [ $ADDRESSTYPE != 'DHCP' ]; then
|
||||
if [ "$ADDRESSTYPE" != 'DHCP' ]; then
|
||||
whiptail_management_interface_ip
|
||||
whiptail_management_interface_mask
|
||||
whiptail_management_interface_gateway
|
||||
@@ -114,8 +114,8 @@ if (whiptail_you_sure) ; then
|
||||
|
||||
# What kind of install are we doing?
|
||||
whiptail_install_type
|
||||
SHORTNAME=$(echo $HOSTNAME | awk -F. {'print $1'})
|
||||
MINION_ID=$(echo $SHORTNAME'_'$INSTALLTYPE | tr '[:upper:]' '[:lower:]')
|
||||
SHORTNAME=$(echo "$HOSTNAME" | awk -F. '{print $1}')
|
||||
MINION_ID=$(echo "$SHORTNAME'_'$INSTALLTYPE" | tr '[:upper:]' '[:lower:]')
|
||||
echo "MINION_ID = $MINION_ID" >> $SETUPLOG 2>&1
|
||||
|
||||
# How do we want to handle OS patching? manual, auto or scheduled days and hours
|
||||
@@ -130,10 +130,10 @@ if (whiptail_you_sure) ; then
|
||||
'Import Schedule')
|
||||
whiptail_patch_schedule_import
|
||||
;;
|
||||
Automatic)
|
||||
'Automatic')
|
||||
PATCHSCHEDULENAME=auto
|
||||
;;
|
||||
Manual)
|
||||
'Manual')
|
||||
PATCHSCHEDULENAME=manual
|
||||
;;
|
||||
esac
|
||||
@@ -141,21 +141,23 @@ if (whiptail_you_sure) ; then
|
||||
####################
|
||||
## Helix ##
|
||||
####################
|
||||
if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
|
||||
if [ $"INSTALLTYPE" == 'HELIXSENSOR' ]; then
|
||||
MASTERUPDATES=OPEN
|
||||
filter_unused_nics
|
||||
[[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
|
||||
[[ "$SKIP_BOND" != 'yes' ]] && whiptail_bond_nics
|
||||
whiptail_helix_apikey
|
||||
whiptail_homenet_master
|
||||
RULESETUP=ETOPEN
|
||||
NSMSETUP=BASIC
|
||||
HNSENSOR=inherit
|
||||
LS_HEAP_SIZE="1000m"
|
||||
calculate_useable_cores
|
||||
calculate_useable_cores >> "$SETUPLOG" 2>&1
|
||||
whiptail_make_changes
|
||||
set_hostname
|
||||
set_version
|
||||
clear_master
|
||||
{
|
||||
set_hostname;
|
||||
set_version;
|
||||
clear_master;
|
||||
} >> "$SETUPLOG" 2>&1
|
||||
mkdir -p /nsm
|
||||
get_filesystem_root
|
||||
get_filesystem_nsm
|
||||
@@ -276,7 +278,7 @@ if (whiptail_you_sure) ; then
|
||||
####################
|
||||
## Master ##
|
||||
####################
|
||||
if [ $INSTALLTYPE == 'MASTER' ]; then
|
||||
if [ "$INSTALLTYPE" == 'MASTER' ]; then
|
||||
|
||||
# Would you like to do an advanced install?
|
||||
whiptail_master_adv
|
||||
@@ -294,7 +296,7 @@ if (whiptail_you_sure) ; then
|
||||
whiptail_rule_setup
|
||||
|
||||
# Get the code if it isn't ET Open
|
||||
if [ $RULESETUP != 'ETOPEN' ]; then
|
||||
if [ "$RULESETUP" != 'ETOPEN' ]; then
|
||||
# Get the code
|
||||
whiptail_oinkcode
|
||||
fi
|
||||
@@ -305,9 +307,9 @@ if (whiptail_you_sure) ; then
|
||||
process_components
|
||||
|
||||
# Do Advacned Setup if they chose it
|
||||
if [ $MASTERADV == 'ADVANCED' ]; then
|
||||
if [ "$MASTERADV" == 'ADVANCED' ]; then
|
||||
# Ask which bro logs to enable - Need to add Suricata check
|
||||
if [ $BROVERSION != 'SURICATA' ]; then
|
||||
if [ "$BROVERSION" != 'SURICATA' ]; then
|
||||
whiptail_master_adv_service_brologs
|
||||
fi
|
||||
fi
|
||||
@@ -315,7 +317,7 @@ if (whiptail_you_sure) ; then
|
||||
# Get a password for the soremote user
|
||||
whiptail_create_soremote_user
|
||||
SCMATCH=no
|
||||
while [ $SCMATCH != yes ]; do
|
||||
while [ "$SCMATCH" != 'yes' ]; do
|
||||
whiptail_create_soremote_user_password1
|
||||
whiptail_create_soremote_user_password2
|
||||
check_soremote_pass
|
||||
|
||||
Reference in New Issue
Block a user