IDH - Final setup fixes

2025-12-06 17:22:49 +01:00 · 2022-02-19 21:01:48 -05:00
parent 780cd38adf
commit 2203e2fedd
13 changed files with 32 additions and 25 deletions
--- a/salt/idh/defaults/httpproxy.defaults.yaml
+++ b/salt/idh/defaults/httpproxy.defaults.yaml
@@ -1,7 +1,7 @@
 idh:
  opencanary:
    config:
-      httpproxy.enabled: false
+      httpproxy.enabled: true
      httpproxy.port: 8080
      httpproxy.skin: squid
      httproxy.skin.list:
--- a/salt/idh/defaults/mysql.defaults.yaml
+++ b/salt/idh/defaults/mysql.defaults.yaml
@@ -1,6 +1,6 @@
 idh:
  opencanary:
    config:
-      mysql.enabled: false
+      mysql.enabled: true
      mysql.port: 3306
      mysql.banner: 5.5.43-0ubuntu0.14.04.1
--- a/salt/idh/defaults/ntp.defaults.yaml
+++ b/salt/idh/defaults/ntp.defaults.yaml
@@ -1,5 +1,5 @@
 idh:
  opencanary:
    config:
-      ntp.enabled: false
+      ntp.enabled: true
      ntp.port: '123'
--- a/salt/idh/defaults/rdp.defaults.yaml
+++ b/salt/idh/defaults/rdp.defaults.yaml
@@ -1,5 +0,0 @@
 idh:
  opencanary:
    config:
      rdp.enabled: false
      rdp.port: 3389
--- a/salt/idh/defaults/redis.defaults.yaml
+++ b/salt/idh/defaults/redis.defaults.yaml
@@ -1,5 +1,5 @@
 idh:
  opencanary:
    config:
-      redis.enabled: false
+      redis.enabled: true
      redis.port: 6379
--- a/salt/idh/defaults/sip.defaults.yaml
+++ b/salt/idh/defaults/sip.defaults.yaml
@@ -1,5 +1,5 @@
 idh:
  opencanary:
    config:
-      sip.enabled: false
+      sip.enabled: true
      sip.port: 5060
--- a/salt/idh/defaults/smb.defaults.yaml
+++ b/salt/idh/defaults/smb.defaults.yaml
@@ -2,4 +2,4 @@ idh:
  opencanary:
    config:
      smb.auditfile: /var/log/samba-audit.log
-      smb.enabled: false
+      smb.enabled: true
--- a/salt/idh/defaults/snmp.defaults.yaml
+++ b/salt/idh/defaults/snmp.defaults.yaml
@@ -1,5 +1,5 @@
 idh:
  opencanary:
    config:
-      snmp.enabled: false
+      snmp.enabled: true
      snmp.port: 161
--- a/salt/idh/defaults/ssh.defaults.yaml
+++ b/salt/idh/defaults/ssh.defaults.yaml
@@ -1,6 +1,6 @@
 idh:
  opencanary:
    config:
-      ssh.enabled: false
+      ssh.enabled: true
      ssh.port: 22
      ssh.version: SSH-2.0-OpenSSH_5.1p1 Debian-4
--- a/salt/idh/defaults/tftp.defaults.yaml
+++ b/salt/idh/defaults/tftp.defaults.yaml
@@ -1,5 +1,5 @@
 idh:
  opencanary:
    config:
-      tftp.enabled: false
+      tftp.enabled: true
      tftp.port: 69
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -462,7 +462,6 @@ collect_idh_services() {
 		;;
 		'Custom')
 			whiptail_idh_services_custom
 			echo $idh_services
 		;;
 	esac
 }
@@ -884,6 +883,7 @@ check_requirements() {
 		req_cores=4
 		if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi
 		if [[ "$node_type" == 'fleet' ]]; then req_mem=4; fi
 		if [[ "$node_type" == 'idh' ]]; then req_mem=1 req_cores=2; fi
 	elif [[ "$standalone_or_dist" == 'import' ]]; then
 		req_mem=4
 		req_cores=2
@@ -2850,12 +2850,13 @@ wait_for_salt_minion() {
 }
 write_out_idh_services() {
 	local pillar_file="$temp_install_dir"/pillar/minions/"$MINION_ID".sls
 	printf '%s\n'\
 	"idh:"\
-	"  opencanary:"\
+	"  services:" >> "$pillar_file"
 	"    config:" >> "$minion_config"
 	for service in ${idh_services[@]}; do
-      echo "      - $service" >> "$minion_config"
+	  echo "    - $service" | tr '[:upper:]' '[:lower:]' >> "$pillar_file"
    done
 }
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -280,6 +280,8 @@ if ! [[ -f $install_opt_file ]]; then
 		check_requirements "standalone"
 	elif [[ $is_fleet_standalone ]]; then
 		check_requirements "dist" "fleet"
 	elif [[ $is_idh ]]; then
 		check_requirements "dist" "idh"
 	elif [[ $is_sensor && ! $is_eval ]]; then
 		check_requirements "dist" "sensor"
 	elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then
@@ -750,6 +752,12 @@ echo "1" > /root/accept_changes
 		logstash_pillar >> $setup_log 2>&1
 	fi
 	if [[ $is_idh ]]; then
 		# Write out services to minion pillar file
 		set_progress_str 19 'Generating IDH services pillar'
 		write_out_idh_services
 	fi
 	if [[ $is_minion ]]; then
 		set_progress_str 20 'Accepting Salt key on manager'
@@ -919,9 +927,6 @@ echo "1" > /root/accept_changes
 	fi
 	if [[ $is_idh ]]; then
 		# Write out services to minion pillar file
 		write_out_idh_services
 		set_progress_str 79 "$(print_salt_state_apply 'idh')"
 		salt-call state.apply -l info idh >> $setup_log 2>&1
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -432,6 +432,14 @@ whiptail_end_settings() {
 	Hostname: $HOSTNAME
 	EOM
 	if [[ $is_idh ]]; then
 		__append_end_msg "IDH Services Enabled:"
 	   for service in ${idh_services[@]}; do
 		__append_end_msg "- $service"
      done
 	fi
 	[[ -n $NODE_DESCRIPTION ]] && __append_end_msg "Description: $NODE_DESCRIPTION"
 	[[ $is_airgap ]] && __append_end_msg "Airgap: True"
@@ -832,14 +840,12 @@ whiptail_install_type_dist_existing() {
 	local node_msg
 	read -r -d '' node_msg <<- EOM
-	Choose a distributed node type to join to an existing grid.
+	Choose a distributed node type to join to an existing grid. See https://docs.securityonion.net/architecture for details.
 	See https://docs.securityonion.net/architecture for details.
 	Note: Heavy nodes (HEAVYNODE) are NOT recommended for most users.
 	EOM
-	install_type=$(whiptail --title "$whiptail_title" --radiolist "$node_msg" 19 58 5 \
+	install_type=$(whiptail --title "$whiptail_title" --radiolist "$node_msg" 19 58 6 \
 		"SENSOR" "Create a forward only sensor " ON \
 		"SEARCHNODE" "Add a search node with parsing " OFF \
 		"FLEET" "Dedicated Fleet Osquery Node " OFF \