From 7335611166e5ff480676b560c99bd2fb5fca68eb Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 21 Apr 2021 15:35:05 -0400
Subject: [PATCH 1/6] soup will now ask to update packages

---
 salt/common/tools/sbin/soup | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 2a1ddab1c..ee1dd662d 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -161,6 +161,34 @@ check_log_size_limit() {
   fi
 }
 
+check_os_updates() {
+  # Check to see if there are OS updates
+  NEEDUPDATES="WWe have detected missing operating system (OS) updates. Do you want to install these OS updates now? This could take a while depending on the size of your grid and how many packages are missing, but it is recommended to keep your system updated."
+  if [[ $OS == 'ubuntu' ]]; then
+    OSUPDATES=$(apt list --upgradeable)
+  else
+    OSUPDATES=$(yum -q list updates)
+  fi
+  if [[ "$OSUPDATES" > 1 ]]; then
+      echo $NEEDUPDATES
+      echo ""
+      read -p "Press U to update OS packages (recommended), C to continue without updates, or E to exit: " confirm
+
+      if [[ "$confirm" == [cC] ]]; then
+          echo "Continuing without updating packages"
+      elif [[ "$confirm" == [uU] ]]; then
+          echo "Applying Grid Updates"
+          salt \* -b 5 state.apply patch.os
+      else
+          echo "Exiting soup"
+          exit 0
+      fi
+  else
+      echo "Looks like you have an updated OS"
+  fi
+    
+}
+
 clean_dockers() {
   # Place Holder for cleaning up old docker images
   echo "Trying to clean up old dockers."
@@ -632,7 +660,7 @@ else
   rm -rf $UPDATE_DIR
   clone_to_tmp
 fi
-
+check_os_updates
 echo ""
 echo "Verifying we have the latest soup script."
 verify_latest_update_script
@@ -815,8 +843,6 @@ Please review the following for more information about the update process and re
 https://docs.securityonion.net/soup
 https://blog.securityonion.net
 
-Please note that soup only updates Security Onion components and does NOT update the underlying operating system (OS). When you installed Security Onion, there was an option to automatically update the OS packages. If you did not enable this option, then you will want to ensure that the OS is fully updated before running soup.
-
 Press Enter to continue or Ctrl-C to cancel.
 
 EOF

From 13ad07cd8899dd853aa8ca315e52519aa8637857 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 21 Apr 2021 15:41:58 -0400
Subject: [PATCH 2/6] soup will now ask to update packages

---
 salt/common/tools/sbin/soup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index ee1dd662d..6d282e78c 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -163,7 +163,7 @@ check_log_size_limit() {
 
 check_os_updates() {
   # Check to see if there are OS updates
-  NEEDUPDATES="WWe have detected missing operating system (OS) updates. Do you want to install these OS updates now? This could take a while depending on the size of your grid and how many packages are missing, but it is recommended to keep your system updated."
+  NEEDUPDATES="We have detected missing operating system (OS) updates. Do you want to install these OS updates now? This could take a while depending on the size of your grid and how many packages are missing, but it is recommended to keep your system updated."
   if [[ $OS == 'ubuntu' ]]; then
     OSUPDATES=$(apt list --upgradeable)
   else

From 73001713e3b64e198a6faa395189f560f53cba43 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 21 Apr 2021 15:51:28 -0400
Subject: [PATCH 3/6] soup will now ask to update packages

---
 salt/common/tools/sbin/soup | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 6d282e78c..e41e80afe 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -165,9 +165,9 @@ check_os_updates() {
   # Check to see if there are OS updates
   NEEDUPDATES="We have detected missing operating system (OS) updates. Do you want to install these OS updates now? This could take a while depending on the size of your grid and how many packages are missing, but it is recommended to keep your system updated."
   if [[ $OS == 'ubuntu' ]]; then
-    OSUPDATES=$(apt list --upgradeable)
+    OSUPDATES=$(apt list --upgradeable | wc -l)
   else
-    OSUPDATES=$(yum -q list updates)
+    OSUPDATES=$(yum -q list updates | wc -l)
   fi
   if [[ "$OSUPDATES" > 1 ]]; then
       echo $NEEDUPDATES

From 5c4be5e1cd9699b92e3ecc36a4121c69ef14fdf0 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 21 Apr 2021 16:15:40 -0400
Subject: [PATCH 4/6] soup will now ask to update packages

---
 salt/common/tools/sbin/soup | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index e41e80afe..51d9f9fe1 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -165,11 +165,11 @@ check_os_updates() {
   # Check to see if there are OS updates
   NEEDUPDATES="We have detected missing operating system (OS) updates. Do you want to install these OS updates now? This could take a while depending on the size of your grid and how many packages are missing, but it is recommended to keep your system updated."
   if [[ $OS == 'ubuntu' ]]; then
-    OSUPDATES=$(apt list --upgradeable | wc -l)
+    OSUPDATES=$(apt list --upgradeable | grep -v "^Listing..." | grep -v "^docker-ce" | grep -v "^wazuh-" | grep -v "^salt-" | wc -l)
   else
     OSUPDATES=$(yum -q list updates | wc -l)
   fi
-  if [[ "$OSUPDATES" > 1 ]]; then
+  if [[ "$OSUPDATES" -gt 1 ]]; then
       echo $NEEDUPDATES
       echo ""
       read -p "Press U to update OS packages (recommended), C to continue without updates, or E to exit: " confirm

From b5b0c262c11b40694b2d750af85bc305928c0411 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 21 Apr 2021 16:25:41 -0400
Subject: [PATCH 5/6] soup will now ask to update packages

---
 salt/common/tools/sbin/soup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 51d9f9fe1..a5416df43 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -169,7 +169,7 @@ check_os_updates() {
   else
     OSUPDATES=$(yum -q list updates | wc -l)
   fi
-  if [[ "$OSUPDATES" -gt 1 ]]; then
+  if [[ "$OSUPDATES" -gt 0 ]]; then
       echo $NEEDUPDATES
       echo ""
       read -p "Press U to update OS packages (recommended), C to continue without updates, or E to exit: " confirm

From fa972ea110582f8da607c9cdd77abe83e14340ca Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 21 Apr 2021 16:37:13 -0400
Subject: [PATCH 6/6] soup will now ask to update packages

---
 salt/common/tools/sbin/soup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index a5416df43..019420afe 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -178,7 +178,7 @@ check_os_updates() {
           echo "Continuing without updating packages"
       elif [[ "$confirm" == [uU] ]]; then
           echo "Applying Grid Updates"
-          salt \* -b 5 state.apply patch.os
+          salt \* -b 5 state.apply patch.os queue=True
       else
           echo "Exiting soup"
           exit 0