diff --git a/salt/common/tools/sbin/so-analyst-install b/salt/common/tools/sbin/so-analyst-install
index 6917725fc..ea62b87bb 100755
--- a/salt/common/tools/sbin/so-analyst-install
+++ b/salt/common/tools/sbin/so-analyst-install
@@ -14,296 +14,39 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
+{# if this is a manager #}
+{% if grains.master == grains.id.split('_')|first -%}
-if [ "$(id -u)" -ne 0 ]; then
- echo "This script must be run using sudo!"
- exit 1
-fi
+source /usr/sbin/so-common
+doc_workstation_url="https://docs.securityonion.net/en/2.3/analyst-vm.html"
+pillar_file="/opt/so/saltstack/local/pillar/minions/{{grains.id}}.sls"
-INSTALL_LOG=/root/so-analyst-install.log
-exec &> >(tee -a "$INSTALL_LOG")
-
-log() {
- msg=$1
- level=${2:-I}
- now=$(TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ")
- echo -e "$now | $level | $msg" >> "$INSTALL_LOG" 2>&1
-}
-
-error() {
- log "$1" "E"
-}
-
-info() {
- log "$1" "I"
-}
-
-title() {
- echo -e "\n-----------------------------\n $1\n-----------------------------\n" >> "$INSTALL_LOG" 2>&1
-}
-
-logCmd() {
- cmd=$1
- info "Executing command: $cmd"
- $cmd >> "$INSTALL_LOG" 2>&1
-}
-
-analyze_system() {
- title "System Characteristics"
- logCmd "uptime"
- logCmd "uname -a"
- logCmd "free -h"
- logCmd "lscpu"
- logCmd "df -h"
- logCmd "ip a"
-}
-
-analyze_system
-
-OS=$(grep PRETTY_NAME /etc/os-release | grep 'CentOS Linux 7')
-if [ $? -ne 0 ]; then
- echo "This is an unsupported OS. Please use CentOS 7 to install the analyst node."
- exit 1
-fi
-
-if [[ "$manufacturer" == "Security Onion Solutions" && "$family" == "Automated" ]]; then
- INSTALL=yes
- CURLCONTINUE=no
-else
- INSTALL=''
- CURLCONTINUE=''
-fi
-
-FIRSTPASS=yes
-while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do
- if [[ "$FIRSTPASS" == "yes" ]]; then
- clear
- echo "###########################################"
- echo "## ** W A R N I N G ** ##"
- echo "## _______________________________ ##"
- echo "## ##"
- echo "## Installing the Security Onion ##"
- echo "## analyst node on this device will ##"
- echo "## make permanent changes to ##"
- echo "## the system. ##"
- echo "## ##"
- echo "###########################################"
- echo "Do you wish to continue? (Type the entire word 'yes' to proceed or 'no' to exit)"
- FIRSTPASS=no
- else
- echo "Please type 'yes' to continue or 'no' to exit."
- fi
- read INSTALL
-done
-
-if [[ $INSTALL == "no" ]]; then
- echo "Exiting analyst node installation."
- exit 0
-fi
-
-echo "Testing for internet connection with curl https://securityonionsolutions.com/"
-CANCURL=$(curl -sI https://securityonionsolutions.com/ | grep "200 OK")
- if [ $? -ne 0 ]; then
- FIRSTPASS=yes
- while [[ $CURLCONTINUE != "yes" ]] && [[ $CURLCONTINUE != "no" ]]; do
- if [[ "$FIRSTPASS" == "yes" ]]; then
- echo "We could not access https://securityonionsolutions.com/."
- echo "Since packages are downloaded from the internet, internet access is required."
- echo "If you would like to ignore this warning and continue anyway, please type 'yes'."
- echo "Otherwise, type 'no' to exit."
- FIRSTPASS=no
- else
- echo "Please type 'yes' to continue or 'no' to exit."
- fi
- read CURLCONTINUE
- done
- if [[ "$CURLCONTINUE" == "no" ]]; then
- echo "Exiting analyst node installation."
- exit 0
- fi
- else
- echo "We were able to curl https://securityonionsolutions.com/."
- sleep 3
+if [ -f "$pillar_file" ]; then
+ if ! grep -q "^workstation:$" "$pillar_file"; then
+ # Add workstation pillar to the minion's pillar file
+ printf '%s\n'\
+ "workstation:"\
+ " gui:"\
+ " enabled: true"\
+ "" >> "$pillar_file"
+ echo "Applying the workstation state. This could take some time since there are many packages that need to be installed."
+ salt-call state.apply workstation -linfo queue=True
+ echo ""
+ echo "Analyst workstation has been installed!"
+ else # workstation is already added
+ echo "The workstation pillar already exists in $pillar_file."
+ echo "To enable/disable the gui, set 'workstation:gui:enabled' to true or false in $pillar_file."
+ echo "Additional documentation can be found at $doc_workstation_url."
fi
-
-# Install a GUI text editor
-yum -y install gedit
-
-# Install misc utils
-yum -y install wget curl unzip epel-release yum-plugin-versionlock;
-
-# Install xWindows
-yum -y groupinstall "X Window System";
-yum -y install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts;
-unlink /etc/systemd/system/default.target;
-ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target;
-yum -y install file-roller
-
-# Install Mono - prereq for NetworkMiner
-yum -y install mono-core mono-basic mono-winforms expect
-
-# Install NetworkMiner
-yum -y install libcanberra-gtk2;
-wget https://www.netresec.com/?download=NetworkMiner -O /tmp/nm.zip;
-mkdir -p /opt/networkminer/
-unzip /tmp/nm.zip -d /opt/networkminer/;
-rm /tmp/nm.zip;
-mv /opt/networkminer/NetworkMiner_*/* /opt/networkminer/
-chmod +x /opt/networkminer/NetworkMiner.exe;
-chmod -R go+w /opt/networkminer/AssembledFiles/;
-chmod -R go+w /opt/networkminer/Captures/;
-# Create networkminer shim
-cat << EOF >> /bin/networkminer
-#!/bin/bash
-/bin/mono /opt/networkminer/NetworkMiner.exe --noupdatecheck "\$@"
-EOF
-chmod +x /bin/networkminer
-# Convert networkminer ico file to png format
-yum -y install ImageMagick
-convert /opt/networkminer/networkminericon.ico /opt/networkminer/networkminericon.png
-# Create menu entry
-cat << EOF >> /usr/share/applications/networkminer.desktop
-[Desktop Entry]
-Name=NetworkMiner
-Comment=NetworkMiner
-Encoding=UTF-8
-Exec=/bin/networkminer %f
-Icon=/opt/networkminer/networkminericon-4.png
-StartupNotify=true
-Terminal=false
-X-MultipleArgs=false
-Type=Application
-MimeType=application/x-pcap;
-Categories=Network;
-EOF
-
-# Set default monospace font to Liberation
-cat << EOF >> /etc/fonts/local.conf
-
-
- monospace
-
-
- Liberation Mono
-
-
-EOF
-
-# Install Wireshark for Gnome
-yum -y install wireshark-gnome;
-
-# Install dnsiff
-yum -y install dsniff;
-
-# Install hping3
-yum -y install hping3;
-
-# Install netsed
-yum -y install netsed;
-
-# Install ngrep
-yum -y install ngrep;
-
-# Install scapy
-yum -y install python36-scapy;
-
-# Install ssldump
-yum -y install ssldump;
-
-# Install tcpdump
-yum -y install tcpdump;
-
-# Install tcpflow
-yum -y install tcpflow;
-
-# Install tcpxtract
-yum -y install tcpxtract;
-
-# Install whois
-yum -y install whois;
-
-# Install foremost
-yum -y install https://forensics.cert.org/centos/cert/7/x86_64//foremost-1.5.7-13.1.el7.x86_64.rpm;
-
-# Install chromium
-yum -y install chromium;
-
-# Install tcpstat
-yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcpstat-1.5.0/securityonion-tcpstat-1.5.0.rpm;
-
-# Install tcptrace
-yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcptrace-6.6.7/securityonion-tcptrace-6.6.7.rpm;
-
-# Install sslsplit
-yum -y install libevent;
-yum -y install sslsplit;
-
-# Install Bit-Twist
-yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-bittwist-2.0.0/securityonion-bittwist-2.0.0.rpm;
-
-# Install chaosreader
-yum -y install perl-IO-Compress perl-Net-DNS;
-yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-chaosreader-0.95.10/securityonion-chaosreader-0.95.10.rpm;
-chmod +x /bin/chaosreader;
-
-if [ -f ../../files/analyst/README ]; then
- cp ../../files/analyst/README /;
- cp ../../files/analyst/so-wallpaper.jpg /usr/share/backgrounds/;
- cp ../../files/analyst/so-lockscreen.jpg /usr/share/backgrounds/;
- cp ../../files/analyst/so-login-logo-dark.svg /usr/share/pixmaps/;
-else
- cp /opt/so/saltstack/default/salt/common/files/analyst/README /;
- cp /opt/so/saltstack/default/salt/common/files/analyst/so-wallpaper.jpg /usr/share/backgrounds/;
- cp /opt/so/saltstack/default/salt/common/files/analyst/so-lockscreen.jpg /usr/share/backgrounds/;
- cp /opt/so/saltstack/default/salt/common/files/analyst/so-login-logo-dark.svg /usr/share/pixmaps/;
+else # if the pillar file doesn't exist
+ echo "Could not find $pillar_file and add the workstation pillar."
fi
-# Set background wallpaper
-cat << EOF >> /etc/dconf/db/local.d/00-background
-# Specify the dconf path
-[org/gnome/desktop/background]
+{#- if this is not a manager#}
+{% else -%}
-# Specify the path to the desktop background image file
-picture-uri='file:///usr/share/backgrounds/so-wallpaper.jpg'
-# Specify one of the rendering options for the background image:
-# 'none', 'wallpaper', 'centered', 'scaled', 'stretched', 'zoom', 'spanned'
-picture-options='zoom'
-# Specify the left or top color when drawing gradients or the solid color
-primary-color='000000'
-# Specify the right or bottom color when drawing gradients
-secondary-color='FFFFFF'
-EOF
+echo "Since this is not a manager, the pillar values to enable analyst workstation must be set manually. Please follow the documention at $doc_workstation_url."
-# Set lock screen
-cat << EOF >> /etc/dconf/db/local.d/00-screensaver
-[org/gnome/desktop/session]
-idle-delay=uint32 180
+{% endif -%}
-[org/gnome/desktop/screensaver]
-lock-enabled=true
-lock-delay=uint32 120
-picture-options='zoom'
-picture-uri='file:///usr/share/backgrounds/so-lockscreen.jpg'
-EOF
-
-cat << EOF >> /etc/dconf/db/local.d/locks/screensaver
-/org/gnome/desktop/session/idle-delay
-/org/gnome/desktop/screensaver/lock-enabled
-/org/gnome/desktop/screensaver/lock-delay
-EOF
-
-# Do not show the user list at login screen
-cat << EOF >> /etc/dconf/db/local.d/00-login-screen
-[org/gnome/login-screen]
-logo='/usr/share/pixmaps/so-login-logo-dark.svg'
-disable-user-list=true
-EOF
-
-dconf update;
-
-echo
-echo "Analyst workstation has been installed!"
-echo "Press ENTER to reboot or Ctrl-C to cancel."
-read pause
-
-reboot;
+exit 0