From b2fcd438c26d699da9a556fc7558c207caf6927a Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Fri, 9 Apr 2021 09:39:33 -0400
Subject: [PATCH 01/11] Initial support for checking state of manager during
 setup

---
 salt/common/init.sls |  5 +++++
 setup/so-functions   | 19 +++++++++++++++++++
 setup/so-setup       |  4 ++++
 setup/so-whiptail    | 17 +++++++++++++++--
 4 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/salt/common/init.sls b/salt/common/init.sls
index 93f76c3b3..3ce6286be 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -304,6 +304,11 @@ sostatusdir:
     - user: 0
     - group: 0
     - makedirs: True
+
+sostatus_log:
+  file.managed:
+    - name: /opt/so/log/sostatus/status.log
+    - mode: 644
     
 # Install sostatus check cron
 /usr/sbin/so-status -q && echo $? > /opt/so/log/sostatus/status.log 2>&1:
diff --git a/setup/so-functions b/setup/so-functions
index b7acf7cb1..604eb56b7 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -162,6 +162,25 @@ check_hive_init() {
 	docker rm so-thehive
 }
 
+check_manager_state() {
+	echo "Checking state of manager services. This may take a moment..."
+	retry 2 15 "__check_so_status" && retry 2 15 "__check_salt_master" && return 0 || return 1
+}
+
+__check_so_status() {
+	local so_status_output
+	so_status_output=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" cat /opt/so/log/sostatus/status.log)
+	[[ -z $so_status_output ]] && so_status_output=1
+	return $so_status_output
+}
+
+__check_salt_master() {
+	local salt_master_status
+	salt_master_status=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master)
+	[[ -z $salt_master_status ]] && salt_master_status=1
+	return $salt_master_status
+}
+
 check_network_manager_conf() {
 	local gmdconf="/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf"
 	local nmconf="/etc/NetworkManager/NetworkManager.conf"
diff --git a/setup/so-setup b/setup/so-setup
index 5b1a7417c..79c9b9784 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -574,6 +574,10 @@ if [[ $is_manager || $is_import ]]; then collect_so_allow; fi
 # This block sets REDIRECTIT which is used by a function outside the below subshell
 set_redirect >> $setup_log 2>&1
 
+if [[ $is_minion ]] && ! check_manager_state; then
+	whiptail_manager_error || exit 1
+fi
+
 whiptail_end_settings
 
 # From here on changes will be made.
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 493ae7a68..2b1199fb5 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -79,7 +79,7 @@ whiptail_bond_nics_mtu() {
 
 whiptail_cancel() {
 
-	whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
+	whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup." 8 75
 	if [ -d "/root/installtmp" ]; then
 		{
 			echo "/root/installtmp exists";
@@ -88,7 +88,7 @@ whiptail_cancel() {
 		} >> $setup_log 2>&1
 	fi
 
-	title "User cancelled setup, no changes made."
+	title "User cancelled setup."
 	
 	exit
 }
@@ -1140,6 +1140,19 @@ whiptail_manager_adv_service_zeeklogs() {
 
 }
 
+whiptail_manager_error() {
+	local msg
+	read -r -d '' <<- EOM
+	Setup could not determine if the manager $MSRV is in a good state.
+
+	Continuing without verifying all services on the manager are running may result in a failure.
+
+	Would you like to continue anyway?
+	EOM
+
+	whiptail --title "Security Onion Setup" --yesno "$msg" 13 75 || whiptail_check_exitstatus 1
+}
+
 whiptail_manager_updates() {
 
 	[ -n "$TESTING" ] && return

From 9b5276f1ab401a65f99de480304d8bfd1174ec8a Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Fri, 9 Apr 2021 09:59:54 -0400
Subject: [PATCH 02/11] Remove bad `||` statement

---
 setup/so-setup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-setup b/setup/so-setup
index 79c9b9784..84fcf5c34 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -575,7 +575,7 @@ if [[ $is_manager || $is_import ]]; then collect_so_allow; fi
 set_redirect >> $setup_log 2>&1
 
 if [[ $is_minion ]] && ! check_manager_state; then
-	whiptail_manager_error || exit 1
+	whiptail_manager_error
 fi
 
 whiptail_end_settings

From fc9df2bbaec84bc8d6a1d780074de4cd588f0019 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Fri, 9 Apr 2021 10:00:50 -0400
Subject: [PATCH 03/11] Update airgap question to ask during minion installs
 too

---
 setup/so-setup    | 2 +-
 setup/so-whiptail | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/setup/so-setup b/setup/so-setup
index 84fcf5c34..f53909bdc 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -264,7 +264,7 @@ elif [ "$install_type" = 'ANALYST' ]; then
 fi
 
 # Check if this is an airgap install
-if [[ ( $is_manager || $is_import ) && $is_iso ]]; then
+if [[ $is_iso || $is_minion ]]; then
 	whiptail_airgap
 	if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
 		is_airgap=true
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 2b1199fb5..368b6b0cd 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -19,10 +19,13 @@ whiptail_airgap() {
 
 	[ -n "$TESTING" ] && return
 
+	local node_str='node'
+	[[ $is_manager || $is_import ]] && node_str='manager'
+
 	INTERWEBS=$(whiptail --title "Security Onion Setup" --radiolist \
 	"Choose your install conditions:" 20 75 4 \
-	"STANDARD" "This manager has internet accesss" ON  \
-	"AIRGAP" "This manager does not have internet access" OFF 3>&1 1>&2 2>&3 )
+	"STANDARD" "This $node_str has internet accesss" ON  \
+	"AIRGAP" "This $node_str does not have internet access" OFF 3>&1 1>&2 2>&3 )
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus

From 764307bfa055a667f00b8fd5fae5b173c5407103 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Fri, 9 Apr 2021 10:09:28 -0400
Subject: [PATCH 04/11] Reformat airgap whiptail prompt

---
 setup/so-whiptail | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index 368b6b0cd..1fbfa34dd 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -23,12 +23,14 @@ whiptail_airgap() {
 	[[ $is_manager || $is_import ]] && node_str='manager'
 
 	INTERWEBS=$(whiptail --title "Security Onion Setup" --radiolist \
-	"Choose your install conditions:" 20 75 4 \
-	"STANDARD" "This $node_str has internet accesss" ON  \
-	"AIRGAP" "This $node_str does not have internet access" OFF 3>&1 1>&2 2>&3 )
+	"How should this $node_str be installed?" 10 60 2 \
+	"Standard    " "This $node_str has internet accesss." ON  \
+	"Airgap      " "This $node_str does not have internet access." OFF 3>&1 1>&2 2>&3 )
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
+
+	INTERWEBS=$(echo "${INTERWEBS^^}" | tr -d ' ')
 }
 
 whiptail_avoid_default_hostname() {

From 026ce769666f11a4e439dc70149654863a0cd1e9 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Fri, 9 Apr 2021 10:11:00 -0400
Subject: [PATCH 05/11] Change airgap prompt to menu

---
 setup/so-whiptail | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index 1fbfa34dd..50b50e353 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -22,10 +22,10 @@ whiptail_airgap() {
 	local node_str='node'
 	[[ $is_manager || $is_import ]] && node_str='manager'
 
-	INTERWEBS=$(whiptail --title "Security Onion Setup" --radiolist \
+	INTERWEBS=$(whiptail --title "Security Onion Setup" --menu \
 	"How should this $node_str be installed?" 10 60 2 \
-	"Standard    " "This $node_str has internet accesss." ON  \
-	"Airgap      " "This $node_str does not have internet access." OFF 3>&1 1>&2 2>&3 )
+	"Standard    " "This $node_str has internet accesss"  \
+	"Airgap      " "This $node_str does not have internet access" 3>&1 1>&2 2>&3 )
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus

From 4db20a00fff56b2be682cb4199c975acfb83dfc7 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Fri, 9 Apr 2021 10:16:19 -0400
Subject: [PATCH 06/11] Add quotes around description, since it can contain
 spaces

---
 setup/so-setup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-setup b/setup/so-setup
index f53909bdc..bac2fcdfd 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -339,7 +339,7 @@ if ! [[ -f $install_opt_file ]]; then
 			"HOSTNAME=$HOSTNAME" \
 			"MSRV=$MSRV" \
 			"MSRVIP=$MSRVIP" \
-			"NODE_DESCRIPTION=$NODE_DESCRIPTION" > "$install_opt_file"
+			"NODE_DESCRIPTION=\"$NODE_DESCRIPTION\"" > "$install_opt_file"
 		[[ -n $so_proxy ]] && echo "so_proxy=$so_proxy" >> "$install_opt_file"
 		download_repo_tarball
 		exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}"

From 5d98c896a3791434491afdedc1de6a55fbf87a40 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Mon, 12 Apr 2021 12:53:17 -0400
Subject: [PATCH 07/11] /opt/so/log needs 755 permissions for soremote to read
 sostatus log

---
 salt/common/init.sls | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/salt/common/init.sls b/salt/common/init.sls
index 3ce6286be..ee7cad5e6 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -51,6 +51,11 @@ sosaltstackperms:
     - gid: 939
     - dir_mode: 770
 
+so_log_perms:
+  file.directory:
+    - name: /opt/so/log
+    - dir_mode: 755
+
 # Create a state directory
 statedir:
   file.directory:

From 73a1bdd885f7943ee52538e025282dcc736101fa Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Mon, 12 Apr 2021 12:59:45 -0400
Subject: [PATCH 08/11] Send stdout to log, and actually populate error message

---
 setup/so-functions | 2 +-
 setup/so-whiptail  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup/so-functions b/setup/so-functions
index 604eb56b7..5f07bb3b0 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -164,7 +164,7 @@ check_hive_init() {
 
 check_manager_state() {
 	echo "Checking state of manager services. This may take a moment..."
-	retry 2 15 "__check_so_status" && retry 2 15 "__check_salt_master" && return 0 || return 1
+	retry 2 15 "__check_so_status" >> $setup_log 2>&1 && retry 2 15 "__check_salt_master" >> $setup_log 2>&1 && return 0 || return 1
 }
 
 __check_so_status() {
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 50b50e353..6ce2c214c 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -1147,7 +1147,7 @@ whiptail_manager_adv_service_zeeklogs() {
 
 whiptail_manager_error() {
 	local msg
-	read -r -d '' <<- EOM
+	read -r -d '' msg <<- EOM
 	Setup could not determine if the manager $MSRV is in a good state.
 
 	Continuing without verifying all services on the manager are running may result in a failure.

From cc344d921ac481d17e5d2e6f4179215a46e1ca9e Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Mon, 12 Apr 2021 16:13:32 -0400
Subject: [PATCH 09/11] Skip whiptail during testing, echo error message to
 setup log

---
 setup/so-setup    | 1 +
 setup/so-whiptail | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/setup/so-setup b/setup/so-setup
index bac2fcdfd..ad210048a 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -575,6 +575,7 @@ if [[ $is_manager || $is_import ]]; then collect_so_allow; fi
 set_redirect >> $setup_log 2>&1
 
 if [[ $is_minion ]] && ! check_manager_state; then
+	echo "Manager was not in a good state" >> "$setup_log" 2>&1
 	whiptail_manager_error
 fi
 
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 6ce2c214c..6f1cc6171 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -1146,6 +1146,9 @@ whiptail_manager_adv_service_zeeklogs() {
 }
 
 whiptail_manager_error() {
+
+	[ -n "$TESTING" ] && return
+
 	local msg
 	read -r -d '' msg <<- EOM
 	Setup could not determine if the manager $MSRV is in a good state.
@@ -1159,9 +1162,6 @@ whiptail_manager_error() {
 }
 
 whiptail_manager_updates() {
-
-	[ -n "$TESTING" ] && return
-
 	local update_string
 	update_string=$(whiptail --title "Security Onion Setup" --radiolist \
 	"How would you like to download OS package updates for your grid?" 20 75 4 \

From 25637b74dbece9886e23489555ddb80b395466f5 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Mon, 12 Apr 2021 16:14:47 -0400
Subject: [PATCH 10/11] Add back removed testing skip

---
 setup/so-whiptail | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index 6f1cc6171..6127a174a 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -1162,6 +1162,9 @@ whiptail_manager_error() {
 }
 
 whiptail_manager_updates() {
+
+	[ -n "$TESTING" ] && return
+
 	local update_string
 	update_string=$(whiptail --title "Security Onion Setup" --radiolist \
 	"How would you like to download OS package updates for your grid?" 20 75 4 \

From 9d09e7bec3cbfa0d192e4df4a1594483ffbb5155 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Mon, 12 Apr 2021 16:25:17 -0400
Subject: [PATCH 11/11] Fix sostatus log cron job

---
 salt/common/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/init.sls b/salt/common/init.sls
index ee7cad5e6..f7a4d6731 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -316,7 +316,7 @@ sostatus_log:
     - mode: 644
     
 # Install sostatus check cron
-/usr/sbin/so-status -q && echo $? > /opt/so/log/sostatus/status.log 2>&1:
+'/usr/sbin/so-status -q; echo $? > /opt/so/log/sostatus/status.log 2>&1':
   cron.present:
     - user: root
     - minute: '*/5'