CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3846 from Security-Onion-Solutions/foxtrot

Browse Source 
Setup changes/fixes
This commit is contained in:
William Wernert
2021-04-12 16:39:08 -04:00
committed by GitHub
parent 2fa01c9386 9d09e7bec3
commit 2392c0e2d4
4 changed files with 64 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
salt/common/init.sls
View File

@@ -51,6 +51,11 @@ sosaltstackperms:
- gid: 939 - gid: 939
- dir_mode: 770 - dir_mode: 770
so_log_perms:
file.directory:
- name: /opt/so/log
- dir_mode: 755
# Create a state directory # Create a state directory
statedir: statedir:
file.directory: file.directory:
@@ -304,9 +309,14 @@ sostatusdir:
- user: 0 - user: 0
- group: 0 - group: 0
- makedirs: True - makedirs: True
sostatus_log:
file.managed:
- name: /opt/so/log/sostatus/status.log
- mode: 644
# Install sostatus check cron # Install sostatus check cron
/usr/sbin/so-status -q && echo $? > /opt/so/log/sostatus/status.log 2>&1: '/usr/sbin/so-status -q; echo $? > /opt/so/log/sostatus/status.log 2>&1':
cron.present: cron.present:
- user: root - user: root
- minute: '*/5' - minute: '*/5'

19
setup/so-functions
View File

@@ -162,6 +162,25 @@ check_hive_init() {
docker rm so-thehive docker rm so-thehive
} }
check_manager_state() {
echo "Checking state of manager services. This may take a moment..."
retry 2 15 "__check_so_status" >> $setup_log 2>&1 && retry 2 15 "__check_salt_master" >> $setup_log 2>&1 && return 0 || return 1
}
__check_so_status() {
local so_status_output
so_status_output=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" cat /opt/so/log/sostatus/status.log)
[[ -z $so_status_output ]] && so_status_output=1
return $so_status_output
}
__check_salt_master() {
local salt_master_status
salt_master_status=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master)
[[ -z $salt_master_status ]] && salt_master_status=1
return $salt_master_status
}
check_network_manager_conf() { check_network_manager_conf() {
local gmdconf="/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf" local gmdconf="/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf"
local nmconf="/etc/NetworkManager/NetworkManager.conf" local nmconf="/etc/NetworkManager/NetworkManager.conf"

9
setup/so-setup
View File

@@ -264,7 +264,7 @@ elif [ "$install_type" = 'ANALYST' ]; then
fi fi
# Check if this is an airgap install # Check if this is an airgap install
if [[ ( $is_manager || $is_import ) && $is_iso ]]; then if [[ $is_iso || $is_minion ]]; then
whiptail_airgap whiptail_airgap
if [[ "$INTERWEBS" == 'AIRGAP' ]]; then if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
is_airgap=true is_airgap=true
@@ -339,7 +339,7 @@ if ! [[ -f $install_opt_file ]]; then
"HOSTNAME=$HOSTNAME" \ "HOSTNAME=$HOSTNAME" \
"MSRV=$MSRV" \ "MSRV=$MSRV" \
"MSRVIP=$MSRVIP" \ "MSRVIP=$MSRVIP" \
"NODE_DESCRIPTION=$NODE_DESCRIPTION" > "$install_opt_file" "NODE_DESCRIPTION=\"$NODE_DESCRIPTION\"" > "$install_opt_file"
[[ -n $so_proxy ]] && echo "so_proxy=$so_proxy" >> "$install_opt_file" [[ -n $so_proxy ]] && echo "so_proxy=$so_proxy" >> "$install_opt_file"
download_repo_tarball download_repo_tarball
exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}" exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}"
@@ -574,6 +574,11 @@ if [[ $is_manager || $is_import ]]; then collect_so_allow; fi
# This block sets REDIRECTIT which is used by a function outside the below subshell # This block sets REDIRECTIT which is used by a function outside the below subshell
set_redirect >> $setup_log 2>&1 set_redirect >> $setup_log 2>&1
if [[ $is_minion ]] && ! check_manager_state; then
echo "Manager was not in a good state" >> "$setup_log" 2>&1
whiptail_manager_error
fi
whiptail_end_settings whiptail_end_settings
# From here on changes will be made. # From here on changes will be made.

33
setup/so-whiptail
View File

@@ -19,13 +19,18 @@ whiptail_airgap() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
INTERWEBS=$(whiptail --title "Security Onion Setup" --radiolist \ local node_str='node'
"Choose your install conditions:" 20 75 4 \ [[ $is_manager || $is_import ]] && node_str='manager'
"STANDARD" "This manager has internet accesss" ON \
"AIRGAP" "This manager does not have internet access" OFF 3>&1 1>&2 2>&3 ) INTERWEBS=$(whiptail --title "Security Onion Setup" --menu \
"How should this $node_str be installed?" 10 60 2 \
"Standard " "This $node_str has internet accesss" \
"Airgap " "This $node_str does not have internet access" 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
INTERWEBS=$(echo "${INTERWEBS^^}" | tr -d ' ')
} }
whiptail_avoid_default_hostname() { whiptail_avoid_default_hostname() {
@@ -79,7 +84,7 @@ whiptail_bond_nics_mtu() {
whiptail_cancel() { whiptail_cancel() {
whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75 whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup." 8 75
if [ -d "/root/installtmp" ]; then if [ -d "/root/installtmp" ]; then
{ {
echo "/root/installtmp exists"; echo "/root/installtmp exists";
@@ -88,7 +93,7 @@ whiptail_cancel() {
} >> $setup_log 2>&1 } >> $setup_log 2>&1
fi fi
title "User cancelled setup, no changes made." title "User cancelled setup."
exit exit
} }
@@ -1140,6 +1145,22 @@ whiptail_manager_adv_service_zeeklogs() {
} }
whiptail_manager_error() {
[ -n "$TESTING" ] && return
local msg
read -r -d '' msg <<- EOM
Setup could not determine if the manager $MSRV is in a good state.
Continuing without verifying all services on the manager are running may result in a failure.
Would you like to continue anyway?
EOM
whiptail --title "Security Onion Setup" --yesno "$msg" 13 75 || whiptail_check_exitstatus 1
}
whiptail_manager_updates() { whiptail_manager_updates() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return