Merge pull request #11217 from Security-Onion-Solutions/issue/10975

Issue/10975

salt/desktop/packages.sls

@@ -1,7 +1,5 @@
-{% from 'vars/globals.map.jinja' import GLOBALS %}
-
 {# we only want this state to run it is CentOS #}
-{% if GLOBALS.os == 'OEL' %}
+{% if grains.os == 'OEL' %}
 
 desktop_packages:
   pkg.installed:

salt/desktop/remove_gui.sls

@@ -1,7 +1,5 @@
-{% from 'vars/globals.map.jinja' import GLOBALS %}
-
 {# we only want this state to run it is CentOS #}
-{% if GLOBALS.os == 'OEL' %}
+{% if grains.os == 'OEL' %}
 
 remove_graphical_target:
   file.symlink:

salt/desktop/xwindows.sls

@@ -1,7 +1,5 @@
-{% from 'vars/globals.map.jinja' import GLOBALS %}
-
 {# we only want this state to run it is CentOS #}
-{% if GLOBALS.os == 'OEL' %}
+{% if grains.os == 'OEL' %}
 
 include:
   - desktop.packages

salt/logrotate/init.sls

@@ -3,6 +3,7 @@
 logrotateconfdir:
   file.directory:
     - name: /opt/so/conf/logrotate
+    - makedirs: True
 
 commonlogrotatescript:
   file.managed:

salt/manager/tools/sbin/so-minion

@@ -187,15 +187,9 @@ function add_logstash_to_minion() {
 # Security Onion Desktop
 function add_desktop_to_minion() {
     printf '%s\n'\
-		"host:"\
-		"  mainint: '$MNIC'"\
 		"desktop:"\
 		"  gui:"\
-		"    enabled: true"\
+		"    enabled: true"\ >> $PILLARFILE
-		"sensoroni:"\
-		"  enabled: True"\
-		"  config:"\		
-		"    node_description: '${NODE_DESCRIPTION//\'/''}'" >> $PILLARFILE
 }
 
 # Add basic host info to the minion file
@@ -556,6 +550,9 @@ function createRECEIVER() {
 	add_telegraf_to_minion
 }
 
+function createDESKTOP() {
+	add_desktop_to_minion
+}
 
 function testConnection() {
 	retry 15 3 "salt '$MINION_ID' test.ping" True

salt/top.sls

@@ -28,12 +28,12 @@ base:
     - motd
     - salt.minion-check
     - salt.lasthighstate
-    - docker
 
   'not *_desktop and G@saltversion:{{saltversion}}':
     - match: compound
     - common
-  
+    - docker
+
   '*_sensor and G@saltversion:{{saltversion}}':
     - match: compound
     - sensor

salt/vars/desktop.map.jinja

@@ -0,0 +1 @@
+{% set ROLE_GLOBALS = {} %}

setup/so-functions

@@ -91,7 +91,7 @@ desktop_salt_local() {
 	securityonion_repo
 	gpg_rpm_import
 	# Install salt
-	logCmd "yum -y install salt-minion-$SALTVERSION httpd-tools python3 python36-docker python36-dateutil python36-m2crypto python36-mysql python36-packaging python36-lxml yum-utils device-mapper-persistent-data lvm2 openssl jq"
+	logCmd "yum -y install salt-minion-$SALTVERSION httpd-tools python3 python3-dateutil yum-utils device-mapper-persistent-data lvm2 openssl jq"
 	logCmd "yum -y update --exclude=salt*"
 
 	logCmd "salt-call state.apply desktop --local --file-root=../salt/ -l info"
@@ -1664,9 +1664,7 @@ process_installtype() {
 	elif [ "$install_type" = 'RECEIVER' ]; then
 		is_receiver=true
 	elif [ "$install_type" = 'DESKTOP' ]; then
-		if [ "$setup_type" != 'desktop' ]; then
+		is_desktop=true
-			exec bash so-setup desktop
-		fi
 	fi
 
 }
@@ -1885,7 +1883,7 @@ securityonion_repo() {
 		if [ -n "$(ls -A /etc/yum.repos.d/ 2>/dev/null)" ]; then
 			logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
 		fi
-		if [[ $is_desktop_iso ]]; then
+		if ! $is_desktop_grid; then
 			gpg_rpm_import
 			if [[ ! $is_airgap ]]; then
 				echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /etc/yum/mirror.txt

setup/so-setup

@@ -333,39 +333,41 @@ if [[ $is_desktop ]]; then
 		exit 1
 	fi
 
-#	if ! whiptail_desktop_install; then
+	whiptail_desktop_install
-	if [[ $is_desktop_iso ]]; then
+	if ! $is_desktop_grid; then
-		if whiptail_desktop_nongrid_iso; then
+		if [[ $is_desktop_iso ]]; then
-			# Remove setup from auto launching
+			if whiptail_desktop_nongrid_iso; then
-			parse_install_username
+				# Remove setup from auto launching
-			sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
+				parse_install_username
-			securityonion_repo
+				sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
-			info "Enabling graphical interface and setting it to load at boot"
+				securityonion_repo
-			systemctl set-default graphical.target
+				info "Enabling graphical interface and setting it to load at boot"
-			info "Setting desktop background"
+				systemctl set-default graphical.target
-			set_desktop_background
+				info "Setting desktop background"
-			echo "Desktop Install Complete!"
+				set_desktop_background
-			echo ""
+				echo "Desktop Install Complete!"
-			echo "Please reboot to start graphical interface."
+				echo ""
-			exit 0
+				echo "Please reboot to start graphical interface."
+				exit 0
+			else
+				# Abort!
+				exit 0
+			fi
 		else
-			# Abort!
+			if whiptail_desktop_nongrid_network; then
-			exit 0
+				networking_needful
-		fi
+				info ""
-	else
+				info ""
-		if whiptail_desktop_nongrid_network; then
+				info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection."
-			info ""
+				info ""
-			info ""
+				info ""
-			info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection."
+				desktop_salt_local
-			info ""
+			else
-			info ""
+				# Abort!
-			desktop_salt_local
+				exit 0
-		else
+			fi
-			# Abort!
-			exit 0
 		fi
 	fi
-#	fi
 
 	# If you got this far then you want to join the grid
 	is_minion=true
@@ -574,6 +576,17 @@ if ! [[ -f $install_opt_file ]]; then
 		check_manager_connection
 		set_minion_info
 		whiptail_end_settings
+
+	elif [[ $is_desktop ]]; then
+		info "Setting up as node type desktop"
+		#check_requirements "desktop"
+		networking_needful
+		collect_mngr_hostname
+		add_mngr_ip_to_hosts
+		check_manager_connection
+		set_minion_info
+		whiptail_end_settings
+
 	fi
 
 	if [[ $waitforstate ]]; then

setup/so-whiptail

@@ -58,6 +58,12 @@ whiptail_desktop_install() {
 	whiptail --title "$whiptail_title" \
 		--yesno "$message" 11 75 --defaultno
 
+	if [ $? -eq 0 ]; then
+		is_desktop_grid=true
+	else
+		is_desktop_grid=false
+	fi
+
 }
 
 whiptail_desktop_nongrid_iso() {
@@ -678,9 +684,7 @@ whiptail_install_type_dist_existing() {
 	elif [ "$install_type" = 'RECEIVER' ]; then
 		is_receiver=true
 	elif [ "$install_type" = 'DESKTOP' ]; then
-		if [ "$setup_type" != 'desktop' ]; then
+		is_desktop=true
-			exec bash so-setup desktop
-		fi
 	fi
 
 	local exitstatus=$?
@@ -694,7 +698,7 @@ whiptail_install_type_other() {
 
 	install_type=$(whiptail --title "$whiptail_title" --menu \
 		"Choose node type:" 10 65 2 \
-		"DESKTOP" "Setup will run 'so-setup desktop' " 3>&1 1>&2 2>&3)
+		"DESKTOP" "Install Security Onion Desktop " 3>&1 1>&2 2>&3)
 	
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus