Merge pull request #11217 from Security-Onion-Solutions/issue/10975

Issue/10975
2025-12-10 11:12:51 +01:00 · 2023-08-30 12:28:34 -04:00
parent bee83a320b b45e114ef2
commit 257a471383
10 changed files with 65 additions and 57 deletions
--- a/salt/desktop/packages.sls
+++ b/salt/desktop/packages.sls
@@ -1,7 +1,5 @@
-{% from 'vars/globals.map.jinja' import GLOBALS %}
-
 {# we only want this state to run it is CentOS #}
-{% if GLOBALS.os == 'OEL' %}
+{% if grains.os == 'OEL' %}

 desktop_packages:
  pkg.installed:
--- a/salt/desktop/remove_gui.sls
+++ b/salt/desktop/remove_gui.sls
@@ -1,7 +1,5 @@
-{% from 'vars/globals.map.jinja' import GLOBALS %}
-
 {# we only want this state to run it is CentOS #}
-{% if GLOBALS.os == 'OEL' %}
+{% if grains.os == 'OEL' %}

 remove_graphical_target:
  file.symlink:
--- a/salt/desktop/xwindows.sls
+++ b/salt/desktop/xwindows.sls
@@ -1,7 +1,5 @@
-{% from 'vars/globals.map.jinja' import GLOBALS %}
-
 {# we only want this state to run it is CentOS #}
-{% if GLOBALS.os == 'OEL' %}
+{% if grains.os == 'OEL' %}

 include:
  - desktop.packages
--- a/salt/logrotate/init.sls
+++ b/salt/logrotate/init.sls
@@ -3,6 +3,7 @@
 logrotateconfdir:
  file.directory:
    - name: /opt/so/conf/logrotate
+    - makedirs: True

 commonlogrotatescript:
  file.managed:
--- a/salt/manager/tools/sbin/so-minion
+++ b/salt/manager/tools/sbin/so-minion
@@ -187,15 +187,9 @@ function add_logstash_to_minion() {
 # Security Onion Desktop
 function add_desktop_to_minion() {
    printf '%s\n'\
-		"host:"\
-		"  mainint: '$MNIC'"\
 		"desktop:"\
 		"  gui:"\
-		"    enabled: true"\
-		"sensoroni:"\
-		"  enabled: True"\
-		"  config:"\		
-		"    node_description: '${NODE_DESCRIPTION//\'/''}'" >> $PILLARFILE
+		"    enabled: true"\ >> $PILLARFILE
 }

 # Add basic host info to the minion file
@@ -556,6 +550,9 @@ function createRECEIVER() {
 	add_telegraf_to_minion
 }

+function createDESKTOP() {
+	add_desktop_to_minion
+}

 function testConnection() {
 	retry 15 3 "salt '$MINION_ID' test.ping" True
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -28,11 +28,11 @@ base:
    - motd
    - salt.minion-check
    - salt.lasthighstate
-    - docker

  'not *_desktop and G@saltversion:{{saltversion}}':
    - match: compound
    - common
+    - docker

  '*_sensor and G@saltversion:{{saltversion}}':
    - match: compound
--- a/salt/vars/desktop.map.jinja
+++ b/salt/vars/desktop.map.jinja
@@ -0,0 +1 @@
+{% set ROLE_GLOBALS = {} %}
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -91,7 +91,7 @@ desktop_salt_local() {
 	securityonion_repo
 	gpg_rpm_import
 	# Install salt
-	logCmd "yum -y install salt-minion-$SALTVERSION httpd-tools python3 python36-docker python36-dateutil python36-m2crypto python36-mysql python36-packaging python36-lxml yum-utils device-mapper-persistent-data lvm2 openssl jq"
+	logCmd "yum -y install salt-minion-$SALTVERSION httpd-tools python3 python3-dateutil yum-utils device-mapper-persistent-data lvm2 openssl jq"
 	logCmd "yum -y update --exclude=salt*"

 	logCmd "salt-call state.apply desktop --local --file-root=../salt/ -l info"
@@ -1664,9 +1664,7 @@ process_installtype() {
 	elif [ "$install_type" = 'RECEIVER' ]; then
 		is_receiver=true
 	elif [ "$install_type" = 'DESKTOP' ]; then
-		if [ "$setup_type" != 'desktop' ]; then
-			exec bash so-setup desktop
-		fi
+		is_desktop=true
 	fi

 }
@@ -1885,7 +1883,7 @@ securityonion_repo() {
 		if [ -n "$(ls -A /etc/yum.repos.d/ 2>/dev/null)" ]; then
 			logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
 		fi
-		if [[ $is_desktop_iso ]]; then
+		if ! $is_desktop_grid; then
 			gpg_rpm_import
 			if [[ ! $is_airgap ]]; then
 				echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /etc/yum/mirror.txt
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -333,39 +333,41 @@ if [[ $is_desktop ]]; then
 		exit 1
 	fi

-#	if ! whiptail_desktop_install; then
-	if [[ $is_desktop_iso ]]; then
-		if whiptail_desktop_nongrid_iso; then
-			# Remove setup from auto launching
-			parse_install_username
-			sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
-			securityonion_repo
-			info "Enabling graphical interface and setting it to load at boot"
-			systemctl set-default graphical.target
-			info "Setting desktop background"
-			set_desktop_background
-			echo "Desktop Install Complete!"
-			echo ""
-			echo "Please reboot to start graphical interface."
-			exit 0
+	whiptail_desktop_install
+	if ! $is_desktop_grid; then
+		if [[ $is_desktop_iso ]]; then
+			if whiptail_desktop_nongrid_iso; then
+				# Remove setup from auto launching
+				parse_install_username
+				sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
+				securityonion_repo
+				info "Enabling graphical interface and setting it to load at boot"
+				systemctl set-default graphical.target
+				info "Setting desktop background"
+				set_desktop_background
+				echo "Desktop Install Complete!"
+				echo ""
+				echo "Please reboot to start graphical interface."
+				exit 0
+			else
+				# Abort!
+				exit 0
+			fi
 		else
-			# Abort!
-			exit 0
-		fi
-	else
-		if whiptail_desktop_nongrid_network; then
-			info ""
-			info ""
-			info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection."
-			info ""
-			info ""
-			desktop_salt_local
-		else
-			# Abort!
-			exit 0
+			if whiptail_desktop_nongrid_network; then
+				networking_needful
+				info ""
+				info ""
+				info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection."
+				info ""
+				info ""
+				desktop_salt_local
+			else
+				# Abort!
+				exit 0
+			fi
 		fi
 	fi
-#	fi

 	# If you got this far then you want to join the grid
 	is_minion=true
@@ -574,6 +576,17 @@ if ! [[ -f $install_opt_file ]]; then
 		check_manager_connection
 		set_minion_info
 		whiptail_end_settings
+
+	elif [[ $is_desktop ]]; then
+		info "Setting up as node type desktop"
+		#check_requirements "desktop"
+		networking_needful
+		collect_mngr_hostname
+		add_mngr_ip_to_hosts
+		check_manager_connection
+		set_minion_info
+		whiptail_end_settings
+
 	fi

 	if [[ $waitforstate ]]; then
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -58,6 +58,12 @@ whiptail_desktop_install() {
 	whiptail --title "$whiptail_title" \
 		--yesno "$message" 11 75 --defaultno

+	if [ $? -eq 0 ]; then
+		is_desktop_grid=true
+	else
+		is_desktop_grid=false
+	fi
+
 }

 whiptail_desktop_nongrid_iso() {
@@ -678,9 +684,7 @@ whiptail_install_type_dist_existing() {
 	elif [ "$install_type" = 'RECEIVER' ]; then
 		is_receiver=true
 	elif [ "$install_type" = 'DESKTOP' ]; then
-		if [ "$setup_type" != 'desktop' ]; then
-			exec bash so-setup desktop
-		fi
+		is_desktop=true
 	fi

 	local exitstatus=$?
@@ -694,7 +698,7 @@ whiptail_install_type_other() {

 	install_type=$(whiptail --title "$whiptail_title" --menu \
 		"Choose node type:" 10 65 2 \
-		"DESKTOP" "Setup will run 'so-setup desktop' " 3>&1 1>&2 2>&3)
+		"DESKTOP" "Install Security Onion Desktop " 3>&1 1>&2 2>&3)
 	
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus