CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Always ask for ntp setup on iso installs, don't ask on network installs

Browse Source
This commit is contained in:
William Wernert
2021-03-30 09:54:21 -04:00
parent 0e9ffe033d
commit 25eca39428
2 changed files with 21 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
setup/so-functions
View File

@@ -487,20 +487,18 @@ collect_node_ls_pipeline_worker_count() {
} }
collect_ntp_servers() { collect_ntp_servers() {
if [[ $is_airgap || "$NSMSETUP" = 'ADVANCED' || "$MANAGERADV" = 'ADVANCED' || -n $so_proxy ]]; then if whiptail_ntp_ask; then
if whiptail_ntp_ask; then [[ $is_airgap ]] && ntp_string=""
[[ $is_airgap ]] && ntp_string="" whiptail_ntp_servers "$ntp_string"
while ! valid_ntp_list "$ntp_string"; do
whiptail_invalid_input
whiptail_ntp_servers "$ntp_string" whiptail_ntp_servers "$ntp_string"
done
while ! valid_ntp_list "$ntp_string"; do IFS="," read -r -a ntp_servers <<< "$ntp_string" # Split string on commas into array
whiptail_invalid_input else
whiptail_ntp_servers "$ntp_string" ntp_servers=()
done
IFS="," read -r -a ntp_servers <<< "$ntp_string" # Split string on commas into array
else
ntp_servers=()
fi
fi fi
} }
@@ -725,21 +723,19 @@ configure_ntp() {
# Install chrony if it isn't already installed # Install chrony if it isn't already installed
if ! command -v chronyc &> /dev/null; then if ! command -v chronyc &> /dev/null; then
if [ "$OS" == centos ]; then yum -y install chrony
yum -y install chrony
else
retry 50 10 "apt-get -y install chrony" || exit 1
fi
fi fi
[[ -f $chrony_conf ]] && rm -f $chrony_conf [[ -f $chrony_conf ]] && mv $chrony_conf "$chrony_conf.bak"
echo "# Config created by Security Onion" > $chrony_conf
# Build list of servers # Build list of servers
for addr in "${ntp_servers[@]}"; do for addr in "${ntp_servers[@]}"; do
echo "server $addr iburst" >> $chrony_conf echo "server $addr iburst" >> $chrony_conf
done done
printf '%s\n' \ printf '%s\n\n' \
'driftfile /var/lib/chrony/drift' \ 'driftfile /var/lib/chrony/drift' \
'makestep 1.0 3' \ 'makestep 1.0 3' \
'rtcsync' \ 'rtcsync' \
@@ -748,10 +744,10 @@ configure_ntp() {
systemctl enable chronyd systemctl enable chronyd
systemctl start chronyd systemctl start chronyd
# Sync time & update the system time # Tell the chrony daemon to sync time & update the system time
chronyc -a 'burst 4/4' # Since these commands only make a call to chronyd, wait after each command to make sure the changes are made
sleep 20 # Wait for chrony to sync chronyc -a 'burst 4/4' && sleep 30
chronyc -a makestep chronyc -a makestep && sleep 30
} }
checkin_at_boot() { checkin_at_boot() {
@@ -761,12 +757,6 @@ checkin_at_boot() {
echo "startup_states: highstate" >> "$minion_config" echo "startup_states: highstate" >> "$minion_config"
} }
check_ntp_configured() {
if systemctl is-active --quiet chronyd || systemctl is-active --quiet ntpd; then
ntp_configured=true
fi
}
check_requirements() { check_requirements() {
local standalone_or_dist=$1 local standalone_or_dist=$1
local node_type=$2 # optional local node_type=$2 # optional

5
setup/so-setup
View File

@@ -534,8 +534,7 @@ if [[ $is_sensor && ! $is_eval ]]; then
fi fi
fi fi
check_ntp_configured [[ $is_iso ]] && collect_ntp_servers
[[ -z $ntp_configured ]] && collect_ntp_servers
if [[ $is_node && ! $is_eval ]]; then if [[ $is_node && ! $is_eval ]]; then
whiptail_node_advanced whiptail_node_advanced
@@ -584,7 +583,7 @@ set_redirect >> $setup_log 2>&1
# Show initial progress message # Show initial progress message
set_progress_str 0 'Running initial configuration steps' set_progress_str 0 'Running initial configuration steps'
[[ -z $ntp_configured ]] && [[ ${#ntp_servers[@]} -gt 0 ]] && configure_ntp >> $setup_log 2>&1 [[ ${#ntp_servers[@]} -gt 0 ]] && configure_ntp >> $setup_log 2>&1
reserve_ports reserve_ports