From f077b5c96df4babb14c6d0ef700621cf87b72abe Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 23 Jan 2023 13:11:50 -0500 Subject: [PATCH 01/13] Remove 18.04 --- setup/so-functions | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index a046b49ca..0005e90b4 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -909,9 +909,7 @@ detect_os() { elif [ -f /etc/os-release ]; then OS=ubuntu - if grep -q "UBUNTU_CODENAME=bionic" /etc/os-release; then - OSVER=bionic - elif grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then + if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then OSVER=focal else info "We do not support your current version of Ubuntu." From 2da30f42d414cb7c03b683a68f2f2221b52b8247 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 24 Jan 2023 10:07:32 -0500 Subject: [PATCH 02/13] Check for Ubuntu --- setup/so-functions | 11 +++++++++++ setup/so-setup | 10 ++++++++++ setup/so-whiptail | 22 ++++++++++++++++++++++ 3 files changed, 43 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 0005e90b4..50e1704d9 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2303,6 +2303,17 @@ so_add_user() { fi } +ubuntu_check() { + if [[ $OS == "ubuntu" ]]; then + if [[ $waitforstate ]]; then + whiptail_ubuntu_notsupported + exit 1 + else + whiptail_ubuntu_warning + fi + fi +} + update_sudoers_for_testing() { if [ -n "$TESTING" ]; then info "Ensuring $INSTALLUSERNAME has password-less sudo access for automated testing purposes." diff --git a/setup/so-setup b/setup/so-setup index 2b0abedc8..bbc3ae971 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -314,6 +314,7 @@ if ! [[ -f $install_opt_file ]]; then # If you are a manager ask ALL the manager things here. I know there is code re-use but this makes it easier to add new roles. if [[ $is_eval ]]; then waitforstate=true + ubuntu_check monints=true check_elastic_license check_requirements "manager" @@ -336,6 +337,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_standalone ]]; then waitforstate=true + ubuntu_check monints=true check_elastic_license check_requirements "manager" @@ -359,6 +361,7 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_manager ]]; then check_elastic_license waitforstate=true + ubuntu_check check_requirements "manager" networking_needful collect_dockernet @@ -378,6 +381,7 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_managersearch ]]; then check_elastic_license waitforstate=true + ubuntu_check check_requirements "manager" networking_needful collect_dockernet @@ -395,6 +399,7 @@ if ! [[ -f $install_opt_file ]]; then collect_so_allow whiptail_end_settings elif [[ $is_sensor ]]; then + ubuntu_check monints=true check_requirements "sensor" calculate_useable_cores @@ -410,6 +415,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_searchnode ]]; then + ubuntu_check check_requirements "elasticsearch" networking_needful check_network_manager_conf @@ -422,6 +428,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_heavynode ]]; then + ubuntu_check monints=true check_requirements "heavynode" calculate_useable_cores @@ -432,6 +439,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_idh ]]; then + ubuntu_check check_requirements "idh" networking_needful collect_mngr_hostname @@ -440,6 +448,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_import ]]; then + ubuntu_check waitforstate=true monints=true check_elastic_license @@ -461,6 +470,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_receiver ]]; then + ubuntu_check check_requirements "receiver" networking_needful collect_mngr_hostname diff --git a/setup/so-whiptail b/setup/so-whiptail index a03c85645..5615edf41 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1327,6 +1327,28 @@ whiptail_storage_requirements() { whiptail_check_exitstatus $exitstatus } +whiptail_ubuntu_notsupported() { + [ -n "$TESTING" ] && return + + read -r -d '' message <<- EOM + Ubuntu is not supported for this node type. + + Please use a supported OS or install via ISO. + EOM + whiptail --title "$whiptail_title" --msgbox "$message" 14 75 +} + +whiptail_ubuntu_warning() { + [ -n "$TESTING" ] && return + + read -r -d '' message <<- EOM + Ubuntu support for this node type is limited. + + Please consider using a fully supported OS or install via ISO. + EOM + whiptail --title "$whiptail_title" --msgbox "$message" 14 75 + +} whiptail_uppercase_warning() { [ -n "$TESTING" ] && return From a048034f168f7818f3d08bf8e30f9d2dcd24b8b9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 24 Jan 2023 13:38:39 -0500 Subject: [PATCH 03/13] Salt for Ubuntu --- setup/so-functions | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 50e1704d9..53d40be4b 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1990,6 +1990,42 @@ repo_sync_local() { } saltify() { + if [[ $is_ubuntu ]]; then + + DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || exit 1 + update-alternatives --install /usr/bin/python python /usr/bin/python3.8 10 + local pkg_arr=( + 'apache2-utils' + 'ca-certificates' + 'curl' + 'software-properties-common' + 'apt-transport-https' + 'openssl' + 'netcat' + 'jq' + ) + retry 150 20 "apt-get -y install ${pkg_arr[*]}" || exit 1 + + # Add SO Saltstack Repo + logCmd "wget -q --inet4-only -O - https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub | apt-key add -" + echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list + + # Add Docker Repo + logCmd "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -" + add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + + # Ain't nothing but a GPG + mkdir -p "$temp_install_dir"/gpg + apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub + apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH + + retry 150 20 "apt-get update" "" "Err:" || exit 1 + retry 150 20 "apt-get -y install salt-minion=3004.2+ds-1 salt-common=3004.2+ds-1" || exit 1 + retry 150 20 "apt-mark hold salt-minion salt-common" || exit 1 + retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 + + fi + if [[ $is_centos ]]; then RUSALTY=$(rpm -qa | grep salt-minion | wc -l) if [[ "$RUSALTY" -gt 0 ]]; then From b89e7efeea39310ab1807515912b065217548b27 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 24 Jan 2023 15:30:46 -0500 Subject: [PATCH 04/13] Salt for Ubuntu --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index 53d40be4b..0f06f7861 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -911,6 +911,7 @@ detect_os() { OS=ubuntu if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then OSVER=focal + is_ubuntu=true else info "We do not support your current version of Ubuntu." exit 1 From 20f7a77886abcc235833c8295eaa42ae89a0cd37 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 24 Jan 2023 15:43:12 -0500 Subject: [PATCH 05/13] Salt for Ubuntu --- setup/so-functions | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 0f06f7861..3299509e1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2007,18 +2007,20 @@ saltify() { ) retry 150 20 "apt-get -y install ${pkg_arr[*]}" || exit 1 + logCmd "mkdir -vp /opt/so/gpg" + logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt/SALTSTACK-GPG-KEY.pub" + logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg" + # Add SO Saltstack Repo logCmd "wget -q --inet4-only -O - https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub | apt-key add -" - echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list + echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/focal main" > /etc/apt/sources.list.d/saltstack.list + curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004/salt-archive-keyring.gpg # Add Docker Repo logCmd "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -" add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" # Ain't nothing but a GPG - mkdir -p "$temp_install_dir"/gpg - apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub - apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH retry 150 20 "apt-get update" "" "Err:" || exit 1 retry 150 20 "apt-get -y install salt-minion=3004.2+ds-1 salt-common=3004.2+ds-1" || exit 1 From 177ddc11833093fc01b8869cf87402e1231321ac Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 24 Jan 2023 15:48:48 -0500 Subject: [PATCH 06/13] Salt for Ubuntu --- setup/so-functions | 1 - 1 file changed, 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 3299509e1..9629c0200 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2014,7 +2014,6 @@ saltify() { # Add SO Saltstack Repo logCmd "wget -q --inet4-only -O - https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub | apt-key add -" echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/focal main" > /etc/apt/sources.list.d/saltstack.list - curl -fsSL -o /usr/share/keyrings/salt-archive-keyring.gpg https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004/salt-archive-keyring.gpg # Add Docker Repo logCmd "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -" From 5a223981ca1dbb034ac0b84ec9734c953c59efd7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 24 Jan 2023 15:57:05 -0500 Subject: [PATCH 07/13] Salt for Ubuntu --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 9629c0200..6f7a89313 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2010,13 +2010,13 @@ saltify() { logCmd "mkdir -vp /opt/so/gpg" logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt/SALTSTACK-GPG-KEY.pub" logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg" - + logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub" + logCmd "apt-key add /opt/so/gpg/docker.pub" + # Add SO Saltstack Repo - logCmd "wget -q --inet4-only -O - https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub | apt-key add -" echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/focal main" > /etc/apt/sources.list.d/saltstack.list # Add Docker Repo - logCmd "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -" add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" # Ain't nothing but a GPG From 53d6823ba7f6a3b81fc1ba488199da07706639a4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 24 Jan 2023 16:00:03 -0500 Subject: [PATCH 08/13] Salt for Ubuntu --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 6f7a89313..41e877ab8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2008,11 +2008,11 @@ saltify() { retry 150 20 "apt-get -y install ${pkg_arr[*]}" || exit 1 logCmd "mkdir -vp /opt/so/gpg" - logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt/SALTSTACK-GPG-KEY.pub" + logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub" logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg" logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub" logCmd "apt-key add /opt/so/gpg/docker.pub" - + # Add SO Saltstack Repo echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/focal main" > /etc/apt/sources.list.d/saltstack.list From d5f8ea866101f9e2bbcb0190e6995d0c0c7707a3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 24 Jan 2023 16:05:16 -0500 Subject: [PATCH 09/13] Salt for Ubuntu --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 41e877ab8..cff943376 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2014,7 +2014,7 @@ saltify() { logCmd "apt-key add /opt/so/gpg/docker.pub" # Add SO Saltstack Repo - echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/focal main" > /etc/apt/sources.list.d/saltstack.list + echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list # Add Docker Repo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" From 161881efbbeaefcdfd74926bbc44ccae0f4fec30 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 24 Jan 2023 16:25:26 -0500 Subject: [PATCH 10/13] Salt for Ubuntu --- salt/repo/client/ubuntu.sls | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 salt/repo/client/ubuntu.sls diff --git a/salt/repo/client/ubuntu.sls b/salt/repo/client/ubuntu.sls new file mode 100644 index 000000000..a5d55fa5e --- /dev/null +++ b/salt/repo/client/ubuntu.sls @@ -0,0 +1,20 @@ +# this removes the repo file left by bootstrap-salt.sh without -r +remove_salt.list: + file.absent: + - name: /etc/apt/sources.list.d/salt.list + +saltstack.list: + file.managed: + - name: /etc/apt/sources.list.d/saltstack.list + - contents: + - deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/{{grains.osrelease}}/amd64/salt3004.2/ {{grains.oscodename}} main + +apt_update: + cmd.run: + - name: apt-get update + - onchanges: + - file: saltstack.list + - timeout: 30 + - retry: + attempts: 5 + interval: 30 \ No newline at end of file From 9243b01cbb094c495be355ae3578810fb6df6d98 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 25 Jan 2023 11:44:22 -0500 Subject: [PATCH 11/13] Salt for Ubuntu --- salt/common/packages.sls | 28 +++++++++++++++++++++++++++- salt/docker/init.sls | 14 ++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index e52e8174f..34935613e 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -1,6 +1,32 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} -{% if GLOBALS.os != 'CentOS' %} +{% if GLOBALS.os == 'Ubuntu' %} +commonpkgs: + pkg.installed: + - skip_suggestions: True + - pkgs: + - apache2-utils + - wget + - ntpdate + - jq + - python3-docker + - curl + - ca-certificates + - software-properties-common + - apt-transport-https + - openssl + - netcat + - python3-mysqldb + - sqlite3 + - libssl-dev + - python3-dateutil + - python3-m2crypto + - python3-mysqldb + - python3-packaging + - python3-lxml + - git + - vim +{% elif GLOBALS.os == 'Rocky' %} commonpkgs: pkg.installed: - skip_suggestions: True diff --git a/salt/docker/init.sls b/salt/docker/init.sls index f8f89e058..405a75938 100644 --- a/salt/docker/init.sls +++ b/salt/docker/init.sls @@ -4,12 +4,25 @@ # Elastic License 2.0. {% from 'docker/docker.map.jinja' import DOCKER %} +{% from 'vars/globals.map.jinja' import GLOBALS %} + dockergroup: group.present: - name: docker - gid: 920 +{% if GLOBALS.os == 'Ubuntu' %} +dockerheldpackages: + pkg.installed: + - pkgs: + - containerd.io: 1.4.9-1 + - docker-ce: 5:20.10.8~3-0~ubuntu-focal + - docker-ce-cli: 5:20.10.5~3-0~ubuntu-focal + - docker-ce-rootless-extras: 5:20.10.5~3-0~ubuntu-focal + - hold: True + - update_holds: True +{% else %} dockerheldpackages: pkg.installed: - pkgs: @@ -19,6 +32,7 @@ dockerheldpackages: - docker-ce-rootless-extras: 20.10.5-3.el7 - hold: True - update_holds: True +{% endif %} #disable docker from managing iptables iptables_disabled: From 704d99e757751d109c89c8f9294b661f04d85dea Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 25 Jan 2023 11:50:19 -0500 Subject: [PATCH 12/13] Salt for Ubuntu --- salt/common/packages.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 34935613e..0bb36d07f 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -5,6 +5,7 @@ commonpkgs: pkg.installed: - skip_suggestions: True - pkgs: + - chrony - apache2-utils - wget - ntpdate From 498301b1117eae3f4803a8c1a173a3235b4ea2d3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 25 Jan 2023 12:00:19 -0500 Subject: [PATCH 13/13] Salt for Ubuntu --- setup/so-functions | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index cff943376..26c66736f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2347,7 +2347,12 @@ ubuntu_check() { whiptail_ubuntu_notsupported exit 1 else - whiptail_ubuntu_warning + if [[ $UBUNTUINSTALL == "needtoupgrade" ]]; then + whiptail_ubuntu_warning + else + whiptail_ubuntu_notsupported + exit 1 + fi fi fi }