[feat] Various input validation changes + fixes

* Keep invalid input in subsequent prompts * Remove useless placeholder values * Only set PROCS variable once * Make input collection loops more consistent
2025-12-06 17:22:49 +01:00 · 2021-01-15 18:05:22 -05:00
parent 0af6afa216
commit 32839f8a53
3 changed files with 144 additions and 155 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -129,19 +129,6 @@ add_admin_user() {
 	
 }

-add_manager_hostfile() {
-
-	[ -n "$TESTING" ] && return
-
-	echo "Checking if I can resolve manager. If not add to hosts file" >> "$setup_log" 2>&1
-	# Pop up an input to get the IP address
-	MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter your Manager Server IP Address:" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
-
-	local exitstatus=$?
-	whiptail_check_exitstatus $exitstatus
-}
-
 add_mngr_ip_to_hosts() {
 	echo "$MSRVIP   $MSRV" >> /etc/hosts
 }
@@ -361,7 +348,7 @@ collect_adminuser_inputs() {

 	while ! valid_username "$ADMINUSER"; do
 		whiptail_invalid_input
-		whiptail_create_admin_user
+		whiptail_create_admin_user "$ADMINUSER"
 	done

 	APMATCH=no
@@ -373,62 +360,62 @@ collect_adminuser_inputs() {
 }

 collect_cur_close_days() {
-	whiptail_cur_close_days
+	whiptail_cur_close_days "$CURCLOSEDAYS"

 	while ! valid_int "$CURCLOSEDAYS" "1"; do
 		whiptail_invalid_input
-		whiptail_cur_close_days
+		whiptail_cur_close_days "$CURCLOSEDAYS"
 	done
 }

 collect_dns() {
-	whiptail_management_interface_dns
+	whiptail_management_interface_dns "8.8.8.8,8.8.4.4"

 	while ! valid_dns_list "$MDNS"; do
 		whiptail_invalid_input
-		whiptail_management_interface_dns
+		whiptail_management_interface_dns "$MDNS"
 	done

 	MDNS=$(echo "$MDNS" | tr -s "," " ") # MDNS needs to be space separated, we prompt for comma separated for consistency
 }

 collect_dns_domain() {
-	whiptail_management_interface_dns_search
+	whiptail_management_interface_dns_search "searchdomain.local"

 	while ! valid_fqdn "$MSEARCH"; do
 		whiptail_invalid_input
-		whiptail_management_interface_dns_search
+		whiptail_management_interface_dns_search "$MSEARCH"
 	done
 }

 collect_dockernet() {
 	if ! whiptail_dockernet_check; then
-		whiptail_dockernet_net
+		whiptail_dockernet_net "172.17.0.0"

 		while ! valid_ip4 "$DOCKERNET"; do
 			whiptail_invalid_input
-			whiptail_dockernet_net
+			whiptail_dockernet_net "$DOCKERNET"
 		done
 	fi
 }

 collect_es_cluster_name() {
 	if whiptail_manager_adv_escluster; then
-		whiptail_manager_adv_escluster_name
+		whiptail_manager_adv_escluster_name "securityonion"

 		while ! valid_string "$ESCLUSTERNAME"; do
 			whiptail_invalid_string "ES cluster name"
-			whiptail_manager_adv_escluster_name
+			whiptail_manager_adv_escluster_name "$ESCLUSTERNAME"
 		done
 	fi
 }

 collect_es_space_limit() {
-	whiptail_log_size_limit
+	whiptail_log_size_limit "$log_size_limit"

 	while ! valid_int "$log_size_limit" "1"; do # Upper/lower bounds?
 		whiptail_invalid_input
-		whiptail_log_size_limit
+		whiptail_log_size_limit "$log_size_limit"
 	done
 }

@@ -437,20 +424,17 @@ collect_fleet_custom_hostname_inputs() {

 	while ! valid_fqdn "$FLEETCUSTOMHOSTNAME" || [[ $FLEETCUSTOMHOSTNAME != "" ]]; do
 		whiptail_invalid_input
-		whiptail_fleet_custom_hostname
+		whiptail_fleet_custom_hostname "$FLEETCUSTOMHOSTNAME"
 	done
 }

+# Get a username & password for the Fleet admin user
 collect_fleetuser_inputs() {
-	# Get a username & password for the Fleet admin user
-	local valid_user=no
-	while [[ $valid_user != yes ]]; do
-		whiptail_create_fleet_node_user		
-		if so-user valemail "$FLEETNODEUSER" >> "$setup_log" 2>&1; then
-			valid_user=yes
-		else
-			whiptail_invalid_user_warning
-		fi
+	whiptail_create_fleet_node_user
+	
+	while ! so-user valemail "$FLEETNODEUSER" >> "$setup_log" 2>&1; do
+		whiptail_invalid_user_warning
+		whiptail_create_fleet_node_user "$FLEETNODEUSER"
 	done

 	FPMATCH=no
@@ -470,7 +454,7 @@ collect_gateway() {

 	while ! valid_ip4 "$MGATEWAY"; do
 		whiptail_invalid_input
-		whiptail_management_interface_gateway
+		whiptail_management_interface_gateway "$MGATEWAY"
 	done
 }

@@ -479,11 +463,11 @@ collect_helix_key() {
 }

 collect_homenet_mngr() {
-	whiptail_homenet_manager
+	whiptail_homenet_manager "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12"
 	
 	while ! valid_cidr_list "$HNMANAGER"; do
 		whiptail_invalid_input
-		whiptail_homenet_manager
+		whiptail_homenet_manager "$HNMANAGER"
 	done
 }

@@ -491,21 +475,23 @@ collect_homenet_snsr() {
 	if whiptail_homenet_sensor_inherit; then
 		export HNSENSOR=inherit
 	else
-		whiptail_homenet_sensor
+		whiptail_homenet_sensor "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12"
 		
 		while ! valid_cidr_list "$HNSENSOR"; do
 			whiptail_invalid_input
-			whiptail_homenet_sensor
+			whiptail_homenet_sensor "$HNSENSOR"
 		done
 	fi
 }

 collect_hostname() {
-	whiptail_set_hostname
+	if [[ $automated == no ]] && [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi
+
+	whiptail_set_hostname "$HOSTNAME"

 	while ! valid_hostname "$HOSTNAME"; do
 		whiptail_invalid_hostname
-		whiptail_set_hostname
+		whiptail_set_hostname "$HOSTNAME"
 	done
 }

@@ -514,7 +500,7 @@ collect_int_ip_mask() {

 	while ! valid_cidr "$manager_ip_mask"; do
 		whiptail_invalid_input
-		whiptail_management_interface_ip_mask
+		whiptail_management_interface_ip_mask "$manager_ip_mask"
 	done

 	MIP=$(echo "$manager_ip_mask" | sed 's/\/.*//' )
@@ -526,74 +512,81 @@ collect_mngr_hostname() {

 	while ! valid_hostname "$MSRV"; do
 		whiptail_invalid_hostname
-		whiptail_management_server
+		whiptail_management_server "$MSRV"
 	done

 	if ! getent hosts "$MSRV"; then
-		add_manager_hostfile
+		whiptail_manager_ip
+
+		while ! valid_ip4 "$MSRVIP"; do
+			whiptail_invalid_input
+			whiptail_manager_ip "$MSRVIP"
+		done
 	else
 		MSRVIP=$(getent hosts "$MSRV" | awk 'NR==1{print $1}')
 	fi
 }

 collect_mtu() {
-	whiptail_bond_nics_mtu
+	whiptail_bond_nics_mtu "1500"

 	while ! valid_int "$MTU" "68"; do
 		whiptail_invalid_input
-		whiptail_bond_nics_mtu
+		whiptail_bond_nics_mtu "$MTU"
 	done
 }

 collect_node_es_heap() {
-	whiptail_node_es_heap
+	whiptail_node_es_heap "$ES_HEAP_SIZE"

 	while ! valid_int "$NODE_ES_HEAP_SIZE"; do
 		whiptail_invalid_input
-		whiptail_node_es_heap
+		whiptail_node_es_heap "$NODE_ES_HEAP_SIZE"
 	done
 }

 collect_node_ls_heap() {
-	whiptail_node_ls_heap
+	whiptail_node_ls_heap "$LS_HEAP_SIZE"

 	while ! valid_int "$NODE_LS_HEAP_SIZE"; do
 		whiptail_invalid_input
-		whiptail_node_ls_heap
+		whiptail_node_ls_heap "$NODE_LS_HEAP_SIZE"
 	done
 }

 collect_node_ls_input() {
-	whiptail_node_ls_input_threads
+	whiptail_node_ls_input_threads "1"
+
 	while ! valid_int "$LSINPUTTHREADS"; do
 		whiptail_invalid_input
-		whiptail_node_ls_input_threads
+		whiptail_node_ls_input_threads "$LSINPUTTHREADS"
 	done
 }

 collect_node_ls_pipeline_batch_size() {
-	whiptail_node_ls_pipline_batchsize
+	whiptail_node_ls_pipline_batchsize "125"

 	while ! valid_int "$LSPIPELINEBATCH"; do
 		whiptail_invalid_input
-		whiptail_node_ls_pipline_batchsize
+		whiptail_node_ls_pipline_batchsize "$LSPIPELINEBATCH"
 	done
 }

 collect_node_ls_pipeline_worker_count() {
-	whiptail_node_ls_pipeline_worker
+	whiptail_node_ls_pipeline_worker "$num_cpu_cores"

 	while ! valid_int "$LSPIPELINEWORKERS"; do
 		whiptail_invalid_input
-		whiptail_node_ls_pipeline_worker
+		whiptail_node_ls_pipeline_worker "$LSPIPELINEWORKERS"
 	done
 }

 collect_oinkcode() {
 	whiptail_oinkcode
+
 	while ! valid_string "$OINKCODE" "" "128"; do #TODO: verify max length here
 		whiptail_invalid_input
-		whiptail_oinkcode
+		whiptail_oinkcode "$OINKCODE"
 	done
 }

@@ -624,7 +617,7 @@ collect_patch_schedule_name_new() {

 	while ! valid_string "$PATCHSCHEDULENAME"; do
 		whiptail_invalid_string "schedule name"
-		whiptail_patch_name_new_schedule
+		whiptail_patch_name_new_schedule "$PATCHSCHEDULENAME"
 	done
 }

@@ -633,25 +626,26 @@ collect_patch_schedule_name_import() {

 	while ! valid_string "$PATCHSCHEDULENAME"; do
 		whiptail_invalid_string "schedule name"
-		whiptail_patch_schedule_import
+		whiptail_patch_schedule_import "$PATCHSCHEDULENAME"
 	done
 }

 collect_redirect_host() {
-	whiptail_set_redirect_host
+	whiptail_set_redirect_host "$HOSTNAME"

 	while ! valid_ip4 "$REDIRECTHOST" && ! valid_hostname "$REDIRECTHOST" && ! valid_fqdn "$REDIRECTHOST"; do
 		whiptail_invalid_input
-		whiptail_set_redirect_host
+		whiptail_set_redirect_host "$REDIRECTHOST"
 	done
 }

 collect_so_allow() {
 	if whiptail_so_allow_yesno; then
 		whiptail_so_allow
+
 		while ! valid_cidr "$ALLOW_CIDR" && ! valid_ip4 "$ALLOW_CIDR"; do
 			whiptail_invalid_input
-			whiptail_so_allow
+			whiptail_so_allow "$ALLOW_CIDR"
 		done
 	fi
 }
@@ -667,24 +661,21 @@ collect_soremote_inputs() {
 }

 collect_suri() {
-	whiptail_basic_suri
+	whiptail_basic_suri "$PROCS"

 	while ! valid_int "$BASICSURI"; do
 		whiptail_invalid_input
-		whiptail_basic_suri
+		whiptail_basic_suri "$BASICSURI"
 	done
 }

+# Get an email & password for the web admin user
 collect_webuser_inputs() {
-	# Get a password for the web admin user
-	local valid_user=no
-	while [[ $valid_user != yes ]]; do
-		whiptail_create_web_user		
-		if so-user valemail "$WEBUSER" >> "$setup_log" 2>&1; then
-			valid_user=yes
-		else
-			whiptail_invalid_user_warning
-		fi
+	whiptail_create_web_user
+
+	while ! so-user valemail "$WEBUSER" >> "$setup_log" 2>&1; do
+		whiptail_invalid_user_warning
+		whiptail_create_web_user "$WEBUSER"
 	done

 	WPMATCH=no
@@ -704,11 +695,11 @@ collect_webuser_inputs() {
 }

 collect_zeek() {
-	whiptail_basic_zeek
+	whiptail_basic_zeek "$PROCS"

 	while ! valid_int "$BASICZEEK"; do
 		whiptail_invalid_input
-		whiptail_basic_zeek
+		whiptail_basic_zeek "$BASICZEEK"
 	done
 }

--- a/setup/so-setup
+++ b/setup/so-setup
@@ -461,6 +461,12 @@ if [[ $is_sensor && ! $is_eval ]]; then
 		whiptail_suricata_pins
 		collect_mtu
 	else
+		if [[ $is_node && $is_sensor && ! $is_eval ]]; then
+			PROCS=$(( lb_procs / 2 ))
+			if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
+		else
+			PROCS=$lb_procs
+		fi
 		[[ $ZEEKVERSION == "ZEEK" ]] && collect_zeek
 		collect_suri
 	fi
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -32,15 +32,8 @@ whiptail_basic_suri() {

 	[ -n "$TESTING" ] && return

-	if [[ $is_node && $is_sensor && ! $is_eval ]]; then
-	  local PROCS=$(expr $lb_procs / 2)
-      if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
-	else
-	  local PROCS=$lb_procs
-	fi
-
 	BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter the number of Suricata processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3)
+	"Enter the number of Suricata processes:" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -51,15 +44,8 @@ whiptail_basic_zeek() {

 	[ -n "$TESTING" ] && return

-	if [[ $is_node && $is_sensor && ! $is_eval ]]; then
-	  local PROCS=$(expr $lb_procs / 2)
-      if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
-	else
-	  local PROCS=$lb_procs
-	fi
-
 	BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3)
+	"Enter the number of zeek processes:" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -71,7 +57,7 @@ whiptail_bond_nics_mtu() {

 	# Set the MTU on the monitor interface
 	MTU=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter the MTU for the monitor NICs:" 10 75 1500 3>&1 1>&2 2>&3)
+	"Enter the MTU for the monitor NICs:" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -117,7 +103,7 @@ whiptail_create_admin_user() {
 	[ -n "$TESTING" ] && return

 	ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
-	"Please enter a username for a new system admin user: \nThe local onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
+	"Please enter a username for a new system admin user: \nThe local onion account will be disabled during this install" 10 60 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -151,7 +137,7 @@ whiptail_create_fleet_node_user() {
 	[ -n "$TESTING" ] && return

 	FLEETNODEUSER=$(whiptail --title "Security Onion Install" --inputbox \
-	"Please enter an email for use as the username for the Fleet admin user:" 10 60 3>&1 1>&2 2>&3)
+	"Please enter an email for use as the username for the Fleet admin user:" 10 60 "$1" 3>&1 1>&2 2>&3)

 }

@@ -215,7 +201,7 @@ whiptail_create_web_user() {
 	[ -n "$TESTING" ] && return

 	WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \
-	"Please enter an email address to create an administrator account for the web interface: \nThis will also be used for TheHive, Cortex, and Fleet." 10 60 3>&1 1>&2 2>&3)
+	"Please enter an email address to create an administrator account for the web interface: \nThis will also be used for TheHive, Cortex, and Fleet." 10 60 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -306,7 +292,7 @@ whiptail_cur_close_days() {
 	[ -n "$TESTING" ] && return

 	CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Please specify the threshold (in days) at which Elasticsearch indices will be closed:" 10 75 $CURCLOSEDAYS 3>&1 1>&2 2>&3)
+	"Please specify the threshold (in days) at which Elasticsearch indices will be closed:" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -385,7 +371,7 @@ whiptail_dockernet_net() {
 	[ -n "$TESTING" ] && return

 	DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \
-	"\nEnter a /24 size network range for docker to use WITHOUT the /24 notation: \nThis range will be used on ALL nodes \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3)
+	"\nEnter a /24 size network range for docker to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -441,7 +427,7 @@ whiptail_fleet_custom_hostname() {
 	[ -n "$TESTING" ] && return

 	FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \
-	"What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 3>&1 1>&2 2>&3)
+	"What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -477,7 +463,7 @@ whiptail_homenet_manager() {
 	[ -n "$TESTING" ] && return

 	HNMANAGER=$(whiptail --title "Security Onion Setup" --inputbox \
-		"Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12" 3>&1 1>&2 2>&3)
+		"Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "$1" 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus

@@ -495,7 +481,7 @@ whiptail_homenet_sensor() {
 	[ -n "$TESTING" ] && return

 	HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
-		"Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12" 3>&1 1>&2 2>&3)
+		"Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "$1" 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus

@@ -635,7 +621,7 @@ whiptail_log_size_limit() {

 	log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage: \n\
-	By default, this is set to 80% of the disk space allotted for /nsm." 10 75 "$log_size_limit" 3>&1 1>&2 2>&3)
+	By default, this is set to 80% of the disk space allotted for /nsm." 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -669,7 +655,7 @@ whiptail_management_interface_dns() {
 	[ -n "$TESTING" ] && return

 	MDNS=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter your DNS servers separated by commas:" 10 60 "8.8.8.8,8.8.4.4" 3>&1 1>&2 2>&3)
+	"Enter your DNS servers separated by commas:" 10 60 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -681,7 +667,7 @@ whiptail_management_interface_dns_search() {
 	[ -n "$TESTING" ] && return

 	MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter your DNS search domain:" 10 60 searchdomain.local 3>&1 1>&2 2>&3)
+	"Enter your DNS search domain:" 10 60 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -692,7 +678,7 @@ whiptail_management_interface_gateway() {
 	[ -n "$TESTING" ] && return

 	MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter your gateway's IPv4 address:" 10 60 3>&1 1>&2 2>&3)
+	"Enter your gateway's IPv4 address:" 10 60 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -702,7 +688,7 @@ whiptail_management_interface_ip_mask() {
 	[ -n "$TESTING" ] && return

 	manager_ip_mask=$(whiptail --title "Security Onion Setup" --inputbox \
-		"Enter your IPv4 address with CIDR mask (e.g. 192.168.1.2/24):" 10 60 3>&1 1>&2 2>&3)
+		"Enter your IPv4 address with CIDR mask (e.g. 192.168.1.2/24):" 10 60 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -802,13 +788,23 @@ whiptail_management_server() {
 	[ -n "$TESTING" ] && return

 	MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter your Manager Server hostname: \nIt is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
+	"Enter your Manager Server hostname: \nIt is CASE SENSITIVE!" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus

 }

+whiptail_manager_ip() {
+	[ -n "$TESTING" ] && return
+
+	MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \
+		"Enter your Manager Server IP Address:" 10 60 "$1" 3>&1 1>&2 2>&3)
+
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+}
+
 # Ask if you want to do advanced setup of the Manager
 whiptail_manager_adv() {

@@ -840,7 +836,7 @@ whiptail_manager_adv_escluster_name(){
 	[ -n "$TESTING" ] && return

 	ESCLUSTERNAME=$(whiptail --title "Security Onion Setup" --inputbox \
-		"Enter a name for your ES cluster!" 10 75 securityonion 3>&1 1>&2 2>&3)
+		"Enter a name for your ES cluster!" 10 75 "$1" 3>&1 1>&2 2>&3)
 }

 # Ask which additional components to install
@@ -931,6 +927,12 @@ whiptail_manager_updates_warning() {
 	whiptail_check_exitstatus $exitstatus
 }

+whiptail_manager_unreachable() {
+	[ -n "$TESTING" ] && return
+	
+	whiptail --title "Security Onion Setup" --msgbox "Setup cannot determine if $1 is listening on port 22. Please check the address entered and try again." 7 75
+}
+
 whiptail_metadata_tool() {

 	[ -n "$TESTING" ] && return
@@ -994,7 +996,7 @@ whiptail_node_es_heap() {
 	[ -n "$TESTING" ] && return

 	NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
-	"\nEnter ES heap size: \n \n(Recommended value is pre-populated)" 10 75 $ES_HEAP_SIZE 3>&1 1>&2 2>&3)
+	"Enter ES heap size:" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -1006,31 +1008,7 @@ whiptail_node_ls_heap() {
 	[ -n "$TESTING" ] && return

 	NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
-	"\nEnter Logstash heap size: \n \n(Recommended value is pre-populated)" 10 75 $LS_HEAP_SIZE 3>&1 1>&2 2>&3)
-
-	local exitstatus=$?
-	whiptail_check_exitstatus $exitstatus
-
-}
-
-whiptail_node_ls_pipline_batchsize() {
-
-	[ -n "$TESTING" ] && return
-
-	LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
-	"\nEnter Logstash pipeline batch size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
-
-	local exitstatus=$?
-	whiptail_check_exitstatus $exitstatus
-
-}
-
-whiptail_node_ls_pipeline_worker() {
-
-	[ -n "$TESTING" ] && return
-
-	LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
-	"\nEnter number of Logstash pipeline workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3)
+	"Enter Logstash heap size:" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -1042,19 +1020,44 @@ whiptail_node_ls_input_threads() {
 	[ -n "$TESTING" ] && return

 	LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \
-		"\nEnter number of Logstash input threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)
+		"Enter number of Logstash input threads:" 10 75 "$1" 3>&1 1>&2 2>&3)

 		local exitstatus=$?
 		whiptail_check_exitstatus $exitstatus

 }

+
+whiptail_node_ls_pipline_batchsize() {
+
+	[ -n "$TESTING" ] && return
+
+	LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
+	"Enter Logstash pipeline batch size:" 10 75 "$1" 3>&1 1>&2 2>&3)
+
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+
+}
+
+whiptail_node_ls_pipeline_worker() {
+
+	[ -n "$TESTING" ] && return
+
+	LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
+	"Enter number of Logstash pipeline workers:" 10 75 "$1" 3>&1 1>&2 2>&3)
+
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+
+}
+
 whiptail_oinkcode() {

 	[ -n "$TESTING" ] && return

 	OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter your ET Pro or oinkcode:" 10 75 XXXXXXX 3>&1 1>&2 2>&3)
+	"Enter your ET Pro or oinkcode:" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -1075,7 +1078,7 @@ whiptail_patch_name_new_schedule() {
 	[ -n "$TESTING" ] && return

 	PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
-	"What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3)
+	"What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -1102,20 +1105,10 @@ whiptail_patch_schedule_import() {

 	unset PATCHSCHEDULENAME
 	PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter the name of the OS patch schedule you want to inherit: \nAvailable schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3)
+	"Enter the name of the OS patch schedule you want to inherit. \nAvailable schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
-
-	while [[ -z "$PATCHSCHEDULENAME"  ]]; do
-		whiptail --title "Security Onion Setup" --msgbox "Please enter a name for the OS patch schedule you want to inherit." 8 75
-		PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
-		"Enter the name of the OS patch schedule you want to inherit: \nAvailable schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3)
-
-		local exitstatus=$?
-		whiptail_check_exitstatus $exitstatus
-	done
-
 }

 whiptail_patch_schedule_select_days() {
@@ -1273,11 +1266,8 @@ whiptail_set_hostname() {

 	[ -n "$TESTING" ] && return

-	HOSTNAME=$(cat /etc/hostname)
-	if [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi
-
 	HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
-		"Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
+		"Enter the hostname (not FQDN) you would like to set:" 10 75 "$1" 3>&1 1>&2 2>&3)

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -1301,7 +1291,7 @@ whiptail_set_redirect_host() {
 	[ -n "$TESTING" ] && return

 	REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
-	"Enter the Hostname, IP, or FQDN you would like to use for the web interface:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
+	"Enter the Hostname, IP, or FQDN you would like to use for the web interface:" 10 75 "$1" 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 }
@@ -1365,11 +1355,13 @@ whiptail_so_allow() {
 	
 	ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \
 		--inputbox "Enter a single IP address or an IP range, in CIDR notation, to allow:" \
-		10 75 3>&1 1>&2 2>&3)
+		10 75 "$1" 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	
 	export ALLOW_ROLE='a'
 	export ALLOW_CIDR
+
+	whiptail_check_exitstatus $exitstatus
 }

 whiptail_storage_requirements() {