CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/setup' into foxtrot

Browse Source
This commit is contained in:
William Wernert
2021-03-05 12:53:31 -05:00
parent 61a7efeeab 245902326f
commit 32e7afdc5f
12 changed files with 428 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
salt/common/tools/sbin/so-common
View File

@@ -340,6 +340,26 @@ valid_int() {
# {% raw %} # {% raw %}
valid_proxy() {
local proxy=$1
local url_prefixes=( 'http://' 'https://' )
local has_prefix=false
for prefix in "${url_prefixes[@]}"; do
echo "$proxy" | grep -q "$prefix" && has_prefix=true && proxy=${proxy#"$prefix"} && break
done
local url_arr
mapfile -t url_arr <<< "$(echo "$proxy" | tr ":" "\n")"
local valid_url=true
if ! valid_ip4 "${url_arr[0]}" && ! valid_fqdn "${url_arr[0]}"; then
valid_url=false
fi
[[ $has_prefix == true ]] && [[ $valid_url == true ]] && return 0 || return 1
}
valid_string() { valid_string() {
local str=$1 local str=$1
local min_length=${2:-1} local min_length=${2:-1}

213
salt/common/tools/sbin/soup
View File

@@ -105,12 +105,12 @@ check_airgap() {
# See if this is an airgap install # See if this is an airgap install
AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap: | awk '{print $2}') AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap: | awk '{print $2}')
if [[ "$AIRGAP" == "True" ]]; then if [[ "$AIRGAP" == "True" ]]; then
is_airgap=0 is_airgap=0
UPDATE_DIR=/tmp/soagupdate/SecurityOnion UPDATE_DIR=/tmp/soagupdate/SecurityOnion
AGDOCKER=/tmp/soagupdate/docker AGDOCKER=/tmp/soagupdate/docker
AGREPO=/tmp/soagupdate/Packages AGREPO=/tmp/soagupdate/Packages
else else
is_airgap=1 is_airgap=1
fi fi
} }
@@ -256,14 +256,14 @@ playbook() {
} }
pillar_changes() { pillar_changes() {
# This function is to add any new pillar items if needed. # This function is to add any new pillar items if needed.
echo "Checking to see if pillar changes are needed." echo "Checking to see if pillar changes are needed."
[[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2 [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2
[[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3 [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3
[[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0 [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0
[[ "$INSTALLEDVERSION" == 2.3.0 || "$INSTALLEDVERSION" == 2.3.1 || "$INSTALLEDVERSION" == 2.3.2 || "$INSTALLEDVERSION" == 2.3.10 ]] && up_2.3.0_to_2.3.20 [[ "$INSTALLEDVERSION" == 2.3.0 || "$INSTALLEDVERSION" == 2.3.1 || "$INSTALLEDVERSION" == 2.3.2 || "$INSTALLEDVERSION" == 2.3.10 ]] && up_2.3.0_to_2.3.20
[[ "$INSTALLEDVERSION" == 2.3.20 || "$INSTALLEDVERSION" == 2.3.21 ]] && up_2.3.2X_to_2.3.30 [[ "$INSTALLEDVERSION" == 2.3.20 || "$INSTALLEDVERSION" == 2.3.21 ]] && up_2.3.2X_to_2.3.30
} }
rc1_to_rc2() { rc1_to_rc2() {
@@ -296,15 +296,14 @@ rc1_to_rc2() {
done </tmp/nodes.txt done </tmp/nodes.txt
# Add the nodes back using hostname # Add the nodes back using hostname
while read p; do while read p; do
local NAME=$(echo $p | awk '{print $1}') local NAME=$(echo $p | awk '{print $1}')
local EHOSTNAME=$(echo $p | awk -F"_" '{print $1}') local EHOSTNAME=$(echo $p | awk -F"_" '{print $1}')
local IP=$(echo $p | awk '{print $2}') local IP=$(echo $p | awk '{print $2}')
echo "Adding the new cross cluster config for $NAME" echo "Adding the new cross cluster config for $NAME"
curl -XPUT http://localhost:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"'$NAME'": {"skip_unavailable": "true", "seeds": ["'$EHOSTNAME':9300"]}}}}}' curl -XPUT http://localhost:9200/_cluster/settings -H'Content-Type: application/json' -d '{"persistent": {"search": {"remote": {"'$NAME'": {"skip_unavailable": "true", "seeds": ["'$EHOSTNAME':9300"]}}}}}'
done </tmp/nodes.txt done </tmp/nodes.txt
INSTALLEDVERSION=rc.2 INSTALLEDVERSION=rc.2
} }
rc2_to_rc3() { rc2_to_rc3() {
@@ -334,10 +333,10 @@ rc3_to_2.3.0() {
fi fi
{ {
echo "redis_settings:" echo "redis_settings:"
echo " redis_maxmemory: 827" echo " redis_maxmemory: 827"
echo "playbook:" echo "playbook:"
echo " api_key: de6639318502476f2fa5aa06f43f51fb389a3d7f" echo " api_key: de6639318502476f2fa5aa06f43f51fb389a3d7f"
} >> /opt/so/saltstack/local/pillar/global.sls } >> /opt/so/saltstack/local/pillar/global.sls
sed -i 's/playbook:/playbook_db:/' /opt/so/saltstack/local/pillar/secrets.sls sed -i 's/playbook:/playbook_db:/' /opt/so/saltstack/local/pillar/secrets.sls
@@ -385,7 +384,6 @@ up_2.3.0_to_2.3.20(){
fi fi
INSTALLEDVERSION=2.3.20 INSTALLEDVERSION=2.3.20
} }
up_2.3.2X_to_2.3.30() { up_2.3.2X_to_2.3.30() {
@@ -395,11 +393,11 @@ up_2.3.2X_to_2.3.30() {
sed -i -r "s/ (\{\{.*}})$/ '\1'/g" "$pillar" sed -i -r "s/ (\{\{.*}})$/ '\1'/g" "$pillar"
done done
# Change the IMAGEREPO # Change the IMAGEREPO
sed -i "/ imagerepo: 'securityonion'/c\ imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls sed -i "/ imagerepo: 'securityonion'/c\ imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls
sed -i "/ imagerepo: securityonion/c\ imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls sed -i "/ imagerepo: securityonion/c\ imagerepo: 'security-onion-solutions'" /opt/so/saltstack/local/pillar/global.sls
# Strelka rule repo pillar addition # Strelka rule repo pillar addition
if [ $is_airgap -eq 0 ]; then if [ $is_airgap -eq 0 ]; then
# Add manager as default Strelka YARA rule repo # Add manager as default Strelka YARA rule repo
sed -i "/^strelka:/a \\ repos: \n - https://$HOSTNAME/repo/rules/strelka" /opt/so/saltstack/local/pillar/global.sls; sed -i "/^strelka:/a \\ repos: \n - https://$HOSTNAME/repo/rules/strelka" /opt/so/saltstack/local/pillar/global.sls;
@@ -414,10 +412,10 @@ space_check() {
# Check to see if there is enough space # Check to see if there is enough space
CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
if [ "$CURRENTSPACE" -lt "10" ]; then if [ "$CURRENTSPACE" -lt "10" ]; then
echo "You are low on disk space. Upgrade will try and clean up space."; echo "You are low on disk space. Upgrade will try and clean up space.";
clean_dockers clean_dockers
else else
echo "Plenty of space for upgrading" echo "Plenty of space for upgrading"
fi fi
} }
@@ -427,16 +425,16 @@ thehive_maint() {
COUNT=0 COUNT=0
THEHIVE_CONNECTED="no" THEHIVE_CONNECTED="no"
while [[ "$COUNT" -le 240 ]]; do while [[ "$COUNT" -le 240 ]]; do
curl --output /dev/null --silent --head --fail -k "https://localhost/thehive/api/alert" curl --output /dev/null --silent --head --fail -k "https://localhost/thehive/api/alert"
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
THEHIVE_CONNECTED="yes" THEHIVE_CONNECTED="yes"
echo "connected!" echo "connected!"
break break
else else
((COUNT+=1)) ((COUNT+=1))
sleep 1 sleep 1
echo -n "." echo -n "."
fi fi
done done
if [ "$THEHIVE_CONNECTED" == "yes" ]; then if [ "$THEHIVE_CONNECTED" == "yes" ]; then
echo "Migrating thehive databases if needed." echo "Migrating thehive databases if needed."
@@ -471,80 +469,80 @@ update_version() {
} }
upgrade_check() { upgrade_check() {
# Let's make sure we actually need to update. # Let's make sure we actually need to update.
NEWVERSION=$(cat $UPDATE_DIR/VERSION) NEWVERSION=$(cat $UPDATE_DIR/VERSION)
if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then
echo "You are already running the latest version of Security Onion." echo "You are already running the latest version of Security Onion."
exit 0 exit 0
fi fi
} }
upgrade_check_salt() { upgrade_check_salt() {
NEWSALTVERSION=$(grep version: $UPDATE_DIR/salt/salt/master.defaults.yaml | awk {'print $2'}) NEWSALTVERSION=$(grep version: $UPDATE_DIR/salt/salt/master.defaults.yaml | awk {'print $2'})
if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then
echo "You are already running the correct version of Salt for Security Onion." echo "You are already running the correct version of Salt for Security Onion."
else else
UPGRADESALT=1 UPGRADESALT=1
fi fi
} }
upgrade_salt() { upgrade_salt() {
SALTUPGRADED=True SALTUPGRADED=True
echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION." echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION."
echo "" echo ""
# If CentOS # If CentOS
if [ "$OS" == "centos" ]; then if [ "$OS" == "centos" ]; then
echo "Removing yum versionlock for Salt." echo "Removing yum versionlock for Salt."
echo "" echo ""
yum versionlock delete "salt-*" yum versionlock delete "salt-*"
echo "Updating Salt packages and restarting services." echo "Updating Salt packages and restarting services."
echo "" echo ""
if [ $is_airgap -eq 0 ]; then if [ $is_airgap -eq 0 ]; then
sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -r -F -M -x python3 stable "$NEWSALTVERSION" sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -r -F -M -x python3 stable "$NEWSALTVERSION"
else else
sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION" sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION"
fi fi
echo "Applying yum versionlock for Salt." echo "Applying yum versionlock for Salt."
echo "" echo ""
yum versionlock add "salt-*" yum versionlock add "salt-*"
# Else do Ubuntu things # Else do Ubuntu things
elif [ "$OS" == "ubuntu" ]; then elif [ "$OS" == "ubuntu" ]; then
echo "Removing apt hold for Salt." echo "Removing apt hold for Salt."
echo "" echo ""
apt-mark unhold "salt-common" apt-mark unhold "salt-common"
apt-mark unhold "salt-master" apt-mark unhold "salt-master"
apt-mark unhold "salt-minion" apt-mark unhold "salt-minion"
echo "Updating Salt packages and restarting services." echo "Updating Salt packages and restarting services."
echo "" echo ""
sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION" sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION"
echo "Applying apt hold for Salt." echo "Applying apt hold for Salt."
echo "" echo ""
apt-mark hold "salt-common" apt-mark hold "salt-common"
apt-mark hold "salt-master" apt-mark hold "salt-master"
apt-mark hold "salt-minion" apt-mark hold "salt-minion"
fi fi
} }
verify_latest_update_script() { verify_latest_update_script() {
# Check to see if the update scripts match. If not run the new one. # Check to see if the update scripts match. If not run the new one.
CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}') CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}')
GITSOUP=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/soup | awk '{print $1}') GITSOUP=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/soup | awk '{print $1}')
CURRENTCMN=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/so-common | awk '{print $1}') CURRENTCMN=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/so-common | awk '{print $1}')
GITCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-common | awk '{print $1}') GITCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-common | awk '{print $1}')
CURRENTIMGCMN=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/so-image-common | awk '{print $1}') CURRENTIMGCMN=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/so-image-common | awk '{print $1}')
GITIMGCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-image-common | awk '{print $1}') GITIMGCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-image-common | awk '{print $1}')
if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" ]]; then if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" ]]; then
echo "This version of the soup script is up to date. Proceeding." echo "This version of the soup script is up to date. Proceeding."
else else
echo "You are not running the latest soup version. Updating soup and its components. Might take multiple runs to complete" echo "You are not running the latest soup version. Updating soup and its components. Might take multiple runs to complete"
cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/
cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
salt-call state.apply common queue=True salt-call state.apply common queue=True
echo "" echo ""
echo "soup has been updated. Please run soup again." echo "soup has been updated. Please run soup again."
exit 0 exit 0
fi fi
} }
main () { main () {
@@ -557,9 +555,10 @@ while getopts ":b" opt; do
echo "Batch size must be a number greater than 0." echo "Batch size must be a number greater than 0."
exit 1 exit 1
fi fi
;; ;;
\? ) echo "Usage: cmd [-b]" \? )
;; echo "Usage: cmd [-b]"
;;
esac esac
done done

3
salt/curator/files/bin/so-curator-closed-delete-delete
View File

@@ -4,12 +4,11 @@
{%- if grains['role'] in ['so-node', 'so-heavynode'] %} {%- if grains['role'] in ['so-node', 'so-heavynode'] %}
{%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%} {%- set ELASTICSEARCH_HOST = salt['pillar.get']('elasticsearch:mainip', '') -%}
{%- set ELASTICSEARCH_PORT = salt['pillar.get']('elasticsearch:es_port', '') -%} {%- set ELASTICSEARCH_PORT = salt['pillar.get']('elasticsearch:es_port', '') -%}
{%- set LOG_SIZE_LIMIT = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
{%- elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %} {%- elif grains['role'] in ['so-eval', 'so-managersearch', 'so-standalone'] %}
{%- set ELASTICSEARCH_HOST = salt['pillar.get']('manager:mainip', '') -%} {%- set ELASTICSEARCH_HOST = salt['pillar.get']('manager:mainip', '') -%}
{%- set ELASTICSEARCH_PORT = salt['pillar.get']('manager:es_port', '') -%} {%- set ELASTICSEARCH_PORT = salt['pillar.get']('manager:es_port', '') -%}
{%- set LOG_SIZE_LIMIT = salt['pillar.get']('manager:log_size_limit', '') -%}
{%- endif -%} {%- endif -%}
{%- set LOG_SIZE_LIMIT = salt['pillar.get']('elasticsearch:log_size_limit', '') -%}
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC # Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# #

7
salt/idstools/init.sls
View File

@@ -19,6 +19,7 @@
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %} {% set MANAGER = salt['grains.get']('master') %}
{% set ENGINE = salt['pillar.get']('global:mdengine', '') %} {% set ENGINE = salt['pillar.get']('global:mdengine', '') %}
{% set proxy = salt['pillar.get']('manager:proxy') %}
# IDSTools Setup # IDSTools Setup
idstoolsdir: idstoolsdir:
file.directory: file.directory:
@@ -71,6 +72,12 @@ so-idstools:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-idstools:{{ VERSION }} - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-idstools:{{ VERSION }}
- hostname: so-idstools - hostname: so-idstools
- user: socore - user: socore
{% if proxy is not none %}
- environment:
- http_proxy={{ proxy }}
- https_proxy={{ proxy }}
- no_proxy={{ salt['pillar.get']('manager:no_proxy') }}
{% endif %}
- binds: - binds:
- /opt/so/conf/idstools/etc:/opt/so/idstools/etc:ro - /opt/so/conf/idstools/etc:/opt/so/idstools/etc:ro
- /opt/so/rules/nids:/opt/so/rules/nids:rw - /opt/so/rules/nids:/opt/so/rules/nids:rw

2
salt/yum/etc/yum.conf.jinja
View File

@@ -14,4 +14,6 @@ clean_requirements_on_remove=1
{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('global:managerupdate', '0') %} {% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('global:managerupdate', '0') %}
proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142 proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142
{% elif salt['pillar.get']('manager:proxy') is not None %}
proxy={{salt['pillar.get']('manager:proxy')}}
{% endif %} {% endif %}

78
setup/automation/standalone-iso-proxy Normal file
View File

@@ -0,0 +1,78 @@
#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
TESTING=true
address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICZEEK=2
BASICSURI=2
# BLOGS=
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
GRAFANA=1
# HELIXAPIKEY=
HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
HNSENSOR=inherit
HOSTNAME=standalone
install_type=STANDALONE
# LSINPUTBATCHCOUNT=
# LSINPUTTHREADS=
# LSPIPELINEBATCH=
# LSPIPELINEWORKERS=
MANAGERADV=BASIC
MANAGERUPDATES=1
# MDNS=
# MGATEWAY=
# MIP=
# MMASK=
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=
NIDS=Suricata
# NODE_ES_HEAP_SIZE=
# NODE_LS_HEAP_SIZE=
NODESETUP=NODEBASIC
NSMSETUP=BASIC
NODEUPDATES=MANAGER
# OINKCODE=
OSQUERY=1
# PATCHSCHEDULEDAYS=
# PATCHSCHEDULEHOURS=
PATCHSCHEDULENAME=auto
PLAYBOOK=1
proxy_addr=http://10.66.166.30:3128
# REDIRECTHOST=
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
# SKIP_REBOOT=
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1
THEHIVE=1
WAZUH=1
WEBUSER=onionuser@somewhere.invalid
WEBPASSWD1=0n10nus3r
WEBPASSWD2=0n10nus3r

0
setup/files/.curlrc Normal file
View File

0
setup/files/.wgetrc Normal file
View File

2
setup/proxies/docker.conf
View File

@@ -1,2 +0,0 @@
[Service]
ExecStart=/usr/bin/dockerd /usr/bin/dockerd -H fd:// --registry-mirror "$proxy_addr"

136
setup/so-functions
View File

@@ -535,6 +535,55 @@ collect_patch_schedule_name_import() {
done done
} }
collect_proxy() {
collect_proxy_details
while ! proxy_validate; do
if whiptail_invalid_proxy; then
collect_proxy_details no_ask
else
so_proxy=""
break
fi
done
}
collect_proxy_details() {
local ask=${1:-true}
local use_proxy
if [[ $ask != true ]]; then
use_proxy=0
else
whiptail_proxy_ask
use_proxy=$?
fi
if [[ $use_proxy == 0 ]]; then
whiptail_proxy_addr "$proxy_addr"
while ! valid_proxy "$proxy_addr"; do
whiptail_invalid_input
whiptail_proxy_addr "$proxy_addr"
done
if whiptail_proxy_auth_ask; then
whiptail_proxy_auth_user "$proxy_user"
whiptail_proxy_auth_pass # Don't pass in existing pass since it's obfuscated
local url_prefixes=( 'http://' 'https://' )
for prefix in "${url_prefixes[@]}"; do
if echo "$proxy_addr" | grep "$prefix"; then
local proxy=${proxy_addr#"$prefix"}
so_proxy="${prefix}${proxy_user}:${proxy_pass}@${proxy}"
break
fi
done
else
so_proxy="$proxy_addr"
fi
export proxy
fi
}
collect_redirect_host() { collect_redirect_host() {
whiptail_set_redirect_host "$HOSTNAME" whiptail_set_redirect_host "$HOSTNAME"
@@ -744,10 +793,10 @@ compare_main_nic_ip() {
if ! [[ $MNIC =~ ^(tun|wg|vpn).*$ ]]; then if ! [[ $MNIC =~ ^(tun|wg|vpn).*$ ]]; then
if [[ "$MAINIP" != "$MNIC_IP" ]]; then if [[ "$MAINIP" != "$MNIC_IP" ]]; then
read -r -d '' message <<- EOM read -r -d '' message <<- EOM
The IP being routed by Linux is not the IP address assigned to the management interface ($MNIC). The IP being routed by Linux is not the IP address assigned to the management interface ($MNIC).
This is not a supported configuration, please remediate and rerun setup. This is not a supported configuration, please remediate and rerun setup.
EOM EOM
whiptail --title "Security Onion Setup" --msgbox "$message" 10 75 whiptail --title "Security Onion Setup" --msgbox "$message" 10 75
kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1 kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1
fi fi
@@ -1432,6 +1481,8 @@ manager_pillar() {
"manager:"\ "manager:"\
" mainip: '$MAINIP'"\ " mainip: '$MAINIP'"\
" mainint: '$MNIC'"\ " mainint: '$MNIC'"\
" proxy: '$so_proxy'"\
" no_proxy: '$no_proxy_string'"\
" esheap: '$ES_HEAP_SIZE'"\ " esheap: '$ES_HEAP_SIZE'"\
" esclustername: '{{ grains.host }}'"\ " esclustername: '{{ grains.host }}'"\
" freq: 0"\ " freq: 0"\
@@ -1446,7 +1497,6 @@ manager_pillar() {
printf '%s\n'\ printf '%s\n'\
" elastalert: 1"\ " elastalert: 1"\
" es_port: $node_es_port"\ " es_port: $node_es_port"\
" log_size_limit: $log_size_limit"\
" cur_close_days: $CURCLOSEDAYS"\ " cur_close_days: $CURCLOSEDAYS"\
" grafana: $GRAFANA"\ " grafana: $GRAFANA"\
" osquery: $OSQUERY"\ " osquery: $OSQUERY"\
@@ -1512,7 +1562,6 @@ manager_global() {
" hnmanager: '$HNMANAGER'"\ " hnmanager: '$HNMANAGER'"\
" ntpserver: '$NTPSERVER'"\ " ntpserver: '$NTPSERVER'"\
" dockernet: '$DOCKERNET'"\ " dockernet: '$DOCKERNET'"\
" proxy: '$PROXY'"\
" mdengine: '$ZEEKVERSION'"\ " mdengine: '$ZEEKVERSION'"\
" ids: '$NIDS'"\ " ids: '$NIDS'"\
" url_base: '$REDIRECTIT'"\ " url_base: '$REDIRECTIT'"\
@@ -1690,6 +1739,8 @@ network_init() {
if [[ "$setup_type" == 'iso' ]]; then if [[ "$setup_type" == 'iso' ]]; then
set_management_interface set_management_interface
fi fi
set_main_ip >> $setup_log 2>&1
compare_main_nic_ip
} }
network_init_whiptail() { network_init_whiptail() {
@@ -1777,6 +1828,21 @@ print_salt_state_apply() {
echo "Applying $state Salt state" echo "Applying $state Salt state"
} }
proxy_validate() {
local test_url="https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS"
curl "$test_url" --proxy "$so_proxy" &> /dev/null
local ret=$?
if [[ $ret != 0 ]]; then
error "Could not reach $test_url using proxy $so_proxy"
if [[ -n $TESTING ]]; then
error "Exiting setup"
kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1
fi
fi
return $ret
}
reserve_group_ids() { reserve_group_ids() {
# This is a hack to fix CentOS from taking group IDs that we need # This is a hack to fix CentOS from taking group IDs that we need
groupadd -g 928 kratos groupadd -g 928 kratos
@@ -2195,7 +2261,67 @@ set_main_ip() {
# Add /usr/sbin to everyone's path # Add /usr/sbin to everyone's path
set_path() { set_path() {
echo "complete -cf sudo" > /etc/profile.d/securityonion.sh echo "complete -cf sudo" >> /etc/profile.d/securityonion.sh
}
set_proxy() {
# Don't proxy localhost, local ip, and management ip
no_proxy_string="localhost, 127.0.0.1, ${MAINIP}, ${HOSTNAME}"
# Set proxy environment variables used by curl, wget, docker, and others
{
echo "export use_proxy=on"
echo "export http_proxy=\"${so_proxy}\""
echo "export https_proxy=\"\$http_proxy\""
echo "export ftp_proxy=\"\$http_proxy\""
echo "export no_proxy=\"${no_proxy_string}\""
} > /etc/profile.d/so-proxy.sh
source /etc/profile.d/so-proxy.sh
[[ -d '/etc/systemd/system/docker.service.d' ]] || mkdir -p /etc/systemd/system/docker.service.d
# Create proxy config for dockerd
printf '%s\n'\
"[Service]"\
"Environment=\"HTTP_PROXY=${so_proxy}\""\
"Environment=\"HTTPS_PROXY=${so_proxy}\""\
"Environment=\"NO_PROXY=${no_proxy_string}\"" > /etc/systemd/system/docker.service.d/http-proxy.conf
systemctl daemon-reload
command -v docker &> /dev/null && systemctl restart docker
# Create config.json for docker containers
[[ -d /root/.docker ]] || mkdir /root/.docker
printf '%s\n'\
"{"\
" \"proxies\":"\
" {"\
" \"default\":"\
" {"\
" \"httpProxy\":\"${so_proxy}\","\
" \"httpsProxy\":\"${so_proxy}\","\
" \"ftpProxy\":\"${so_proxy}\","\
" \"noProxy\":\"${no_proxy_string}\""\
" }"\
" }"\
"}" > /root/.docker/config.json
# Set proxy for package manager
if [ "$OS" = 'centos' ]; then
echo "proxy=$so_proxy" >> /etc/yum.conf
else
# Set it up so the updates roll through the manager
printf '%s\n'\
"Acquire::http::Proxy \"$so_proxy\";"\
"Acquire::https::Proxy \"$so_proxy\";" > /etc/apt/apt.conf.d/00-proxy.conf
fi
# Set global git proxy
printf '%s\n'\
"[http]"\
" proxy = ${so_proxy}" > /etc/gitconfig
} }
setup_salt_master_dirs() { setup_salt_master_dirs() {

20
setup/so-setup
View File

@@ -198,6 +198,10 @@ if ! [[ -f $install_opt_file ]]; then
printf '%s\n' \ printf '%s\n' \
"MNIC=$MNIC" \ "MNIC=$MNIC" \
"HOSTNAME=$HOSTNAME" > "$net_init_file" "HOSTNAME=$HOSTNAME" > "$net_init_file"
if [[ $is_manager ]]; then
collect_proxy
[[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1
fi
whiptail_net_setup_complete whiptail_net_setup_complete
else else
whiptail_install_type whiptail_install_type
@@ -289,6 +293,10 @@ if ! [[ -f $install_opt_file ]]; then
if [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then if [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then
network_init network_init
fi fi
if [[ $is_manager ]]; then
collect_proxy
fi
if [[ -n "$TURBO" ]]; then if [[ -n "$TURBO" ]]; then
use_turbo_proxy use_turbo_proxy
@@ -336,14 +344,14 @@ minion_type=$(get_minion_type)
set_default_log_size >> $setup_log 2>&1 set_default_log_size >> $setup_log 2>&1
if [[ $is_helix ]]; then if [[ $is_helix ]]; then
RULESETUP=${RULESETUP:-ETOPEN} RULESETUP=${RULESETUP:-ETOPEN}
NSMSETUP=${NSMSETUP:-BASIC} NSMSETUP=${NSMSETUP:-BASIC}
HNSENSOR=${HNSENSOR:-inherit} HNSENSOR=${HNSENSOR:-inherit}
MANAGERUPDATES=${MANAGERUPDATES:-0} MANAGERUPDATES=${MANAGERUPDATES:-0}
fi fi
if [[ $is_helix || ( $is_manager && $is_node ) ]]; then if [[ $is_helix || ( $is_manager && $is_node ) ]]; then
RULESETUP=${RULESETUP:-ETOPEN} RULESETUP=${RULESETUP:-ETOPEN}
NSMSETUP=${NSMSETUP:-BASIC} NSMSETUP=${NSMSETUP:-BASIC}
fi fi
@@ -363,7 +371,7 @@ fi
if [[ $is_import ]]; then if [[ $is_import ]]; then
PATCHSCHEDULENAME=${PATCHSCHEDULENAME:-auto} PATCHSCHEDULENAME=${PATCHSCHEDULENAME:-auto}
MTU=${MTU:-1500} MTU=${MTU:-1500}
RULESETUP=${RULESETUP:-ETOPEN} RULESETUP=${RULESETUP:-ETOPEN}
NSMSETUP=${NSMSETUP:-BASIC} NSMSETUP=${NSMSETUP:-BASIC}
HNSENSOR=${HNSENSOR:-inherit} HNSENSOR=${HNSENSOR:-inherit}
MANAGERUPDATES=${MANAGERUPDATES:-0} MANAGERUPDATES=${MANAGERUPDATES:-0}
@@ -537,10 +545,10 @@ catch() {
exit exit
} }
# This block sets REDIRECTIT which is used by a function outside the below subshell # Set REDIRECTIT variable, which is used by a function outside the below subshell
set_main_ip >> $setup_log 2>&1
compare_main_nic_ip
set_redirect >> $setup_log 2>&1 set_redirect >> $setup_log 2>&1
[[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1
# Begin install # Begin install
{ {

74
setup/so-whiptail
View File

@@ -588,8 +588,21 @@ whiptail_invalid_input() { # TODO: This should accept a list of arguments to spe
} }
whiptail_invalid_proxy() {
[ -n "$TESTING" ] && return
local message
read -r -d '' message <<- EOM
Could not reach test url using proxy ${proxy_addr}.
Check log (${setup_log}) for details.
EOM
whiptail --title "Security Onion Setup" --yesno "$message" --yes-button "Enter Again" --no-button "Skip" 10 60
}
whiptail_invalid_string() { whiptail_invalid_string() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Invalid input, please try again.\n\nThe $1 cannot contain spaces." 9 45 whiptail --title "Security Onion Setup" --msgbox "Invalid input, please try again.\n\nThe $1 cannot contain spaces." 9 45
@@ -631,11 +644,23 @@ whiptail_invalid_hostname() {
whiptail_log_size_limit() { whiptail_log_size_limit() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox \ case $install_type in
"Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage: \n\ STANDALONE | EVAL | HEAVYNODE)
By default, this is set to 80% of the disk space allotted for /nsm." 10 75 "$1" 3>&1 1>&2 2>&3) percentage=50
;;
*)
percentage=80
;;
esac
read -r -d '' message <<- EOM
Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage.
By default, this is set to ${percentage}% of the disk space allotted for /nsm.
EOM
log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox "$message" 11 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -1204,6 +1229,45 @@ whiptail_patch_schedule_select_hours() {
} }
whiptail_proxy_ask() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno "Do you want to set a proxy server for this installation?" 7 60
}
whiptail_proxy_addr() {
[ -n "$TESTING" ] && return
local message
read -r -d '' message <<- EOM
Please input the proxy server you wish to use, including the URL prefix (ex: https://your.proxy.com:1234).
If your proxy requires a username and password do not include them in your input. Setup will ask for those values next.
EOM
proxy_addr=$(whiptail --title "Security Onion Setup" --inputbox "$message" 13 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_proxy_auth_ask() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno "Does your proxy require authentication?" 7 60
}
whiptail_proxy_auth_user() {
[ -n "$TESTING" ] && return
proxy_user=$(whiptail --title "Security Onion Setup" --inputbox "Please input the proxy user:" 8 60 "$1" 3>&1 1>&2 2>&3)
}
whiptail_proxy_auth_pass() {
[ -n "$TESTING" ] && return
proxy_pass=$(whiptail --title "Security Onion Setup" --passwordbox "Please input the proxy password:" 8 60 3>&1 1>&2 2>&3)
}
whiptail_requirements_error() { whiptail_requirements_error() {
local requirement_needed=$1 local requirement_needed=$1