merge with dev

2025-12-07 17:52:46 +01:00 · 2021-11-09 13:07:35 -05:00
parent da4e92a7a3 3afb0bd263
commit 3c3cb47b88
67 changed files with 4353 additions and 453 deletions
--- a/setup/automation/distributed-airgap-search
+++ b/setup/automation/distributed-airgap-search
@@ -35,7 +35,6 @@ ADMINPASS2=onionuser
 HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
 HNSENSOR=inherit
 HOSTNAME=distributed-search
-INTERWEBS=AIRGAP
 install_type=SEARCHNODE
 # LSINPUTBATCHCOUNT=
 # LSINPUTTHREADS=
--- a/setup/automation/distributed-airgap-sensor
+++ b/setup/automation/distributed-airgap-sensor
@@ -35,7 +35,6 @@ ZEEKVERSION=ZEEK
 HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
 HNSENSOR=inherit
 HOSTNAME=distributed-sensor
-INTERWEBS=AIRGAP
 install_type=SENSOR
 # LSINPUTBATCHCOUNT=
 # LSINPUTTHREADS=
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -475,10 +475,15 @@ collect_mngr_hostname() {
 		whiptail_management_server "$MSRV"
 	done

+	while [[ $MSRV == "$HOSTNAME" ]]; do 
+		whiptail_invalid_hostname 0
+		whiptail_management_server "$MSRV"
+	done
+
 	if ! getent hosts "$MSRV"; then
 		whiptail_manager_ip

-		while ! valid_ip4 "$MSRVIP"; do
+		while ! valid_ip4 "$MSRVIP" || [[ $MSRVIP == "$MAINIP" || $MSRVIP == "127.0.0.1" ]]; do
 			whiptail_invalid_input
 			whiptail_manager_ip "$MSRVIP"
 		done
@@ -846,7 +851,7 @@ check_requirements() {
 	local req_cores
 	local req_storage
 	local nic_list
-	readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0"  | sed 's/ //g')"
+	readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0"  | sed 's/ //g' | sed -r 's/(.*)(\.[0-9]+)@\1/\1\2/g')"
 	local num_nics=${#nic_list[@]}
 	
 	if [[ "$standalone_or_dist" == 'standalone' ]]; then
@@ -1124,9 +1129,10 @@ detect_os() {

 installer_progress_loop() {
 	local i=0
+	local msg="${1:-Performing background actions...}"
 	while true; do
 		[[ $i -lt 98 ]] && ((i++))
-		set_progress_str "$i" 'Checking that all required packages are installed and enabled...' nolog
+		set_progress_str "$i" "$msg" nolog
 		[[ $i -gt 0 ]] && sleep 5s
 	done
 }
@@ -1209,11 +1215,7 @@ docker_install() {
 				retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1
 				;;
 		esac 
-		if [ $OSVER != "xenial" ]; then
-			retry 50 10 "apt-get -y install docker-ce python3-docker" >> "$setup_log" 2>&1 || exit 1
-		else
-			retry 50 10 "apt-get -y install docker-ce python-docker" >> "$setup_log" 2>&1 || exit 1
-		fi
+		retry 50 10 "apt-get -y install docker-ce python3-docker" >> "$setup_log" 2>&1 || exit 1
 	fi
 	docker_registry
 	{
@@ -1229,7 +1231,7 @@ docker_registry() {
 	mkdir -p /etc/docker >> "$setup_log" 2>&1
 	# This will get applied so docker can attempt to start
 	if [ -z "$DOCKERNET" ]; then
-            DOCKERNET=172.17.0.0
+		DOCKERNET=172.17.0.0
 	fi
 	# Make the host use the manager docker registry
 	DNETBIP=$(echo $DOCKERNET | awk -F'.' '{print $1,$2,$3,1}' OFS='.')/24
@@ -1378,7 +1380,7 @@ filter_unused_nics() {
 	fi

 	# Finally, set filtered_nics to any NICs we aren't using (and ignore interfaces that aren't of use)
-	filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string"  | sed 's/ //g')
+	filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string"  | sed 's/ //g' | sed -r 's/(.*)(\.[0-9]+)@\1/\1\2/g')
 	readarray -t filtered_nics <<< "$filtered_nics"
 	
 	nic_list=()
@@ -1421,7 +1423,7 @@ firewall_generate_templates() {
   
 	cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/ >> "$setup_log" 2>&1

-	for i in analyst beats_endpoint sensor manager minion osquery_endpoint search_node wazuh_endpoint; do
+	for i in analyst beats_endpoint endgame sensor manager minion osquery_endpoint search_node wazuh_endpoint; do
 		$default_salt_dir/salt/common/tools/sbin/so-firewall includehost "$i" 127.0.0.1
 	done

@@ -1513,7 +1515,7 @@ host_pillar() {
 		"  mainint: '$MNIC'"\
 		"sensoroni:"\
 		"  node_address: '$MAINIP'"\
-		"  node_description: '$NODE_DESCRIPTION'"\
+		"  node_description: '${NODE_DESCRIPTION//\'/''}'"\
 		"" > "$pillar_file"
 }

@@ -1539,6 +1541,10 @@ install_cleanup() {
 		info "Removing so-setup permission entry from sudoers file"
 		sed -i '/so-setup/d' /etc/sudoers
 	fi
+
+	if [[ -z $SO_ERROR ]]; then
+		echo "Setup completed at $(date)" >> "$setup_log" 2>&1
+	fi
 }

 import_registry_docker() {
@@ -1640,6 +1646,14 @@ manager_pillar() {
 	printf '%s\n'\
 		"  kratoskey: '$KRATOSKEY'"\
 		"" >> "$pillar_file"
+
+        if [[ -n $ENDGAMEHOST ]]; then
+        	printf '%s\n'\
+			"soc:"\
+                	"  endgamehost: '$ENDGAMEHOST'"\
+			"  es_index_patterns: '*:so-*,*:endgame-*'"\
+                	"" >> "$pillar_file"
+	fi
 }

 manager_global() {
@@ -2039,7 +2053,7 @@ reinstall_init() {

 		if command -v docker &> /dev/null; then
 			# Stop and remove all so-* containers so files can be changed with more safety
-			if [ $(docker ps -a -q --filter "name=so-" | wc -l) -gt 0 ]; then
+			if [[ $(docker ps -a -q --filter "name=so-" | wc -l) -gt 0 ]]; then
 				docker stop $(docker ps -a -q --filter "name=so-")
 				docker rm -f $(docker ps -a -q --filter "name=so-")
 			fi
@@ -2058,6 +2072,10 @@ reinstall_init() {
 		# Remove the old launcher package in case the config changes
 		remove_package launcher-final

+		if [[ $OS == 'ubuntu' ]]; then
+			apt-mark unhold $(apt-mark showhold)
+		fi
+
 	} >> "$setup_log" 2>&1
 }

@@ -2152,6 +2170,7 @@ saltify() {
 					python36-m2crypto\
 					python36-mysql\
 					python36-packaging\
+					python36-lxml\
 					yum-utils\
 					device-mapper-persistent-data\
 					lvm2\
@@ -2166,10 +2185,10 @@ saltify() {
 		DEBIAN_FRONTEND=noninteractive retry 50 10 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || exit 1

 		if [ $OSVER == "bionic" ]; then
-			# Switch to Python 3 as default if this is not xenial
+			# Switch to Python 3 as default for bionic
 			update-alternatives --install /usr/bin/python python /usr/bin/python3.6 10 >> "$setup_log" 2>&1
 		elif [ $OSVER == "focal" ]; then
-			# Switch to Python 3 as default if this is not xenial
+			# Switch to Python 3 as default for focal
 			update-alternatives --install /usr/bin/python python /usr/bin/python3.8 10 >> "$setup_log" 2>&1
 		fi
 		
@@ -2188,21 +2207,16 @@ saltify() {
 		# Grab the version from the os-release file
 		local ubuntu_version
 		ubuntu_version=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}')
-		if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi

 		case "$install_type" in
 			'FLEET')
-				if [[ $OSVER != 'xenial' ]]; then
-					retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1
-				else
-					retry 50 10 "apt-get -y install python-mysqldb" >> "$setup_log" 2>&1 || exit 1
-				fi
+				retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1
 				;;
 			'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR')

 				# Add saltstack repo(s)
-				wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3003/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
-				echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3003 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
+				wget -q --inet4-only -O - https://repo.saltstack.com/py3/ubuntu/"$ubuntu_version"/amd64/archive/3003/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
+				echo "deb http://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3003 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"

 				# Add Docker repo
 				curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1
@@ -2210,7 +2224,7 @@ saltify() {

 				# Get gpg keys
 				mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
-				wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3003/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
+				wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/"$ubuntu_version"/amd64/archive/3003/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
 				wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
 				wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1

@@ -2234,7 +2248,7 @@ saltify() {
 				echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1
 				apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
 				apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
-				echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3003/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
+				echo "deb http://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3003/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
 				echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log"
 				;;
 		esac
@@ -2243,11 +2257,7 @@ saltify() {
 		set_progress_str 8 'Installing salt-minion & python modules'
 		retry 50 10 "apt-get -y install salt-minion=3003+ds-1 salt-common=3003+ds-1" >> "$setup_log" 2>&1 || exit 1
 		retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1
-		if [[ $OSVER != 'xenial' ]]; then
-			retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb" >> "$setup_log" 2>&1 || exit 1
-		else
-			retry 50 10 "apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb python-packaging python-influxdb"  >> "$setup_log" 2>&1 || exit 1
-		fi
+		retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" >> "$setup_log" 2>&1 || exit 1
 	fi
 }

--- a/setup/so-preflight
+++ b/setup/so-preflight
@@ -18,30 +18,61 @@
 source ../salt/common/tools/sbin/so-common
 source ./so-functions

-preflight_log='/root/preflight.log'
+script_run="$1"
+
+if [[ $script_run == true ]]; then
+	preflight_log="${2:-'/root/preflight.log'}"
+else
+	preflight_log='/root/preflight.log'
+fi

 check_default_repos() {
 	local ret_code=0
-
-	printf '  Checking OS default repos with ' | tee -a "$preflight_log"
-	if [[ $OS == 'centos' ]]; then
-		printf '%s' 'yum update.' | tee -a "$preflight_log"
-		echo "" >> "$preflight_log"
-		yum -y update >> $preflight_log 2>&1
-		ret_code=$?
+	local repo_str='  Checking OS default repos with '
+	if [[ $script_run == true ]]; then
+		printf '%s' "$repo_str"
 	else
-		printf '%s' 'apt update.' | tee -a "$preflight_log"
+		printf '%s' "$repo_str" | tee -a "$preflight_log"
+	fi
+
+	if [[ $OS == 'centos' ]]; then
+		if [[ $script_run == true ]]; then
+			printf '%s' 'yum update.'
+		else
+			printf '%s' 'yum update.' | tee -a "$preflight_log"
+		fi
+		echo "" >> "$preflight_log"
+		yum -y check-update >> $preflight_log 2>&1
+		ret_code=$?
+		if [[ $ret_code == 0 || $ret_code == 100 ]]; then
+			printf '%s\n' '  SUCCESS'
+			ret_code=0
+		else
+			printf '%s\n' '  FAILURE'
+		fi
+	else
+		if [[ $script_run == true ]]; then
+			printf '%s' 'apt update.'
+		else
+			printf '%s' 'apt update.' | tee -a "$preflight_log"
+		fi
 		echo "" >> "$preflight_log"
 		retry 50 10 "apt-get -y update" >> $preflight_log 2>&1
 		ret_code=$?
+		[[ $ret_code == 0 ]] && printf '%s\n' '  SUCCESS' || printf '%s\n' '  FAILURE'
+
 	fi

-	[[ $ret_code == 0 ]] && printf '%s\n' '  SUCCESS' || printf '%s\n' '  FAILURE'
 	return $ret_code
 }

 check_new_repos() {
-	printf '  Checking repo URLs added by setup.' | tee -a "$preflight_log"
+	local repo_url_str='  Checking repo URLs added by setup.'
+	if [[ $script_run == true ]]; then
+		printf '%s' "$repo_url_str"
+	else
+		printf '%s' "$repo_url_str" | tee -a "$preflight_log"
+	fi

 	if [[ $OS == 'centos' ]]; then
 		local repo_arr=( 
@@ -54,11 +85,10 @@ check_new_repos() {
 	else
 		local ubuntu_version
 		ubuntu_version=$(grep VERSION_ID /etc/os-release 2> /dev/null | awk -F '[ "]' '{print $2}')
-		if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi
 		local repo_arr=(
 			"https://download.docker.com/linux/ubuntu/gpg"
 			"https://download.docker.com/linux/ubuntu"
-			"https://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3003/SALTSTACK-GPG-KEY.pub"
+			"https://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3003/SALTSTACK-GPG-KEY.pub"
 			"https://packages.wazuh.com/key/GPG-KEY-WAZUH"
 			"https://packages.wazuh.com"
 		)
@@ -71,9 +101,15 @@ check_new_repos() {
 }

 check_misc_urls() {
-	printf '  Checking various other URLs used by setup.' | tee -a "$preflight_log"
+	local misc_url_str='  Checking various other URLs used by setup.'
+	if [[ $script_run == true ]]; then
+		printf '%s' "$misc_url_str"
+	else
+		printf '%s' "$misc_url_str" | tee -a "$preflight_log"
+	fi

-	local so_version=$(cat ../VERSION)
+	local so_version
+	so_version=$(cat ../VERSION)
 	local url_arr=(
 		"https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS"
 		"https://github.com/Neo23x0/signature-base"
@@ -113,10 +149,18 @@ __check_url_arr() {
 }

 main() {
+	local intro_str="Beginning pre-flight checks."
+	local success_str="Pre-flight checks completed successfully!"
+	local fail_str="Pre-flight checks could not complete."
+
 	detect_os "$preflight_log"

 	[[ -f $preflight_log ]] || touch "$preflight_log"
-	echo "Beginning pre-flight checks." | tee "$preflight_log"
+	if [[ $script_run == true ]]; then
+		echo "$intro_str"
+	else
+		echo "$intro_str" | tee "$preflight_log"
+	fi
 	check_default_repos &&\
 	check_new_repos &&\
 	check_misc_urls
@@ -125,12 +169,23 @@ main() {
 	
 	echo ""
 	if [[ $success == 0 ]]; then
-		echo -e "Pre-flight checks completed successfully!\n" | tee -a "$preflight_log"
+		if [[ $script_run == true ]]; then
+			echo "$success_str"
+		else
+			echo "$success_str" | tee -a "$preflight_log"
+			echo ""
+		fi
 	else
-		echo -e "Pre-flight checks could not complete." | tee -a "$preflight_log"
-		echo -e "  Check $preflight_log for details.\n"
-		exit 1
+		if [[ $script_run == true ]]; then
+			echo "$fail_str"
+		else
+			echo "$fail_str" | tee -a "$preflight_log"
+			echo "Check $preflight_log for details."
+			echo ""
+		fi
 	fi
+
+	exit $success
 }

 main
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -256,7 +256,8 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then
 elif [ "$install_type" = 'IMPORT' ]; then
 	is_import=true
 elif [ "$install_type" = 'ANALYST' ]; then
-	is_analyst=true
+	cd .. || exit 255
+	exec bash so-analyst-install
 fi

 if [[ $is_manager || $is_import ]]; then
@@ -264,14 +265,6 @@ if [[ $is_manager || $is_import ]]; then
 fi

 if ! [[ -f $install_opt_file ]]; then
-	# Check if this is an airgap install
-	if [[ ( $is_manager || $is_import || $is_minion ) && $is_iso ]]; then
-		whiptail_airgap
-		if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
-			is_airgap=true
-		fi
-	fi
-
 	if [[ $is_manager && $is_sensor ]]; then
 		check_requirements "standalone"
 	elif [[ $is_fleet_standalone ]]; then
@@ -311,17 +304,29 @@ if ! [[ -f $install_opt_file ]]; then
 		add_mngr_ip_to_hosts
 	fi

+	if [[ $is_minion ]]; then
+		whiptail_ssh_key_copy_notice
+		copy_ssh_key >> $setup_log 2>&1
+	fi
+
+	# Check if this is an airgap install
+	if [[ ( $is_manager || $is_import) && $is_iso ]]; then
+		whiptail_airgap
+		if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
+			is_airgap=true
+		fi
+	elif [[ $is_minion && $is_iso ]]; then
+		$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" [[ -f /etc/yum.repos.d/airgap_repo.repo ]] >> $setup_log 2>&1
+		airgap_check=$?
+		[[ $airgap_check ]] && is_airgap=true >> $setup_log 2>&1
+	fi
+
 	reset_proxy
 	if [[ -z $is_airgap ]]; then
 		collect_net_method
 		[[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1
 	fi

-	if [[ $is_minion ]]; then
-		whiptail_ssh_key_copy_notice
-		copy_ssh_key >> $setup_log 2>&1
-	fi
-
 	if [[ $is_minion ]] && ! (compare_versions); then
 		info "Installer version mismatch, downloading correct version from manager"
 		printf '%s\n' \
@@ -336,19 +341,31 @@ if ! [[ -f $install_opt_file ]]; then
 		download_repo_tarball
 		exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}"
 	fi
-
-	if [[ $is_analyst ]]; then
-		cd .. || exit 255
-		exec bash so-analyst-install
-	fi
-
 else
 	rm -rf $install_opt_file >> "$setup_log" 2>&1
 fi

+if [[ -z $is_airgap ]]; then
+	percentage=0
+	{
+		installer_progress_loop 'Running preflight checks...' &
+		progress_bg_proc=$!
+		./so-preflight true "$setup_log" >> $setup_log 2>&1
+		preflight_ret=$?
+		echo "$preflight_ret" > /tmp/preflight_ret
+		kill -9 "$progress_bg_proc"
+		wait "$progress_bg_proc" &> /dev/null
+	} | progress '...'
+	[[ -f /tmp/preflight_ret ]] && preflight_ret=$(cat /tmp/preflight_ret)
+	rm /tmp/preflight_ret
+	if [[ -n $preflight_ret && $preflight_ret -gt 0 ]] && ! ( whiptail_preflight_err ); then
+		whiptail_cancel
+	fi
+fi
+
 percentage=0
 {
-	installer_progress_loop & # Run progress bar to 98 in ~8 minutes while waiting for package installs
+	installer_progress_loop 'Checking that all required packages are installed and enabled...' & # Run progress bar to 98 in ~8 minutes while waiting for package installs
 	progress_bg_proc=$!
 	installer_prereq_packages
 	install_success=$?
@@ -941,7 +958,6 @@ if [[ -n $SO_ERROR ]]; then

 	SKIP_REBOOT=1
 	whiptail_setup_failed
-
 else 
 	echo "Successfully completed setup! Continuing with post-installation steps" >> $setup_log 2>&1
 	{
@@ -969,11 +985,16 @@ else
 			so-learn enable logscan --apply >> $setup_log 2>&1
 		fi

+		if [[ -n $ENDGAMEHOST ]]; then
+                        set_progress_str 99 'Configuring firewall for Endgame SMP'
+                        so-firewall --apply includehost endgame $ENDGAMEHOST   >> $setup_log 2>&1
+                fi
+
 	} | whiptail_gauge_post_setup "Running post-installation steps..."

+	echo "Post-installation steps have completed. Awaiting user input to clean up installer." >> $setup_log 2>&1
 	whiptail_setup_complete
 	[[ $setup_type != 'iso' ]] && whitpail_ssh_warning
-	echo "Post-installation steps have completed." >> $setup_log 2>&1
 fi

 install_cleanup >> "$setup_log" 2>&1
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -83,8 +83,8 @@ whiptail_bond_nics_mtu() {
 }

 whiptail_cancel() {
-
-	whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75
+	[ -z "$TESTING" ] && whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75
+	
 	if [ -d "/root/installtmp" ]; then
 		{
 			echo "/root/installtmp exists";
@@ -95,7 +95,7 @@ whiptail_cancel() {

 	title "User cancelled setup."
 	
-	exit
+	exit 1
 }

 whiptail_check_exitstatus() {
@@ -285,7 +285,7 @@ whiptail_storage_requirements() {

 		You need ${needed_val} to meet minimum requirements.

-		Visit https://docs.securityonion.net/en/2.1/hardware.html for more information.
+		Visit https://docs.securityonion.net/en/latest/hardware.html for more information.

 		Select YES to continue anyway, or select NO to cancel.
 	EOM
@@ -505,6 +505,8 @@ whiptail_end_settings() {
 	[[ -n $WEBUSER ]] && __append_end_msg "Web User: $WEBUSER"

 	[[ -n $FLEETNODEUSER ]] && __append_end_msg "Fleet User: $FLEETNODEUSER"
+	
+	[[ -n $FLEETCUSTOMHOSTNAME ]] && __append_end_msg "Fleet Custom Hostname: $FLEETCUSTOMHOSTNAME"

 	if [[ $is_manager ]]; then
 		__append_end_msg "Enabled Optional Components:"
@@ -733,7 +735,7 @@ whiptail_install_type() {

 	# What kind of install are we doing?
 	install_type=$(whiptail --title "$whiptail_title" --radiolist \
-	"Choose install type:" 12 65 5 \
+	"Choose install type. See https://docs.securityonion.net/architecture for details." 12 65 5 \
 		"EVAL" "Evaluation mode (not for production) " ON \
 		"STANDALONE" "Standalone production install " OFF \
 		"DISTRIBUTED" "Distributed install submenu " OFF \
@@ -747,6 +749,11 @@ whiptail_install_type() {

 	if [[ $install_type == "DISTRIBUTED" ]]; then
 		whiptail_install_type_dist
+		if [[ $dist_option == "NEWDEPLOYMENT" ]]; then
+			whiptail_install_type_dist_new
+		else
+			whiptail_install_type_dist_existing
+		fi
 	elif [[ $install_type == "OTHER" ]]; then
 		whiptail_install_type_other
 	fi
@@ -757,13 +764,55 @@ whiptail_install_type() {
 whiptail_install_type_dist() {

 	[ -n "$TESTING" ] && return
+
+	dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \
+		"New Deployment         " "Create a new Security Onion deployment" \
+		"Existing Deployment    " "Join to an exisiting Security Onion deployment " \
+		 3>&1 1>&2 2>&3
+	)
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+
+	dist_option=$(echo "${dist_option^^}" | tr -d ' ')
+}
+
+whiptail_install_type_dist_new() {
+	[ -n "$TESTING" ] && return
+
+	local mngr_msg
+	read -r -d '' mngr_msg <<- EOM
+	Choose a distributed manager type to start a new grid.
 	
-	install_type=$(whiptail --title "$whiptail_title" --radiolist \
-	"Choose distributed node type:" 13 60 6 \
-		"MANAGER" "Start a new grid " ON \
-		"SENSOR" "Create a forward only sensor " OFF \
+	See https://docs.securityonion.net/architecture for details.
+
+	Note: MANAGER is the recommended option for most users. MANAGERSEARCH should only be used in very specific situations.
+	EOM
+	
+	install_type=$(whiptail --title "$whiptail_title" --radiolist "$mngr_msg" 15 75 2 \
+		"MANAGER" "New grid, requires separate search node(s) " ON \
+		"MANAGERSEARCH" "New grid, separate search node(s) are optional " OFF \
+		3>&1 1>&2 2>&3
+	)
+
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+}
+
+whiptail_install_type_dist_existing() {
+	[ -n "$TESTING" ] && return
+
+	local node_msg
+	read -r -d '' node_msg <<- EOM
+	Choose a distributed node type to join to an existing grid.
+	
+	See https://docs.securityonion.net/architecture for details.
+
+	Note: Heavy nodes (HEAVYNODE) are NOT recommended for most users.
+	EOM
+	
+	install_type=$(whiptail --title "$whiptail_title" --radiolist "$node_msg" 17 57 4 \
+		"SENSOR" "Create a forward only sensor " ON \
 		"SEARCHNODE" "Add a search node with parsing " OFF \
-		"MANAGERSEARCH" "Manager + search node " OFF \
 		"FLEET" "Dedicated Fleet Osquery Node " OFF \
 		"HEAVYNODE" "Sensor + Search Node " OFF \
 		3>&1 1>&2 2>&3
@@ -775,8 +824,6 @@ whiptail_install_type_dist() {

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
-
-	export install_type
 }

 whiptail_install_type_other() {
@@ -810,7 +857,6 @@ whiptail_invalid_input() { # TODO: This should accept a list of arguments to spe
 	[ -n "$TESTING" ] && return
 	
 	whiptail --title "$whiptail_title" --msgbox "  Invalid input, please try again." 7 40
-
 }

 whiptail_invalid_proxy() {
@@ -857,10 +903,21 @@ whiptail_invalid_user_warning() {
 whiptail_invalid_hostname() {
 	[ -n "$TESTING" ] && return

+	local is_manager_hostname
+	is_manager_hostname="$1"
+
 	local error_message
-	error_message=$(echo "Please choose a valid hostname. It cannot be localhost; and must contain only \
-		the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \
-		and hyphen ('-')" | tr -d '\t')
+	read -r -d '' error_message <<- EOM
+	Please choose a valid hostname. It cannot be localhost. It must contain only the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', and hyphen ('-').
+	EOM
+
+	if [[ $is_manager_hostname = 0 ]]; then
+		local error_message
+		read -r -d '' error_message <<- EOM
+		Please enter a valid hostname. The manager hostname cannot be localhost or the chosen hostname for this machine. 
+		EOM
+
+	fi

 	whiptail --title "$whiptail_title" \
 	--msgbox "$error_message" 10 75
@@ -905,6 +962,7 @@ whiptail_first_menu_iso() {

 	option=$(echo "${option^^}" | tr -d ' ')
 }
+
 whiptail_make_changes() {

 	[ -n "$TESTING" ] && return
@@ -1487,6 +1545,20 @@ whiptail_patch_schedule_select_hours() {

 }

+whiptail_preflight_err() {
+	[ -n "$TESTING" ] && return 1
+
+	read -r -d '' message <<- EOM
+	The so-preflight script failed checking one or more URLs required by setup. Check $setup_log for more details.
+
+	Would you like to exit setup?
+	EOM
+
+	whiptail --title "$whiptail_title" \
+		--yesno "$message" 11 75 \
+		--yes-button "Continue" --no-button "Exit" --defaultno
+}
+
 whiptail_proxy_ask() {
 	[ -n "$TESTING" ] && return

@@ -1774,7 +1846,7 @@ whiptail_storage_requirements() {

 		You need ${needed_val} to meet minimum requirements.

-		Visit https://docs.securityonion.net/en/2.1/hardware.html for more information.
+		Visit https://docs.securityonion.net/en/latest/hardware.html for more information.

 		Press YES to continue anyway, or press NO to cancel.
 	EOM