CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

[wip] Test proxy before using it

Browse Source
This commit is contained in:
William Wernert
2021-03-03 15:02:21 -05:00
parent 1ea3cb1c61
commit 3d5cf128ae
3 changed files with 47 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
setup/so-functions
View File

@@ -536,7 +536,8 @@ collect_patch_schedule_name_import() {
} }
collect_proxy() { collect_proxy() {
if whiptail_proxy_ask; then local ask=${1:-true}
if [[ $ask == true ]] && whiptail_proxy_ask; then
whiptail_proxy_addr whiptail_proxy_addr
@@ -1748,7 +1749,6 @@ network_init_whiptail() {
whiptail_management_nic whiptail_management_nic
;; ;;
esac esac
collect_proxy
} }
network_setup() { network_setup() {
@@ -1813,6 +1813,17 @@ print_salt_state_apply() {
echo "Applying $state Salt state" echo "Applying $state Salt state"
} }
proxy_validate() {
local test_url="https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS"
curl "$test_url" --proxy "$so_proxy" &> /dev/null
local ret=$?
if [[ $ret != 0 ]]; then
error "Could not reach $test_url using proxy $so_proxy"
fi
return $ret
}
reserve_group_ids() { reserve_group_ids() {
# This is a hack to fix CentOS from taking group IDs that we need # This is a hack to fix CentOS from taking group IDs that we need
groupadd -g 928 kratos groupadd -g 928 kratos
@@ -2225,6 +2236,7 @@ set_path() {
} }
set_proxy() { set_proxy() {
# Don't proxy localhost, local ip, and management ip # Don't proxy localhost, local ip, and management ip
local no_proxy_string="localhost, 127.0.0.1, ${MAINIP}" local no_proxy_string="localhost, 127.0.0.1, ${MAINIP}"
@@ -2237,6 +2249,8 @@ set_proxy() {
echo "export no_proxy=\"${no_proxy_string}\"" echo "export no_proxy=\"${no_proxy_string}\""
} >> "$profile_d_config_file" } >> "$profile_d_config_file"
source "$profile_d_config_file"
[[ -d '/etc/systemd/system/docker.service.d' ]] || mkdir -p '/etc/systemd/system/docker.service.d' [[ -d '/etc/systemd/system/docker.service.d' ]] || mkdir -p '/etc/systemd/system/docker.service.d'
# Create proxy config for dockerd # Create proxy config for dockerd

17
setup/so-setup
View File

@@ -198,6 +198,14 @@ if ! [[ -f $install_opt_file ]]; then
printf '%s\n' \ printf '%s\n' \
"MNIC=$MNIC" \ "MNIC=$MNIC" \
"HOSTNAME=$HOSTNAME" > "$net_init_file" "HOSTNAME=$HOSTNAME" > "$net_init_file"
if [[ $is_manager ]]; then
collect_proxy
while ! proxy_validate; do
whiptail_invalid_proxy
collect_proxy no_ask
done
[[ -n "$proxy_addr" ]] && set_proxy >> $setup_log 2>&1
fi
whiptail_net_setup_complete whiptail_net_setup_complete
else else
whiptail_install_type whiptail_install_type
@@ -289,6 +297,15 @@ if ! [[ -f $install_opt_file ]]; then
if [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then if [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then
network_init network_init
fi fi
if [[ $is_manager ]]; then
collect_proxy
while ! proxy_validate; do
whiptail_invalid_proxy
collect_proxy no_ask
done
[[ -n "$proxy_addr" ]] && set_proxy >> $setup_log 2>&1
fi
if [[ -n "$TURBO" ]]; then if [[ -n "$TURBO" ]]; then
use_turbo_proxy use_turbo_proxy

15
setup/so-whiptail
View File

@@ -588,8 +588,21 @@ whiptail_invalid_input() { # TODO: This should accept a list of arguments to spe
} }
whiptail_invalid_proxy() {
[ -n "$TESTING" ] && return
local message
read -r -d '' message <<- EOM
Could not reach test url using proxy ${so_proxy}.
Check log for details.
EOM
whiptail --title "Security Onion Setup" --msgbox "$message" 10 60
}
whiptail_invalid_string() { whiptail_invalid_string() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Invalid input, please try again.\n\nThe $1 cannot contain spaces." 9 45 whiptail --title "Security Onion Setup" --msgbox "Invalid input, please try again.\n\nThe $1 cannot contain spaces." 9 45