CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into dev

Browse Source
This commit is contained in:
m0duspwnens
2020-05-12 15:32:39 -04:00
parent 66e48e3294 6b837f80ff
commit 3d643f88fd
7 changed files with 109 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/elasticsearch/files/ingest/common
View File

@@ -4,7 +4,7 @@
{ {
"geoip": { "geoip": {
"field": "destination.ip", "field": "destination.ip",
"target_field": "geo", "target_field": "destination.geo",
"database_file": "GeoLite2-City.mmdb", "database_file": "GeoLite2-City.mmdb",
"ignore_missing": true, "ignore_missing": true,
"properties": ["ip", "country_iso_code", "country_name", "continent_name", "region_iso_code", "region_name", "city_name", "timezone", "location"] "properties": ["ip", "country_iso_code", "country_name", "continent_name", "region_iso_code", "region_name", "city_name", "timezone", "location"]
@@ -13,7 +13,7 @@
{ {
"geoip": { "geoip": {
"field": "source.ip", "field": "source.ip",
"target_field": "geo", "target_field": "source.geo",
"database_file": "GeoLite2-City.mmdb", "database_file": "GeoLite2-City.mmdb",
"ignore_missing": true, "ignore_missing": true,
"properties": ["ip", "country_iso_code", "country_name", "continent_name", "region_iso_code", "region_name", "city_name", "timezone", "location"] "properties": ["ip", "country_iso_code", "country_name", "continent_name", "region_iso_code", "region_name", "city_name", "timezone", "location"]

2
salt/elasticsearch/files/ingest/suricata.alert
View File

@@ -6,6 +6,8 @@
{ "rename":{ "field": "message2.alert", "target_field": "rule", "ignore_failure": true } }, { "rename":{ "field": "message2.alert", "target_field": "rule", "ignore_failure": true } },
{ "rename":{ "field": "rule.signature", "target_field": "rule.name", "ignore_failure": true } }, { "rename":{ "field": "rule.signature", "target_field": "rule.name", "ignore_failure": true } },
{ "rename":{ "field": "rule.ref", "target_field": "rule.version", "ignore_failure": true } }, { "rename":{ "field": "rule.ref", "target_field": "rule.version", "ignore_failure": true } },
{ "rename":{ "field": "rule.signature_id", "target_field": "rule.uuid", "ignore_failure": true } },
{ "rename":{ "field": "rule.signature_id", "target_field": "rule.signature", "ignore_failure": true } },
{ "pipeline": { "name": "suricata.common" } } { "pipeline": { "name": "suricata.common" } }
] ]
} }

5
salt/playbook/files/playbook_db_init.sh Normal file
View File

@@ -0,0 +1,5 @@
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
#!/bin/sh
docker cp /opt/so/saltstack/salt/playbook/files/playbook_db_init.sql so-mysql:/tmp/playbook_db_init.sql
docker exec so-mysql /bin/bash -c "/usr/bin/mysql -b -uroot -p{{MYSQLPASS}} < /tmp/playbook_db_init.sql"

73
salt/playbook/init.sls
View File

@@ -8,49 +8,14 @@
{% if salt['mysql.db_exists']('playbook') %} {% if salt['mysql.db_exists']('playbook') %}
#Playbook database exists - Do nothing #Playbook database exists - Do nothing
{% else %} {% else %}
salt://playbook/files/playbook_db_init.sh:
cmd.script:
- cwd: /root
- template: jinja
{% set PLAYBOOK_DB_COPY = salt['docker.copy_to']('so-mysql','salt://playbook/files/playbook_db_init.sql','/tmp/playbook_db_init.sql',overwrite=True) %} 'sleep 5':
{% set PLAYBOOK_DB_CREATE = salt['docker.run']('so-mysql','/bin/bash -c "/usr/bin/mysql -uroot -p' + MYSQLPASS + ' < /tmp/playbook_db_init.sql"') %} cmd.run
{% if PLAYBOOK_DB_COPY and PLAYBOOK_DB_CREATE %}
PLAYBOOK_DB_INIT_SUCCESS:
test.configurable_test_state:
- changes: False
- result: True
- comment: "Playbook database initialization was successful"
{% else %}
PLAYBOOK_DB_INIT_FAILURE:
test.configurable_test_state:
- changes: False
- result: False
- comment: "Playbook database initialization was not successful"
{% endif %} {% endif %}
{% endif %}
query_updatwebhooks:
mysql_query.run:
- database: playbook
- query: "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
query_updatepluginurls:
mysql_query.run:
- database: playbook
- query: |-
update settings set value =
"--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
project: '1'
convert_url: http://{{MASTERIP}}:7000/playbook/sigmac
create_url: http://{{MASTERIP}}:7000/playbook/play"
where id = 43
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
playbookdbuser: playbookdbuser:
mysql_user.present: mysql_user.present:
@@ -72,6 +37,30 @@ playbookdbdbpriv:
- connection_user: root - connection_user: root
- connection_pass: {{ MYSQLPASS }} - connection_pass: {{ MYSQLPASS }}
query_updatwebhooks:
mysql_query.run:
- database: playbook
- query: "update webhooks set url = 'http://{{MASTERIP}}:7000/playbook/webhook' where project_id = 1"
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
query_updatepluginurls:
mysql_query.run:
- database: playbook
- query: |-
update settings set value =
"--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess
project: '1'
convert_url: http://{{MASTERIP}}:7000/playbook/sigmac
create_url: http://{{MASTERIP}}:7000/playbook/play"
where id = 43
- connection_host: {{ MAINIP }}
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
{% if PLAYBOOKPASS == None %} {% if PLAYBOOKPASS == None %}
playbook_password_none: playbook_password_none:
@@ -92,8 +81,6 @@ so-playbook:
- REDMINE_DB_DATABASE=playbook - REDMINE_DB_DATABASE=playbook
- REDMINE_DB_USERNAME=playbookdbuser - REDMINE_DB_USERNAME=playbookdbuser
- REDMINE_DB_PASSWORD={{ PLAYBOOKPASS }} - REDMINE_DB_PASSWORD={{ PLAYBOOKPASS }}
- binds:
- /opt/so/conf/playbook/redmine.db:/usr/src/redmine/sqlite/redmine.db:rw
- port_bindings: - port_bindings:
- 0.0.0.0:3200:3000 - 0.0.0.0:3200:3000

120
salt/soc/files/soc/soc.json
View File

@@ -82,66 +82,66 @@
"wineventlog": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "computer_name", "event_id", "log_name", "source_name", "task" ] "wineventlog": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "computer_name", "event_id", "log_name", "source_name", "task" ]
}, },
"queries": [ "queries": [
{ "name": "Default Query", "description": "Show all events grouped by the origin host", "query": "* | groupby syslog-host_from"}, { "name": "Default Query", "description": "Show all events grouped by the origin host", "query": "* | groupby observer.name.keyword"},
{ "name": "", "description": "", "query": "_type:elastalert | groupby rule_name"}, { "name": "Elastalerts", "description": "", "query": "_type:elastalert | groupby rule.name.keyword"},
{ "name": "", "description": "", "query": "event_type:ossec AND alert | groupby classification,description"}, { "name": "Alerts", "description": "Show all alerts grouped by alert source", "query": "event.dataset.keyword: alert | groupby event.module.keyword"},
{ "name": "", "description": "", "query": "event_type:ossec AND alert | groupby command"}, { "name": "NIDS Alerts", "description": "Show all NIDS alerts grouped by alert name", "query": "event.category: network AND event.dataset: alert | groupby rule.name.keyword"},
{ "name": "", "description": "", "query": "event_type:ossec AND alert | groupby process"}, { "name": "OSSEC Alerts", "description": "", "query": "event_type:ossec AND alert | groupby rule.category.keyword"},
{ "name": "", "description": "", "query": "event_type:ossec AND alert | groupby username"}, { "name": "OSSEC Commands", "description": "", "query": "event_type:ossec AND alert | groupby process.command_line.keyword"},
{ "name": "", "description": "", "query": "event_type:snort | groupby category,classification,alert"}, { "name": "OSSEC Processes", "description": "", "query": "event_type:ossec AND alert | groupby process.name.keyword"},
{ "name": "", "description": "", "query": "event_type:sysmon | groupby event_id"}, { "name": "OSSEC Users", "description": "", "query": "event_type:ossec AND alert | groupby user.name.keyword"},
{ "name": "", "description": "", "query": "event_type:sysmon | groupby username"}, { "name": "SYSMON", "description": "", "query": "event_type:sysmon | groupby event_id"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:notice | groupby note,msg"}, { "name": "SYSMON", "description": "", "query": "event_type:sysmon | groupby username"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:conn | groupby source.ip,destination.ip,protocol,destination.port"}, { "name": "Zeek Notice", "description": "Show notices from Zeek", "query": "event.module.keyword:zeek AND event.dataset:notice | groupby notice.note.keyword,notice.message.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:conn | groupby service,destination.port"}, { "name": "Connections", "description": "Connections grouped by IP and Port", "query": "event.module.keyword:zeek AND event.dataset:conn | groupby source.ip.keyword,destination.ip.keyword,network.protocol.keyword,destination.port"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:conn | groupby destination_geo.country_name"}, { "name": "Connections", "description": "Connections grouped by Service", "query": "event.module.keyword:zeek AND event.dataset:conn | groupby network.protocol.keyword,destination.port"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:conn | groupby source_geo.country_name"}, { "name": "Connections", "description": "Connections grouped by destination Geo", "query": "event.module.keyword:zeek AND event.dataset:conn | groupby destination_geo.country_name"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:dce_rpc | groupby operation"}, { "name": "Connections", "description": "Connections grouped by source Geo", "query": "event.module.keyword:zeek AND event.dataset:conn | groupby source.geo.country_name.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:dhcp | groupby hostname,domain_name,destination.ip"}, { "name": "DCE_RPC", "description": "DCE_RPC grouped by operation", "query": "event.module.keyword:zeek AND event.dataset:dce_rpc | groupby operation.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:dhcp | groupby message_types"}, { "name": "DHCP", "description": "DHCP leases", "query": "event.module.keyword:zeek AND event.dataset:dhcp | groupby host.hostname.keyword,host.domain.keyword,destination.ip.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:dnp3 | groupby fc_reply"}, { "name": "DHCP", "description": "DHCP grouped by message type", "query": "event.module.keyword:zeek AND event.dataset:dhcp | groupby message_types.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:dns | groupby query,destination.port"}, { "name": "DNP3", "description": "DNP3 grouped by reply", "query": "event.module.keyword:zeek AND event.dataset:dnp3 | groupby dnp3.fc_reply.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:dns | groupby query_type_name,destination.port"}, { "name": "DNS", "description": "DNS queries grouped by port ", "query": "event.module.keyword:zeek AND event.dataset:dns | groupby dns.query.name.keyword,destination.port"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:dns | groupby highest_registered_domain"}, { "name": "DNS", "description": "DNS queries grouped by type", "query": "event.module.keyword:zeek AND event.dataset:dns | groupby dns.query.type_name.keyword,destination.port"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:dns | groupby parent_domain"}, { "name": "DNS", "description": "DNS highest registered domain", "query": "event.module.keyword:zeek AND event.dataset:dns | groupby highest_registered_domain"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:files | groupby mimetype,source"}, { "name": "DNS", "description": "DNS grouped by parent domain", "query": "event.module.keyword:zeek AND event.dataset:dns | groupby parent_domain"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:ftp | groupby ftp_argument"}, { "name": "Files", "description": "Files grouped by mimetype", "query": "event.module.keyword:zeek AND event.dataset:files | groupby file.mime_type.keyword source.ip.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:ftp | groupby ftp_command"}, { "name": "FTP", "description": "FTP grouped by argument", "query": "event.module.keyword:zeek AND event.dataset:ftp | groupby ftp_argument"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:ftp | groupby username"}, { "name": "FTP", "description": "FTP grouped by command", "query": "event.module.keyword:zeek AND event.dataset:ftp | groupby ftp.command.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:http | groupby destination.port"}, { "name": "FTP", "description": "FTP grouped by username", "query": "event.module.keyword:zeek AND event.dataset:ftp | groupby ftp.user.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:http | groupby method"}, { "name": "HTTP", "description": "HTTP grouped by destination port", "query": "event.module.keyword:zeek AND event.dataset:http | groupby destination.port"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:http | groupby status_code"}, { "name": "HTTP", "description": "HTTP grouped by method", "query": "event.module.keyword:zeek AND event.dataset:http | groupby http.method.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:http | groupby status_message"}, { "name": "HTTP", "description": "HTTP grouped by status code", "query": "event.module.keyword:zeek AND event.dataset:http | groupby http.status_code"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:http | groupby useragent"}, { "name": "HTTP", "description": "HTTP grouped by status message", "query": "event.module.keyword:zeek AND event.dataset:http | groupby http.status_message.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:http | groupby virtual_host"}, { "name": "HTTP", "description": "HTTP grouped by user agent", "query": "event.module.keyword:zeek AND event.dataset:http | groupby http.useragent.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:http AND resp_mime_types:dosexec | groupby virtual_host"}, { "name": "HTTP", "description": "HTTP grouped by virtual host", "query": "event.module.keyword:zeek AND event.dataset:http | groupby http.virtual_host.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:intel | groupby indicator"}, { "name": "HTTP", "description": "HTTP with exe downloads", "query": "event.module.keyword:zeek AND event.dataset:http AND resp_mime_types:dosexec | groupby http.virtual_host.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:irc | groupby irc_command"}, { "name": "Intel", "description": "Intel framework hits grouped by indicator", "query": "event.module.keyword:zeek AND event.dataset:intel | groupby intel.indicator.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:kerberos | groupby service"}, { "name": "IRC", "description": "IRC grouped by command", "query": "event.module.keyword:zeek AND event.dataset:irc | groupby irc.command.type.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:modbus | groupby function"}, { "name": "KERBEROS", "description": "KERBEROS grouped by service", "query": "event.module.keyword:zeek AND event.dataset:kerberos | groupby kerberos.service.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:mysql | groupby mysql_command"}, { "name": "MODBUS", "description": "MODBUS grouped by function", "query": "event.module.keyword:zeek AND event.dataset:modbus | groupby modbus.function.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:notice | groupby note"}, { "name": "MYSQL", "description": "MYSQL grouped by command", "query": "event.module.keyword:zeek AND event.dataset:mysql | groupby mysql.command.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:notice | groupby msg"}, { "name": "NOTICE", "description": "Zeek notice logs grouped by note", "query": "event.module.keyword:zeek AND event.dataset:notice | groupby notice.note.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:ntlm | groupby server_dns_computer_name"}, { "name": "NOTICE", "description": "Zeek notice logs grouped by message", "query": "event.module.keyword:zeek AND event.dataset:notice | groupby notice.message.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:pe | groupby machine,os,subsystem"}, { "name": "NTLM", "description": "NTLM grouped by computer name", "query": "event.module.keyword:zeek AND event.dataset:ntlm | groupby ntlm.server.dns.name.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:radius | groupby username"}, { "name": "PE", "description": "PE files list", "query": "event.module.keyword:zeek AND event.dataset:pe | groupby file.machine.keyword,file.os.keyword,file.subsystem.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:rdp | groupby client_name"}, { "name": "RADIUS", "description": "RADIUS grouped by username", "query": "event.module.keyword:zeek AND event.dataset:radius | groupby user.name.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:rfb | groupby desktop_name"}, { "name": "RDP", "description": "RDP grouped by client name", "query": "event.module.keyword:zeek AND event.dataset:rdp | groupby client.name.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:signatures | groupby signature_id"}, { "name": "RFB", "description": "RFB grouped by desktop name", "query": "event.module.keyword:zeek AND event.dataset:rfb | groupby rfp.desktop.name.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:sip | groupby user_agent"}, { "name": "Signatures", "description": "Zeek signatures grouped by signature id", "query": "event.module.keyword:zeek AND event.dataset:signatures | groupby signature_id"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:smb_files | groupby action"}, { "name": "SIP", "description": "SIP grouped by user agent", "query": "event.module.keyword:zeek AND event.dataset:sip | groupby client.user_agent.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:smb_mapping | groupby path"}, { "name": "SMB_Files", "description": "SMB files grouped by action", "query": "event.module.keyword:zeek AND event.dataset:smb_files | groupby file.action.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:smtp | groupby subject"}, { "name": "SMB_Mapping", "description": "SMB mapping grouped by path", "query": "event.module.keyword:zeek AND event.dataset:smb_mapping | groupby file.path.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:snmp | groupby community,version"}, { "name": "SMTP", "description": "SMTP grouped by subject", "query": "event.module.keyword:zeek AND event.dataset:smtp | groupby smtp.subject.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:software | groupby software_type,name"}, { "name": "SNMP", "description": "SNMP grouped by version and string", "query": "event.module.keyword:zeek AND event.dataset:snmp | groupby snmp.community.keyword,snmp.version.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:ssh | groupby version"}, { "name": "Software", "description": "List of software seen on the network", "query": "event.module.keyword:zeek AND event.dataset:software | groupby software.type.keyword,software.name.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:ssl | groupby version,server_name"}, { "name": "SSH", "description": "SSH grouped by version", "query": "event.module.keyword:zeek AND event.dataset:ssh | groupby ssh.version.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:syslog | groupby severity,facility"}, { "name": "SSL", "description": "SSL grouped by version and server name", "query": "event.module.keyword:zeek AND event.dataset:ssl | groupby ssl.version.keyword,ssl.server_name.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:tunnels | groupby action"}, { "name": "SYSLOG", "description": "SYSLOG grouped by severity and facility ", "query": "event.module.keyword:zeek AND event.dataset:syslog | groupby syslog.severity.keyword,syslog.facility.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:weird | groupby name"}, { "name": "Tunnels", "description": "Tunnels grouped by action", "query": "event.module.keyword:zeek AND event.dataset:tunnels | groupby event.action.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:x509 | groupby certificate_country_code"}, { "name": "Weird", "description": "Zeek weird log grouped by name", "query": "event.module.keyword:zeek AND event.dataset:weird | groupby weird.name.keyword"},
{ "name": "", "description": "", "query": "event.type:zeek AND event.dataset:x509 | groupby certificate_key_length"}, { "name": "x509", "description": "x.509 grouped by key length", "query": "event.module.keyword:zeek AND event.dataset:x509 | groupby x509.certificate.key.length"},
{ "name": "", "description": "", "query": "event_type:firewall | groupby action"} { "name": "Firewall", "description": "Firewall events grouped by action", "query": "event_type:firewall | groupby action"}
] ]
} }
} }

6
salt/top.sls
View File

@@ -97,6 +97,12 @@ base:
{%- if THEHIVE != 0 %} {%- if THEHIVE != 0 %}
- hive - hive
{%- endif %} {%- endif %}
{%- if PLAYBOOK != 0 %}
- playbook
{%- endif %}
{%- if NAVIGATOR != 0 %}
- navigator
{%- endif %}
{%- if FREQSERVER != 0 %} {%- if FREQSERVER != 0 %}
- freqserver - freqserver
{%- endif %} {%- endif %}

4
setup/so-functions
View File

@@ -94,7 +94,7 @@ wait_for_file() {
while [[ $cur_attempts < $max_attempts ]]; do while [[ $cur_attempts < $max_attempts ]]; do
if [ -f "$filename" ]; then if [ -f "$filename" ]; then
echo "File $filename already exists at $date" >> "$setup_log" 2>&1 echo "File $filename already exists at $date" >> "$setup_log" 2>&1
return return 0
else else
echo "File $filename does not exist; waiting ${wait_interval}s then checking again ($cur_attempts/$max_attempts)..." >> "$setup_log" 2>&1 echo "File $filename does not exist; waiting ${wait_interval}s then checking again ($cur_attempts/$max_attempts)..." >> "$setup_log" 2>&1
((cur_attempts++)) ((cur_attempts++))
@@ -198,7 +198,7 @@ check_hive_init_then_reboot() {
local return_val local return_val
return_val="$(wait_for_file /opt/so/state/thehive.txt 20 5)" return_val="$(wait_for_file /opt/so/state/thehive.txt 20 5)"
if [ "$return_val" != 0 ]; then if [[ "$return_val" != 0 ]]; then
return "$return_val" return "$return_val"
fi fi