CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-31 12:23:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into experimental

Browse Source
This commit is contained in:
William Wernert
2020-12-14 12:32:53 -05:00
parent a533e6fa35 de3f86724a
commit 3e2a9cc884
38 changed files with 2649 additions and 1964 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
setup/automation/aws_standalone_defaults
View File

@@ -26,7 +26,7 @@ ALLOW_ROLE=a
BASICZEEK=7
BASICSURI=7
# BLOGS=
BNICS=ens6
BNICS=eth1
ZEEKVERSION=ZEEK
# CURCLOSEDAYS=
# EVALADVANCED=BASIC
@@ -46,7 +46,7 @@ MANAGERUPDATES=1
# MGATEWAY=
# MIP=
# MMASK=
MNIC=ens5
MNIC=eth0
# MSEARCH=
# MSRV=
# MTU=

52
setup/so-common-functions
View File

@@ -1,52 +0,0 @@
#!/bin/bash
source ./so-variables
source ../salt/common/tools/sbin/so-common
source ../salt/common/tools/sbin/so-image-common
# Helper functions
filter_unused_nics() {
if [[ $MNIC ]]; then local grep_string="$MNIC\|bond0"; else local grep_string="bond0"; fi
# If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string
if [[ $BNICS ]]; then
grep_string="$grep_string"
for BONDNIC in "${BNICS[@]}"; do
grep_string="$grep_string\|$BONDNIC"
done
fi
# Finally, set filtered_nics to any NICs we aren't using (and ignore interfaces that aren't of use)
filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g')
readarray -t filtered_nics <<< "$filtered_nics"
nic_list=()
for nic in "${filtered_nics[@]}"; do
case $(cat "/sys/class/net/${nic}/carrier" 2>/dev/null) in
1)
nic_list+=("$nic" "Link UP " "OFF")
;;
0)
nic_list+=("$nic" "Link DOWN " "OFF")
;;
*)
nic_list+=("$nic" "Link UNKNOWN " "OFF")
;;
esac
done
export nic_list
}
calculate_useable_cores() {
# Calculate reasonable core usage
local cores_for_zeek=$(( (num_cpu_cores/2) - 1 ))
local lb_procs_round
lb_procs_round=$(printf "%.0f\n" $cores_for_zeek)
if [ "$lb_procs_round" -lt 1 ]; then lb_procs=1; else lb_procs=$lb_procs_round; fi
export lb_procs
}

122
setup/so-functions
View File

@@ -15,13 +15,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
source ./so-whiptail
source ./so-variables
source ./so-common-functions
CONTAINER_REGISTRY=quay.io
SOVERSION=$(cat ../VERSION)
# README - DO NOT DEFINE GLOBAL VARIABLES IN THIS FILE. Instead use so-variables.
log() {
msg=$1
@@ -48,6 +42,51 @@ logCmd() {
$cmd >> "$setup_log" 2>&1
}
filter_unused_nics() {
if [[ $MNIC ]]; then local grep_string="$MNIC\|bond0"; else local grep_string="bond0"; fi
# If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string
if [[ $BNICS ]]; then
grep_string="$grep_string"
for BONDNIC in "${BNICS[@]}"; do
grep_string="$grep_string\|$BONDNIC"
done
fi
# Finally, set filtered_nics to any NICs we aren't using (and ignore interfaces that aren't of use)
filtered_nics=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g')
readarray -t filtered_nics <<< "$filtered_nics"
nic_list=()
for nic in "${filtered_nics[@]}"; do
case $(cat "/sys/class/net/${nic}/carrier" 2>/dev/null) in
1)
nic_list+=("$nic" "Link UP " "OFF")
;;
0)
nic_list+=("$nic" "Link DOWN " "OFF")
;;
*)
nic_list+=("$nic" "Link UNKNOWN " "OFF")
;;
esac
done
export nic_list
}
calculate_useable_cores() {
# Calculate reasonable core usage
local cores_for_zeek=$(( (num_cpu_cores/2) - 1 ))
local lb_procs_round
lb_procs_round=$(printf "%.0f\n" $cores_for_zeek)
if [ "$lb_procs_round" -lt 1 ]; then lb_procs=1; else lb_procs=$lb_procs_round; fi
export lb_procs
}
airgap_rules() {
# Copy the rules for suricata if using Airgap
mkdir -p /nsm/repo/rules
@@ -834,9 +873,9 @@ docker_install() {
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
fi
if [[ ! $is_iso ]]; then
yum -y install docker-ce-19.03.12-3.el7 containerd.io-1.2.13-3.2.el7;
yum -y install docker-ce-19.03.14-3.el7 containerd.io-1.2.13-3.2.el7;
fi
yum versionlock docker-ce-19.03.12-3.el7;
yum versionlock docker-ce-19.03.14-3.el7;
yum versionlock containerd.io-1.2.13-3.2.el7
} >> "$setup_log" 2>&1
@@ -884,7 +923,7 @@ docker_registry() {
" \"bip\": \"$DNETBIP\","\
" \"default-address-pools\": ["\
" {"\
" \"base\" : \"$DOCKERNET\","\
" \"base\" : \"$DOCKERNET/24\","\
" \"size\" : 24"\
" }"\
" ]"\
@@ -989,22 +1028,22 @@ fleet_pillar() {
generate_passwords(){
# Generate Random Passwords for Things
MYSQLPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
PLAYBOOKDBPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
PLAYBOOKADMINPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
PLAYBOOKAUTOMATIONPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
FLEETPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
FLEETJWT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
GRAFANAPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
MYSQLPASS=$(get_random_value)
PLAYBOOKDBPASS=$(get_random_value)
PLAYBOOKADMINPASS=$(get_random_value)
PLAYBOOKAUTOMATIONPASS=$(get_random_value)
FLEETPASS=$(get_random_value)
FLEETJWT=$(get_random_value)
GRAFANAPASS=$(get_random_value)
if [[ "$THEHIVE" == "1" ]]; then
HIVEKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
HIVEPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
CORTEXKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
CORTEXORGUSERKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
CORTEXPLAYSECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
HIVEKEY=$(get_random_value)
HIVEPLAYSECRET=$(get_random_value)
CORTEXKEY=$(get_random_value)
CORTEXORGUSERKEY=$(get_random_value)
CORTEXPLAYSECRET=$(get_random_value)
fi
SENSORONIKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
SENSORONIKEY=$(get_random_value)
KRATOSKEY=$(get_random_value)
}
generate_repo_tarball() {
@@ -1221,15 +1260,23 @@ manager_global() {
"elastic:"\
" features: False"\
"elasticsearch:"\
" replicas: 0"\
" true_cluster: False"\
" true_cluster_name: 'so'"\
" replicas: 0" >> "$global_pillar"
if [ -n "$ESCLUSTERNAME" ]; then
printf '%s\n'\
" true_cluster: True"\
" true_cluster_name: '$ESCLUSTERNAME'" >> "$global_pillar"
else
printf '%s\n'\
" true_cluster: False"\
" true_cluster_name: 'so'" >> "$global_pillar"
fi
printf '%s\n'\
" discovery_nodes: 1"\
" hot_warm_enabled: False"\
" cluster_routing_allocation_disk.threshold_enabled: true"\
" cluster_routing_allocation_disk_watermark_low: '95%'"\
" cluster_routing_allocation_disk_watermark_high: '98%'"\
" cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\
" cluster_routing_allocation_disk_watermark_low: '95%'"\
" cluster_routing_allocation_disk_watermark_high: '98%'"\
" cluster_routing_allocation_disk_watermark_flood_stage: '98%'"\
" index_settings:"\
" so-beats:"\
" shards: 1"\
@@ -1308,8 +1355,8 @@ minio_generate_keys() {
local charSet="[:graph:]"
ACCESS_KEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
ACCESS_SECRET=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 40 | head -n 1)
ACCESS_KEY=$(get_random_value)
ACCESS_SECRET=$(get_random_value 40)
}
@@ -1343,8 +1390,15 @@ elasticsearch_pillar() {
"elasticsearch:"\
" mainip: '$MAINIP'"\
" mainint: '$MNIC'"\
" esheap: '$NODE_ES_HEAP_SIZE'"\
" esclustername: {{ grains.host }}"\
" esheap: '$NODE_ES_HEAP_SIZE'" >> "$pillar_file"
if [ -n "$ESCLUSTERNAME" ]; then
printf '%s\n'\
" esclustername: $ESCLUSTERNAME" >> "$pillar_file"
else
printf '%s\n'\
" esclustername: {{ grains.host }}" >> "$pillar_file"
fi
printf '%s\n'\
" node_type: '$NODETYPE'"\
" es_port: $node_es_port"\
" log_size_limit: $log_size_limit"\

17
setup/so-setup
View File

@@ -27,9 +27,19 @@ readarray -t original_args <<< "$@"
cd "$(dirname "$0")" || exit 255
# Source the generic function libraries that are also used by the product after
# setup. These functions are intended to be reusable outside of the setup process.
source ../salt/common/tools/sbin/so-common
source ../salt/common/tools/sbin/so-image-common
# Setup bash functionality is divided into functions and user-facing prompts.
# Do not attempt to re-use any of this functionality outside of setup. Instead,
# if needed, migrated generic functions into so-common.
source ./so-functions
source ./so-common-functions
source ./so-whiptail
# Finally, source the default variable definitions, which require availability of
# functions sourced above.
source ./so-variables
# Parse command line arguments
@@ -382,6 +392,11 @@ fi
if [[ $is_manager && ! $is_eval ]]; then
whiptail_manager_adv
if [ "$MANAGERADV" = 'ADVANCED' ]; then
if [ "$install_type" = 'MANAGER' ] || [ "$install_type" = 'MANAGERSEARCH' ]; then
whiptail_manager_adv_escluster
fi
fi
whiptail_zeek_version
# Don't run this function for now since Snort is not yet supported
# whiptail_nids

4
setup/so-variables
View File

@@ -1,5 +1,7 @@
#!/bin/bash
SOVERSION=$(cat ../VERSION)
total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//')
export total_mem
@@ -12,7 +14,7 @@ export num_cpu_cores
readarray -t cpu_core_list <<< "$(grep "processor" /proc/cpuinfo | grep -v "KVM" | awk '{print $3}')"
export cpu_core_list
random_uid=$(</dev/urandom tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)
random_uid=$(get_random_value 16)
export random_uid
node_es_port=9200

416
setup/so-whiptail
View File

@@ -15,9 +15,6 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
source ./so-variables
source ./so-common-functions
whiptail_airgap() {
[ -n "$TESTING" ] && return
@@ -31,24 +28,6 @@ whiptail_airgap() {
whiptail_check_exitstatus $exitstatus
}
whiptail_basic_zeek() {
[ -n "$TESTING" ] && return
if [[ $is_node && $is_sensor && ! $is_eval ]]; then
local PROCS=$(expr $lb_procs / 2)
if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
else
local PROCS=$lb_procs
fi
BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_basic_suri() {
[ -n "$TESTING" ] && return
@@ -68,15 +47,10 @@ whiptail_basic_suri() {
}
whiptail_zeek_pins() {
whiptail_basic_zeek() {
[ -n "$TESTING" ] && return
local cpu_core_list_whiptail=()
for item in "${cpu_core_list[@]}"; do
cpu_core_list_whiptail+=("$item" "OFF")
done
if [[ $is_node && $is_sensor && ! $is_eval ]]; then
local PROCS=$(expr $lb_procs / 2)
if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
@@ -84,13 +58,11 @@ whiptail_zeek_pins() {
local PROCS=$lb_procs
fi
ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"')
IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS"
}
whiptail_zeek_version() {
@@ -103,47 +75,6 @@ whiptail_zeek_version() {
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_sensor_nics() {
[ -n "$TESTING" ] && return
filter_unused_nics
if [[ $is_ec2 ]]; then
local menu_text="Please select NIC for the Monitor Interface:"
local list_type="radiolist"
else
local menu_text="Please add NICs to the Monitor Interface:"
local list_type="checklist"
fi
BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [ -z "$BNICS" ]
do
BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
BNICS=$(echo "$BNICS" | tr -d '"')
IFS=' ' read -ra BNICS <<< "$BNICS"
for bond_nic in "${BNICS[@]}"; do
if [[ "${nmcli_dev_status_list}" =~ $bond_nic\:unmanaged ]]; then
whiptail \
--title "Security Onion Setup" \
--msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \
8 75
exit
fi
done
}
whiptail_bond_nics_mtu() {
@@ -187,6 +118,13 @@ whiptail_check_exitstatus() {
esac
}
whiptail_components_adv_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75
}
whiptail_create_admin_user() {
[ -n "$TESTING" ] && return
@@ -294,13 +232,6 @@ whiptail_create_web_user() {
whiptail_check_exitstatus $exitstatus
}
whiptail_invalid_user_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
}
whiptail_create_web_user_password1() {
[ -n "$TESTING" ] && return
@@ -546,11 +477,26 @@ whiptail_eval_adv() {
whiptail_check_exitstatus $exitstatus
}
whiptail_components_adv_warning() {
whiptail_fleet_custom_hostname() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75
FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \
"What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_gauge_post_setup() {
if [ -n "$TESTING" ]; then
cat >> $setup_log 2>&1
else
local msg=$1
whiptail --title "Security Onion Setup" --gauge "$msg" 6 60 96
fi
}
whiptail_helix_apikey() {
@@ -677,6 +623,27 @@ whiptail_install_type_other() {
export install_type
}
whiptail_invalid_pass_characters_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75
}
whiptail_invalid_pass_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75
}
whiptail_invalid_user_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
}
whiptail_log_size_limit() {
[ -n "$TESTING" ] && return
@@ -691,6 +658,17 @@ whiptail_log_size_limit() {
}
whiptail_make_changes() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_management_interface_dns() {
[ -n "$TESTING" ] && return
@@ -792,42 +770,7 @@ whiptail_management_interface_setup() {
whiptail_check_exitstatus $exitstatus
}
whiptail_nids() {
[ -n "$TESTING" ] && return
NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \
"Suricata" "Suricata" ON \
"Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_oinkcode() {
[ -n "$TESTING" ] && return
OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your ET Pro or oinkcode:" 10 75 XXXXXXX 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_make_changes() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please select YES to make changes or NO to cancel." 8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_management_server() {
@@ -878,6 +821,30 @@ whiptail_manager_adv() {
}
# Ask if you want to do true clustering
whiptail_manager_adv_escluster(){
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno \
"Do you want to set up a traditional ES cluster?" 8 75
local exitstatus=$?
if [[ $exitstatus == 0 ]]; then
whiptail_manager_adv_escluster_name
fi
}
# Get a cluster name
whiptail_manager_adv_escluster_name(){
[ -n "$TESTING" ] && return
ESCLUSTERNAME=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter a name for your ES cluster!" 10 75 securityonion 3>&1 1>&2 2>&3)
}
# Ask which additional components to install
whiptail_manager_adv_service_zeeklogs() {
@@ -932,6 +899,54 @@ whiptail_manager_adv_service_zeeklogs() {
}
whiptail_manager_updates() {
[ -n "$TESTING" ] && return
local update_string
update_string=$(whiptail --title "Security Onion Setup" --radiolist \
"How would you like to download OS package updates for your grid?" 20 75 4 \
"MANAGER" "Manager node is proxy for updates" ON \
"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
case "$update_string" in
'MANAGER')
export MANAGERUPDATES='1'
;;
*)
export MANAGERUPDATES='0'
;;
esac
}
whiptail_manager_updates_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup"\
--msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\
8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_nids() {
[ -n "$TESTING" ] && return
NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \
"Suricata" "Suricata" ON \
"Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_network_notice() {
[ -n "$TESTING" ] && return
@@ -1017,6 +1032,18 @@ whiptail_node_ls_input_threads() {
}
whiptail_oinkcode() {
[ -n "$TESTING" ] && return
OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your ET Pro or oinkcode:" 10 75 XXXXXXX 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
#TODO: helper function to display error message or exit if batch mode
# exit_if_batch <"Error string"> <Error code (int)>
@@ -1171,6 +1198,21 @@ whiptail_patch_schedule_select_hours() {
}
whiptail_requirements_error() {
local requirement_needed=$1
local current_val=$2
local needed_val=$3
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" \
--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_rule_setup() {
[ -n "$TESTING" ] && return
@@ -1202,6 +1244,46 @@ whiptail_sensor_config() {
}
whiptail_sensor_nics() {
[ -n "$TESTING" ] && return
filter_unused_nics
if [[ $is_ec2 ]]; then
local menu_text="Please select NIC for the Monitor Interface:"
local list_type="radiolist"
else
local menu_text="Please add NICs to the Monitor Interface:"
local list_type="checklist"
fi
BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [ -z "$BNICS" ]
do
BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
BNICS=$(echo "$BNICS" | tr -d '"')
IFS=' ' read -ra BNICS <<< "$BNICS"
for bond_nic in "${BNICS[@]}"; do
if [[ "${nmcli_dev_status_list}" =~ $bond_nic\:unmanaged ]]; then
whiptail \
--title "Security Onion Setup" \
--msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \
8 75
exit
fi
done
}
whiptail_set_hostname() {
[ -n "$TESTING" ] && return
@@ -1335,15 +1417,30 @@ whiptail_so_allow() {
fi
}
whiptail_gauge_post_setup() {
whiptail_storage_requirements() {
local mount=$1
local current_val=$2
local needed_val=$3
if [ -n "$TESTING" ]; then
cat >> $setup_log 2>&1
else
local msg=$1
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --gauge "$msg" 6 60 96
fi
read -r -d '' message <<- EOM
Free space on mount point '${mount}' is currently ${current_val}.
You need ${needed_val} to meet minimum requirements.
Visit https://docs.securityonion.net/en/2.1/hardware.html for more information.
Press YES to continue anyway, or press NO to cancel.
EOM
whiptail \
--title "Security Onion Setup" \
--yesno "$message" \
14 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_strelka_rules() {
@@ -1386,40 +1483,6 @@ whiptail_suricata_pins() {
}
whiptail_manager_updates() {
[ -n "$TESTING" ] && return
local update_string
update_string=$(whiptail --title "Security Onion Setup" --radiolist \
"How would you like to download OS package updates for your grid?" 20 75 4 \
"MANAGER" "Manager node is proxy for updates" ON \
"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
case "$update_string" in
'MANAGER')
export MANAGERUPDATES='1'
;;
*)
export MANAGERUPDATES='0'
;;
esac
}
whiptail_manager_updates_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup"\
--msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\
8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_node_updates() {
[ -n "$TESTING" ] && return
@@ -1457,3 +1520,40 @@ whiptail_you_sure() {
return $exitstatus
}
whiptail_zeek_pins() {
[ -n "$TESTING" ] && return
local cpu_core_list_whiptail=()
for item in "${cpu_core_list[@]}"; do
cpu_core_list_whiptail+=("$item" "OFF")
done
if [[ $is_smooshed ]]; then
local PROCS=$(expr $lb_procs / 2)
if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
else
local PROCS=$lb_procs
fi
ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"')
IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS"
}
whiptail_zeek_version() {
[ -n "$TESTING" ] && return
ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate metadata?" 20 75 4 "ZEEK" "Zeek (formerly known as Bro)" ON \
"SURICATA" "Suricata" OFF 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}