From 3ee09db7521878ffbbd42f04b73e3a2fe41f13b5 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 13 Apr 2022 13:39:48 -0400
Subject: [PATCH] added warning about installing and ensure can only install
 workstation on centos

---
 salt/common/tools/sbin/so-analyst-install |  7 ++++---
 salt/workstation/packages.sls             | 11 +++++++++++
 salt/workstation/remove_gui.sls           | 10 ++++++++++
 salt/workstation/trusted-ca.sls           | 23 +++++++++++++++++------
 salt/workstation/xwindows.sls             | 12 ++++++++++++
 5 files changed, 54 insertions(+), 9 deletions(-)

diff --git a/salt/common/tools/sbin/so-analyst-install b/salt/common/tools/sbin/so-analyst-install
index 11e478ca9..65f78921c 100755
--- a/salt/common/tools/sbin/so-analyst-install
+++ b/salt/common/tools/sbin/so-analyst-install
@@ -14,13 +14,14 @@
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-{# we only want the script to install the workstation if it is CentOS #}
+
+doc_workstation_url="https://docs.securityonion.net/en/2.3/analyst-vm.html"
+{# we only want the script to install the workstation if it is CentOS -#}
 {% if grains.os == 'CentOS' -%}
 {#   if this is a manager -#}
 {%   if grains.master == grains.id.split('_')|first -%}
 
 source /usr/sbin/so-common
-doc_workstation_url="https://docs.securityonion.net/en/2.3/analyst-vm.html"
 pillar_file="/opt/so/saltstack/local/pillar/minions/{{grains.id}}.sls"
 
 if [ -f "$pillar_file" ]; then
@@ -51,7 +52,7 @@ if [ -f "$pillar_file" ]; then
       echo "Exiting analyst node installation."
       exit 0
     fi
-    
+
     # Add workstation pillar to the minion's pillar file
     printf '%s\n'\
       "workstation:"\
diff --git a/salt/workstation/packages.sls b/salt/workstation/packages.sls
index 3d4794fb5..6f31bcceb 100644
--- a/salt/workstation/packages.sls
+++ b/salt/workstation/packages.sls
@@ -1,3 +1,6 @@
+{# we only want this state to run it is CentOS #}
+{% if grains.os == 'CentOS' %}
+
 xwindows_group:
   pkg.group_installed:
     - name: X Window System
@@ -45,3 +48,11 @@ workstation_packages:
       - perl-Net-DNS
       - securityonion-chaosreader
       - securityonion-analyst-extras
+
+{% else %}
+
+workstation_packages_os_fail:
+  test.fail_without_changes:
+    - comment: 'SO Analyst Workstation can only be installed on CentOS'
+
+{% endif %}
diff --git a/salt/workstation/remove_gui.sls b/salt/workstation/remove_gui.sls
index 96880a5ab..097e23151 100644
--- a/salt/workstation/remove_gui.sls
+++ b/salt/workstation/remove_gui.sls
@@ -1,5 +1,15 @@
+{# we only want this state to run it is CentOS #}
+{% if grains.os == 'CentOS' %}
+
 remove_graphical_target:
   file.symlink:
     - name: /etc/systemd/system/default.target
     - target: /lib/systemd/system/multi-user.target
     - force: True
+
+{% else %}
+workstation_trusted-ca_os_fail:
+  test.fail_without_changes:
+    - comment: 'SO Analyst Workstation can only be installed on CentOS'
+
+{% endif %}
diff --git a/salt/workstation/trusted-ca.sls b/salt/workstation/trusted-ca.sls
index 6d86a8157..78104be4a 100644
--- a/salt/workstation/trusted-ca.sls
+++ b/salt/workstation/trusted-ca.sls
@@ -1,16 +1,19 @@
    
-    {% set global_ca_text = [] %}
-    {% set global_ca_server = [] %}
-    {% set manager = salt['grains.get']('master') %}
-    {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
+{# we only want this state to run it is CentOS #}
+{% if grains.os == 'CentOS' %}
+
+  {% set global_ca_text = [] %}
+  {% set global_ca_server = [] %}
+  {% set manager = salt['grains.get']('master') %}
+  {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
     {% for host in x509dict %}
       {% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import'] %}
         {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
         {% do global_ca_server.append(host) %}
       {% endif %}
     {% endfor %}
-    {% set trusttheca_text = global_ca_text[0] %}
-    {% set ca_server = global_ca_server[0] %}
+  {% set trusttheca_text = global_ca_text[0] %}
+  {% set ca_server = global_ca_server[0] %}
 
 trusted_ca:
   x509.pem_managed:
@@ -22,3 +25,11 @@ update_ca_certs:
     - name: update-ca-trust
     - onchanges:
       - x509: trusted_ca
+
+{% else %}
+
+workstation_trusted-ca_os_fail:
+  test.fail_without_changes:
+    - comment: 'SO Analyst Workstation can only be installed on CentOS'
+
+{% endif %}
diff --git a/salt/workstation/xwindows.sls b/salt/workstation/xwindows.sls
index c4d870f07..015fb0d3c 100644
--- a/salt/workstation/xwindows.sls
+++ b/salt/workstation/xwindows.sls
@@ -1,3 +1,7 @@
+
+{# we only want this state to run it is CentOS #}
+{% if grains.os == 'CentOS' %}
+
 include:
   - workstation.packages
 
@@ -9,3 +13,11 @@ graphical_target:
     - require:
       - pkg: X Window System
       - pkg: graphical_extras
+
+{% else %}
+
+workstation_xwindows_os_fail:
+  test.fail_without_changes:
+    - comment: 'SO Analyst Workstation can only be installed on CentOS'
+
+{% endif %}