diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index d73ec18f2..380625e08 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -48,7 +48,7 @@ add_interface_bond0() {
esac
for i in rx tx sg tso ufo gso gro lro; do
- if [[ $verbose != true ]]; then
+ if [[ $verbose == true ]]; then
ethtool -K "$BNIC" $i off
else
ethtool -K "$BNIC" $i off &>/dev/null
@@ -75,7 +75,7 @@ add_interface_bond0() {
ip link set dev "$BNIC" arp off multicast off allmulticast off promisc on
# Bring the slave interface up
- if [[ $verbose != true ]]; then
+ if [[ $verbose == true ]]; then
nmcli con up "bond0-slave-$BNIC"
else
nmcli con up "bond0-slave-$BNIC" &>/dev/null
diff --git a/salt/common/tools/sbin/so-monitor-add b/salt/common/tools/sbin/so-monitor-add
index 7eb100ee8..8b351558f 100644
--- a/salt/common/tools/sbin/so-monitor-add
+++ b/salt/common/tools/sbin/so-monitor-add
@@ -2,6 +2,4 @@
. /usr/sbin/so-common
-set -e
-
add_interface_bond0 "$1"
diff --git a/salt/common/tools/sbin/so-test b/salt/common/tools/sbin/so-test
index 8e981aecf..b52fa02ac 100755
--- a/salt/common/tools/sbin/so-test
+++ b/salt/common/tools/sbin/so-test
@@ -15,4 +15,4 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-so-tcpreplay /opt/samples/*
+so-tcpreplay /opt/samples/* 2> /dev/null
diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 5ee403418..811f161e9 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -103,7 +103,7 @@ update_registry() {
check_airgap() {
# See if this is an airgap install
- AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap | awk '{print $2}')
+ AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap: | awk '{print $2}')
if [[ "$AIRGAP" == "True" ]]; then
is_airgap=0
UPDATE_DIR=/tmp/soagupdate/SecurityOnion
diff --git a/salt/influxdb/etc/influxdb.conf b/salt/influxdb/etc/influxdb.conf
index 32f78ff40..86c1ccfe8 100644
--- a/salt/influxdb/etc/influxdb.conf
+++ b/salt/influxdb/etc/influxdb.conf
@@ -550,6 +550,25 @@
# "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
# "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
# ]
+ ciphers = [
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+ "TLS_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_RSA_WITH_AES_128_CBC_SHA256",
+ "TLS_RSA_WITH_AES_128_GCM_SHA256",
+ "TLS_RSA_WITH_AES_256_CBC_SHA",
+ "TLS_RSA_WITH_AES_256_GCM_SHA384",
+ ]
# Minimum version of the tls protocol that will be negotiated. If not specified, uses the
# default settings from Go's crypto/tls package.
diff --git a/salt/soc/files/soc/custom.js b/salt/soc/files/soc/custom.js
new file mode 100644
index 000000000..b23b7c36b
--- /dev/null
+++ b/salt/soc/files/soc/custom.js
@@ -0,0 +1,24 @@
+// Copyright 2019 Jason Ertel (jertel). All rights reserved.
+// Copyright 2021 Security Onion Solutions, LLC. All rights reserved.
+//
+// This program is distributed under the terms of version 2 of the
+// GNU General Public License. See LICENSE for further details.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+/*
+
+ *** WARNING *** WARNING *** WARNING ***
+
+ Future upgrades of Security Onion are NOT guaranteed to work
+ with any content added to this file. Knowing this, it is strongly
+ suggested to avoid and/or minimize the extent of any
+ content placed here so that upgrading to newer version of
+ Security Onion do not become a burden.
+
+ Example:
+
+ i18n.translations["en-US"].loginHeader = "Unauthorized use of this computer system is prohibited...";
+*/
diff --git a/salt/soc/init.sls b/salt/soc/init.sls
index cc8aee048..0f58aab32 100644
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -46,6 +46,15 @@ socchanges:
- mode: 600
- template: jinja
+soccustom:
+ file.managed:
+ - name: /opt/so/conf/soc/custom.js
+ - source: salt://soc/files/soc/custom.js
+ - user: 939
+ - group: 939
+ - mode: 600
+ - template: jinja
+
so-soc:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }}
@@ -55,6 +64,7 @@ so-soc:
- /nsm/soc/jobs:/opt/sensoroni/jobs:rw
- /opt/so/conf/soc/soc.json:/opt/sensoroni/sensoroni.json:ro
- /opt/so/conf/soc/changes.json:/opt/sensoroni/html/changes.json:ro
+ - /opt/so/conf/soc/custom.js:/opt/sensoroni/html/js/custom.js:ro
- /opt/so/log/soc/:/opt/sensoroni/logs/:rw
{%- if salt['pillar.get']('nodestab', {}) %}
- extra_hosts:
diff --git a/setup/automation/distributed-airgap-search b/setup/automation/distributed-airgap-search
index aec7afd31..1c0ff1254 100644
--- a/setup/automation/distributed-airgap-search
+++ b/setup/automation/distributed-airgap-search
@@ -49,7 +49,7 @@ MANAGERUPDATES=1
MNIC=eth0
# MSEARCH=
MSRV=distributed-manager
-MSRVIP=10.66.166.42
+MSRVIP=10.66.166.52
# MTU=
# NIDS=Suricata
# NODE_ES_HEAP_SIZE=
diff --git a/setup/automation/distributed-airgap-sensor b/setup/automation/distributed-airgap-sensor
index 4cc3f6a75..1afbafbf9 100644
--- a/setup/automation/distributed-airgap-sensor
+++ b/setup/automation/distributed-airgap-sensor
@@ -49,7 +49,7 @@ MANAGERUPDATES=1
MNIC=eth0
# MSEARCH=
MSRV=distributed-manager
-MSRVIP=10.66.166.42
+MSRVIP=10.66.166.52
# MTU=
# NIDS=Suricata
# NODE_ES_HEAP_SIZE=
diff --git a/setup/so-functions b/setup/so-functions
index 83a3ec7fd..c462280ab 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -129,19 +129,6 @@ add_admin_user() {
}
-add_manager_hostfile() {
-
- [ -n "$TESTING" ] && return
-
- echo "Checking if I can resolve manager. If not add to hosts file" >> "$setup_log" 2>&1
- # Pop up an input to get the IP address
- MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your Manager Server IP Address:" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
-
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
-}
-
add_mngr_ip_to_hosts() {
echo "$MSRVIP $MSRV" >> /etc/hosts
}
@@ -361,7 +348,7 @@ collect_adminuser_inputs() {
while ! valid_username "$ADMINUSER"; do
whiptail_invalid_input
- whiptail_create_admin_user
+ whiptail_create_admin_user "$ADMINUSER"
done
APMATCH=no
@@ -373,62 +360,62 @@ collect_adminuser_inputs() {
}
collect_cur_close_days() {
- whiptail_cur_close_days
+ whiptail_cur_close_days "$CURCLOSEDAYS"
while ! valid_int "$CURCLOSEDAYS" "1"; do
whiptail_invalid_input
- whiptail_cur_close_days
+ whiptail_cur_close_days "$CURCLOSEDAYS"
done
}
collect_dns() {
- whiptail_management_interface_dns
+ whiptail_management_interface_dns "8.8.8.8,8.8.4.4"
while ! valid_dns_list "$MDNS"; do
whiptail_invalid_input
- whiptail_management_interface_dns
+ whiptail_management_interface_dns "$MDNS"
done
MDNS=$(echo "$MDNS" | tr -s "," " ") # MDNS needs to be space separated, we prompt for comma separated for consistency
}
collect_dns_domain() {
- whiptail_management_interface_dns_search
+ whiptail_management_interface_dns_search "searchdomain.local"
while ! valid_fqdn "$MSEARCH"; do
whiptail_invalid_input
- whiptail_management_interface_dns_search
+ whiptail_management_interface_dns_search "$MSEARCH"
done
}
collect_dockernet() {
if ! whiptail_dockernet_check; then
- whiptail_dockernet_net
+ whiptail_dockernet_net "172.17.0.0"
while ! valid_ip4 "$DOCKERNET"; do
whiptail_invalid_input
- whiptail_dockernet_net
+ whiptail_dockernet_net "$DOCKERNET"
done
fi
}
collect_es_cluster_name() {
if whiptail_manager_adv_escluster; then
- whiptail_manager_adv_escluster_name
+ whiptail_manager_adv_escluster_name "securityonion"
while ! valid_string "$ESCLUSTERNAME"; do
whiptail_invalid_string "ES cluster name"
- whiptail_manager_adv_escluster_name
+ whiptail_manager_adv_escluster_name "$ESCLUSTERNAME"
done
fi
}
collect_es_space_limit() {
- whiptail_log_size_limit
+ whiptail_log_size_limit "$log_size_limit"
while ! valid_int "$log_size_limit" "1"; do # Upper/lower bounds?
whiptail_invalid_input
- whiptail_log_size_limit
+ whiptail_log_size_limit "$log_size_limit"
done
}
@@ -437,20 +424,17 @@ collect_fleet_custom_hostname_inputs() {
while ! valid_fqdn "$FLEETCUSTOMHOSTNAME" || [[ $FLEETCUSTOMHOSTNAME != "" ]]; do
whiptail_invalid_input
- whiptail_fleet_custom_hostname
+ whiptail_fleet_custom_hostname "$FLEETCUSTOMHOSTNAME"
done
}
+# Get a username & password for the Fleet admin user
collect_fleetuser_inputs() {
- # Get a username & password for the Fleet admin user
- local valid_user=no
- while [[ $valid_user != yes ]]; do
- whiptail_create_fleet_node_user
- if so-user valemail "$FLEETNODEUSER" >> "$setup_log" 2>&1; then
- valid_user=yes
- else
- whiptail_invalid_user_warning
- fi
+ whiptail_create_fleet_node_user
+
+ while ! so-user valemail "$FLEETNODEUSER" >> "$setup_log" 2>&1; do
+ whiptail_invalid_user_warning
+ whiptail_create_fleet_node_user "$FLEETNODEUSER"
done
FPMATCH=no
@@ -470,7 +454,7 @@ collect_gateway() {
while ! valid_ip4 "$MGATEWAY"; do
whiptail_invalid_input
- whiptail_management_interface_gateway
+ whiptail_management_interface_gateway "$MGATEWAY"
done
}
@@ -479,11 +463,11 @@ collect_helix_key() {
}
collect_homenet_mngr() {
- whiptail_homenet_manager
+ whiptail_homenet_manager "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12"
while ! valid_cidr_list "$HNMANAGER"; do
whiptail_invalid_input
- whiptail_homenet_manager
+ whiptail_homenet_manager "$HNMANAGER"
done
}
@@ -491,24 +475,23 @@ collect_homenet_snsr() {
if whiptail_homenet_sensor_inherit; then
export HNSENSOR=inherit
else
- whiptail_homenet_sensor
+ whiptail_homenet_sensor "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12"
while ! valid_cidr_list "$HNSENSOR"; do
whiptail_invalid_input
- whiptail_homenet_sensor
+ whiptail_homenet_sensor "$HNSENSOR"
done
fi
}
collect_hostname() {
- HOSTNAME=$(cat /etc/hostname)
- if [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi
+ if [[ $automated == no ]] && [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi
- whiptail_set_hostname
+ whiptail_set_hostname "$HOSTNAME"
while ! valid_hostname "$HOSTNAME"; do
whiptail_invalid_hostname
- whiptail_set_hostname
+ whiptail_set_hostname "$HOSTNAME"
done
}
@@ -517,7 +500,7 @@ collect_int_ip_mask() {
while ! valid_cidr "$manager_ip_mask"; do
whiptail_invalid_input
- whiptail_management_interface_ip_mask
+ whiptail_management_interface_ip_mask "$manager_ip_mask"
done
MIP=$(echo "$manager_ip_mask" | sed 's/\/.*//' )
@@ -529,74 +512,81 @@ collect_mngr_hostname() {
while ! valid_hostname "$MSRV"; do
whiptail_invalid_hostname
- whiptail_management_server
+ whiptail_management_server "$MSRV"
done
if ! getent hosts "$MSRV"; then
- add_manager_hostfile
+ whiptail_manager_ip
+
+ while ! valid_ip4 "$MSRVIP"; do
+ whiptail_invalid_input
+ whiptail_manager_ip "$MSRVIP"
+ done
else
MSRVIP=$(getent hosts "$MSRV" | awk 'NR==1{print $1}')
fi
}
collect_mtu() {
- whiptail_bond_nics_mtu
+ whiptail_bond_nics_mtu "1500"
while ! valid_int "$MTU" "68"; do
whiptail_invalid_input
- whiptail_bond_nics_mtu
+ whiptail_bond_nics_mtu "$MTU"
done
}
collect_node_es_heap() {
- whiptail_node_es_heap
+ whiptail_node_es_heap "$ES_HEAP_SIZE"
while ! valid_int "$NODE_ES_HEAP_SIZE"; do
whiptail_invalid_input
- whiptail_node_es_heap
+ whiptail_node_es_heap "$NODE_ES_HEAP_SIZE"
done
}
collect_node_ls_heap() {
- whiptail_node_ls_heap
+ whiptail_node_ls_heap "$LS_HEAP_SIZE"
while ! valid_int "$NODE_LS_HEAP_SIZE"; do
whiptail_invalid_input
- whiptail_node_ls_heap
+ whiptail_node_ls_heap "$NODE_LS_HEAP_SIZE"
done
}
collect_node_ls_input() {
- whiptail_node_ls_input_threads
+ whiptail_node_ls_input_threads "1"
+
while ! valid_int "$LSINPUTTHREADS"; do
whiptail_invalid_input
- whiptail_node_ls_input_threads
+ whiptail_node_ls_input_threads "$LSINPUTTHREADS"
done
}
collect_node_ls_pipeline_batch_size() {
- whiptail_node_ls_pipline_batchsize
+ whiptail_node_ls_pipline_batchsize "125"
while ! valid_int "$LSPIPELINEBATCH"; do
whiptail_invalid_input
- whiptail_node_ls_pipline_batchsize
+ whiptail_node_ls_pipline_batchsize "$LSPIPELINEBATCH"
done
}
collect_node_ls_pipeline_worker_count() {
- whiptail_node_ls_pipeline_worker
+ whiptail_node_ls_pipeline_worker "$num_cpu_cores"
while ! valid_int "$LSPIPELINEWORKERS"; do
whiptail_invalid_input
- whiptail_node_ls_pipeline_worker
+ whiptail_node_ls_pipeline_worker "$LSPIPELINEWORKERS"
done
}
collect_oinkcode() {
whiptail_oinkcode
+
while ! valid_string "$OINKCODE" "" "128"; do #TODO: verify max length here
whiptail_invalid_input
- whiptail_oinkcode
+ whiptail_oinkcode "$OINKCODE"
done
}
@@ -627,7 +617,7 @@ collect_patch_schedule_name_new() {
while ! valid_string "$PATCHSCHEDULENAME"; do
whiptail_invalid_string "schedule name"
- whiptail_patch_name_new_schedule
+ whiptail_patch_name_new_schedule "$PATCHSCHEDULENAME"
done
}
@@ -636,25 +626,26 @@ collect_patch_schedule_name_import() {
while ! valid_string "$PATCHSCHEDULENAME"; do
whiptail_invalid_string "schedule name"
- whiptail_patch_schedule_import
+ whiptail_patch_schedule_import "$PATCHSCHEDULENAME"
done
}
collect_redirect_host() {
- whiptail_set_redirect_host
+ whiptail_set_redirect_host "$HOSTNAME"
while ! valid_ip4 "$REDIRECTHOST" && ! valid_hostname "$REDIRECTHOST" && ! valid_fqdn "$REDIRECTHOST"; do
whiptail_invalid_input
- whiptail_set_redirect_host
+ whiptail_set_redirect_host "$REDIRECTHOST"
done
}
collect_so_allow() {
if whiptail_so_allow_yesno; then
whiptail_so_allow
+
while ! valid_cidr "$ALLOW_CIDR" && ! valid_ip4 "$ALLOW_CIDR"; do
whiptail_invalid_input
- whiptail_so_allow
+ whiptail_so_allow "$ALLOW_CIDR"
done
fi
}
@@ -670,24 +661,21 @@ collect_soremote_inputs() {
}
collect_suri() {
- whiptail_basic_suri
+ whiptail_basic_suri "$PROCS"
while ! valid_int "$BASICSURI"; do
whiptail_invalid_input
- whiptail_basic_suri
+ whiptail_basic_suri "$BASICSURI"
done
}
+# Get an email & password for the web admin user
collect_webuser_inputs() {
- # Get a password for the web admin user
- local valid_user=no
- while [[ $valid_user != yes ]]; do
- whiptail_create_web_user
- if so-user valemail "$WEBUSER" >> "$setup_log" 2>&1; then
- valid_user=yes
- else
- whiptail_invalid_user_warning
- fi
+ whiptail_create_web_user
+
+ while ! so-user valemail "$WEBUSER" >> "$setup_log" 2>&1; do
+ whiptail_invalid_user_warning
+ whiptail_create_web_user "$WEBUSER"
done
WPMATCH=no
@@ -707,11 +695,11 @@ collect_webuser_inputs() {
}
collect_zeek() {
- whiptail_basic_zeek
+ whiptail_basic_zeek "$PROCS"
while ! valid_int "$BASICZEEK"; do
whiptail_invalid_input
- whiptail_basic_zeek
+ whiptail_basic_zeek "$BASICZEEK"
done
}
diff --git a/setup/so-setup b/setup/so-setup
index 91103d21a..021fd72ff 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -461,6 +461,12 @@ if [[ $is_sensor && ! $is_eval ]]; then
whiptail_suricata_pins
collect_mtu
else
+ if [[ $is_node && $is_sensor && ! $is_eval ]]; then
+ PROCS=$(( lb_procs / 2 ))
+ if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
+ else
+ PROCS=$lb_procs
+ fi
[[ $ZEEKVERSION == "ZEEK" ]] && collect_zeek
collect_suri
fi
@@ -857,8 +863,6 @@ if [[ -n $SO_ERROR ]]; then
else
echo "Successfully completed setup! Continuing with post-installation steps" >> $setup_log 2>&1
{
- [[ -n "$TESTING" ]] && logCmd so-test
-
export percentage=95 # set to last percentage used in previous subshell
if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then
set_progress_str 96 "Stopping SOC prior to adjusting firewall rules"
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 20627f13f..19139353f 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -31,16 +31,9 @@ whiptail_airgap() {
whiptail_basic_suri() {
[ -n "$TESTING" ] && return
-
- if [[ $is_node && $is_sensor && ! $is_eval ]]; then
- local PROCS=$(expr $lb_procs / 2)
- if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
- else
- local PROCS=$lb_procs
- fi
BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the number of Suricata processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3)
+ "Enter the number of Suricata processes:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -51,15 +44,8 @@ whiptail_basic_zeek() {
[ -n "$TESTING" ] && return
- if [[ $is_node && $is_sensor && ! $is_eval ]]; then
- local PROCS=$(expr $lb_procs / 2)
- if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
- else
- local PROCS=$lb_procs
- fi
-
BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the number of zeek processes:" 10 75 "$PROCS" 3>&1 1>&2 2>&3)
+ "Enter the number of zeek processes:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -71,7 +57,7 @@ whiptail_bond_nics_mtu() {
# Set the MTU on the monitor interface
MTU=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the MTU for the monitor NICs:" 10 75 1500 3>&1 1>&2 2>&3)
+ "Enter the MTU for the monitor NICs:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -117,7 +103,7 @@ whiptail_create_admin_user() {
[ -n "$TESTING" ] && return
ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
- "Please enter a username for a new system admin user: \nThe local onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
+ "Please enter a username for a new system admin user: \nThe local onion account will be disabled during this install" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -151,7 +137,7 @@ whiptail_create_fleet_node_user() {
[ -n "$TESTING" ] && return
FLEETNODEUSER=$(whiptail --title "Security Onion Install" --inputbox \
- "Please enter an email for use as the username for the Fleet admin user:" 10 60 3>&1 1>&2 2>&3)
+ "Please enter an email for use as the username for the Fleet admin user:" 10 60 "$1" 3>&1 1>&2 2>&3)
}
@@ -215,7 +201,7 @@ whiptail_create_web_user() {
[ -n "$TESTING" ] && return
WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \
- "Please enter an email address to create an administrator account for the web interface: \nThis will also be used for TheHive, Cortex, and Fleet." 10 60 3>&1 1>&2 2>&3)
+ "Please enter an email address to create an administrator account for the web interface: \nThis will also be used for TheHive, Cortex, and Fleet." 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -306,7 +292,7 @@ whiptail_cur_close_days() {
[ -n "$TESTING" ] && return
CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
- "Please specify the threshold (in days) at which Elasticsearch indices will be closed:" 10 75 $CURCLOSEDAYS 3>&1 1>&2 2>&3)
+ "Please specify the threshold (in days) at which Elasticsearch indices will be closed:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -385,7 +371,7 @@ whiptail_dockernet_net() {
[ -n "$TESTING" ] && return
DOCKERNET=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter a /24 size network range for docker to use WITHOUT the /24 notation: \nThis range will be used on ALL nodes \n(Default value is pre-populated.)" 10 75 172.17.0.0 3>&1 1>&2 2>&3)
+ "\nEnter a /24 size network range for docker to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -441,7 +427,7 @@ whiptail_fleet_custom_hostname() {
[ -n "$TESTING" ] && return
FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \
- "What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 3>&1 1>&2 2>&3)
+ "What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -477,7 +463,7 @@ whiptail_homenet_manager() {
[ -n "$TESTING" ] && return
HNMANAGER=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12" 3>&1 1>&2 2>&3)
+ "Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -495,7 +481,7 @@ whiptail_homenet_sensor() {
[ -n "$TESTING" ] && return
HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12" 3>&1 1>&2 2>&3)
+ "Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -635,7 +621,7 @@ whiptail_log_size_limit() {
log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox \
"Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage: \n\
- By default, this is set to 80% of the disk space allotted for /nsm." 10 75 "$log_size_limit" 3>&1 1>&2 2>&3)
+ By default, this is set to 80% of the disk space allotted for /nsm." 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -669,7 +655,7 @@ whiptail_management_interface_dns() {
[ -n "$TESTING" ] && return
MDNS=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your DNS servers separated by commas:" 10 60 "8.8.8.8,8.8.4.4" 3>&1 1>&2 2>&3)
+ "Enter your DNS servers separated by commas:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -681,7 +667,7 @@ whiptail_management_interface_dns_search() {
[ -n "$TESTING" ] && return
MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your DNS search domain:" 10 60 searchdomain.local 3>&1 1>&2 2>&3)
+ "Enter your DNS search domain:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -692,7 +678,7 @@ whiptail_management_interface_gateway() {
[ -n "$TESTING" ] && return
MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your gateway's IPv4 address:" 10 60 3>&1 1>&2 2>&3)
+ "Enter your gateway's IPv4 address:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -702,7 +688,7 @@ whiptail_management_interface_ip_mask() {
[ -n "$TESTING" ] && return
manager_ip_mask=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your IPv4 address with CIDR mask (e.g. 192.168.1.2/24):" 10 60 3>&1 1>&2 2>&3)
+ "Enter your IPv4 address with CIDR mask (e.g. 192.168.1.2/24):" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -802,13 +788,23 @@ whiptail_management_server() {
[ -n "$TESTING" ] && return
MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your Manager Server hostname: \nIt is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
+ "Enter your Manager Server hostname: \nIt is CASE SENSITIVE!" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
+whiptail_manager_ip() {
+ [ -n "$TESTING" ] && return
+
+ MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter your Manager Server IP Address:" 10 60 "$1" 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+}
+
# Ask if you want to do advanced setup of the Manager
whiptail_manager_adv() {
@@ -840,7 +836,7 @@ whiptail_manager_adv_escluster_name(){
[ -n "$TESTING" ] && return
ESCLUSTERNAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter a name for your ES cluster!" 10 75 securityonion 3>&1 1>&2 2>&3)
+ "Enter a name for your ES cluster!" 10 75 "$1" 3>&1 1>&2 2>&3)
}
# Ask which additional components to install
@@ -931,6 +927,12 @@ whiptail_manager_updates_warning() {
whiptail_check_exitstatus $exitstatus
}
+whiptail_manager_unreachable() {
+ [ -n "$TESTING" ] && return
+
+ whiptail --title "Security Onion Setup" --msgbox "Setup cannot determine if $1 is listening on port 22. Please check the address entered and try again." 7 75
+}
+
whiptail_metadata_tool() {
[ -n "$TESTING" ] && return
@@ -994,7 +996,7 @@ whiptail_node_es_heap() {
[ -n "$TESTING" ] && return
NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter ES heap size: \n \n(Recommended value is pre-populated)" 10 75 $ES_HEAP_SIZE 3>&1 1>&2 2>&3)
+ "Enter ES heap size:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1006,31 +1008,7 @@ whiptail_node_ls_heap() {
[ -n "$TESTING" ] && return
NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter Logstash heap size: \n \n(Recommended value is pre-populated)" 10 75 $LS_HEAP_SIZE 3>&1 1>&2 2>&3)
-
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
-
-}
-
-whiptail_node_ls_pipline_batchsize() {
-
- [ -n "$TESTING" ] && return
-
- LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter Logstash pipeline batch size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
-
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
-
-}
-
-whiptail_node_ls_pipeline_worker() {
-
- [ -n "$TESTING" ] && return
-
- LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter number of Logstash pipeline workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3)
+ "Enter Logstash heap size:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1042,19 +1020,44 @@ whiptail_node_ls_input_threads() {
[ -n "$TESTING" ] && return
LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter number of Logstash input threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)
+ "Enter number of Logstash input threads:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
+
+whiptail_node_ls_pipline_batchsize() {
+
+ [ -n "$TESTING" ] && return
+
+ LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter Logstash pipeline batch size:" 10 75 "$1" 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+}
+
+whiptail_node_ls_pipeline_worker() {
+
+ [ -n "$TESTING" ] && return
+
+ LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter number of Logstash pipeline workers:" 10 75 "$1" 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+}
+
whiptail_oinkcode() {
[ -n "$TESTING" ] && return
OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your ET Pro or oinkcode:" 10 75 XXXXXXX 3>&1 1>&2 2>&3)
+ "Enter your ET Pro or oinkcode:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1075,7 +1078,7 @@ whiptail_patch_name_new_schedule() {
[ -n "$TESTING" ] && return
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the manager under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
+ "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the manager under /opt/so/salt/patch/os/schedules/.yml" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1102,20 +1105,10 @@ whiptail_patch_schedule_import() {
unset PATCHSCHEDULENAME
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the name of the OS patch schedule you want to inherit: \nAvailable schedules can be found on the manager under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
+ "Enter the name of the OS patch schedule you want to inherit. \nAvailable schedules can be found on the manager under /opt/so/salt/patch/os/schedules/.yml" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
-
- while [[ -z "$PATCHSCHEDULENAME" ]]; do
- whiptail --title "Security Onion Setup" --msgbox "Please enter a name for the OS patch schedule you want to inherit." 8 75
- PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the name of the OS patch schedule you want to inherit: \nAvailable schedules can be found on the manager under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
-
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
- done
-
}
whiptail_patch_schedule_select_days() {
@@ -1274,7 +1267,7 @@ whiptail_set_hostname() {
[ -n "$TESTING" ] && return
HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
+ "Enter the hostname (not FQDN) you would like to set:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1298,7 +1291,7 @@ whiptail_set_redirect_host() {
[ -n "$TESTING" ] && return
REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the Hostname, IP, or FQDN you would like to use for the web interface:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
+ "Enter the Hostname, IP, or FQDN you would like to use for the web interface:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
@@ -1362,11 +1355,13 @@ whiptail_so_allow() {
ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \
--inputbox "Enter a single IP address or an IP range, in CIDR notation, to allow:" \
- 10 75 3>&1 1>&2 2>&3)
+ 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$?
export ALLOW_ROLE='a'
export ALLOW_CIDR
+
+ whiptail_check_exitstatus $exitstatus
}
whiptail_storage_requirements() {