CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-09 10:42:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into feature/fleet-setup

Browse Source
This commit is contained in:
Josh Brower
2020-06-08 08:30:37 -04:00
parent 950d4077f6 88219c4827
commit 3f3990ac83
87 changed files with 1632 additions and 2435 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
setup/automation/pm_standalone_defaults
View File

@@ -21,6 +21,8 @@ address_type=DHCP
ADMINUSER=onionuser
ADMINPASS1=onionuser
ADMINPASS2=onionuser
ALLOW_CIDR=0.0.0.0/0
ALLOW_ROLE=a
BASICBRO=7
BASICSURI=7
# BLOGS=
@@ -65,6 +67,7 @@ PLAYBOOK=1
REDIRECTINFO=IP
RULESETUP=ETOPEN
# SHARDCOUNT=
SKIP_REBOOT=1
SOREMOTEPASS1=onionuser
SOREMOTEPASS2=onionuser
STRELKA=1

28
setup/so-common-functions
View File

@@ -38,31 +38,3 @@ calculate_useable_cores() {
if [ "$lb_procs_round" -lt 1 ]; then lb_procs=1; else lb_procs=$lb_procs_round; fi
export lb_procs
}
set_defaul_log_size() {
local percentage
case $INSTALLTYPE in
EVAL | HEAVYNODE)
percentage=50
;;
*)
percentage=80
;;
esac
local disk_dir="/"
if [ -d /nsm ]; then
disk_dir="/nsm"
fi
local disk_size_1k
disk_size_1k=$(df $disk_dir | grep -v "^Filesystem" | awk '{print $2}')
local ratio="1048576"
local disk_size_gb
disk_size_gb=$( echo "$disk_size_1k" "$ratio" | awk '{print($1/$2)}' )
log_size_limit=$( echo "$disk_size_gb" "$percentage" | awk '{printf("%.0f", $1 * ($2/100))}')
export log_size_limit
}

225
setup/so-functions
View File

@@ -56,6 +56,19 @@ add_master_hostfile() {
whiptail_check_exitstatus $exitstatus
}
addtotab_generate_templates() {
local addtotab_path=$local_salt_dir/pillar/data
for i in evaltab mastersearchtab mastertab nodestab sensorstab; do
printf '%s\n'\
"$i:"\
"" > "$addtotab_path"/$i.sls
echo "Added $i Template"
done
}
# $5 => (optional) password variable
so_add_user() {
local username=$1
@@ -116,16 +129,16 @@ add_web_user() {
# Create an secrets pillar so that passwords survive re-install
secrets_pillar(){
if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then
echo "Creating Secrets Pillar" >> "$setup_log" 2>&1
mkdir -p /opt/so/saltstack/pillar
mkdir -p $local_salt_dir/pillar
printf '%s\n'\
"secrets:"\
" mysql: $MYSQLPASS"\
" playbook: $PLAYBOOKPASS"\
" fleet: $FLEETPASS"\
" fleet_jwt: $FLEETJWT"\
" fleet_enroll-secret: False" > /opt/so/saltstack/pillar/secrets.sls
" fleet_enroll-secret: False" > $local_salt_dir/pillar/secrets.sls
fi
}
@@ -193,7 +206,7 @@ check_admin_pass() {
check_pass_match "$ADMINPASS1" "$ADMINPASS2" "APMATCH"
}
check_hive_init_then_reboot() {
check_hive_init() {
wait_for_file /opt/so/state/thehive.txt 20 5
local return_val=$?
@@ -203,7 +216,6 @@ check_hive_init_then_reboot() {
docker stop so-thehive
docker rm so-thehive
shutdown -r now
}
check_network_manager_conf() {
@@ -261,7 +273,7 @@ clear_master() {
{
echo "Clearing old master key";
rm -f /etc/salt/pki/minion/minion_master.pub;
sytemctl -q restart salt-minion;
systemctl -q restart salt-minion;
} >> "$setup_log" 2>&1
fi
@@ -355,10 +367,10 @@ configure_minion() {
"mysql.host: '$MAINIP'"\
"mysql.port: 3306"\
"mysql.user: 'root'" >> "$minion_config"
if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then
echo "mysql.pass: '$MYSQLPASS'" >> "$minion_config"
else
OLDPASS=$(grep "mysql" /opt/so/saltstack/pillar/secrets.sls | awk '{print $2}')
OLDPASS=$(grep "mysql" $local_salt_dir/pillar/secrets.sls | awk '{print $2}')
echo "mysql.pass: '$OLDPASS'" >> "$minion_config"
fi
;;
@@ -438,20 +450,20 @@ copy_master_config() {
copy_minion_tmp_files() {
case "$install_type" in
'MASTER' | 'EVAL' | 'HELIXSENSOR' | 'MASTERSEARCH' | 'STANDALONE')
echo "Copying pillar and salt files in $temp_install_dir to /opt/so/saltstack"
cp -Rv "$temp_install_dir"/pillar/ /opt/so/saltstack/ >> "$setup_log" 2>&1
echo "Copying pillar and salt files in $temp_install_dir to $local_salt_dir"
cp -Rv "$temp_install_dir"/pillar/ $local_salt_dir/ >> "$setup_log" 2>&1
if [ -d "$temp_install_dir"/salt ] ; then
cp -Rv "$temp_install_dir"/salt/ /opt/so/saltstack/ >> "$setup_log" 2>&1
cp -Rv "$temp_install_dir"/salt/ $local_salt_dir/ >> "$setup_log" 2>&1
fi
;;
*)
{
echo "scp pillar and salt files in $temp_install_dir to master /opt/so/saltstack";
echo "scp pillar and salt files in $temp_install_dir to master $local_salt_dir";
ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar;
ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules;
scp -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
scp -prv -i /root/.ssh/so.key "$temp_install_dir"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules;
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/salt/master/files/add_minion.sh "$MINION_ID";
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/master/files/add_minion.sh "$MINION_ID";
} >> "$setup_log" 2>&1
;;
esac
@@ -469,6 +481,20 @@ copy_ssh_key() {
ssh-copy-id -f -i /root/.ssh/so.key soremote@"$MSRV"
}
create_local_directories() {
echo "Creating local pillar and salt directories"
PILLARSALTDIR=${SCRIPTDIR::-5}
for i in "pillar" "salt"; do
for d in `find $PILLARSALTDIR/$i -type d`; do
suffixdir=${d//$PILLARSALTDIR/}
if [ ! -d "$local_salt_dir/$suffixdir" ]; then
mkdir -v "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1
fi
done
chown -R socore:socore "$local_salt_dir/$i"
done
}
create_sensor_bond() {
echo "Setting up sensor bond" >> "$setup_log" 2>&1
@@ -588,14 +614,18 @@ disable_misc_network_features() {
filter_unused_nics
if [ ${#filtered_nics[@]} -ne 0 ]; then
for unused_nic in "${filtered_nics[@]}"; do
# Disable DHCPv4/v6 and autoconnect
nmcli con mod "$unused_nic" \
ipv4.method disabled \
ipv6.method ignore \
connection.autoconnect "no" >> "$setup_log" 2>&1
if [ -n "$unused_nic" ]; then
echo "Disabling unused NIC: $unused_nic" >> "$setup_log" 2>&1
# Flush any existing IPs
ip addr flush "$unused_nic" >> "$setup_log" 2>&1
# Disable DHCPv4/v6 and autoconnect
nmcli con mod "$unused_nic" \
ipv4.method disabled \
ipv6.method ignore \
connection.autoconnect "no" >> "$setup_log" 2>&1
# Flush any existing IPs
ip addr flush "$unused_nic" >> "$setup_log" 2>&1
fi
done
fi
# Disable IPv6
@@ -612,9 +642,9 @@ docker_install() {
{
yum clean expire-cache;
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
yum -y install docker-ce-19.03.9-3.el7 containerd.io-1.2.6-3.el7;
yum versionlock docker-ce-19.03.9-3.el7;
yum versionlock containerd.io-1.2.6-3.el7
yum -y install docker-ce-19.03.11-3.el7 containerd.io-1.2.13-3.2.el7;
yum versionlock docker-ce-19.03.11-3.el7;
yum versionlock containerd.io-1.2.13-3.2.el7
} >> "$setup_log" 2>&1
else
@@ -730,7 +760,7 @@ docker_seed_registry() {
fireeye_pillar() {
local fireeye_pillar_path=/opt/so/saltstack/pillar/fireeye
local fireeye_pillar_path=$local_salt_dir/pillar/fireeye
mkdir -p "$fireeye_pillar_path"
printf '%s\n'\
@@ -744,7 +774,7 @@ fireeye_pillar() {
# Generate Firewall Templates
firewall_generate_templates() {
local firewall_pillar_path=/opt/so/saltstack/pillar/firewall
local firewall_pillar_path=$local_salt_dir/pillar/firewall
mkdir -p "$firewall_pillar_path"
for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoint search_nodes wazuh_endpoint
@@ -808,7 +838,7 @@ get_minion_type() {
'HELIXSENSOR')
minion_type='helix'
;;
'*NODE')
*'NODE')
minion_type='node'
;;
esac
@@ -897,7 +927,7 @@ master_pillar() {
}
master_static() {
local static_pillar="/opt/so/saltstack/pillar/static.sls"
local static_pillar="$local_salt_dir/pillar/static.sls"
# Create a static file for global values
printf '%s\n'\
@@ -995,54 +1025,6 @@ node_pillar() {
cat "$pillar_file" >> "$setup_log" 2>&1
}
parse_options() {
case "$1" in
--turbo=*)
local proxy
proxy=$(echo "$1" | tr -d '"' | awk -F'--turbo=' '{print $2}')
proxy_url="http://$proxy"
TURBO="$proxy_url"
;;
--proxy=*)
local proxy
proxy=$(echo "$1" | tr -d '"' | awk -F'--proxy=' '{print $2}')
local proxy_protocol
proxy_protocol=$(echo "$proxy" | awk 'match($0, /http|https/) { print substr($0, RSTART, RLENGTH) }')
if [[ ! $proxy_protocol =~ ^(http|https)$ ]]; then
echo "Invalid proxy protocol"
echo "Ignoring proxy"
return
fi
if [[ $2 == --proxy-user=* && $3 == --proxy-pass=* ]]; then
local proxy_user
local proxy_password
proxy_user=$(echo "$2" | tr -d '"' | awk -F'--proxy-user=' '{print $2}')
proxy_password=$(echo "$3" | tr -d '"' | awk -F'--proxy-pass=' '{print $2}')
local proxy_addr
proxy_addr=$(echo "$proxy" | awk -F'http\:\/\/|https\:\/\/' '{print $2}')
export http_proxy="${proxy_protocol}://${proxy_user}:${proxy_password}@${proxy_addr}"
elif [[ (-z $2 || -z $3) && (-n $2 || -n $3) || ( -n $2 && -n $3 && ($2 != --proxy-user=* || $3 != --proxy-pass=*) ) ]]; then
echo "Invalid options passed for proxy. Order is --proxy-user=<user> --proxy-pass=<password>"
echo "Ignoring proxy"
return
else
export http_proxy="$proxy"
fi
export {https,ftp,rsync,all}_proxy="$http_proxy"
;;
*)
echo "Invalid option"
esac
}
patch_pillar() {
local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
@@ -1276,7 +1258,7 @@ salt_checkin() {
# Run a salt command to generate the minion key
salt_firstcheckin() {
salt-call state.show_top >> /dev/null # send output to /dev/null because we don't actually care about the ouput
salt-call state.show_top >> /dev/null 2>&1 # send output to /dev/null because we don't actually care about the ouput
}
set_base_heapsizes() {
@@ -1290,16 +1272,18 @@ set_main_ip() {
setup_salt_master_dirs() {
# Create salt paster directories
mkdir -p /opt/so/saltstack/salt
mkdir -p /opt/so/saltstack/pillar
mkdir -p $default_salt_dir/pillar
mkdir -p $default_salt_dir/salt
mkdir -p $local_salt_dir/pillar
mkdir -p $local_salt_dir/salt
# Copy over the salt code and templates
if [ "$setup_type" = 'iso' ]; then
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* /opt/so/saltstack/pillar/ >> "$setup_log" 2>&1
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* /opt/so/saltstack/salt/ >> "$setup_log" 2>&1
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
else
cp -R ../pillar/* /opt/so/saltstack/pillar/ >> "$setup_log" 2>&1
cp -R ../salt/* /opt/so/saltstack/salt/ >> "$setup_log" 2>&1
cp -R ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
cp -R ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
fi
echo "Chown the salt dirs on the master for socore" >> "$setup_log" 2>&1
@@ -1372,6 +1356,33 @@ sensor_pillar() {
cat "$pillar_file" >> "$setup_log" 2>&1
}
set_default_log_size() {
local percentage
case $INSTALLTYPE in
EVAL | HEAVYNODE)
percentage=50
;;
*)
percentage=80
;;
esac
local disk_dir="/"
if [ -d /nsm ]; then
disk_dir="/nsm"
fi
local disk_size_1k
disk_size_1k=$(df $disk_dir | grep -v "^Filesystem" | awk '{print $2}')
local ratio="1048576"
local disk_size_gb
disk_size_gb=$( echo "$disk_size_1k" "$ratio" | awk '{print($1/$2)}' )
log_size_limit=$( echo "$disk_size_gb" "$percentage" | awk '{printf("%.0f", $1 * ($2/100))}')
}
set_hostname() {
set_hostname_iso
@@ -1399,49 +1410,49 @@ set_initial_firewall_policy() {
set_main_ip
if [ -f /opt/so/saltstack/pillar/data/addtotab.sh ]; then chmod +x /opt/so/saltstack/pillar/data/addtotab.sh; fi
if [ -f /opt/so/saltstack/pillar/firewall/addfirewall.sh ]; then chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh; fi
if [ -f $default_salt_dir/pillar/data/addtotab.sh ]; then chmod +x $default_salt_dir/pillar/data/addtotab.sh; fi
if [ -f $default_salt_dir/pillar/firewall/addfirewall.sh ]; then chmod +x $default_salt_dir/pillar/firewall/addfirewall.sh; fi
case "$install_type" in
'MASTER')
printf " - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls /opt/so/saltstack/pillar/firewall/masterfw.sls
/opt/so/saltstack/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
printf " - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls $local_salt_dir/pillar/firewall/masterfw.sls
$default_salt_dir/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
;;
'EVAL' | 'MASTERSEARCH')
printf " - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls\
/opt/so/saltstack/pillar/firewall/masterfw.sls\
/opt/so/saltstack/pillar/firewall/forward_nodes.sls\
/opt/so/saltstack/pillar/firewall/search_nodes.sls
printf " - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls\
$local_salt_dir/pillar/firewall/masterfw.sls\
$local_salt_dir/pillar/firewall/forward_nodes.sls\
$local_salt_dir/pillar/firewall/search_nodes.sls
case "$install_type" in
'EVAL')
/opt/so/saltstack/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
$default_salt_dir/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0 True
;;
'MASTERSEARCH')
/opt/so/saltstack/pillar/data/addtotab.sh mastersearchtab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
$default_salt_dir/pillar/data/addtotab.sh mastersearchtab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
;;
esac
;;
'HELIXSENSOR')
printf " - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls\
/opt/so/saltstack/pillar/firewall/masterfw.sls\
/opt/so/saltstack/pillar/firewall/forward_nodes.sls
printf " - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls\
$local_salt_dir/pillar/firewall/masterfw.sls\
$local_salt_dir/pillar/firewall/forward_nodes.sls
;;
'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh minions "$MAINIP"
case "$install_type" in
'SENSOR')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
;;
'SEARCHNODE')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
;;
'HEAVYNODE')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
;;
esac
;;
@@ -1519,9 +1530,9 @@ update_sudoers() {
if ! grep -qE '^soremote\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers; then
# Update Sudoers so that soremote can accept keys without a password
echo "soremote ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/salt/master/files/add_minion.sh" | tee -a /etc/sudoers
echo "soremote ALL=(ALL) NOPASSWD:$default_salt_dir/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers
echo "soremote ALL=(ALL) NOPASSWD:$default_salt_dir/pillar/data/addtotab.sh" | tee -a /etc/sudoers
echo "soremote ALL=(ALL) NOPASSWD:$default_salt_dir/salt/master/files/add_minion.sh" | tee -a /etc/sudoers
else
echo "User soremote already granted sudo privileges" >> "$setup_log" 2>&1
fi

78
setup/so-setup
View File

@@ -21,18 +21,40 @@ source ./so-common-functions
source ./so-whiptail
source ./so-variables
# Parse command line arguments
setup_type=$1
export setup_type
automation=$2
automated=no
while [[ $# -gt 0 ]]; do
arg="$1"
shift
case "$arg" in
"--turbo="* )
export TURBO="http://${arg#*=}";;
"--proxy="* )
export {http,https,ftp,rsync,all}_proxy="${arg#*=}";;
"--allow-role="* )
export ALLOW_ROLE="${arg#*=}";;
"--allow-cidr="* )
export ALLOW_CIDR="${arg#*=}";;
"--skip-reboot" )
export SKIP_REBOOT=1;;
* )
if [[ "$arg" == "--"* ]]; then
echo "Invalid option"
fi
esac
done
# Begin Installation pre-processing
echo "---- Starting setup at $(date -u) ----" >> $setup_log 2>&1
automated=no
function progress() {
if [ $automated == no ]; then
whiptail --title "Security Onion Install" --gauge 'Please wait while installing' 6 60 0
else
cat >> $setup_log 2>&1
fi
}
@@ -41,7 +63,7 @@ if [[ -f automation/$automation && $(basename $automation) == $automation ]]; th
source automation/$automation
automated=yes
echo "Checking network configuration" >> $setup_log 2>&1g
echo "Checking network configuration" >> $setup_log 2>&1
ip a >> $setup_log 2>&1
attempt=1
@@ -76,11 +98,6 @@ export PATH=$PATH:../salt/common/tools/sbin
got_root
if [[ $# -gt 1 ]]; then
set -- "${@:2}"
parse_options "$@" >> $setup_log 2>&1
fi
detect_os
if [ "$OS" == ubuntu ]; then
@@ -178,17 +195,21 @@ echo "MINION_ID = $MINION_ID" >> $setup_log 2>&1
minion_type=$(get_minion_type)
# Set any constants needed
# Set any variables needed
set_default_log_size >> $setup_log 2>&1
if [[ $is_helix ]]; then
RULESETUP=ETOPEN
NSMSETUP=BASIC
HNSENSOR=inherit
MASTERUPDATES=0
fi
if [[ $is_helix || ( $is_master && $is_node ) ]]; then
RULESETUP=ETOPEN
NSMSETUP=BASIC
fi
if [[ $is_master && $is_node ]]; then
LSPIPELINEWORKERS=1
LSPIPELINEBATCH=125
@@ -197,6 +218,7 @@ if [[ $is_master && $is_node ]]; then
NIDS=Suricata
BROVERSION=ZEEK
fi
if [[ $is_node ]]; then
CURCLOSEDAYS=30
fi
@@ -339,22 +361,22 @@ fi
# Set initial percentage to 0
export percentage=0
set_progress_str 1 'Updating packages'
if [[ $is_minion ]]; then
set_progress_str 1 'Configuring firewall'
set_initial_firewall_policy >> $setup_log 2>&1
fi
set_progress_str 2 'Updating packages'
update_packages >> $setup_log 2>&1
if [[ $is_sensor || $is_helix ]]; then
set_progress_str 2 'Creating bond interface'
set_progress_str 3 'Creating bond interface'
create_sensor_bond >> $setup_log 2>&1
set_progress_str 3 'Generating sensor pillar'
set_progress_str 4 'Generating sensor pillar'
sensor_pillar >> $setup_log 2>&1
fi
if [[ $is_minion ]]; then
set_progress_str 4 'Configuring firewall'
set_initial_firewall_policy >> $setup_log 2>&1
fi
set_progress_str 5 'Installing Salt and dependencies'
saltify 2>> $setup_log
@@ -370,6 +392,8 @@ fi
if [[ $is_master || $is_helix ]]; then
set_progress_str 10 'Configuring Salt master'
create_local_directories >> $setup_log 2>&1
addtotab_generate_templates >> $setup_log 2>&1
copy_master_config >> $setup_log 2>&1
setup_salt_master_dirs >> $setup_log 2>&1
firewall_generate_templates >> $setup_log 2>&1
@@ -430,12 +454,15 @@ fi
salt-call state.apply -l info registry >> $setup_log 2>&1
docker_seed_registry 2>> "$setup_log" # ~ 60% when finished
set_progress_str 61 "$(print_salt_state_apply 'master')"
set_progress_str 60 "$(print_salt_state_apply 'master')"
salt-call state.apply -l info master >> $setup_log 2>&1
set_progress_str 62 "$(print_salt_state_apply 'idstools')"
set_progress_str 61 "$(print_salt_state_apply 'idstools')"
salt-call state.apply -l info idstools >> $setup_log 2>&1
set_progress_str 61 "$(print_salt_state_apply 'suricata.master')"
salt-call state.apply -l info suricata.master >> $setup_log 2>&1
fi
set_progress_str 62 "$(print_salt_state_apply 'firewall')"
@@ -566,12 +593,17 @@ fi
success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
if [[ "$success" = 0 ]]; then
whiptail_setup_complete
if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then
export IP=$ALLOW_CIDR
so-allow -$ALLOW_ROLE >> $setup_log 2>&1
fi
if [[ $THEHIVE == 1 ]]; then
check_hive_init_then_reboot
else
shutdown -r now
check_hive_init
fi
else
whiptail_setup_failed
fi
if [[ -z $SKIP_REBOOT ]]; then
shutdown -r now
fi

5
setup/so-variables
View File

@@ -34,3 +34,8 @@ export temp_install_dir=/root/installtmp
export percentage_str='Getting started'
export DEBIAN_FRONTEND=noninteractive
export default_salt_dir=/opt/so/saltstack/default
export local_salt_dir=/opt/so/saltstack/local
export SCRIPTDIR=$(cd `dirname $0` && pwd)

5
setup/so-whiptail
View File

@@ -24,7 +24,7 @@ whiptail_basic_bro() {
[ -n "$TESTING" ] && return
BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the number of bro processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
"Enter the number of zeek processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -51,7 +51,7 @@ whiptail_bro_pins() {
cpu_core_list_whiptail+=("$item" "OFF")
done
BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please select $lb_procs cores to pin Bro to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
BROPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $lb_procs cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -458,7 +458,6 @@ whiptail_log_size_limit() {
[ -n "$TESTING" ] && return
set_defaul_log_size
log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox \
"Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \