mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-06-09 20:06:09 +02:00
Merge remote-tracking branch 'remotes/origin/dev' into feature/fleet-setup
This commit is contained in:
Josh Brower
@@ -21,6 +21,8 @@ address_type=DHCP
|
||||
ADMINUSER=onionuser
|
||||
ADMINPASS1=onionuser
|
||||
ADMINPASS2=onionuser
|
||||
ALLOW_CIDR=0.0.0.0/0
|
||||
ALLOW_ROLE=a
|
||||
BASICBRO=7
|
||||
BASICSURI=7
|
||||
# BLOGS=
|
||||
@@ -65,6 +67,7 @@ PLAYBOOK=1
|
||||
REDIRECTINFO=IP
|
||||
RULESETUP=ETOPEN
|
||||
# SHARDCOUNT=
|
||||
SKIP_REBOOT=1
|
||||
SOREMOTEPASS1=onionuser
|
||||
SOREMOTEPASS2=onionuser
|
||||
STRELKA=1
|
||||
|
||||
@@ -38,31 +38,3 @@ calculate_useable_cores() {
|
||||
if [ "$lb_procs_round" -lt 1 ]; then lb_procs=1; else lb_procs=$lb_procs_round; fi
|
||||
export lb_procs
|
||||
}
|
||||
|
||||
set_defaul_log_size() {
|
||||
local percentage
|
||||
|
||||
case $INSTALLTYPE in
|
||||
EVAL | HEAVYNODE)
|
||||
percentage=50
|
||||
;;
|
||||
*)
|
||||
percentage=80
|
||||
;;
|
||||
esac
|
||||
|
||||
local disk_dir="/"
|
||||
if [ -d /nsm ]; then
|
||||
disk_dir="/nsm"
|
||||
fi
|
||||
local disk_size_1k
|
||||
disk_size_1k=$(df $disk_dir | grep -v "^Filesystem" | awk '{print $2}')
|
||||
|
||||
local ratio="1048576"
|
||||
|
||||
local disk_size_gb
|
||||
disk_size_gb=$( echo "$disk_size_1k" "$ratio" | awk '{print($1/$2)}' )
|
||||
|
||||
log_size_limit=$( echo "$disk_size_gb" "$percentage" | awk '{printf("%.0f", $1 * ($2/100))}')
|
||||
export log_size_limit
|
||||
}
|
||||
|
||||
+118
-107
@@ -56,6 +56,19 @@ add_master_hostfile() {
|
||||
whiptail_check_exitstatus $exitstatus
|
||||
}
|
||||
|
||||
addtotab_generate_templates() {
|
||||
|
||||
local addtotab_path=$local_salt_dir/pillar/data
|
||||
|
||||
for i in evaltab mastersearchtab mastertab nodestab sensorstab; do
|
||||
printf '%s\n'\
|
||||
"$i:"\
|
||||
"" > "$addtotab_path"/$i.sls
|
||||
echo "Added $i Template"
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
# $5 => (optional) password variable
|
||||
so_add_user() {
|
||||
local username=$1
|
||||
@@ -116,16 +129,16 @@ add_web_user() {
|
||||
|
||||
# Create an secrets pillar so that passwords survive re-install
|
||||
secrets_pillar(){
|
||||
if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
|
||||
if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then
|
||||
echo "Creating Secrets Pillar" >> "$setup_log" 2>&1
|
||||
mkdir -p /opt/so/saltstack/pillar
|
||||
mkdir -p $local_salt_dir/pillar
|
||||
printf '%s\n'\
|
||||
"secrets:"\
|
||||
" mysql: $MYSQLPASS"\
|
||||
" playbook: $PLAYBOOKPASS"\
|
||||
" fleet: $FLEETPASS"\
|
||||
" fleet_jwt: $FLEETJWT"\
|
||||
" fleet_enroll-secret: False" > /opt/so/saltstack/pillar/secrets.sls
|
||||
" fleet_enroll-secret: False" > $local_salt_dir/pillar/secrets.sls
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -193,7 +206,7 @@ check_admin_pass() {
|
||||
check_pass_match "$ADMINPASS1" "$ADMINPASS2" "APMATCH"
|
||||
}
|
||||
|
||||
check_hive_init_then_reboot() {
|
||||
check_hive_init() {
|
||||
|
||||
wait_for_file /opt/so/state/thehive.txt 20 5
|
||||
local return_val=$?
|
||||
@@ -203,7 +216,6 @@ check_hive_init_then_reboot() {
|
||||
|
||||
docker stop so-thehive
|
||||
docker rm so-thehive
|
||||
shutdown -r now
|
||||
}
|
||||
|
||||
check_network_manager_conf() {
|
||||
@@ -261,7 +273,7 @@ clear_master() {
|
||||
{
|
||||
echo "Clearing old master key";
|
||||
rm -f /etc/salt/pki/minion/minion_master.pub;
|
||||
sytemctl -q restart salt-minion;
|
||||
systemctl -q restart salt-minion;
|
||||
} >> "$setup_log" 2>&1
|
||||
fi
|
||||
|
||||
@@ -355,10 +367,10 @@ configure_minion() {
|
||||
"mysql.host: '$MAINIP'"\
|
||||
"mysql.port: 3306"\
|
||||
"mysql.user: 'root'" >> "$minion_config"
|
||||
if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
|
||||
if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then
|
||||
echo "mysql.pass: '$MYSQLPASS'" >> "$minion_config"
|
||||
else
|
||||
OLDPASS=$(grep "mysql" /opt/so/saltstack/pillar/secrets.sls | awk '{print $2}')
|
||||
OLDPASS=$(grep "mysql" $local_salt_dir/pillar/secrets.sls | awk '{print $2}')
|
||||
echo "mysql.pass: '$OLDPASS'" >> "$minion_config"
|
||||
fi
|
||||
;;
|
||||
@@ -438,20 +450,20 @@ copy_master_config() {
|
||||
copy_minion_tmp_files() {
|
||||
case "$install_type" in
|
||||
'MASTER' | 'EVAL' | 'HELIXSENSOR' | 'MASTERSEARCH' | 'STANDALONE')
|
||||
echo "Copying pillar and salt files in $temp_install_dir to /opt/so/saltstack"
|
||||
cp -Rv "$temp_install_dir"/pillar/ /opt/so/saltstack/ >> "$setup_log" 2>&1
|
||||
echo "Copying pillar and salt files in $temp_install_dir to $local_salt_dir"
|
||||
cp -Rv "$temp_install_dir"/pillar/ $local_salt_dir/ >> "$setup_log" 2>&1
|
||||
if [ -d "$temp_install_dir"/salt ] ; then
|
||||
cp -Rv "$temp_install_dir"/salt/ /opt/so/saltstack/ >> "$setup_log" 2>&1
|
||||
cp -Rv "$temp_install_dir"/salt/ $local_salt_dir/ >> "$setup_log" 2>&1
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
{
|
||||
echo "scp pillar and salt files in $temp_install_dir to master /opt/so/saltstack";
|
||||
echo "scp pillar and salt files in $temp_install_dir to master $local_salt_dir";
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar;
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules;
|
||||
scp -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
|
||||
scp -prv -i /root/.ssh/so.key "$temp_install_dir"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules;
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/salt/master/files/add_minion.sh "$MINION_ID";
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/master/files/add_minion.sh "$MINION_ID";
|
||||
} >> "$setup_log" 2>&1
|
||||
;;
|
||||
esac
|
||||
@@ -469,6 +481,20 @@ copy_ssh_key() {
|
||||
ssh-copy-id -f -i /root/.ssh/so.key soremote@"$MSRV"
|
||||
}
|
||||
|
||||
create_local_directories() {
|
||||
echo "Creating local pillar and salt directories"
|
||||
PILLARSALTDIR=${SCRIPTDIR::-5}
|
||||
for i in "pillar" "salt"; do
|
||||
for d in `find $PILLARSALTDIR/$i -type d`; do
|
||||
suffixdir=${d//$PILLARSALTDIR/}
|
||||
if [ ! -d "$local_salt_dir/$suffixdir" ]; then
|
||||
mkdir -v "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1
|
||||
fi
|
||||
done
|
||||
chown -R socore:socore "$local_salt_dir/$i"
|
||||
done
|
||||
|
||||
}
|
||||
|
||||
create_sensor_bond() {
|
||||
echo "Setting up sensor bond" >> "$setup_log" 2>&1
|
||||
@@ -588,14 +614,18 @@ disable_misc_network_features() {
|
||||
filter_unused_nics
|
||||
if [ ${#filtered_nics[@]} -ne 0 ]; then
|
||||
for unused_nic in "${filtered_nics[@]}"; do
|
||||
# Disable DHCPv4/v6 and autoconnect
|
||||
nmcli con mod "$unused_nic" \
|
||||
ipv4.method disabled \
|
||||
ipv6.method ignore \
|
||||
connection.autoconnect "no" >> "$setup_log" 2>&1
|
||||
if [ -n "$unused_nic" ]; then
|
||||
echo "Disabling unused NIC: $unused_nic" >> "$setup_log" 2>&1
|
||||
|
||||
# Flush any existing IPs
|
||||
ip addr flush "$unused_nic" >> "$setup_log" 2>&1
|
||||
# Disable DHCPv4/v6 and autoconnect
|
||||
nmcli con mod "$unused_nic" \
|
||||
ipv4.method disabled \
|
||||
ipv6.method ignore \
|
||||
connection.autoconnect "no" >> "$setup_log" 2>&1
|
||||
|
||||
# Flush any existing IPs
|
||||
ip addr flush "$unused_nic" >> "$setup_log" 2>&1
|
||||
fi
|
||||
done
|
||||
fi
|
||||
# Disable IPv6
|
||||
@@ -612,9 +642,9 @@ docker_install() {
|
||||
{
|
||||
yum clean expire-cache;
|
||||
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
|
||||
yum -y install docker-ce-19.03.9-3.el7 containerd.io-1.2.6-3.el7;
|
||||
yum versionlock docker-ce-19.03.9-3.el7;
|
||||
yum versionlock containerd.io-1.2.6-3.el7
|
||||
yum -y install docker-ce-19.03.11-3.el7 containerd.io-1.2.13-3.2.el7;
|
||||
yum versionlock docker-ce-19.03.11-3.el7;
|
||||
yum versionlock containerd.io-1.2.13-3.2.el7
|
||||
} >> "$setup_log" 2>&1
|
||||
|
||||
else
|
||||
@@ -730,7 +760,7 @@ docker_seed_registry() {
|
||||
|
||||
fireeye_pillar() {
|
||||
|
||||
local fireeye_pillar_path=/opt/so/saltstack/pillar/fireeye
|
||||
local fireeye_pillar_path=$local_salt_dir/pillar/fireeye
|
||||
mkdir -p "$fireeye_pillar_path"
|
||||
|
||||
printf '%s\n'\
|
||||
@@ -744,7 +774,7 @@ fireeye_pillar() {
|
||||
# Generate Firewall Templates
|
||||
firewall_generate_templates() {
|
||||
|
||||
local firewall_pillar_path=/opt/so/saltstack/pillar/firewall
|
||||
local firewall_pillar_path=$local_salt_dir/pillar/firewall
|
||||
mkdir -p "$firewall_pillar_path"
|
||||
|
||||
for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoint search_nodes wazuh_endpoint
|
||||
@@ -808,7 +838,7 @@ get_minion_type() {
|
||||
'HELIXSENSOR')
|
||||
minion_type='helix'
|
||||
;;
|
||||
'*NODE')
|
||||
*'NODE')
|
||||
minion_type='node'
|
||||
;;
|
||||
esac
|
||||
@@ -897,7 +927,7 @@ master_pillar() {
|
||||
}
|
||||
|
||||
master_static() {
|
||||
local static_pillar="/opt/so/saltstack/pillar/static.sls"
|
||||
local static_pillar="$local_salt_dir/pillar/static.sls"
|
||||
|
||||
# Create a static file for global values
|
||||
printf '%s\n'\
|
||||
@@ -995,54 +1025,6 @@ node_pillar() {
|
||||
cat "$pillar_file" >> "$setup_log" 2>&1
|
||||
}
|
||||
|
||||
parse_options() {
|
||||
case "$1" in
|
||||
--turbo=*)
|
||||
local proxy
|
||||
proxy=$(echo "$1" | tr -d '"' | awk -F'--turbo=' '{print $2}')
|
||||
proxy_url="http://$proxy"
|
||||
TURBO="$proxy_url"
|
||||
;;
|
||||
--proxy=*)
|
||||
local proxy
|
||||
proxy=$(echo "$1" | tr -d '"' | awk -F'--proxy=' '{print $2}')
|
||||
|
||||
local proxy_protocol
|
||||
proxy_protocol=$(echo "$proxy" | awk 'match($0, /http|https/) { print substr($0, RSTART, RLENGTH) }')
|
||||
|
||||
if [[ ! $proxy_protocol =~ ^(http|https)$ ]]; then
|
||||
echo "Invalid proxy protocol"
|
||||
echo "Ignoring proxy"
|
||||
return
|
||||
fi
|
||||
|
||||
if [[ $2 == --proxy-user=* && $3 == --proxy-pass=* ]]; then
|
||||
local proxy_user
|
||||
local proxy_password
|
||||
proxy_user=$(echo "$2" | tr -d '"' | awk -F'--proxy-user=' '{print $2}')
|
||||
proxy_password=$(echo "$3" | tr -d '"' | awk -F'--proxy-pass=' '{print $2}')
|
||||
|
||||
local proxy_addr
|
||||
proxy_addr=$(echo "$proxy" | awk -F'http\:\/\/|https\:\/\/' '{print $2}')
|
||||
|
||||
export http_proxy="${proxy_protocol}://${proxy_user}:${proxy_password}@${proxy_addr}"
|
||||
|
||||
elif [[ (-z $2 || -z $3) && (-n $2 || -n $3) || ( -n $2 && -n $3 && ($2 != --proxy-user=* || $3 != --proxy-pass=*) ) ]]; then
|
||||
echo "Invalid options passed for proxy. Order is --proxy-user=<user> --proxy-pass=<password>"
|
||||
echo "Ignoring proxy"
|
||||
return
|
||||
|
||||
else
|
||||
export http_proxy="$proxy"
|
||||
fi
|
||||
|
||||
export {https,ftp,rsync,all}_proxy="$http_proxy"
|
||||
;;
|
||||
*)
|
||||
echo "Invalid option"
|
||||
esac
|
||||
}
|
||||
|
||||
patch_pillar() {
|
||||
|
||||
local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
|
||||
@@ -1276,7 +1258,7 @@ salt_checkin() {
|
||||
|
||||
# Run a salt command to generate the minion key
|
||||
salt_firstcheckin() {
|
||||
salt-call state.show_top >> /dev/null # send output to /dev/null because we don't actually care about the ouput
|
||||
salt-call state.show_top >> /dev/null 2>&1 # send output to /dev/null because we don't actually care about the ouput
|
||||
}
|
||||
|
||||
set_base_heapsizes() {
|
||||
@@ -1290,16 +1272,18 @@ set_main_ip() {
|
||||
|
||||
setup_salt_master_dirs() {
|
||||
# Create salt paster directories
|
||||
mkdir -p /opt/so/saltstack/salt
|
||||
mkdir -p /opt/so/saltstack/pillar
|
||||
mkdir -p $default_salt_dir/pillar
|
||||
mkdir -p $default_salt_dir/salt
|
||||
mkdir -p $local_salt_dir/pillar
|
||||
mkdir -p $local_salt_dir/salt
|
||||
|
||||
# Copy over the salt code and templates
|
||||
if [ "$setup_type" = 'iso' ]; then
|
||||
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* /opt/so/saltstack/pillar/ >> "$setup_log" 2>&1
|
||||
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* /opt/so/saltstack/salt/ >> "$setup_log" 2>&1
|
||||
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
|
||||
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
|
||||
else
|
||||
cp -R ../pillar/* /opt/so/saltstack/pillar/ >> "$setup_log" 2>&1
|
||||
cp -R ../salt/* /opt/so/saltstack/salt/ >> "$setup_log" 2>&1
|
||||
cp -R ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
|
||||
cp -R ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
|
||||
fi
|
||||
|
||||
echo "Chown the salt dirs on the master for socore" >> "$setup_log" 2>&1
|
||||
@@ -1372,6 +1356,33 @@ sensor_pillar() {
|
||||
cat "$pillar_file" >> "$setup_log" 2>&1
|
||||
}
|
||||
|
||||
set_default_log_size() {
|
||||
local percentage
|
||||
|
||||
case $INSTALLTYPE in
|
||||
EVAL | HEAVYNODE)
|
||||
percentage=50
|
||||
;;
|
||||
*)
|
||||
percentage=80
|
||||
;;
|
||||
esac
|
||||
|
||||
local disk_dir="/"
|
||||
if [ -d /nsm ]; then
|
||||
disk_dir="/nsm"
|
||||
fi
|
||||
local disk_size_1k
|
||||
disk_size_1k=$(df $disk_dir | grep -v "^Filesystem" | awk '{print $2}')
|
||||
|
||||
local ratio="1048576"
|
||||
|
||||
local disk_size_gb
|
||||
disk_size_gb=$( echo "$disk_size_1k" "$ratio" | awk '{print($1/$2)}' )
|
||||
|
||||
log_size_limit=$( echo "$disk_size_gb" "$percentage" | awk '{printf("%.0f", $1 * ($2/100))}')
|
||||
}
|
||||
|
||||
set_hostname() {
|
||||
|
||||
set_hostname_iso
|
||||
@@ -1399,49 +1410,49 @@ set_initial_firewall_policy() {
|
||||
|
||||
set_main_ip
|
||||
|
||||
if [ -f /opt/so/saltstack/pillar/data/addtotab.sh ]; then chmod +x /opt/so/saltstack/pillar/data/addtotab.sh; fi
|
||||
if [ -f /opt/so/saltstack/pillar/firewall/addfirewall.sh ]; then chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh; fi
|
||||
if [ -f $default_salt_dir/pillar/data/addtotab.sh ]; then chmod +x $default_salt_dir/pillar/data/addtotab.sh; fi
|
||||
if [ -f $default_salt_dir/pillar/firewall/addfirewall.sh ]; then chmod +x $default_salt_dir/pillar/firewall/addfirewall.sh; fi
|
||||
|
||||
case "$install_type" in
|
||||
'MASTER')
|
||||
printf " - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls /opt/so/saltstack/pillar/firewall/masterfw.sls
|
||||
/opt/so/saltstack/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
|
||||
printf " - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls $local_salt_dir/pillar/firewall/masterfw.sls
|
||||
$default_salt_dir/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
|
||||
;;
|
||||
'EVAL' | 'MASTERSEARCH')
|
||||
printf " - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls\
|
||||
/opt/so/saltstack/pillar/firewall/masterfw.sls\
|
||||
/opt/so/saltstack/pillar/firewall/forward_nodes.sls\
|
||||
/opt/so/saltstack/pillar/firewall/search_nodes.sls
|
||||
printf " - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls\
|
||||
$local_salt_dir/pillar/firewall/masterfw.sls\
|
||||
$local_salt_dir/pillar/firewall/forward_nodes.sls\
|
||||
$local_salt_dir/pillar/firewall/search_nodes.sls
|
||||
case "$install_type" in
|
||||
'EVAL')
|
||||
/opt/so/saltstack/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
|
||||
$default_salt_dir/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0 True
|
||||
;;
|
||||
'MASTERSEARCH')
|
||||
/opt/so/saltstack/pillar/data/addtotab.sh mastersearchtab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
|
||||
$default_salt_dir/pillar/data/addtotab.sh mastersearchtab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
'HELIXSENSOR')
|
||||
printf " - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls\
|
||||
/opt/so/saltstack/pillar/firewall/masterfw.sls\
|
||||
/opt/so/saltstack/pillar/firewall/forward_nodes.sls
|
||||
printf " - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls\
|
||||
$local_salt_dir/pillar/firewall/masterfw.sls\
|
||||
$local_salt_dir/pillar/firewall/forward_nodes.sls
|
||||
;;
|
||||
'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET')
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions "$MAINIP"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh minions "$MAINIP"
|
||||
case "$install_type" in
|
||||
'SENSOR')
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
|
||||
;;
|
||||
'SEARCHNODE')
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
|
||||
;;
|
||||
'HEAVYNODE')
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
|
||||
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
@@ -1519,9 +1530,9 @@ update_sudoers() {
|
||||
if ! grep -qE '^soremote\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers; then
|
||||
# Update Sudoers so that soremote can accept keys without a password
|
||||
echo "soremote ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers
|
||||
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers
|
||||
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers
|
||||
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/salt/master/files/add_minion.sh" | tee -a /etc/sudoers
|
||||
echo "soremote ALL=(ALL) NOPASSWD:$default_salt_dir/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers
|
||||
echo "soremote ALL=(ALL) NOPASSWD:$default_salt_dir/pillar/data/addtotab.sh" | tee -a /etc/sudoers
|
||||
echo "soremote ALL=(ALL) NOPASSWD:$default_salt_dir/salt/master/files/add_minion.sh" | tee -a /etc/sudoers
|
||||
else
|
||||
echo "User soremote already granted sudo privileges" >> "$setup_log" 2>&1
|
||||
fi
|
||||
|
||||
+55
-23
@@ -21,18 +21,40 @@ source ./so-common-functions
|
||||
source ./so-whiptail
|
||||
source ./so-variables
|
||||
|
||||
# Parse command line arguments
|
||||
setup_type=$1
|
||||
export setup_type
|
||||
|
||||
automation=$2
|
||||
|
||||
automated=no
|
||||
while [[ $# -gt 0 ]]; do
|
||||
arg="$1"
|
||||
shift
|
||||
case "$arg" in
|
||||
"--turbo="* )
|
||||
export TURBO="http://${arg#*=}";;
|
||||
"--proxy="* )
|
||||
export {http,https,ftp,rsync,all}_proxy="${arg#*=}";;
|
||||
"--allow-role="* )
|
||||
export ALLOW_ROLE="${arg#*=}";;
|
||||
"--allow-cidr="* )
|
||||
export ALLOW_CIDR="${arg#*=}";;
|
||||
"--skip-reboot" )
|
||||
export SKIP_REBOOT=1;;
|
||||
* )
|
||||
if [[ "$arg" == "--"* ]]; then
|
||||
echo "Invalid option"
|
||||
fi
|
||||
esac
|
||||
done
|
||||
|
||||
# Begin Installation pre-processing
|
||||
echo "---- Starting setup at $(date -u) ----" >> $setup_log 2>&1
|
||||
|
||||
automated=no
|
||||
function progress() {
|
||||
if [ $automated == no ]; then
|
||||
whiptail --title "Security Onion Install" --gauge 'Please wait while installing' 6 60 0
|
||||
else
|
||||
cat >> $setup_log 2>&1
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -41,7 +63,7 @@ if [[ -f automation/$automation && $(basename $automation) == $automation ]]; th
|
||||
source automation/$automation
|
||||
automated=yes
|
||||
|
||||
echo "Checking network configuration" >> $setup_log 2>&1g
|
||||
echo "Checking network configuration" >> $setup_log 2>&1
|
||||
ip a >> $setup_log 2>&1
|
||||
|
||||
attempt=1
|
||||
@@ -76,11 +98,6 @@ export PATH=$PATH:../salt/common/tools/sbin
|
||||
|
||||
got_root
|
||||
|
||||
if [[ $# -gt 1 ]]; then
|
||||
set -- "${@:2}"
|
||||
parse_options "$@" >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
detect_os
|
||||
|
||||
if [ "$OS" == ubuntu ]; then
|
||||
@@ -178,17 +195,21 @@ echo "MINION_ID = $MINION_ID" >> $setup_log 2>&1
|
||||
|
||||
minion_type=$(get_minion_type)
|
||||
|
||||
# Set any constants needed
|
||||
# Set any variables needed
|
||||
set_default_log_size >> $setup_log 2>&1
|
||||
|
||||
if [[ $is_helix ]]; then
|
||||
RULESETUP=ETOPEN
|
||||
NSMSETUP=BASIC
|
||||
HNSENSOR=inherit
|
||||
MASTERUPDATES=0
|
||||
fi
|
||||
|
||||
if [[ $is_helix || ( $is_master && $is_node ) ]]; then
|
||||
RULESETUP=ETOPEN
|
||||
NSMSETUP=BASIC
|
||||
fi
|
||||
|
||||
if [[ $is_master && $is_node ]]; then
|
||||
LSPIPELINEWORKERS=1
|
||||
LSPIPELINEBATCH=125
|
||||
@@ -197,6 +218,7 @@ if [[ $is_master && $is_node ]]; then
|
||||
NIDS=Suricata
|
||||
BROVERSION=ZEEK
|
||||
fi
|
||||
|
||||
if [[ $is_node ]]; then
|
||||
CURCLOSEDAYS=30
|
||||
fi
|
||||
@@ -339,22 +361,22 @@ fi
|
||||
# Set initial percentage to 0
|
||||
export percentage=0
|
||||
|
||||
set_progress_str 1 'Updating packages'
|
||||
if [[ $is_minion ]]; then
|
||||
set_progress_str 1 'Configuring firewall'
|
||||
set_initial_firewall_policy >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
set_progress_str 2 'Updating packages'
|
||||
update_packages >> $setup_log 2>&1
|
||||
|
||||
if [[ $is_sensor || $is_helix ]]; then
|
||||
set_progress_str 2 'Creating bond interface'
|
||||
set_progress_str 3 'Creating bond interface'
|
||||
create_sensor_bond >> $setup_log 2>&1
|
||||
|
||||
set_progress_str 3 'Generating sensor pillar'
|
||||
set_progress_str 4 'Generating sensor pillar'
|
||||
sensor_pillar >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
if [[ $is_minion ]]; then
|
||||
set_progress_str 4 'Configuring firewall'
|
||||
set_initial_firewall_policy >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
set_progress_str 5 'Installing Salt and dependencies'
|
||||
saltify 2>> $setup_log
|
||||
|
||||
@@ -370,6 +392,8 @@ fi
|
||||
|
||||
if [[ $is_master || $is_helix ]]; then
|
||||
set_progress_str 10 'Configuring Salt master'
|
||||
create_local_directories >> $setup_log 2>&1
|
||||
addtotab_generate_templates >> $setup_log 2>&1
|
||||
copy_master_config >> $setup_log 2>&1
|
||||
setup_salt_master_dirs >> $setup_log 2>&1
|
||||
firewall_generate_templates >> $setup_log 2>&1
|
||||
@@ -430,12 +454,15 @@ fi
|
||||
salt-call state.apply -l info registry >> $setup_log 2>&1
|
||||
docker_seed_registry 2>> "$setup_log" # ~ 60% when finished
|
||||
|
||||
set_progress_str 61 "$(print_salt_state_apply 'master')"
|
||||
set_progress_str 60 "$(print_salt_state_apply 'master')"
|
||||
salt-call state.apply -l info master >> $setup_log 2>&1
|
||||
|
||||
set_progress_str 62 "$(print_salt_state_apply 'idstools')"
|
||||
set_progress_str 61 "$(print_salt_state_apply 'idstools')"
|
||||
salt-call state.apply -l info idstools >> $setup_log 2>&1
|
||||
|
||||
set_progress_str 61 "$(print_salt_state_apply 'suricata.master')"
|
||||
salt-call state.apply -l info suricata.master >> $setup_log 2>&1
|
||||
|
||||
fi
|
||||
|
||||
set_progress_str 62 "$(print_salt_state_apply 'firewall')"
|
||||
@@ -566,12 +593,17 @@ fi
|
||||
success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
|
||||
if [[ "$success" = 0 ]]; then
|
||||
whiptail_setup_complete
|
||||
if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then
|
||||
export IP=$ALLOW_CIDR
|
||||
so-allow -$ALLOW_ROLE >> $setup_log 2>&1
|
||||
fi
|
||||
if [[ $THEHIVE == 1 ]]; then
|
||||
check_hive_init_then_reboot
|
||||
else
|
||||
shutdown -r now
|
||||
check_hive_init
|
||||
fi
|
||||
else
|
||||
whiptail_setup_failed
|
||||
fi
|
||||
|
||||
if [[ -z $SKIP_REBOOT ]]; then
|
||||
shutdown -r now
|
||||
fi
|
||||
|
||||
@@ -34,3 +34,8 @@ export temp_install_dir=/root/installtmp
|
||||
export percentage_str='Getting started'
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
export default_salt_dir=/opt/so/saltstack/default
|
||||
export local_salt_dir=/opt/so/saltstack/local
|
||||
|
||||
export SCRIPTDIR=$(cd `dirname $0` && pwd)
|
||||
|
||||
+2
-3
@@ -24,7 +24,7 @@ whiptail_basic_bro() {
|
||||
[ -n "$TESTING" ] && return
|
||||
|
||||
BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \
|
||||
"Enter the number of bro processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
|
||||
"Enter the number of zeek processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
|
||||
|
||||
local exitstatus=$?
|
||||
whiptail_check_exitstatus $exitstatus
|
||||
@@ -51,7 +51,7 @@ whiptail_bro_pins() {
|
||||
cpu_core_list_whiptail+=("$item" "OFF")
|
||||
done
|
||||
|
||||
BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please select $lb_procs cores to pin Bro to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
|
||||
BROPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $lb_procs cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
|
||||
local exitstatus=$?
|
||||
whiptail_check_exitstatus $exitstatus
|
||||
|
||||
@@ -458,7 +458,6 @@ whiptail_log_size_limit() {
|
||||
|
||||
[ -n "$TESTING" ] && return
|
||||
|
||||
set_defaul_log_size
|
||||
|
||||
log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox \
|
||||
"Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \
|
||||
|
||||
Reference in New Issue
Block a user