Merge remote-tracking branch 'remotes/origin/dev' into feature/fleet-setup

2025-12-06 09:12:45 +01:00 · 2020-06-08 08:30:37 -04:00
parent 950d4077f6 88219c4827
commit 3f3990ac83
87 changed files with 1632 additions and 2435 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -56,6 +56,19 @@ add_master_hostfile() {
 	whiptail_check_exitstatus $exitstatus
 }

+addtotab_generate_templates() {
+
+	local addtotab_path=$local_salt_dir/pillar/data
+
+	for i in evaltab mastersearchtab mastertab nodestab sensorstab; do
+		printf '%s\n'\
+		"$i:"\
+		"" > "$addtotab_path"/$i.sls
+		echo "Added $i Template"
+	done
+
+}
+
 # $5 => (optional) password variable
 so_add_user() {
 	local username=$1
@@ -116,16 +129,16 @@ add_web_user() {

 # Create an secrets pillar so that passwords survive re-install
 secrets_pillar(){
-  if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
+  if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then
 	echo "Creating Secrets Pillar" >> "$setup_log" 2>&1
-	mkdir -p /opt/so/saltstack/pillar
+	mkdir -p $local_salt_dir/pillar
 	printf '%s\n'\
 		"secrets:"\
 		"  mysql: $MYSQLPASS"\
 		"  playbook: $PLAYBOOKPASS"\
 		"  fleet: $FLEETPASS"\
 		"  fleet_jwt: $FLEETJWT"\
-		"  fleet_enroll-secret: False" > /opt/so/saltstack/pillar/secrets.sls
+		"  fleet_enroll-secret: False" > $local_salt_dir/pillar/secrets.sls
  fi
 }

@@ -193,7 +206,7 @@ check_admin_pass() {
 	check_pass_match "$ADMINPASS1" "$ADMINPASS2" "APMATCH"
 }

-check_hive_init_then_reboot() {
+check_hive_init() {

 	wait_for_file /opt/so/state/thehive.txt 20 5
 	local return_val=$?
@@ -203,7 +216,6 @@ check_hive_init_then_reboot() {

 	docker stop so-thehive
 	docker rm so-thehive
-	shutdown -r now
 }

 check_network_manager_conf() {
@@ -261,7 +273,7 @@ clear_master() {
 		{
 			echo "Clearing old master key";
 			rm -f /etc/salt/pki/minion/minion_master.pub;
-			sytemctl -q restart salt-minion;
+			systemctl -q restart salt-minion;
 		} >> "$setup_log" 2>&1
 	fi

@@ -355,10 +367,10 @@ configure_minion() {
 				"mysql.host: '$MAINIP'"\
 				"mysql.port: 3306"\
 				"mysql.user: 'root'" >> "$minion_config"
-			if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
+			if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then
 				echo "mysql.pass: '$MYSQLPASS'" >> "$minion_config"
 			else
-				OLDPASS=$(grep "mysql" /opt/so/saltstack/pillar/secrets.sls | awk '{print $2}')
+				OLDPASS=$(grep "mysql" $local_salt_dir/pillar/secrets.sls | awk '{print $2}')
 				echo "mysql.pass: '$OLDPASS'" >> "$minion_config"
 			fi
 			;;
@@ -438,20 +450,20 @@ copy_master_config() {
 copy_minion_tmp_files() {
 	case "$install_type" in
 		'MASTER' | 'EVAL' | 'HELIXSENSOR' | 'MASTERSEARCH' | 'STANDALONE')
-			echo "Copying pillar and salt files in $temp_install_dir to /opt/so/saltstack"
-			cp -Rv "$temp_install_dir"/pillar/ /opt/so/saltstack/ >> "$setup_log" 2>&1
+			echo "Copying pillar and salt files in $temp_install_dir to $local_salt_dir"
+			cp -Rv "$temp_install_dir"/pillar/ $local_salt_dir/ >> "$setup_log" 2>&1
 			if [ -d "$temp_install_dir"/salt ] ; then
-				cp -Rv "$temp_install_dir"/salt/ /opt/so/saltstack/ >> "$setup_log" 2>&1
+				cp -Rv "$temp_install_dir"/salt/ $local_salt_dir/ >> "$setup_log" 2>&1
 			fi
 			;;
 		*)
 			{
-				echo "scp pillar and salt files in $temp_install_dir to master /opt/so/saltstack";
+				echo "scp pillar and salt files in $temp_install_dir to master $local_salt_dir";
 				ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar;
 				ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules;
 				scp -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
 				scp -prv -i /root/.ssh/so.key "$temp_install_dir"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules;
-				ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/salt/master/files/add_minion.sh "$MINION_ID";
+				ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/master/files/add_minion.sh "$MINION_ID";
 			} >> "$setup_log" 2>&1
 			;;
 	esac
@@ -469,6 +481,20 @@ copy_ssh_key() {
 	ssh-copy-id -f -i /root/.ssh/so.key soremote@"$MSRV"
 }

+create_local_directories() {
+        echo "Creating local pillar and salt directories"
+        PILLARSALTDIR=${SCRIPTDIR::-5}
+        for i in "pillar" "salt"; do
+                for d in `find $PILLARSALTDIR/$i -type d`; do
+						suffixdir=${d//$PILLARSALTDIR/}
+                        if [ ! -d "$local_salt_dir/$suffixdir" ]; then
+	                        mkdir -v "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1
+                        fi
+                done
+                chown -R socore:socore "$local_salt_dir/$i"
+        done
+
+}

 create_sensor_bond() {
 	echo "Setting up sensor bond" >> "$setup_log" 2>&1
@@ -588,14 +614,18 @@ disable_misc_network_features() {
 	filter_unused_nics
 	if [ ${#filtered_nics[@]} -ne 0 ]; then
 		for unused_nic in "${filtered_nics[@]}"; do
-			# Disable DHCPv4/v6 and autoconnect
-			nmcli con mod "$unused_nic" \
-				ipv4.method disabled \
-				ipv6.method ignore \
-				connection.autoconnect "no" >> "$setup_log" 2>&1
+			if [ -n "$unused_nic" ]; then
+				echo "Disabling unused NIC: $unused_nic" >> "$setup_log" 2>&1

-			# Flush any existing IPs
-			ip addr flush "$unused_nic" >> "$setup_log" 2>&1
+				# Disable DHCPv4/v6 and autoconnect
+				nmcli con mod "$unused_nic" \
+					ipv4.method disabled \
+					ipv6.method ignore \
+					connection.autoconnect "no" >> "$setup_log" 2>&1
+
+				# Flush any existing IPs
+				ip addr flush "$unused_nic" >> "$setup_log" 2>&1
+			fi
 		done
 	fi
 	# Disable IPv6
@@ -612,9 +642,9 @@ docker_install() {
 		{
 			yum clean expire-cache;
 			yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
-			yum -y install docker-ce-19.03.9-3.el7 containerd.io-1.2.6-3.el7;
-			yum versionlock docker-ce-19.03.9-3.el7;
-			yum versionlock containerd.io-1.2.6-3.el7
+			yum -y install docker-ce-19.03.11-3.el7 containerd.io-1.2.13-3.2.el7;
+			yum versionlock docker-ce-19.03.11-3.el7;
+			yum versionlock containerd.io-1.2.13-3.2.el7
 		} >> "$setup_log" 2>&1
 		
 	else
@@ -730,7 +760,7 @@ docker_seed_registry() {

 fireeye_pillar() {

-	local fireeye_pillar_path=/opt/so/saltstack/pillar/fireeye
+	local fireeye_pillar_path=$local_salt_dir/pillar/fireeye
 	mkdir -p "$fireeye_pillar_path"

 	printf '%s\n'\
@@ -744,7 +774,7 @@ fireeye_pillar() {
 # Generate Firewall Templates
 firewall_generate_templates() {

-	local firewall_pillar_path=/opt/so/saltstack/pillar/firewall
+	local firewall_pillar_path=$local_salt_dir/pillar/firewall
 	mkdir -p "$firewall_pillar_path"

 	for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoint search_nodes wazuh_endpoint
@@ -808,7 +838,7 @@ get_minion_type() {
 		'HELIXSENSOR')
 			minion_type='helix'
 			;;
-		'*NODE')
+		*'NODE')
 			minion_type='node'
 			;;
 	esac
@@ -897,7 +927,7 @@ master_pillar() {
  }

 master_static() {
-	local static_pillar="/opt/so/saltstack/pillar/static.sls"
+	local static_pillar="$local_salt_dir/pillar/static.sls"

 	# Create a static file for global values
 	printf '%s\n'\
@@ -995,54 +1025,6 @@ node_pillar() {
 	cat "$pillar_file" >> "$setup_log" 2>&1
 }

-parse_options() {
-	case "$1" in
-		--turbo=*)
-			local proxy
-			proxy=$(echo "$1" | tr -d '"' | awk -F'--turbo=' '{print $2}')
-			proxy_url="http://$proxy"
-			TURBO="$proxy_url"
-			;;
-		--proxy=*)
-			local proxy
-			proxy=$(echo "$1" | tr -d '"' | awk -F'--proxy=' '{print $2}')
-
-			local proxy_protocol
-			proxy_protocol=$(echo "$proxy" | awk 'match($0, /http|https/) { print substr($0, RSTART, RLENGTH) }')
-
-			if [[ ! $proxy_protocol =~ ^(http|https)$ ]]; then
-				echo "Invalid proxy protocol"
-				echo "Ignoring proxy"
-				return
-			fi
-
-			if [[ $2 == --proxy-user=* && $3 == --proxy-pass=* ]]; then
-				local proxy_user
-				local proxy_password
-				proxy_user=$(echo "$2" | tr -d '"' | awk -F'--proxy-user=' '{print $2}')
-				proxy_password=$(echo "$3" | tr -d '"' | awk -F'--proxy-pass=' '{print $2}')
-
-				local proxy_addr
-				proxy_addr=$(echo "$proxy" | awk -F'http\:\/\/|https\:\/\/' '{print $2}')
-
-				export http_proxy="${proxy_protocol}://${proxy_user}:${proxy_password}@${proxy_addr}"
-
-			elif [[ (-z $2 || -z $3) && (-n $2 || -n $3) || ( -n $2 && -n $3 && ($2 != --proxy-user=* || $3 != --proxy-pass=*) ) ]]; then
-				echo "Invalid options passed for proxy. Order is --proxy-user=<user> --proxy-pass=<password>"
-				echo "Ignoring proxy"
-				return
-
-			else
-				export http_proxy="$proxy"
-			fi
-
-			export {https,ftp,rsync,all}_proxy="$http_proxy"
-			;;
-		*)
-			echo "Invalid option"
-	esac
-}
-
 patch_pillar() {

 	local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
@@ -1276,7 +1258,7 @@ salt_checkin() {

 # Run a salt command to generate the minion key
 salt_firstcheckin() {
-	salt-call state.show_top >> /dev/null # send output to /dev/null because we don't actually care about the ouput
+	salt-call state.show_top >> /dev/null 2>&1 # send output to /dev/null because we don't actually care about the ouput
 }

 set_base_heapsizes() {
@@ -1290,16 +1272,18 @@ set_main_ip() {

 setup_salt_master_dirs() {
 	# Create salt paster directories
-	mkdir -p /opt/so/saltstack/salt
-	mkdir -p /opt/so/saltstack/pillar
+	mkdir -p $default_salt_dir/pillar
+	mkdir -p $default_salt_dir/salt
+	mkdir -p $local_salt_dir/pillar
+	mkdir -p $local_salt_dir/salt

 	# Copy over the salt code and templates
 	if [ "$setup_type" = 'iso' ]; then
-		rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* /opt/so/saltstack/pillar/ >> "$setup_log" 2>&1
-		rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* /opt/so/saltstack/salt/ >> "$setup_log" 2>&1
+		rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
+		rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
 	else
-		cp -R ../pillar/* /opt/so/saltstack/pillar/ >> "$setup_log" 2>&1
-		cp -R ../salt/* /opt/so/saltstack/salt/ >> "$setup_log" 2>&1
+		cp -R ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
+		cp -R ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
 	fi

 	echo "Chown the salt dirs on the master for socore" >> "$setup_log" 2>&1
@@ -1372,6 +1356,33 @@ sensor_pillar() {
 	cat "$pillar_file" >> "$setup_log" 2>&1
 }

+set_default_log_size() {
+    local percentage
+
+	case $INSTALLTYPE in
+		EVAL | HEAVYNODE)
+			percentage=50
+			;;
+		*)
+            percentage=80
+			;;
+		esac
+
+	local disk_dir="/"
+	if [ -d /nsm ]; then
+		disk_dir="/nsm"
+	fi
+	local disk_size_1k
+	disk_size_1k=$(df $disk_dir | grep -v "^Filesystem" | awk '{print $2}')
+
+    local ratio="1048576"
+
+    local disk_size_gb
+    disk_size_gb=$( echo "$disk_size_1k" "$ratio" | awk '{print($1/$2)}' )
+
+	log_size_limit=$( echo "$disk_size_gb" "$percentage" | awk '{printf("%.0f", $1 * ($2/100))}')
+}
+
 set_hostname() {

 	set_hostname_iso
@@ -1399,49 +1410,49 @@ set_initial_firewall_policy() {

  set_main_ip

-  if [ -f /opt/so/saltstack/pillar/data/addtotab.sh ]; then chmod +x /opt/so/saltstack/pillar/data/addtotab.sh; fi
-  if [ -f /opt/so/saltstack/pillar/firewall/addfirewall.sh ]; then chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh; fi
+  if [ -f $default_salt_dir/pillar/data/addtotab.sh ]; then chmod +x $default_salt_dir/pillar/data/addtotab.sh; fi
+  if [ -f $default_salt_dir/pillar/firewall/addfirewall.sh ]; then chmod +x $default_salt_dir/pillar/firewall/addfirewall.sh; fi

 	case "$install_type" in
 		'MASTER')
-			printf "  - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls /opt/so/saltstack/pillar/firewall/masterfw.sls
-			/opt/so/saltstack/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
+			printf "  - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls $local_salt_dir/pillar/firewall/masterfw.sls
+			$default_salt_dir/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
 			;;
 		'EVAL' | 'MASTERSEARCH')
-			printf "  - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls\
-				/opt/so/saltstack/pillar/firewall/masterfw.sls\
-				/opt/so/saltstack/pillar/firewall/forward_nodes.sls\
-				/opt/so/saltstack/pillar/firewall/search_nodes.sls
+			printf "  - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls\
+				$local_salt_dir/pillar/firewall/masterfw.sls\
+				$local_salt_dir/pillar/firewall/forward_nodes.sls\
+				$local_salt_dir/pillar/firewall/search_nodes.sls
 			case "$install_type" in 
 				'EVAL')
-					/opt/so/saltstack/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
+					$default_salt_dir/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0 True
 					;;
 				'MASTERSEARCH')
-					/opt/so/saltstack/pillar/data/addtotab.sh mastersearchtab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
+					$default_salt_dir/pillar/data/addtotab.sh mastersearchtab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
 					;;
 			esac
 			;;
 		'HELIXSENSOR')
-			printf "  - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls\
-				/opt/so/saltstack/pillar/firewall/masterfw.sls\
-				/opt/so/saltstack/pillar/firewall/forward_nodes.sls
+			printf "  - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls\
+				$local_salt_dir/pillar/firewall/masterfw.sls\
+				$local_salt_dir/pillar/firewall/forward_nodes.sls
 			;;
 		'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET')
-			ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions "$MAINIP"
+			ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh minions "$MAINIP"
 			case "$install_type" in
 				'SENSOR')
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
+					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
+					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
 					;;
 				'SEARCHNODE')
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
+					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
+					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
 					;;
 				'HEAVYNODE')
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
-					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
+					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
+					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
+					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
+					ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
 					;;
 			esac
 			;;
@@ -1519,9 +1530,9 @@ update_sudoers() {
 	if ! grep -qE '^soremote\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers; then
 		# Update Sudoers so that soremote can accept keys without a password
 		echo "soremote ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers
-		echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers
-		echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers
-		echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/salt/master/files/add_minion.sh" | tee -a /etc/sudoers
+		echo "soremote ALL=(ALL) NOPASSWD:$default_salt_dir/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers
+		echo "soremote ALL=(ALL) NOPASSWD:$default_salt_dir/pillar/data/addtotab.sh" | tee -a /etc/sudoers
+		echo "soremote ALL=(ALL) NOPASSWD:$default_salt_dir/salt/master/files/add_minion.sh" | tee -a /etc/sudoers
 	else
 		echo "User soremote already granted sudo privileges" >> "$setup_log" 2>&1
 	fi