mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-01-27 02:13:30 +01:00
Merge remote-tracking branch 'remotes/origin/dev' into feature/fleet-setup
This commit is contained in:
Josh Brower
@@ -21,18 +21,40 @@ source ./so-common-functions
|
||||
source ./so-whiptail
|
||||
source ./so-variables
|
||||
|
||||
# Parse command line arguments
|
||||
setup_type=$1
|
||||
export setup_type
|
||||
|
||||
automation=$2
|
||||
|
||||
automated=no
|
||||
while [[ $# -gt 0 ]]; do
|
||||
arg="$1"
|
||||
shift
|
||||
case "$arg" in
|
||||
"--turbo="* )
|
||||
export TURBO="http://${arg#*=}";;
|
||||
"--proxy="* )
|
||||
export {http,https,ftp,rsync,all}_proxy="${arg#*=}";;
|
||||
"--allow-role="* )
|
||||
export ALLOW_ROLE="${arg#*=}";;
|
||||
"--allow-cidr="* )
|
||||
export ALLOW_CIDR="${arg#*=}";;
|
||||
"--skip-reboot" )
|
||||
export SKIP_REBOOT=1;;
|
||||
* )
|
||||
if [[ "$arg" == "--"* ]]; then
|
||||
echo "Invalid option"
|
||||
fi
|
||||
esac
|
||||
done
|
||||
|
||||
# Begin Installation pre-processing
|
||||
echo "---- Starting setup at $(date -u) ----" >> $setup_log 2>&1
|
||||
|
||||
automated=no
|
||||
function progress() {
|
||||
if [ $automated == no ]; then
|
||||
whiptail --title "Security Onion Install" --gauge 'Please wait while installing' 6 60 0
|
||||
else
|
||||
cat >> $setup_log 2>&1
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -41,7 +63,7 @@ if [[ -f automation/$automation && $(basename $automation) == $automation ]]; th
|
||||
source automation/$automation
|
||||
automated=yes
|
||||
|
||||
echo "Checking network configuration" >> $setup_log 2>&1g
|
||||
echo "Checking network configuration" >> $setup_log 2>&1
|
||||
ip a >> $setup_log 2>&1
|
||||
|
||||
attempt=1
|
||||
@@ -76,11 +98,6 @@ export PATH=$PATH:../salt/common/tools/sbin
|
||||
|
||||
got_root
|
||||
|
||||
if [[ $# -gt 1 ]]; then
|
||||
set -- "${@:2}"
|
||||
parse_options "$@" >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
detect_os
|
||||
|
||||
if [ "$OS" == ubuntu ]; then
|
||||
@@ -178,17 +195,21 @@ echo "MINION_ID = $MINION_ID" >> $setup_log 2>&1
|
||||
|
||||
minion_type=$(get_minion_type)
|
||||
|
||||
# Set any constants needed
|
||||
# Set any variables needed
|
||||
set_default_log_size >> $setup_log 2>&1
|
||||
|
||||
if [[ $is_helix ]]; then
|
||||
RULESETUP=ETOPEN
|
||||
NSMSETUP=BASIC
|
||||
HNSENSOR=inherit
|
||||
MASTERUPDATES=0
|
||||
fi
|
||||
|
||||
if [[ $is_helix || ( $is_master && $is_node ) ]]; then
|
||||
RULESETUP=ETOPEN
|
||||
NSMSETUP=BASIC
|
||||
fi
|
||||
|
||||
if [[ $is_master && $is_node ]]; then
|
||||
LSPIPELINEWORKERS=1
|
||||
LSPIPELINEBATCH=125
|
||||
@@ -197,6 +218,7 @@ if [[ $is_master && $is_node ]]; then
|
||||
NIDS=Suricata
|
||||
BROVERSION=ZEEK
|
||||
fi
|
||||
|
||||
if [[ $is_node ]]; then
|
||||
CURCLOSEDAYS=30
|
||||
fi
|
||||
@@ -339,22 +361,22 @@ fi
|
||||
# Set initial percentage to 0
|
||||
export percentage=0
|
||||
|
||||
set_progress_str 1 'Updating packages'
|
||||
if [[ $is_minion ]]; then
|
||||
set_progress_str 1 'Configuring firewall'
|
||||
set_initial_firewall_policy >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
set_progress_str 2 'Updating packages'
|
||||
update_packages >> $setup_log 2>&1
|
||||
|
||||
if [[ $is_sensor || $is_helix ]]; then
|
||||
set_progress_str 2 'Creating bond interface'
|
||||
set_progress_str 3 'Creating bond interface'
|
||||
create_sensor_bond >> $setup_log 2>&1
|
||||
|
||||
set_progress_str 3 'Generating sensor pillar'
|
||||
set_progress_str 4 'Generating sensor pillar'
|
||||
sensor_pillar >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
if [[ $is_minion ]]; then
|
||||
set_progress_str 4 'Configuring firewall'
|
||||
set_initial_firewall_policy >> $setup_log 2>&1
|
||||
fi
|
||||
|
||||
set_progress_str 5 'Installing Salt and dependencies'
|
||||
saltify 2>> $setup_log
|
||||
|
||||
@@ -370,6 +392,8 @@ fi
|
||||
|
||||
if [[ $is_master || $is_helix ]]; then
|
||||
set_progress_str 10 'Configuring Salt master'
|
||||
create_local_directories >> $setup_log 2>&1
|
||||
addtotab_generate_templates >> $setup_log 2>&1
|
||||
copy_master_config >> $setup_log 2>&1
|
||||
setup_salt_master_dirs >> $setup_log 2>&1
|
||||
firewall_generate_templates >> $setup_log 2>&1
|
||||
@@ -430,12 +454,15 @@ fi
|
||||
salt-call state.apply -l info registry >> $setup_log 2>&1
|
||||
docker_seed_registry 2>> "$setup_log" # ~ 60% when finished
|
||||
|
||||
set_progress_str 61 "$(print_salt_state_apply 'master')"
|
||||
set_progress_str 60 "$(print_salt_state_apply 'master')"
|
||||
salt-call state.apply -l info master >> $setup_log 2>&1
|
||||
|
||||
set_progress_str 62 "$(print_salt_state_apply 'idstools')"
|
||||
set_progress_str 61 "$(print_salt_state_apply 'idstools')"
|
||||
salt-call state.apply -l info idstools >> $setup_log 2>&1
|
||||
|
||||
set_progress_str 61 "$(print_salt_state_apply 'suricata.master')"
|
||||
salt-call state.apply -l info suricata.master >> $setup_log 2>&1
|
||||
|
||||
fi
|
||||
|
||||
set_progress_str 62 "$(print_salt_state_apply 'firewall')"
|
||||
@@ -566,12 +593,17 @@ fi
|
||||
success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
|
||||
if [[ "$success" = 0 ]]; then
|
||||
whiptail_setup_complete
|
||||
if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then
|
||||
export IP=$ALLOW_CIDR
|
||||
so-allow -$ALLOW_ROLE >> $setup_log 2>&1
|
||||
fi
|
||||
if [[ $THEHIVE == 1 ]]; then
|
||||
check_hive_init_then_reboot
|
||||
else
|
||||
shutdown -r now
|
||||
check_hive_init
|
||||
fi
|
||||
else
|
||||
whiptail_setup_failed
|
||||
fi
|
||||
|
||||
if [[ -z $SKIP_REBOOT ]]; then
|
||||
shutdown -r now
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user