From 4210d25fae1235a70792d95d73fac7da7fc6c4e9 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Tue, 8 Dec 2020 14:03:21 -0500
Subject: [PATCH] [feat] Init network + soremote key early

---
 setup/so-setup    | 48 ++++++++++++++++++++++++-----------------------
 setup/so-whiptail | 16 ++++++++++++++++
 2 files changed, 41 insertions(+), 23 deletions(-)

diff --git a/setup/so-setup b/setup/so-setup
index b60b99eca..f9ae6fe50 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -205,13 +205,11 @@ fi
 
 # Check if this is an airgap install
 
-if [[ $is_manager ]]; then
-    if [[ $is_iso ]]; then
-      whiptail_airgap
-      if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
-        is_airgap=true
-      fi
-    fi
+if [[ $is_manager && $is_iso ]]; then
+	whiptail_airgap
+	if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
+		is_airgap=true
+	fi
 fi
 
 if [[ $is_manager && $is_sensor ]]; then
@@ -226,10 +224,6 @@ elif [[ $is_import ]]; then
 	check_requirements "import"
 fi
 
-if [[ ! $is_import ]]; then
-	whiptail_patch_schedule
-fi
-
 case "$setup_type" in
 	'iso')
 		whiptail_set_hostname
@@ -243,8 +237,6 @@ case "$setup_type" in
 			whiptail_management_interface_dns
 			whiptail_management_interface_dns_search
 		fi
-
-		#collect_adminuser_inputs
 		;;
 	'network')
 		whiptail_network_notice
@@ -254,6 +246,22 @@ case "$setup_type" in
 		;;
 esac
 
+if [[ $is_minion ]]; then
+	whiptail_management_server
+fi
+
+whiptail_management_interface_setup
+
+if [[ "$setup_type" == 'iso' ]]; then
+	# Init networking so rest of install works
+	set_hostname
+	set_management_interface
+fi
+
+if [[ $is_minion || $is_import ]]; then
+	[ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1
+fi
+
 short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')
 
 MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]')
@@ -320,6 +328,10 @@ if [[ $is_helix || $is_sensor || $is_import ]]; then
 	calculate_useable_cores
 fi
 
+if [[ ! $is_import ]]; then
+	whiptail_patch_schedule
+fi
+
 whiptail_homenet_manager
 whiptail_dockernet_check
 
@@ -365,10 +377,6 @@ if [[ $is_distmanager || ( $is_sensor || $is_node || $is_fleet_standalone ) && !
 	fi
 fi
 
-if [[ $is_minion ]]; then
-	whiptail_management_server
-fi
-
 if [[ $is_distmanager ]]; then
 	collect_soremote_inputs
 fi
@@ -436,11 +444,6 @@ if [[ -n "$TURBO" ]]; then
 	use_turbo_proxy
 fi
 
-if [[ "$setup_type" == 'iso' ]]; then
-	set_hostname >> $setup_log 2>&1
-	set_management_interface
-fi
-
 disable_ipv6
 
 if [[ "$setup_type" != 'iso' ]]; then
@@ -495,7 +498,6 @@ fi
 
 	if [[ $is_minion || $is_import ]]; then
 		set_updates >> $setup_log 2>&1
-		[ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1
 	fi
 
 	if [[ $is_manager && $is_airgap ]]; then
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 5bc84eecf..edbc19c0b 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -765,6 +765,22 @@ whiptail_management_nic() {
 
 }
 
+whiptail_management_interface_setup() {
+	[ -n "$TESTING" ] && return
+
+	local minion_msg
+
+	if [[ $is_minion || $is_import ]]; then
+		minion_msg=" and copy the ssh key for soremote to the manager"
+	else
+		minion_msg="" 
+	fi
+
+	whiptail --title "Security Onion Setup" --yesno "Setup will now initialize networking$minion_msg. Select YES to continue or NO to cancel." 8 75
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+}
+
 whiptail_nids() {
 
 	[ -n "$TESTING" ] && return