mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-11 03:32:53 +01:00
Merge remote-tracking branch 'remotes/origin/dev' into issue/749
This commit is contained in:
m0duspwnens
@@ -19,7 +19,7 @@ source ./so-whiptail
|
||||
source ./so-variables
|
||||
source ./so-common-functions
|
||||
|
||||
SOVERSION=1.3.0
|
||||
SOVERSION=1.4.0
|
||||
|
||||
accept_salt_key_remote() {
|
||||
systemctl restart salt-minion
|
||||
@@ -514,7 +514,7 @@ detect_os() {
|
||||
# Install bind-utils so the host command exists
|
||||
if ! command -v host > /dev/null 2>&1; then
|
||||
echo "Installing required packages to run installer"
|
||||
yum -y install bind-utils >> "$setup_log" 2>&1
|
||||
yum -y install bind-utils yum-plugin-versionlock >> "$setup_log" 2>&1
|
||||
fi
|
||||
|
||||
|
||||
@@ -550,6 +550,9 @@ detect_os() {
|
||||
disable_onion_user() {
|
||||
# Disable the default account cause security.
|
||||
usermod -L onion
|
||||
|
||||
# Remove the automated setup script from crontab, if it exists
|
||||
crontab -u onion -r
|
||||
}
|
||||
|
||||
disable_misc_network_features() {
|
||||
@@ -580,7 +583,9 @@ docker_install() {
|
||||
{
|
||||
yum clean expire-cache;
|
||||
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
|
||||
yum -y install docker-ce;
|
||||
yum -y install docker-ce-19.03.9-3.el7 containerd.io-1.2.6-3.el7;
|
||||
yum versionlock docker-ce-19.03.9-3.el7;
|
||||
yum versionlock containerd.io-1.2.6-3.el7
|
||||
} >> "$setup_log" 2>&1
|
||||
|
||||
else
|
||||
@@ -616,9 +621,10 @@ docker_registry() {
|
||||
echo "Setting up Docker Registry" >> "$setup_log" 2>&1
|
||||
mkdir -p /etc/docker >> "$setup_log" 2>&1
|
||||
# Make the host use the master docker registry
|
||||
if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="https://$MSRV"; fi
|
||||
printf '%s\n'\
|
||||
"{"\
|
||||
" \"registry-mirrors\": [\"https://$MSRV:5000\"]"\
|
||||
" \"registry-mirrors\": [ \"$proxy:5000\" ]"\
|
||||
"}" > /etc/docker/daemon.json
|
||||
echo "Docker Registry Setup - Complete" >> "$setup_log" 2>&1
|
||||
|
||||
@@ -683,7 +689,7 @@ docker_seed_registry() {
|
||||
# Tag it with the new registry destination
|
||||
docker tag soshybridhunter/"$i" "$HOSTNAME":5000/soshybridhunter/"$i"
|
||||
docker push "$HOSTNAME":5000/soshybridhunter/"$i"
|
||||
docker rmi soshybridhunter/"$i"
|
||||
#docker rmi soshybridhunter/"$i"
|
||||
} >> "$setup_log" 2>&1
|
||||
done
|
||||
else
|
||||
@@ -948,6 +954,54 @@ node_pillar() {
|
||||
cat "$pillar_file" >> "$setup_log" 2>&1
|
||||
}
|
||||
|
||||
parse_options() {
|
||||
case "$1" in
|
||||
--turbo=*)
|
||||
local proxy
|
||||
proxy=$(echo "$1" | tr -d '"' | awk -F'--turbo=' '{print $2}')
|
||||
proxy_url="http://$proxy"
|
||||
TURBO="$proxy_url"
|
||||
;;
|
||||
--proxy=*)
|
||||
local proxy
|
||||
proxy=$(echo "$1" | tr -d '"' | awk -F'--proxy=' '{print $2}')
|
||||
|
||||
local proxy_protocol
|
||||
proxy_protocol=$(echo "$proxy" | awk 'match($0, /http|https/) { print substr($0, RSTART, RLENGTH) }')
|
||||
|
||||
if [[ ! $proxy_protocol =~ ^(http|https)$ ]]; then
|
||||
echo "Invalid proxy protocol"
|
||||
echo "Ignoring proxy"
|
||||
return
|
||||
fi
|
||||
|
||||
if [[ $2 == --proxy-user=* && $3 == --proxy-pass=* ]]; then
|
||||
local proxy_user
|
||||
local proxy_password
|
||||
proxy_user=$(echo "$2" | tr -d '"' | awk -F'--proxy-user=' '{print $2}')
|
||||
proxy_password=$(echo "$3" | tr -d '"' | awk -F'--proxy-pass=' '{print $2}')
|
||||
|
||||
local proxy_addr
|
||||
proxy_addr=$(echo "$proxy" | awk -F'http\:\/\/|https\:\/\/' '{print $2}')
|
||||
|
||||
export http_proxy="${proxy_protocol}://${proxy_user}:${proxy_password}@${proxy_addr}"
|
||||
|
||||
elif [[ (-z $2 || -z $3) && (-n $2 || -n $3) || ( -n $2 && -n $3 && ($2 != --proxy-user=* || $3 != --proxy-pass=*) ) ]]; then
|
||||
echo "Invalid options passed for proxy. Order is --proxy-user=<user> --proxy-pass=<password>"
|
||||
echo "Ignoring proxy"
|
||||
return
|
||||
|
||||
else
|
||||
export http_proxy="$proxy"
|
||||
fi
|
||||
|
||||
export {https,ftp,rsync,all}_proxy="$http_proxy"
|
||||
;;
|
||||
*)
|
||||
echo "Invalid option"
|
||||
esac
|
||||
}
|
||||
|
||||
patch_pillar() {
|
||||
|
||||
local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
|
||||
@@ -1068,7 +1122,7 @@ saltify() {
|
||||
yum -y update exclude=salt*;
|
||||
systemctl enable salt-minion;
|
||||
} >> "$setup_log" 2>&1
|
||||
echo "exclude=salt*" >> /etc/yum.conf
|
||||
yum versionlock salt*
|
||||
else
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade >> "$setup_log" 2>&1
|
||||
|
||||
@@ -1229,8 +1283,6 @@ set_progress_str() {
|
||||
'----'\
|
||||
"$percentage% - ${progress_bar_text^^}"\
|
||||
"----" >> "$setup_log" 2>&1
|
||||
|
||||
sleep 5
|
||||
}
|
||||
|
||||
sensor_pillar() {
|
||||
@@ -1445,6 +1497,23 @@ update_packages() {
|
||||
fi
|
||||
}
|
||||
|
||||
use_turbo_proxy() {
|
||||
if [[ ! $install_type =~ ^(MASTER|EVAL|HELIXSENSOR|MASTERSEARCH|STANDALONE)$ ]]; then
|
||||
echo "turbo is not supported on this install type" >> $setup_log 2>&1
|
||||
return
|
||||
fi
|
||||
|
||||
if [[ $OS == 'centos' ]]; then
|
||||
printf '%s\n' "proxy=${TURBO}:3142" >> /etc/yum.conf
|
||||
else
|
||||
printf '%s\n'\
|
||||
"Acquire {"\
|
||||
" HTTP::proxy \"${TURBO}:3142\";"\
|
||||
" HTTPS::proxy \"${TURBO}:3142\";"\
|
||||
"}" > /etc/apt/apt.conf.d/proxy.conf
|
||||
fi
|
||||
}
|
||||
|
||||
ls_heapsize() {
|
||||
|
||||
if [ "$total_mem" -ge 32000 ]; then
|
||||
|
||||
Reference in New Issue
Block a user