From 55911ef64918c49a05fa06ffe3e9c9c8c8dace8d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 11:05:01 -0500 Subject: [PATCH 01/11] Fix reinstall logic --- SECURITY.md | 3 ++- setup/so-setup | 22 +++++++++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 46ae8090c..771d087a1 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,7 +4,8 @@ | Version | Supported | | ------- | ------------------ | -| 2.x.x | :white_check_mark: | +| 2.4.x | :white_check_mark: | +| 2.3.x | :white_check_mark: | | 16.04.x | :x: | Security Onion 16.04 has reached End Of Life and is no longer supported. diff --git a/setup/so-setup b/setup/so-setup index ab6f4f491..cb4d8475d 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -318,7 +318,9 @@ if ! [[ -f $install_opt_file ]]; then check_requirements "manager" networking_needful collect_dockernet - whiptail_airgap + if [[ $is_iso ]]; then + whiptail_airgap + fi detect_cloud set_minion_info set_default_log_size >> $setup_log 2>&1 @@ -338,7 +340,9 @@ if ! [[ -f $install_opt_file ]]; then check_requirements "manager" networking_needful collect_dockernet - whiptail_airgap + if [[ $is_iso ]]; then + whiptail_airgap + fi detect_cloud set_minion_info set_default_log_size >> $setup_log 2>&1 @@ -357,7 +361,9 @@ if ! [[ -f $install_opt_file ]]; then check_requirements "manager" networking_needful collect_dockernet - whiptail_airgap + if [[ $is_iso ]]; then + whiptail_airgap + fi detect_cloud set_default_log_size >> $setup_log 2>&1 info "Verifying all network devices are managed by Network Manager that should be" @@ -374,7 +380,9 @@ if ! [[ -f $install_opt_file ]]; then check_requirements "manager" networking_needful collect_dockernet - whiptail_airgap + if [[ $is_iso ]]; then + whiptail_airgap + fi detect_cloud set_default_log_size >> $setup_log 2>&1 info "Verifying all network devices are managed by Network Manager that should be" @@ -436,7 +444,9 @@ if ! [[ -f $install_opt_file ]]; then check_elastic_license check_requirements "import" networking_needful - whiptail_airgap + if [[ $is_iso ]]; then + whiptail_airgap + fi detect_cloud set_minion_info set_default_log_size >> $setup_log 2>&1 @@ -459,6 +469,7 @@ if ! [[ -f $install_opt_file ]]; then fi if [[ $waitforstate ]]; then + touch /root/accept_changes percentage=0 es_heapsize ls_heapsize @@ -579,6 +590,7 @@ if ! [[ -f $install_opt_file ]]; then set_initial_firewall_access whiptail_setup_complete else + touch /root/accept_changes es_heapsize ls_heapsize generate_interface_vars From 0531d369aa770ce7f18bdd7c75fd13013a8e1439 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 11:09:06 -0500 Subject: [PATCH 02/11] Fix reinstall logic --- setup/so-setup | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-setup b/setup/so-setup index cb4d8475d..c83b7b3ec 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -141,6 +141,7 @@ if [[ -f /root/accept_changes ]]; then info "Old setup detected. Moving the last setup.log to setup.log.bak" mv "$setup_log" "$setup_log.bak" [ -f "$error_log" ] && mv "$error_log" "$error_log.bak" + reinstall_init fi title "Parsing Username for Install" From 6d1e6fc358680feeb93fe984839832a269d270d7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 12:15:21 -0500 Subject: [PATCH 03/11] Fix reinstall logic --- setup/so-setup | 7 +------ setup/so-whiptail | 9 +++++++++ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index c83b7b3ec..207ea3e80 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -137,7 +137,7 @@ fi title "Checking to see if install has run before" if [[ -f /root/accept_changes ]]; then is_reinstall=true - + whiptail_reinstall info "Old setup detected. Moving the last setup.log to setup.log.bak" mv "$setup_log" "$setup_log.bak" [ -f "$error_log" ] && mv "$error_log" "$error_log.bak" @@ -485,11 +485,6 @@ if ! [[ -f $install_opt_file ]]; then info "Setting Paths" # Set the paths set_path - info "Checking if this is a re-install" - # Check to see if its a reinstall. THIS NEEDS REVIEW - if [[ $is_reinstall ]]; then - reinstall_init - fi echo "Disable auto start of setup" # Disable the setup from prompting at login disable_auto_start diff --git a/setup/so-whiptail b/setup/so-whiptail index c7eb350ff..1a5f5f9c8 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1104,6 +1104,15 @@ whiptail_proxy_auth_pass() { whiptail_check_exitstatus $exitstatus } +whiptail_reinstall() { + [ -n "$TESTING" ] && return + + whiptail --title "$whiptail_title" --yesno "Setup has detected a previous install. Do you want to continue? Continuing will overwrite the previos install. " 7 44 + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + whiptail_requirements_error() { local requirement_needed=$1 From cd57ff9820072b23863395dfb0433a236fed3b6a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 12:16:18 -0500 Subject: [PATCH 04/11] Fix reinstall logic --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 1a5f5f9c8..3ddc78194 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1107,7 +1107,7 @@ whiptail_proxy_auth_pass() { whiptail_reinstall() { [ -n "$TESTING" ] && return - whiptail --title "$whiptail_title" --yesno "Setup has detected a previous install. Do you want to continue? Continuing will overwrite the previos install. " 7 44 + whiptail --title "$whiptail_title" --yesno "Setup has detected a previous install. Do you want to continue? Continuing will overwrite the previos install. " 10 60 local exitstatus=$? whiptail_check_exitstatus $exitstatus From eee433e8c42d9f99e1bfb2ba791126c5e0c9c7d6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 12:17:13 -0500 Subject: [PATCH 05/11] Fix reinstall logic --- setup/so-whiptail | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 3ddc78194..c3a7a6adb 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1107,7 +1107,8 @@ whiptail_proxy_auth_pass() { whiptail_reinstall() { [ -n "$TESTING" ] && return - whiptail --title "$whiptail_title" --yesno "Setup has detected a previous install. Do you want to continue? Continuing will overwrite the previos install. " 10 60 + whiptail --title "$whiptail_title" --yesno "Setup has detected a previous install. Do you want to continue? \ + Continuing will overwrite the previous install. " 10 60 local exitstatus=$? whiptail_check_exitstatus $exitstatus From 708ba13721a3708dd1e3c5bd9b30f96d9440c88b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 12:18:02 -0500 Subject: [PATCH 06/11] Fix reinstall logic --- setup/so-whiptail | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index c3a7a6adb..5a8d06ab3 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1107,7 +1107,8 @@ whiptail_proxy_auth_pass() { whiptail_reinstall() { [ -n "$TESTING" ] && return - whiptail --title "$whiptail_title" --yesno "Setup has detected a previous install. Do you want to continue? \ + whiptail --title "$whiptail_title" --yesno "Setup has detected a previous install. Do you want to continue? + Continuing will overwrite the previous install. " 10 60 local exitstatus=$? From 35e0a78cad28ac80deaa6edd8df633d5204104e2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 12:20:57 -0500 Subject: [PATCH 07/11] Fix reinstall logic --- setup/so-whiptail | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 5a8d06ab3..a03c85645 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1107,10 +1107,16 @@ whiptail_proxy_auth_pass() { whiptail_reinstall() { [ -n "$TESTING" ] && return - whiptail --title "$whiptail_title" --yesno "Setup has detected a previous install. Do you want to continue? - - Continuing will overwrite the previous install. " 10 60 - + read -r -d '' message <<- EOM + Setup has detected a previous install. Continuing the install will remove the previous install configuration. + + Would you like to continue? + EOM + + whiptail --title "$whiptail_title" \ + --yesno "$message" 11 75 \ + --yes-button "Continue" --no-button "Exit" --defaultno + local exitstatus=$? whiptail_check_exitstatus $exitstatus } From b36f1bc79e4dfea447d3cc03f1dbb15f35172e94 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 12:26:50 -0500 Subject: [PATCH 08/11] Fix reinstall logic --- setup/so-setup | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-setup b/setup/so-setup index 207ea3e80..914b80233 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -141,6 +141,7 @@ if [[ -f /root/accept_changes ]]; then info "Old setup detected. Moving the last setup.log to setup.log.bak" mv "$setup_log" "$setup_log.bak" [ -f "$error_log" ] && mv "$error_log" "$error_log.bak" + source ./so-variables reinstall_init fi From c07821a612a1098c04402510a8dd90bd5bd4ef16 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 12:32:43 -0500 Subject: [PATCH 09/11] Fix reinstall logic --- setup/so-functions | 13 +++++++++++++ setup/so-setup | 2 +- setup/so-variables | 12 ------------ 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 090f5f572..53c539a1b 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1529,6 +1529,19 @@ influxdb_pillar() { touch $influxdb_pillar_file } +make_some_dirs() { + mkdir -p $local_salt_dir/pillar/minions + mkdir -p $local_salt_dir/salt/firewall/hostgroups + mkdir -p $local_salt_dir/salt/firewall/portgroups + mkdir -p $local_salt_dir/salt/firewall/ports + + for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni curator soc soctopus docker zeek suricata nginx telegraf filebeat logstash soc manager kratos idstools idh elastalert;do + mkdir -p $local_salt_dir/pillar/$THEDIR + touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls + touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls + done +} + mark_version() { title "Marking the current version" echo "$SOVERSION" > /etc/soversion diff --git a/setup/so-setup b/setup/so-setup index 914b80233..9ed3a30cb 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -141,7 +141,6 @@ if [[ -f /root/accept_changes ]]; then info "Old setup detected. Moving the last setup.log to setup.log.bak" mv "$setup_log" "$setup_log.bak" [ -f "$error_log" ] && mv "$error_log" "$error_log.bak" - source ./so-variables reinstall_init fi @@ -472,6 +471,7 @@ if ! [[ -f $install_opt_file ]]; then if [[ $waitforstate ]]; then touch /root/accept_changes + make_some_dirs percentage=0 es_heapsize ls_heapsize diff --git a/setup/so-variables b/setup/so-variables index 9cf279f3d..a753bc91b 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -79,18 +79,6 @@ export ntp_string whiptail_title="Security Onion Setup - $SOVERSION" export whiptail_title -mkdir -p $local_salt_dir/pillar/minions -mkdir -p $local_salt_dir/salt/firewall/hostgroups -mkdir -p $local_salt_dir/salt/firewall/portgroups -mkdir -p $local_salt_dir/salt/firewall/ports - -for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni curator soc soctopus docker zeek suricata nginx telegraf filebeat logstash soc manager kratos idstools idh elastalert -do - mkdir -p $local_salt_dir/pillar/$THEDIR - touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls - touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls -done - global_pillar_file="$local_salt_dir/pillar/soc_global.sls" export global_pillar_file From bab010a109771ec17732cc7df8e245ff430c5c06 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 12:40:18 -0500 Subject: [PATCH 10/11] Fix reinstall logic --- setup/so-functions | 3 +++ setup/so-variables | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 53c539a1b..c4e7d48e0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1530,6 +1530,9 @@ influxdb_pillar() { } make_some_dirs() { + mkdir -p /nsm + mkdir -p "$default_salt_dir" + mkdir -p "$local_salt_dir" mkdir -p $local_salt_dir/pillar/minions mkdir -p $local_salt_dir/salt/firewall/hostgroups mkdir -p $local_salt_dir/salt/firewall/portgroups diff --git a/setup/so-variables b/setup/so-variables index a753bc91b..52dd3a9e5 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -29,7 +29,6 @@ export error_log filesystem_root=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') export filesystem_root -mkdir -p /nsm filesystem_nsm=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') export filesystem_nsm @@ -59,10 +58,8 @@ export percentage_str='Getting started' export DEBIAN_FRONTEND=noninteractive export default_salt_dir=/opt/so/saltstack/default -mkdir -p "$default_salt_dir" export local_salt_dir=/opt/so/saltstack/local -mkdir -p "$local_salt_dir" SCRIPTDIR=$(pwd) export SCRIPTDIR From 8fa8b89d9c5f5a25093e2e2d689b7383a151ff34 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 11 Jan 2023 12:43:22 -0500 Subject: [PATCH 11/11] Fix reinstall logic --- setup/so-setup | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-setup b/setup/so-setup index 9ed3a30cb..ae570d734 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -588,6 +588,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_setup_complete else touch /root/accept_changes + mkdir -p /nsm es_heapsize ls_heapsize generate_interface_vars