Merge pull request #9563 from Security-Onion-Solutions/mkr24

Optimize reinstall process

SECURITY.md

@@ -4,7 +4,8 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 2.x.x   | :white_check_mark: |
+| 2.4.x   | :white_check_mark: |
+| 2.3.x   | :white_check_mark: |
 | 16.04.x | :x:                |
 
 Security Onion 16.04 has reached End Of Life and is no longer supported.

setup/so-functions

@@ -1529,6 +1529,22 @@ influxdb_pillar() {
 	touch $influxdb_pillar_file
 }
 
+make_some_dirs() {
+	mkdir -p /nsm
+	mkdir -p "$default_salt_dir"
+	mkdir -p "$local_salt_dir"
+	mkdir -p $local_salt_dir/pillar/minions
+	mkdir -p $local_salt_dir/salt/firewall/hostgroups
+	mkdir -p $local_salt_dir/salt/firewall/portgroups
+	mkdir -p $local_salt_dir/salt/firewall/ports
+
+	for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni curator soc soctopus docker zeek suricata nginx telegraf filebeat logstash soc manager kratos idstools idh elastalert;do
+	mkdir -p $local_salt_dir/pillar/$THEDIR
+	touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls
+	touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls
+	done
+}
+
 mark_version() {
 	title "Marking the current version"
 	echo "$SOVERSION" > /etc/soversion

setup/so-setup

@@ -137,10 +137,11 @@ fi
 title "Checking to see if install has run before"
 if [[ -f /root/accept_changes ]]; then
 	is_reinstall=true
-
+	whiptail_reinstall
 	info "Old setup detected. Moving the last setup.log to setup.log.bak"
 	mv "$setup_log" "$setup_log.bak"
 	[ -f "$error_log" ] && mv "$error_log" "$error_log.bak"
+	reinstall_init
 fi
 
 title "Parsing Username for Install"
@@ -318,7 +319,9 @@ if ! [[ -f $install_opt_file ]]; then
 		check_requirements "manager"
 		networking_needful
 		collect_dockernet
+		if [[ $is_iso ]]; then
 			whiptail_airgap
+		fi
 		detect_cloud
 		set_minion_info
 		set_default_log_size >> $setup_log 2>&1
@@ -338,7 +341,9 @@ if ! [[ -f $install_opt_file ]]; then
 		check_requirements "manager"
 		networking_needful
 		collect_dockernet
+		if [[ $is_iso ]]; then
 			whiptail_airgap
+		fi
 		detect_cloud
 		set_minion_info
 		set_default_log_size >> $setup_log 2>&1
@@ -357,7 +362,9 @@ if ! [[ -f $install_opt_file ]]; then
 		check_requirements "manager"
 		networking_needful
 		collect_dockernet
+		if [[ $is_iso ]]; then
 			whiptail_airgap
+		fi
 		detect_cloud
 		set_default_log_size >> $setup_log 2>&1
 		info "Verifying all network devices are managed by Network Manager that should be"
@@ -374,7 +381,9 @@ if ! [[ -f $install_opt_file ]]; then
 		check_requirements "manager"
 		networking_needful
 		collect_dockernet
+		if [[ $is_iso ]]; then
 			whiptail_airgap
+		fi
 		detect_cloud
 		set_default_log_size >> $setup_log 2>&1
 		info "Verifying all network devices are managed by Network Manager that should be"
@@ -436,7 +445,9 @@ if ! [[ -f $install_opt_file ]]; then
 		check_elastic_license
 		check_requirements "import"
 		networking_needful
+		if [[ $is_iso ]]; then
 			whiptail_airgap
+		fi
 		detect_cloud
 		set_minion_info
 		set_default_log_size >> $setup_log 2>&1
@@ -459,6 +470,8 @@ if ! [[ -f $install_opt_file ]]; then
 	fi
 
 	if [[ $waitforstate ]]; then
+		touch /root/accept_changes
+		make_some_dirs
 		percentage=0
 		es_heapsize
 		ls_heapsize
@@ -473,11 +486,6 @@ if ! [[ -f $install_opt_file ]]; then
 		info "Setting Paths"
 		# Set the paths
 		set_path
-		info "Checking if this is a re-install"
-		# Check to see if its a reinstall. THIS NEEDS REVIEW
-		if [[ $is_reinstall ]]; then
-			reinstall_init
-		fi
 		echo "Disable auto start of setup"
 		# Disable the setup from prompting at login
 		disable_auto_start
@@ -579,6 +587,8 @@ if ! [[ -f $install_opt_file ]]; then
 		set_initial_firewall_access
 		whiptail_setup_complete
 	else
+		touch /root/accept_changes
+		mkdir -p /nsm
 		es_heapsize
 		ls_heapsize
 		generate_interface_vars

setup/so-variables

@@ -29,7 +29,6 @@ export error_log
 filesystem_root=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
 export filesystem_root
 
-mkdir -p /nsm
 filesystem_nsm=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
 export filesystem_nsm
 
@@ -59,10 +58,8 @@ export percentage_str='Getting started'
 export DEBIAN_FRONTEND=noninteractive
 
 export default_salt_dir=/opt/so/saltstack/default
-mkdir -p "$default_salt_dir"
 
 export local_salt_dir=/opt/so/saltstack/local
-mkdir -p "$local_salt_dir"
 
 SCRIPTDIR=$(pwd)
 export SCRIPTDIR
@@ -79,18 +76,6 @@ export ntp_string
 whiptail_title="Security Onion Setup - $SOVERSION"
 export whiptail_title
 
-mkdir -p $local_salt_dir/pillar/minions
-mkdir -p $local_salt_dir/salt/firewall/hostgroups
-mkdir -p $local_salt_dir/salt/firewall/portgroups
-mkdir -p $local_salt_dir/salt/firewall/ports
-
-for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni curator soc soctopus docker zeek suricata nginx telegraf filebeat logstash soc manager kratos idstools idh elastalert 
-do
-    mkdir -p $local_salt_dir/pillar/$THEDIR
-    touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls
-    touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls
-done
-
 global_pillar_file="$local_salt_dir/pillar/soc_global.sls"
 export global_pillar_file
 

setup/so-whiptail

@@ -1104,6 +1104,23 @@ whiptail_proxy_auth_pass() {
 	whiptail_check_exitstatus $exitstatus
 }
 
+whiptail_reinstall() {
+	[ -n "$TESTING" ] && return
+
+	read -r -d '' message <<- EOM
+	Setup has detected a previous install. Continuing the install will remove the previous install configuration.
+
+	Would you like to continue?
+	EOM
+
+	whiptail --title "$whiptail_title" \
+		--yesno "$message" 11 75 \
+		--yes-button "Continue" --no-button "Exit" --defaultno
+
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+}
+
 whiptail_requirements_error() {
 
 	local requirement_needed=$1