CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into pipeline

Browse Source
This commit is contained in:
Mike Reeves
2021-06-08 11:03:14 -04:00
parent 56eb220ed6 fd5fcfeaae
commit 4972f69dd6
10 changed files with 161 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
salt/common/tools/sbin/so-common
View File

@@ -153,16 +153,16 @@ Do you agree to the terms of the Elastic License?
If so, type AGREE to accept the Elastic License and continue. Otherwise, press Enter to exit this program without making any changes. If so, type AGREE to accept the Elastic License and continue. Otherwise, press Enter to exit this program without making any changes.
EOM EOM
AGREED=$(whiptail --title "Security Onion Setup" --inputbox \ AGREED=$(whiptail --title "$whiptail_title" --inputbox \
"$message" 20 75 3>&1 1>&2 2>&3) "$message" 20 75 3>&1 1>&2 2>&3)
if [ "${AGREED^^}" = 'AGREE' ]; then if [ "${AGREED^^}" = 'AGREE' ]; then
mkdir -p /opt/so/state mkdir -p /opt/so/state
touch /opt/so/state/yeselastic.txt touch /opt/so/state/yeselastic.txt
else else
echo "Starting in 2.3.40 you must accept the Elastic license if you want to run Security Onion." echo "Starting in 2.3.40 you must accept the Elastic license if you want to run Security Onion."
exit 1 exit 1
fi fi
} }

6
salt/common/tools/sbin/so-zeek-logs
View File

@@ -10,7 +10,7 @@ zeek_logs_enabled() {
} }
whiptail_manager_adv_service_zeeklogs() { whiptail_manager_adv_service_zeeklogs() {
BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 78 12 \ BLOGS=$(whiptail --title "so-zeek-logs" --checklist "Please Select Logs to Send:" 24 78 12 \
"conn" "Connection Logging" ON \ "conn" "Connection Logging" ON \
"dce_rpc" "RPC Logs" ON \ "dce_rpc" "RPC Logs" ON \
"dhcp" "DHCP Logs" ON \ "dhcp" "DHCP Logs" ON \
@@ -55,10 +55,10 @@ whiptail_manager_adv_service_zeeklogs
return_code=$? return_code=$?
case $return_code in case $return_code in
1) 1)
whiptail --title "Security Onion Setup" --msgbox "Cancelling. No changes have been made." 8 75 whiptail --title "so-zeek-logs" --msgbox "Cancelling. No changes have been made." 8 75
;; ;;
255) 255)
whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting." 8 75 whiptail --title "so-zeek-logs" --msgbox "Whiptail error occured, exiting." 8 75
;; ;;
*) *)
zeek_logs_enabled zeek_logs_enabled

16
salt/common/tools/sbin/soup
View File

@@ -25,6 +25,7 @@ BATCHSIZE=5
SOUP_LOG=/root/soup.log SOUP_LOG=/root/soup.log
INFLUXDB_MIGRATION_LOG=/opt/so/log/influxdb/soup_migration.log INFLUXDB_MIGRATION_LOG=/opt/so/log/influxdb/soup_migration.log
WHATWOULDYOUSAYYAHDOHERE=soup WHATWOULDYOUSAYYAHDOHERE=soup
whiptail_title='Security Onion UPdater'
check_err() { check_err() {
local exit_code=$1 local exit_code=$1
@@ -107,14 +108,13 @@ airgap_mounted() {
echo "The ISO is already mounted" echo "The ISO is already mounted"
else else
echo "" echo ""
echo "Looks like we need access to the upgrade content" cat << EOF
echo "" In order for soup to proceed, the path to the downloaded Security Onion ISO file, or the path to the CD-ROM or equivalent device containing the ISO media must be provided.
echo "If you just copied the .iso file over you can specify the path." For example, if you have copied the new Security Onion ISO file to your home directory, then the path might look like /home/myuser/securityonion-2.x.y.iso.
echo "If you burned the ISO to a disk the standard way you can specify the device." Or, if you have burned the new ISO onto an optical disk then the path might look like /dev/cdrom.
echo "Example: /home/user/securityonion-2.X.0.iso"
echo "Example: /dev/sdx1" EOF
echo "" read -rp 'Enter the path to the new Security Onion ISO content: ' ISOLOC
read -rp 'Enter the location of the iso: ' ISOLOC
if [[ -f $ISOLOC ]]; then if [[ -f $ISOLOC ]]; then
# Mounting the ISO image # Mounting the ISO image
mkdir -p /tmp/soagupdate mkdir -p /tmp/soagupdate

2
salt/kibana/files/saved_objects.ndjson
View File

@@ -460,7 +460,7 @@
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Sysmon - Logs","version":1},"id":"6d189680-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"3072c750-6d71-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"29611940-6d75-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHHk1sxQT5EBNmq43Y","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQyLDRd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Sysmon - Logs","version":1},"id":"6d189680-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"3072c750-6d71-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"29611940-6d75-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHHk1sxQT5EBNmq43Y","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQyLDRd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQzLDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQzLDRd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ0LDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ0LDRd"}
{"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion":"7.13.0","id":"7.13.0","migrationVersion":{"config":"7.12.0"},"references":[],"type":"config","updated_at":"2021-04-29T21:42:52.430Z","version":"WzY3NTUsM10="} {"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion":"7.13.1","id":"7.13.1","migrationVersion":{"config":"7.12.0"},"references":[],"type":"config","updated_at":"2021-04-29T21:42:52.430Z","version":"WzY3NTUsM10="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ2LDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ2LDRd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ3LDRd"} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"7.11.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ3LDRd"}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"z16.04 - Bro - Modbus","version":1},"id":"70c005f0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"178209e0-6e1b-11e7-b553-7f80727663c1","name":"panel_5","type":"visualization"},{"id":"AWDG_9KpxQT5EBNmq4Oo","name":"panel_6","type":"visualization"},{"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ4LDRd"} {"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"z16.04 - Bro - Modbus","version":1},"id":"70c005f0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.11.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"178209e0-6e1b-11e7-b553-7f80727663c1","name":"panel_5","type":"visualization"},{"id":"AWDG_9KpxQT5EBNmq4Oo","name":"panel_6","type":"visualization"},{"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2021-03-19T14:35:12.119Z","version":"WzcwMTQ4LDRd"}

12
salt/nginx/etc/nginx.conf
View File

@@ -175,8 +175,8 @@ http {
auth_request_set $userid $upstream_http_x_kratos_authenticated_identity_id; auth_request_set $userid $upstream_http_x_kratos_authenticated_identity_id;
proxy_set_header x-user-id $userid; proxy_set_header x-user-id $userid;
proxy_pass http://{{ manager_ip }}:9822/; proxy_pass http://{{ manager_ip }}:9822/;
proxy_read_timeout 90; proxy_read_timeout 300;
proxy_connect_timeout 90; proxy_connect_timeout 300;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -261,8 +261,8 @@ http {
auth_request /auth/sessions/whoami; auth_request /auth/sessions/whoami;
rewrite /kibana/(.*) /$1 break; rewrite /kibana/(.*) /$1 break;
proxy_pass http://{{ manager_ip }}:5601/; proxy_pass http://{{ manager_ip }}:5601/;
proxy_read_timeout 90; proxy_read_timeout 300;
proxy_connect_timeout 90; proxy_connect_timeout 300;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -341,8 +341,8 @@ http {
location /soctopus/ { location /soctopus/ {
proxy_pass http://{{ manager_ip }}:7000/; proxy_pass http://{{ manager_ip }}:7000/;
proxy_read_timeout 90; proxy_read_timeout 300;
proxy_connect_timeout 90; proxy_connect_timeout 300;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

3
salt/soc/files/soc/soc.json
View File

@@ -50,7 +50,8 @@
"username": "", "username": "",
"password": "", "password": "",
"cacheMs": {{ ES_FIELDCAPS_CACHE }}, "cacheMs": {{ ES_FIELDCAPS_CACHE }},
"verifyCert": false "verifyCert": false,
"timeoutMs": {{ API_TIMEOUT }}
}, },
"influxdb": { "influxdb": {
{%- if grains['role'] in ['so-import'] or (grains['role'] == 'so-eval' and GRAFANA == 0) %} {%- if grains['role'] in ['so-import'] or (grains['role'] == 'so-eval' and GRAFANA == 0) %}

3
setup/so-functions
View File

@@ -896,7 +896,8 @@ compare_main_nic_ip() {
This is not a supported configuration, please remediate and rerun setup. This is not a supported configuration, please remediate and rerun setup.
EOM EOM
[[ -n $TESTING ]] || whiptail --title "Security Onion Setup" --msgbox "$message" 10 75
[[ -n $TESTING ]] || whiptail --title "$whiptail_title" --msgbox "$message" 10 75
kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1 kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1
fi fi
else else

3
setup/so-setup
View File

@@ -108,11 +108,10 @@ catch() {
automated=no automated=no
progress() { progress() {
local title='Security Onion Setup'
local msg=${1:-'Please wait while installing...'} local msg=${1:-'Please wait while installing...'}
if [ $automated == no ]; then if [ $automated == no ]; then
whiptail --title "$title" --gauge "$msg" 6 70 0 # append to text whiptail --title "$whiptail_title" --gauge "$msg" 6 70 0 # append to text
else else
cat >> $setup_log 2>&1 cat >> $setup_log 2>&1
fi fi

3
setup/so-variables
View File

@@ -75,3 +75,6 @@ export net_init_file
ntp_string="0.pool.ntp.org,1.pool.ntp.org" ntp_string="0.pool.ntp.org,1.pool.ntp.org"
export ntp_string export ntp_string
whiptail_title="Security Onion Setup - $SOVERSION"
export whiptail_title

250
setup/so-whiptail
View File

@@ -22,7 +22,7 @@ whiptail_airgap() {
local node_str='node' local node_str='node'
[[ $is_manager || $is_import ]] && node_str='manager' [[ $is_manager || $is_import ]] && node_str='manager'
INTERWEBS=$(whiptail --title "Security Onion Setup - $SOVERSION" --menu \ INTERWEBS=$(whiptail --title "$whiptail_title" --menu \
"How should this $node_str be installed?" 10 60 2 \ "How should this $node_str be installed?" 10 60 2 \
"Standard " "This $node_str has internet accesss" \ "Standard " "This $node_str has internet accesss" \
"Airgap " "This $node_str does not have internet access" 3>&1 1>&2 2>&3 ) "Airgap " "This $node_str does not have internet access" 3>&1 1>&2 2>&3 )
@@ -42,7 +42,7 @@ whiptail_avoid_default_hostname() {
You can choose to use this default hostname anyway, or change it to a new hostname. You can choose to use this default hostname anyway, or change it to a new hostname.
EOM EOM
whiptail --title "Security Onion Setup - $SOVERSION" \ whiptail --title "$whiptail_title" \
--yesno "$message" 11 75 \ --yesno "$message" 11 75 \
--yes-button "Use Anyway" --no-button "Change" --defaultno --yes-button "Use Anyway" --no-button "Change" --defaultno
} }
@@ -51,7 +51,7 @@ whiptail_basic_suri() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
BASICSURI=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ BASICSURI=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the number of Suricata processes:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter the number of Suricata processes:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -63,7 +63,7 @@ whiptail_basic_zeek() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
BASICZEEK=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ BASICZEEK=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the number of Zeek processes:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter the number of Zeek processes:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -75,7 +75,7 @@ whiptail_bond_nics_mtu() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
# Set the MTU on the monitor interface # Set the MTU on the monitor interface
MTU=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ MTU=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the MTU for the monitor NICs:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter the MTU for the monitor NICs:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -84,7 +84,7 @@ whiptail_bond_nics_mtu() {
whiptail_cancel() { whiptail_cancel() {
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Cancelling Setup." 8 75 whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75
if [ -d "/root/installtmp" ]; then if [ -d "/root/installtmp" ]; then
{ {
echo "/root/installtmp exists"; echo "/root/installtmp exists";
@@ -104,7 +104,7 @@ whiptail_check_exitstatus() {
whiptail_cancel whiptail_cancel
;; ;;
255) 255)
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75 whiptail --title "$whiptail_title" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75
exit exit
;; ;;
esac esac
@@ -114,14 +114,14 @@ whiptail_components_adv_warning() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75 whiptail --title "$whiptail_title" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75
} }
whiptail_create_admin_user() { whiptail_create_admin_user() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \ ADMINUSER=$(whiptail --title "$whiptail_title" --inputbox \
"Please enter a username for a new system admin user: \nThe local onion account will be disabled during this install" 10 60 "$1" 3>&1 1>&2 2>&3) "Please enter a username for a new system admin user: \nThe local onion account will be disabled during this install" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -132,7 +132,7 @@ whiptail_create_admin_user_password1() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
ADMINPASS1=$(whiptail --title "Security Onion Install" --passwordbox \ ADMINPASS1=$(whiptail --title "$whiptail_title" --passwordbox \
"Enter a password for $ADMINUSER:" 10 60 3>&1 1>&2 2>&3) "Enter a password for $ADMINUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -143,7 +143,7 @@ whiptail_create_admin_user_password2() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
ADMINPASS2=$(whiptail --title "Security Onion Install" --passwordbox \ ADMINPASS2=$(whiptail --title "$whiptail_title" --passwordbox \
"Re-enter a password for $ADMINUSER:" 10 60 3>&1 1>&2 2>&3) "Re-enter a password for $ADMINUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -155,7 +155,7 @@ whiptail_create_fleet_node_user() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
FLEETNODEUSER=$(whiptail --title "Security Onion Install" --inputbox \ FLEETNODEUSER=$(whiptail --title "$whiptail_title" --inputbox \
"Please enter an email for use as the username for the Fleet admin user:" 10 60 "$1" 3>&1 1>&2 2>&3) "Please enter an email for use as the username for the Fleet admin user:" 10 60 "$1" 3>&1 1>&2 2>&3)
} }
@@ -164,7 +164,7 @@ whiptail_create_fleet_node_user_password1() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
FLEETNODEPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \ FLEETNODEPASSWD1=$(whiptail --title "$whiptail_title" --passwordbox \
"Enter a password for $FLEETNODEUSER:" 10 60 3>&1 1>&2 2>&3) "Enter a password for $FLEETNODEUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -175,7 +175,7 @@ whiptail_create_fleet_node_user_password2() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
FLEETNODEPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \ FLEETNODEPASSWD2=$(whiptail --title "$whiptail_title" --passwordbox \
"Re-enter a password for $FLEETNODEUSER:" 10 60 3>&1 1>&2 2>&3) "Re-enter a password for $FLEETNODEUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -187,7 +187,7 @@ whiptail_create_soremote_user() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75 whiptail --title "$whiptail_title" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75
} }
@@ -195,7 +195,7 @@ whiptail_create_soremote_user_password1() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
SOREMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \ SOREMOTEPASS1=$(whiptail --title "$whiptail_title" --passwordbox \
"Enter a password for user soremote:" 10 75 3>&1 1>&2 2>&3) "Enter a password for user soremote:" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -207,7 +207,7 @@ whiptail_create_soremote_user_password2() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
SOREMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \ SOREMOTEPASS2=$(whiptail --title "$whiptail_title" --passwordbox \
"Re-enter a password for user soremote:" 10 75 3>&1 1>&2 2>&3) "Re-enter a password for user soremote:" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -219,7 +219,7 @@ whiptail_create_web_user() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \ WEBUSER=$(whiptail --title "$whiptail_title" --inputbox \
"Please enter an email address to create an administrator account for the web interface.\n\nThis will also be used for TheHive, Cortex, and Fleet." 12 60 "$1" 3>&1 1>&2 2>&3) "Please enter an email address to create an administrator account for the web interface.\n\nThis will also be used for TheHive, Cortex, and Fleet." 12 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -230,7 +230,7 @@ whiptail_create_web_user_password1() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
WEBPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \ WEBPASSWD1=$(whiptail --title "$whiptail_title" --passwordbox \
"Enter a password for $WEBUSER:" 10 60 3>&1 1>&2 2>&3) "Enter a password for $WEBUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -241,7 +241,7 @@ whiptail_create_web_user_password2() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
WEBPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \ WEBPASSWD2=$(whiptail --title "$whiptail_title" --passwordbox \
"Re-enter a password for $WEBUSER:" 10 60 3>&1 1>&2 2>&3) "Re-enter a password for $WEBUSER:" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -258,11 +258,11 @@ whiptail_requirements_error() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
if [[ $(echo "$requirement_needed" | tr '[:upper:]' '[:lower:]') == 'nics' ]]; then if [[ $(echo "$requirement_needed" | tr '[:upper:]' '[:lower:]') == 'nics' ]]; then
whiptail --title "Security Onion Setup - $SOVERSION" \ whiptail --title "$whiptail_title" \
--msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select OK to exit setup and reconfigure the machine." 10 75 --msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select OK to exit setup and reconfigure the machine." 10 75
# Same as whiptail_cancel, but changed the wording to exit instead of cancel. # Same as whiptail_cancel, but changed the wording to exit instead of cancel.
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Exiting Setup. No changes have been made." 8 75 whiptail --title "$whiptail_title" --msgbox "Exiting Setup. No changes have been made." 8 75
if [ -d "/root/installtmp" ]; then if [ -d "/root/installtmp" ]; then
{ {
echo "/root/installtmp exists"; echo "/root/installtmp exists";
@@ -272,7 +272,7 @@ whiptail_requirements_error() {
fi fi
exit exit
else else
whiptail --title "Security Onion Setup - $SOVERSION" \ whiptail --title "$whiptail_title" \
--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select YES to continue anyway, or select NO to cancel." 10 75 --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select YES to continue anyway, or select NO to cancel." 10 75
local exitstatus=$? local exitstatus=$?
@@ -298,7 +298,7 @@ whiptail_storage_requirements() {
EOM EOM
whiptail \ whiptail \
--title "Security Onion Setup - $SOVERSION" \ --title "$whiptail_title" \
--yesno "$message" \ --yesno "$message" \
14 75 14 75
@@ -310,7 +310,7 @@ whiptail_cur_close_days() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
CURCLOSEDAYS=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ CURCLOSEDAYS=$(whiptail --title "$whiptail_title" --inputbox \
"Please specify the threshold (in days) at which Elasticsearch indices will be closed:" 10 75 "$1" 3>&1 1>&2 2>&3) "Please specify the threshold (in days) at which Elasticsearch indices will be closed:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -322,7 +322,7 @@ whiptail_dhcp_or_static() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
address_type=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ address_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose how to set up your management interface:" 20 78 4 \ "Choose how to set up your management interface:" 20 78 4 \
"STATIC" "Set a static IPv4 address" ON \ "STATIC" "Set a static IPv4 address" ON \
"DHCP" "Use DHCP to configure the Management Interface" OFF 3>&1 1>&2 2>&3 ) "DHCP" "Use DHCP to configure the Management Interface" OFF 3>&1 1>&2 2>&3 )
@@ -355,7 +355,7 @@ whiptail_dhcp_warn() {
EOM EOM
whiptail \ whiptail \
--title "Security Onion Setup - $SOVERSION" \ --title "$whiptail_title" \
--"$window_type" "$dhcp_message" \ --"$window_type" "$dhcp_message" \
14 75 14 75
@@ -366,7 +366,7 @@ whiptail_dhcp_warn() {
whiptail_dhcp_or_static whiptail_dhcp_or_static
;; ;;
255) 255)
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75 whiptail --title "$whiptail_title" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75
exit exit
;; ;;
esac esac
@@ -380,7 +380,7 @@ whiptail_dockernet_check(){
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --yesno \ whiptail --title "$whiptail_title" --yesno \
"Do you want to keep the default Docker IP range?\n\nIf you are unsure, please accept the default option of Yes." 10 75 "Do you want to keep the default Docker IP range?\n\nIf you are unsure, please accept the default option of Yes." 10 75
} }
@@ -389,7 +389,7 @@ whiptail_dockernet_net() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
DOCKERNET=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ DOCKERNET=$(whiptail --title "$whiptail_title" --inputbox \
"\nEnter a /24 size network range for docker to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3) "\nEnter a /24 size network range for docker to use WITHOUT the /24 suffix. This range will be used on ALL nodes." 11 65 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -409,7 +409,7 @@ whiptail_enable_components() {
STRELKA=0 STRELKA=0
if [[ $is_eval ]]; then if [[ $is_eval ]]; then
COMPONENTS=$(whiptail --title "Security Onion Setup - $SOVERSION" --checklist \ COMPONENTS=$(whiptail --title "$whiptail_title" --checklist \
"Select Components to install:" 20 75 8 \ "Select Components to install:" 20 75 8 \
GRAFANA "Enable Grafana for system monitoring" ON \ GRAFANA "Enable Grafana for system monitoring" ON \
OSQUERY "Enable Fleet with osquery" ON \ OSQUERY "Enable Fleet with osquery" ON \
@@ -418,7 +418,7 @@ if [[ $is_eval ]]; then
PLAYBOOK "Enable Playbook" ON \ PLAYBOOK "Enable Playbook" ON \
STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3) STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3)
else else
COMPONENTS=$(whiptail --title "Security Onion Setup - $SOVERSION" --checklist \ COMPONENTS=$(whiptail --title "$whiptail_title" --checklist \
"Select Components to install:" 20 75 7 \ "Select Components to install:" 20 75 7 \
OSQUERY "Enable Fleet with osquery" ON \ OSQUERY "Enable Fleet with osquery" ON \
WAZUH "Enable Wazuh" ON \ WAZUH "Enable Wazuh" ON \
@@ -658,7 +658,7 @@ whiptail_eval_adv() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
EVALADVANCED=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ EVALADVANCED=$(whiptail --title "$whiptail_title" --radiolist \
"Choose your eval install:" 20 75 4 \ "Choose your eval install:" 20 75 4 \
"BASIC" "Install basic components for evaluation" ON \ "BASIC" "Install basic components for evaluation" ON \
"ADVANCED" "Choose additional components to be installed" OFF 3>&1 1>&2 2>&3 ) "ADVANCED" "Choose additional components to be installed" OFF 3>&1 1>&2 2>&3 )
@@ -671,7 +671,7 @@ whiptail_fleet_custom_hostname() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
FLEETCUSTOMHOSTNAME=$(whiptail --title "Security Onion Install" --inputbox \ FLEETCUSTOMHOSTNAME=$(whiptail --title "$whiptail_title" --inputbox \
"What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 "$1" 3>&1 1>&2 2>&3) "What FQDN should osquery clients use for connections to this Fleet node? Leave blank if the local system hostname will be used." 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -685,7 +685,7 @@ whiptail_gauge_post_setup() {
else else
local msg=$1 local msg=$1
whiptail --title "Security Onion Setup - $SOVERSION" --gauge "$msg" 6 60 96 whiptail --title "$whiptail_title" --gauge "$msg" 6 60 96
fi fi
} }
@@ -693,7 +693,7 @@ whiptail_helix_apikey() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
HELIXAPIKEY=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ HELIXAPIKEY=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your Helix API Key: \n \nThis can be set later using so-helix-apikey" 10 75 3>&1 1>&2 2>&3) "Enter your Helix API Key: \n \nThis can be set later using so-helix-apikey" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -707,7 +707,7 @@ whiptail_homenet_manager() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
HNMANAGER=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ HNMANAGER=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -719,13 +719,13 @@ whiptail_homenet_sensor_inherit() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
# Ask to inherit from manager # Ask to inherit from manager
whiptail --title "Security Onion Setup - $SOVERSION" --yesno "Do you want to inherit the HOME_NET from the Manager?" 8 75 whiptail --title "$whiptail_title" --yesno "Do you want to inherit the HOME_NET from the Manager?" 8 75
} }
whiptail_homenet_sensor() { whiptail_homenet_sensor() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
HNSENSOR=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ HNSENSOR=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter your home network(s), separating CIDR blocks with a comma (,):" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -738,7 +738,7 @@ whiptail_install_type() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
# What kind of install are we doing? # What kind of install are we doing?
install_type=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ install_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose install type:" 12 65 5 \ "Choose install type:" 12 65 5 \
"EVAL" "Evaluation mode (not for production) " ON \ "EVAL" "Evaluation mode (not for production) " ON \
"STANDALONE" "Standalone production install " OFF \ "STANDALONE" "Standalone production install " OFF \
@@ -764,7 +764,7 @@ whiptail_install_type_dist() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
install_type=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ install_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose distributed node type:" 13 60 6 \ "Choose distributed node type:" 13 60 6 \
"MANAGER" "Start a new grid " ON \ "MANAGER" "Start a new grid " ON \
"SENSOR" "Create a forward only sensor " OFF \ "SENSOR" "Create a forward only sensor " OFF \
@@ -792,14 +792,14 @@ whiptail_install_type_other() {
# so-analyst-install will only work with a working network connection # so-analyst-install will only work with a working network connection
# so only show it on network installs for now # so only show it on network installs for now
if [[ $setup_type == 'network' ]]; then if [[ $setup_type == 'network' ]]; then
install_type=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ install_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose distributed node type:" 9 65 2 \ "Choose distributed node type:" 9 65 2 \
"ANALYST" "Quit setup and run so-analyst-install " ON \ "ANALYST" "Quit setup and run so-analyst-install " ON \
"HELIXSENSOR" "Create a Helix sensor " OFF \ "HELIXSENSOR" "Create a Helix sensor " OFF \
3>&1 1>&2 2>&3 3>&1 1>&2 2>&3
) )
else else
install_type=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ install_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose distributed node type:" 8 65 1 \ "Choose distributed node type:" 8 65 1 \
"HELIXSENSOR" "Create a Helix sensor " ON \ "HELIXSENSOR" "Create a Helix sensor " ON \
3>&1 1>&2 2>&3 3>&1 1>&2 2>&3
@@ -815,7 +815,7 @@ whiptail_install_type_other() {
whiptail_invalid_input() { # TODO: This should accept a list of arguments to specify what general pattern the input should follow whiptail_invalid_input() { # TODO: This should accept a list of arguments to specify what general pattern the input should follow
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox " Invalid input, please try again." 7 40 whiptail --title "$whiptail_title" --msgbox " Invalid input, please try again." 7 40
} }
@@ -829,13 +829,13 @@ whiptail_invalid_proxy() {
Error was: ${proxy_test_err} Error was: ${proxy_test_err}
EOM EOM
whiptail --title "Security Onion Setup - $SOVERSION" --yesno "$message" --yes-button "Enter Again" --no-button "Skip" 11 60 whiptail --title "$whiptail_title" --yesno "$message" --yes-button "Enter Again" --no-button "Skip" 11 60
} }
whiptail_invalid_string() { whiptail_invalid_string() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Invalid input, please try again.\n\nThe $1 cannot contain spaces." 9 45 whiptail --title "$whiptail_title" --msgbox "Invalid input, please try again.\n\nThe $1 cannot contain spaces." 9 45
} }
@@ -843,21 +843,21 @@ whiptail_invalid_pass_characters_warning() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75 whiptail --title "$whiptail_title" --msgbox "Password is invalid. Please exclude single quotes, double quotes and backslashes from the password." 8 75
} }
whiptail_invalid_pass_warning() { whiptail_invalid_pass_warning() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Please choose a more secure password." 8 75 whiptail --title "$whiptail_title" --msgbox "Please choose a more secure password." 8 75
} }
whiptail_invalid_user_warning() { whiptail_invalid_user_warning() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Please enter a valid email address." 8 75 whiptail --title "$whiptail_title" --msgbox "Please enter a valid email address." 8 75
} }
whiptail_invalid_hostname() { whiptail_invalid_hostname() {
@@ -868,7 +868,7 @@ whiptail_invalid_hostname() {
the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \ the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \
and hyphen ('-')" | tr -d '\t') and hyphen ('-')" | tr -d '\t')
whiptail --title "Security Onion Setup - $SOVERSION" \ whiptail --title "$whiptail_title" \
--msgbox "$error_message" 10 75 --msgbox "$error_message" 10 75
} }
@@ -891,7 +891,7 @@ whiptail_log_size_limit() {
By default, this is set to ${percentage}% of the disk space allotted for /nsm. By default, this is set to ${percentage}% of the disk space allotted for /nsm.
EOM EOM
log_size_limit=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox "$message" 11 75 "$1" 3>&1 1>&2 2>&3) log_size_limit=$(whiptail --title "$whiptail_title" --inputbox "$message" 11 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -901,7 +901,7 @@ whiptail_log_size_limit() {
whiptail_first_menu_iso() { whiptail_first_menu_iso() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
option=$(whiptail --title "Security Onion Setup - $SOVERSION" --menu "Select an option" 10 75 2 \ option=$(whiptail --title "$whiptail_title" --menu "Select an option" 10 75 2 \
"Install " "Run the standard Security Onion installation " \ "Install " "Run the standard Security Onion installation " \
"Configure Network " "Configure networking only " \ "Configure Network " "Configure networking only " \
3>&1 1>&2 2>&3 3>&1 1>&2 2>&3
@@ -915,7 +915,7 @@ whiptail_make_changes() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75 whiptail --title "$whiptail_title" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -926,7 +926,7 @@ whiptail_management_interface_dns() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
MDNS=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ MDNS=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your DNS servers separated by commas:" 10 60 "$1" 3>&1 1>&2 2>&3) "Enter your DNS servers separated by commas:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -938,7 +938,7 @@ whiptail_management_interface_dns_search() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
MSEARCH=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ MSEARCH=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your DNS search domain:" 10 60 "$1" 3>&1 1>&2 2>&3) "Enter your DNS search domain:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -949,7 +949,7 @@ whiptail_management_interface_gateway() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
MGATEWAY=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ MGATEWAY=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your gateway's IPv4 address:" 10 60 "$1" 3>&1 1>&2 2>&3) "Enter your gateway's IPv4 address:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -959,7 +959,7 @@ whiptail_management_interface_gateway() {
whiptail_management_interface_ip_mask() { whiptail_management_interface_ip_mask() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
manager_ip_mask=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ manager_ip_mask=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your IPv4 address with CIDR mask (e.g. 192.168.1.2/24):" 10 60 "$1" 3>&1 1>&2 2>&3) "Enter your IPv4 address with CIDR mask (e.g. 192.168.1.2/24):" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -970,7 +970,7 @@ whiptail_management_interface_ip() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
MIP=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ MIP=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your IP address:" 10 60 X.X.X.X 3>&1 1>&2 2>&3) "Enter your IP address:" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -981,7 +981,7 @@ whiptail_management_interface_mask() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
MMASK=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ MMASK=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the bit mask for your subnet:" 10 60 24 3>&1 1>&2 2>&3) "Enter the bit mask for your subnet:" 10 60 24 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -994,13 +994,13 @@ whiptail_management_nic() {
filter_unused_nics filter_unused_nics
MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC:" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) MNIC=$(whiptail --title "$whiptail_title" --radiolist "Please select your management NIC:" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
while [ -z "$MNIC" ] while [ -z "$MNIC" ]
do do
MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC:" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) MNIC=$(whiptail --title "$whiptail_title" --radiolist "Please select your management NIC:" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
done done
@@ -1060,7 +1060,7 @@ whiptail_net_method() {
local option_count=$(( ${#options[@]} / 2 )) local option_count=$(( ${#options[@]} / 2 ))
network_traffic=$(whiptail --title "Security Onion Setup - $SOVERSION" --menu "$msg" $height 75 $option_count "${options[@]}" 3>&1 1>&2 2>&3) network_traffic=$(whiptail --title "$whiptail_title" --menu "$msg" $height 75 $option_count "${options[@]}" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -1071,7 +1071,7 @@ whiptail_net_method() {
whiptail_net_setup_complete() { whiptail_net_setup_complete() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" \ whiptail --title "$whiptail_title" \
--msgbox "Successfully set up networking, setup will now exit." 7 75 --msgbox "Successfully set up networking, setup will now exit." 7 75
exit 0 exit 0
} }
@@ -1085,7 +1085,7 @@ whiptail_network_init_notice() {
Select OK to continue. Select OK to continue.
EOM EOM
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "$message" 9 75 whiptail --title "$whiptail_title" --msgbox "$message" 9 75
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
} }
@@ -1094,7 +1094,7 @@ whiptail_management_server() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
MSRV=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ MSRV=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your Manager Server hostname: \nIt is CASE SENSITIVE!" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter your Manager Server hostname: \nIt is CASE SENSITIVE!" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1105,7 +1105,7 @@ whiptail_management_server() {
whiptail_manager_ip() { whiptail_manager_ip() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
MSRVIP=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ MSRVIP=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your Manager Server IP Address:" 10 60 "$1" 3>&1 1>&2 2>&3) "Enter your Manager Server IP Address:" 10 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1117,7 +1117,7 @@ whiptail_manager_adv() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
MANAGERADV=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ MANAGERADV=$(whiptail --title "$whiptail_title" --radiolist \
"Choose which type of manager to install:" 20 75 4 \ "Choose which type of manager to install:" 20 75 4 \
"BASIC" "Install manager with recommended settings" ON \ "BASIC" "Install manager with recommended settings" ON \
"ADVANCED" "Do additional configuration to the manager" OFF 3>&1 1>&2 2>&3 ) "ADVANCED" "Do additional configuration to the manager" OFF 3>&1 1>&2 2>&3 )
@@ -1132,7 +1132,7 @@ whiptail_manager_adv_escluster(){
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --yesno \ whiptail --title "$whiptail_title" --yesno \
"Do you want to set up a traditional ES cluster for using replicas and/or Hot-Warm indices? Recommended only for those who have experience with ES clustering! " 12 75 "Do you want to set up a traditional ES cluster for using replicas and/or Hot-Warm indices? Recommended only for those who have experience with ES clustering! " 12 75
} }
@@ -1142,7 +1142,7 @@ whiptail_manager_adv_escluster_name(){
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
ESCLUSTERNAME=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ ESCLUSTERNAME=$(whiptail --title "$whiptail_title" --inputbox \
"Enter a name for your ES cluster!" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter a name for your ES cluster!" 10 75 "$1" 3>&1 1>&2 2>&3)
} }
@@ -1151,7 +1151,7 @@ whiptail_manager_adv_service_zeeklogs() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
BLOGS=$(whiptail --title "Security Onion Setup - $SOVERSION" --checklist "Please select logs to send:" 24 75 12 \ BLOGS=$(whiptail --title "$whiptail_title" --checklist "Please select logs to send:" 24 75 12 \
"conn" "Connection Logging" ON \ "conn" "Connection Logging" ON \
"dce_rpc" "RPC Logs" ON \ "dce_rpc" "RPC Logs" ON \
"dhcp" "DHCP Logs" ON \ "dhcp" "DHCP Logs" ON \
@@ -1207,13 +1207,13 @@ whiptail_manager_error() {
Would you like to continue anyway? Would you like to continue anyway?
EOM EOM
whiptail --title "Security Onion Setup - $SOVERSION" --yesno "$msg" 13 75 || whiptail_check_exitstatus 1 whiptail --title "$whiptail_title" --yesno "$msg" 13 75 || whiptail_check_exitstatus 1
} }
whiptail_manager_updates_warning() { whiptail_manager_updates_warning() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION"\ whiptail --title "$whiptail_title"\
--msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\ --msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\
8 75 8 75
@@ -1224,7 +1224,7 @@ whiptail_manager_updates_warning() {
whiptail_manager_unreachable() { whiptail_manager_unreachable() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Setup cannot determine if $1 is listening on port 22. Please check the address entered and try again." 7 75 whiptail --title "$whiptail_title" --msgbox "Setup cannot determine if $1 is listening on port 22. Please check the address entered and try again." 7 75
} }
whiptail_metadata_tool() { whiptail_metadata_tool() {
@@ -1242,7 +1242,7 @@ whiptail_metadata_tool() {
EOM EOM
# Legacy variable naming # Legacy variable naming
ZEEKVERSION=$(whiptail --title "Security Onion Setup - $SOVERSION" --menu "$message" 20 75 2 \ ZEEKVERSION=$(whiptail --title "$whiptail_title" --menu "$message" 20 75 2 \
"Zeek " "Use Zeek (Bro) for metadata and Suricata for NIDS alerts" \ "Zeek " "Use Zeek (Bro) for metadata and Suricata for NIDS alerts" \
"Suricata " "Use Suricata for both metadata and NIDS alerts" 3>&1 1>&2 2>&3) "Suricata " "Use Suricata for both metadata and NIDS alerts" 3>&1 1>&2 2>&3)
@@ -1256,7 +1256,7 @@ whiptail_nids() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
NIDS=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ NIDS=$(whiptail --title "$whiptail_title" --radiolist \
"Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \ "Choose which IDS to run: \n\n(Snort 3.0 support will be added once it is out of beta.)" 25 75 4 \
"Suricata" "Suricata" ON \ "Suricata" "Suricata" ON \
"Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 ) "Snort" "Placeholder for Snort 3.0 " OFF 3>&1 1>&2 2>&3 )
@@ -1270,7 +1270,7 @@ whiptail_network_notice() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Select YES to continue." 8 75 whiptail --title "$whiptail_title" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Select YES to continue." 8 75
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -1280,14 +1280,14 @@ whiptail_network_notice() {
whiptail_net_reinit() { whiptail_net_reinit() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --yesno "The management interface has already been configured. Do you want to reconfigure it?" 8 75 whiptail --title "$whiptail_title" --yesno "The management interface has already been configured. Do you want to reconfigure it?" 8 75
} }
whiptail_node_advanced() { whiptail_node_advanced() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
NODESETUP=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ NODESETUP=$(whiptail --title "$whiptail_title" --radiolist \
"What type of config would you like to use?:" 20 75 4 \ "What type of config would you like to use?:" 20 75 4 \
"NODEBASIC" "Install Search Node with recommended settings" ON \ "NODEBASIC" "Install Search Node with recommended settings" ON \
"NODEADVANCED" "Advanced Node Setup" OFF 3>&1 1>&2 2>&3 ) "NODEADVANCED" "Advanced Node Setup" OFF 3>&1 1>&2 2>&3 )
@@ -1300,7 +1300,7 @@ whiptail_node_advanced() {
whiptail_node_description() { whiptail_node_description() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
NODE_DESCRIPTION=$(whiptail --title "Security Onion Setup - $SOVERSION" \ NODE_DESCRIPTION=$(whiptail --title "$whiptail_title" \
--inputbox "Enter a short description for the node or press ENTER to leave blank:" 10 75 3>&1 1>&2 2>&3) --inputbox "Enter a short description for the node or press ENTER to leave blank:" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1311,7 +1311,7 @@ whiptail_node_es_heap() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ NODE_ES_HEAP_SIZE=$(whiptail --title "$whiptail_title" --inputbox \
"Enter ES heap size:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter ES heap size:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1323,7 +1323,7 @@ whiptail_node_ls_heap() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ NODE_LS_HEAP_SIZE=$(whiptail --title "$whiptail_title" --inputbox \
"Enter Logstash heap size:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter Logstash heap size:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1335,7 +1335,7 @@ whiptail_node_ls_input_threads() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
LSINPUTTHREADS=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ LSINPUTTHREADS=$(whiptail --title "$whiptail_title" --inputbox \
"Enter number of Logstash input threads:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter number of Logstash input threads:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1348,7 +1348,7 @@ whiptail_node_ls_pipline_batchsize() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ LSPIPELINEBATCH=$(whiptail --title "$whiptail_title" --inputbox \
"Enter Logstash pipeline batch size:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter Logstash pipeline batch size:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1360,7 +1360,7 @@ whiptail_node_ls_pipeline_worker() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ LSPIPELINEWORKERS=$(whiptail --title "$whiptail_title" --inputbox \
"Enter number of Logstash pipeline workers:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter number of Logstash pipeline workers:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1371,13 +1371,13 @@ whiptail_node_ls_pipeline_worker() {
whiptail_ntp_ask() { whiptail_ntp_ask() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --yesno "Would you like to configure ntp servers?" 7 44 whiptail --title "$whiptail_title" --yesno "Would you like to configure ntp servers?" 7 44
} }
whiptail_ntp_servers() { whiptail_ntp_servers() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
ntp_string=$(whiptail --title "Security Onion Setup - $SOVERSION" \ ntp_string=$(whiptail --title "$whiptail_title" \
--inputbox "Input the NTP server(s) you would like to use, separated by commas:" 8 75 "$1" 3>&1 1>&2 2>&3) --inputbox "Input the NTP server(s) you would like to use, separated by commas:" 8 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1388,7 +1388,7 @@ whiptail_oinkcode() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
OINKCODE=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ OINKCODE=$(whiptail --title "$whiptail_title" --inputbox \
"Enter your ET Pro or oinkcode:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter your ET Pro or oinkcode:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1401,7 +1401,7 @@ whiptail_oinkcode() {
whiptail_passwords_dont_match() { whiptail_passwords_dont_match() {
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "Passwords don't match. Please re-enter." 8 75 whiptail --title "$whiptail_title" --msgbox "Passwords don't match. Please re-enter." 8 75
} }
@@ -1409,7 +1409,7 @@ whiptail_patch_name_new_schedule() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ PATCHSCHEDULENAME=$(whiptail --title "$whiptail_title" --inputbox \
"What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 "$1" 3>&1 1>&2 2>&3) "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1420,7 +1420,7 @@ whiptail_patch_schedule() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
patch_schedule=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ patch_schedule=$(whiptail --title "$whiptail_title" --radiolist \
"Choose OS patch schedule.\n\nThis schedule will update the operating system packages but will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 20 75 5 \ "Choose OS patch schedule.\n\nThis schedule will update the operating system packages but will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 20 75 5 \
"Automatic" "Updates installed every 8 hours if available" ON \ "Automatic" "Updates installed every 8 hours if available" ON \
"Manual" "Updates will be installed manually" OFF \ "Manual" "Updates will be installed manually" OFF \
@@ -1436,7 +1436,7 @@ whiptail_patch_schedule_import() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
unset PATCHSCHEDULENAME unset PATCHSCHEDULENAME
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ PATCHSCHEDULENAME=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the name of the OS patch schedule you want to inherit. \nAvailable schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter the name of the OS patch schedule you want to inherit. \nAvailable schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1448,7 +1448,7 @@ whiptail_patch_schedule_select_days() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
# Select the days to patch # Select the days to patch
PATCHSCHEDULEDAYS=$(whiptail --title "Security Onion Setup - $SOVERSION" --checklist \ PATCHSCHEDULEDAYS=$(whiptail --title "$whiptail_title" --checklist \
"Which days do you want to apply OS patches?" 15 75 8 \ "Which days do you want to apply OS patches?" 15 75 8 \
Monday "" OFF \ Monday "" OFF \
Tuesday "" ON \ Tuesday "" ON \
@@ -1472,7 +1472,7 @@ whiptail_patch_schedule_select_hours() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
# Select the hours to patch # Select the hours to patch
PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup - $SOVERSION" --checklist \ PATCHSCHEDULEHOURS=$(whiptail --title "$whiptail_title" --checklist \
"At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \ "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \
00:00 "" OFF \ 00:00 "" OFF \
01:00 "" OFF \ 01:00 "" OFF \
@@ -1513,7 +1513,7 @@ whiptail_proxy_ask() {
local pkg_mngr local pkg_mngr
if [[ $OS = 'centos' ]]; then pkg_mngr="yum"; else pkg_mngr='apt'; fi if [[ $OS = 'centos' ]]; then pkg_mngr="yum"; else pkg_mngr='apt'; fi
whiptail --title "Security Onion Setup - $SOVERSION" --yesno "Do you want to proxy the traffic for git, docker client, wget, curl, ${pkg_mngr}, and various other SO components through a separate server in your environment?" 9 65 --defaultno whiptail --title "$whiptail_title" --yesno "Do you want to proxy the traffic for git, docker client, wget, curl, ${pkg_mngr}, and various other SO components through a separate server in your environment?" 9 65 --defaultno
} }
whiptail_proxy_addr() { whiptail_proxy_addr() {
@@ -1526,7 +1526,7 @@ whiptail_proxy_addr() {
If your proxy requires a username and password do not include them in your input. Setup will ask for those values next. If your proxy requires a username and password do not include them in your input. Setup will ask for those values next.
EOM EOM
proxy_addr=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox "$message" 13 60 "$1" 3>&1 1>&2 2>&3) proxy_addr=$(whiptail --title "$whiptail_title" --inputbox "$message" 13 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -1535,13 +1535,13 @@ whiptail_proxy_addr() {
whiptail_proxy_auth_ask() { whiptail_proxy_auth_ask() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --yesno "Does your proxy require authentication?" 7 60 whiptail --title "$whiptail_title" --yesno "Does your proxy require authentication?" 7 60
} }
whiptail_proxy_auth_user() { whiptail_proxy_auth_user() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
proxy_user=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox "Please input the proxy user:" 8 60 "$1" 3>&1 1>&2 2>&3) proxy_user=$(whiptail --title "$whiptail_title" --inputbox "Please input the proxy user:" 8 60 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -1552,7 +1552,7 @@ whiptail_proxy_auth_pass() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
proxy_pass=$(whiptail --title "Security Onion Setup - $SOVERSION" --passwordbox "Please input the proxy password:" 8 60 3>&1 1>&2 2>&3) proxy_pass=$(whiptail --title "$whiptail_title" --passwordbox "Please input the proxy password:" 8 60 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -1566,7 +1566,7 @@ whiptail_requirements_error() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" \ whiptail --title "$whiptail_title" \
--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75
local exitstatus=$? local exitstatus=$?
@@ -1578,7 +1578,7 @@ whiptail_rule_setup() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
# Get pulled pork info # Get pulled pork info
RULESETUP=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ RULESETUP=$(whiptail --title "$whiptail_title" --radiolist \
"Which IDS ruleset would you like to use?\n\nThis manager server is responsible for downloading the IDS ruleset from the Internet.\n\nSensors then pull a copy of this ruleset from the manager server.\n\nIf you select a commercial ruleset, it is your responsibility to purchase enough licenses for all of your sensors in compliance with your vendor's policies." 20 75 4 \ "Which IDS ruleset would you like to use?\n\nThis manager server is responsible for downloading the IDS ruleset from the Internet.\n\nSensors then pull a copy of this ruleset from the manager server.\n\nIf you select a commercial ruleset, it is your responsibility to purchase enough licenses for all of your sensors in compliance with your vendor's policies." 20 75 4 \
"ETOPEN" "Emerging Threats Open" ON \ "ETOPEN" "Emerging Threats Open" ON \
"ETPRO" "Emerging Threats PRO" OFF \ "ETPRO" "Emerging Threats PRO" OFF \
@@ -1594,7 +1594,7 @@ whiptail_sensor_config() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
NSMSETUP=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ NSMSETUP=$(whiptail --title "$whiptail_title" --radiolist \
"What type of configuration would you like to use?" 20 75 4 \ "What type of configuration would you like to use?" 20 75 4 \
"BASIC" "Install NSM components with recommended settings" ON \ "BASIC" "Install NSM components with recommended settings" ON \
"ADVANCED" "Configure each component individually" OFF 3>&1 1>&2 2>&3 ) "ADVANCED" "Configure each component individually" OFF 3>&1 1>&2 2>&3 )
@@ -1618,13 +1618,13 @@ whiptail_sensor_nics() {
local list_type="checklist" local list_type="checklist"
fi fi
BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3) BNICS=$(whiptail --title "$whiptail_title" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
while [ -z "$BNICS" ] while [ -z "$BNICS" ]
do do
BNICS=$(whiptail --title "NIC Setup" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) BNICS=$(whiptail --title "$whiptail_title" --$list_type "$menu_text" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
done done
@@ -1634,13 +1634,15 @@ whiptail_sensor_nics() {
IFS=' ' read -ra BNICS <<< "$BNICS" IFS=' ' read -ra BNICS <<< "$BNICS"
for bond_nic in "${BNICS[@]}"; do for bond_nic in "${BNICS[@]}"; do
if [[ "${nmcli_dev_status_list}" =~ $bond_nic\:unmanaged ]]; then for dev_status in "${nmcli_dev_status_list[@]}"; do
whiptail \ if [[ $dev_status == "${bond_nic}:unmanaged" ]]; then
--title "Security Onion Setup - $SOVERSION" \ whiptail \
--msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \ --title "$whiptail_title" \
8 75 --msgbox "$bond_nic is unmanaged by Network Manager. Please remove it from other network management tools then re-run setup." \
exit 8 75
fi exit
fi
done
done done
} }
@@ -1648,7 +1650,7 @@ whiptail_set_hostname() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
HOSTNAME=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ HOSTNAME=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the hostname (not FQDN) you would like to set:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter the hostname (not FQDN) you would like to set:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1659,7 +1661,7 @@ whiptail_set_redirect() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
REDIRECTINFO=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ REDIRECTINFO=$(whiptail --title "$whiptail_title" --radiolist \
"How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \ "How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \
"IP" "Use IP address to access the web interface" ON \ "IP" "Use IP address to access the web interface" ON \
"HOSTNAME" "Use hostname to access the web interface" OFF \ "HOSTNAME" "Use hostname to access the web interface" OFF \
@@ -1672,7 +1674,7 @@ whiptail_set_redirect_host() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
REDIRECTHOST=$(whiptail --title "Security Onion Setup - $SOVERSION" --inputbox \ REDIRECTHOST=$(whiptail --title "$whiptail_title" --inputbox \
"Enter the Hostname, IP, or FQDN you would like to use for the web interface:" 10 75 "$1" 3>&1 1>&2 2>&3) "Enter the Hostname, IP, or FQDN you would like to use for the web interface:" 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -1700,7 +1702,7 @@ whiptail_setup_complete() {
Press ENTER to reboot. Press ENTER to reboot.
EOM EOM
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "$message" 12 75 whiptail --title "$whiptail_title" --msgbox "$message" 12 75
} }
whiptail_setup_failed() { whiptail_setup_failed() {
@@ -1720,13 +1722,13 @@ whiptail_setup_failed() {
Press Ok to exit. Press Ok to exit.
EOM EOM
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "$message" $height 75 whiptail --title "$whiptail_title" --msgbox "$message" $height 75
} }
whiptail_so_allow_yesno() { whiptail_so_allow_yesno() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" \ whiptail --title "$whiptail_title" \
--yesno "Do you want to run so-allow to allow access to the web tools?" \ --yesno "Do you want to run so-allow to allow access to the web tools?" \
8 75 8 75
} }
@@ -1735,7 +1737,7 @@ whiptail_so_allow() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
ALLOW_CIDR=$(whiptail --title "Security Onion Setup - $SOVERSION" \ ALLOW_CIDR=$(whiptail --title "$whiptail_title" \
--inputbox "Enter a single IP address or an IP range, in CIDR notation, to allow:" \ --inputbox "Enter a single IP address or an IP range, in CIDR notation, to allow:" \
10 75 "$1" 3>&1 1>&2 2>&3) 10 75 "$1" 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -1755,7 +1757,7 @@ whiptail_ssh_key_copy_notice() {
Select OK to continue. Select OK to continue.
EOM EOM
whiptail --title "Security Onion Setup - $SOVERSION" --msgbox "$message" 11 75 whiptail --title "$whiptail_title" --msgbox "$message" 11 75
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
} }
@@ -1794,7 +1796,7 @@ whiptail_storage_requirements() {
EOM EOM
whiptail \ whiptail \
--title "Security Onion Setup - $SOVERSION" \ --title "$whiptail_title" \
--yesno "$message" \ --yesno "$message" \
14 75 14 75
@@ -1806,7 +1808,7 @@ whiptail_strelka_rules() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup - $SOVERSION" --yesno "Do you want to enable the default YARA rules for Strelka?" 8 75 whiptail --title "$whiptail_title" --yesno "Do you want to enable the default YARA rules for Strelka?" 8 75
local exitstatus=$? local exitstatus=$?
@@ -1832,7 +1834,7 @@ whiptail_suricata_pins() {
local PROCS=$lb_procs local PROCS=$lb_procs
fi fi
SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please select $PROCS cores to pin Suricata to:" 20 75 12 "${filtered_core_str[@]}" 3>&1 1>&2 2>&3 ) SURIPINS=$(whiptail --noitem --title "$whiptail_title" --checklist "Please select $PROCS cores to pin Suricata to:" 20 75 12 "${filtered_core_str[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -1846,7 +1848,7 @@ whiptail_node_updates() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
NODEUPDATES=$(whiptail --title "Security Onion Setup - $SOVERSION" --radiolist \ NODEUPDATES=$(whiptail --title "$whiptail_title" --radiolist \
"How would you like to download OS package updates for your grid?" 20 75 4 \ "How would you like to download OS package updates for your grid?" 20 75 4 \
"MANAGER" "Manager node is proxy for updates." ON \ "MANAGER" "Manager node is proxy for updates." ON \
"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) "OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
@@ -1871,7 +1873,7 @@ whiptail_you_sure() {
EOM EOM
whiptail \ whiptail \
--title "Security Onion Setup - $SOVERSION" \ --title "$whiptail_title" \
--yesno "$you_sure_text" \ --yesno "$you_sure_text" \
20 75 20 75
@@ -1896,7 +1898,7 @@ whiptail_zeek_pins() {
local PROCS=$lb_procs local PROCS=$lb_procs
fi fi
ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) ZEEKPINS=$(whiptail --noitem --title "$whiptail_title" --checklist "Please select $PROCS cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus