From 988932293f41f5cad5571b1dfd3f70be6d187cee Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 5 Nov 2021 15:54:17 -0400 Subject: [PATCH 01/11] Whiptail changes * Ask whether to join to or create new dist install * Also add links to architecture on install type prompts --- setup/so-whiptail | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 95650415c..8e137b8f5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -735,7 +735,7 @@ whiptail_install_type() { # What kind of install are we doing? install_type=$(whiptail --title "$whiptail_title" --radiolist \ - "Choose install type:" 12 65 5 \ + "Choose install type. See https://docs.securityonion.net/architecture for details." 12 65 5 \ "EVAL" "Evaluation mode (not for production) " ON \ "STANDALONE" "Standalone production install " OFF \ "DISTRIBUTED" "Distributed install submenu " OFF \ @@ -749,6 +749,11 @@ whiptail_install_type() { if [[ $install_type == "DISTRIBUTED" ]]; then whiptail_install_type_dist + if [[ $dist_option == "NEWDEPLOYMENT" ]]; then + whiptail_install_type_dist_new + else + whiptail_install_type_dist_existing + fi elif [[ $install_type == "OTHER" ]]; then whiptail_install_type_other fi @@ -759,13 +764,39 @@ whiptail_install_type() { whiptail_install_type_dist() { [ -n "$TESTING" ] && return + + dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to an existing deployment?" 10 75 2 \ + "New Deployment " "Create a new Security Onion deployment" \ + "Existing Deployment " "Join to an exisiting Security Onion deployment " \ + 3>&1 1>&2 2>&3 + ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + dist_option=$(echo "${option^^}" | tr -d ' ') +} + +whiptail_install_type_dist_new() { + [ -n "$TESTING" ] && return install_type=$(whiptail --title "$whiptail_title" --radiolist \ - "Choose distributed node type:" 13 60 6 \ - "MANAGER" "Start a new grid " ON \ + "Choose distributed manager type. See https://docs.securityonion.net/architecture for details." 24 60 6 \ + "MANAGER" "Start a new grid - requires separate search node(s) " ON \ + "MANAGERSEARCH" "Start a new grid - separate search node(s) are optional " OFF \ + 3>&1 1>&2 2>&3 + ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + +whiptail_install_type_dist_existing() { + [ -n "$TESTING" ] && return + + install_type=$(whiptail --title "$whiptail_title" --radiolist \ + "Choose distributed node type. See https://docs.securityonion.net/architecture for details." 13 60 6 \ "SENSOR" "Create a forward only sensor " OFF \ "SEARCHNODE" "Add a search node with parsing " OFF \ - "MANAGERSEARCH" "Manager + search node " OFF \ "FLEET" "Dedicated Fleet Osquery Node " OFF \ "HEAVYNODE" "Sensor + Search Node " OFF \ 3>&1 1>&2 2>&3 @@ -777,8 +808,6 @@ whiptail_install_type_dist() { local exitstatus=$? whiptail_check_exitstatus $exitstatus - - export install_type } whiptail_install_type_other() { @@ -907,6 +936,7 @@ whiptail_first_menu_iso() { option=$(echo "${option^^}" | tr -d ' ') } + whiptail_make_changes() { [ -n "$TESTING" ] && return From 246d41c55270292454f7121914cbcbdeb6f904d1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 5 Nov 2021 15:56:08 -0400 Subject: [PATCH 02/11] Add additional checks for manager hostname + ip Check for current hostname, ip, and localhost (ip + string) when setting the manager ip and hostname --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 6d46b4bb4..410cc5970 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -470,7 +470,7 @@ collect_int_ip_mask() { collect_mngr_hostname() { whiptail_management_server - while ! valid_hostname "$MSRV"; do + while ! valid_hostname "$MSRV" || [[ $MSRV == "$HOSTNAME" || $MSRVIP == "localhost" ]]; do whiptail_invalid_hostname whiptail_management_server "$MSRV" done @@ -478,7 +478,7 @@ collect_mngr_hostname() { if ! getent hosts "$MSRV"; then whiptail_manager_ip - while ! valid_ip4 "$MSRVIP"; do + while ! valid_ip4 "$MSRVIP" || [[ $MSRVIP == "$MAINIP" || $MSRVIP == "127.0.0.1" ]]; do whiptail_invalid_input whiptail_manager_ip "$MSRVIP" done From 9c4bba9ac95a0d039967eae4568fd5248a32ccfb Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 8 Nov 2021 10:08:23 -0500 Subject: [PATCH 03/11] Fix variable reference --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 8e137b8f5..08a1d369e 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -773,7 +773,7 @@ whiptail_install_type_dist() { local exitstatus=$? whiptail_check_exitstatus $exitstatus - dist_option=$(echo "${option^^}" | tr -d ' ') + dist_option=$(echo "${dist_option^^}" | tr -d ' ') } whiptail_install_type_dist_new() { From dbe4a7de6342ccce451454446808c0e82449d542 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 8 Nov 2021 10:19:38 -0500 Subject: [PATCH 04/11] Fix new whiptail layouts --- setup/so-whiptail | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 08a1d369e..8d7782272 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -780,9 +780,9 @@ whiptail_install_type_dist_new() { [ -n "$TESTING" ] && return install_type=$(whiptail --title "$whiptail_title" --radiolist \ - "Choose distributed manager type. See https://docs.securityonion.net/architecture for details." 24 60 6 \ - "MANAGER" "Start a new grid - requires separate search node(s) " ON \ - "MANAGERSEARCH" "Start a new grid - separate search node(s) are optional " OFF \ + "Choose distributed manager type to start a new grid. See https://docs.securityonion.net/architecture for details." 10 75 2 \ + "MANAGER" "New grid, requires separate search node(s) " ON \ + "MANAGERSEARCH" "New grid, separate search node(s) are optional " OFF \ 3>&1 1>&2 2>&3 ) @@ -794,8 +794,8 @@ whiptail_install_type_dist_existing() { [ -n "$TESTING" ] && return install_type=$(whiptail --title "$whiptail_title" --radiolist \ - "Choose distributed node type. See https://docs.securityonion.net/architecture for details." 13 60 6 \ - "SENSOR" "Create a forward only sensor " OFF \ + "Choose distributed node type to join to an existing grid. See https://docs.securityonion.net/architecture for details." 14 57 4 \ + "SENSOR" "Create a forward only sensor " ON \ "SEARCHNODE" "Add a search node with parsing " OFF \ "FLEET" "Dedicated Fleet Osquery Node " OFF \ "HEAVYNODE" "Sensor + Search Node " OFF \ From 8b2cccdf4ab367319010e29fa1b70c8e2e4e13ac Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 8 Nov 2021 10:21:17 -0500 Subject: [PATCH 05/11] More whiptail formatting --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 8d7782272..2f3b54215 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -765,7 +765,7 @@ whiptail_install_type_dist() { [ -n "$TESTING" ] && return - dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to an existing deployment?" 10 75 2 \ + dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 10 75 2 \ "New Deployment " "Create a new Security Onion deployment" \ "Existing Deployment " "Join to an exisiting Security Onion deployment " \ 3>&1 1>&2 2>&3 From ad71485361d13accc6fd70fc70756ed685a0e740 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 8 Nov 2021 10:21:55 -0500 Subject: [PATCH 06/11] Fix whiptail height --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 2f3b54215..877daf966 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -765,7 +765,7 @@ whiptail_install_type_dist() { [ -n "$TESTING" ] && return - dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 10 75 2 \ + dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \ "New Deployment " "Create a new Security Onion deployment" \ "Existing Deployment " "Join to an exisiting Security Onion deployment " \ 3>&1 1>&2 2>&3 From 50b7779d6e15d1608dafc665f2cb7a691031086e Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 8 Nov 2021 10:35:28 -0500 Subject: [PATCH 07/11] Make manager hostname error more specific --- setup/so-functions | 7 ++++++- setup/so-whiptail | 18 ++++++++++++++---- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 410cc5970..0ac5df697 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -470,11 +470,16 @@ collect_int_ip_mask() { collect_mngr_hostname() { whiptail_management_server - while ! valid_hostname "$MSRV" || [[ $MSRV == "$HOSTNAME" || $MSRVIP == "localhost" ]]; do + while ! valid_hostname "$MSRV"; do whiptail_invalid_hostname whiptail_management_server "$MSRV" done + while [[ $MSRV == "$HOSTNAME" || $MSRVIP == "localhost" ]]; do + whiptail_invalid_hostname 0 + whiptail_management_server "$MSRV" + done + if ! getent hosts "$MSRV"; then whiptail_manager_ip diff --git a/setup/so-whiptail b/setup/so-whiptail index 877daf966..db5e36516 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -841,7 +841,6 @@ whiptail_invalid_input() { # TODO: This should accept a list of arguments to spe [ -n "$TESTING" ] && return whiptail --title "$whiptail_title" --msgbox " Invalid input, please try again." 7 40 - } whiptail_invalid_proxy() { @@ -888,10 +887,21 @@ whiptail_invalid_user_warning() { whiptail_invalid_hostname() { [ -n "$TESTING" ] && return + local is_manager_hostname + is_manager_hostname="$1" + local error_message - error_message=$(echo "Please choose a valid hostname. It cannot be localhost; and must contain only \ - the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \ - and hyphen ('-')" | tr -d '\t') + read -r -d '' error_message <<- EOM + Please choose a valid hostname. It cannot be localhost; and must contain only the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', and hyphen ('-') + EOM + + if [[ $is_manager_hostname = 0 ]]; then + local error_message + read -r -d '' error_message <<- EOM + Please enter a valid hostname. The manager hostname cannot be localhost or the chosen hostname for this machine. + EOM + + fi whiptail --title "$whiptail_title" \ --msgbox "$error_message" 10 75 From ee2dd75dfd7c7394e3f9b5255e001b38d9bc3864 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 8 Nov 2021 10:36:36 -0500 Subject: [PATCH 08/11] Fix variable ref --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 0ac5df697..2a8a6ff88 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -475,7 +475,7 @@ collect_mngr_hostname() { whiptail_management_server "$MSRV" done - while [[ $MSRV == "$HOSTNAME" || $MSRVIP == "localhost" ]]; do + while [[ $MSRV == "$HOSTNAME" || $MSRV == "localhost" ]]; do whiptail_invalid_hostname 0 whiptail_management_server "$MSRV" done From f66d915f5df06dc82976b971b14a9728bf1a6435 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 8 Nov 2021 10:38:30 -0500 Subject: [PATCH 09/11] Normal hostname check already checks for localhost --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 2a8a6ff88..a9925c80d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -475,7 +475,7 @@ collect_mngr_hostname() { whiptail_management_server "$MSRV" done - while [[ $MSRV == "$HOSTNAME" || $MSRV == "localhost" ]]; do + while [[ $MSRV == "$HOSTNAME" ]]; do whiptail_invalid_hostname 0 whiptail_management_server "$MSRV" done From acba82d1948b298f3a9721abede8b7575440b90a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 8 Nov 2021 11:04:51 -0500 Subject: [PATCH 10/11] Update dist install menus' top text --- setup/so-whiptail | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index db5e36516..3f8628a30 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -778,9 +778,17 @@ whiptail_install_type_dist() { whiptail_install_type_dist_new() { [ -n "$TESTING" ] && return + + local mngr_msg + read -r -d '' mngr_msg <<- EOM + Choose a distributed manager type to start a new grid. - install_type=$(whiptail --title "$whiptail_title" --radiolist \ - "Choose distributed manager type to start a new grid. See https://docs.securityonion.net/architecture for details." 10 75 2 \ + See https://docs.securityonion.net/architecture for details. + + Note: MANAGER is the recommended option for most users. MANAGERSEARCH should only be used in very specific situations. + EOM + + install_type=$(whiptail --title "$whiptail_title" --radiolist "$mngr_msg" 15 75 2 \ "MANAGER" "New grid, requires separate search node(s) " ON \ "MANAGERSEARCH" "New grid, separate search node(s) are optional " OFF \ 3>&1 1>&2 2>&3 @@ -792,9 +800,17 @@ whiptail_install_type_dist_new() { whiptail_install_type_dist_existing() { [ -n "$TESTING" ] && return + + local node_msg + read -r -d '' node_msg <<- EOM + Choose a distributed node type to join to an existing grid. - install_type=$(whiptail --title "$whiptail_title" --radiolist \ - "Choose distributed node type to join to an existing grid. See https://docs.securityonion.net/architecture for details." 14 57 4 \ + See https://docs.securityonion.net/architecture for details. + + Note: Heavy nodes (HEAVYNODE) are NOT recommended for most users. + EOM + + install_type=$(whiptail --title "$whiptail_title" --radiolist "$node_msg" 17 57 4 \ "SENSOR" "Create a forward only sensor " ON \ "SEARCHNODE" "Add a search node with parsing " OFF \ "FLEET" "Dedicated Fleet Osquery Node " OFF \ From 6c16d6d2223578a171f4309a809c91d810db91c1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 8 Nov 2021 11:15:28 -0500 Subject: [PATCH 11/11] Update invalid hostname message --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 3f8628a30..13bfa82b4 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -908,7 +908,7 @@ whiptail_invalid_hostname() { local error_message read -r -d '' error_message <<- EOM - Please choose a valid hostname. It cannot be localhost; and must contain only the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', and hyphen ('-') + Please choose a valid hostname. It cannot be localhost. It must contain only the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', and hyphen ('-'). EOM if [[ $is_manager_hostname = 0 ]]; then