From 2420cd5db1b2590752812a66251a53b5e1cfb51d Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 6 Oct 2020 10:46:11 -0400
Subject: [PATCH 1/5] add some system characteristics to log like normal
 install does

---
 salt/common/tools/sbin/so-analyst-install | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/salt/common/tools/sbin/so-analyst-install b/salt/common/tools/sbin/so-analyst-install
index 7ac8524dd..732ea6936 100755
--- a/salt/common/tools/sbin/so-analyst-install
+++ b/salt/common/tools/sbin/so-analyst-install
@@ -23,6 +23,24 @@ fi
 INSTALL_LOG=/root/so-analyst-install.log
 exec &> >(tee -a "$INSTALL_LOG")
 
+logCmd() {
+	cmd=$1
+	info "Executing command: $cmd"
+	$cmd >> "$INSTALL_LOG" 2>&1
+}
+
+analyze_system() {
+	title "System Characteristics"
+	logCmd "uptime"
+	logCmd "uname -a"
+	logCmd "free -h"
+	logCmd "lscpu"
+	logCmd "df -h"
+	logCmd "ip a"
+}
+
+analyze_system
+
 OS=$(grep PRETTY_NAME /etc/os-release | grep 'CentOS Linux 7')
 if [ $? -ne 0 ]; then
   echo "This is an unsupported OS. Please use CentOS 7 to install the analyst node."

From 85168e9318568a1a675d4596824f94c6afc7dd58 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 6 Oct 2020 10:49:38 -0400
Subject: [PATCH 2/5] add title function

---
 salt/common/tools/sbin/so-analyst-install | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/salt/common/tools/sbin/so-analyst-install b/salt/common/tools/sbin/so-analyst-install
index 732ea6936..e31ad58e1 100755
--- a/salt/common/tools/sbin/so-analyst-install
+++ b/salt/common/tools/sbin/so-analyst-install
@@ -23,6 +23,10 @@ fi
 INSTALL_LOG=/root/so-analyst-install.log
 exec &> >(tee -a "$INSTALL_LOG")
 
+title() {
+	echo -e "\n-----------------------------\n $1\n-----------------------------\n" >> "$setup_log" 2>&1
+}
+
 logCmd() {
 	cmd=$1
 	info "Executing command: $cmd"

From 7840002d18dc40d0513482034217720281f7ae9b Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 6 Oct 2020 10:51:31 -0400
Subject: [PATCH 3/5] update log file in title func

---
 salt/common/tools/sbin/so-analyst-install | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/so-analyst-install b/salt/common/tools/sbin/so-analyst-install
index e31ad58e1..eb6fdb353 100755
--- a/salt/common/tools/sbin/so-analyst-install
+++ b/salt/common/tools/sbin/so-analyst-install
@@ -24,7 +24,7 @@ INSTALL_LOG=/root/so-analyst-install.log
 exec &> >(tee -a "$INSTALL_LOG")
 
 title() {
-	echo -e "\n-----------------------------\n $1\n-----------------------------\n" >> "$setup_log" 2>&1
+	echo -e "\n-----------------------------\n $1\n-----------------------------\n" >> "$INSTALL_LOG" 2>&1
 }
 
 logCmd() {

From 4eea0a464cd6822c5a06877cbff2ba5c23742cb7 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 6 Oct 2020 10:57:43 -0400
Subject: [PATCH 4/5] include remaining log functions from so-functions

---
 salt/common/tools/sbin/so-analyst-install | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/salt/common/tools/sbin/so-analyst-install b/salt/common/tools/sbin/so-analyst-install
index eb6fdb353..f59105293 100755
--- a/salt/common/tools/sbin/so-analyst-install
+++ b/salt/common/tools/sbin/so-analyst-install
@@ -23,6 +23,21 @@ fi
 INSTALL_LOG=/root/so-analyst-install.log
 exec &> >(tee -a "$INSTALL_LOG")
 
+log() {
+	msg=$1
+	level=${2:-I}
+	now=$(TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ")
+	echo -e "$now | $level | $msg" >> "$INSTALL_LOG" 2>&1
+}
+
+error() {
+	log "$1" "E"
+}
+
+info() {
+	log "$1" "I"
+}
+
 title() {
 	echo -e "\n-----------------------------\n $1\n-----------------------------\n" >> "$INSTALL_LOG" 2>&1
 }

From a5f4c96db043543ed254de7006b419439d9a2569 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 6 Oct 2020 11:19:43 -0400
Subject: [PATCH 5/5] qol user interaction improvements to analyst install

---
 salt/common/tools/sbin/so-analyst-install | 43 +++++++++++++++--------
 1 file changed, 28 insertions(+), 15 deletions(-)

diff --git a/salt/common/tools/sbin/so-analyst-install b/salt/common/tools/sbin/so-analyst-install
index f59105293..c62474fcf 100755
--- a/salt/common/tools/sbin/so-analyst-install
+++ b/salt/common/tools/sbin/so-analyst-install
@@ -74,19 +74,25 @@ else
   CURLCONTINUE=''
 fi
 
+FIRSTPASS=yes
 while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do
-  clear
-  echo "###########################################"
-  echo "##          ** W A R N I N G **          ##"
-  echo "##    _______________________________    ##"
-  echo "##                                       ##"
-  echo "##    Installing the Security Onion      ##"
-  echo "##   analyst node on this device will    ##"
-  echo "##      make permanenet changes to       ##"
-  echo "##              the system.              ##"
-  echo "##                                       ##"
-  echo "###########################################"
-  echo "Do you wish to continue? (Type the entire word 'yes' to proceed or 'no' to exit)"
+  if [[ "$FIRSTPASS" == "yes" ]]; then
+    clear
+    echo "###########################################"
+    echo "##          ** W A R N I N G **          ##"
+    echo "##    _______________________________    ##"
+    echo "##                                       ##"
+    echo "##    Installing the Security Onion      ##"
+    echo "##   analyst node on this device will    ##"
+    echo "##      make permanenet changes to       ##"
+    echo "##              the system.              ##"
+    echo "##                                       ##"
+    echo "###########################################"
+    echo "Do you wish to continue? (Type the entire word 'yes' to proceed or 'no' to exit)"
+    FIRSTPASS=no
+  else
+    echo "Please type 'yes' to continue or 'no' to exit."
+  fi      
   read INSTALL
 done
 
@@ -98,10 +104,17 @@ fi
 echo "Testing for internet connection with curl https://securityonionsolutions.com/"
 CANCURL=$(curl -sI https://securityonionsolutions.com/ | grep "200 OK")
   if [ $? -ne 0 ]; then
-    echo "We could not access https://securityonionsolutions.com/. Since packages are downloaded from the internet in order to configure the analyst node, internet acceess is required. If you would like to ignore this warning and continue anyway, please type 'yes'. Otherwise, type 'no' to exit."
-    read CURLCONTINUE
+    FIRSTPASS=yes
     while [[ $CURLCONTINUE != "yes" ]] && [[ $CURLCONTINUE != "no" ]]; do
-      echo "We could not access https://securityonionsolutions.com/. Since packages are downloaded from the internet in order to configure the analyst node, internet acceess is required. If you would like to ignore this warning and continue anyway, please type 'yes'. Otherwise, type 'no' to exit."
+      if [[ "$FIRSTPASS" == "yes" ]]; then
+        echo "We could not access https://securityonionsolutions.com/."
+        echo "Since packages are downloaded from the internet, internet acceess is required."
+        echo "If you would like to ignore this warning and continue anyway, please type 'yes'."
+        echo "Otherwise, type 'no' to exit."
+        FIRSTPASS=no
+      else
+        echo "Please type 'yes' to continue or 'no' to exit."
+      fi  
       read CURLCONTINUE
     done
     if [[ "$CURLCONTINUE" == "no" ]]; then