From 1c4abcef15ee4c8246c471ac970849eac44ef674 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 2 Nov 2020 14:25:02 -0500 Subject: [PATCH 01/24] [fix] Kill all jobs before checking if we can reach the salt master --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index f2a701e7e..36886b49e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -264,6 +264,7 @@ check_service_status() { check_salt_master_status() { echo "Checking if we can talk to the salt master" >> "$setup_log" 2>&1 + salt-call saltutil.kill_all_jobs > /dev/null 2>&1 salt-call state.show_top > /dev/null 2>&1 local status=$? #true if there is an issue talking to salt master From 033f5dbb9c57ee8c3d3bf7f345bfb90cb81932af Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 2 Nov 2020 14:25:46 -0500 Subject: [PATCH 02/24] [fix] Use (mostly) absolute path when adding to PATH --- setup/so-setup | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index d699e9f57..c88b3935f 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -114,7 +114,8 @@ case "$setup_type" in esac # Allow execution of SO tools during setup -export PATH=$PATH:../salt/common/tools/sbin +local_sbin="$(pwd)/../salt/common/tools/sbin" +export PATH=$PATH:$local_sbin detect_os && detect_cloud set_network_dev_status_list From 00fc256c37fbe53cf1346f074ee6bc0efa7edfea Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 14:51:35 -0500 Subject: [PATCH 03/24] [fix][wip] Add reinstall_init function Create a function that, if the setup log exists, puts the system into a state where the installer can run again without issue. This is WIP, there are most likely still issues. --- setup/so-functions | 19 ++++++++++++++++++- setup/so-setup | 4 ++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 36886b49e..9f903dd47 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1411,6 +1411,24 @@ reserve_group_ids() { groupadd -g 946 cyberchef } +reinstall_init() { + + # Move last setup log to backup + mv $setup_log $setup_log.bak + + # Stop salt so it won't highstate and start containers back up. + if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|IMPORT)$ ]]; then + systemctl stop salt-master + fi + systemctl stop salt-minion + + # Remove startup highstate from minion config so we don't immediately highstate when salt starts back up + sed -i '/startup_states/d' $minion_config + + # Stop all containers so files can be changed with more safety + docker stop $(docker ps -a -q) +} + # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and salt/salt/master.defaults.yaml and salt/salt/minion.defaults.yaml saltify() { @@ -1566,7 +1584,6 @@ saltify() { } salt_checkin() { - case "$install_type" in 'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # Fix Mine usage { diff --git a/setup/so-setup b/setup/so-setup index c88b3935f..dc8ea1566 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -57,6 +57,10 @@ done # Begin Installation pre-processing parse_install_username +if [[ -f $setup_log ]]; then + reinstall_init +fi + title "Initializing Setup" info "Installing as the $INSTALLUSERNAME user" From 93ab4b5d4f072a45624ce49993dde32dbc4dd19b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 15:44:37 -0500 Subject: [PATCH 04/24] [fix][wip] Add reinstall_init function (part 2) Create a function that, if the setup log exists, puts the system into a state where the installer can run again without issue. This is WIP, there are most likely still issues. --- setup/so-functions | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 9f903dd47..099f27317 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1412,21 +1412,22 @@ reserve_group_ids() { } reinstall_init() { + is_reinstall=0 + export is_reinstall # Move last setup log to backup mv $setup_log $setup_log.bak - # Stop salt so it won't highstate and start containers back up. - if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|IMPORT)$ ]]; then - systemctl stop salt-master - fi - systemctl stop salt-minion + { + # Remove startup_states from minion config so we don't immediately highstate when salt starts back up + sed -i '/startup_states/d' $minion_config - # Remove startup highstate from minion config so we don't immediately highstate when salt starts back up - sed -i '/startup_states/d' $minion_config + # Disable schedule so highstate doesn't start running during the install + salt-call -l info schedule.disable - # Stop all containers so files can be changed with more safety - docker stop $(docker ps -a -q) + # Stop all containers so files can be changed with more safety + docker stop $(docker ps -a -q) + } >> $setup_log 2>&1 } # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and salt/salt/master.defaults.yaml and salt/salt/minion.defaults.yaml From 57e7e61f2123cdf4593e79fd72e72952071d6c07 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 15:45:19 -0500 Subject: [PATCH 05/24] [fix] Don't add proxy to yum.conf on manager nodes --- salt/yum/etc/yum.conf.jinja | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/yum/etc/yum.conf.jinja b/salt/yum/etc/yum.conf.jinja index 22449083e..bef9c2128 100644 --- a/salt/yum/etc/yum.conf.jinja +++ b/salt/yum/etc/yum.conf.jinja @@ -11,6 +11,6 @@ installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum distroverpkg=centos-release -{% if salt['pillar.get']('global:managerupdate', '0') %} +{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('global:managerupdate', '0') %} proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142 -{% endif %} \ No newline at end of file +{% endif %} From 1c91e2d50b75f03787d805753dbfdbcf2723b0c1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 15:48:08 -0500 Subject: [PATCH 06/24] [fix] Add minion_config variable so sed works --- setup/so-functions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 099f27317..63f7aebf6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1412,6 +1412,8 @@ reserve_group_ids() { } reinstall_init() { + local minion_config=/etc/salt/minion + is_reinstall=0 export is_reinstall From 6169758f4e8d0b27a4f3a5b6e6796682956dbf56 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 16:47:59 -0500 Subject: [PATCH 07/24] [fix] 0 -> root so file owner is set correctly --- salt/common/init.sls | 4 ++-- salt/filebeat/init.sls | 4 ++-- salt/nodered/init.sls | 4 ++-- salt/telegraf/init.sls | 2 +- salt/wazuh/init.sls | 10 +++++----- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index 769484ef3..90a713c11 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -158,8 +158,8 @@ Etc/UTC: utilsyncscripts: file.recurse: - name: /usr/sbin - - user: 0 - - group: 0 + - user: root + - group: root - file_mode: 755 - template: jinja - source: salt://common/tools/sbin diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index b770f7cc8..26aca3542 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -58,8 +58,8 @@ filebeatconfsync: file.managed: - name: /opt/so/conf/filebeat/etc/filebeat.yml - source: salt://filebeat/etc/filebeat.yml - - user: 0 - - group: 0 + - user: root + - group: root - template: jinja - defaults: INPUTS: {{ salt['pillar.get']('filebeat:config:inputs', {}) }} diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls index ac886a6b7..8b583bf91 100644 --- a/salt/nodered/init.sls +++ b/salt/nodered/init.sls @@ -52,8 +52,8 @@ noderedflowsload: file.managed: - name: /usr/sbin/so-nodered-load-flows - source: salt://nodered/files/nodered_load_flows - - user: 0 - - group: 0 + - user: root + - group: root - mode: 755 - template: jinja diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index 0bbf131f7..bae80c697 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -26,7 +26,7 @@ tgrafetsdir: tgrafsyncscripts: file.recurse: - name: /opt/so/conf/telegraf/scripts - - user: 0 + - user: root - group: 939 - file_mode: 700 - template: jinja diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index f2a4ae05b..03cd3f89e 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -65,7 +65,7 @@ wazuhagentconf: file.managed: - name: /var/ossec/etc/ossec.conf - source: salt://wazuh/files/agent/ossec.conf - - user: 0 + - user: root - group: 945 - template: jinja @@ -81,8 +81,8 @@ wazuhagentregister: file.managed: - name: /usr/sbin/wazuh-register-agent - source: salt://wazuh/files/agent/wazuh-register-agent - - user: 0 - - group: 0 + - user: root + - group: root - mode: 755 - template: jinja @@ -91,8 +91,8 @@ wazuhmgrwhitelist: file.managed: - name: /usr/sbin/wazuh-manager-whitelist - source: salt://wazuh/files/wazuh-manager-whitelist - - user: 0 - - group: 0 + - user: root + - group: root - mode: 755 - template: jinja From 96ec483ae4efd64acebbdcd5fba62ed4627ae336 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 16:49:00 -0500 Subject: [PATCH 08/24] [fix][wip] Remove /opt/so directory during reinstall --- setup/so-functions | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 63f7aebf6..6a76f85c3 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1413,14 +1413,19 @@ reserve_group_ids() { reinstall_init() { local minion_config=/etc/salt/minion - + is_reinstall=0 export is_reinstall # Move last setup log to backup mv $setup_log $setup_log.bak + info "Putting system in state to run setup again" + { + # Remove /opt/so since we'll be rebuilding this directory during setup + rm -rf /opt/so + # Remove startup_states from minion config so we don't immediately highstate when salt starts back up sed -i '/startup_states/d' $minion_config From 3bf57382ce8d381e676e1bac0812a7724363ffda Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 17:05:34 -0500 Subject: [PATCH 09/24] [fix] Change when /opt/so is removed --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 6a76f85c3..802cf45e5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1423,9 +1423,6 @@ reinstall_init() { info "Putting system in state to run setup again" { - # Remove /opt/so since we'll be rebuilding this directory during setup - rm -rf /opt/so - # Remove startup_states from minion config so we don't immediately highstate when salt starts back up sed -i '/startup_states/d' $minion_config @@ -1434,6 +1431,9 @@ reinstall_init() { # Stop all containers so files can be changed with more safety docker stop $(docker ps -a -q) + + # Remove /opt/so since we'll be rebuilding this directory during setup + rm -rf /opt/so } >> $setup_log 2>&1 } From db31cf3083fbb70ac811e46f789d7d72b197cef6 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 3 Nov 2020 18:10:16 -0500 Subject: [PATCH 10/24] [refactor][fix] Remove old so-* containers, make fs changes after whiptail menus --- setup/so-functions | 16 ++++++---------- setup/so-setup | 15 +++++++++++---- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 802cf45e5..9adc8e038 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1414,13 +1414,8 @@ reserve_group_ids() { reinstall_init() { local minion_config=/etc/salt/minion - is_reinstall=0 - export is_reinstall - - # Move last setup log to backup - mv $setup_log $setup_log.bak - info "Putting system in state to run setup again" + info "Some commands may fail depending on whether setup previously succeeded" { # Remove startup_states from minion config so we don't immediately highstate when salt starts back up @@ -1429,11 +1424,12 @@ reinstall_init() { # Disable schedule so highstate doesn't start running during the install salt-call -l info schedule.disable - # Stop all containers so files can be changed with more safety - docker stop $(docker ps -a -q) + # Stop and remove all so-* containers so files can be changed with more safety + docker stop $(docker ps -a -q --filter "name=so-") + docker rm $(docker ps -a -q --filter "name=so-") - # Remove /opt/so since we'll be rebuilding this directory during setup - rm -rf /opt/so + # Backup /opt/so since we'll be rebuilding this directory during setup + mv /opt/so /opt/so_old } >> $setup_log 2>&1 } diff --git a/setup/so-setup b/setup/so-setup index dc8ea1566..348578f8c 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -54,13 +54,16 @@ while [[ $# -gt 0 ]]; do esac done +if [[ -f $setup_log ]]; then + is_reinstall=true + + # Move last setup log to backup + mv $setup_log $setup_log.bak +fi + # Begin Installation pre-processing parse_install_username -if [[ -f $setup_log ]]; then - reinstall_init -fi - title "Initializing Setup" info "Installing as the $INSTALLUSERNAME user" @@ -425,6 +428,10 @@ whiptail_make_changes # From here on changes will be made. +if [[ $is_reinstall ]]; then + reinstall_init +fi + if [[ -n "$TURBO" ]]; then use_turbo_proxy fi From 49af35b44010ec732340560c9bec9f16b778bb05 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 10:38:48 -0500 Subject: [PATCH 11/24] [fix][wip] Add reinstall_init function (part 3) Create a function that, if the setup log exists, puts the system into a state where the installer can run again without issue. This is WIP, there are most likely still issues. --- setup/so-functions | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 9adc8e038..24bf8a5aa 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1424,9 +1424,12 @@ reinstall_init() { # Disable schedule so highstate doesn't start running during the install salt-call -l info schedule.disable + # Kill any currently running salt jobs, also to prevent issues with highstate. + salt-call -l info saltutil.kill_all_jobs + # Stop and remove all so-* containers so files can be changed with more safety docker stop $(docker ps -a -q --filter "name=so-") - docker rm $(docker ps -a -q --filter "name=so-") + docker rm -f $(docker ps -a -q --filter "name=so-") # Backup /opt/so since we'll be rebuilding this directory during setup mv /opt/so /opt/so_old From 3d7069864745bb2fadb3dfb9fac58987d3a78079 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 11:26:56 -0500 Subject: [PATCH 12/24] [fix] Remove old mysql db directory --- setup/so-functions | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 24bf8a5aa..5c66d2b75 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1433,6 +1433,10 @@ reinstall_init() { # Backup /opt/so since we'll be rebuilding this directory during setup mv /opt/so /opt/so_old + + # Remove container data directories + rm -f /nsm/mysql + } >> $setup_log 2>&1 } From b643363e82733aed47ab15cdfa95fd014474483c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 12:07:34 -0500 Subject: [PATCH 13/24] [fix] Directories need -r flag --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 5c66d2b75..41aaf5ab6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1435,7 +1435,7 @@ reinstall_init() { mv /opt/so /opt/so_old # Remove container data directories - rm -f /nsm/mysql + rm -rf /nsm/mysql } >> $setup_log 2>&1 } From 3150367b1d8e11936828d74955653dfcf381f47d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 12:52:37 -0500 Subject: [PATCH 14/24] [fix] Add epoch string to /opt/so folder name --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index ca8618e53..58f671462 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1430,7 +1430,7 @@ reinstall_init() { docker rm -f $(docker ps -a -q --filter "name=so-") # Backup /opt/so since we'll be rebuilding this directory during setup - mv /opt/so /opt/so_old + mv /opt/so "/opt/so_old_$(date +%s)" # Remove container data directories rm -rf /nsm/mysql From b2759c4c7c703ee8e8796625b9afdc8a21cce819 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 14:19:25 -0500 Subject: [PATCH 15/24] [fix] Uninstall launcher if installed --- setup/so-functions | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 58f671462..0291c5641 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1435,6 +1435,17 @@ reinstall_init() { # Remove container data directories rm -rf /nsm/mysql + # Remove the old launcher package in case the config changes + if [ $OS = 'centos' ]; then + if rpm -qa | grep launcher-final; then + yum remove -y launcher-final + fi + else + if dpkg -l | grep launcher-final; then + apt purge -y launcher-final + fi + fi + } >> $setup_log 2>&1 } From 1e41b9ba3102cfa51175e920b414b64a2f922e5a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 14:20:26 -0500 Subject: [PATCH 16/24] [fix] Add conditions for commands so they're less likely to fail --- setup/so-functions | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 0291c5641..faadee63f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1410,27 +1410,37 @@ reserve_group_ids() { } reinstall_init() { - local minion_config=/etc/salt/minion - info "Putting system in state to run setup again" - info "Some commands may fail depending on whether setup previously succeeded" { + local minion_config=/etc/salt/minion + # Remove startup_states from minion config so we don't immediately highstate when salt starts back up - sed -i '/startup_states/d' $minion_config + if [[ -f $minion_config ]] && grep -q "startup_states" $minion_config; then + sed -i '/startup_states/d' $minion_config + fi - # Disable schedule so highstate doesn't start running during the install - salt-call -l info schedule.disable + if command -v salt-call &> /dev/null; then + # Disable schedule so highstate doesn't start running during the install + salt-call -l info schedule.disable - # Kill any currently running salt jobs, also to prevent issues with highstate. - salt-call -l info saltutil.kill_all_jobs + # Kill any currently running salt jobs, also to prevent issues with highstate. + salt-call -l info saltutil.kill_all_jobs + fi - # Stop and remove all so-* containers so files can be changed with more safety - docker stop $(docker ps -a -q --filter "name=so-") - docker rm -f $(docker ps -a -q --filter "name=so-") + if command -v docker &> /dev/null; then + # Stop and remove all so-* containers so files can be changed with more safety + docker stop $(docker ps -a -q --filter "name=so-") + docker rm -f $(docker ps -a -q --filter "name=so-") + fi + + local date_string + date_string=$(date +%s) # Backup /opt/so since we'll be rebuilding this directory during setup - mv /opt/so "/opt/so_old_$(date +%s)" + if [[ -d /opt/so ]]; then + mv /opt/so "/opt/so_old_${date_string}" + fi # Remove container data directories rm -rf /nsm/mysql From b4446cba9ae6a68cfa646949c38d751677c84371 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 14:20:51 -0500 Subject: [PATCH 17/24] [refactor][wip] Also backup directories in /nsm --- setup/so-functions | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index faadee63f..ad2ce7f41 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1442,8 +1442,11 @@ reinstall_init() { mv /opt/so "/opt/so_old_${date_string}" fi - # Remove container data directories - rm -rf /nsm/mysql + # Backup /nsm for the same reason + while IFS= read -r -d '' dir; do + mv "$dir" "${dir}_old_${date_string}" + done < <(find /nsm -maxdepth 1 -mindepth 1 -type d -print0) + # Remove the old launcher package in case the config changes if [ $OS = 'centos' ]; then From 5cb8d0beda46ed6d57cb139f1a9ef0df771c9c95 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 14:23:24 -0500 Subject: [PATCH 18/24] [fix] Add -q flag to grep --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index ad2ce7f41..35f8aea2f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1450,11 +1450,11 @@ reinstall_init() { # Remove the old launcher package in case the config changes if [ $OS = 'centos' ]; then - if rpm -qa | grep launcher-final; then + if rpm -qa | grep -q launcher-final; then yum remove -y launcher-final fi else - if dpkg -l | grep launcher-final; then + if dpkg -l | grep -q launcher-final; then apt purge -y launcher-final fi fi From 4369b8d0f65bb7fd8f51992a92c272a7c017cdd7 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 16:14:58 -0500 Subject: [PATCH 19/24] [fix] Remove wazuh-agent package as well --- setup/so-functions | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 35f8aea2f..438394a75 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1447,21 +1447,26 @@ reinstall_init() { mv "$dir" "${dir}_old_${date_string}" done < <(find /nsm -maxdepth 1 -mindepth 1 -type d -print0) - # Remove the old launcher package in case the config changes - if [ $OS = 'centos' ]; then - if rpm -qa | grep -q launcher-final; then - yum remove -y launcher-final - fi - else - if dpkg -l | grep -q launcher-final; then - apt purge -y launcher-final - fi - fi + remove_package launcher-final + remove_package wazuh-agent } >> $setup_log 2>&1 } +remove_package() { + local package_name=$1 + if [ $OS = 'centos' ]; then + if rpm -qa | grep -q "$package_name"; then + yum remove -y "$package_name" + fi + else + if dpkg -l | grep -q "$package_name"; then + apt purge -y "$package_name" + fi + fi +} + # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and salt/salt/master.defaults.yaml and salt/salt/minion.defaults.yaml saltify() { From cb75b2df6593b132ea130a766d962bad40838a93 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 4 Nov 2020 16:23:51 -0500 Subject: [PATCH 20/24] [revert] Remove wazuh-agent package as well --- setup/so-functions | 1 - 1 file changed, 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 438394a75..6618f34c1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1449,7 +1449,6 @@ reinstall_init() { # Remove the old launcher package in case the config changes remove_package launcher-final - remove_package wazuh-agent } >> $setup_log 2>&1 } From f7394559d4c03a9a035d69093c2a2b8e74e04ce7 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 5 Nov 2020 13:16:52 -0500 Subject: [PATCH 21/24] [fix] Only add entry to /etc/hosts if unable to resolve hostname --- setup/so-functions | 16 +++------------- setup/so-setup | 7 +++++-- 2 files changed, 8 insertions(+), 15 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 6618f34c1..993cf5751 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -103,6 +103,9 @@ add_manager_hostfile() { local exitstatus=$? whiptail_check_exitstatus $exitstatus + + # Add manager to hosts file + echo "$MSRVIP $MSRV" >> /etc/hosts } addtotab_generate_templates() { @@ -1852,25 +1855,12 @@ set_default_log_size() { set_hostname() { - set_hostname_iso - - if [[ ! $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|IMPORT)$ ]]; then - if ! getent hosts "$MSRV"; then - echo "$MSRVIP $MSRV" >> /etc/hosts - fi - fi - -} - -set_hostname_iso() { - hostnamectl set-hostname --static "$HOSTNAME" echo "127.0.0.1 $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost4 localhost4.localdomain" > /etc/hosts echo "::1 $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts echo "$HOSTNAME" > /etc/hostname hostname -F /etc/hostname - } set_initial_firewall_policy() { diff --git a/setup/so-setup b/setup/so-setup index 348578f8c..c8c6dcdb2 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -438,15 +438,18 @@ fi if [[ "$setup_type" == 'iso' ]]; then # Init networking so rest of install works - set_hostname_iso + set_hostname set_management_interface fi disable_ipv6 disable_auto_start +if [[ "$setup_type" != 'iso' ]]; then + set_hostname >> $setup_log 2>&1 +fi + { - set_hostname; set_version; clear_manager; } >> $setup_log 2>&1 From f058fb460dda73f76c79a3eefa1960bf1fa06874 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 5 Nov 2020 13:25:02 -0500 Subject: [PATCH 22/24] [fix] Don't modify hosts file during whiptail menus --- setup/so-functions | 8 ++++++-- setup/so-setup | 6 +++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 993cf5751..f764071cc 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -103,9 +103,13 @@ add_manager_hostfile() { local exitstatus=$? whiptail_check_exitstatus $exitstatus +} - # Add manager to hosts file - echo "$MSRVIP $MSRV" >> /etc/hosts + +add_mngr_ip_to_hosts() { + if [[ -n "$MSRVIP" ]]; then + echo "$MSRVIP $MSRV" >> /etc/hosts + fi } addtotab_generate_templates() { diff --git a/setup/so-setup b/setup/so-setup index c8c6dcdb2..cf180000f 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -446,7 +446,11 @@ disable_ipv6 disable_auto_start if [[ "$setup_type" != 'iso' ]]; then - set_hostname >> $setup_log 2>&1 + set_hostname +fi + +if [[ $is_minion ]]; then + add_mngr_ip_to_hosts fi { From 915aaf58f2bf6856c446211e4e8cae115b85a9b7 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 5 Nov 2020 13:28:21 -0500 Subject: [PATCH 23/24] [fix] Always set MSRVIP because /etc/hosts is wiped --- setup/so-functions | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index f764071cc..87ba2f922 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -107,9 +107,12 @@ add_manager_hostfile() { add_mngr_ip_to_hosts() { - if [[ -n "$MSRVIP" ]]; then - echo "$MSRVIP $MSRV" >> /etc/hosts + if [[ -z "$MSRVIP" ]]; then + MSRVIP=getent hosts "$MSRV" | awk 'NR==1{print $1}' fi + + echo "$MSRVIP $MSRV" >> /etc/hosts + } addtotab_generate_templates() { From b27b2e358b3bef423e6b1566c9efe738d1d527dd Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 5 Nov 2020 13:38:08 -0500 Subject: [PATCH 24/24] [fix] Set MSRVIP variable before hosts file is overwritten --- setup/so-functions | 6 ------ setup/so-whiptail | 2 ++ 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 87ba2f922..a0ac5bac6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -105,14 +105,8 @@ add_manager_hostfile() { whiptail_check_exitstatus $exitstatus } - add_mngr_ip_to_hosts() { - if [[ -z "$MSRVIP" ]]; then - MSRVIP=getent hosts "$MSRV" | awk 'NR==1{print $1}' - fi - echo "$MSRVIP $MSRV" >> /etc/hosts - } addtotab_generate_templates() { diff --git a/setup/so-whiptail b/setup/so-whiptail index cc37f0545..20682a8b5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -791,6 +791,8 @@ whiptail_management_server() { if ! getent hosts "$MSRV"; then add_manager_hostfile + else + MSRVIP=$(getent hosts "$MSRV" | awk 'NR==1{print $1}') fi }