From 5054138be9323bd506c3b70447fb77f478d3516c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 11:21:03 -0400 Subject: [PATCH] [feat] Add analyst option + add back helix option --- setup/so-setup | 4 ++++ setup/so-whiptail | 60 +++++++++++++++++++++++++++++++++++------------ 2 files changed, 49 insertions(+), 15 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index f8a33a947..e1ba7cf00 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -191,6 +191,10 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then is_helix=true elif [ "$install_type" = 'IMPORT' ]; then is_import=true +elif [ "$install_type" = 'ANALYST' ]; then + cd "$(dirname "$0")/../" || exit 255 + ./so-analyst-install + exit 0 fi # Say yes to the dress if its an ISO install diff --git a/setup/so-whiptail b/setup/so-whiptail index 0401146af..4ad09e073 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -560,11 +560,12 @@ whiptail_install_type() { # What kind of install are we doing? install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose install type:" 10 65 4 \ + "Choose install type:" 10 65 5 \ "EVAL" "Evaluation mode (not for production) " ON \ "STANDALONE" "Standalone production install " OFF \ "DISTRIBUTED" "Distributed install submenu " OFF \ "IMPORT" "Standalone to import PCAP or log files " OFF \ + "OTHER" "Other install types" OFF \ 3>&1 1>&2 2>&3 ) @@ -572,21 +573,50 @@ whiptail_install_type() { whiptail_check_exitstatus $exitstatus if [[ $install_type == "DISTRIBUTED" ]]; then - install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose distributed node type:" 13 60 6 \ - "MANAGER" "Start a new grid " ON \ - "SENSOR" "Create a forward only sensor " OFF \ - "SEARCHNODE" "Add a search node with parsing " OFF \ - "MANAGERSEARCH" "Manager + search node " OFF \ - "FLEET" "Dedicated Fleet Osquery Node " OFF \ - "HEAVYNODE" "Sensor + Search Node " OFF \ - 3>&1 1>&2 2>&3 - # "HOTNODE" "Add Hot Node (Uses Elastic Clustering)" OFF \ # TODO - # "WARMNODE" "Add Warm Node to existing Hot or Search node" OFF \ # TODO - # "WAZUH" "Stand Alone Wazuh Server" OFF \ # TODO - # "STRELKA" "Stand Alone Strelka Node" OFF \ # TODO - ) + whiptail_install_type_dist fi + if [[ $install_type == "OTHER" ]]; then + whiptail_install_type_other + fi + + export install_type +} + +whiptail_install_type_dist() { + + [ -n "$TESTING" ] && return + + install_type=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose distributed node type:" 13 60 6 \ + "MANAGER" "Start a new grid " ON \ + "SENSOR" "Create a forward only sensor " OFF \ + "SEARCHNODE" "Add a search node with parsing " OFF \ + "MANAGERSEARCH" "Manager + search node " OFF \ + "FLEET" "Dedicated Fleet Osquery Node " OFF \ + "HEAVYNODE" "Sensor + Search Node " OFF \ + 3>&1 1>&2 2>&3 + # "HOTNODE" "Add Hot Node (Uses Elastic Clustering)" OFF \ # TODO + # "WARMNODE" "Add Warm Node to existing Hot or Search node" OFF \ # TODO + # "WAZUH" "Stand Alone Wazuh Server" OFF \ # TODO + # "STRELKA" "Stand Alone Strelka Node" OFF \ # TODO + ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + export install_type +} + +whiptail_install_type_other() { + + [ -n "$TESTING" ] && return + + install_type=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose distributed node type:" 13 60 2 \ + "ANALYST" "Quit setup and run the installer for an analyst workstation" ON \ + "HELIXSENSOR" "Create a Helix sensor" OFF \ + 3>&1 1>&2 2>&3 + ) local exitstatus=$? whiptail_check_exitstatus $exitstatus