rename importpcap node to import

files/firewall/assigned_hostgroups.local.map.yaml

@@ -13,7 +13,7 @@ role:
   fleet:
   heavynode:
   helixsensor:
-  importpcap:
+  import:
   manager:
   managersearch:
   standalone:

pillar/top.sls

@@ -2,7 +2,7 @@ base:
   '*':
     - patch.needs_restarting
 
-  '*_eval or *_helix or *_heavynode or *_sensor or *_standalone or *_importpcap':
+  '*_eval or *_helix or *_heavynode or *_sensor or *_standalone or *_import':
     - match: compound
     - zeek
 
@@ -81,7 +81,7 @@ base:
     - elasticsearch.search
     - minions.{{ grains.id }}
 
-  '*_importpcap':
+  '*_import':
     - zeeklogs
     - secrets
     - elasticsearch.eval

salt/common/maps/import.map.jinja

@@ -7,8 +7,6 @@
     'so-elasticsearch',
     'so-kibana',
     'so-suricata',
-    'so-zeek',
+    'so-zeek'
-    'so-soctopus',
-    'so-sensoroni'
   ]
 } %}

salt/elasticsearch/init.sls

@@ -23,7 +23,7 @@
   {% set FEATURES = '' %}
 {% endif %}
 
-{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-importpcap'] %}
+{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %}
   {% set esclustername = salt['pillar.get']('manager:esclustername', '') %}
   {% set esheap = salt['pillar.get']('manager:esheap', '') %}
   {% set ismanager = True %}

salt/firewall/assigned_hostgroups.map.yaml

@@ -488,7 +488,7 @@ role:
           localhost:
             portgroups:
               - {{ portgroups.all }}
-  importpcap:
+  import:
     chain:
       DOCKER-USER:
         hostgroups:

salt/ssl/init.sls

@@ -7,7 +7,7 @@
 {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('global:fleet_custom_hostname', None) %}
 
-{% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'importpcap'] %}
+{% if grains.id.split('_')|last in ['manager', 'eval', 'standalone', 'import'] %}
     {% set trusttheca_text =  salt['mine.get'](grains.id, 'x509.get_pem_entries')[grains.id]['/etc/pki/ca.crt']|replace('\n', '') %}
     {% set ca_server = grains.id %}
 {% else %}
@@ -72,7 +72,7 @@ influxkeyperms:
     - mode: 640
     - group: 939
 
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-importpcap'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
 
 /etc/pki/filebeat.key:
   x509.private_key_managed:
@@ -322,7 +322,7 @@ fleetkeyperms:
     - group: 939
 
 {% endif %}
-{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-importpcap'] %}
+{% if grains['role'] in ['so-sensor', 'so-manager', 'so-node', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-import'] %}
 
 fbcertdir:
   file.directory:

salt/top.sls

@@ -387,7 +387,7 @@ base:
     - fleet.install_package
     - filebeat
 
-  '*_importpcap and G@saltversion:{{saltversion}}':
+  '*_import and G@saltversion:{{saltversion}}':
     - match: compound
     - ca
     - ssl

setup/so-functions

@@ -302,7 +302,7 @@ configure_minion() {
 		'helix')
 			echo "master: $HOSTNAME" >> "$minion_config"
 			;;
-		'manager' | 'eval' | 'managersearch' | 'standalone' | 'importpcap')
+		'manager' | 'eval' | 'managersearch' | 'standalone' | 'import')
 			printf '%s\n'\
 				"master: $HOSTNAME"\
 				"mysql.host: '$MAINIP'"\
@@ -358,7 +358,7 @@ check_requirements() {
 		req_cores=4
 		if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi
 		if [[ "$node_type" == 'fleet' ]]; then req_mem=4; fi
-	elif [[ "$standalone_or_dist" == 'importpcap' ]]; then
+	elif [[ "$standalone_or_dist" == 'import' ]]; then
 	    req_mem=4
 	    req_cores=2
 		req_nics=1
@@ -366,7 +366,7 @@ check_requirements() {
 
 	if [[ $setup_type == 'network' ]] ; then
 		if [[ -n $nsm_mount ]]; then
-			if [[ "$standalone_or_dist" == 'importpcap' ]]; then
+			if [[ "$standalone_or_dist" == 'import' ]]; then
 		    	req_storage=50
 			else
 				req_storage=100
@@ -378,7 +378,7 @@ check_requirements() {
 				whiptail_storage_requirements "/nsm" "${free_space_nsm} GB" "${req_storage} GB"
 			fi
 		else
-			if [[ "$standalone_or_dist" == 'importpcap' ]]; then
+			if [[ "$standalone_or_dist" == 'import' ]]; then
 		    	req_storage=50
 			else
 				req_storage=200
@@ -417,7 +417,7 @@ copy_salt_master_config() {
 
 copy_minion_tmp_files() {
 	case "$install_type" in
-		'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORTPCAP')
+		'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
 			echo "Copying pillar and salt files in $temp_install_dir to $local_salt_dir"
 			cp -Rv "$temp_install_dir"/pillar/ $local_salt_dir/ >> "$setup_log" 2>&1
 			if [ -d "$temp_install_dir"/salt ] ; then
@@ -674,7 +674,7 @@ docker_install() {
 		
 	else
 		case "$install_type" in
-			'MANAGER' | 'EVAL' | 'STANDALONE' | 'MANAGERSEARCH' | 'IMPORTPCAP')
+			'MANAGER' | 'EVAL' | 'STANDALONE' | 'MANAGERSEARCH' | 'IMPORT')
 				apt-get update >> "$setup_log" 2>&1
 				;;
 			*)
@@ -718,7 +718,7 @@ docker_seed_registry() {
 	local VERSION="$SOVERSION"
 
 	if ! [ -f /nsm/docker-registry/docker/registry.tar ]; then
-	    if [ "$install_type" == 'IMPORTPCAP' ]; then
+	    if [ "$install_type" == 'IMPORT' ]; then
 		local TRUSTED_CONTAINERS=(\
 			"so-logstash:$VERSION" \
 			"so-idstools:$VERSION" \					
@@ -746,7 +746,7 @@ docker_seed_registry() {
 			"so-zeek:$VERSION"
 		)
 		fi
-		if [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'IMPORTPCAP' ]; then
+		if [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'IMPORT' ]; then
 			TRUSTED_CONTAINERS=("${TRUSTED_CONTAINERS[@]}" \
 				"so-acng:$VERSION" \
 				"so-thehive-cortex:$VERSION" \
@@ -874,7 +874,7 @@ got_root() {
 get_minion_type() {
 	local minion_type
 	case "$install_type" in
-		'EVAL' | 'MANAGERSEARCH' | 'MANAGER' | 'SENSOR' | 'HEAVYNODE' | 'FLEET' | 'STANDALONE' | 'IMPORTPCAP')
+		'EVAL' | 'MANAGERSEARCH' | 'MANAGER' | 'SENSOR' | 'HEAVYNODE' | 'FLEET' | 'STANDALONE' | 'IMPORT')
 			minion_type=$(echo "$install_type" | tr '[:upper:]' '[:lower:]')
 			;;
 		'HELIXSENSOR')
@@ -1246,7 +1246,7 @@ saltify() {
 		set_progress_str 6 'Installing various dependencies'
 		yum -y install wget nmap-ncat >> "$setup_log" 2>&1
 		case "$install_type" in
-			'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'FLEET' | 'HELIXSENSOR' | 'STANDALONE'| 'IMPORTPCAP')
+			'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'FLEET' | 'HELIXSENSOR' | 'STANDALONE'| 'IMPORT')
 				reserve_group_ids >> "$setup_log" 2>&1
 				yum -y install epel-release >> "$setup_log" 2>&1
 				yum -y install sqlite argon2 curl mariadb-devel >> "$setup_log" 2>&1
@@ -1317,7 +1317,7 @@ saltify() {
 			'FLEET')
 				if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$setup_log" 2>&1; else apt-get -y install python-mysqldb >> "$setup_log" 2>&1; fi
 				;;
-			'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORTPCAP') # TODO: should this also be HELIXSENSOR?
+			'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # TODO: should this also be HELIXSENSOR?
 
 				# Add saltstack repo(s)
 				wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
@@ -1374,7 +1374,7 @@ saltify() {
 salt_checkin() {
 
 	case "$install_type" in
-		'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORTPCAP') # Fix Mine usage
+		'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # Fix Mine usage
 			{
 				echo "Building Certificate Authority";
 				salt-call state.apply ca;
@@ -1538,7 +1538,7 @@ set_hostname() {
 
 	set_hostname_iso
 
-	if [[ ! $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|IMPORTPCAP)$ ]]; then
+	if [[ ! $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|IMPORT)$ ]]; then
 		if ! getent hosts "$MSRV"; then
 			echo "$MSRVIP   $MSRV" >> /etc/hosts
 		fi
@@ -1570,7 +1570,7 @@ set_initial_firewall_policy() {
 			$default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost minion "$MAINIP"
 			$default_salt_dir/pillar/data/addtotab.sh managertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
 			;;
-		'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORTPCAP')
+		'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
 			$default_salt_dir/salt/common/tools/sbin/so-firewall includehost manager "$MAINIP"
 			$default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
             $default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP"

setup/so-setup

@@ -163,8 +163,8 @@ elif [ "$install_type" = 'FLEET' ]; then
 	OSQUERY=1
 elif [ "$install_type" = 'HELIXSENSOR' ]; then
 	is_helix=true
-elif [ "$install_type" = 'IMPORTPCAP' ]; then
+elif [ "$install_type" = 'IMPORT' ]; then
-	is_importpcap=true
+	is_import=true
 fi
 
 if [[ $is_manager && $is_sensor ]]; then
@@ -173,13 +173,13 @@ elif [[ $is_fleet_standalone ]]; then
 	check_requirements "dist" "fleet"
 elif [[ $is_sensor && ! $is_eval ]]; then
 	check_requirements "dist" "sensor"
-elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_importpcap ]]; then
+elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then
 	check_requirements "dist"
-elif [[ $is_importpcap ]]; then
+elif [[ $is_import ]]; then
-	check_requirements "importpcap"
+	check_requirements "import"
 fi
 
-if [[ ! $is_importpcap ]]; then
+if [[ ! $is_import ]]; then
 	whiptail_patch_schedule
 fi
 
@@ -243,7 +243,7 @@ if [[ $is_node ]]; then
 	CURCLOSEDAYS=30
 fi
 
-if [[ $is_importpcap ]]; then
+if [[ $is_import ]]; then
 	PATCHSCHEDULENAME=auto
 	MTU=1500
 	RULESETUP=ETOPEN
@@ -271,11 +271,11 @@ if [[ $is_helix || $is_sensor ]]; then
 	whiptail_sensor_nics
 fi
 
-if [[ $is_helix || $is_sensor || $is_importpcap ]]; then
+if [[ $is_helix || $is_sensor || $is_import ]]; then
 	calculate_useable_cores
 fi
 
-if [[ $is_helix ||  $is_manager || $is_importpcap ]]; then
+if [[ $is_helix ||  $is_manager || $is_import ]]; then
 	whiptail_homenet_manager
 fi
 
@@ -306,7 +306,7 @@ if [[ $is_manager ]]; then
 	fi
 fi
 
-if [[ $is_manager || $is_importpcap ]]; then
+if [[ $is_manager || $is_import ]]; then
 	collect_webuser_inputs
 	get_redirect
 fi
@@ -368,7 +368,7 @@ else
 	FLEETNODEPASSWD1=$WEBPASSWD1
 fi
 
-if [[ $is_manager || $is_importpcap ]]; then whiptail_so_allow; fi
+if [[ $is_manager || $is_import ]]; then whiptail_so_allow; fi
 
 whiptail_make_changes
 
@@ -392,7 +392,7 @@ fi
 } >> $setup_log 2>&1
 
 
-if [[ $is_manager || $is_importpcap ]]; then
+if [[ $is_manager || $is_import ]]; then
 	{
 		generate_passwords;
 		secrets_pillar;
@@ -411,7 +411,7 @@ fi
 
 host_pillar >> $setup_log 2>&1
 
-if [[ $is_minion || $is_importpcap ]]; then
+if [[ $is_minion || $is_import ]]; then
 	set_updates >> $setup_log 2>&1
 	copy_ssh_key >> $setup_log 2>&1
 fi
@@ -434,7 +434,7 @@ fi
 		configure_network_sensor >> $setup_log 2>&1
 	fi
 
-	if [[ $is_sensor || $is_helix || $is_importpcap ]]; then
+	if [[ $is_sensor || $is_helix || $is_import ]]; then
 		set_progress_str 4 'Generating sensor pillar'
 		sensor_pillar >> $setup_log 2>&1
 	fi
@@ -451,7 +451,7 @@ fi
 	set_progress_str 9 'Initializing Salt minion'
 	configure_minion "$minion_type" >> $setup_log 2>&1
 
-	if [[ $is_manager || $is_helix || $is_importpcap ]]; then
+	if [[ $is_manager || $is_helix || $is_import ]]; then
 		set_progress_str 10 'Configuring Salt master'
 		{
 			create_local_directories;
@@ -496,7 +496,7 @@ fi
 		accept_salt_key_remote >> $setup_log 2>&1
 	fi
 
-	if [[ $is_manager || $is_importpcap ]]; then
+	if [[ $is_manager || $is_import ]]; then
 		set_progress_str 20 'Accepting Salt key'
 		salt-key -ya "$MINION_ID" >> $setup_log 2>&1
 	fi
@@ -509,15 +509,15 @@ fi
 		salt-call state.apply salt.minion -l info >> $setup_log 2>&1
 	fi
 
-	if [[ $is_importpcap ]]; then
+	if [[ $is_import ]]; then
 		set_progress_str 22 'Configuring bond interface'
-		salt-call state.apply importpcap.bond -l info >> $setup_log 2>&1
+		salt-call state.apply import.bond -l info >> $setup_log 2>&1
 	fi
 
 	set_progress_str 23 'Generating CA and checking in'
 	salt_checkin >> $setup_log 2>&1
 
-	if [[ $is_manager || $is_helix || $is_importpcap ]]; then
+	if [[ $is_manager || $is_helix || $is_import ]]; then
 		set_progress_str 25 'Configuring firewall'
 		set_initial_firewall_policy >> $setup_log 2>&1
 		
@@ -555,7 +555,7 @@ fi
 	set_progress_str 64 "$(print_salt_state_apply 'nginx')"
 	salt-call state.apply -l info nginx >> $setup_log 2>&1
 
-	if [[ $is_manager || $is_node || $is_importpcap ]]; then
+	if [[ $is_manager || $is_node || $is_import ]]; then
 		set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')"
 		salt-call state.apply -l info elasticsearch >> $setup_log 2>&1
 	fi
@@ -565,7 +565,7 @@ fi
 		salt-call state.apply -l info pcap >> $setup_log 2>&1
 	fi
 
-	if [[ $is_sensor || $is_importpcap ]]; then
+	if [[ $is_sensor || $is_import ]]; then
 		set_progress_str 66 "$(print_salt_state_apply 'suricata')"
 		salt-call state.apply -l info suricata >> $setup_log 2>&1
 
@@ -578,7 +578,7 @@ fi
 		salt-call state.apply -l info curator >> $setup_log 2>&1
 	fi
 
-	if [[ $is_manager || $is_importpcap ]]; then
+	if [[ $is_manager || $is_import ]]; then
 		set_progress_str 69 "$(print_salt_state_apply 'soc')"
 		salt-call state.apply -l info soc >> $setup_log 2>&1
 
@@ -644,7 +644,7 @@ fi
 		fi
 	fi
 
-	if [[ $is_manager || $is_helix || $is_importpcap ]]; then		
+	if [[ $is_manager || $is_helix || $is_import ]]; then		
 		set_progress_str 81 "$(print_salt_state_apply 'utility')"
 		salt-call state.apply -l info utility >> $setup_log 2>&1
 	fi

setup/so-whiptail

@@ -475,7 +475,7 @@ whiptail_install_type() {
 		"EVAL" "Evaluation mode (not for production) " ON \
 		"STANDALONE" "Standalone production install " OFF \
 		"DISTRIBUTED" "Distributed install submenu " OFF \
-		"IMPORTPCAP" "Import PCAP mode " OFF \
+		"IMPORT" "Standalone to import PCAP or log files " OFF \
 		3>&1 1>&2 2>&3
 	)