diff --git a/setup/so-functions b/setup/so-functions
index 0568272be..2fea2e98d 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -109,12 +109,8 @@ wait_for_file() {
return 1
}
-wait_for_identity_db_to_exist() {
- return "$(wait_for_file /opt/so/conf/kratos/db/db.sqlite 30 5)"
-}
-
add_web_user() {
- wait_for_identity_db_to_exist
+ wait_for_file /opt/so/conf/kratos/db/db.sqlite 30 5
echo "Attempting to add administrator user for web interface..."
echo "$WEBPASSWD1" | /usr/sbin/so-user add "$WEBUSER"
echo "Add user result: $?"
@@ -123,7 +119,7 @@ add_web_user() {
# Create an secrets pillar so that passwords survive re-install
secrets_pillar(){
if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
- echo "Creating Secrets Pillar" >> "$SETUPLOG" 2>&1
+ echo "Creating Secrets Pillar" >> "$setup_log" 2>&1
mkdir -p /opt/so/saltstack/pillar
printf '%s\n'\
"secrets:"\
@@ -136,9 +132,9 @@ secrets_pillar(){
# Enable Bro Logs
bro_logs_enabled() {
- echo "Enabling Bro Logs" >> "$SETUPLOG" 2>&1
+ echo "Enabling Bro Logs" >> "$setup_log" 2>&1
- local brologs_pillar="$SCRIPTDIR/pillar/brologs.sls"
+ local brologs_pillar="$./pillar/brologs.sls"
printf '%s\n'\
"brologs:"\
@@ -230,16 +226,16 @@ check_network_manager_conf() {
mv "$gmdconf" "${gmdconf}.bak"
touch "$gmdconf"
systemctl restart NetworkManager
- } >> "$SETUPLOG" 2>&1
+ } >> "$setup_log" 2>&1
fi
fi
if test -f "$nmconf"; then
- sed -i 's/managed=false/managed=true/g' "$nmconf" >> "$SETUPLOG" 2>&1
+ sed -i 's/managed=false/managed=true/g' "$nmconf" >> "$setup_log" 2>&1
fi
if [[ ! -d "$preupdir" ]]; then
- mkdir "$preupdir" >> "$SETUPLOG" 2>&1
+ mkdir "$preupdir" >> "$setup_log" 2>&1
fi
}
@@ -266,23 +262,11 @@ check_web_pass() {
check_pass_match "$WEBPASSWD1" "$WEBPASSWD2" "WPMATCH"
}
-checkin_at_boot() {
- echo "Enabling checkin at boot" >> "$SETUPLOG" 2>&1
- echo "startup_states: highstate" >> /etc/salt/minion
-}
-
-chown_salt_master() {
-
- echo "Chown the salt dirs on the master for socore" >> "$SETUPLOG" 2>&1
- chown -R socore:socore /opt/so
-
-}
-
clear_master() {
# Clear out the old master public key in case this is a re-install.
# This only happens if you re-install the master.
if [ -f /etc/salt/pki/minion/minion_master.pub ]; then
- echo "Clearing old master key" >> "$SETUPLOG" 2>&1
+ echo "Clearing old master key" >> "$setup_log" 2>&1
rm /etc/salt/pki/minion/minion_master.pub
service salt-minion restart
fi
@@ -313,17 +297,17 @@ collect_webuser_inputs() {
done
}
-# $1 => install type
+# $1 => minion type
configure_minion() {
- local TYPE=$1
- echo "Configuring minion type as $TYPE" >> "$SETUPLOG" 2>&1
- echo "role: so-$TYPE" > /etc/salt/grains
+ local minion_type=$1
+ echo "Configuring minion type as $minion_type" >> "$setup_log" 2>&1
+ echo "role: so-$minion_type" > /etc/salt/grains
local minion_config=/etc/salt/minion
echo "id: $MINION_ID" > "$minion_config"
- case "$TYPE" in
+ case "$minion_type" in
'helix')
echo "master: $HOSTNAME" >> "$minion_config"
;;
@@ -347,10 +331,12 @@ configure_minion() {
printf '%s\n'\
"use_superseded:"\
- " - module.run" >> /etc/salt/minion
+ " - module.run" >> "$minion_config"
service salt-minion restart
+ echo "Enabling checkin at boot" >> "$setup_log" 2>&1
+ echo "startup_states: highstate" >> "$minion_config"
}
copy_master_config() {
@@ -359,32 +345,31 @@ copy_master_config() {
if [ "$INSTALLMETHOD" = 'iso' ]; then
cp /root/SecurityOnion/files/master /etc/salt/master
else
- cp "$SCRIPTDIR"/../files/master /etc/salt/master
+ cp "../files/master" /etc/salt/master
fi
- # Restart the service so it picks up the changes -TODO Enable service on CentOS
- service salt-master restart
-
+ # Restart the service so it picks up the changes
+ systemctl restart salt-master
}
copy_minion_tmp_files() {
- case "$INSTALLTYPE" in
+ case "$install_type" in
'MASTER' | 'EVAL' | 'HELIXSENSOR' | 'MASTERSEARCH')
- echo "Copying pillar and salt files in $TMP to /opt/so/saltstack"
- cp -Rv "$TMP"/pillar/ /opt/so/saltstack/ >> "$SETUPLOG" 2>&1
- if [ -d "$TMP"/salt ] ; then
- cp -Rv "$TMP"/salt/ /opt/so/saltstack/ >> "$SETUPLOG" 2>&1
+ echo "Copying pillar and salt files in $temp_install_dir to /opt/so/saltstack"
+ cp -Rv "$temp_install_dir"/pillar/ /opt/so/saltstack/ >> "$setup_log" 2>&1
+ if [ -d "$temp_install_dir"/salt ] ; then
+ cp -Rv "$temp_install_dir"/salt/ /opt/so/saltstack/ >> "$setup_log" 2>&1
fi
;;
*)
{
- echo "scp pillar and salt files in $TMP to master /opt/so/saltstack";
+ echo "scp pillar and salt files in $temp_install_dir to master /opt/so/saltstack";
ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar;
ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules;
- scp -prv -i /root/.ssh/so.key "$TMP"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
- scp -prv -i /root/.ssh/so.key "$TMP"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules;
+ scp -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
+ scp -prv -i /root/.ssh/so.key "$temp_install_dir"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules;
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/salt/master/files/add_minion.sh "$MINION_ID";
- } >> "$SETUPLOG" 2>&1
+ } >> "$setup_log" 2>&1
;;
esac
}
@@ -403,11 +388,11 @@ copy_ssh_key() {
create_sensor_bond() {
- echo "Setting up sensor bond" >> "$SETUPLOG" 2>&1
+ echo "Setting up sensor bond" >> "$setup_log" 2>&1
local nic_error=0
- check_network_manager_conf >> "$SETUPLOG" 2>&1
+ check_network_manager_conf >> "$setup_log" 2>&1
# Set the MTU
if [[ $NSMSETUP != 'ADVANCED' ]]; then
@@ -420,7 +405,7 @@ create_sensor_bond() {
ipv4.method disabled \
ipv6.method ignore \
ethernet.mtu $MTU \
- connection.autoconnect "yes" >> "$SETUPLOG" 2>&1
+ connection.autoconnect "yes" >> "$setup_log" 2>&1
fi
@@ -430,7 +415,7 @@ create_sensor_bond() {
# Check if specific offload features are able to be disabled
for string in "generic-segmentation-offload" "generic-receive-offload" "tcp-segmentation-offload"; do
if ethtool -k "$BONDNIC" | grep $string | grep -q "on [fixed]"; then
- echo "The hardware or driver for interface ${BONDNIC} is not supported, packet capture may not work as expected." >> "$SETUPLOG" 2>&1
+ echo "The hardware or driver for interface ${BONDNIC} is not supported, packet capture may not work as expected." >> "$setup_log" 2>&1
nic_error=1
break
fi
@@ -438,7 +423,7 @@ create_sensor_bond() {
# Turn off various offloading settings for the interface
for i in rx tx sg tso ufo gso gro lro; do
- ethtool -K "$BONDNIC" $i off >> "$SETUPLOG" 2>&1
+ ethtool -K "$BONDNIC" $i off >> "$setup_log" 2>&1
done
# Check if the bond slave connection has already been created
@@ -446,10 +431,10 @@ create_sensor_bond() {
# Create the slave interface and assign it to the bond
nmcli con add type ethernet ifname "$BONDNIC" con-name "bond0-slave-$BONDNIC" master bond0 -- \
ethernet.mtu $MTU \
- connection.autoconnect "yes" >> "$SETUPLOG" 2>&1
+ connection.autoconnect "yes" >> "$setup_log" 2>&1
fi
- nmcli con up "bond0-slave-$BONDNIC" >> "$SETUPLOG" 2>&1 # Bring the slave interface up
+ nmcli con up "bond0-slave-$BONDNIC" >> "$setup_log" 2>&1 # Bring the slave interface up
done
if [ $nic_error != 0 ]; then
@@ -457,11 +442,11 @@ create_sensor_bond() {
fi
}
-# keep ">> $SETUPLOG" syntax
+# keep ">> $setup_log" syntax
detect_os() {
# Detect Base OS
- echo "Detecting Base OS" >> "$SETUPLOG" 2>&1
+ echo "Detecting Base OS" >> "$setup_log" 2>&1
if [ -f /etc/redhat-release ]; then
OS=centos
if grep -q "CentOS Linux release 7" /etc/redhat-release; then
@@ -476,7 +461,7 @@ detect_os() {
fi
# Install bind-utils so the host command exists
- yum -y install bind-utils >> "$SETUPLOG" 2>&1
+ yum -y install bind-utils >> "$setup_log" 2>&1
elif [ -f /etc/os-release ]; then
@@ -494,14 +479,14 @@ detect_os() {
apt-get install -y network-manager;
systemctl enable NetworkManager;
systemctl start NetworkManager;
- } >> "$SETUPLOG" 2<&1
+ } >> "$setup_log" 2<&1
else
echo "We were unable to determine if you are using a supported OS."
exit 1
fi
- echo "Found OS: $OS $OSVER" >> "$SETUPLOG" 2>&1
+ echo "Found OS: $OS $OSVER" >> "$setup_log" 2>&1
}
@@ -511,15 +496,15 @@ disable_onion_user() {
}
disable_misc_network_features() {
- for UNUSED_NIC in "${FNICS[@]}"; do
+ for unused_nic in "${filtered_nics[@]}"; do
# Disable DHCPv4/v6 and autoconnect
- nmcli con mod "$UNUSED_NIC" \
+ nmcli con mod "$unused_nic" \
ipv4.method disabled \
ipv6.method ignore \
- connection.autoconnect "no" >> "$SETUPLOG" 2>&1
+ connection.autoconnect "no" >> "$setup_log" 2>&1
# Flush any existing IPs
- ip addr flush "$UNUSED_NIC" >> "$SETUPLOG" 2>&1
+ ip addr flush "$unused_nic" >> "$setup_log" 2>&1
done
# Disable IPv6
{
@@ -537,23 +522,23 @@ docker_install() {
yum -y update
yum -y install docker-ce
else
- case "$INSTALLTYPE" in
+ case "$install_type" in
'MASTER' | 'EVAL')
- apt-get update >> "$SETUPLOG" 2>&1
+ apt-get update >> "$setup_log" 2>&1
;;
*)
{
- apt-key add "$TMP"/gpg/docker.pub;
+ apt-key add "$temp_install_dir"/gpg/docker.pub;
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable";
apt-get update;
- } >> "$SETUPLOG" 2>&1
+ } >> "$setup_log" 2>&1
;;
esac
if [ $OSVER != "xenial" ]; then
- apt-get -y install docker-ce python3-docker >> "$SETUPLOG" 2>&1
+ apt-get -y install docker-ce python3-docker >> "$setup_log" 2>&1
else
- apt-get -y install docker-ce python-docker >> "$SETUPLOG" 2>&1
+ apt-get -y install docker-ce python-docker >> "$setup_log" 2>&1
fi
fi
docker_registry
@@ -561,23 +546,23 @@ docker_install() {
echo "Restarting Docker";
systemctl restart docker;
systemctl enable docker;
- } >> "$SETUPLOG" 2>&1
+ } >> "$setup_log" 2>&1
}
docker_registry() {
- echo "Setting up Docker Registry" >> "$SETUPLOG" 2>&1
- mkdir -p /etc/docker >> "$SETUPLOG" 2>&1
+ echo "Setting up Docker Registry" >> "$setup_log" 2>&1
+ mkdir -p /etc/docker >> "$setup_log" 2>&1
# Make the host use the master docker registry
printf '%s\n'\
"{"\
" \"registry-mirrors\": [\"https://$MSRV:5000\"]"\
"}" > /etc/docker/daemon.json
- echo "Docker Registry Setup - Complete" >> "$SETUPLOG" 2>&1
+ echo "Docker Registry Setup - Complete" >> "$setup_log" 2>&1
}
docker_seed_registry() {
- local VERSION="HH$SOVERSION"
+ local VERSION="HH$so_version"
if [ ! -f /nsm/docker-registry/docker/so-dockers-"$VERSION".tar ]; then
local TRUSTED_CONTAINERS=(\
@@ -591,7 +576,7 @@ docker_seed_registry() {
"so-telegraf:$VERSION" \
"so-zeek:$VERSION"
)
- if [ "$INSTALLTYPE" != 'HELIXSENSOR' ]; then
+ if [ "$install_type" != 'HELIXSENSOR' ]; then
TRUSTED_CONTAINERS=("${TRUSTED_CONTAINERS[@]}" \
"so-acng:$VERSION" \
"so-thehive-cortex:$VERSION" \
@@ -636,34 +621,19 @@ docker_seed_registry() {
es_heapsize() {
# Determine ES Heap Size
- if [ "$TOTAL_MEM" -lt 8000 ] ; then
+ if [ "$total_mem" -lt 8000 ] ; then
ES_HEAP_SIZE="600m"
- elif [ "$TOTAL_MEM" -ge 100000 ]; then
+ elif [ "$total_mem" -ge 100000 ]; then
# Set a max of 25GB for heap size
# https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html
ES_HEAP_SIZE="25000m"
else
# Set heap size to 25% of available memory
- ES_HEAP_SIZE=$(( TOTAL_MEM / 4 ))"m"
+ ES_HEAP_SIZE=$(( total_mem / 4 ))"m"
fi
}
-filter_unused_nics() {
- # Set the main NIC as the default grep search string
- local grep_string="$MNIC"
-
- # If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string
- if [[ $BNICS ]]; then
- for BONDNIC in "${BNICS[@]}"; do
- grep_string="$grep_string\|$BONDNIC"
- done
- fi
-
- # Finally, set FNICS to any NICs we aren't using (and ignore interfaces that aren't of use)
- FNICS=$(ip link | grep -vwe "$grep_string" | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}')
-}
-
fireeye_pillar() {
local fireeye_pillar_path=/opt/so/saltstack/pillar/fireeye
@@ -679,7 +649,7 @@ fireeye_pillar() {
fleet_pillar() {
- local pillar_file="$TMP"/pillar/minions/"$MINION_ID".sls
+ local pillar_file="$temp_install_dir"/pillar/minions/"$MINION_ID".sls
# Create the fleet pillar
printf '%s\n'\
@@ -701,10 +671,6 @@ generate_passwords(){
KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
}
-get_filesystem_nsm(){
- FSNSM=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
-}
-
get_log_size_limit() {
local DISK_DIR="/"
@@ -718,11 +684,6 @@ get_log_size_limit() {
LOG_SIZE_LIMIT=$(( PERCENTAGE_DISK_SPACE / 1000000000 ))
}
-
-get_filesystem_root(){
- FSROOT=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
-}
-
get_main_ip() {
# Get the main IP address the box is using
@@ -760,18 +721,10 @@ got_root() {
install_cleanup() {
echo "Installer removing the following files:"
- ls -lR "$TMP"
+ ls -lR "$temp_install_dir"
# Clean up after ourselves
- rm -rf "$TMP"
-
-}
-
-install_prep() {
-
- # Create a tmp space that isn't in /tmp
- mkdir -p /root/installtmp/pillar/minions
- TMP=/root/installtmp
+ rm -rf "$temp_install_dir"
}
@@ -815,7 +768,7 @@ ls_heapsize() {
master_pillar() {
- local pillar_file=$TMP/pillar/minions/$MINION_ID.sls
+ local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
# Create the master pillar
printf '%s\n'\
@@ -826,7 +779,7 @@ master_pillar() {
" freq: 0"\
" domainstats: 0" >> "$pillar_file"
- if [ "$INSTALLTYPE" = 'EVAL' ] || [ "$INSTALLTYPE" = 'HELIXSENSOR' ] || [ "$INSTALLTYPE" = 'MASTERSEARCH' ]; then
+ if [ "$install_type" = 'EVAL' ] || [ "$install_type" = 'HELIXSENSOR' ] || [ "$install_type" = 'MASTERSEARCH' ]; then
printf '%s\n'\
" ls_pipeline_batch_size: 125"\
" ls_input_threads: 1"\
@@ -840,8 +793,8 @@ master_pillar() {
" ls_pipeline_workers: $CPUCORES"\
" nids_rules: $RULESETUP"\
" oinkcode: $OINKCODE"\
- " es_port: $NODE_ES_PORT"\
- " log_size_limit: $LOG_SIZE_LIMIT"\
+ " es_port: $node_es_port"\
+ " log_size_limit: $log_size_limit"\
" cur_close_days: $CURCLOSEDAYS"\
" grafana: $GRAFANA"\
" osquery: $OSQUERY"\
@@ -860,7 +813,7 @@ master_pillar() {
REDIRECTIT=$HOSTNAME
;;
*)
- REDIRECTIT="$REDIRECT"
+ REDIRECTIT="$REDIRECTHOST"
;;
esac
@@ -878,7 +831,7 @@ master_static() {
# Create a static file for global values
printf '%s\n'\
"static:"\
- " soversion: HH$SOVERSION"\
+ " soversion: HH$so_version"\
" hnmaster: $HNMASTER"\
" ntpserver: $NTPSERVER"\
" proxy: $PROXY"\
@@ -930,16 +883,16 @@ network_setup() {
fi
echo "... Copying 99-so-checksum-offload-disable";
- cp "$SCRIPTDIR/install_scripts/99-so-checksum-offload-disable" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ;
+ cp "$./install_scripts/99-so-checksum-offload-disable" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ;
echo "... Modifying 99-so-checksum-offload-disable";
sed -i "s/\$MAININT/${MAININT}/g" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable;
- } >> "$SETUPLOG" 2>&1
+ } >> "$setup_log" 2>&1
}
node_pillar() {
- local pillar_file=$TMP/pillar/minions/$MINION_ID.sls
+ local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
# Create the node pillar
printf '%s\n'\
@@ -955,8 +908,8 @@ node_pillar() {
" ls_batch_count: $LSINPUTBATCHCOUNT"\
" es_shard_count: $SHARDCOUNT"\
" node_type: $NODETYPE"\
- " es_port: $NODE_ES_PORT"\
- " log_size_limit: $LOG_SIZE_LIMIT"\
+ " es_port: $node_es_port"\
+ " log_size_limit: $log_size_limit"\
" cur_close_days: $CURCLOSEDAYS"\
"" >> "$pillar_file"
@@ -964,7 +917,7 @@ node_pillar() {
patch_pillar() {
- local pillar_file=$TMP/pillar/minions/$MINION_ID.sls
+ local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
printf '%s\n'\
""\
@@ -978,7 +931,7 @@ patch_pillar() {
}
patch_schedule_os_new() {
- local OSPATCHSCHEDULEDIR="$TMP/salt/patch/os/schedules"
+ local OSPATCHSCHEDULEDIR="$temp_install_dir/salt/patch/os/schedules"
local OSPATCHSCHEDULE="$OSPATCHSCHEDULEDIR/$PATCHSCHEDULENAME.yml"
mkdir -p $OSPATCHSCHEDULEDIR
@@ -1018,7 +971,7 @@ saltify() {
# Install updates and Salt
if [ $OS = 'centos' ]; then
- case "$INSTALLTYPE" in
+ case "$install_type" in
'MASTER' | 'EVAL' | 'MASTERSEARCH' | 'FLEET') # FIXME: should this be separate?
yum instal -y mariadb-devel
;;
@@ -1034,21 +987,21 @@ saltify() {
wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg
wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH
- cp "$SCRIPTDIR/yum_repos/wazuh.repo" /etc/yum.repos.d/wazuh.repo
+ cp "$./yum_repos/wazuh.repo" /etc/yum.repos.d/wazuh.repo
yum -y install salt-master-2019.2.3
systemctl enable salt-master
;;
*)
if [ "$MASTERUPDATES" -eq 1 ]; then
# Create the GPG Public Key for the Salt Repo
- cp "$SCRIPTDIR"/public_keys/salt.pem /etc/pki/rpm-gpg/saltstack-signing-key
+ cp "$./public_keys/salt.pem" /etc/pki/rpm-gpg/saltstack-signing-key
# Add the Wazuh Key
- cp "$SCRIPTDIR"/public_keys/wazuh.pem /etc/pki/rpm-gpg/GPG-KEY-WAZUH
+ cp "$./public_keys/wazuh.pem" /etc/pki/rpm-gpg/GPG-KEY-WAZUH
# Copy repo files over
- cp "$SCRIPTDIR"/yum_repos/salt-latest.repo /etc/yum.repos.d/salt-latest.repo
- cp "$SCRIPTDIR"/yum_repos/salt-2019-2.repo /etc/yum.repos.d/salt-2019-2.repo
+ cp "$./yum_repos/salt-latest.repo" /etc/yum.repos.d/salt-latest.repo
+ cp "$./yum_repos/salt-2019-2.repo" /etc/yum.repos.d/salt-2019-2.repo
else
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
cp /etc/yum.repos.d/salt-py3-latest.repo /etc/yum.repos.d/salt-2019-2.repo
@@ -1056,7 +1009,7 @@ saltify() {
fi
;;
esac
- cp "$SCRIPTDIR/yum_repos/wazuh.repo" /etc/yum.repos.d/wazuh.repo
+ cp "$./yum_repos/wazuh.repo" /etc/yum.repos.d/wazuh.repo
yum clean expire-cache
yum -y install epel-release\
salt-minion-2019.2.3\
@@ -1086,15 +1039,15 @@ saltify() {
software-properties-common\
apt-transport-https\
openssl\
- jq >> "$SETUPLOG" 2>&1
+ jq >> "$setup_log" 2>&1
# Grab the version from the os-release file
local ubuntu_version
ubuntu_version=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}')
- case "$INSTALLTYPE" in
+ case "$install_type" in
'FLEET')
- if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$SETUPLOG" 2>&1; else apt-get -y install python-mysqldb >> "$SETUPLOG" 2>&1; fi
+ if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$setup_log" 2>&1; else apt-get -y install python-mysqldb >> "$setup_log" 2>&1; fi
;;
'MASTER' | 'EVAL' | 'MASTERSEARCH') # TODO: should this also be HELIXSENSOR?
if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi
@@ -1120,35 +1073,35 @@ saltify() {
# Add repo
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
# Initialize the new repos
- apt-get update >> "$SETUPLOG" 2>&1
+ apt-get update >> "$setup_log" 2>&1
# FIXME: Install salt-master on Ubuntu?
- apt-get -y install sqlite3 argon2 openssl >> "$SETUPLOG" 2>&1
- if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$SETUPLOG" 2>&1; else apt-get -y install python-mysqldb >> "$SETUPLOG" 2>&1; fi
+ apt-get -y install sqlite3 argon2 openssl >> "$setup_log" 2>&1
+ if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$setup_log" 2>&1; else apt-get -y install python-mysqldb >> "$setup_log" 2>&1; fi
;;
*)
# Copy down the gpg keys and install them from the master
- mkdir "$TMP"/gpg
+ mkdir "$temp_install_dir"/gpg
echo "scp the gpg keys and install them from the master"
- scp -v -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/gpg/* "$TMP"/gpg
+ scp -v -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/gpg/* "$temp_install_dir"/gpg
echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH"
- apt-key add "$TMP"/gpg/SALTSTACK-GPG-KEY.pub
- apt-key add "$TMP"/gpg/GPG-KEY-WAZUH
+ apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub
+ apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH
echo "deb http://repo.saltstack.com/apt/ubuntu/$ubuntu_version/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack.list
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
;;
esac
- apt-get update >> "$SETUPLOG" 2>&1
+ apt-get update >> "$setup_log" 2>&1
apt-get -y install salt-minion=2019.2.3+ds-1\
- salt-common=2019.2.3+ds-1 >> "$SETUPLOG" 2>&1
+ salt-common=2019.2.3+ds-1 >> "$setup_log" 2>&1
apt-mark hold salt-minion salt-common
- if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-dateutil python3-m2crypto >> "$SETUPLOG" 2>&1; else apt-get -y install python-dateutil python-m2crypto >> "$SETUPLOG" 2>&1; fi
+ if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-dateutil python3-m2crypto >> "$setup_log" 2>&1; else apt-get -y install python-dateutil python-m2crypto >> "$setup_log" 2>&1; fi
fi
}
salt_checkin() {
- case "$INSTALLTYPE" in
+ case "$install_type" in
'MASTER' | 'EVAL' | 'HELIXSENSOR' | 'MASTERSEARCH') # Fix Mine usage
{
echo "Building Certificate Authority";
@@ -1162,11 +1115,11 @@ salt_checkin() {
salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt;
echo " Applying SSL state";
salt-call state.apply ssl;
- } >> "$SETUPLOG" 2>&1
+ } >> "$setup_log" 2>&1
;;
*)
- salt-call state.apply ca >> "$SETUPLOG" 2>&1
- salt-call state.apply ssl >> "$SETUPLOG" 2>&1
+ salt-call state.apply ca >> "$setup_log" 2>&1
+ salt-call state.apply ssl >> "$setup_log" 2>&1
;;
esac
}
@@ -1174,11 +1127,11 @@ salt_checkin() {
# FIXME: should this be a function?
salt_firstcheckin() {
#First Checkin
- salt-call state.highstate >> "$SETUPLOG" 2>&1
+ salt-call state.highstate >> "$setup_log" 2>&1
}
-salt_master_directories() {
+setup_salt_master_dirs() {
# Create salt paster directories
mkdir -p /opt/so/saltstack/salt
mkdir -p /opt/so/saltstack/pillar
@@ -1188,19 +1141,17 @@ salt_master_directories() {
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* /opt/so/saltstack/pillar/
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* /opt/so/saltstack/salt/
else
- cp -R "$SCRIPTDIR"/../pillar/* /opt/so/saltstack/pillar/
- cp -R "$SCRIPTDIR"/../salt/* /opt/so/saltstack/salt/
+ cp -R ../pillar/* /opt/so/saltstack/pillar/
+ cp -R ../salt/* /opt/so/saltstack/salt/
fi
- # FIXME: why is this being done?
- chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh
- chmod +x /opt/so/saltstack/pillar/data/addtotab.sh
-
+ echo "Chown the salt dirs on the master for socore" >> "$setup_log" 2>&1
+ chown -R socore:socore /opt/so
}
sensor_pillar() {
- local pillar_file=$TMP/pillar/minions/$MINION_ID.sls
+ local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
# Create the sensor pillar
printf '%s\n'\
@@ -1220,9 +1171,9 @@ sensor_pillar() {
SPIN=$(echo "$SPIN" | cut -d\" -f2)
echo " - $SPIN" >> "$pillar_file"
done
- elif [ "$INSTALLTYPE" = 'HELIXSENSOR' ]; then
- echo " bro_lbprocs: $LBPROCS" >> "$pillar_file"
- echo " suriprocs: $LBPROCS" >> "$pillar_file"
+ elif [ "$install_type" = 'HELIXSENSOR' ]; then
+ echo " bro_lbprocs: $lb_procs" >> "$pillar_file"
+ echo " suriprocs: $lb_procs" >> "$pillar_file"
else
echo " bro_lbprocs: $BASICBRO" >> "$pillar_file"
echo " suriprocs: $BASICSURI" >> "$pillar_file"
@@ -1234,8 +1185,8 @@ sensor_pillar() {
" master: $MSRV"\
" mtu: $MTU"\
" uniqueid: $(date '+%s')" >> "$pillar_file"
- if [ "$HNSENSOR" != 'inherit' ]; then
- echo " hnsensor: $HNSENSOR" >> "$pillar_file"
+ if [ "$home_network_sensor" != 'inherit' ]; then
+ echo " home_network_sensor: $home_network_sensor" >> "$pillar_file"
fi
printf '%s\n'\
" access_key: $ACCESS_KEY"\
@@ -1248,7 +1199,7 @@ set_hostname() {
set_hostname_iso
HOSTNAME=$(cat /etc/hostname)
- if [[ ! $INSTALLTYPE =~ ^(MASTER|EVAL|HELIXSENSOR|MASTERSEARCH)$ ]]; then
+ if [[ ! $install_type =~ ^(MASTER|EVAL|HELIXSENSOR|MASTERSEARCH)$ ]]; then
if [[ $TESTHOST = *"not found"* ]] || [ -z "$TESTHOST" ] || [[ $TESTHOST = *"connection timed out"* ]]; then
if ! grep -q "$MSRVIP" /etc/hosts; then
echo "$MSRVIP $MSRV" >> /etc/hosts
@@ -1271,22 +1222,22 @@ set_initial_firewall_policy() {
get_main_ip
- case "$INSTALLTYPE" in
+ case "$install_type" in
'MASTER')
printf " - %s\n" "$MAINIP" | tee /opt/so/saltstack/pillar/firewall/minions.sls /opt/so/saltstack/pillar/firewall/masterfw.sls
- /opt/so/saltstack/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM"
+ /opt/so/saltstack/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$CPUCORES" "$random_uid" "$MAININT" "$FSROOT" "$FSNSM"
;;
'EVAL' | 'MASTERSEARCH')
printf " - %s\n" "$MAINIP" | tee /opt/so/saltstack/pillar/firewall/minions.sls\
/opt/so/saltstack/pillar/firewall/masterfw.sls\
/opt/so/saltstack/pillar/firewall/forward_nodes.sls\
/opt/so/saltstack/pillar/firewall/search_nodes.sls
- case "$INSTALLTYPE" in
+ case "$install_type" in
'EVAL')
- /opt/so/saltstack/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM" bond0
+ /opt/so/saltstack/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$CPUCORES" "$random_uid" "$MAININT" "$FSROOT" "$FSNSM" bond0
;;
'MASTERSEARCH')
- /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM"
+ /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$CPUCORES" "$random_uid" "$MAININT" "$FSROOT" "$FSNSM"
;;
esac
;;
@@ -1300,17 +1251,17 @@ set_initial_firewall_policy() {
case "$INSTALLERTYPE" in
'SENSOR')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
- ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM" bond0
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$CPUCORES" "$random_uid" "$MAININT" "$FSROOT" "$FSNSM" bond0
;;
'SEARCHNODE')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
- ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM"
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$CPUCORES" "$random_uid" "$MAININT" "$FSROOT" "$FSNSM"
;;
'HEAVYNODE')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
- ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM" bond0
- ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$CPUCORES" "$RANDOMUID" "$MAININT" "$FSROOT" "$FSNSM"
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$CPUCORES" "$random_uid" "$MAININT" "$FSROOT" "$FSNSM" bond0
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$CPUCORES" "$random_uid" "$MAININT" "$FSROOT" "$FSNSM"
;;
esac
;;
@@ -1346,7 +1297,7 @@ set_management_interface() {
set_node_type() {
- case "$INSTALLTYPE" in
+ case "$install_type" in
'SEARCHNODE' | 'EVAL' | 'MASTERSEARCH' | 'HEAVYNODE')
NODETYPE='search'
;;
@@ -1380,7 +1331,7 @@ set_updates() {
# FIXME: should this be a function?
set_version() {
# Drop a file with the current version
- echo "$SOVERSION" > /etc/soversion
+ echo "$so_version" > /etc/soversion
}
update_sudoers() {
diff --git a/setup/so-setup b/setup/so-setup
index 51c277172..2ca24cf1f 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -16,984 +16,953 @@
# along with this program. If not, see .
# Source the other pieces of the setup
-SCRIPTDIR=$(dirname "$0")
-source "$SCRIPTDIR/so-functions"
-source "$SCRIPTDIR/so-whiptail"
+cd "$(dirname "$0")" || exit 255
+source "./so-functions"
+source "./so-whiptail"
+source "./so-variables"
+source "./so-common-functions"
# See if this is an ISO install
-OPTIONS=$1
+install_type=$1
-if [[ $OPTIONS = 'iso' ]]; then
- INSTALLMETHOD="iso"
-else
- INSTALLMETHOD="network"
-fi
+case "$install_type" in
+ iso | network) # Accepted values
+ true
+ ;;
+ *)
+ echo "Invalid install type, must be 'iso' or 'network'"
+ exit 1
+ ;;
+esac
# Allow execution of SO tools during setup
export PATH=$PATH:../salt/common/tools/sbin
# Reset the Install Log
-date -u > $SETUPLOG 2>&1
-echo "stty size is: $(stty size)" >> $SETUPLOG 2>&1
+date -u > $setup_log 2>&1
+echo "stty size is: $(stty size)" >> $setup_log 2>&1
# Check for prerequisites
got_root
detect_os
if [ "$OS" == ubuntu ]; then
- # Override the horrible Ubuntu whiptail color pallete
- update-alternatives --set newt-palette /etc/newt/palette.original >> $SETUPLOG 2>&1
+ # Override the horrible Ubuntu whiptail color pallete
+ update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1
fi
# Question Time
-echo "Asking user if they are sure they want to proceed" >> $SETUPLOG 2>&1
+echo "Asking user if they are sure they want to proceed" >> $setup_log 2>&1
if (whiptail_you_sure) ; then
- # Create a temp dir to get started
- install_prep >> $SETUPLOG 2>&1
- setterm -blank 0
+ # Create a temp dir to get started
+ setterm -blank 0
- if [ $INSTALLMETHOD == network ]; then
- # Let folks know they need their management interface already set up.
- whiptail_network_notice
+ if [ $install_type == network ]; then
+ # Let folks know they need their management interface already set up.
+ whiptail_network_notice
- # Set the hostname to reduce errors
- whiptail_set_hostname
+ # Set the hostname to reduce errors
+ whiptail_set_hostname
- # Set management nic
- whiptail_management_nic
+ # Set management nic
+ whiptail_management_nic
- else
+ else
- # Set the hostname
- whiptail_set_hostname
- whiptail_management_nic
+ # Set the hostname
+ whiptail_set_hostname
+ whiptail_management_nic
- # Ask if you want dhcp or static
- whiptail_dhcp_or_static
+ # Ask if you want dhcp or static
+ whiptail_dhcp_or_static
- # Do this if it static is selected
- if [ "$ADDRESSTYPE" != 'DHCP' ]; then
- whiptail_management_interface_ip
- whiptail_management_interface_mask
- whiptail_management_interface_gateway
- whiptail_management_interface_dns
- whiptail_management_interface_dns_search
- fi
+ # Do this if it static is selected
+ if [ "$ADDRESSTYPE" != 'DHCP' ]; then
+ whiptail_management_interface_ip
+ whiptail_management_interface_mask
+ whiptail_management_interface_gateway
+ whiptail_management_interface_dns
+ whiptail_management_interface_dns_search
+ fi
- # Go ahead and bring up networking so other parts of the install work
- set_hostname_iso
- set_management_interface
+ # Go ahead and bring up networking so other parts of the install work
+ set_hostname_iso
+ set_management_interface
- # Add an admin user
- whiptail_create_admin_user
+ # Add an admin user
+ whiptail_create_admin_user
- # Get a password for the admin user
- APMATCH=no
- while [ $APMATCH != yes ]; do
- whiptail_create_admin_user_password1
- whiptail_create_admin_user_password2
- check_admin_pass
- done
+ # Get a password for the admin user
+ APMATCH=no
+ while [ $APMATCH != yes ]; do
+ whiptail_create_admin_user_password1
+ whiptail_create_admin_user_password2
+ check_admin_pass
+ done
- fi
+ fi
- # Go ahead and gen the keys so we can use them for any sensor type - Disabled for now
- #minio_generate_keys
+ # Go ahead and gen the keys so we can use them for any sensor type - Disabled for now
+ #minio_generate_keys
- # What kind of install are we doing?
- whiptail_install_type
- SHORTNAME=$(echo "$HOSTNAME" | awk -F. '{print $1}')
- MINION_ID=$(echo "$SHORTNAME'_'$INSTALLTYPE" | tr '[:upper:]' '[:lower:]')
- echo "MINION_ID = $MINION_ID" >> $SETUPLOG 2>&1
+ # What kind of install are we doing?
+ whiptail_install_type
+ SHORTNAME=$(echo "$hostname" | awk -F. '{print $1}')
+ MINION_ID=$(echo "$SHORTNAME'_'$install_type" | tr '[:upper:]' '[:lower:]')
+ echo "MINION_ID = $MINION_ID" >> $setup_log 2>&1
- # How do we want to handle OS patching? manual, auto or scheduled days and hours
- whiptail_patch_schedule
- case $PATCHSCHEDULE in
- 'New Schedule')
- whiptail_patch_schedule_select_days
- whiptail_patch_schedule_select_hours
- whiptail_patch_name_new_schedule
- patch_schedule_os_new
- ;;
- 'Import Schedule')
- whiptail_patch_schedule_import
- ;;
- 'Automatic')
- PATCHSCHEDULENAME=auto
- ;;
- 'Manual')
- PATCHSCHEDULENAME=manual
- ;;
- esac
+ # How do we want to handle OS patching? manual, auto or scheduled days and hours
+ whiptail_patch_schedule
+ case $PATCHSCHEDULE in
+ 'New Schedule')
+ whiptail_patch_schedule_select_days
+ whiptail_patch_schedule_select_hours
+ whiptail_patch_name_new_schedule
+ patch_schedule_os_new
+ ;;
+ 'Import Schedule')
+ whiptail_patch_schedule_import
+ ;;
+ 'Automatic')
+ PATCHSCHEDULENAME=auto
+ ;;
+ 'Manual')
+ PATCHSCHEDULENAME=manual
+ ;;
+ esac
- ####################
- ## Helix ##
- ####################
- if [ $"INSTALLTYPE" == 'HELIXSENSOR' ]; then
- MASTERUPDATES=0
- filter_unused_nics
- [[ "$SKIP_BOND" != 'yes' ]] && whiptail_bond_nics
- whiptail_helix_apikey
- whiptail_homenet_master
- RULESETUP=ETOPEN
- NSMSETUP=BASIC
- HNSENSOR=inherit
- LS_HEAP_SIZE="1000m"
- calculate_useable_cores >> "$SETUPLOG" 2>&1
- whiptail_make_changes
- {
- set_hostname;
- set_version;
- clear_master;
- } >> "$SETUPLOG" 2>&1
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- get_main_ip
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
-
- # Install salt and dependencies
- {
- sleep 0.5
- echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
- create_sensor_bond >> $SETUPLOG 2>&1
- echo -e "XXX\n1\nGenerating Sensor Pillar... \nXXX"
- sensor_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n2\nInstalling and configuring Salt... \nXXX"
- echo " ** Installing Salt and Dependencies **" >> $SETUPLOG
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n10\nConfiguring Salt Master... \nXXX"
- echo " ** Configuring Minion **" >> $SETUPLOG
- configure_minion helix >> $SETUPLOG 2>&1
- echo " ** Installing Salt Master **" >> $SETUPLOG
- install_master >> $SETUPLOG 2>&1
- salt_master_directories >> $SETUPLOG 2>&1
- update_sudoers >> $SETUPLOG 2>&1
- chown_salt_master >> $SETUPLOG 2>&1
- es_heapsize >> $SETUPLOG 2>&1
- ls_heapsize >> $SETUPLOG 2>&1
- echo -e "XXX\n25\nConfiguring Default Pillars... \nXXX"
- master_static >> $SETUPLOG 2>&1
- echo "** Generating the master pillar **" >> $SETUPLOG
- master_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- echo "** Generating the FireEye pillar **" >> $SETUPLOG
- fireeye_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- # Do a checkin to push the key up
- echo "** Pushing the key up to Master **" >> $SETUPLOG
- salt_firstcheckin >> $SETUPLOG 2>&1
- # Accept the Master Key
- echo "** Accepting the key on the master **" >> $SETUPLOG
- accept_salt_key_local >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nConfiguring Firewall... \nXXX"
- # Open the firewall
- echo "** Setting the initial firewall policy **" >> $SETUPLOG
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- echo -e "XXX\n40\nGenerating CA... \nXXX"
- salt_checkin >> $SETUPLOG 2>&1
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
- salt-call state.apply registry >> $SETUPLOG 2>&1
- docker_seed_registry >> $SETUPLOG 2>&1
- echo -e "XXX\n43\nInstalling Common Components... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- echo -e "XXX\n45\nApplying firewall rules... \nXXX"
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- salt-call state.apply master >> $SETUPLOG 2>&1
- salt-call state.apply idstools >> $SETUPLOG 2>&1
- echo -e "XXX\n40\nInstalling Redis... \nXXX"
- salt-call state.apply redis >> $SETUPLOG 2>&1
- echo -e "XXX\n60\nInstalling Redis... \nXXX"
- salt-call state.apply logstash >> $SETUPLOG 2>&1
- echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
- salt-call state.apply filebeat >> $SETUPLOG 2>&1
- salt-call state.apply utility >> $SETUPLOG 2>&1
- salt-call state.apply schedule >> $SETUPLOG 2>&1
- echo -e "XXX\n85\nEnabling Checking at Boot... \nXXX"
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- shutdown -r now
- else
- whiptail_setup_failed
- shutdown -r now
- fi
+ ####################
+ ## Helix ##
+ ####################
+ if [ $"install_type" == 'HELIXSENSOR' ]; then
+ MASTERUPDATES=0
+ filter_unused_nics
+ [[ "$SKIP_BOND" != 'yes' ]] && whiptail_bond_nics
+ whiptail_helix_apikey
+ whiptail_homenet_master
+ RULESETUP=ETOPEN
+ NSMSETUP=BASIC
+ home_network_sensor=inherit
+ es_heapsize >> $setup_log 2>&1
+ ls_heapsize >> $setup_log 2>&1
+ calculate_useable_cores >> "$setup_log" 2>&1
+ whiptail_make_changes
+ {
+ set_hostname;
+ set_version;
+ clear_master;
+ } >> "$setup_log" 2>&1
+ mkdir -p /nsm
+ get_main_ip
+ if [ $install_type == iso ]; then
+ add_admin_user
+ disable_onion_user
+ fi
+
+ # Install salt and dependencies
+ {
+ sleep 0.5
+ echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
+ create_sensor_bond >> $setup_log 2>&1
+ echo -e "XXX\n1\nGenerating Sensor Pillar... \nXXX"
+ sensor_pillar >> $setup_log 2>&1
+ echo -e "XXX\n2\nInstalling and configuring Salt... \nXXX"
+ echo " ** Installing Salt and Dependencies **" >> $setup_log
+ saltify >> $setup_log 2>&1
+ echo -e "XXX\n5\nInstalling Docker... \nXXX"
+ docker_install >> $setup_log 2>&1
+ echo -e "XXX\n10\nConfiguring Salt Master... \nXXX"
+ echo " ** Configuring Minion **" >> $setup_log
+ configure_minion helix >> $setup_log 2>&1
+ echo " ** Installing Salt Master **" >> $setup_log
+ install_master >> $setup_log 2>&1
+ setup_salt_master_dirs >> $setup_log 2>&1
+ update_sudoers >> $setup_log 2>&1
+ echo -e "XXX\n25\nConfiguring Default Pillars... \nXXX"
+ master_static >> $setup_log 2>&1
+ echo "** Generating the master pillar **" >> $setup_log
+ master_pillar >> $setup_log 2>&1
+ echo "** Generating the patch pillar **" >> $setup_log
+ patch_pillar >> $setup_log 2>&1
+ echo "** Generating the FireEye pillar **" >> $setup_log
+ fireeye_pillar >> $setup_log 2>&1
+ echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
+ copy_minion_tmp_files >> $setup_log 2>&1
+ # Do a checkin to push the key up
+ echo "** Pushing the key up to Master **" >> $setup_log
+ salt_firstcheckin >> $setup_log 2>&1
+ # Accept the Master Key
+ echo "** Accepting the key on the master **" >> $setup_log
+ accept_salt_key_local >> $setup_log 2>&1
+ echo -e "XXX\n35\nConfiguring Firewall... \nXXX"
+ # Open the firewall
+ echo "** Setting the initial firewall policy **" >> $setup_log
+ set_initial_firewall_policy >> $setup_log 2>&1
+ echo -e "XXX\n40\nGenerating CA... \nXXX"
+ salt_checkin >> $setup_log 2>&1
+ salt-call state.apply ca >> $setup_log 2>&1
+ salt-call state.apply ssl >> $setup_log 2>&1
+ echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
+ salt-call state.apply registry >> $setup_log 2>&1
+ docker_seed_registry >> $setup_log 2>&1
+ echo -e "XXX\n43\nInstalling Common Components... \nXXX"
+ salt-call state.apply common >> $setup_log 2>&1
+ echo -e "XXX\n45\nApplying firewall rules... \nXXX"
+ salt-call state.apply firewall >> $setup_log 2>&1
+ salt-call state.apply master >> $setup_log 2>&1
+ salt-call state.apply idstools >> $setup_log 2>&1
+ echo -e "XXX\n40\nInstalling Redis... \nXXX"
+ salt-call state.apply redis >> $setup_log 2>&1
+ echo -e "XXX\n60\nInstalling Redis... \nXXX"
+ salt-call state.apply logstash >> $setup_log 2>&1
+ echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
+ salt-call state.apply filebeat >> $setup_log 2>&1
+ salt-call state.apply utility >> $setup_log 2>&1
+ salt-call state.apply schedule >> $setup_log 2>&1
+ echo -e "XX\n97\nFinishing touches... \nXXX"
+ filter_unused_nics >> $setup_log 2>&1
+ network_setup >> $setup_log 2>&1
+ echo -e "XXX\n98\nVerifying Setup... \nXXX"
+ salt-call state.highstate >> $setup_log 2>&1
+ } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
+ GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
+ if [[ $GOODSETUP == '0' ]]; then
+ whiptail_setup_complete
+ shutdown -r now
+ else
+ whiptail_setup_failed
+ shutdown -r now
+ fi
- fi
+ fi
- ####################
- ## Master ##
- ####################
- if [ "$INSTALLTYPE" == 'MASTER' ]; then
+ ####################
+ ## Master ##
+ ####################
+ if [ "$install_type" == 'MASTER' ]; then
- # Would you like to do an advanced install?
- whiptail_master_adv
+ # Would you like to do an advanced install?
+ whiptail_master_adv
- # Choose Zeek or Community NSM
- whiptail_bro_version
+ # Choose Zeek or Community NSM
+ whiptail_bro_version
- # Select Snort or Suricata
- whiptail_nids
+ # Select Snort or Suricata
+ whiptail_nids
- # Snag the HOME_NET
- whiptail_homenet_master
+ # Snag the HOME_NET
+ whiptail_homenet_master
- # Pick your Ruleset
- whiptail_rule_setup
+ # Pick your Ruleset
+ whiptail_rule_setup
- # Get the code if it isn't ET Open
- if [ "$RULESETUP" != 'ETOPEN' ]; then
- # Get the code
- whiptail_oinkcode
- fi
+ # Get the code if it isn't ET Open
+ if [ "$RULESETUP" != 'ETOPEN' ]; then
+ # Get the code
+ whiptail_oinkcode
+ fi
- # Find out how to handle updates
- whiptail_master_updates
- whiptail_enable_components
+ # Find out how to handle updates
+ whiptail_master_updates
+ whiptail_enable_components
- # Do Advacned Setup if they chose it
- if [ "$MASTERADV" == 'ADVANCED' ]; then
- # Ask which bro logs to enable - Need to add Suricata check
- if [ "$BROVERSION" != 'SURICATA' ]; then
- whiptail_master_adv_service_brologs
- fi
- fi
+ # Do Advacned Setup if they chose it
+ if [ "$MASTERADV" == 'ADVANCED' ]; then
+ # Ask which bro logs to enable - Need to add Suricata check
+ if [ "$BROVERSION" != 'SURICATA' ]; then
+ whiptail_master_adv_service_brologs
+ fi
+ fi
- # Get a password for the soremote user
- whiptail_create_soremote_user
- SCMATCH=no
- while [ "$SCMATCH" != 'yes' ]; do
- whiptail_create_soremote_user_password1
- whiptail_create_soremote_user_password2
- check_soremote_pass
- done
+ # Get a password for the soremote user
+ whiptail_create_soremote_user
+ SCMATCH=no
+ while [ "$SCMATCH" != 'yes' ]; do
+ whiptail_create_soremote_user_password1
+ whiptail_create_soremote_user_password2
+ check_soremote_pass
+ done
- collect_webuser_inputs
- get_redirect
- # Last Chance to back out
- whiptail_make_changes
- set_hostname
- set_version
- generate_passwords
- secrets_pillar
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- # Enable Bro Logs
- # comment this out since we already copy this file to the destination that this function writes to
- #bro_logs_enabled
+ collect_webuser_inputs
+ get_redirect
+ # Last Chance to back out
+ whiptail_make_changes
+ set_hostname
+ set_version
+ generate_passwords
+ secrets_pillar
+ clear_master
+ # Enable Bro Logs
+ # comment this out since we already copy this file to the destination that this function writes to
+ #bro_logs_enabled
- # Figure out the main IP address
- get_main_ip
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
+ # Figure out the main IP address
+ get_main_ip
+ if [ $install_type == iso ]; then
+ add_admin_user
+ disable_onion_user
+ fi
- # Add the user so we can sit back and relax
- add_socore_user_master
- add_soremote_user_master
+ # Add the user so we can sit back and relax
+ add_socore_user_master
+ add_soremote_user_master
- # Install salt and dependencies
- {
- sleep 0.5
- echo -e "XXX\n1\nInstalling and configuring Salt... \nXXX"
- echo " ** Installing Salt and Dependencies **" >> $SETUPLOG
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n10\nConfiguring Salt Master... \nXXX"
- echo " ** Configuring Minion **" >> $SETUPLOG
- configure_minion master >> $SETUPLOG 2>&1
- echo " ** Installing Salt Master **" >> $SETUPLOG
- install_master >> $SETUPLOG 2>&1
- salt_master_directories >> $SETUPLOG 2>&1
- update_sudoers >> $SETUPLOG 2>&1
- chown_salt_master >> $SETUPLOG 2>&1
- es_heapsize >> $SETUPLOG 2>&1
- ls_heapsize >> $SETUPLOG 2>&1
- echo -e "XXX\n25\nConfiguring Default Pillars... \nXXX"
- master_static >> $SETUPLOG 2>&1
- echo "** Generating the master pillar **" >> $SETUPLOG
- master_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n30\nAccepting Salt Keys... \nXXX"
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- # Do a checkin to push the key up
- echo "** Pushing the key up to Master **" >> $SETUPLOG
- salt_firstcheckin >> $SETUPLOG 2>&1
- # Accept the Master Key
- echo "** Accepting the key on the master **" >> $SETUPLOG
- accept_salt_key_local >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nConfiguring Firewall... \nXXX"
- # Open the firewall
- echo "** Setting the initial firewall policy **" >> $SETUPLOG
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- # Do the big checkin but first let them know it will take a bit.
- echo -e "XXX\n40\nGenerating CA... \nXXX"
- salt_checkin >> $SETUPLOG 2>&1
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- salt-call state.apply registry >> $SETUPLOG 2>&1
- echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
- docker_seed_registry >> $SETUPLOG 2>&1
- echo -e "XXX\n43\nInstalling Common Components... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- echo -e "XXX\n44\nInstalling SOC... \nXXX"
- salt-call state.apply soc >> $SETUPLOG 2>&1
- echo -e "XXX\n45\nApplying firewall rules... \nXXX"
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- salt-call state.apply master >> $SETUPLOG 2>&1
- salt-call state.apply idstools >> $SETUPLOG 2>&1
- echo -e "XXX\n46\nInstalling Redis... \nXXX"
- salt-call state.apply redis >> $SETUPLOG 2>&1
- if [[ $OSQUERY == '1' ]]; then
- echo -e "XXX\n48\nInstalling MySQL... \nXXX"
- salt-call state.apply mysql >> $SETUPLOG 2>&1
- fi
- if [[ $WAZUH == '1' ]]; then
- echo -e "XXX\n48\nInstalling Wazuh... \nXXX"
- salt-call state.apply wazuh >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n49\nInstalling Elastic Components... \nXXX"
- salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
- salt-call state.apply logstash >> $SETUPLOG 2>&1
- salt-call state.apply kibana >> $SETUPLOG 2>&1
- salt-call state.apply elastalert >> $SETUPLOG 2>&1
- echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
- salt-call state.apply filebeat >> $SETUPLOG 2>&1
- salt-call state.apply utility >> $SETUPLOG 2>&1
- salt-call state.apply schedule >> $SETUPLOG 2>&1
- if [[ $OSQUERY == '1' ]]; then
- echo -e "XXX\n79\nInstalling Fleet... \nXXX"
- salt-call state.apply fleet >> $SETUPLOG 2>&1
- salt-call state.apply launcher >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n85\nConfiguring SOctopus... \nXXX"
- salt-call state.apply soctopus >> $SETUPLOG 2>&1
- if [[ $THEHIVE == '1' ]]; then
- echo -e "XXX\n87\nInstalling TheHive... \nXXX"
- salt-call state.apply hive >> $SETUPLOG 2>&1
- fi
- if [[ $PLAYBOOK == '1' ]]; then
- echo -e "XXX\n89\nInstalling Playbook... \nXXX"
- salt-call state.apply playbook >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n75\nEnabling Checking at Boot... \nXXX"
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nAdding user to SOC... \nXXX"
- add_web_user >> $SETUPLOG 2>&1
- echo -e "XXX\n99\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- if [[ $THEHIVE == '1' ]]; then
- check_hive_init_then_reboot
- else
- shutdown -r now
- fi
- else
- whiptail_setup_failed
- shutdown -r now
- fi
+ # Install salt and dependencies
+ {
+ sleep 0.5
+ echo -e "XXX\n1\nInstalling and configuring Salt... \nXXX"
+ echo " ** Installing Salt and Dependencies **" >> $setup_log
+ saltify >> $setup_log 2>&1
+ echo -e "XXX\n5\nInstalling Docker... \nXXX"
+ docker_install >> $setup_log 2>&1
+ echo -e "XXX\n10\nConfiguring Salt Master... \nXXX"
+ echo " ** Configuring Minion **" >> $setup_log
+ configure_minion master >> $setup_log 2>&1
+ echo " ** Installing Salt Master **" >> $setup_log
+ install_master >> $setup_log 2>&1
+ setup_salt_master_dirs >> $setup_log 2>&1
+ update_sudoers >> $setup_log 2>&1
+ es_heapsize >> $setup_log 2>&1
+ ls_heapsize >> $setup_log 2>&1
+ echo -e "XXX\n25\nConfiguring Default Pillars... \nXXX"
+ master_static >> $setup_log 2>&1
+ echo "** Generating the master pillar **" >> $setup_log
+ master_pillar >> $setup_log 2>&1
+ echo "** Generating the patch pillar **" >> $setup_log
+ patch_pillar >> $setup_log 2>&1
+ echo -e "XXX\n30\nAccepting Salt Keys... \nXXX"
+ echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
+ copy_minion_tmp_files >> $setup_log 2>&1
+ # Do a checkin to push the key up
+ echo "** Pushing the key up to Master **" >> $setup_log
+ salt_firstcheckin >> $setup_log 2>&1
+ # Accept the Master Key
+ echo "** Accepting the key on the master **" >> $setup_log
+ accept_salt_key_local >> $setup_log 2>&1
+ echo -e "XXX\n35\nConfiguring Firewall... \nXXX"
+ # Open the firewall
+ echo "** Setting the initial firewall policy **" >> $setup_log
+ set_initial_firewall_policy >> $setup_log 2>&1
+ # Do the big checkin but first let them know it will take a bit.
+ echo -e "XXX\n40\nGenerating CA... \nXXX"
+ salt_checkin >> $setup_log 2>&1
+ salt-call state.apply ca >> $setup_log 2>&1
+ salt-call state.apply ssl >> $setup_log 2>&1
+ salt-call state.apply firewall >> $setup_log 2>&1
+ salt-call state.apply registry >> $setup_log 2>&1
+ echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
+ docker_seed_registry >> $setup_log 2>&1
+ echo -e "XXX\n43\nInstalling Common Components... \nXXX"
+ salt-call state.apply common >> $setup_log 2>&1
+ echo -e "XXX\n44\nInstalling SOC... \nXXX"
+ salt-call state.apply soc >> $setup_log 2>&1
+ echo -e "XXX\n45\nApplying firewall rules... \nXXX"
+ salt-call state.apply firewall >> $setup_log 2>&1
+ salt-call state.apply master >> $setup_log 2>&1
+ salt-call state.apply idstools >> $setup_log 2>&1
+ echo -e "XXX\n46\nInstalling Redis... \nXXX"
+ salt-call state.apply redis >> $setup_log 2>&1
+ if [[ $OSQUERY == '1' ]]; then
+ echo -e "XXX\n48\nInstalling MySQL... \nXXX"
+ salt-call state.apply mysql >> $setup_log 2>&1
+ fi
+ if [[ $WAZUH == '1' ]]; then
+ echo -e "XXX\n48\nInstalling Wazuh... \nXXX"
+ salt-call state.apply wazuh >> $setup_log 2>&1
+ fi
+ echo -e "XXX\n49\nInstalling Elastic Components... \nXXX"
+ salt-call state.apply elasticsearch >> $setup_log 2>&1
+ salt-call state.apply logstash >> $setup_log 2>&1
+ salt-call state.apply kibana >> $setup_log 2>&1
+ salt-call state.apply elastalert >> $setup_log 2>&1
+ echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
+ salt-call state.apply filebeat >> $setup_log 2>&1
+ salt-call state.apply utility >> $setup_log 2>&1
+ salt-call state.apply schedule >> $setup_log 2>&1
+ if [[ $OSQUERY == '1' ]]; then
+ echo -e "XXX\n79\nInstalling Fleet... \nXXX"
+ salt-call state.apply fleet >> $setup_log 2>&1
+ salt-call state.apply launcher >> $setup_log 2>&1
+ fi
+ echo -e "XXX\n85\nConfiguring SOctopus... \nXXX"
+ salt-call state.apply soctopus >> $setup_log 2>&1
+ if [[ $THEHIVE == '1' ]]; then
+ echo -e "XXX\n87\nInstalling TheHive... \nXXX"
+ salt-call state.apply hive >> $setup_log 2>&1
+ fi
+ if [[ $PLAYBOOK == '1' ]]; then
+ echo -e "XXX\n89\nInstalling Playbook... \nXXX"
+ salt-call state.apply playbook >> $setup_log 2>&1
+ fi
+ echo -e "XX\n97\nFinishing touches... \nXXX"
+ filter_unused_nics >> $setup_log 2>&1
+ network_setup >> $setup_log 2>&1
+ echo -e "XXX\n98\nAdding user to SOC... \nXXX"
+ add_web_user >> $setup_log 2>&1
+ echo -e "XXX\n99\nVerifying Setup... \nXXX"
+ salt-call state.highstate >> $setup_log 2>&1
+ } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
+ GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
+ if [[ $GOODSETUP == '0' ]]; then
+ whiptail_setup_complete
+ if [[ $THEHIVE == '1' ]]; then
+ check_hive_init_then_reboot
+ else
+ shutdown -r now
+ fi
+ else
+ whiptail_setup_failed
+ shutdown -r now
+ fi
- fi
+ fi
- ####################
- ## Sensor ##
- ####################
+ ####################
+ ## Sensor ##
+ ####################
- if [ $INSTALLTYPE == 'SENSOR' ]; then
- filter_unused_nics
- [[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
- whiptail_management_server
- whiptail_master_updates
- set_updates
- whiptail_homenet_sensor
- whiptail_sensor_config
- # Calculate lbprocs so we can call it in the prompts
- calculate_useable_cores
- if [ $NSMSETUP == 'ADVANCED' ]; then
- whiptail_bro_pins
- whiptail_suricata_pins
- whiptail_bond_nics_mtu
- else
- whiptail_basic_bro
- whiptail_basic_suri
- fi
- whiptail_make_changes
- set_hostname
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
- copy_ssh_key >> $SETUPLOG 2>&1
- {
- sleep 0.5
- echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
- create_sensor_bond >> $SETUPLOG 2>&1
- echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
- sensor_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n20\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n22\nConfiguring Salt Minion... \nXXX"
- configure_minion sensor >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- echo -e "XXX\n25\nSending Salt Key to Master... \nXXX"
- salt_firstcheckin >> $SETUPLOG 2>&1
- echo -e "XXX\n26\nTelling the Master to Accept Key... \nXXX"
- # Accept the Salt Key
- accept_salt_key_remote >> $SETUPLOG 2>&1
- echo -e "XXX\n27\nApplying SSL Certificates... \nXXX"
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nInstalling Core Components... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nInstalling PCAP... \nXXX"
- salt-call state.apply pcap >> $SETUPLOG 2>&1
- echo -e "XXX\n60\nInstalling IDS components... \nXXX"
- salt-call state.apply suricata >> $SETUPLOG 2>&1
- echo -e "XXX\n70\nInstalling Strelka... \nXXX"
- salt-call state.apply strelka >> $SETUPLOG 2>&1
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- shutdown -r now
- else
- whiptail_setup_failed
- shutdown -r now
- fi
- fi
+ if [ $install_type == 'SENSOR' ]; then
+ filter_unused_nics
+ [[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
+ whiptail_management_server
+ whiptail_master_updates
+ set_updates
+ whiptail_homenet_sensor
+ whiptail_sensor_config
+ # Calculate lbprocs so we can call it in the prompts
+ calculate_useable_cores
+ if [ $NSMSETUP == 'ADVANCED' ]; then
+ whiptail_bro_pins
+ whiptail_suricata_pins
+ whiptail_bond_nics_mtu
+ else
+ whiptail_basic_bro
+ whiptail_basic_suri
+ fi
+ whiptail_make_changes
+ set_hostname
+ clear_master
+ if [ $install_type == iso ]; then
+ add_admin_user
+ disable_onion_user
+ fi
+ copy_ssh_key >> $setup_log 2>&1
+ {
+ sleep 0.5
+ echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
+ set_initial_firewall_policy >> $setup_log 2>&1
+ echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
+ create_sensor_bond >> $setup_log 2>&1
+ echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
+ sensor_pillar >> $setup_log 2>&1
+ echo "** Generating the patch pillar **" >> $setup_log
+ patch_pillar >> $setup_log 2>&1
+ echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
+ saltify >> $setup_log 2>&1
+ echo -e "XXX\n20\nInstalling Docker... \nXXX"
+ docker_install >> $setup_log 2>&1
+ echo -e "XXX\n22\nConfiguring Salt Minion... \nXXX"
+ configure_minion sensor >> $setup_log 2>&1
+ echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
+ copy_minion_tmp_files >> $setup_log 2>&1
+ echo -e "XXX\n25\nSending Salt Key to Master... \nXXX"
+ salt_firstcheckin >> $setup_log 2>&1
+ echo -e "XXX\n26\nTelling the Master to Accept Key... \nXXX"
+ # Accept the Salt Key
+ accept_salt_key_remote >> $setup_log 2>&1
+ echo -e "XXX\n27\nApplying SSL Certificates... \nXXX"
+ salt-call state.apply ca >> $setup_log 2>&1
+ salt-call state.apply ssl >> $setup_log 2>&1
+ echo -e "XXX\n35\nInstalling Core Components... \nXXX"
+ salt-call state.apply common >> $setup_log 2>&1
+ salt-call state.apply firewall >> $setup_log 2>&1
+ echo -e "XXX\n50\nInstalling PCAP... \nXXX"
+ salt-call state.apply pcap >> $setup_log 2>&1
+ echo -e "XXX\n60\nInstalling IDS components... \nXXX"
+ salt-call state.apply suricata >> $setup_log 2>&1
+ echo -e "XXX\n70\nInstalling Strelka... \nXXX"
+ salt-call state.apply strelka >> $setup_log 2>&1
+ echo -e "XX\n97\nFinishing touches... \nXXX"
+ filter_unused_nics >> $setup_log 2>&1
+ network_setup >> $setup_log 2>&1
+ echo -e "XXX\n98\nVerifying Setup... \nXXX"
+ salt-call state.highstate >> $setup_log 2>&1
+ } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
+ GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
+ if [[ $GOODSETUP == '0' ]]; then
+ whiptail_setup_complete
+ shutdown -r now
+ else
+ whiptail_setup_failed
+ shutdown -r now
+ fi
+ fi
- #######################################
- ## Eval Mode or Master Search ##
- #######################################
+ #######################################
+ ## Eval Mode or Master Search ##
+ #######################################
- if [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
+ if [ $install_type == 'EVAL' ] || [ $install_type == 'MASTERSEARCH' ]; then
- # Filter out the management NIC
- filter_unused_nics
+ # Filter out the management NIC
+ filter_unused_nics
- if [ $INSTALLTYPE == 'EVAL' ]; then
- TYPE='eval'
- # Select which NICs are in the bond
- [[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
- elif [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- TYPE='mastersearch'
- fi
+ if [ $install_type == 'EVAL' ]; then
+ TYPE='eval'
+ # Select which NICs are in the bond
+ [[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
+ elif [ $install_type == 'MASTERSEARCH' ]; then
+ TYPE='mastersearch'
+ fi
- # Snag the HOME_NET
- whiptail_homenet_master
+ # Snag the HOME_NET
+ whiptail_homenet_master
- whiptail_eval_adv_warning
- whiptail_enable_components
+ whiptail_eval_adv_warning
+ whiptail_enable_components
- # Set a bunch of stuff since this is eval
- es_heapsize
- ls_heapsize
- NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
- NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
- LSPIPELINEWORKERS=1
- LSPIPELINEBATCH=125
- LSINPUTTHREADS=1
- LSINPUTBATCHCOUNT=125
- RULESETUP=ETOPEN
- NSMSETUP=BASIC
- NIDS=Suricata
- BROVERSION=ZEEK
- CURCLOSEDAYS=30
- if [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- # Find out how to handle updates
- whiptail_master_updates
- # Get a password for the soremote user
- whiptail_create_soremote_user
- SCMATCH=no
- while [ $SCMATCH != yes ]; do
- whiptail_create_soremote_user_password1
- whiptail_create_soremote_user_password2
- check_soremote_pass
- done
- fi
- collect_webuser_inputs
- get_redirect
- whiptail_make_changes
- set_hostname
- set_version
- generate_passwords
- secrets_pillar
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- get_log_size_limit
- get_main_ip
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
+ # Set a bunch of stuff since this is eval
+ es_heapsize
+ ls_heapsize
+ NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
+ NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
+ LSPIPELINEWORKERS=1
+ LSPIPELINEBATCH=125
+ LSINPUTTHREADS=1
+ LSINPUTBATCHCOUNT=125
+ RULESETUP=ETOPEN
+ NSMSETUP=BASIC
+ NIDS=Suricata
+ BROVERSION=ZEEK
+ CURCLOSEDAYS=30
+ if [ $install_type == 'MASTERSEARCH' ]; then
+ # Find out how to handle updates
+ whiptail_master_updates
+ # Get a password for the soremote user
+ whiptail_create_soremote_user
+ SCMATCH=no
+ while [ $SCMATCH != yes ]; do
+ whiptail_create_soremote_user_password1
+ whiptail_create_soremote_user_password2
+ check_soremote_pass
+ done
+ fi
+ collect_webuser_inputs
+ get_redirect
+ whiptail_make_changes
+ set_hostname
+ set_version
+ generate_passwords
+ secrets_pillar
+ clear_master
+ set_defaul_log_size
+ get_main_ip
+ if [ $install_type == iso ]; then
+ add_admin_user
+ disable_onion_user
+ fi
- # Add the user so we can sit back and relax
- add_socore_user_master
- add_soremote_user_master
- {
- sleep 0.5
- if [ $INSTALLTYPE == 'EVAL' ]; then
- echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
- create_sensor_bond >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n1\nInstalling Python 3... \nXXX"
- echo -e "XXX\n2\nInstalling saltstack... \nXXX"
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n3\nInstalling docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling master code... \nXXX"
- install_master >> $SETUPLOG 2>&1
- echo -e "XXX\n6\nCopying salt code... \nXXX"
- salt_master_directories >> $SETUPLOG 2>&1
- echo -e "XXX\n6\nupdating suduers... \nXXX"
- update_sudoers >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nFixing some permissions... \nXXX"
- chown_salt_master >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nCreating the static pillar... \nXXX"
- # Set the static values
- master_static >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nCreating the master pillar... \nXXX"
- master_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nConfiguring minion... \nXXX"
- configure_minion $TYPE >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nSetting the node type to $TYPE... \nXXX"
- set_node_type >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nSearch node pillar... \nXXX"
- node_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n8\nCreating firewall policies... \nXXX"
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- echo -e "XXX\n10\nRegistering agent... \nXXX"
- salt_firstcheckin >> $SETUPLOG 2>&1
- echo -e "XXX\n11\nAccepting Agent... \nXXX"
- accept_salt_key_local >> $SETUPLOG 2>&1
- echo -e "XXX\n12\nRunning the SSL states... \nXXX"
- salt_checkin >> $SETUPLOG 2>&1
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- salt-call state.apply registry >> $SETUPLOG 2>&1
- echo -e "XXX\n14\nDownloading Containers from the Internet... \nXXX"
- docker_seed_registry >> $SETUPLOG 2>&1
- salt-call state.apply master >> $SETUPLOG 2>&1
- echo -e "XXX\n15\nInstalling core components... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- echo -e "XXX\n18\nInitializing firewall rules... \nXXX"
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- echo -e "XXX\n25\nInstalling master components... \nXXX"
- salt-call state.apply master >> $SETUPLOG 2>&1
- salt-call state.apply idstools >> $SETUPLOG 2>&1
- echo -e "XXX\n26\nInstalling SOC... \nXXX"
- salt-call state.apply soc >> $SETUPLOG 2>&1
- if [[ $OSQUERY == '1' ]]; then
- salt-call state.apply mysql >> $SETUPLOG 2>&1
- fi
- if [[ $WAZUH == '1' ]]; then
- echo -e "XXX\n27\nInstalling Wazuh components... \nXXX"
- salt-call state.apply wazuh >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX"
- salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
- echo -e "XXX\n40\nInstalling Logstash... \nXXX"
- salt-call state.apply logstash >> $SETUPLOG 2>&1
- echo -e "XXX\n45\nInstalling Kibana... \nXXX"
- salt-call state.apply kibana >> $SETUPLOG 2>&1
+ # Add the user so we can sit back and relax
+ add_socore_user_master
+ add_soremote_user_master
+ {
+ sleep 0.5
+ if [ $install_type == 'EVAL' ]; then
+ echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
+ create_sensor_bond >> $setup_log 2>&1
+ fi
+ echo -e "XXX\n1\nInstalling Python 3... \nXXX"
+ echo -e "XXX\n2\nInstalling saltstack... \nXXX"
+ saltify >> $setup_log 2>&1
+ echo -e "XXX\n3\nInstalling docker... \nXXX"
+ docker_install >> $setup_log 2>&1
+ echo -e "XXX\n5\nInstalling master code... \nXXX"
+ install_master >> $setup_log 2>&1
+ echo -e "XXX\n6\nCopying salt code... \nXXX"
+ setup_salt_master_dirs >> $setup_log 2>&1
+ echo -e "XXX\n6\nupdating suduers... \nXXX"
+ update_sudoers >> $setup_log 2>&1
+ echo -e "XXX\n7\nCreating the static pillar... \nXXX"
+ # Set the static values
+ master_static >> $setup_log 2>&1
+ echo -e "XXX\n7\nCreating the master pillar... \nXXX"
+ master_pillar >> $setup_log 2>&1
+ echo "** Generating the patch pillar **" >> $setup_log
+ patch_pillar >> $setup_log 2>&1
+ echo -e "XXX\n7\nConfiguring minion... \nXXX"
+ configure_minion $TYPE >> $setup_log 2>&1
+ echo -e "XXX\n7\nSetting the node type to $TYPE... \nXXX"
+ set_node_type >> $setup_log 2>&1
+ echo -e "XXX\n7\nSearch node pillar... \nXXX"
+ node_pillar >> $setup_log 2>&1
+ echo -e "XXX\n8\nCreating firewall policies... \nXXX"
+ set_initial_firewall_policy >> $setup_log 2>&1
+ echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
+ copy_minion_tmp_files >> $setup_log 2>&1
+ echo -e "XXX\n10\nRegistering agent... \nXXX"
+ salt_firstcheckin >> $setup_log 2>&1
+ echo -e "XXX\n11\nAccepting Agent... \nXXX"
+ accept_salt_key_local >> $setup_log 2>&1
+ echo -e "XXX\n12\nRunning the SSL states... \nXXX"
+ salt_checkin >> $setup_log 2>&1
+ salt-call state.apply ca >> $setup_log 2>&1
+ salt-call state.apply ssl >> $setup_log 2>&1
+ salt-call state.apply firewall >> $setup_log 2>&1
+ salt-call state.apply registry >> $setup_log 2>&1
+ echo -e "XXX\n14\nDownloading Containers from the Internet... \nXXX"
+ docker_seed_registry >> $setup_log 2>&1
+ salt-call state.apply master >> $setup_log 2>&1
+ echo -e "XXX\n15\nInstalling core components... \nXXX"
+ salt-call state.apply common >> $setup_log 2>&1
+ echo -e "XXX\n18\nInitializing firewall rules... \nXXX"
+ salt-call state.apply firewall >> $setup_log 2>&1
+ echo -e "XXX\n25\nInstalling master components... \nXXX"
+ salt-call state.apply master >> $setup_log 2>&1
+ salt-call state.apply idstools >> $setup_log 2>&1
+ echo -e "XXX\n26\nInstalling SOC... \nXXX"
+ salt-call state.apply soc >> $setup_log 2>&1
+ if [[ $OSQUERY == '1' ]]; then
+ salt-call state.apply mysql >> $setup_log 2>&1
+ fi
+ if [[ $WAZUH == '1' ]]; then
+ echo -e "XXX\n27\nInstalling Wazuh components... \nXXX"
+ salt-call state.apply wazuh >> $setup_log 2>&1
+ fi
+ echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX"
+ salt-call state.apply elasticsearch >> $setup_log 2>&1
+ echo -e "XXX\n40\nInstalling Logstash... \nXXX"
+ salt-call state.apply logstash >> $setup_log 2>&1
+ echo -e "XXX\n45\nInstalling Kibana... \nXXX"
+ salt-call state.apply kibana >> $setup_log 2>&1
- if [ $INSTALLTYPE == 'EVAL' ]; then
- echo -e "XXX\n50\nInstalling pcap... \nXXX"
- salt-call state.apply pcap >> $SETUPLOG 2>&1
- echo -e "XXX\n52\nInstalling Suricata... \nXXX"
- salt-call state.apply suricata >> $SETUPLOG 2>&1
- echo -e "XXX\n54\nInstalling Zeek... \nXXX"
- salt-call state.apply bro >> $SETUPLOG 2>&1
- fi
+ if [ $install_type == 'EVAL' ]; then
+ echo -e "XXX\n50\nInstalling pcap... \nXXX"
+ salt-call state.apply pcap >> $setup_log 2>&1
+ echo -e "XXX\n52\nInstalling Suricata... \nXXX"
+ salt-call state.apply suricata >> $setup_log 2>&1
+ echo -e "XXX\n54\nInstalling Zeek... \nXXX"
+ salt-call state.apply bro >> $setup_log 2>&1
+ fi
- echo -e "XXX\n56\nInstalling curator... \nXXX"
- salt-call state.apply curator >> $SETUPLOG 2>&1
- echo -e "XXX\n58\nInstalling elastalert... \nXXX"
- salt-call state.apply elastalert >> $SETUPLOG 2>&1
- if [[ $OSQUERY == '1' ]]; then
- echo -e "XXX\n60\nInstalling fleet... \nXXX"
- salt-call state.apply fleet >> $SETUPLOG 2>&1
- salt-call state.apply redis >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n85\nInstalling filebeat... \nXXX"
- salt-call state.apply filebeat >> $SETUPLOG 2>&1
- salt-call state.apply utility >> $SETUPLOG 2>&1
- echo -e "XXX\n90\nInstalling misc components... \nXXX"
- salt-call state.apply schedule >> $SETUPLOG 2>&1
- salt-call state.apply soctopus >> $SETUPLOG 2>&1
- if [[ $THEHIVE == '1' ]]; then
- echo -e "XXX\n91\nInstalling The Hive... \nXXX"
- salt-call state.apply hive >> $SETUPLOG 2>&1
- fi
- if [[ $PLAYBOOK == '1' ]]; then
- echo -e "XXX\n93\nInstalling Playbook... \nXXX"
- salt-call state.apply playbook >> $SETUPLOG 2>&1
- fi
- if [[ $STRELKA == '1' ]]; then
- echo -e "XXX\n95\nInstalling Strelka... \nXXX"
- salt-call state.apply strelka >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n95\nSetting checkin to run on boot... \nXXX"
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nAdding user to SOC... \nXXX"
- add_web_user >> $SETUPLOG 2>&1
- echo -e "XXX\n99\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- if [[ $THEHIVE == '1' ]]; then
- check_hive_init_then_reboot
- else
- shutdown -r now
- fi
- else
- whiptail_setup_failed
- shutdown -r now
- fi
- fi
+ echo -e "XXX\n56\nInstalling curator... \nXXX"
+ salt-call state.apply curator >> $setup_log 2>&1
+ echo -e "XXX\n58\nInstalling elastalert... \nXXX"
+ salt-call state.apply elastalert >> $setup_log 2>&1
+ if [[ $OSQUERY == '1' ]]; then
+ echo -e "XXX\n60\nInstalling fleet... \nXXX"
+ salt-call state.apply fleet >> $setup_log 2>&1
+ salt-call state.apply redis >> $setup_log 2>&1
+ fi
+ echo -e "XXX\n85\nInstalling filebeat... \nXXX"
+ salt-call state.apply filebeat >> $setup_log 2>&1
+ salt-call state.apply utility >> $setup_log 2>&1
+ echo -e "XXX\n90\nInstalling misc components... \nXXX"
+ salt-call state.apply schedule >> $setup_log 2>&1
+ salt-call state.apply soctopus >> $setup_log 2>&1
+ if [[ $THEHIVE == '1' ]]; then
+ echo -e "XXX\n91\nInstalling The Hive... \nXXX"
+ salt-call state.apply hive >> $setup_log 2>&1
+ fi
+ if [[ $PLAYBOOK == '1' ]]; then
+ echo -e "XXX\n93\nInstalling Playbook... \nXXX"
+ salt-call state.apply playbook >> $setup_log 2>&1
+ fi
+ if [[ $STRELKA == '1' ]]; then
+ echo -e "XXX\n95\nInstalling Strelka... \nXXX"
+ salt-call state.apply strelka >> $setup_log 2>&1
+ fi
+ echo -e "XX\n97\nFinishing touches... \nXXX"
+ filter_unused_nics >> $setup_log 2>&1
+ network_setup >> $setup_log 2>&1
+ echo -e "XXX\n98\nAdding user to SOC... \nXXX"
+ add_web_user >> $setup_log 2>&1
+ echo -e "XXX\n99\nVerifying Setup... \nXXX"
+ salt-call state.highstate >> $setup_log 2>&1
+ } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
+ GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
+ if [[ $GOODSETUP == '0' ]]; then
+ whiptail_setup_complete
+ if [[ $THEHIVE == '1' ]]; then
+ check_hive_init_then_reboot
+ else
+ shutdown -r now
+ fi
+ else
+ whiptail_setup_failed
+ shutdown -r now
+ fi
+ fi
- ###################
- ## Nodes ##
- ###################
+ ###################
+ ## Nodes ##
+ ###################
- if [ $INSTALLTYPE == 'SEARCHNODE' ] || [ $INSTALLTYPE == 'PARSINGNODE' ] || [ $INSTALLTYPE == 'HOTNODE' ] || [ $INSTALLTYPE == 'WARMNODE' ]; then
- whiptail_management_server
- whiptail_master_updates
- set_updates
- get_log_size_limit
- CURCLOSEDAYS=30
- es_heapsize
- ls_heapsize
- whiptail_node_advanced
- if [ $NODESETUP == 'NODEADVANCED' ]; then
- whiptail_node_es_heap
- whiptail_node_ls_heap
- whiptail_node_ls_pipeline_worker
- whiptail_node_ls_pipline_batchsize
- whiptail_node_ls_input_threads
- whiptail_node_ls_input_batch_count
- whiptail_cur_close_days
- whiptail_log_size_limit
- else
- NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
- NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
- LSPIPELINEWORKERS=$CPUCORES
- LSPIPELINEBATCH=125
- LSINPUTTHREADS=1
- LSINPUTBATCHCOUNT=125
- fi
- whiptail_make_changes
- set_hostname
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
- copy_ssh_key >> $SETUPLOG 2>&1
- {
- sleep 0.5
- echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- echo -e "XXX\n1\nInstalling pip3... \nXXX"
- echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n20\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n30\nInitializing Minion... \nXXX"
- configure_minion node >> $SETUPLOG 2>&1
- set_node_type >> $SETUPLOG 2>&1
- node_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nSending and Accepting Salt Key... \nXXX"
- salt_firstcheckin >> $SETUPLOG 2>&1
- # Accept the Salt Key
- accept_salt_key_remote >> $SETUPLOG 2>&1
- echo -e "XXX\n40\nApplying SSL Certificates... \nXXX"
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nConfiguring Firewall... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- echo -e "XXX\n70\nInstalling Elastic Components... \nXXX"
- salt-call state.apply logstash >> $SETUPLOG 2>&1
- salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
- salt-call state.apply curator >> $SETUPLOG 2>&1
- salt-call state.apply filebeat >> $SETUPLOG 2>&1
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nVerifying Setup... \nXXX"
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- shutdown -r now
- else
- whiptail_setup_failed
- shutdown -r now
- fi
+ if [ $install_type == 'SEARCHNODE' ] || [ $install_type == 'PARSINGNODE' ] || [ $install_type == 'HOTNODE' ] || [ $install_type == 'WARMNODE' ]; then
+ whiptail_management_server
+ whiptail_master_updates
+ set_updates
+ set_defaul_log_size
+ CURCLOSEDAYS=30
+ es_heapsize
+ ls_heapsize
+ whiptail_node_advanced
+ if [ $NODESETUP == 'NODEADVANCED' ]; then
+ whiptail_node_es_heap
+ whiptail_node_ls_heap
+ whiptail_node_ls_pipeline_worker
+ whiptail_node_ls_pipline_batchsize
+ whiptail_node_ls_input_threads
+ whiptail_node_ls_input_batch_count
+ whiptail_cur_close_days
+ whiptail_log_size_limit
+ else
+ NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
+ NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
+ LSPIPELINEWORKERS=$cpu_cores
+ LSPIPELINEBATCH=125
+ LSINPUTTHREADS=1
+ LSINPUTBATCHCOUNT=125
+ fi
+ whiptail_make_changes
+ set_hostname
+ clear_master
+ if [ $install_type == iso ]; then
+ add_admin_user
+ disable_onion_user
+ fi
+ copy_ssh_key >> $setup_log 2>&1
+ {
+ sleep 0.5
+ echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
+ set_initial_firewall_policy >> $setup_log 2>&1
+ echo -e "XXX\n1\nInstalling pip3... \nXXX"
+ echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"
+ saltify >> $setup_log 2>&1
+ echo -e "XXX\n20\nInstalling Docker... \nXXX"
+ docker_install >> $setup_log 2>&1
+ echo -e "XXX\n30\nInitializing Minion... \nXXX"
+ configure_minion node >> $setup_log 2>&1
+ set_node_type >> $setup_log 2>&1
+ node_pillar >> $setup_log 2>&1
+ echo "** Generating the patch pillar **" >> $setup_log
+ patch_pillar >> $setup_log 2>&1
+ echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
+ copy_minion_tmp_files >> $setup_log 2>&1
+ echo -e "XXX\n35\nSending and Accepting Salt Key... \nXXX"
+ salt_firstcheckin >> $setup_log 2>&1
+ # Accept the Salt Key
+ accept_salt_key_remote >> $setup_log 2>&1
+ echo -e "XXX\n40\nApplying SSL Certificates... \nXXX"
+ salt-call state.apply ca >> $setup_log 2>&1
+ salt-call state.apply ssl >> $setup_log 2>&1
+ echo -e "XXX\n50\nConfiguring Firewall... \nXXX"
+ salt-call state.apply common >> $setup_log 2>&1
+ salt-call state.apply firewall >> $setup_log 2>&1
+ echo -e "XXX\n70\nInstalling Elastic Components... \nXXX"
+ salt-call state.apply logstash >> $setup_log 2>&1
+ salt-call state.apply elasticsearch >> $setup_log 2>&1
+ salt-call state.apply curator >> $setup_log 2>&1
+ salt-call state.apply filebeat >> $setup_log 2>&1
+ echo -e "XX\n97\nFinishing touches... \nXXX"
+ filter_unused_nics >> $setup_log 2>&1
+ network_setup >> $setup_log 2>&1
+ echo -e "XXX\n98\nVerifying Setup... \nXXX"
+ } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
+ GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
+ if [[ $GOODSETUP == '0' ]]; then
+ whiptail_setup_complete
+ shutdown -r now
+ else
+ whiptail_setup_failed
+ shutdown -r now
+ fi
- fi
+ fi
- ########################
- ## Heavy Node ##
- ########################
+ ########################
+ ## Heavy Node ##
+ ########################
- if [ $INSTALLTYPE == 'HEAVYNODE' ]; then
+ if [ $install_type == 'HEAVYNODE' ]; then
- filter_unused_nics
- [[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
- whiptail_management_server
- whiptail_master_updates
- set_updates
- whiptail_homenet_sensor
- whiptail_sensor_config
- # Calculate lbprocs so we can call it in the prompts
- calculate_useable_cores
- if [ $NSMSETUP == 'ADVANCED' ]; then
- whiptail_bro_pins
- whiptail_suricata_pins
- whiptail_bond_nics_mtu
- else
- whiptail_basic_bro
- whiptail_basic_suri
- fi
+ filter_unused_nics
+ [[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
+ whiptail_management_server
+ whiptail_master_updates
+ set_updates
+ whiptail_homenet_sensor
+ whiptail_sensor_config
+ # Calculate lbprocs so we can call it in the prompts
+ calculate_useable_cores
+ if [ $NSMSETUP == 'ADVANCED' ]; then
+ whiptail_bro_pins
+ whiptail_suricata_pins
+ whiptail_bond_nics_mtu
+ else
+ whiptail_basic_bro
+ whiptail_basic_suri
+ fi
- get_log_size_limit
- CURCLOSEDAYS=30
- es_heapsize
- ls_heapsize
- whiptail_node_advanced
- if [ $NODESETUP == 'NODEADVANCED' ]; then
- whiptail_node_es_heap
- whiptail_node_ls_heap
- whiptail_node_ls_pipeline_worker
- whiptail_node_ls_pipline_batchsize
- whiptail_node_ls_input_threads
- whiptail_node_ls_input_batch_count
- whiptail_cur_close_days
- whiptail_log_size_limit
- else
- NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
- NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
- LSPIPELINEWORKERS=$CPUCORES
- LSPIPELINEBATCH=125
- LSINPUTTHREADS=1
- LSINPUTBATCHCOUNT=125
- fi
- whiptail_make_changes
- set_hostname
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
- copy_ssh_key >> $SETUPLOG 2>&1
- {
- sleep 0.5
- echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
- set_initial_firewall_policy >> $SETUPLOG 2>&1
+ set_defaul_log_size
+ CURCLOSEDAYS=30
+ es_heapsize
+ ls_heapsize
+ whiptail_node_advanced
+ if [ $NODESETUP == 'NODEADVANCED' ]; then
+ whiptail_node_es_heap
+ whiptail_node_ls_heap
+ whiptail_node_ls_pipeline_worker
+ whiptail_node_ls_pipline_batchsize
+ whiptail_node_ls_input_threads
+ whiptail_node_ls_input_batch_count
+ whiptail_cur_close_days
+ whiptail_log_size_limit
+ else
+ NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
+ NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
+ LSPIPELINEWORKERS=$cpu_cores
+ LSPIPELINEBATCH=125
+ LSINPUTTHREADS=1
+ LSINPUTBATCHCOUNT=125
+ fi
+ whiptail_make_changes
+ set_hostname
+ clear_master
+ if [ $install_type == iso ]; then
+ add_admin_user
+ disable_onion_user
+ fi
+ copy_ssh_key >> $setup_log 2>&1
+ {
+ sleep 0.5
+ echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
+ set_initial_firewall_policy >> $setup_log 2>&1
- echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
- create_sensor_bond >> $SETUPLOG 2>&1
- echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
- sensor_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
+ echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
+ create_sensor_bond >> $setup_log 2>&1
+ echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
+ sensor_pillar >> $setup_log 2>&1
+ echo "** Generating the patch pillar **" >> $setup_log
+ patch_pillar >> $setup_log 2>&1
- echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n20\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n30\nInitializing Minion... \nXXX"
- configure_minion heavynode >> $SETUPLOG 2>&1
- set_node_type >> $SETUPLOG 2>&1
- node_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nSending and Accepting Salt Key... \nXXX"
- salt_firstcheckin >> $SETUPLOG 2>&1
- # Accept the Salt Key
- accept_salt_key_remote >> $SETUPLOG 2>&1
- echo -e "XXX\n40\nApplying SSL Certificates... \nXXX"
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nConfiguring Firewall... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- echo -e "XXX\n70\nInstalling Elastic Components... \nXXX"
- salt-call state.apply logstash >> $SETUPLOG 2>&1
- salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
- salt-call state.apply curator >> $SETUPLOG 2>&1
- salt-call state.apply filebeat >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nInstalling PCAP... \nXXX"
- salt-call state.apply pcap >> $SETUPLOG 2>&1
- echo -e "XXX\n60\nInstalling IDS components... \nXXX"
- salt-call state.apply suricata >> $SETUPLOG 2>&1
+ echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"
+ saltify >> $setup_log 2>&1
+ echo -e "XXX\n20\nInstalling Docker... \nXXX"
+ docker_install >> $setup_log 2>&1
+ echo -e "XXX\n30\nInitializing Minion... \nXXX"
+ configure_minion heavynode >> $setup_log 2>&1
+ set_node_type >> $setup_log 2>&1
+ node_pillar >> $setup_log 2>&1
+ echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
+ copy_minion_tmp_files >> $setup_log 2>&1
+ echo -e "XXX\n35\nSending and Accepting Salt Key... \nXXX"
+ salt_firstcheckin >> $setup_log 2>&1
+ # Accept the Salt Key
+ accept_salt_key_remote >> $setup_log 2>&1
+ echo -e "XXX\n40\nApplying SSL Certificates... \nXXX"
+ salt-call state.apply ca >> $setup_log 2>&1
+ salt-call state.apply ssl >> $setup_log 2>&1
+ echo -e "XXX\n50\nConfiguring Firewall... \nXXX"
+ salt-call state.apply common >> $setup_log 2>&1
+ salt-call state.apply firewall >> $setup_log 2>&1
+ echo -e "XXX\n70\nInstalling Elastic Components... \nXXX"
+ salt-call state.apply logstash >> $setup_log 2>&1
+ salt-call state.apply elasticsearch >> $setup_log 2>&1
+ salt-call state.apply curator >> $setup_log 2>&1
+ salt-call state.apply filebeat >> $setup_log 2>&1
+ echo -e "XXX\n50\nInstalling PCAP... \nXXX"
+ salt-call state.apply pcap >> $setup_log 2>&1
+ echo -e "XXX\n60\nInstalling IDS components... \nXXX"
+ salt-call state.apply suricata >> $setup_log 2>&1
+ echo -e "XX\n97\nFinishing touches... \nXXX"
+ filter_unused_nics >> $setup_log 2>&1
+ network_setup >> $setup_log 2>&1
+ echo -e "XXX\n98\nVerifying Setup... \nXXX"
+ } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
+ GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
+ if [[ $GOODSETUP == '0' ]]; then
+ whiptail_setup_complete
+ shutdown -r now
+ else
+ whiptail_setup_failed
+ shutdown -r now
+ fi
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nVerifying Setup... \nXXX"
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- shutdown -r now
- else
- whiptail_setup_failed
- shutdown -r now
- fi
-
- fi
+ fi
###########################
### Standalone Fleet ###
###########################
- if [ $INSTALLTYPE == 'FLEET' ]; then
- whiptail_management_server
- whiptail_master_updates
- whiptail_make_changes
- set_updates
- set_hostname
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
- copy_ssh_key >> $SETUPLOG 2>&1
- {
- sleep 0.5
- echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- #echo -e "XXX\n4\nGenerating Fleet Pillar... \nXXX"
- fleet_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- node_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n20\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n22\nConfiguring Salt Minion... \nXXX"
- configure_minion fleet >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- echo -e "XXX\n25\nSending Salt Key to Master... \nXXX"
- salt_firstcheckin >> $SETUPLOG 2>&1
- echo -e "XXX\n26\nTelling the Master to Accept Key... \nXXX"
- # Accept the Salt Key
- accept_salt_key_remote >> $SETUPLOG 2>&1
- echo -e "XXX\n27\nApplying SSL Certificates... \nXXX"
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nInstalling Core Components... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nInstalling MySQL... \nXXX"
- salt-call state.apply mysql >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nInstalling Redis... \nXXX"
- salt-call state.apply redis >> $SETUPLOG 2>&1
- echo -e "XXX\n60\nInstalling Fleet... \nXXX"
- salt-call state.apply fleet >> $SETUPLOG 2>&1
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- shutdown -r now
- else
- whiptail_setup_failed
- shutdown -r now
- fi
- fi
+ if [ $install_type == 'FLEET' ]; then
+ whiptail_management_server
+ whiptail_master_updates
+ whiptail_make_changes
+ set_updates
+ set_hostname
+ clear_master
+ if [ $install_type == iso ]; then
+ add_admin_user
+ disable_onion_user
+ fi
+ copy_ssh_key >> $setup_log 2>&1
+ {
+ sleep 0.5
+ echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
+ set_initial_firewall_policy >> $setup_log 2>&1
+ #echo -e "XXX\n4\nGenerating Fleet Pillar... \nXXX"
+ fleet_pillar >> $setup_log 2>&1
+ echo "** Generating the patch pillar **" >> $setup_log
+ patch_pillar >> $setup_log 2>&1
+ node_pillar >> $setup_log 2>&1
+ echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
+ saltify >> $setup_log 2>&1
+ echo -e "XXX\n20\nInstalling Docker... \nXXX"
+ docker_install >> $setup_log 2>&1
+ echo -e "XXX\n22\nConfiguring Salt Minion... \nXXX"
+ configure_minion fleet >> $setup_log 2>&1
+ echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
+ copy_minion_tmp_files >> $setup_log 2>&1
+ echo -e "XXX\n25\nSending Salt Key to Master... \nXXX"
+ salt_firstcheckin >> $setup_log 2>&1
+ echo -e "XXX\n26\nTelling the Master to Accept Key... \nXXX"
+ # Accept the Salt Key
+ accept_salt_key_remote >> $setup_log 2>&1
+ echo -e "XXX\n27\nApplying SSL Certificates... \nXXX"
+ salt-call state.apply ca >> $setup_log 2>&1
+ salt-call state.apply ssl >> $setup_log 2>&1
+ echo -e "XXX\n35\nInstalling Core Components... \nXXX"
+ salt-call state.apply common >> $setup_log 2>&1
+ salt-call state.apply firewall >> $setup_log 2>&1
+ echo -e "XXX\n50\nInstalling MySQL... \nXXX"
+ salt-call state.apply mysql >> $setup_log 2>&1
+ echo -e "XXX\n50\nInstalling Redis... \nXXX"
+ salt-call state.apply redis >> $setup_log 2>&1
+ echo -e "XXX\n60\nInstalling Fleet... \nXXX"
+ salt-call state.apply fleet >> $setup_log 2>&1
+ echo -e "XX\n97\nFinishing touches... \nXXX"
+ filter_unused_nics >> $setup_log 2>&1
+ network_setup >> $setup_log 2>&1
+ echo -e "XXX\n98\nVerifying Setup... \nXXX"
+ salt-call state.highstate >> $setup_log 2>&1
+ } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
+ GOODSETUP=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
+ if [[ $GOODSETUP == '0' ]]; then
+ whiptail_setup_complete
+ shutdown -r now
+ else
+ whiptail_setup_failed
+ shutdown -r now
+ fi
+ fi
else
- echo "User not sure. Cancelling setup.">> $SETUPLOG 2>&1
- whiptail_cancel
+ echo "User not sure. Cancelling setup.">> $setup_log 2>&1
+ whiptail_cancel
fi
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 653892d5a..54e479605 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -15,17 +15,17 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
+source "./so-variables"
whiptail_basic_bro() {
[ -z "$QUIET" ] && return
BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the number of bro processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3)
+ "Enter the number of bro processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
-
}
whiptail_basic_suri() {
@@ -33,7 +33,7 @@ whiptail_basic_suri() {
[ -z "$QUIET" ] && return
BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the number of Suricata Processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3)
+ "Enter the number of Suricata Processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -44,7 +44,7 @@ whiptail_bro_pins() {
[ -z "$QUIET" ] && return
- BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please Select $LBPROCS cores to pin Bro to:" 20 75 12 "${LISTCORES[@]}" 3>&1 1>&2 2>&3 )
+ BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please Select $lb_procs cores to pin Bro to:" 20 75 12 "${cpu_core_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -68,8 +68,8 @@ whiptail_bond_nics() {
[ -z "$QUIET" ] && return
local nic_list=()
- for FNIC in "${FNICS[@]}"; do
- nic_list+=("$FNIC" "Interface" "OFF")
+ for filtered_nic in "${filtered_nics[@]}"; do
+ nic_list+=("$filtered_nic" "Interface" "OFF")
done
BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
@@ -102,9 +102,9 @@ whiptail_cancel() {
whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
if [ -d "/root/installtmp" ]; then
- echo "/root/installtmp exists" >> $SETUPLOG 2>&1
- install_cleanup >> $SETUPLOG 2>&1
- echo "/root/installtmp removed" >> $SETUPLOG 2>&1
+ echo "/root/installtmp exists" >> $setup_log 2>&1
+ install_cleanup >> $setup_log 2>&1
+ echo "/root/installtmp removed" >> $setup_log 2>&1
fi
exit
@@ -325,7 +325,8 @@ whiptail_homenet_master() {
[ -z "$QUIET" ] && return
# Ask for the HOME_NET on the master
- HNMASTER=$(whiptail --title "Security Onion Setup" --inputbox \
+ export home_network_master
+ home_network_master=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
local exitstatus=$?
@@ -342,9 +343,10 @@ whiptail_homenet_sensor() {
local exitstatus=$?
if [ $exitstatus == 0 ]; then
- HNSENSOR=inherit
+ export home_network_sensor=inherit
else
- HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
+ export home_network_sensor
+ home_network_sensor=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -357,7 +359,8 @@ whiptail_install_type() {
[ -z "$QUIET" ] && return
# What kind of install are we doing?
- INSTALLTYPE=$(whiptail --title "Security Onion Setup" --radiolist \
+ export install_type
+ install_type=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose Install Type:" 20 75 13 \
"SENSOR" "Create a forward only sensor" ON \
"SEARCHNODE" "Add a Search Node with parsing" OFF \
@@ -382,9 +385,9 @@ whiptail_log_size_limit() {
[ -z "$QUIET" ] && return
- LOG_SIZE_LIMIT=$(whiptail --title "Security Onion Setup" --inputbox \
+ log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox \
"Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \
- By default, this is set to 85% of the disk space allotted for /nsm." 10 75 $LOG_SIZE_LIMIT 3>&1 1>&2 2>&3)
+ By default, this is set to 85% of the disk space allotted for /nsm." 10 75 "$log_size_limit" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -440,13 +443,13 @@ whiptail_management_nic() {
[ -z "$QUIET" ] && return
- MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 "${NICS[@]}" 3>&1 1>&2 2>&3 )
+ MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 "${all_nics[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [ -z "$MNIC" ]
do
- MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 "${NICS[@]}" 3>&1 1>&2 2>&3 )
+ MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 "${all_nics[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
@@ -483,7 +486,7 @@ whiptail_make_changes() {
[ -z "$QUIET" ] && return
- whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $INSTALLTYPE. Please hit YES to make changes or NO to cancel." 8 75
+ whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please hit YES to make changes or NO to cancel." 8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -495,7 +498,7 @@ whiptail_management_server() {
[ -z "$QUIET" ] && return
MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your Master Server HOSTNAME. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
+ "Enter your Master Server hostname. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -630,7 +633,7 @@ whiptail_node_ls_pipeline_worker() {
[ -z "$QUIET" ] && return
LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 $CPUCORES 3>&1 1>&2 2>&3)
+ "\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 "$cpu_cores" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -895,8 +898,8 @@ whiptail_setup_complete() {
[ -z "$QUIET" ] && return
- whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75
- install_cleanup >> $SETUPLOG 2>&1
+ whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $install_type. Press Enter to reboot." 8 75
+ install_cleanup >> $setup_log 2>&1
}
@@ -904,8 +907,8 @@ whiptail_setup_failed() {
[ -z "$QUIET" ] && return
- whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75
- install_cleanup >> $SETUPLOG 2>&1
+ whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $setup_log for details. Press Enter to reboot." 8 75
+ install_cleanup >> $setup_log 2>&1
}
@@ -925,8 +928,9 @@ whiptail_suricata_pins() {
[ -z "$QUIET" ] && return
- FILTEREDCORES=$(echo "${LISTCORES[@]}" "${BROPINS[@]}" | tr -d '"' | tr ' ' '\n' | sort | uniq -u | awk '{print $1 " \"" "core" "\""}')
- SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please Select $LBPROCS cores to pin Suricata to:" 20 75 12 ${FILTEREDCORES[@]} 3>&1 1>&2 2>&3 )
+ local filtered_cores
+ filtered_cores=$(echo "${cpu_core_list[@]}" "${BROPINS[@]}" | tr -d '"' | tr ' ' '\n' | sort | uniq -u | awk '{print $1 " \"" "core" "\""}')
+ SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please Select $lb_procs cores to pin Suricata to:" 20 75 12 "${filtered_cores[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -971,13 +975,10 @@ whiptail_you_sure() {
[ -z "$QUIET" ] && return
-
-
- echo "whiptail_you_sure called" >> $SETUPLOG 2>&1
+ echo "whiptail_you_sure called" >> $setup_log 2>&1
whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 75
local exitstatus=$?
- echo "whiptail_you_sure returning $exitstatus" >> $SETUPLOG 2>&1
return $exitstatus
}