diff --git a/setup/so-functions b/setup/so-functions index 402afa298..65e9a3a83 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -360,18 +360,14 @@ clear_manager() { } -collect_soremote_inputs() { - whiptail_create_soremote_user - SCMATCH=no - while [[ $SCMATCH != yes ]]; do - whiptail_create_soremote_user_password1 - whiptail_create_soremote_user_password2 - check_soremote_pass - done -} - collect_adminuser_inputs() { whiptail_create_admin_user + + while ! valid_username "$ADMINUSER"; do + whiptail_invalid_input + whiptail_create_admin_user + done + APMATCH=no while [[ $APMATCH != yes ]]; do whiptail_create_admin_user_password1 @@ -380,8 +376,80 @@ collect_adminuser_inputs() { done } +collect_cur_close_days() { + whiptail_cur_close_days + + while ! valid_int "$CURCLOSEDAYS" "1"; do + whiptail_invalid_input + whiptail_cur_close_days + done +} + +collect_dns() { + whiptail_management_interface_dns + + while ! valid_dns_list "$MDNS"; do + whiptail_invalid_input + whiptail_management_interface_dns + done +} + +collect_dns_domain() { + whiptail_management_interface_dns_search + + while ! valid_fqdn "$MSEARCH"; do + whiptail_invalid_input + whiptail_management_interface_dns_search + done +} + +collect_dockernet() { + if whiptail_dockernet_check; then + whiptail_dockernet_net + + while ! valid_ip4 "$DOCKERNET"; do + whiptail_invalid_input + whiptail_dockernet_net + done + fi +} + +collect_es_cluster_name() { + if whiptail_manager_adv_escluster; then + whiptail_manager_adv_escluster_name + + while ! valid_string "$ESCLUSTERNAME"; do + whiptail_invalid_input + whiptail_manager_adv_escluster_name + done + fi +} + +collect_es_shard_count() { + whiptail_shard_count + + while ! valid_int "$SHARDCOUNT"; do + whiptail_invalid_input + whiptail_shard_count + done +} + +collect_es_space_limit() { + whiptail_log_size_limit + + while ! valid_int "$log_size_limit" "1"; do # Upper/lower bounds? + whiptail_invalid_input + whiptail_log_size_limit + done +} + collect_fleet_custom_hostname_inputs() { whiptail_fleet_custom_hostname + + while ! valid_fqdn "$FLEETCUSTOMHOSTNAME" || [[ $FLEETCUSTOMHOSTNAME != "" ]]; do + whiptail_invalid_input + whiptail_fleet_custom_hostname + done } collect_fleetuser_inputs() { @@ -408,6 +476,218 @@ collect_fleetuser_inputs() { done } +collect_gateway() { + whiptail_management_interface_gateway + + while ! valid_ip4 "$MGATEWAY"; do + whiptail_invalid_input + whiptail_management_interface_gateway + done +} + +collect_helix_key() { + whiptail_helix_apikey # validate? +} + +collect_homenet_mngr() { + whiptail_homenet_manager + + while ! __validate_cidr_arr "$HNMANAGER"; do + whiptail_invalid_input + whiptail_homenet_manager + done +} + +collect_homenet_snsr() { + if whiptail_homenet_sensor_inherit; then + export HNSENSOR=inherit + else + whiptail_homenet_sensor + + while ! __validate_cidr_arr "$HNSENSOR"; do + whiptail_invalid_input + whiptail_homenet_sensor + done + fi +} + +collect_hostname() { + HOSTNAME=$(cat /etc/hostname) + if [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi + + whiptail_set_hostname + + while ! valid_hostname "$HOSTNAME"; do + whiptail_invalid_hostname + whiptail_set_hostname + done +} + +collect_int_ip_mask() { + whiptail_management_interface_ip_mask + + while ! valid_cidr "$manager_ip_mask"; do + whiptail_invalid_input + whiptail_management_interface_ip_mask + done + + MIP=$(echo "$manager_ip_mask" | sed 's/\/.*//' ) + MMASK=$(echo "$manager_ip_mask" | sed 's/.*\///') +} + +collect_mngr_hostname() { + whiptail_management_server + + while ! valid_hostname "$MSRV"; do + whiptail_invalid_hostname + whiptail_management_server + done + + if ! getent hosts "$MSRV"; then + add_manager_hostfile + else + MSRVIP=$(getent hosts "$MSRV" | awk 'NR==1{print $1}') + fi +} + +collect_mtu() { + whiptail_bond_nics_mtu + + while ! valid_int "$MTU" "68"; do + whiptail_invalid_input + whiptail_bond_nics_mtu + done +} + +collect_node_es_heap() { + whiptail_node_es_heap + + while ! valid_int "$NODE_ES_HEAP_SIZE"; do + whiptail_invalid_input + whiptail_node_es_heap + done +} + +collect_node_ls_heap() { + whiptail_node_ls_heap + + while ! valid_int "$NODE_LS_HEAP_SIZE"; do + whiptail_invalid_input + whiptail_node_ls_heap + done +} + +collect_node_ls_input() { + whiptail_node_ls_input_threads + while ! valid_int "$LSINPUTTHREADS"; do + whiptail_invalid_input + whiptail_node_ls_input_threads + done +} + +collect_node_ls_pipeline_batch_size() { + whiptail_node_ls_pipline_batchsize + + while ! valid_int "$LSPIPELINEBATCH"; do + whiptail_invalid_input + whiptail_node_ls_pipline_batchsize + done +} + +collect_node_ls_pipeline_worker_count() { + whiptail_node_ls_pipeline_worker + + while ! valid_int "$LSPIPELINEWORKERS"; do + whiptail_invalid_input + whiptail_node_ls_pipeline_worker + done +} + +collect_oinkcode() { + whiptail_oinkcode + while ! valid_string "$OINKCODE" "" "128"; do #TODO: verify max length here + whiptail_invalid_input + whiptail_oinkcode + done +} + +collect_patch_schedule() { + whiptail_patch_schedule + + case $patch_schedule in + 'New Schedule') + whiptail_patch_schedule_select_days + whiptail_patch_schedule_select_hours + collect_patch_schedule_name_new + patch_schedule_os_new + ;; + 'Import Schedule') + collect_patch_schedule_name_import + ;; + 'Automatic') + PATCHSCHEDULENAME='auto' + ;; + 'Manual') + PATCHSCHEDULENAME='manual' + ;; + esac +} + +collect_patch_schedule_name_new() { + whiptail_patch_name_new_schedule + + while ! valid_string "$PATCHSCHEDULENAME"; do + whiptail_invalid_input + whiptail_patch_name_new_schedule + done +} + +collect_patch_schedule_name_import() { + whiptail_patch_schedule_import + + while ! valid_string "$PATCHSCHEDULENAME"; do + whiptail_invalid_input + whiptail_patch_schedule_import + done +} + +collect_redirect_host() { + whiptail_set_redirect_host + + while ! valid_ip4 "$REDIRECTHOST" && ! valid_hostname "$REDIRECTHOST" && ! valid_fqdn "$REDIRECTHOST"; do + whiptail_invalid_input + whiptail_set_redirect_host + done +} + +collect_so_allow() { + if whiptail_so_allow_yesno; then + whiptail_so_allow + while ! valid_cidr "$ALLOW_CIDR" && ! valid_ip4 "$ALLOW_CIDR"; do + whiptail_invalid_input + whiptail_so_allow + done + fi +} + +collect_soremote_inputs() { + whiptail_create_soremote_user + SCMATCH=no + while [[ $SCMATCH != yes ]]; do + whiptail_create_soremote_user_password1 + whiptail_create_soremote_user_password2 + check_soremote_pass + done +} + +collect_suri() { + whiptail_basic_suri + + while ! valid_int "$BASICSURI"; do + whiptail_invalid_input + whiptail_basic_suri + done +} collect_webuser_inputs() { # Get a password for the web admin user @@ -425,9 +705,9 @@ collect_webuser_inputs() { while [[ $WPMATCH != yes ]]; do whiptail_create_web_user_password1 while ! check_password "$WEBPASSWD1"; do - whiptail_invalid_pass_characters_warning - whiptail_create_web_user_password1 - done + whiptail_invalid_pass_characters_warning + whiptail_create_web_user_password1 + done if echo "$WEBPASSWD1" | so-user valpass >> "$setup_log" 2>&1; then whiptail_create_web_user_password2 check_web_pass @@ -437,6 +717,15 @@ collect_webuser_inputs() { done } +collect_zeek() { + whiptail_basic_zeek + + while ! valid_int "$BASICZEEK"; do + whiptail_invalid_input + whiptail_basic_zeek + done +} + configure_minion() { local minion_type=$1 echo "Configuring minion type as $minion_type" >> "$setup_log" 2>&1 @@ -1019,7 +1308,7 @@ generate_repo_tarball() { get_redirect() { whiptail_set_redirect if [ "$REDIRECTINFO" = "OTHER" ]; then - whiptail_set_redirect_host + collect_redirect_host fi } @@ -1345,22 +1634,21 @@ network_init() { network_init_whiptail() { case "$setup_type" in 'iso') - whiptail_set_hostname + collect_hostname whiptail_management_nic whiptail_dhcp_or_static if [ "$address_type" != 'DHCP' ]; then - whiptail_management_interface_ip - whiptail_management_interface_mask - whiptail_management_interface_gateway - whiptail_management_interface_dns - whiptail_management_interface_dns_search + collect_int_ip_mask + collect_gateway + collect_dns + collect_dns_domain fi ;; 'network') whiptail_network_notice whiptail_dhcp_warn - whiptail_set_hostname + collect_hostname whiptail_management_nic ;; esac diff --git a/setup/so-setup b/setup/so-setup index 1a8a5d223..917273786 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -265,7 +265,7 @@ if ! [[ -f $install_opt_file ]]; then fi if [[ $is_minion ]]; then - whiptail_management_server + collect_mngr_hostname fi if [[ $is_minion ]] || [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then @@ -367,6 +367,10 @@ fi # Start user prompts +if [[ $is_helix ]]; then + collect_helix_key +fi + if [[ $is_helix || $is_sensor ]]; then whiptail_sensor_nics fi @@ -376,10 +380,10 @@ if [[ $is_helix || $is_sensor || $is_import ]]; then fi if [[ ! $is_import ]]; then - whiptail_patch_schedule + collect_patch_schedule fi -whiptail_homenet_manager +collect_homenet_mngr if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then set_base_heapsizes @@ -389,10 +393,10 @@ if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv if [ "$MANAGERADV" = 'ADVANCED' ]; then if [ "$install_type" = 'MANAGER' ] || [ "$install_type" = 'MANAGERSEARCH' ]; then - whiptail_manager_adv_escluster + collect_es_cluster_name fi fi - + whiptail_metadata_tool [[ $MANAGERADV == "ADVANCED" ]] && [[ $ZEEKVERSION == "ZEEK" ]] && whiptail_manager_adv_service_zeeklogs @@ -403,9 +407,8 @@ if [[ $is_manager && ! $is_eval ]]; then whiptail_rule_setup if [ "$RULESETUP" != 'ETOPEN' ]; then - whiptail_oinkcode + collect_oinkcode fi - fi if [[ $is_manager ]]; then @@ -419,7 +422,7 @@ if [[ $is_manager ]]; then info "Disabling Strelka rules: STRELKA='$STRELKA'" fi - whiptail_dockernet_check + collect_dockernet fi if [[ $is_manager || $is_import ]]; then @@ -439,28 +442,28 @@ if [[ $is_distmanager ]]; then fi if [[ $is_sensor && ! $is_eval ]]; then - whiptail_homenet_sensor + collect_homenet_snsr whiptail_sensor_config if [ $NSMSETUP == 'ADVANCED' ]; then [[ $ZEEKVERSION == "ZEEK" ]] && whiptail_zeek_pins whiptail_suricata_pins - whiptail_bond_nics_mtu + collect_mtu else - [[ $ZEEKVERSION == "ZEEK" ]] && whiptail_basic_zeek - whiptail_basic_suri + [[ $ZEEKVERSION == "ZEEK" ]] && collect_zeek + collect_suri fi fi if [[ $is_node && ! $is_eval ]]; then whiptail_node_advanced if [ "$NODESETUP" == 'NODEADVANCED' ]; then - whiptail_node_es_heap - whiptail_node_ls_heap - whiptail_node_ls_pipeline_worker - whiptail_node_ls_pipline_batchsize - whiptail_node_ls_input_threads - whiptail_cur_close_days - whiptail_log_size_limit + collect_node_es_heap + collect_node_ls_heap + collect_node_ls_pipeline_worker_count + collect_node_ls_pipeline_batch_size + collect_node_ls_input + collect_cur_close_days + collect_es_space_limit else NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE @@ -479,7 +482,7 @@ else FLEETNODEPASSWD1=$WEBPASSWD1 fi -if [[ $is_manager || $is_import ]]; then whiptail_so_allow; fi +if [[ $is_manager || $is_import ]]; then collect_so_allow; fi whiptail_make_changes diff --git a/setup/so-whiptail b/setup/so-whiptail index 0a72f1e3b..dd8083d55 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -75,7 +75,6 @@ whiptail_bond_nics_mtu() { local exitstatus=$? whiptail_check_exitstatus $exitstatus - } whiptail_cancel() { @@ -120,6 +119,8 @@ whiptail_create_admin_user() { ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \ "Please enter a username for a new system admin user: \nThe local onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_create_admin_user_password1() { @@ -300,20 +301,6 @@ whiptail_storage_requirements() { whiptail_check_exitstatus $exitstatus } -whiptail_invalid_pass_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75 -} - -whiptail_invalid_pass_characters_warning() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes, dollar signs, and backslashes from the password." 8 75 -} - whiptail_cur_close_days() { [ -n "$TESTING" ] && return @@ -391,11 +378,6 @@ whiptail_dockernet_check(){ whiptail --title "Security Onion Setup" --yesno \ "Do you want to keep the default Docker IP range? \n \n(Choose yes if you don't know what this means)" 10 75 - local exitstatus=$? - - if [[ $exitstatus == 1 ]]; then - whiptail_dockernet_net - fi } whiptail_dockernet_net() { @@ -495,32 +477,29 @@ whiptail_homenet_manager() { [ -n "$TESTING" ] && return HNMANAGER=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter your HOME_NET, separating CIDR blocks with a comma (,):" 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3) + "Enter your HOME_NET, separating CIDR blocks with a comma (,):" 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus export HNMANAGER } -whiptail_homenet_sensor() { - +whiptail_homenet_sensor_inherit() { [ -n "$TESTING" ] && return # Ask to inherit from manager whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Manager?" 8 75 +} - local exitstatus=$? +whiptail_homenet_sensor() { + [ -n "$TESTING" ] && return - if [ $exitstatus == 0 ]; then - export HNSENSOR=inherit - else - HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \ + HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter your HOME_NET, separating CIDR blocks with a comma (,):" 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus + local exitstatus=$? + whiptail_check_exitstatus $exitstatus - export HNSENSOR - fi + export HNSENSOR } whiptail_install_type() { @@ -602,6 +581,13 @@ whiptail_install_type_other() { export install_type } +whiptail_invalid_input() { # TODO: This should accept a list of arguments to specify what general pattern the input should follow + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --msgbox "Invalid input, please try again." 8 75 + +} + whiptail_invalid_pass_characters_warning() { [ -n "$TESTING" ] && return @@ -623,6 +609,18 @@ whiptail_invalid_user_warning() { whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75 } +whiptail_invalid_hostname() { + [ -n "$TESTING" ] && return + + local error_message + error_message=$(echo "Please choose a valid hostname. It cannot be localhost; and must contain only \ + the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \ + and hyphen ('-')" | tr -d '\t') + + whiptail --title "Security Onion Setup" \ + --msgbox "$error_message" 10 75 +} + whiptail_log_size_limit() { [ -n "$TESTING" ] && return @@ -692,6 +690,16 @@ whiptail_management_interface_gateway() { whiptail_check_exitstatus $exitstatus } +whiptail_management_interface_ip_mask() { + [ -n "$TESTING" ] && return + + manager_ip_mask=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter your IP address (with CIDR mask):" 10 60 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + whiptail_management_interface_ip() { [ -n "$TESTING" ] && return @@ -781,7 +789,6 @@ whiptail_net_setup_complete() { exit 0 } - whiptail_management_server() { [ -n "$TESTING" ] && return @@ -792,28 +799,6 @@ whiptail_management_server() { local exitstatus=$? whiptail_check_exitstatus $exitstatus - while [[ $MSRV == *'localhost'* || ! ( $MSRV =~ ^[a-zA-Z0-9\-]*$ ) ]] ; do - local error_message - error_message=$(echo "Please choose a valid hostname. It cannot contain localhost; and must contain only \ - the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \ - and hyphen ('-')" | tr -d '\t') - - whiptail --title "Security Onion Setup" \ - --msgbox "$error_message" 10 75 - - MSRV=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter your Manager Server hostname. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - done - - if ! getent hosts "$MSRV"; then - add_manager_hostfile - else - MSRVIP=$(getent hosts "$MSRV" | awk 'NR==1{print $1}') - fi - } # Ask if you want to do advanced setup of the Manager @@ -839,11 +824,6 @@ whiptail_manager_adv_escluster(){ whiptail --title "Security Onion Setup" --yesno \ "Do you want to set up a traditional ES cluster for using replicas and/or Hot-Warm indices? Recommended only for those who have experience with ES clustering! " 12 75 - local exitstatus=$? - - if [[ $exitstatus == 0 ]]; then - whiptail_manager_adv_escluster_name - fi } # Get a cluster name @@ -1012,24 +992,24 @@ whiptail_node_ls_heap() { } -whiptail_node_ls_pipeline_worker() { +whiptail_node_ls_pipline_batchsize() { [ -n "$TESTING" ] && return - LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3) + LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \ + "\nEnter Logstash pipeline batch size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus } -whiptail_node_ls_pipline_batchsize() { +whiptail_node_ls_pipeline_worker() { [ -n "$TESTING" ] && return - LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3) + LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \ + "\nEnter number of Logstash pipeline workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -1041,7 +1021,7 @@ whiptail_node_ls_input_threads() { [ -n "$TESTING" ] && return LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3) + "\nEnter number of Logstash input threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -1078,16 +1058,6 @@ whiptail_patch_name_new_schedule() { local exitstatus=$? whiptail_check_exitstatus $exitstatus - - while [[ -z "$PATCHSCHEDULENAME" ]]; do - whiptail --title "Security Onion Setup" --msgbox "Please enter a name for this OS patch schedule." 8 75 - PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \ - "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the manager under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - done - - } whiptail_patch_schedule() { @@ -1104,27 +1074,6 @@ whiptail_patch_schedule() { local exitstatus=$? whiptail_check_exitstatus $exitstatus - - - case $patch_schedule in - 'New Schedule') - whiptail_patch_schedule_select_days - whiptail_patch_schedule_select_hours - whiptail_patch_name_new_schedule - patch_schedule_os_new - ;; - 'Import Schedule') - whiptail_patch_schedule_import - ;; - 'Automatic') - PATCHSCHEDULENAME='auto' - ;; - 'Manual') - PATCHSCHEDULENAME='manual' - ;; - esac - - } whiptail_patch_schedule_import() { @@ -1304,32 +1253,11 @@ whiptail_set_hostname() { [ -n "$TESTING" ] && return - HOSTNAME=$(cat /etc/hostname) - - if [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi - HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3) + "Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus - - while [[ $HOSTNAME == *'localhost'* || ! ( $HOSTNAME =~ ^[a-zA-Z0-9\-]*$ ) ]] ; do - local error_message - error_message=$(echo "Please choose a valid hostname. It cannot contain localhost; and must contain only \ - the ASCII letters 'a' through 'z' (case-insensitive), the digits '0' through '9', \ - and hyphen ('-')" | tr -d '\t') - - whiptail --title "Security Onion Setup" \ - --msgbox "$error_message" 10 75 - - HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3) - - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - done - } whiptail_set_redirect() { @@ -1350,7 +1278,7 @@ whiptail_set_redirect_host() { [ -n "$TESTING" ] && return REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the Hostname or IP you would like to use for the web interface:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3) + "Enter the Hostname, IP, or FQDN you would like to use for the web interface:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus } @@ -1412,25 +1340,25 @@ whiptail_shard_count() { } -whiptail_so_allow() { - +whiptail_so_allow_yesno() { [ -n "$TESTING" ] && return whiptail --title "Security Onion Setup" \ - --yesno "Do you want to run so-allow to allow access to the web tools?" \ - 8 75 + --yesno "Do you want to run so-allow to allow access to the web tools?" \ + 8 75 +} - local exitstatus=$? +whiptail_so_allow() { - if [[ $exitstatus == 0 ]]; then - ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \ + [ -n "$TESTING" ] && return + + ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \ --inputbox "Enter a single IP address or an IP range, in CIDR notation, to allow:" \ 10 75 3>&1 1>&2 2>&3) - local exitstatus=$? - - export ALLOW_ROLE='a' - export ALLOW_CIDR - fi + local exitstatus=$? + + export ALLOW_ROLE='a' + export ALLOW_CIDR } whiptail_storage_requirements() {