[feat] Add input validation to inputbox whiptail prompts

This commit is contained in:
William Wernert
2021-01-12 11:02:33 -05:00
parent 0dc0780e28
commit 5d077d278e
3 changed files with 393 additions and 174 deletions

View File

@@ -75,7 +75,6 @@ whiptail_bond_nics_mtu() {
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_cancel() {
@@ -120,6 +119,8 @@ whiptail_create_admin_user() {
ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
"Please enter a username for a new system admin user: \nThe local onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_create_admin_user_password1() {
@@ -300,20 +301,6 @@ whiptail_storage_requirements() {
whiptail_check_exitstatus $exitstatus
}
whiptail_invalid_pass_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75
}
whiptail_invalid_pass_characters_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Password is invalid. Please exclude single quotes, double quotes, dollar signs, and backslashes from the password." 8 75
}
whiptail_cur_close_days() {
[ -n "$TESTING" ] && return
@@ -391,11 +378,6 @@ whiptail_dockernet_check(){
whiptail --title "Security Onion Setup" --yesno \
"Do you want to keep the default Docker IP range? \n \n(Choose yes if you don't know what this means)" 10 75
local exitstatus=$?
if [[ $exitstatus == 1 ]]; then
whiptail_dockernet_net
fi
}
whiptail_dockernet_net() {
@@ -495,32 +477,29 @@ whiptail_homenet_manager() {
[ -n "$TESTING" ] && return
HNMANAGER=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your HOME_NET, separating CIDR blocks with a comma (,):" 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
"Enter your HOME_NET, separating CIDR blocks with a comma (,):" 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
export HNMANAGER
}
whiptail_homenet_sensor() {
whiptail_homenet_sensor_inherit() {
[ -n "$TESTING" ] && return
# Ask to inherit from manager
whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Manager?" 8 75
}
local exitstatus=$?
whiptail_homenet_sensor() {
[ -n "$TESTING" ] && return
if [ $exitstatus == 0 ]; then
export HNSENSOR=inherit
else
HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your HOME_NET, separating CIDR blocks with a comma (,):" 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
export HNSENSOR
fi
export HNSENSOR
}
whiptail_install_type() {
@@ -602,6 +581,13 @@ whiptail_install_type_other() {
export install_type
}
whiptail_invalid_input() { # TODO: This should accept a list of arguments to specify what general pattern the input should follow
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Invalid input, please try again." 8 75
}
whiptail_invalid_pass_characters_warning() {
[ -n "$TESTING" ] && return
@@ -623,6 +609,18 @@ whiptail_invalid_user_warning() {
whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
}
whiptail_invalid_hostname() {
[ -n "$TESTING" ] && return
local error_message
error_message=$(echo "Please choose a valid hostname. It cannot be localhost; and must contain only \
the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \
and hyphen ('-')" | tr -d '\t')
whiptail --title "Security Onion Setup" \
--msgbox "$error_message" 10 75
}
whiptail_log_size_limit() {
[ -n "$TESTING" ] && return
@@ -692,6 +690,16 @@ whiptail_management_interface_gateway() {
whiptail_check_exitstatus $exitstatus
}
whiptail_management_interface_ip_mask() {
[ -n "$TESTING" ] && return
manager_ip_mask=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your IP address (with CIDR mask):" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_management_interface_ip() {
[ -n "$TESTING" ] && return
@@ -781,7 +789,6 @@ whiptail_net_setup_complete() {
exit 0
}
whiptail_management_server() {
[ -n "$TESTING" ] && return
@@ -792,28 +799,6 @@ whiptail_management_server() {
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [[ $MSRV == *'localhost'* || ! ( $MSRV =~ ^[a-zA-Z0-9\-]*$ ) ]] ; do
local error_message
error_message=$(echo "Please choose a valid hostname. It cannot contain localhost; and must contain only \
the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \
and hyphen ('-')" | tr -d '\t')
whiptail --title "Security Onion Setup" \
--msgbox "$error_message" 10 75
MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your Manager Server hostname. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
if ! getent hosts "$MSRV"; then
add_manager_hostfile
else
MSRVIP=$(getent hosts "$MSRV" | awk 'NR==1{print $1}')
fi
}
# Ask if you want to do advanced setup of the Manager
@@ -839,11 +824,6 @@ whiptail_manager_adv_escluster(){
whiptail --title "Security Onion Setup" --yesno \
"Do you want to set up a traditional ES cluster for using replicas and/or Hot-Warm indices? Recommended only for those who have experience with ES clustering! " 12 75
local exitstatus=$?
if [[ $exitstatus == 0 ]]; then
whiptail_manager_adv_escluster_name
fi
}
# Get a cluster name
@@ -1012,24 +992,24 @@ whiptail_node_ls_heap() {
}
whiptail_node_ls_pipeline_worker() {
whiptail_node_ls_pipline_batchsize() {
[ -n "$TESTING" ] && return
LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3)
LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter Logstash pipeline batch size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_pipline_batchsize() {
whiptail_node_ls_pipeline_worker() {
[ -n "$TESTING" ] && return
LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter number of Logstash pipeline workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1041,7 +1021,7 @@ whiptail_node_ls_input_threads() {
[ -n "$TESTING" ] && return
LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)
"\nEnter number of Logstash input threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1078,16 +1058,6 @@ whiptail_patch_name_new_schedule() {
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [[ -z "$PATCHSCHEDULENAME" ]]; do
whiptail --title "Security Onion Setup" --msgbox "Please enter a name for this OS patch schedule." 8 75
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
"What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the manager under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
}
whiptail_patch_schedule() {
@@ -1104,27 +1074,6 @@ whiptail_patch_schedule() {
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
case $patch_schedule in
'New Schedule')
whiptail_patch_schedule_select_days
whiptail_patch_schedule_select_hours
whiptail_patch_name_new_schedule
patch_schedule_os_new
;;
'Import Schedule')
whiptail_patch_schedule_import
;;
'Automatic')
PATCHSCHEDULENAME='auto'
;;
'Manual')
PATCHSCHEDULENAME='manual'
;;
esac
}
whiptail_patch_schedule_import() {
@@ -1304,32 +1253,11 @@ whiptail_set_hostname() {
[ -n "$TESTING" ] && return
HOSTNAME=$(cat /etc/hostname)
if [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi
HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
"Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [[ $HOSTNAME == *'localhost'* || ! ( $HOSTNAME =~ ^[a-zA-Z0-9\-]*$ ) ]] ; do
local error_message
error_message=$(echo "Please choose a valid hostname. It cannot contain localhost; and must contain only \
the ASCII letters 'a' through 'z' (case-insensitive), the digits '0' through '9', \
and hyphen ('-')" | tr -d '\t')
whiptail --title "Security Onion Setup" \
--msgbox "$error_message" 10 75
HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the hostname (not FQDN) you would like to set:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
}
whiptail_set_redirect() {
@@ -1350,7 +1278,7 @@ whiptail_set_redirect_host() {
[ -n "$TESTING" ] && return
REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the Hostname or IP you would like to use for the web interface:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
"Enter the Hostname, IP, or FQDN you would like to use for the web interface:" 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
@@ -1412,25 +1340,25 @@ whiptail_shard_count() {
}
whiptail_so_allow() {
whiptail_so_allow_yesno() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" \
--yesno "Do you want to run so-allow to allow access to the web tools?" \
8 75
--yesno "Do you want to run so-allow to allow access to the web tools?" \
8 75
}
local exitstatus=$?
whiptail_so_allow() {
if [[ $exitstatus == 0 ]]; then
ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \
[ -n "$TESTING" ] && return
ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \
--inputbox "Enter a single IP address or an IP range, in CIDR notation, to allow:" \
10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
export ALLOW_ROLE='a'
export ALLOW_CIDR
fi
local exitstatus=$?
export ALLOW_ROLE='a'
export ALLOW_CIDR
}
whiptail_storage_requirements() {