From 61a7efeeab323cb255d907ba4c38c41cb5313c54 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Fri, 5 Mar 2021 10:54:01 -0500
Subject: [PATCH] fix: syntax error in reserved ports configuration; ensure
 ports are reserved prior to setup

---
 salt/common/files/99-reserved-ports.conf |  2 +-
 setup/so-functions                       | 10 ++++++++++
 setup/so-setup                           |  2 ++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/salt/common/files/99-reserved-ports.conf b/salt/common/files/99-reserved-ports.conf
index a578ab9a5..a846341a5 100644
--- a/salt/common/files/99-reserved-ports.conf
+++ b/salt/common/files/99-reserved-ports.conf
@@ -1 +1 @@
-net.ipv4.ip_local_reserved_ports="55000,57314"
+net.ipv4.ip_local_reserved_ports=55000,57314
diff --git a/setup/so-functions b/setup/so-functions
index 21602f320..c48f08819 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1792,6 +1792,16 @@ reserve_group_ids() {
 	groupadd -g 946 cyberchef
 }
 
+reserve_ports() {
+	# These are also set via salt but need to be set pre-install to avoid conflicts before salt runs
+	if ! sysctl net.ipv4.ip_local_reserved_ports | grep 55000 | grep 57314; then
+		echo "Reserving ephemeral ports used by Security Onion components to avoid collisions"
+		sysctl -w net.ipv4.ip_local_reserved_ports="55000,57314"
+	else
+		echo "Ephemeral ports already reserved"
+	fi
+}
+
 reinstall_init() {
 	info "Putting system in state to run setup again"
 	
diff --git a/setup/so-setup b/setup/so-setup
index 65fbbe16e..0af49af53 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -550,6 +550,8 @@ set_redirect >> $setup_log 2>&1
 	# Show initial progress message
 	set_progress_str 0 'Running initial configuration steps'
 
+	reserve_ports
+	
 	set_path
 
 	if [[ $is_reinstall ]]; then