CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9384 from Security-Onion-Solutions/2.4/streamline-setup

Browse Source 
miscellaneous improvements for 2.4
This commit is contained in:
Doug Burks
2022-12-13 13:43:31 -05:00
committed by GitHub
parent 09b012ad4e 07df9ad0e0
commit 61c976f8a6
8 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/common/tools/sbin/so-analyst-install
View File

@@ -6,7 +6,7 @@
# Elastic License 2.0. # Elastic License 2.0.
doc_workstation_url="https://docs.securityonion.net/en/2.3/analyst-vm.html" doc_workstation_url="https://docs.securityonion.net/en/2.4/analyst-vm.html"
{# we only want the script to install the workstation if it is CentOS -#} {# we only want the script to install the workstation if it is CentOS -#}
{% if grains.os == 'CentOS' -%} {% if grains.os == 'CentOS' -%}
{# if this is a manager -#} {# if this is a manager -#}

4
salt/common/tools/sbin/so-common
View File

@@ -155,11 +155,11 @@ elastic_license() {
read -r -d '' message <<- EOM read -r -d '' message <<- EOM
\n \n
Elastic Stack binaries and Security Onion components are only available under the Elastic License version 2 (ELv2): Elastic Stack binaries and Security Onion components are only available under the Elastic License version 2 (ELv2):
https://www.elastic.co/licensing/elastic-license https://securityonion.net/license/
Do you agree to the terms of ELv2? Do you agree to the terms of ELv2?
If so, type AGREE to accept ELv2 and continue. Otherwise, press Enter to exit this program without making any changes. If so, type AGREE to accept ELv2 and continue. Otherwise, press Enter to exit this program without making any changes.
EOM EOM
AGREED=$(whiptail --title "$whiptail_title" --inputbox \ AGREED=$(whiptail --title "$whiptail_title" --inputbox \

2
salt/common/tools/sbin/so-import-evtx
View File

@@ -158,7 +158,7 @@ cat << EOF
Import complete! Import complete!
You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser: You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
https://{{ URLBASE }}/#/dashboards?q=import.id:${RUNID}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC https://{{ URLBASE }}/#/dashboards?q=import.id:${RUNID}%20%7C%20groupby%20-sankey%20event.dataset%20event.category%2a%20%7C%20groupby%20-pie%20event.category%20%7C%20groupby%20-bar%20event.module%20%7C%20groupby%20event.dataset%20%7C%20groupby%20event.module%20%7C%20groupby%20event.category%20%7C%20groupby%20observer.name%20%7C%20groupby%20source.ip%20%7C%20groupby%20destination.ip%20%7C%20groupby%20destination.port&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
or you can manually set your Time Range to be (in UTC): or you can manually set your Time Range to be (in UTC):
From: $START_OLDEST_FORMATTED To: $END_NEWEST From: $START_OLDEST_FORMATTED To: $END_NEWEST

2
salt/common/tools/sbin/so-import-pcap
View File

@@ -206,7 +206,7 @@ cat << EOF
Import complete! Import complete!
You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser: You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser:
https://{{ URLBASE }}/#/dashboards?q=import.id:${HASH}%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC https://{{ URLBASE }}/#/dashboards?q=import.id:${HASH}%20%7C%20groupby%20-sankey%20event.dataset%20event.category%2a%20%7C%20groupby%20-pie%20event.category%20%7C%20groupby%20-bar%20event.module%20%7C%20groupby%20event.dataset%20%7C%20groupby%20event.module%20%7C%20groupby%20event.category%20%7C%20groupby%20observer.name%20%7C%20groupby%20source.ip%20%7C%20groupby%20destination.ip%20%7C%20groupby%20destination.port&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM&z=UTC
or you can manually set your Time Range to be (in UTC): or you can manually set your Time Range to be (in UTC):
From: $START_OLDEST To: $END_NEWEST From: $START_OLDEST To: $END_NEWEST

12
salt/common/tools/sbin/soup
View File

@@ -47,7 +47,7 @@ check_err() {
;; ;;
28) 28)
echo 'No space left on device' echo 'No space left on device'
echo 'Likely ran out of space on disk, please review hardware requirements for Security Onion: https://docs.securityonion.net/en/2.3/hardware.html' echo 'Likely ran out of space on disk, please review hardware requirements for Security Onion: https://docs.securityonion.net/en/2.4/hardware.html'
;; ;;
30) 30)
echo 'Read-only file system' echo 'Read-only file system'
@@ -357,7 +357,7 @@ clone_to_tmp() {
git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git
cd /tmp cd /tmp
if [ ! -f $UPDATE_DIR/VERSION ]; then if [ ! -f $UPDATE_DIR/VERSION ]; then
echo "Update was unable to pull from github. Please check your internet." echo "Update was unable to pull from Github. Please check your Internet access."
exit 0 exit 0
fi fi
} }
@@ -458,7 +458,7 @@ es_indices_check() {
if [ -z "$UNSUPPORTED_INDICES" ]; then if [ -z "$UNSUPPORTED_INDICES" ]; then
echo "No unsupported indices found." echo "No unsupported indices found."
else else
echo "The following indices were created with Elasticsearch 6, and are not supported when upgrading to Elasticsearch 8. These indices may need to be deleted, migrated, or re-indexed before proceeding with the upgrade. Please see https://docs.securityonion.net/en/2.3/soup.html#elastic-8 for more details." echo "The following indices were created with Elasticsearch 6, and are not supported when upgrading to Elasticsearch 8. These indices may need to be deleted, migrated, or re-indexed before proceeding with the upgrade. Please see https://docs.securityonion.net/en/2.4/soup.html#elastic-8 for more details."
echo echo
echo "$UNSUPPORTED_INDICES" echo "$UNSUPPORTED_INDICES"
exit 1 exit 1
@@ -1411,7 +1411,7 @@ Each minion is on a random 15 minute check-in period and things like network ban
If it looks like youre missing data after the upgrade, please avoid restarting services and instead make sure at least one search node has completed its upgrade. The best way to do this is to run 'sudo salt-call state.highstate' from a search node and make sure there are no errors. Typically if it works on one node it will work on the rest. Forward nodes are less complex and will update as they check in so you can monitor those from the Grid section of SOC. If it looks like youre missing data after the upgrade, please avoid restarting services and instead make sure at least one search node has completed its upgrade. The best way to do this is to run 'sudo salt-call state.highstate' from a search node and make sure there are no errors. Typically if it works on one node it will work on the rest. Forward nodes are less complex and will update as they check in so you can monitor those from the Grid section of SOC.
For more information, please see https://docs.securityonion.net/en/2.3/soup.html#distributed-deployments. For more information, please see https://docs.securityonion.net/en/2.4/soup.html#distributed-deployments.
EOF EOF
@@ -1425,7 +1425,7 @@ EOF
A custom Elasticsearch configuration has been found at /opt/so/saltstack/local/elasticsearch/files/elasticsearch.yml. This file is no longer referenced in Security Onion versions >= 2.3.80. A custom Elasticsearch configuration has been found at /opt/so/saltstack/local/elasticsearch/files/elasticsearch.yml. This file is no longer referenced in Security Onion versions >= 2.3.80.
If you still need those customizations, you'll need to manually migrate them to the new Elasticsearch config as shown at https://docs.securityonion.net/en/2.3/elasticsearch.html. If you still need those customizations, you'll need to manually migrate them to the new Elasticsearch config as shown at https://docs.securityonion.net/en/2.4/elasticsearch.html.
EOF EOF
@@ -1472,7 +1472,7 @@ if [[ -z $UNATTENDED ]]; then
SOUP - Security Onion UPdater SOUP - Security Onion UPdater
Please review the following for more information about the update process and recent updates: Please review the following for more information about the update process and recent updates:
https://docs.securityonion.net/soup https://docs.securityonion.net/en/2.4/soup.html
https://blog.securityonion.net https://blog.securityonion.net
EOF EOF

6
setup/so-functions
View File

@@ -99,7 +99,7 @@ analyst_salt_local() {
read -r -d '' message <<- EOM read -r -d '' message <<- EOM
Finished Analyst workstation installation. Finished Analyst workstation installation.
Press ENTER to reboot. Press the Enter key to reboot.
EOM EOM
whiptail --title "$whiptail_title" --msgbox "$message" 12 75 whiptail --title "$whiptail_title" --msgbox "$message" 12 75
@@ -1541,7 +1541,7 @@ networking_needful() {
source "$net_init_file" source "$net_init_file"
fi fi
if [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then if [[ $reinit_networking ]] || ! [[ -f $net_init_file ]]; then
whiptail_network_init_notice #whiptail_network_init_notice
network_init network_init
fi fi
set_main_ip set_main_ip
@@ -2003,7 +2003,7 @@ set_main_ip() {
info "ERROR: Could not determine MAINIP or MNIC_IP." info "ERROR: Could not determine MAINIP or MNIC_IP."
info "MAINIP=$MAINIP" info "MAINIP=$MAINIP"
info "MNIC_IP=$MNIC_IP" info "MNIC_IP=$MNIC_IP"
whiptail_error_message "The management IP could not be determined. Please check the log at /root/sosetup.log and verify the network configuration. Press OK to exit." whiptail_error_message "The management IP could not be determined. Please check the log at /root/sosetup.log and verify the network configuration. Select OK to exit."
exit 1 exit 1
fi fi
sleep 1 sleep 1

4
setup/so-setup
View File

@@ -272,7 +272,7 @@ if ! [[ -f $install_opt_file ]]; then
whiptail_dhcp_warn whiptail_dhcp_warn
whiptail_management_nic whiptail_management_nic
fi fi
whiptail_network_init_notice #whiptail_network_init_notice
# Initializing the network based on the previous information # Initializing the network based on the previous information
network_init network_init
printf '%s\n' \ printf '%s\n' \
@@ -287,7 +287,7 @@ if ! [[ -f $install_opt_file ]]; then
if [[ $option == "CONFIGURENETWORK" ]]; then if [[ $option == "CONFIGURENETWORK" ]]; then
collect_hostname collect_hostname
network_init_whiptail network_init_whiptail
whiptail_network_init_notice #whiptail_network_init_notice
network_init network_init
printf '%s\n' \ printf '%s\n' \
"MNIC=$MNIC" \ "MNIC=$MNIC" \

38
setup/so-whiptail
View File

@@ -244,7 +244,7 @@ whiptail_storage_requirements() {
You need ${needed_val} to meet minimum requirements. You need ${needed_val} to meet minimum requirements.
Visit https://docs.securityonion.net/en/latest/hardware.html for more information. Visit https://docs.securityonion.net/en/2.4/hardware.html for more information.
Select YES to continue anyway, or select NO to cancel. Select YES to continue anyway, or select NO to cancel.
EOM EOM
@@ -284,7 +284,7 @@ whiptail_dhcp_warn() {
local interaction_text="Select YES to keep DHCP or NO to go back." local interaction_text="Select YES to keep DHCP or NO to go back."
local window_type="yesno" local window_type="yesno"
else else
local interaction_text="Press ENTER to continue." local interaction_text="Press the Enter key to continue."
local window_type="msgbox" local window_type="msgbox"
fi fi
@@ -422,7 +422,7 @@ whiptail_end_settings() {
read -r -d '' msg <<-EOM read -r -d '' msg <<-EOM
$end_msg $end_msg
Press TAB to select yes or no. Press the Tab key to select yes or no.
EOM EOM
whiptail --title "The following options have been set, would you like to proceed?" --yesno "$msg" 24 75 --scrolltext whiptail --title "The following options have been set, would you like to proceed?" --yesno "$msg" 24 75 --scrolltext
@@ -460,7 +460,7 @@ whiptail_install_type() {
# What kind of install are we doing? # What kind of install are we doing?
install_type=$(whiptail --title "$whiptail_title" --radiolist \ install_type=$(whiptail --title "$whiptail_title" --radiolist \
"Choose install type. \nSee https://docs.securityonion.net/architecture for details." 13 65 5 \ "What kind of installation would you like to do?\n\nFor more information, please see:\nhttps://docs.securityonion.net/en/2.4/architecture.html" 18 65 5 \
"EVAL" "Evaluation mode (not for production) " ON \ "EVAL" "Evaluation mode (not for production) " ON \
"STANDALONE" "Standalone production install " OFF \ "STANDALONE" "Standalone production install " OFF \
"DISTRIBUTED" "Distributed install submenu " OFF \ "DISTRIBUTED" "Distributed install submenu " OFF \
@@ -508,7 +508,7 @@ whiptail_install_type_dist_new() {
read -r -d '' mngr_msg <<- EOM read -r -d '' mngr_msg <<- EOM
Choose a distributed manager type to start a new grid. Choose a distributed manager type to start a new grid.
See https://docs.securityonion.net/architecture for details. See https://docs.securityonion.net/en/2.4/architecture.html for details.
Note: MANAGER is the recommended option for most users. MANAGERSEARCH should only be used in very specific situations. Note: MANAGER is the recommended option for most users. MANAGERSEARCH should only be used in very specific situations.
EOM EOM
@@ -528,7 +528,7 @@ whiptail_install_type_dist_existing() {
local node_msg local node_msg
read -r -d '' node_msg <<- EOM read -r -d '' node_msg <<- EOM
Choose a distributed node type to join to an existing grid. See https://docs.securityonion.net/architecture for details. Choose a distributed node type to join to an existing grid. See https://docs.securityonion.net/en/2.4/architecture.html for details.
Note: Heavy nodes (HEAVYNODE) are NOT recommended for most users. Note: Heavy nodes (HEAVYNODE) are NOT recommended for most users.
EOM EOM
@@ -776,13 +776,13 @@ whiptail_management_nic() {
filter_unused_nics filter_unused_nics
MNIC=$(whiptail --title "$whiptail_title" --radiolist "Please select your management NIC:" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) MNIC=$(whiptail --title "$whiptail_title" --radiolist "Please select the NIC you would like to use for management.\n\nUse the arrow keys to move around and the space bar to select." 22 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
while [ -z "$MNIC" ] while [ -z "$MNIC" ]
do do
MNIC=$(whiptail --title "$whiptail_title" --radiolist "Please select your management NIC:" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 ) MNIC=$(whiptail --title "$whiptail_title" --radiolist "Please select the NIC you would like to use for management.\n\nUse the arrow keys to move around and the space bar to select." 22 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
done done
@@ -929,7 +929,7 @@ whiptail_manager_updates_warning() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "$whiptail_title"\ whiptail --title "$whiptail_title"\
--msgbox "Updating through the manager node requires the manager to have internet access, press ENTER to continue."\ --msgbox "Updating through the manager node requires the manager to have access to the Internet. Press the Enter key to continue."\
8 75 8 75
local exitstatus=$? local exitstatus=$?
@@ -986,7 +986,7 @@ whiptail_network_notice() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "$whiptail_title" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Select YES to continue." 8 75 whiptail --title "$whiptail_title" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Select Yes if you've already configured these settings. Otherwise, select No to quit." 10 75
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -1115,7 +1115,7 @@ whiptail_requirements_error() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return
whiptail --title "$whiptail_title" \ whiptail --title "$whiptail_title" \
--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 10 75 --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select YES to continue anyway, or select NO to cancel." 10 75
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -1198,7 +1198,7 @@ whiptail_set_redirect() {
options+=("OTHER" "Use a different name like a FQDN or Load Balancer" OFF) options+=("OTHER" "Use a different name like a FQDN or Load Balancer" OFF)
REDIRECTINFO=$(whiptail --title "$whiptail_title" --radiolist \ REDIRECTINFO=$(whiptail --title "$whiptail_title" --radiolist \
"How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \ "How would you like to access the web interface?\n\nWhatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \
"${options[@]}" \ "${options[@]}" \
3>&1 1>&2 2>&3 3>&1 1>&2 2>&3
) )
@@ -1237,7 +1237,7 @@ whiptail_setup_complete() {
read -r -d '' message <<- EOM read -r -d '' message <<- EOM
Finished ${install_type} installation. Finished ${install_type} installation.
$accessMessage $accessMessage
Press ENTER to exit setup. Press the Enter key to exit setup.
EOM EOM
whiptail --title "$whiptail_title" --msgbox "$message" 12 75 whiptail --title "$whiptail_title" --msgbox "$message" 12 75
@@ -1257,7 +1257,7 @@ whiptail_setup_failed() {
read -r -d '' message <<- EOM read -r -d '' message <<- EOM
Install had a problem. Please see $setup_log for details.\n Install had a problem. Please see $setup_log for details.\n
$check_err_msg $check_err_msg
Press Ok to exit. Select Ok to exit.
EOM EOM
whiptail --title "$whiptail_title" --msgbox "$message" $height 75 whiptail --title "$whiptail_title" --msgbox "$message" $height 75
@@ -1298,9 +1298,9 @@ whiptail_storage_requirements() {
You need ${needed_val} to meet minimum requirements. You need ${needed_val} to meet minimum requirements.
Visit https://docs.securityonion.net/en/latest/hardware.html for more information. Visit https://docs.securityonion.net/en/2.4/hardware.html for more information.
Press YES to continue anyway, or press NO to cancel. Select YES to continue anyway, or select NO to cancel.
EOM EOM
whiptail \ whiptail \
@@ -1350,10 +1350,10 @@ whiptail_you_sure() {
read -r -d '' you_sure_text <<- EOM read -r -d '' you_sure_text <<- EOM
Welcome to Security Onion Setup! Welcome to Security Onion Setup!
You can use Setup for several different use cases, from a small standalone installation to a large distributed deployment for your enterprise. Don't forget to review the documentation at: You can use Setup for several different use cases, from a small standalone installation to a large distributed deployment for your enterprise. You can learn more in the documentation at:
https://docs.securityonion.net https://docs.securityonion.net/en/2.4/
Setup uses keyboard navigation and you can use arrow keys to move around. Certain screens may provide a list and ask you to select one or more items from that list. You can use [SPACE] to select items and [ENTER] to proceed to the next screen. Setup uses keyboard navigation and you can use arrow keys to move around. Certain screens may provide a list and ask you to select one or more items from that list. You can use the Space bar to select items and the Enter key to proceed to the next screen.
Would you like to continue? Would you like to continue?
EOM EOM