CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Network Install Script updates

Browse Source
This commit is contained in:
Mike Reeves
2018-02-05 15:40:26 -05:00
parent 73285f321e
commit 61cd13690d
1 changed files with 27 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
so-setup-network.sh
View File

@@ -46,6 +46,8 @@ if (whiptail --title "Security Onion Setup" --yesno "Are you sure you want to in
if [ $INSTALLTYPE != 'SENSORONLY' ]; then if [ $INSTALLTYPE != 'SENSORONLY' ]; then
# Get pulled pork info # Get pulled pork info
# Set password for socore
fi fi
######################### #########################
@@ -100,21 +102,36 @@ if (whiptail --title "Security Onion Setup" --yesno "Are you sure you want to in
# Create so-core user # Create so-core user
mkdir -p /opt/so/conf mkdir -p /opt/so/conf
mkdir -p /opt/so/saltstack/salt
mkdir -p /opt/so/saltstack/pillar # Create the salt directories if this isn't a stadnalone sensor
if [ $INSTALLTYPE != 'SENSORONLY' ]; then
mkdir -p /opt/so/saltstack/salt
mkdir -p /opt/so/saltstack/pillar
fi
# Add socore user to the system
groupadd --gid 939 socore groupadd --gid 939 socore
$ADDUSER --uid 939 --gid 939 --home-dir /opt/so --no-create-home socore $ADDUSER --uid 939 --gid 939 --home-dir /opt/so --no-create-home socore
chown -R 939:939 /opt/so chown -R 939:939 /opt/so
# Add the grain # Add the grain on the sensor
# Create the sls file
# Create the salt goodness
if [ $INSTALLTYPE == 'SENSORONLY' ]; then if [ $INSTALLTYPE == 'SENSORONLY' ]; then
#Do the grains file # Create the grains file for the sensor
touch /etc/salt/grain
echo "grains:" > /etc/salt/grains
echo " role: so-sensor" >> /etc/salt/gains
# Start the salt agent
service salt-minion start service salt-minion start
# Do a checkin so the key gets there. Need to add some error checking here
salt-call state.highstate salt-call state.highstate
# Create the pillar file for the sensor
touch /tmp/$HOSTNAME.sls touch /tmp/$HOSTNAME.sls
echo "sensor:" > /tmp/$HOSTNAME.sls echo "sensor:" > /tmp/$HOSTNAME.sls
echo " interface: bond0" >> /tmp/$HOSTNAME echo " interface: bond0" >> /tmp/$HOSTNAME
@@ -125,11 +142,14 @@ if (whiptail --title "Security Onion Setup" --yesno "Are you sure you want to in
# Accept the key on the master # Accept the key on the master
ssh socore@$MASTERSRV 'sudo salt-key -qa $HOSTNAME' ssh socore@$MASTERSRV 'sudo salt-key -qa $HOSTNAME'
# Grab the ssl key for lumberjack from the master
scp socore@$MASTERSRV:/some/path /some/path
fi fi
##MASTER ##MASTER
# Add salt-key to suduers file for socore with no password required # Add salt-key to sudoers file for socore with no password required
# They did not want to do the install # They did not want to do the install
else else