CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10433 from Security-Onion-Solutions/kilo

Browse Source 
Use common fail routine when explicitly aborting setup; Enhance cloud detection
This commit is contained in:
Jason Ertel
2023-05-26 09:54:15 -04:00
committed by GitHub
parent bcbdab1682 8f247f962a
commit 657ef97d17
2 changed files with 36 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
setup/so-functions
View File

@@ -28,6 +28,12 @@ title() {
echo -e "\n-----------------------------\n $1\n-----------------------------\n" >> "$setup_log" 2>&1 echo -e "\n-----------------------------\n $1\n-----------------------------\n" >> "$setup_log" 2>&1
} }
fail_setup() {
error "Setup encounted an unrecoverable failure, exiting"
touch /root/failure
exit 1
}
logCmd() { logCmd() {
cmd=$1 cmd=$1
info "Executing command: $cmd" info "Executing command: $cmd"
@@ -796,7 +802,7 @@ compare_main_nic_ip() {
EOM EOM
[[ -n $TESTING ]] || whiptail --title "$whiptail_title" --msgbox "$message" 11 75 [[ -n $TESTING ]] || whiptail --title "$whiptail_title" --msgbox "$message" 11 75
kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1 kill -SIGINT "$(ps --pid $$ -oppid=)"; fail_setup
fi fi
else else
# Setup uses MAINIP, but since we ignore the equality condition when using a VPN # Setup uses MAINIP, but since we ignore the equality condition when using a VPN
@@ -921,9 +927,10 @@ create_repo() {
detect_cloud() { detect_cloud() {
info "Testing if setup is running on a cloud instance..." info "Testing if setup is running on a cloud instance..."
if dmidecode -s bios-version | grep -q amazon || \ if [ -f /etc/SOCLOUD ] || \
dmidecode -s bios-vendor | grep -q Amazon || \ dmidecode -s bios-version 2>&1 | grep -q amazon || \
dmidecode -s bios-vendor | grep -q Google || \ dmidecode -s bios-vendor 2>&1 | grep -q Amazon || \
dmidecode -s bios-vendor 2>&1 | grep -q Google || \
[ -f /var/log/waagent.log ]; then [ -f /var/log/waagent.log ]; then
info "Detected a cloud installation..." info "Detected a cloud installation..."
@@ -943,7 +950,7 @@ detect_os() {
pkgman="dnf" pkgman="dnf"
else else
info "We do not support the operating system you are trying to use." info "We do not support the operating system you are trying to use."
exit 1 fail_setup
fi fi
elif [ -f /etc/os-release ]; then elif [ -f /etc/os-release ]; then
@@ -953,12 +960,12 @@ detect_os() {
is_ubuntu=true is_ubuntu=true
else else
info "We do not support your current version of Ubuntu." info "We do not support your current version of Ubuntu."
exit 1 fail_setup
fi fi
else else
info "We were unable to determine if you are using a supported OS." info "We were unable to determine if you are using a supported OS."
exit 1 fail_setup
fi fi
info "Found OS: $OS $OSVER" info "Found OS: $OS $OSVER"
@@ -981,7 +988,7 @@ download_elastic_agent_artifacts() {
info "Elastic Agent source hash is good." info "Elastic Agent source hash is good."
else else
info "Unable to download the Elastic Agent source files." info "Unable to download the Elastic Agent source files."
exit 1 fail_setup
fi fi
logCmd "tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/" logCmd "tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$SOVERSION.tar.gz -C /nsm/elastic-fleet/artifacts/beats/elastic-agent/"
@@ -1012,18 +1019,18 @@ installer_prereq_packages() {
if [ "$OS" == ubuntu ]; then if [ "$OS" == ubuntu ]; then
# Print message to stdout so the user knows setup is doing something # Print message to stdout so the user knows setup is doing something
info "Running apt-get update" info "Running apt-get update"
retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup
# Install network manager so we can do interface stuff # Install network manager so we can do interface stuff
if ! command -v nmcli > /dev/null 2>&1; then if ! command -v nmcli > /dev/null 2>&1; then
info "Installing network-manager" info "Installing network-manager"
retry 150 10 "apt-get -y install network-manager" >> "$setup_log" 2>&1 || exit 1 retry 150 10 "apt-get -y install network-manager" >> "$setup_log" 2>&1 || fail_setup
{ {
systemctl enable NetworkManager systemctl enable NetworkManager
systemctl start NetworkManager systemctl start NetworkManager
} >> "$setup_log" 2<&1 } >> "$setup_log" 2<&1
fi fi
if ! command -v curl > /dev/null 2>&1; then if ! command -v curl > /dev/null 2>&1; then
retry 150 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || exit 1 retry 150 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || fail_setup
fi fi
fi fi
} }
@@ -1746,7 +1753,7 @@ proxy_validate() {
error "Received error: $proxy_test_err" error "Received error: $proxy_test_err"
if [[ -n $TESTING ]]; then if [[ -n $TESTING ]]; then
error "Exiting setup" error "Exiting setup"
kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1 kill -SIGINT "$(ps --pid $$ -oppid=)"; fail_setup
fi fi
fi fi
return $ret return $ret
@@ -1817,7 +1824,7 @@ reinstall_init() {
# Stop the systemctl process trying to kill the service, show user a message, then exit setup # Stop the systemctl process trying to kill the service, show user a message, then exit setup
kill -9 $pid kill -9 $pid
exit 1 fail_setup
fi fi
sleep 5 sleep 5
@@ -2020,7 +2027,7 @@ saltify() {
SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //') SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //')
if [[ $is_ubuntu ]]; then if [[ $is_ubuntu ]]; then
DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || exit 1 DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || fail_setup
update-alternatives --install /usr/bin/python python /usr/bin/python3.8 10 update-alternatives --install /usr/bin/python python /usr/bin/python3.8 10
local pkg_arr=( local pkg_arr=(
'apache2-utils' 'apache2-utils'
@@ -2032,7 +2039,7 @@ saltify() {
'netcat' 'netcat'
'jq' 'jq'
) )
retry 150 20 "apt-get -y install ${pkg_arr[*]}" || exit 1 retry 150 20 "apt-get -y install ${pkg_arr[*]}" || fail_setup
logCmd "mkdir -vp /etc/apt/keyrings" logCmd "mkdir -vp /etc/apt/keyrings"
#logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub" #logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub"
@@ -2053,9 +2060,9 @@ saltify() {
# Ain't nothing but a GPG # Ain't nothing but a GPG
retry 150 20 "apt-get update" "" "Err:" || exit 1 retry 150 20 "apt-get update" "" "Err:" || fail_setup
retry 150 20 "apt-get -y install salt-common-$SALTVERSION salt-minion-$SALTVERSION" || exit 1 retry 150 20 "apt-get -y install salt-common-$SALTVERSION salt-minion-$SALTVERSION" || fail_setup
retry 150 20 "apt-mark hold salt-minion salt-common" || exit 1 retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup
#retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 #retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1
fi fi
@@ -2122,7 +2129,7 @@ set_main_ip() {
info "MAINIP=$MAINIP" info "MAINIP=$MAINIP"
info "MNIC_IP=$MNIC_IP" info "MNIC_IP=$MNIC_IP"
whiptail_error_message "The management IP could not be determined. Please check the log at /root/sosetup.log and verify the network configuration. Select OK to exit." whiptail_error_message "The management IP could not be determined. Please check the log at /root/sosetup.log and verify the network configuration. Select OK to exit."
exit 1 fail_setup
fi fi
sleep 1 sleep 1
done done
@@ -2372,13 +2379,13 @@ ubuntu_check() {
if [[ $OS == "ubuntu" ]]; then if [[ $OS == "ubuntu" ]]; then
if [[ $waitforstate ]]; then if [[ $waitforstate ]]; then
whiptail_ubuntu_notsupported whiptail_ubuntu_notsupported
exit 1 fail_setup
else else
if [[ $UBUNTUINSTALL == "needtoupgrade" ]]; then if [[ $UBUNTUINSTALL == "needtoupgrade" ]]; then
whiptail_ubuntu_warning whiptail_ubuntu_warning
else else
whiptail_ubuntu_notsupported whiptail_ubuntu_notsupported
exit 1 fail_setup
fi fi
fi fi
fi fi
@@ -2397,9 +2404,9 @@ update_packages() {
logCmd "dnf -y update --allowerasing --exclude=salt*,wazuh*,docker*,containerd*" logCmd "dnf -y update --allowerasing --exclude=salt*,wazuh*,docker*,containerd*"
else else
info "Running apt-get update" info "Running apt-get update"
retry 150 10 "apt-get -y update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 retry 150 10 "apt-get -y update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup
info "Running apt-get upgrade" info "Running apt-get upgrade"
retry 150 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1 retry 150 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || fail_setup
fi fi
} }
@@ -2445,7 +2452,7 @@ wait_for_file() {
} }
wait_for_salt_minion() { wait_for_salt_minion() {
retry 60 5 "journalctl -u salt-minion.service | grep 'Minion is ready to receive requests'" >> "$setup_log" 2>&1 || exit 1 retry 60 5 "journalctl -u salt-minion.service | grep 'Minion is ready to receive requests'" >> "$setup_log" 2>&1 || fail_setup
} }
verify_setup() { verify_setup() {

10
setup/so-setup
View File

@@ -10,13 +10,13 @@
uid="$(id -u)" uid="$(id -u)"
if [ "$uid" -ne 0 ]; then if [ "$uid" -ne 0 ]; then
echo "This script must be run using sudo!" echo "This script must be run using sudo!"
exit 1 fail_setup
fi fi
# Save the original argument array since we modify it # Save the original argument array since we modify it
original_args=("$@") original_args=("$@")
cd "$(dirname "$0")" || exit 255 cd "$(dirname "$0")" || fail_setup
echo "Getting started..." echo "Getting started..."
@@ -82,7 +82,7 @@ if [[ "$setup_type" == 'iso' ]]; then
is_iso=true is_iso=true
else else
echo "Only use 'so-setup iso' for an ISO install on Security Onion ISO images. Please run 'so-setup network' instead." echo "Only use 'so-setup iso' for an ISO install on Security Onion ISO images. Please run 'so-setup network' instead."
exit 1 fail_setup
fi fi
fi fi
@@ -161,7 +161,7 @@ catch() {
info "Fatal error occurred at $1 in so-setup, failing setup." info "Fatal error occurred at $1 in so-setup, failing setup."
grep --color=never "ERROR" "$setup_log" > "$error_log" grep --color=never "ERROR" "$setup_log" > "$error_log"
whiptail_setup_failed whiptail_setup_failed
exit 1 fail_setup
} }
# Add the progress function for manager node type installs # Add the progress function for manager node type installs
@@ -236,7 +236,7 @@ case "$setup_type" in
;; ;;
*) *)
error "Invalid install type, must be 'iso', 'network' or 'analyst'." error "Invalid install type, must be 'iso', 'network' or 'analyst'."
exit 1 fail_setup
;; ;;
esac esac