From d76a4b13591eecb32ef71ca870c85f596116827f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 25 Sep 2020 14:59:27 -0400 Subject: [PATCH 1/6] Show welcome screen on both iso and network installs --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 9c15c935c..775af235f 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -138,7 +138,7 @@ if [ "$automated" == no ]; then fi fi -if [ "$setup_type" == 'iso' ] || (whiptail_you_sure); then +if (whiptail_you_sure); then true else echo "User cancelled setup." | tee $setup_log From 9acf610262f63b3803169fd16fec88abde10374c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 25 Sep 2020 16:10:26 -0400 Subject: [PATCH 2/6] Also disable ipv6 for install --- setup/so-functions | 8 ++++++++ setup/so-setup | 1 + 2 files changed, 9 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 44cca3a82..18c2febfc 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -745,6 +745,14 @@ disable_auto_start() { fi } +disable_ipv6() { + { + info "Disabling ipv6" + sysctl -w net.ipv6.conf.all.disable_ipv6=1 + sysctl -w net.ipv6.conf.default.disable_ipv6=1 + } >> "$setup_log" 2>&1 +} + disable_misc_network_features() { filter_unused_nics if [ ${#filtered_nics[@]} -ne 0 ]; then diff --git a/setup/so-setup b/setup/so-setup index 775af235f..a5af59eeb 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -462,6 +462,7 @@ fi # Set initial percentage to 0 export percentage=0 set_path + disable_ipv6 if [[ $is_manager && $is_airgap ]]; then info "Creating airgap repo" From dc330a774e907a4f04527cc245789ada1989d646 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 25 Sep 2020 16:30:16 -0400 Subject: [PATCH 3/6] Exit so-zeek-logs if user cancels --- salt/common/tools/sbin/so-zeek-logs | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-zeek-logs b/salt/common/tools/sbin/so-zeek-logs index 353eece1e..6d661dc1f 100755 --- a/salt/common/tools/sbin/so-zeek-logs +++ b/salt/common/tools/sbin/so-zeek-logs @@ -5,14 +5,26 @@ zeek_logs_enabled() { echo "zeeklogs:" > $local_salt_dir/pillar/zeeklogs.sls echo " enabled:" >> $local_salt_dir/pillar/zeeklogs.sls - for BLOG in ${BLOGS[@]}; do + for BLOG in "${BLOGS[@]}"; do echo " - $BLOG" | tr -d '"' >> $local_salt_dir/pillar/zeeklogs.sls done } -whiptail_manager_adv_service_zeeklogs() { +whiptail_check_exitstatus() { + case $1 in + 1) + whiptail --title "Security Onion Setup" --msgbox "Cancelling. No changes have been made." 8 75 + exit + ;; + 255) + whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75 + exit + ;; + esac +} +whiptail_manager_adv_service_zeeklogs() { BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 78 12 \ "conn" "Connection Logging" ON \ "dce_rpc" "RPC Logs" ON \ @@ -52,6 +64,9 @@ whiptail_manager_adv_service_zeeklogs() { "mysql" "MySQL Logs" ON \ "socks" "SOCKS Logs" ON \ "x509" "x.509 Logs" ON 3>&1 1>&2 2>&3 ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_manager_adv_service_zeeklogs From 05729d216a2d633e0e0cbb1d61b6197e7e4e4560 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 28 Sep 2020 08:45:59 -0400 Subject: [PATCH 4/6] Don't direct user to check log in so-zeek-log, none exists --- salt/common/tools/sbin/so-zeek-logs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-zeek-logs b/salt/common/tools/sbin/so-zeek-logs index 6d661dc1f..0e74e54bf 100755 --- a/salt/common/tools/sbin/so-zeek-logs +++ b/salt/common/tools/sbin/so-zeek-logs @@ -18,7 +18,7 @@ whiptail_check_exitstatus() { exit ;; 255) - whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75 + whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting." 8 75 exit ;; esac From a60bf11daa1893f21b9a96cc393e5e09b481180e Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 28 Sep 2020 09:11:50 -0400 Subject: [PATCH 5/6] Make sure zeek log is only written on whiptail success --- salt/common/tools/sbin/so-zeek-logs | 34 ++++++++++++++--------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/salt/common/tools/sbin/so-zeek-logs b/salt/common/tools/sbin/so-zeek-logs index 0e74e54bf..551213580 100755 --- a/salt/common/tools/sbin/so-zeek-logs +++ b/salt/common/tools/sbin/so-zeek-logs @@ -2,26 +2,11 @@ local_salt_dir=/opt/so/saltstack/local zeek_logs_enabled() { - echo "zeeklogs:" > $local_salt_dir/pillar/zeeklogs.sls echo " enabled:" >> $local_salt_dir/pillar/zeeklogs.sls for BLOG in "${BLOGS[@]}"; do echo " - $BLOG" | tr -d '"' >> $local_salt_dir/pillar/zeeklogs.sls done - -} - -whiptail_check_exitstatus() { - case $1 in - 1) - whiptail --title "Security Onion Setup" --msgbox "Cancelling. No changes have been made." 8 75 - exit - ;; - 255) - whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting." 8 75 - exit - ;; - esac } whiptail_manager_adv_service_zeeklogs() { @@ -66,8 +51,23 @@ whiptail_manager_adv_service_zeeklogs() { "x509" "x.509 Logs" ON 3>&1 1>&2 2>&3 ) local exitstatus=$? - whiptail_check_exitstatus $exitstatus + + IFS=' ' read -ra BLOGS <<< "$BLOGS" + + return $exitstatus } whiptail_manager_adv_service_zeeklogs -zeek_logs_enabled +return_code=$? +case $return_code in + 1) + whiptail --title "Security Onion Setup" --msgbox "Cancelling. No changes have been made." 8 75 + ;; + 255) + whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting." 8 75 + ;; + *) + zeek_logs_enabled + ;; +esac + From 3b9de2b7cab7a448ae60f83f3b4045ea7a7a0833 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 28 Sep 2020 09:14:45 -0400 Subject: [PATCH 6/6] Disable ipv6 earlier in setup --- setup/so-setup | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index a5af59eeb..3c2a6e94d 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -423,9 +423,9 @@ if [[ "$setup_type" == 'iso' ]]; then set_management_interface fi +disable_ipv6 disable_auto_start - { set_hostname; set_version; @@ -462,7 +462,6 @@ fi # Set initial percentage to 0 export percentage=0 set_path - disable_ipv6 if [[ $is_manager && $is_airgap ]]; then info "Creating airgap repo"