Merge pull request #1405 from Security-Onion-Solutions/feature/setup-cleanup

Feature/setup cleanup
2025-12-06 17:22:49 +01:00 · 2020-09-28 09:47:52 -04:00
parent 3904295137 3b9de2b7ca
commit 66b7678df8
3 changed files with 30 additions and 7 deletions
--- a/salt/common/tools/sbin/so-zeek-logs
+++ b/salt/common/tools/sbin/so-zeek-logs
@@ -2,17 +2,14 @@
 local_salt_dir=/opt/so/saltstack/local

 zeek_logs_enabled() {
-
  echo "zeeklogs:" > $local_salt_dir/pillar/zeeklogs.sls
  echo "  enabled:" >> $local_salt_dir/pillar/zeeklogs.sls
-  for BLOG in ${BLOGS[@]}; do
+  for BLOG in "${BLOGS[@]}"; do
    echo "    - $BLOG" | tr -d '"' >> $local_salt_dir/pillar/zeeklogs.sls
  done
-
 }

 whiptail_manager_adv_service_zeeklogs() {
-
  BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 78 12 \
  "conn" "Connection Logging" ON \
  "dce_rpc" "RPC Logs" ON \
@@ -52,7 +49,25 @@ whiptail_manager_adv_service_zeeklogs() {
  "mysql" "MySQL Logs" ON \
  "socks" "SOCKS Logs" ON \
  "x509" "x.509 Logs" ON 3>&1 1>&2 2>&3 )
+  
+  local exitstatus=$?
+
+  IFS=' ' read -ra BLOGS <<< "$BLOGS"
+
+  return $exitstatus
 }

 whiptail_manager_adv_service_zeeklogs
-zeek_logs_enabled
+return_code=$?
+case $return_code in
+  1)
+    whiptail --title "Security Onion Setup" --msgbox "Cancelling. No changes have been made." 8 75
+    ;;
+  255)
+    whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting." 8 75
+    ;;
+  *)
+    zeek_logs_enabled
+    ;;
+esac
+
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -745,6 +745,14 @@ disable_auto_start() {
 	fi
 }

+disable_ipv6() {
+	{
+		info "Disabling ipv6"
+		sysctl -w net.ipv6.conf.all.disable_ipv6=1
+		sysctl -w net.ipv6.conf.default.disable_ipv6=1
+	}  >> "$setup_log" 2>&1
+}
+
 disable_misc_network_features() {
 	filter_unused_nics
 	if [ ${#filtered_nics[@]} -ne 0 ]; then
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -138,7 +138,7 @@ if [ "$automated" == no ]; then
 	fi
 fi

-if [ "$setup_type" == 'iso' ] || (whiptail_you_sure); then
+if (whiptail_you_sure); then
 	true
 else
 	echo "User cancelled setup." | tee $setup_log
@@ -423,9 +423,9 @@ if [[ "$setup_type" == 'iso' ]]; then
 	set_management_interface
 fi

+disable_ipv6
 disable_auto_start

-
 {
 	set_hostname;
 	set_version;