CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Initial Support

Browse Source
This commit is contained in:
Mike Reeves
2023-06-26 19:20:40 -04:00
parent 9de8814412
commit 6787b97c6a
2 changed files with 35 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
setup/so-functions
View File

@@ -950,6 +950,11 @@ detect_os() {
OSVER=9 OSVER=9
is_rocky=true is_rocky=true
pkgman="dnf" pkgman="dnf"
elif grep -q "CentOS Stream release 9" /etc/redhat-release; then
OS=centos
OSVER=9
is_centos=true
pkgman=dnf
else else
info "We do not support the operating system you are trying to use." info "We do not support the operating system you are trying to use."
fail_setup fail_setup
@@ -1848,7 +1853,7 @@ reset_proxy() {
[[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig [[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig
if [[ $is_rocky ]]; then if [[ $is_rocky || $is_centos ]]; then
sed -i "/proxy=/d" /etc/dnf/dnf.conf sed -i "/proxy=/d" /etc/dnf/dnf.conf
else else
[[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf [[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf
@@ -1894,7 +1899,7 @@ drop_install_options() {
remove_package() { remove_package() {
local package_name=$1 local package_name=$1
if [[ $is_rocky ]]; then if [[ $is_rocky || $is_centos ]]; then
if rpm -qa | grep -q "$package_name"; then if rpm -qa | grep -q "$package_name"; then
logCmd "dnf remove -y $package_name" logCmd "dnf remove -y $package_name"
fi fi
@@ -1915,7 +1920,7 @@ remove_package() {
securityonion_repo() { securityonion_repo() {
# Remove all the current repos # Remove all the current repos
if [[ $is_rocky ]]; then if [[ $is_rocky || $is_centos ]]; then
logCmd "dnf -v clean all" logCmd "dnf -v clean all"
logCmd "mkdir -vp /root/oldrepos" logCmd "mkdir -vp /root/oldrepos"
logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/" logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
@@ -1940,10 +1945,15 @@ securityonion_repo() {
# update this package because the repo config files get added back # update this package because the repo config files get added back
# if the package is updated when the update_packages function is called # if the package is updated when the update_packages function is called
if [ -f "/etc/yum.repos.d/rocky.repo" ]; then if [ -f "/etc/yum.repos.d/rocky.repo" ]; then
info "Backing up the .repo files that were added by the centos-release package." info "Backing up the .repo files that were added by the rocky-release package."
logCmd "mv -bvf /etc/yum.repos.d/rocky* /root/oldrepos/" logCmd "mv -bvf /etc/yum.repos.d/rocky* /root/oldrepos/"
logCmd "dnf repolist all" logCmd "dnf repolist all"
fi fi
if [ -f "/etc/yum.repos.d/centos.repo" ]; then
info "Backing up the .repo files that were added by the centos-release package."
logCmd "mv -bvf /etc/yum.repos.d/centos* /root/oldrepos/"
logCmd "dnf repolist all"
fi
if [[ $waitforstate ]]; then if [[ $waitforstate ]]; then
if [[ ! $is_airgap ]]; then if [[ ! $is_airgap ]]; then
# Build the repo locally so we can use it # Build the repo locally so we can use it
@@ -1960,8 +1970,13 @@ repo_sync_local() {
info "Backing up old repos" info "Backing up old repos"
mkdir -p /nsm/repo mkdir -p /nsm/repo
mkdir -p /opt/so/conf/reposync/cache mkdir -p /opt/so/conf/reposync/cache
if [[ $is_rocky ]]; then
echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt
echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt
else
echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt
echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt
fi
echo "[main]" > /opt/so/conf/reposync/repodownload.conf echo "[main]" > /opt/so/conf/reposync/repodownload.conf
echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
@@ -1972,7 +1987,6 @@ repo_sync_local() {
echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
echo "#baseurl=https://repo.securityonion.net/file/so-repo/2.4/" >> /opt/so/conf/reposync/repodownload.conf
echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf
echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
@@ -2032,7 +2046,7 @@ saltify() {
fi fi
if [[ $is_rocky ]]; then if [[ $is_rocky || $is_centos ]]; then
if [[ $waitforstate ]]; then if [[ $waitforstate ]]; then
# install all for a manager # install all for a manager
logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION" logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION"
@@ -2170,7 +2184,7 @@ set_proxy() {
"}" > /root/.docker/config.json "}" > /root/.docker/config.json
# Set proxy for package manager # Set proxy for package manager
if [[ $is_rocky ]]; then if [[ $is_rocky | $is_centos ]]; then
echo "proxy=$so_proxy" >> /etc/yum.conf echo "proxy=$so_proxy" >> /etc/yum.conf
else else
# Set it up so the updates roll through the manager # Set it up so the updates roll through the manager
@@ -2365,11 +2379,16 @@ update_sudoers_for_testing() {
} }
update_packages() { update_packages() {
if [[ $is_rocky ]]; then if [[ $is_rocky || $is_centos ]]; then
logCmd "dnf repolist" logCmd "dnf repolist"
logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*"
if [[ $is_rocky ]]; then
RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo") RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo")
info "Removing repo files added by rocky-repos package update" info "Removing repo files added by rocky-repos package update"
else
RMREPOFILES=("centos-addons.repo" "centos-devel.repo" "centos-extras.repo" "centos.repo")
info "Removing repo files added by centos-repos package update"
fi
for FILE in ${RMREPOFILES[@]}; do for FILE in ${RMREPOFILES[@]}; do
logCmd "rm -f /etc/yum.repos.d/$FILE" logCmd "rm -f /etc/yum.repos.d/$FILE"
done done

6
setup/so-setup
View File

@@ -91,8 +91,10 @@ if [[ $is_desktop ]]; then
title "This is a desktop install" title "This is a desktop install"
# Make sure it's CentOS or Rocky Linux # Make sure it's CentOS or Rocky Linux
if [[ ! $is_rocky ]]; then if [[ $is_rocky || $is_centos ]]; then
info "Security Onion Desktop is only supported on Rocky Linux 9" info "Security Onion Desktop is supported on this OS."
else
info "Security Onion Desktop is not supported on this OS."
exit 1 exit 1
fi fi