From 67e0d450e4c896a48d8fef869d8edd3a402ed83b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 15 Mar 2021 17:32:36 -0400 Subject: [PATCH] Add Elastic License Prompts --- salt/common/tools/sbin/so-common | 58 ++++++++++++++++++++++++++++++++ salt/common/tools/sbin/soup | 15 ++------- setup/so-setup | 5 ++- 3 files changed, 62 insertions(+), 16 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index b76ad05ff..a62e654cc 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -86,6 +86,19 @@ add_interface_bond0() { fi } +check_airgap() { + # See if this is an airgap install + AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap: | awk '{print $2}') + if [[ "$AIRGAP" == "True" ]]; then + is_airgap=0 + UPDATE_DIR=/tmp/soagupdate/SecurityOnion + AGDOCKER=/tmp/soagupdate/docker + AGREPO=/tmp/soagupdate/Packages + else + is_airgap=1 + fi +} + check_container() { docker ps | grep "$1:" > /dev/null 2>&1 return $? @@ -97,6 +110,45 @@ check_password() { return $? } +check_elastic_license() { + + [ -n "$TESTING" ] && return + + # See if the user has already accepted the license + if [ ! -f /opt/so/state/yeselastic.txt ] + elastic_license + else + echo "Elastic License has already been accepted" + fi +} + +elastic_license() { + +read -r -d '' message <<- EOM +\n +Security Onion now uses the Elastic Stack binaries that fall under the Elastic license. + +Please review the Elastic license: +https://raw.githubusercontent.com/elastic/elasticsearch/master/licenses/ELASTIC-LICENSE.txt + +Do you agree to the terms of the Elastic license? + +If so, type AGREE to accept the Elastic license and continue. Otherwise, press Enter to exit this program without making any changes. +EOM + +AGREED=$(whiptail --title "Security Onion Setup" --inputbox \ +"$message" 20 75) + +if [ "$AGREED" = 'AGREE' ]; then + mkdir -p /opt/so/state + touch /opt/so/state/yeselastic.txt +else + echo "Starting in 2.3.40 you must accept the Elastic license if you want to run Security Onion." + exit 1 +fi + +} + fail() { msg=$1 echo "ERROR: $msg" @@ -250,6 +302,12 @@ set_minionid() { MINIONID=$(lookup_grain id) } +set_palette() { + if [ "$OS" == ubuntu ]; then + update-alternatives --set newt-palette /etc/newt/palette.original + fi +} + set_version() { CURRENTVERSION=0.0.0 if [ -f /etc/soversion ]; then diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index c70726210..2a121d602 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -102,19 +102,6 @@ update_registry() { salt-call state.apply registry queue=True } -check_airgap() { - # See if this is an airgap install - AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap: | awk '{print $2}') - if [[ "$AIRGAP" == "True" ]]; then - is_airgap=0 - UPDATE_DIR=/tmp/soagupdate/SecurityOnion - AGDOCKER=/tmp/soagupdate/docker - AGREPO=/tmp/soagupdate/Packages - else - is_airgap=1 - fi -} - check_sudoers() { if grep -q "so-setup" /etc/sudoers; then echo "There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"." @@ -591,6 +578,8 @@ check_airgap echo "Found that Security Onion $INSTALLEDVERSION is currently installed." echo "" set_os +set_palette +check_elastic_license echo "" if [ $is_airgap -eq 0 ]; then # Let's mount the ISO since this is airgap diff --git a/setup/so-setup b/setup/so-setup index 0af49af53..eaf7c7657 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -156,10 +156,8 @@ export PATH=$PATH:$local_sbin installer_prereq_packages && detect_cloud set_network_dev_status_list +set_palette >> $setup_log 2>&1 -if [ "$OS" == ubuntu ]; then - update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1 -fi # Kernel messages can overwrite whiptail screen #812 # https://github.com/Security-Onion-Solutions/securityonion/issues/812 @@ -251,6 +249,7 @@ fi # Check if this is an airgap install if [[ ( $is_manager || $is_import ) && $is_iso ]]; then + check_elastic_license whiptail_airgap if [[ "$INTERWEBS" == 'AIRGAP' ]]; then is_airgap=true