From 6ca5827ce6f080550bbf22e00f760b521d53150c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Sat, 18 Apr 2020 18:23:27 -0400 Subject: [PATCH] [refactor] Use = instead of ==, more printf changes --- setup/so-functions | 347 ++++++++++++++++++++++----------------------- 1 file changed, 167 insertions(+), 180 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index b0d7d24f0..fc925e0a1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -64,7 +64,7 @@ so_add_user() { groupadd --gid "$3" "$1" - if [ "$5" == 0 ]; then + if [ "$5" = 0 ]; then useradd --uid "$2" --gid "$3" --home-dir "$4" --no-create-home "$1" else useradd --uid "$2" --gid "$3" --home-dir "$4" "$1" @@ -133,7 +133,7 @@ bro_logs_enabled() { echo "brologs:" > pillar/brologs.sls echo " enabled:" >> pillar/brologs.sls - if [ "$MASTERADV" == 'ADVANCED' ]; then + if [ "$MASTERADV" = 'ADVANCED' ]; then for BLOG in "${BLOGS[@]}"; do echo " - $BLOG" | tr -d '"' >> pillar/brologs.sls done @@ -201,15 +201,17 @@ check_admin_pass() { check_hive_init_then_reboot() { WAIT_STEP=0 MAX_WAIT=100 + until [ -f /opt/so/state/thehive.txt ] ; do - WAIT_STEP=$(( WAIT_STEP + 1 )) - echo "Waiting on the_hive to init ($WAIT_STEP/$MAX_WAIT)..." + WAIT_STEP=$(( WAIT_STEP + 1 )) + echo "Waiting on the_hive to init ($WAIT_STEP/$MAX_WAIT)..." if [ ${WAIT_STEP} -gt ${MAX_WAIT} ]; then echo "ERROR: We waited ${MAX_WAIT} seconds but the_hive is not working." return 5 fi sleep 1s; done + docker stop so-thehive docker rm so-thehive shutdown -r now @@ -243,7 +245,7 @@ check_network_manager_conf() { # $2 => confirm password # $3 => variable to set check_pass_match() { - if [ "$1" == "$2" ]; then + if [ "$1" = "$2" ]; then eval "$3"="\"yes\"" else whiptail_passwords_dont_match @@ -347,7 +349,7 @@ configure_minion() { copy_master_config() { # Copy the master config template to the proper directory - if [ "$INSTALLMETHOD" == 'iso' ]; then + if [ "$INSTALLMETHOD" = 'iso' ]; then cp /root/SecurityOnion/files/master /etc/salt/master else cp "$SCRIPTDIR"/../files/master /etc/salt/master @@ -434,7 +436,6 @@ create_sensor_bond() { # Check if the bond slave connection has already been created if ! [[ $(nmcli -f name,uuid -p con | sed -n "s/bond0-slave-$BONDNIC //p" | tr -d ' ') ]]; then # Create the slave interface and assign it to the bond - nmcli con add type ethernet ifname "$BONDNIC" con-name "bond0-slave-$BONDNIC" master bond0 -- \ ethernet.mtu $MTU \ connection.autoconnect "yes" >> "$SETUPLOG" 2>&1 @@ -462,7 +463,7 @@ detect_os() { echo "We currently do not support CentOS $OSVER but we are working on it!" exit else - echo "We do not support the version of CentOS you are trying to use" + echo "We do not support the version of CentOS you are trying to use." exit fi @@ -477,7 +478,7 @@ detect_os() { elif grep -q "UBUNTU_CODENAME=xenial" /etc/os-release; then OSVER=xenial else - echo "We do not support your current version of Ubuntu" + echo "We do not support your current version of Ubuntu." exit fi # Install network manager so we can do interface stuff @@ -488,7 +489,7 @@ detect_os() { } >> "$SETUPLOG" 2<&1 else - echo "We were unable to determine if you are using a supported OS." >> "$SETUPLOG" 2>&1 + echo "We were unable to determine if you are using a supported OS." exit fi @@ -522,7 +523,7 @@ disable_misc_network_features() { docker_install() { - if [ $OS == 'centos' ]; then + if [ $OS = 'centos' ]; then yum clean expire-cache yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum -y update @@ -630,14 +631,14 @@ es_heapsize() { # Determine ES Heap Size if [ "$TOTAL_MEM" -lt 8000 ] ; then - ES_HEAP_SIZE="600m" + ES_HEAP_SIZE="600m" elif [ "$TOTAL_MEM" -ge 100000 ]; then - # Set a max of 25GB for heap size - # https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html - ES_HEAP_SIZE="25000m" + # Set a max of 25GB for heap size + # https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html + ES_HEAP_SIZE="25000m" else - # Set heap size to 25% of available memory - ES_HEAP_SIZE=$(( TOTAL_MEM / 4 ))"m" + # Set heap size to 25% of available memory + ES_HEAP_SIZE=$(( TOTAL_MEM / 4 ))"m" fi } @@ -721,7 +722,7 @@ get_main_ip() { # Get the main IP address the box is using # Add some logic because Bubntu 18.04 like to be different - if [ $OSVER == 'bionic' ]; then + if [ $OSVER = 'bionic' ]; then MAINIP=$(ip route get 1 | awk '{print $7;exit}') else MAINIP=$(ip route get 1 | awk '{print $NF;exit}') @@ -734,7 +735,7 @@ get_main_ip() { get_redirect() { whiptail_set_redirect_info whiptail_set_redirect - if [ "$REDIRECTINFO" == "OTHER" ]; then + if [ "$REDIRECTINFO" = "OTHER" ]; then whiptail_set_redirect_host fi } @@ -768,16 +769,7 @@ install_prep() { install_master() { # Install the salt master package - if [ $OS == 'centos' ]; then - #yum -y install wget salt-common salt-master python36-mysql python36-dateutil python36-m2crypto >> "$SETUPLOG" 2>&1 - echo "" - # Create a place for the keys for Ubuntu minions - #mkdir -p /opt/so/gpg - #wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub - #wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg - #wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH - - else + if [ $OS != 'centos' ]; then if [ $OSVER != "xenial" ]; then apt-get install -y salt-common=2019.2.3+ds-1 salt-master=2019.2.3+ds-1 salt-minion=2019.2.3+ds-1 libssl-dev python-m2crypto apt-mark hold salt-common salt-master salt-minion @@ -794,9 +786,9 @@ install_master() { ls_heapsize() { # Determine LS Heap Size - if [ $TOTAL_MEM -ge 32000 ] || [ $INSTALLTYPE == 'MASTERSEARCH' ] || [ $INSTALLTYPE == 'HEAVYNODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then + if [ "$TOTAL_MEM" -ge 32000 ] || [ "$INSTALLTYPE" = 'MASTERSEARCH' ] || [ "$INSTALLTYPE" = 'HEAVYNODE' ] || [ "$INSTALLTYPE" = 'HELIXSENSOR' ]; then LS_HEAP_SIZE="1000m" - elif [ $INSTALLTYPE == 'EVAL' ]; then + elif [ "$INSTALLTYPE" = 'EVAL' ]; then LS_HEAP_SIZE="700m" else # If minimal RAM, then set minimal heap @@ -807,96 +799,94 @@ ls_heapsize() { master_pillar() { - PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls + PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls - # Create the master pillar - echo "master:" >> $PILLARFILE - echo " mainip: $MAINIP" >> $PILLARFILE - echo " mainint: $MAININT" >> $PILLARFILE - echo " esheap: $ES_HEAP_SIZE" >> $PILLARFILE - echo " esclustername: {{ grains.host }}" >> $PILLARFILE - if [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then - echo " freq: 0" >> $PILLARFILE - echo " domainstats: 0" >> $PILLARFILE - echo " ls_pipeline_batch_size: 125" >> $PILLARFILE - echo " ls_input_threads: 1" >> $PILLARFILE - echo " ls_batch_count: 125" >> $PILLARFILE - echo " mtu: 1500" >> $PILLARFILE + # Create the master pillar + printf '%s\n'\ + "master:"\ + " mainip: $MAINIP"\ + " esheap: $ES_HEAP_SIZE"\ + " esclustername: {{ grains.host }}"\ + " freq: 0"\ + " domainstats: 0" >> "$PILLARFILE" - else - echo " freq: 0" >> $PILLARFILE - echo " domainstats: 0" >> $PILLARFILE - fi - echo " lsheap: $LS_HEAP_SIZE" >> $PILLARFILE - echo " lsaccessip: 127.0.0.1" >> $PILLARFILE - echo " elastalert: 1" >> $PILLARFILE - echo " ls_pipeline_workers: $CPUCORES" >> $PILLARFILE - echo " nids_rules: $RULESETUP" >> $PILLARFILE - echo " oinkcode: $OINKCODE" >> $PILLARFILE - #echo " access_key: $ACCESS_KEY" >> $PILLARFILE - #echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE - echo " es_port: $NODE_ES_PORT" >> $PILLARFILE - echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE - echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE - #echo " mysqlpass: $MYSQLPASS" >> $PILLARFILE - #echo " fleetpass: $FLEETPASS" >> $PILLARFILE - echo " grafana: $GRAFANA" >> $PILLARFILE - echo " osquery: $OSQUERY" >> $PILLARFILE - echo " wazuh: $WAZUH" >> $PILLARFILE - echo " thehive: $THEHIVE" >> $PILLARFILE - echo " playbook: $PLAYBOOK" >> $PILLARFILE - echo " strelka: $STRELKA" >> $PILLARFILE - echo "" >> $PILLARFILE - echo "kratos:" >> $PILLARFILE - if [[ $REDIRECTINFO == 'OTHER' ]]; then - REDIRECTIT=$REDIRECT - elif [[ $REDIRECTINFO == 'IP' ]]; then - REDIRECTIT=$MAINIP - elif [[ $REDIRECTINFO == 'HOSTNAME' ]]; then - REDIRECTIT=$HOSTNAME - fi - echo " kratoskey: $KRATOSKEY" >> $PILLARFILE - echo " redirect: $REDIRECTIT" >> $PILLARFILE - echo "" >> $PILLARFILE + if [ "$INSTALLTYPE" = 'EVAL' ] || [ "$INSTALLTYPE" = 'HELIXSENSOR' ] || [ "$INSTALLTYPE" = 'MASTERSEARCH' ]; then + printf '%s\n'\ + " ls_pipeline_batch_size: 125"\ + " ls_input_threads: 1"\ + " ls_batch_count: 125"\ + " mtu: $MTU" >> "$PILLARFILE" + fi + printf '%s\n'\ + " lsheap: $LS_HEAP_SIZE"\ + " lsaccessip: 127.0.0.1"\ + " elastalert: 1"\ + " ls_pipeline_workers: $CPUCORES"\ + " nids_rules: $RULESETUP"\ + " oinkcode: $OINKCODE"\ + " es_port: $NODE_ES_PORT"\ + " log_size_limit: $LOG_SIZE_LIMIT"\ + " cur_close_days: $CURCLOSEDAYS"\ + " grafana: $GRAFANA"\ + " osquery: $OSQUERY"\ + " wazuh: $WAZUH"\ + " thehive: $THEHIVE"\ + " playbook: $PLAYBOOK"\ + " strelka: $STRELKA"\ + ""\ + "kratos:" >> "$PILLARFILE" + + case $REDIRECTINFO in + 'IP') + REDIRECTIT="$MAINIP" + ;; + 'HOSTNAME') + REDIRECTIT=$HOSTNAME + ;; + *) + REDIRECTIT="$REDIRECT" + ;; + esac + + printf '%s\n'\ + " kratoskey: $KRATOSKEY"\ + " redirect: $REDIRECTIT"\ + "" >> "$PILLARFILE" } master_static() { + local static_pillar="/opt/so/saltstack/pillar/static.sls" - # Create a static file for global values - touch /opt/so/saltstack/pillar/static.sls - - echo "static:" > /opt/so/saltstack/pillar/static.sls - echo " soversion: HH$SOVERSION" >> /opt/so/saltstack/pillar/static.sls - echo " hnmaster: $HNMASTER" >> /opt/so/saltstack/pillar/static.sls - echo " ntpserver: $NTPSERVER" >> /opt/so/saltstack/pillar/static.sls - echo " proxy: $PROXY" >> /opt/so/saltstack/pillar/static.sls - echo " broversion: $BROVERSION" >> /opt/so/saltstack/pillar/static.sls - echo " ids: $NIDS" >> /opt/so/saltstack/pillar/static.sls - echo " masterip: $MAINIP" >> /opt/so/saltstack/pillar/static.sls - echo " hiveuser: hiveadmin" >> /opt/so/saltstack/pillar/static.sls - echo " hivepassword: hivechangeme" >> /opt/so/saltstack/pillar/static.sls - echo " hivekey: $HIVEKEY" >> /opt/so/saltstack/pillar/static.sls - echo " cortexuser: cortexadmin" >> /opt/so/saltstack/pillar/static.sls - echo " cortexpassword: cortexchangeme" >> /opt/so/saltstack/pillar/static.sls - echo " cortexkey: $CORTEXKEY" >> /opt/so/saltstack/pillar/static.sls - echo " cortexorgname: SecurityOnion" >> /opt/so/saltstack/pillar/static.sls - echo " cortexorguser: soadmin" >> /opt/so/saltstack/pillar/static.sls - echo " cortexorguserkey: $CORTEXORGUSERKEY" >> /opt/so/saltstack/pillar/static.sls - echo " fleet_master: False" >> /opt/so/saltstack/pillar/static.sls - echo " fleet_node: False" >> /opt/so/saltstack/pillar/static.sls - echo " fleet_packages-timestamp: N/A" >> /opt/so/saltstack/pillar/static.sls - echo " fleet_hostname: N/A" >> /opt/so/saltstack/pillar/static.sls - echo " fleet_ip: N/A" >> /opt/so/saltstack/pillar/static.sls - echo " sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls - if [[ $MASTERUPDATES == 'MASTER' ]]; then - echo " masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls - else - echo " masterupdate: 0" >> /opt/so/saltstack/pillar/static.sls - fi - echo "elastic:" >> /opt/so/saltstack/pillar/static.sls - echo " features: False" >> /opt/so/saltstack/pillar/static.sls + # Create a static file for global values + printf '%s\n'\ + "static:"\ + " soversion: HH$SOVERSION"\ + " hnmaster: $HNMASTER"\ + " ntpserver: $NTPSERVER"\ + " proxy: $PROXY"\ + " broversion: $BROVERSION"\ + " ids: $NIDS"\ + " masterip: $MAINIP"\ + " hiveuser: hiveadmin"\ + " hivepassword: hivechangeme"\ + " hivekey: $HIVEKEY"\ + " cortexuser: cortexadmin"\ + " cortexpassword: cortexchangeme"\ + " cortexkey: $CORTEXKEY"\ + " cortexorgname: SecurityOnion"\ + " cortexorguser: soadmin"\ + " cortexorguserkey: $CORTEXORGUSERKEY"\ + " fleet_master: False"\ + " fleet_node: False"\ + " fleet_packages-timestamp: N/A"\ + " fleet_hostname: N/A"\ + " fleet_ip: N/A"\ + " sensoronikey: $SENSORONIKEY" + " masterupdate: $MASTERUPDATES" > "$static_pillar" + echo "elastic:" >> /opt/so/saltstack/pillar/static.sls + echo " features: False" >> /opt/so/saltstack/pillar/static.sls } minio_generate_keys() { @@ -933,55 +923,55 @@ network_setup() { node_pillar() { - PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls + local PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls # Create the node pillar - echo "node:" >> $PILLARFILE - echo " mainip: $MAINIP" >> $PILLARFILE - echo " mainint: $MAININT" >> $PILLARFILE - echo " esheap: $NODE_ES_HEAP_SIZE" >> $PILLARFILE - echo " esclustername: {{ grains.host }}" >> $PILLARFILE - echo " lsheap: $NODE_LS_HEAP_SIZE" >> $PILLARFILE - echo " ls_pipeline_workers: $LSPIPELINEWORKERS" >> $PILLARFILE - echo " ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $PILLARFILE - echo " ls_input_threads: $LSINPUTTHREADS" >> $PILLARFILE - echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $PILLARFILE - echo " es_shard_count: $SHARDCOUNT" >> $PILLARFILE - echo " node_type: $NODETYPE" >> $PILLARFILE - echo " es_port: $NODE_ES_PORT" >> $PILLARFILE - echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE - echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE - echo "" >> $PILLARFILE + printf '%s\n'\ + "node:"\ + " mainip: $MAINIP"\ + " mainint: $MAININT"\ + " esheap: $NODE_ES_HEAP_SIZE"\ + " esclustername: {{ grains.host }}"\ + " lsheap: $NODE_LS_HEAP_SIZE"\ + " ls_pipeline_workers: $LSPIPELINEWORKERS"\ + " ls_pipeline_batch_size: $LSPIPELINEBATCH"\ + " ls_input_threads: $LSINPUTTHREADS"\ + " ls_batch_count: $LSINPUTBATCHCOUNT"\ + " es_shard_count: $SHARDCOUNT"\ + " node_type: $NODETYPE"\ + " es_port: $NODE_ES_PORT"\ + " log_size_limit: $LOG_SIZE_LIMIT"\ + " cur_close_days: $CURCLOSEDAYS"\ + "" >> "$PILLARFILE" } patch_pillar() { - PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls + local PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls - echo "" >> $PILLARFILE - echo "patch:" >> $PILLARFILE - echo " os:" >> $PILLARFILE - echo " schedule_name: $PATCHSCHEDULENAME" >> $PILLARFILE - echo " enabled: True" >> $PILLARFILE - echo " splay: 300" >> $PILLARFILE - echo "" >> $PILLARFILE + printf '%s\n'\ + ""\ + "patch:"\ + " os:"\ + " schedule_name: $PATCHSCHEDULENAME"\ + " enabled: True"\ + " splay: 300"\ + "" >> "$PILLARFILE" } patch_schedule_os_new() { - OSPATCHSCHEDULEDIR="$TMP/salt/patch/os/schedules" - OSPATCHSCHEDULE="$OSPATCHSCHEDULEDIR/$PATCHSCHEDULENAME.yml" + local OSPATCHSCHEDULEDIR="$TMP/salt/patch/os/schedules" + local OSPATCHSCHEDULE="$OSPATCHSCHEDULEDIR/$PATCHSCHEDULENAME.yml" - if [ ! -d $OSPATCHSCHEDULEDIR ] ; then - mkdir -p $OSPATCHSCHEDULEDIR - fi + mkdir -p $OSPATCHSCHEDULEDIR - echo "patch:" > "$OSPATCHSCHEDULE" - echo " os:" >> "$OSPATCHSCHEDULE" - echo " schedule:" >> "$OSPATCHSCHEDULE" - for psd in "${PATCHSCHEDULEDAYS[@]}" - do + printf '%s\n'\ + "patch:"\ + " os:"\ + " schedule:"> "$OSPATCHSCHEDULE" + for psd in "${PATCHSCHEDULEDAYS[@]}";do psd="${psd//\"/}" echo " - $psd:" >> "$OSPATCHSCHEDULE" for psh in "${PATCHSCHEDULEHOURS[@]}" @@ -1031,10 +1021,8 @@ reserve_group_ids() { saltify() { # Install updates and Salt - if [ $OS == 'centos' ]; then - ADDUSER=adduser - - if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then + if [ $OS = 'centos' ]; then + if [ $INSTALLTYPE = 'MASTER' ] || [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'HELIXSENSOR' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ]; then reserve_group_ids yum -y install epel-release yum -y install wget https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm @@ -1058,7 +1046,7 @@ EOF else - if [ $MASTERUPDATES == 'MASTER' ]; then + if [ "$MASTERUPDATES" = 1 ]; then # Create the GPG Public Key for the Salt Repo cp "$SCRIPTDIR"/public_keys/salt.pem /etc/pki/rpm-gpg/saltstack-signing-key @@ -1114,10 +1102,10 @@ EOF yum -y update exclude=salt* systemctl enable salt-minion - if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then + if [ "$INSTALLTYPE" = 'MASTER' ] || [ "$INSTALLTYPE" = 'EVAL' ] || [ "$INSTALLTYPE" = 'HELIXSENSOR' ] || [ "$INSTALLTYPE" = 'MASTERSEARCH' ]; then yum -y install salt-master-2019.2.3 python3 python36-m2crypto salt-minion-2019.2.3 python36-dateutil python36-mysql python36-docker systemctl enable salt-master - elif [ $INSTALLTYPE == 'FLEET' ]; then + elif [ "$INSTALLTYPE" = 'FLEET' ]; then yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker python36-mysql else yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker @@ -1126,7 +1114,6 @@ EOF # Our OS is not CentOS else - ADDUSER=useradd DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade if [ $OSVER != "xenial" ]; then @@ -1142,7 +1129,7 @@ EOF UVER=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}') # Nasty hack but required for now - if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then + if [ $INSTALLTYPE = 'MASTER' ] || [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ]; then if [ $OSVER != "xenial" ]; then # Install the repo for salt py3 edition @@ -1211,7 +1198,7 @@ EOF salt_checkin() { # Master State to Fix Mine Usage - if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then + if [ $INSTALLTYPE = 'MASTER' ] || [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'HELIXSENSOR' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ]; then echo "Building Certificate Authority" salt-call state.apply ca >> "$SETUPLOG" 2>&1 echo " *** Restarting Salt to fix any SSL errors. ***" @@ -1251,7 +1238,7 @@ salt_master_directories() { mkdir -p /opt/so/saltstack/pillar # Copy over the salt code and templates - if [ $INSTALLMETHOD == 'iso' ]; then + if [ $INSTALLMETHOD = 'iso' ]; then rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* /opt/so/saltstack/pillar/ rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* /opt/so/saltstack/salt/ else @@ -1266,9 +1253,9 @@ salt_master_directories() { salt_install_mysql_deps() { - if [ $OS == 'centos' ]; then + if [ $OS = 'centos' ]; then yum -y install mariadb-devel - elif [ $OS == 'ubuntu' ]; then + elif [ $OS = 'ubuntu' ]; then if [ $OSVER != "xenial" ]; then apt-get -y install python3-mysqldb >> "$SETUPLOG" 2>&1 else @@ -1288,7 +1275,7 @@ sensor_pillar() { echo " interface: bond0" >> $PILLARFILE echo " mainip: $MAINIP" >> $PILLARFILE echo " mainint: $MAININT" >> $PILLARFILE - if [ $NSMSETUP == 'ADVANCED' ]; then + if [ $NSMSETUP = 'ADVANCED' ]; then echo " bro_pins:" >> $PILLARFILE for PIN in $BROPINS; do PIN=$(echo $PIN | cut -d\" -f2) @@ -1299,7 +1286,7 @@ sensor_pillar() { SPIN=$(echo $SPIN | cut -d\" -f2) echo " - $SPIN" >> $PILLARFILE done - elif [ $INSTALLTYPE == 'HELIXSENSOR' ]; then + elif [ $INSTALLTYPE = 'HELIXSENSOR' ]; then echo " bro_lbprocs: $LBPROCS" >> $PILLARFILE echo " suriprocs: $LBPROCS" >> $PILLARFILE else @@ -1362,43 +1349,43 @@ set_hostname_iso() { set_initial_firewall_policy() { get_main_ip - if [ $INSTALLTYPE == 'MASTER' ]; then + if [ $INSTALLTYPE = 'MASTER' ]; then printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls /opt/so/saltstack/pillar/data/addtotab.sh mastertab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM fi - if [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then + if [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ]; then printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/forward_nodes.sls printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/search_nodes.sls - if [ $INSTALLTYPE == 'EVAL' ]; then + if [ $INSTALLTYPE = 'EVAL' ]; then /opt/so/saltstack/pillar/data/addtotab.sh evaltab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0 - elif [ $INSTALLTYPE == 'MASTERSEARCH' ]; then + elif [ $INSTALLTYPE = 'MASTERSEARCH' ]; then /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM fi fi - if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then + if [ $INSTALLTYPE = 'HELIXSENSOR' ]; then printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/forward_nodes.sls fi - if [ $INSTALLTYPE == 'SENSOR' ]; then + if [ $INSTALLTYPE = 'SENSOR' ]; then ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0 fi - if [ $INSTALLTYPE == 'SEARCHNODE' ]; then + if [ $INSTALLTYPE = 'SEARCHNODE' ]; then ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM fi - if [ $INSTALLTYPE == 'HEAVYNODE' ]; then + if [ $INSTALLTYPE = 'HEAVYNODE' ]; then ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP @@ -1406,19 +1393,19 @@ set_initial_firewall_policy() { ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM fi - if [ $INSTALLTYPE == 'FLEET' ]; then + if [ $INSTALLTYPE = 'FLEET' ]; then ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP fi - if [ $INSTALLTYPE == 'PARSINGNODE' ]; then + if [ $INSTALLTYPE = 'PARSINGNODE' ]; then echo "blah" fi - if [ $INSTALLTYPE == 'HOTNODE' ]; then + if [ $INSTALLTYPE = 'HOTNODE' ]; then echo "blah" fi - if [ $INSTALLTYPE == 'WARMNODE' ]; then + if [ $INSTALLTYPE = 'WARMNODE' ]; then echo "blah" fi @@ -1427,7 +1414,7 @@ set_initial_firewall_policy() { # Set up the management interface on the ISO set_management_interface() { - if [ $ADDRESSTYPE == 'DHCP' ]; then + if [ $ADDRESSTYPE = 'DHCP' ]; then /usr/bin/nmcli con up $MNIC /usr/bin/nmcli con mod $MNIC connection.autoconnect yes else @@ -1443,16 +1430,16 @@ set_management_interface() { set_node_type() { # Determine the node type based on whiplash choice - if [ $INSTALLTYPE == 'SEARCHNODE' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ] || [ $INSTALLTYPE == 'HEAVYNODE' ] ; then + if [ $INSTALLTYPE = 'SEARCHNODE' ] || [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ] || [ $INSTALLTYPE = 'HEAVYNODE' ] ; then NODETYPE='search' fi - if [ $INSTALLTYPE == 'PARSINGNODE' ]; then + if [ $INSTALLTYPE = 'PARSINGNODE' ]; then NODETYPE='parser' fi - if [ $INSTALLTYPE == 'HOTNODE' ]; then + if [ $INSTALLTYPE = 'HOTNODE' ]; then NODETYPE='hot' fi - if [ $INSTALLTYPE == 'WARMNODE' ]; then + if [ $INSTALLTYPE = 'WARMNODE' ]; then NODETYPE='warm' fi