mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
[refactor] Use = instead of ==, more printf changes
This commit is contained in:
William Wernert
@@ -64,7 +64,7 @@ so_add_user() {
|
||||
groupadd --gid "$3" "$1"
|
||||
|
||||
|
||||
if [ "$5" == 0 ]; then
|
||||
if [ "$5" = 0 ]; then
|
||||
useradd --uid "$2" --gid "$3" --home-dir "$4" --no-create-home "$1"
|
||||
else
|
||||
useradd --uid "$2" --gid "$3" --home-dir "$4" "$1"
|
||||
@@ -133,7 +133,7 @@ bro_logs_enabled() {
|
||||
echo "brologs:" > pillar/brologs.sls
|
||||
echo " enabled:" >> pillar/brologs.sls
|
||||
|
||||
if [ "$MASTERADV" == 'ADVANCED' ]; then
|
||||
if [ "$MASTERADV" = 'ADVANCED' ]; then
|
||||
for BLOG in "${BLOGS[@]}"; do
|
||||
echo " - $BLOG" | tr -d '"' >> pillar/brologs.sls
|
||||
done
|
||||
@@ -201,15 +201,17 @@ check_admin_pass() {
|
||||
check_hive_init_then_reboot() {
|
||||
WAIT_STEP=0
|
||||
MAX_WAIT=100
|
||||
|
||||
until [ -f /opt/so/state/thehive.txt ] ; do
|
||||
WAIT_STEP=$(( WAIT_STEP + 1 ))
|
||||
echo "Waiting on the_hive to init ($WAIT_STEP/$MAX_WAIT)..."
|
||||
WAIT_STEP=$(( WAIT_STEP + 1 ))
|
||||
echo "Waiting on the_hive to init ($WAIT_STEP/$MAX_WAIT)..."
|
||||
if [ ${WAIT_STEP} -gt ${MAX_WAIT} ]; then
|
||||
echo "ERROR: We waited ${MAX_WAIT} seconds but the_hive is not working."
|
||||
return 5
|
||||
fi
|
||||
sleep 1s;
|
||||
done
|
||||
|
||||
docker stop so-thehive
|
||||
docker rm so-thehive
|
||||
shutdown -r now
|
||||
@@ -243,7 +245,7 @@ check_network_manager_conf() {
|
||||
# $2 => confirm password
|
||||
# $3 => variable to set
|
||||
check_pass_match() {
|
||||
if [ "$1" == "$2" ]; then
|
||||
if [ "$1" = "$2" ]; then
|
||||
eval "$3"="\"yes\""
|
||||
else
|
||||
whiptail_passwords_dont_match
|
||||
@@ -347,7 +349,7 @@ configure_minion() {
|
||||
copy_master_config() {
|
||||
|
||||
# Copy the master config template to the proper directory
|
||||
if [ "$INSTALLMETHOD" == 'iso' ]; then
|
||||
if [ "$INSTALLMETHOD" = 'iso' ]; then
|
||||
cp /root/SecurityOnion/files/master /etc/salt/master
|
||||
else
|
||||
cp "$SCRIPTDIR"/../files/master /etc/salt/master
|
||||
@@ -434,7 +436,6 @@ create_sensor_bond() {
|
||||
# Check if the bond slave connection has already been created
|
||||
if ! [[ $(nmcli -f name,uuid -p con | sed -n "s/bond0-slave-$BONDNIC //p" | tr -d ' ') ]]; then
|
||||
# Create the slave interface and assign it to the bond
|
||||
|
||||
nmcli con add type ethernet ifname "$BONDNIC" con-name "bond0-slave-$BONDNIC" master bond0 -- \
|
||||
ethernet.mtu $MTU \
|
||||
connection.autoconnect "yes" >> "$SETUPLOG" 2>&1
|
||||
@@ -462,7 +463,7 @@ detect_os() {
|
||||
echo "We currently do not support CentOS $OSVER but we are working on it!"
|
||||
exit
|
||||
else
|
||||
echo "We do not support the version of CentOS you are trying to use"
|
||||
echo "We do not support the version of CentOS you are trying to use."
|
||||
exit
|
||||
fi
|
||||
|
||||
@@ -477,7 +478,7 @@ detect_os() {
|
||||
elif grep -q "UBUNTU_CODENAME=xenial" /etc/os-release; then
|
||||
OSVER=xenial
|
||||
else
|
||||
echo "We do not support your current version of Ubuntu"
|
||||
echo "We do not support your current version of Ubuntu."
|
||||
exit
|
||||
fi
|
||||
# Install network manager so we can do interface stuff
|
||||
@@ -488,7 +489,7 @@ detect_os() {
|
||||
} >> "$SETUPLOG" 2<&1
|
||||
|
||||
else
|
||||
echo "We were unable to determine if you are using a supported OS." >> "$SETUPLOG" 2>&1
|
||||
echo "We were unable to determine if you are using a supported OS."
|
||||
exit
|
||||
fi
|
||||
|
||||
@@ -522,7 +523,7 @@ disable_misc_network_features() {
|
||||
|
||||
docker_install() {
|
||||
|
||||
if [ $OS == 'centos' ]; then
|
||||
if [ $OS = 'centos' ]; then
|
||||
yum clean expire-cache
|
||||
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
|
||||
yum -y update
|
||||
@@ -630,14 +631,14 @@ es_heapsize() {
|
||||
|
||||
# Determine ES Heap Size
|
||||
if [ "$TOTAL_MEM" -lt 8000 ] ; then
|
||||
ES_HEAP_SIZE="600m"
|
||||
ES_HEAP_SIZE="600m"
|
||||
elif [ "$TOTAL_MEM" -ge 100000 ]; then
|
||||
# Set a max of 25GB for heap size
|
||||
# https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html
|
||||
ES_HEAP_SIZE="25000m"
|
||||
# Set a max of 25GB for heap size
|
||||
# https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html
|
||||
ES_HEAP_SIZE="25000m"
|
||||
else
|
||||
# Set heap size to 25% of available memory
|
||||
ES_HEAP_SIZE=$(( TOTAL_MEM / 4 ))"m"
|
||||
# Set heap size to 25% of available memory
|
||||
ES_HEAP_SIZE=$(( TOTAL_MEM / 4 ))"m"
|
||||
fi
|
||||
|
||||
}
|
||||
@@ -721,7 +722,7 @@ get_main_ip() {
|
||||
# Get the main IP address the box is using
|
||||
|
||||
# Add some logic because Bubntu 18.04 like to be different
|
||||
if [ $OSVER == 'bionic' ]; then
|
||||
if [ $OSVER = 'bionic' ]; then
|
||||
MAINIP=$(ip route get 1 | awk '{print $7;exit}')
|
||||
else
|
||||
MAINIP=$(ip route get 1 | awk '{print $NF;exit}')
|
||||
@@ -734,7 +735,7 @@ get_main_ip() {
|
||||
get_redirect() {
|
||||
whiptail_set_redirect_info
|
||||
whiptail_set_redirect
|
||||
if [ "$REDIRECTINFO" == "OTHER" ]; then
|
||||
if [ "$REDIRECTINFO" = "OTHER" ]; then
|
||||
whiptail_set_redirect_host
|
||||
fi
|
||||
}
|
||||
@@ -768,16 +769,7 @@ install_prep() {
|
||||
install_master() {
|
||||
|
||||
# Install the salt master package
|
||||
if [ $OS == 'centos' ]; then
|
||||
#yum -y install wget salt-common salt-master python36-mysql python36-dateutil python36-m2crypto >> "$SETUPLOG" 2>&1
|
||||
echo ""
|
||||
# Create a place for the keys for Ubuntu minions
|
||||
#mkdir -p /opt/so/gpg
|
||||
#wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
|
||||
#wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg
|
||||
#wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH
|
||||
|
||||
else
|
||||
if [ $OS != 'centos' ]; then
|
||||
if [ $OSVER != "xenial" ]; then
|
||||
apt-get install -y salt-common=2019.2.3+ds-1 salt-master=2019.2.3+ds-1 salt-minion=2019.2.3+ds-1 libssl-dev python-m2crypto
|
||||
apt-mark hold salt-common salt-master salt-minion
|
||||
@@ -794,9 +786,9 @@ install_master() {
|
||||
ls_heapsize() {
|
||||
|
||||
# Determine LS Heap Size
|
||||
if [ $TOTAL_MEM -ge 32000 ] || [ $INSTALLTYPE == 'MASTERSEARCH' ] || [ $INSTALLTYPE == 'HEAVYNODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
|
||||
if [ "$TOTAL_MEM" -ge 32000 ] || [ "$INSTALLTYPE" = 'MASTERSEARCH' ] || [ "$INSTALLTYPE" = 'HEAVYNODE' ] || [ "$INSTALLTYPE" = 'HELIXSENSOR' ]; then
|
||||
LS_HEAP_SIZE="1000m"
|
||||
elif [ $INSTALLTYPE == 'EVAL' ]; then
|
||||
elif [ "$INSTALLTYPE" = 'EVAL' ]; then
|
||||
LS_HEAP_SIZE="700m"
|
||||
else
|
||||
# If minimal RAM, then set minimal heap
|
||||
@@ -807,96 +799,94 @@ ls_heapsize() {
|
||||
|
||||
master_pillar() {
|
||||
|
||||
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
|
||||
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
|
||||
|
||||
# Create the master pillar
|
||||
echo "master:" >> $PILLARFILE
|
||||
echo " mainip: $MAINIP" >> $PILLARFILE
|
||||
echo " mainint: $MAININT" >> $PILLARFILE
|
||||
echo " esheap: $ES_HEAP_SIZE" >> $PILLARFILE
|
||||
echo " esclustername: {{ grains.host }}" >> $PILLARFILE
|
||||
if [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
|
||||
echo " freq: 0" >> $PILLARFILE
|
||||
echo " domainstats: 0" >> $PILLARFILE
|
||||
echo " ls_pipeline_batch_size: 125" >> $PILLARFILE
|
||||
echo " ls_input_threads: 1" >> $PILLARFILE
|
||||
echo " ls_batch_count: 125" >> $PILLARFILE
|
||||
echo " mtu: 1500" >> $PILLARFILE
|
||||
# Create the master pillar
|
||||
printf '%s\n'\
|
||||
"master:"\
|
||||
" mainip: $MAINIP"\
|
||||
" esheap: $ES_HEAP_SIZE"\
|
||||
" esclustername: {{ grains.host }}"\
|
||||
" freq: 0"\
|
||||
" domainstats: 0" >> "$PILLARFILE"
|
||||
|
||||
else
|
||||
echo " freq: 0" >> $PILLARFILE
|
||||
echo " domainstats: 0" >> $PILLARFILE
|
||||
fi
|
||||
echo " lsheap: $LS_HEAP_SIZE" >> $PILLARFILE
|
||||
echo " lsaccessip: 127.0.0.1" >> $PILLARFILE
|
||||
echo " elastalert: 1" >> $PILLARFILE
|
||||
echo " ls_pipeline_workers: $CPUCORES" >> $PILLARFILE
|
||||
echo " nids_rules: $RULESETUP" >> $PILLARFILE
|
||||
echo " oinkcode: $OINKCODE" >> $PILLARFILE
|
||||
#echo " access_key: $ACCESS_KEY" >> $PILLARFILE
|
||||
#echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE
|
||||
echo " es_port: $NODE_ES_PORT" >> $PILLARFILE
|
||||
echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE
|
||||
echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE
|
||||
#echo " mysqlpass: $MYSQLPASS" >> $PILLARFILE
|
||||
#echo " fleetpass: $FLEETPASS" >> $PILLARFILE
|
||||
echo " grafana: $GRAFANA" >> $PILLARFILE
|
||||
echo " osquery: $OSQUERY" >> $PILLARFILE
|
||||
echo " wazuh: $WAZUH" >> $PILLARFILE
|
||||
echo " thehive: $THEHIVE" >> $PILLARFILE
|
||||
echo " playbook: $PLAYBOOK" >> $PILLARFILE
|
||||
echo " strelka: $STRELKA" >> $PILLARFILE
|
||||
echo "" >> $PILLARFILE
|
||||
echo "kratos:" >> $PILLARFILE
|
||||
if [[ $REDIRECTINFO == 'OTHER' ]]; then
|
||||
REDIRECTIT=$REDIRECT
|
||||
elif [[ $REDIRECTINFO == 'IP' ]]; then
|
||||
REDIRECTIT=$MAINIP
|
||||
elif [[ $REDIRECTINFO == 'HOSTNAME' ]]; then
|
||||
REDIRECTIT=$HOSTNAME
|
||||
fi
|
||||
echo " kratoskey: $KRATOSKEY" >> $PILLARFILE
|
||||
echo " redirect: $REDIRECTIT" >> $PILLARFILE
|
||||
echo "" >> $PILLARFILE
|
||||
if [ "$INSTALLTYPE" = 'EVAL' ] || [ "$INSTALLTYPE" = 'HELIXSENSOR' ] || [ "$INSTALLTYPE" = 'MASTERSEARCH' ]; then
|
||||
printf '%s\n'\
|
||||
" ls_pipeline_batch_size: 125"\
|
||||
" ls_input_threads: 1"\
|
||||
" ls_batch_count: 125"\
|
||||
" mtu: $MTU" >> "$PILLARFILE"
|
||||
fi
|
||||
printf '%s\n'\
|
||||
" lsheap: $LS_HEAP_SIZE"\
|
||||
" lsaccessip: 127.0.0.1"\
|
||||
" elastalert: 1"\
|
||||
" ls_pipeline_workers: $CPUCORES"\
|
||||
" nids_rules: $RULESETUP"\
|
||||
" oinkcode: $OINKCODE"\
|
||||
" es_port: $NODE_ES_PORT"\
|
||||
" log_size_limit: $LOG_SIZE_LIMIT"\
|
||||
" cur_close_days: $CURCLOSEDAYS"\
|
||||
" grafana: $GRAFANA"\
|
||||
" osquery: $OSQUERY"\
|
||||
" wazuh: $WAZUH"\
|
||||
" thehive: $THEHIVE"\
|
||||
" playbook: $PLAYBOOK"\
|
||||
" strelka: $STRELKA"\
|
||||
""\
|
||||
"kratos:" >> "$PILLARFILE"
|
||||
|
||||
case $REDIRECTINFO in
|
||||
'IP')
|
||||
REDIRECTIT="$MAINIP"
|
||||
;;
|
||||
'HOSTNAME')
|
||||
REDIRECTIT=$HOSTNAME
|
||||
;;
|
||||
*)
|
||||
REDIRECTIT="$REDIRECT"
|
||||
;;
|
||||
esac
|
||||
|
||||
printf '%s\n'\
|
||||
" kratoskey: $KRATOSKEY"\
|
||||
" redirect: $REDIRECTIT"\
|
||||
"" >> "$PILLARFILE"
|
||||
|
||||
|
||||
}
|
||||
|
||||
master_static() {
|
||||
local static_pillar="/opt/so/saltstack/pillar/static.sls"
|
||||
|
||||
# Create a static file for global values
|
||||
touch /opt/so/saltstack/pillar/static.sls
|
||||
|
||||
echo "static:" > /opt/so/saltstack/pillar/static.sls
|
||||
echo " soversion: HH$SOVERSION" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " hnmaster: $HNMASTER" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " ntpserver: $NTPSERVER" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " proxy: $PROXY" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " broversion: $BROVERSION" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " ids: $NIDS" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " masterip: $MAINIP" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " hiveuser: hiveadmin" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " hivepassword: hivechangeme" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " hivekey: $HIVEKEY" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " cortexuser: cortexadmin" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " cortexpassword: cortexchangeme" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " cortexkey: $CORTEXKEY" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " cortexorgname: SecurityOnion" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " cortexorguser: soadmin" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " cortexorguserkey: $CORTEXORGUSERKEY" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " fleet_master: False" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " fleet_node: False" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " fleet_packages-timestamp: N/A" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " fleet_hostname: N/A" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " fleet_ip: N/A" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls
|
||||
if [[ $MASTERUPDATES == 'MASTER' ]]; then
|
||||
echo " masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls
|
||||
else
|
||||
echo " masterupdate: 0" >> /opt/so/saltstack/pillar/static.sls
|
||||
fi
|
||||
echo "elastic:" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " features: False" >> /opt/so/saltstack/pillar/static.sls
|
||||
# Create a static file for global values
|
||||
printf '%s\n'\
|
||||
"static:"\
|
||||
" soversion: HH$SOVERSION"\
|
||||
" hnmaster: $HNMASTER"\
|
||||
" ntpserver: $NTPSERVER"\
|
||||
" proxy: $PROXY"\
|
||||
" broversion: $BROVERSION"\
|
||||
" ids: $NIDS"\
|
||||
" masterip: $MAINIP"\
|
||||
" hiveuser: hiveadmin"\
|
||||
" hivepassword: hivechangeme"\
|
||||
" hivekey: $HIVEKEY"\
|
||||
" cortexuser: cortexadmin"\
|
||||
" cortexpassword: cortexchangeme"\
|
||||
" cortexkey: $CORTEXKEY"\
|
||||
" cortexorgname: SecurityOnion"\
|
||||
" cortexorguser: soadmin"\
|
||||
" cortexorguserkey: $CORTEXORGUSERKEY"\
|
||||
" fleet_master: False"\
|
||||
" fleet_node: False"\
|
||||
" fleet_packages-timestamp: N/A"\
|
||||
" fleet_hostname: N/A"\
|
||||
" fleet_ip: N/A"\
|
||||
" sensoronikey: $SENSORONIKEY"
|
||||
" masterupdate: $MASTERUPDATES" > "$static_pillar"
|
||||
echo "elastic:" >> /opt/so/saltstack/pillar/static.sls
|
||||
echo " features: False" >> /opt/so/saltstack/pillar/static.sls
|
||||
}
|
||||
|
||||
minio_generate_keys() {
|
||||
@@ -933,55 +923,55 @@ network_setup() {
|
||||
|
||||
node_pillar() {
|
||||
|
||||
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
|
||||
local PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
|
||||
|
||||
# Create the node pillar
|
||||
echo "node:" >> $PILLARFILE
|
||||
echo " mainip: $MAINIP" >> $PILLARFILE
|
||||
echo " mainint: $MAININT" >> $PILLARFILE
|
||||
echo " esheap: $NODE_ES_HEAP_SIZE" >> $PILLARFILE
|
||||
echo " esclustername: {{ grains.host }}" >> $PILLARFILE
|
||||
echo " lsheap: $NODE_LS_HEAP_SIZE" >> $PILLARFILE
|
||||
echo " ls_pipeline_workers: $LSPIPELINEWORKERS" >> $PILLARFILE
|
||||
echo " ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $PILLARFILE
|
||||
echo " ls_input_threads: $LSINPUTTHREADS" >> $PILLARFILE
|
||||
echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $PILLARFILE
|
||||
echo " es_shard_count: $SHARDCOUNT" >> $PILLARFILE
|
||||
echo " node_type: $NODETYPE" >> $PILLARFILE
|
||||
echo " es_port: $NODE_ES_PORT" >> $PILLARFILE
|
||||
echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE
|
||||
echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE
|
||||
echo "" >> $PILLARFILE
|
||||
printf '%s\n'\
|
||||
"node:"\
|
||||
" mainip: $MAINIP"\
|
||||
" mainint: $MAININT"\
|
||||
" esheap: $NODE_ES_HEAP_SIZE"\
|
||||
" esclustername: {{ grains.host }}"\
|
||||
" lsheap: $NODE_LS_HEAP_SIZE"\
|
||||
" ls_pipeline_workers: $LSPIPELINEWORKERS"\
|
||||
" ls_pipeline_batch_size: $LSPIPELINEBATCH"\
|
||||
" ls_input_threads: $LSINPUTTHREADS"\
|
||||
" ls_batch_count: $LSINPUTBATCHCOUNT"\
|
||||
" es_shard_count: $SHARDCOUNT"\
|
||||
" node_type: $NODETYPE"\
|
||||
" es_port: $NODE_ES_PORT"\
|
||||
" log_size_limit: $LOG_SIZE_LIMIT"\
|
||||
" cur_close_days: $CURCLOSEDAYS"\
|
||||
"" >> "$PILLARFILE"
|
||||
|
||||
}
|
||||
|
||||
patch_pillar() {
|
||||
|
||||
PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
|
||||
local PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
|
||||
|
||||
echo "" >> $PILLARFILE
|
||||
echo "patch:" >> $PILLARFILE
|
||||
echo " os:" >> $PILLARFILE
|
||||
echo " schedule_name: $PATCHSCHEDULENAME" >> $PILLARFILE
|
||||
echo " enabled: True" >> $PILLARFILE
|
||||
echo " splay: 300" >> $PILLARFILE
|
||||
echo "" >> $PILLARFILE
|
||||
printf '%s\n'\
|
||||
""\
|
||||
"patch:"\
|
||||
" os:"\
|
||||
" schedule_name: $PATCHSCHEDULENAME"\
|
||||
" enabled: True"\
|
||||
" splay: 300"\
|
||||
"" >> "$PILLARFILE"
|
||||
|
||||
}
|
||||
|
||||
patch_schedule_os_new() {
|
||||
OSPATCHSCHEDULEDIR="$TMP/salt/patch/os/schedules"
|
||||
OSPATCHSCHEDULE="$OSPATCHSCHEDULEDIR/$PATCHSCHEDULENAME.yml"
|
||||
local OSPATCHSCHEDULEDIR="$TMP/salt/patch/os/schedules"
|
||||
local OSPATCHSCHEDULE="$OSPATCHSCHEDULEDIR/$PATCHSCHEDULENAME.yml"
|
||||
|
||||
if [ ! -d $OSPATCHSCHEDULEDIR ] ; then
|
||||
mkdir -p $OSPATCHSCHEDULEDIR
|
||||
fi
|
||||
mkdir -p $OSPATCHSCHEDULEDIR
|
||||
|
||||
echo "patch:" > "$OSPATCHSCHEDULE"
|
||||
echo " os:" >> "$OSPATCHSCHEDULE"
|
||||
echo " schedule:" >> "$OSPATCHSCHEDULE"
|
||||
for psd in "${PATCHSCHEDULEDAYS[@]}"
|
||||
do
|
||||
printf '%s\n'\
|
||||
"patch:"\
|
||||
" os:"\
|
||||
" schedule:"> "$OSPATCHSCHEDULE"
|
||||
for psd in "${PATCHSCHEDULEDAYS[@]}";do
|
||||
psd="${psd//\"/}"
|
||||
echo " - $psd:" >> "$OSPATCHSCHEDULE"
|
||||
for psh in "${PATCHSCHEDULEHOURS[@]}"
|
||||
@@ -1031,10 +1021,8 @@ reserve_group_ids() {
|
||||
saltify() {
|
||||
|
||||
# Install updates and Salt
|
||||
if [ $OS == 'centos' ]; then
|
||||
ADDUSER=adduser
|
||||
|
||||
if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
|
||||
if [ $OS = 'centos' ]; then
|
||||
if [ $INSTALLTYPE = 'MASTER' ] || [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'HELIXSENSOR' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ]; then
|
||||
reserve_group_ids
|
||||
yum -y install epel-release
|
||||
yum -y install wget https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
|
||||
@@ -1058,7 +1046,7 @@ EOF
|
||||
|
||||
else
|
||||
|
||||
if [ $MASTERUPDATES == 'MASTER' ]; then
|
||||
if [ "$MASTERUPDATES" = 1 ]; then
|
||||
|
||||
# Create the GPG Public Key for the Salt Repo
|
||||
cp "$SCRIPTDIR"/public_keys/salt.pem /etc/pki/rpm-gpg/saltstack-signing-key
|
||||
@@ -1114,10 +1102,10 @@ EOF
|
||||
yum -y update exclude=salt*
|
||||
systemctl enable salt-minion
|
||||
|
||||
if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
|
||||
if [ "$INSTALLTYPE" = 'MASTER' ] || [ "$INSTALLTYPE" = 'EVAL' ] || [ "$INSTALLTYPE" = 'HELIXSENSOR' ] || [ "$INSTALLTYPE" = 'MASTERSEARCH' ]; then
|
||||
yum -y install salt-master-2019.2.3 python3 python36-m2crypto salt-minion-2019.2.3 python36-dateutil python36-mysql python36-docker
|
||||
systemctl enable salt-master
|
||||
elif [ $INSTALLTYPE == 'FLEET' ]; then
|
||||
elif [ "$INSTALLTYPE" = 'FLEET' ]; then
|
||||
yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker python36-mysql
|
||||
else
|
||||
yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker
|
||||
@@ -1126,7 +1114,6 @@ EOF
|
||||
|
||||
# Our OS is not CentOS
|
||||
else
|
||||
ADDUSER=useradd
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade
|
||||
|
||||
if [ $OSVER != "xenial" ]; then
|
||||
@@ -1142,7 +1129,7 @@ EOF
|
||||
UVER=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}')
|
||||
|
||||
# Nasty hack but required for now
|
||||
if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
|
||||
if [ $INSTALLTYPE = 'MASTER' ] || [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ]; then
|
||||
|
||||
if [ $OSVER != "xenial" ]; then
|
||||
# Install the repo for salt py3 edition
|
||||
@@ -1211,7 +1198,7 @@ EOF
|
||||
|
||||
salt_checkin() {
|
||||
# Master State to Fix Mine Usage
|
||||
if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
|
||||
if [ $INSTALLTYPE = 'MASTER' ] || [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'HELIXSENSOR' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ]; then
|
||||
echo "Building Certificate Authority"
|
||||
salt-call state.apply ca >> "$SETUPLOG" 2>&1
|
||||
echo " *** Restarting Salt to fix any SSL errors. ***"
|
||||
@@ -1251,7 +1238,7 @@ salt_master_directories() {
|
||||
mkdir -p /opt/so/saltstack/pillar
|
||||
|
||||
# Copy over the salt code and templates
|
||||
if [ $INSTALLMETHOD == 'iso' ]; then
|
||||
if [ $INSTALLMETHOD = 'iso' ]; then
|
||||
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* /opt/so/saltstack/pillar/
|
||||
rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* /opt/so/saltstack/salt/
|
||||
else
|
||||
@@ -1266,9 +1253,9 @@ salt_master_directories() {
|
||||
|
||||
salt_install_mysql_deps() {
|
||||
|
||||
if [ $OS == 'centos' ]; then
|
||||
if [ $OS = 'centos' ]; then
|
||||
yum -y install mariadb-devel
|
||||
elif [ $OS == 'ubuntu' ]; then
|
||||
elif [ $OS = 'ubuntu' ]; then
|
||||
if [ $OSVER != "xenial" ]; then
|
||||
apt-get -y install python3-mysqldb >> "$SETUPLOG" 2>&1
|
||||
else
|
||||
@@ -1288,7 +1275,7 @@ sensor_pillar() {
|
||||
echo " interface: bond0" >> $PILLARFILE
|
||||
echo " mainip: $MAINIP" >> $PILLARFILE
|
||||
echo " mainint: $MAININT" >> $PILLARFILE
|
||||
if [ $NSMSETUP == 'ADVANCED' ]; then
|
||||
if [ $NSMSETUP = 'ADVANCED' ]; then
|
||||
echo " bro_pins:" >> $PILLARFILE
|
||||
for PIN in $BROPINS; do
|
||||
PIN=$(echo $PIN | cut -d\" -f2)
|
||||
@@ -1299,7 +1286,7 @@ sensor_pillar() {
|
||||
SPIN=$(echo $SPIN | cut -d\" -f2)
|
||||
echo " - $SPIN" >> $PILLARFILE
|
||||
done
|
||||
elif [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
|
||||
elif [ $INSTALLTYPE = 'HELIXSENSOR' ]; then
|
||||
echo " bro_lbprocs: $LBPROCS" >> $PILLARFILE
|
||||
echo " suriprocs: $LBPROCS" >> $PILLARFILE
|
||||
else
|
||||
@@ -1362,43 +1349,43 @@ set_hostname_iso() {
|
||||
set_initial_firewall_policy() {
|
||||
|
||||
get_main_ip
|
||||
if [ $INSTALLTYPE == 'MASTER' ]; then
|
||||
if [ $INSTALLTYPE = 'MASTER' ]; then
|
||||
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
|
||||
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
|
||||
/opt/so/saltstack/pillar/data/addtotab.sh mastertab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
|
||||
fi
|
||||
|
||||
if [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
|
||||
if [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ]; then
|
||||
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
|
||||
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
|
||||
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/forward_nodes.sls
|
||||
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/search_nodes.sls
|
||||
if [ $INSTALLTYPE == 'EVAL' ]; then
|
||||
if [ $INSTALLTYPE = 'EVAL' ]; then
|
||||
/opt/so/saltstack/pillar/data/addtotab.sh evaltab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
|
||||
elif [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
|
||||
elif [ $INSTALLTYPE = 'MASTERSEARCH' ]; then
|
||||
/opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
|
||||
if [ $INSTALLTYPE = 'HELIXSENSOR' ]; then
|
||||
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
|
||||
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
|
||||
printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/forward_nodes.sls
|
||||
fi
|
||||
|
||||
if [ $INSTALLTYPE == 'SENSOR' ]; then
|
||||
if [ $INSTALLTYPE = 'SENSOR' ]; then
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
|
||||
fi
|
||||
|
||||
if [ $INSTALLTYPE == 'SEARCHNODE' ]; then
|
||||
if [ $INSTALLTYPE = 'SEARCHNODE' ]; then
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
|
||||
fi
|
||||
|
||||
if [ $INSTALLTYPE == 'HEAVYNODE' ]; then
|
||||
if [ $INSTALLTYPE = 'HEAVYNODE' ]; then
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
|
||||
@@ -1406,19 +1393,19 @@ set_initial_firewall_policy() {
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
|
||||
fi
|
||||
|
||||
if [ $INSTALLTYPE == 'FLEET' ]; then
|
||||
if [ $INSTALLTYPE = 'FLEET' ]; then
|
||||
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
|
||||
fi
|
||||
|
||||
if [ $INSTALLTYPE == 'PARSINGNODE' ]; then
|
||||
if [ $INSTALLTYPE = 'PARSINGNODE' ]; then
|
||||
echo "blah"
|
||||
fi
|
||||
|
||||
if [ $INSTALLTYPE == 'HOTNODE' ]; then
|
||||
if [ $INSTALLTYPE = 'HOTNODE' ]; then
|
||||
echo "blah"
|
||||
fi
|
||||
|
||||
if [ $INSTALLTYPE == 'WARMNODE' ]; then
|
||||
if [ $INSTALLTYPE = 'WARMNODE' ]; then
|
||||
echo "blah"
|
||||
fi
|
||||
|
||||
@@ -1427,7 +1414,7 @@ set_initial_firewall_policy() {
|
||||
# Set up the management interface on the ISO
|
||||
set_management_interface() {
|
||||
|
||||
if [ $ADDRESSTYPE == 'DHCP' ]; then
|
||||
if [ $ADDRESSTYPE = 'DHCP' ]; then
|
||||
/usr/bin/nmcli con up $MNIC
|
||||
/usr/bin/nmcli con mod $MNIC connection.autoconnect yes
|
||||
else
|
||||
@@ -1443,16 +1430,16 @@ set_management_interface() {
|
||||
set_node_type() {
|
||||
|
||||
# Determine the node type based on whiplash choice
|
||||
if [ $INSTALLTYPE == 'SEARCHNODE' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ] || [ $INSTALLTYPE == 'HEAVYNODE' ] ; then
|
||||
if [ $INSTALLTYPE = 'SEARCHNODE' ] || [ $INSTALLTYPE = 'EVAL' ] || [ $INSTALLTYPE = 'MASTERSEARCH' ] || [ $INSTALLTYPE = 'HEAVYNODE' ] ; then
|
||||
NODETYPE='search'
|
||||
fi
|
||||
if [ $INSTALLTYPE == 'PARSINGNODE' ]; then
|
||||
if [ $INSTALLTYPE = 'PARSINGNODE' ]; then
|
||||
NODETYPE='parser'
|
||||
fi
|
||||
if [ $INSTALLTYPE == 'HOTNODE' ]; then
|
||||
if [ $INSTALLTYPE = 'HOTNODE' ]; then
|
||||
NODETYPE='hot'
|
||||
fi
|
||||
if [ $INSTALLTYPE == 'WARMNODE' ]; then
|
||||
if [ $INSTALLTYPE = 'WARMNODE' ]; then
|
||||
NODETYPE='warm'
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user