diff --git a/salt/top.sls b/salt/top.sls index ac6e909f0..cdce0904c 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -47,6 +47,9 @@ base: - utility - schedule - soctopus + {%- if THEHIVE != 0 %} + - hive + {%- endif %} 'G@role:so-master': @@ -57,17 +60,27 @@ base: - master - idstools - redis + {%- if OSQUERY != 0 %} - mysql + {%- endif %} - elasticsearch - logstash - kibana - elastalert + {%- if WAZUH != 0 %} - wazuh + {%- endif %} - filebeat - utility - schedule + {%- if OSQUERY != 0 %} - fleet + {%- endif %} - soctopus + {%- if THEHIVE != 0 %} + - hive + {%- endif %} + # Storage node logic diff --git a/so-setup-network.sh b/so-setup-network.sh index cc536e4b6..d3bc6ef3e 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -1152,10 +1152,10 @@ whiptail_cur_close_days() { whiptail_enable_components() { COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \ "Select Components to install" 20 78 8 \ - "GRAFANA" "Enable Grafana for system monitoring" OFF \ - "OSQUERY" "Enable Fleet with osquery" OFF \ - "WAZUH" "Enable Wazuh" OFF \ - "THEHIVE" "Enable TheHive" OFF 3>&1 1>&2 2>&3 ) + "GRAFANA" "Enable Grafana for system monitoring" ON \ + "OSQUERY" "Enable Fleet with osquery" ON \ + "WAZUH" "Enable Wazuh" ON \ + "THEHIVE" "Enable TheHive" ON 3>&1 1>&2 2>&3 ) } whiptail_eval_adv() { @@ -1361,23 +1361,6 @@ whiptail_master_adv_service_brologs() { "x509" "x.509 Logs" ON 3>&1 1>&2 2>&3 ) } -whiptail_master_adv_service_grafana() { - echo "blah" -} - -whiptail_master_adv_service_osquery() { - #MOSQ=$() - echo "blah" - -} - -whiptail_master_adv_service_wazuh() { - echo "blah" -} - - - - whiptail_network_notice() { whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Hit YES to continue." 8 78 @@ -1622,6 +1605,8 @@ if (whiptail_you_sure); then # Find out how to handle updates whiptail_master_updates + whiptail_enable_components + process_components # Do Advacned Setup if they chose it if [ $MASTERADV == 'ADVANCED' ]; then @@ -1629,9 +1614,6 @@ if (whiptail_you_sure); then if [ $BROVERSION != 'SURICATA' ]; then whiptail_master_adv_service_brologs fi - whiptail_master_adv_service_osquery - whiptail_master_adv_service_grafana - whiptail_master_adv_service_wazuh fi # Last Chance to back out @@ -1852,7 +1834,7 @@ if (whiptail_you_sure); then echo -e "XXX\n25\nInstalling master components... \nXXX" salt-call state.apply master >>~/sosetup.log 2>&1 salt-call state.apply idstools >>~/sosetup.log 2>&1 - if [[ $EVALOSQUERY == '0' ]]; then + if [[ $OSQUERY == '1' ]]; then salt-call state.apply mysql >>~/sosetup.log 2>&1 fi echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX" @@ -1871,12 +1853,12 @@ if (whiptail_you_sure); then salt-call state.apply curator >>~/sosetup.log 2>&1 echo -e "XXX\n58\nInstalling elastalert... \nXXX" salt-call state.apply elastalert >>~/sosetup.log 2>&1 - if [[ $EVALOSQUERY == '0' ]]; then + if [[ $OSQUERY == '1' ]]; then echo -e "XXX\n60\nInstalling fleet... \nXXX" salt-call state.apply fleet >>~/sosetup.log 2>&1 salt-call state.apply redis >>~/sosetup.log 2>&1 fi - if [[ $EVALWAZUH == '0' ]]; then + if [[ $WAZUH == '1' ]]; then echo -e "XXX\n65\nInstalling Wazuh components... \nXXX" salt-call state.apply wazuh >>~/sosetup.log 2>&1 fi @@ -1886,6 +1868,9 @@ if (whiptail_you_sure); then echo -e "XXX\n95\nInstalling misc components... \nXXX" salt-call state.apply schedule >>~/sosetup.log 2>&1 salt-call state.apply soctopus >>~/sosetup.log 2>&1 + if [[ $WAZUH == '1' ]]; then + salt-call state.apply hive >>~/sosetup.log 2>&1 + fi echo -e "XXX\n98\nSetting checkin to run on boot... \nXXX" checkin_at_boot >>~/sosetup.log 2>&1 echo -e "XXX\n99\nVerifying Setup... \nXXX"