From d5df1a106afbecbd09bac8a355216afbf63b1679 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 28 Feb 2023 13:43:52 -0500 Subject: [PATCH 01/43] refactor automated testing inputs due to streamlined setup process --- setup/so-functions | 2 +- setup/so-setup | 66 ++++++++++++++++++++++++---------------------- 2 files changed, 35 insertions(+), 33 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 381c4b497..ef9174e74 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -322,7 +322,7 @@ collect_hostname() { } collect_hostname_validate() { - if [[ $automated == no ]] && [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi + if [[ -z "$TESTING" ]] && [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi whiptail_set_hostname "$HOSTNAME" diff --git a/setup/so-setup b/setup/so-setup index 6825afc9d..8a295afcd 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -37,10 +37,10 @@ source ./so-variables # Parse command line arguments setup_type=$1 -automation=$2 +test_profile=$2 + WHATWOULDYOUSAYYAHDOHERE=setup -# This is for automation while [[ $# -gt 0 ]]; do arg="$1" shift @@ -49,12 +49,8 @@ while [[ $# -gt 0 ]]; do export TURBO="http://${arg#*=}";; "--proxy="* ) export {http,https,ftp,rsync,all}_proxy="${arg#*=}";; - "--allow-role="* ) - export ALLOW_ROLE="${arg#*=}";; "--allow-cidr="* ) export ALLOW_CIDR="${arg#*=}";; - "--skip-reboot" ) - export SKIP_REBOOT=1;; * ) if [[ "$arg" == "--"* ]]; then echo "Invalid option" @@ -166,41 +162,47 @@ catch() { exit 1 } -automated=no - # Add the progress function for manager node type installs progress() { local msg=${1:-'Please wait while installing...'} - if [ $automated == no ]; then + if [ -z "$TESTING" ]; then whiptail --title "$whiptail_title" --gauge "$msg" 6 70 0 # append to text else cat >> $setup_log 2>&1 fi } -# If using automation let's do automation things. -if [[ -f automation/$automation && $(basename $automation) == $automation ]]; then - info "Preselecting variable values based on automated setup: $automation" - source automation/$automation - automated=yes +if [ -n "$test_profile" ]; then + install_type="$(echo $test_profile |awk -F- '{print $1}')" + info "Activating test profile: $test_profile" - attempt=1 - attempts=60 - ip a | grep "$MNIC:" | grep "state UP" >> $setup_log 2>&1 - while [ $? -ne 0 ]; do - logCmd "ip a" - if [ $attempt -gt $attempts ]; then - error "Network unavailable - setup cannot continue" - exit 1 - fi - info "Waiting for network to come up (attempt $attempt of $attempts)" - attempt=$((attempt + 1)) - info "Sleeping 10s to try again" - sleep 10; - logCmd "ip a | grep '$MNIC:' | grep 'state UP'" - done - info "Network is up on $MNIC" + # The below settings are hardcoded purely for automated testing purposes. + TESTING=true + MSRV=manager + if [ "$test_profile" =~ *"-net" ]; then + address_type=DHCP + MSRVIP=10.66.166.72 + elif [ "$test_profile" =~ *"-cloud" ]; then + MSRVIP=10.99.1.20 + elif [ "$test_profile" =~ *"-iso" ]; then + MSRVIP=10.66.166.42 + elif [ "$test_profile" =~ *"-airgap" ]; then + MSRVIP=10.66.166.52 + fi + if [ -f "/root/public_ip" ]; then + REDIRECTHOST=$(cat /root/public_ip) + REDIRECTINFO=OTHER + else + REDIRECTINFO=IP + fi + ALLOW_CIDR=0.0.0.0/0 + MNIC=eth0 + BNICS=eth1 + HOSTNAME=$install_type + WEBUSER=onionuser@somewhere.invalid + WEBPASSWD1=0n10nus3r + WEBPASSWD2=0n10nus3r fi # Make sure the setup type is suppoted. @@ -227,7 +229,7 @@ dmesg -D # Kernel consoleblank is causing whiptail progress screen to appear to hang #1084 # https://github.com/Security-Onion-Solutions/securityonion/issues/1084 -if [ "$automated" == no ]; then +if [ -z "$TESTING" ]; then TTY=$(tty) info "Setup is running on TTY $TTY" if echo $TTY | grep -q "/dev/tty"; then @@ -283,7 +285,7 @@ if ! [[ -f $install_opt_file ]]; then compare_main_nic_ip fi - if [[ $setup_type == 'iso' ]] && [ "$automated" == no ]; then + if [[ $setup_type == 'iso' ]] && [ -z "$TESTING" ]; then whiptail_first_menu_iso if [[ $option == "CONFIGURENETWORK" ]]; then collect_hostname From 9c3cc17153a248bd1bf02130a54e91dd177435e0 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 28 Feb 2023 13:44:38 -0500 Subject: [PATCH 02/43] refactor automated testing inputs due to streamlined setup process --- setup/automation/distributed-airgap-manager | 67 -------------------- setup/automation/distributed-airgap-search | 68 -------------------- setup/automation/distributed-airgap-sensor | 68 -------------------- setup/automation/distributed-cloud-manager | 66 ------------------- setup/automation/distributed-cloud-search | 68 -------------------- setup/automation/distributed-cloud-sensor | 68 -------------------- setup/automation/distributed-iso-manager | 66 ------------------- setup/automation/distributed-iso-search | 68 -------------------- setup/automation/distributed-iso-sensor | 70 --------------------- setup/automation/distributed-net-manager | 66 ------------------- setup/automation/distributed-net-search | 68 -------------------- setup/automation/distributed-net-sensor | 68 -------------------- setup/automation/eval-airgap | 67 -------------------- setup/automation/eval-cloud | 66 ------------------- setup/automation/eval-iso | 66 ------------------- setup/automation/eval-net | 66 ------------------- setup/automation/import-airgap | 67 -------------------- setup/automation/import-cloud | 66 ------------------- setup/automation/import-iso | 66 ------------------- setup/automation/import-net | 66 ------------------- setup/automation/standalone-airgap | 67 -------------------- setup/automation/standalone-cloud | 66 ------------------- setup/automation/standalone-iso | 66 ------------------- setup/automation/standalone-net | 66 ------------------- 24 files changed, 1606 deletions(-) delete mode 100644 setup/automation/distributed-airgap-manager delete mode 100644 setup/automation/distributed-airgap-search delete mode 100644 setup/automation/distributed-airgap-sensor delete mode 100644 setup/automation/distributed-cloud-manager delete mode 100644 setup/automation/distributed-cloud-search delete mode 100644 setup/automation/distributed-cloud-sensor delete mode 100644 setup/automation/distributed-iso-manager delete mode 100644 setup/automation/distributed-iso-search delete mode 100644 setup/automation/distributed-iso-sensor delete mode 100644 setup/automation/distributed-net-manager delete mode 100644 setup/automation/distributed-net-search delete mode 100644 setup/automation/distributed-net-sensor delete mode 100644 setup/automation/eval-airgap delete mode 100644 setup/automation/eval-cloud delete mode 100644 setup/automation/eval-iso delete mode 100644 setup/automation/eval-net delete mode 100644 setup/automation/import-airgap delete mode 100644 setup/automation/import-cloud delete mode 100644 setup/automation/import-iso delete mode 100644 setup/automation/import-net delete mode 100644 setup/automation/standalone-airgap delete mode 100644 setup/automation/standalone-cloud delete mode 100644 setup/automation/standalone-iso delete mode 100644 setup/automation/standalone-net diff --git a/setup/automation/distributed-airgap-manager b/setup/automation/distributed-airgap-manager deleted file mode 100644 index f9d2e7cdc..000000000 --- a/setup/automation/distributed-airgap-manager +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=Distributed-manager -install_type=MANAGER -INTERWEBS=AIRGAP -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-airgap-search b/setup/automation/distributed-airgap-search deleted file mode 100644 index 897014f3a..000000000 --- a/setup/automation/distributed-airgap-search +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -# ALLOW_CIDR=0.0.0.0/0 -# ALLOW_ROLE=a -# BASICZEEK=7 -# BASICSURI=7 -# BLOGS= -# BNICS=eth1 -# ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-search -install_type=SEARCHNODE -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -# MANAGERADV=BASIC -MANAGERUPDATES=1 -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -MSRV=distributed-manager -MSRVIP=10.66.166.52 -# MTU= -# NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -# REDIRECTHOST= -# REDIRECTINFO=IP -# RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -# STRELKA=1 -# THEHIVE=0 -# WAZUH=1 -# WEBUSER=onionuser@somewhere.invalid -# WEBPASSWD1=0n10nus3r -# WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-airgap-sensor b/setup/automation/distributed-airgap-sensor deleted file mode 100644 index 7f6565595..000000000 --- a/setup/automation/distributed-airgap-sensor +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -# ALLOW_CIDR=0.0.0.0/0 -# ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=Distributed-sensor -install_type=SENSOR -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -# MANAGERADV=BASIC -MANAGERUPDATES=1 -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -MSRV=distributed-manager -MSRVIP=10.66.166.52 -# MTU= -# NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -# NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -# REDIRECTHOST= -# REDIRECTINFO=IP -# RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -# STRELKA=1 -# THEHIVE=0 -# WAZUH=1 -# WEBUSER=onionuser@somewhere.invalid -# WEBPASSWD1=0n10nus3r -# WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-cloud-manager b/setup/automation/distributed-cloud-manager deleted file mode 100644 index baaf4a11c..000000000 --- a/setup/automation/distributed-cloud-manager +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-manager -install_type=MANAGER -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -REDIRECTHOST=$(cat /root/public_ip) -REDIRECTINFO=OTHER -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT=0 -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-cloud-search b/setup/automation/distributed-cloud-search deleted file mode 100644 index 42c6b5726..000000000 --- a/setup/automation/distributed-cloud-search +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -#ALLOW_CIDR=0.0.0.0/0 -#ALLOW_ROLE=a -#BASICZEEK=7 -#BASICSURI=7 -# BLOGS= -#BNICS=ens6 -#ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-search -install_type=SEARCHNODE -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -#MANAGERADV=BASIC -MANAGERUPDATES=1 -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -MSRV=distributed-manager -MSRVIP=10.99.1.20 -# MTU= -#NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -#OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -#PLAYBOOK=1 -# REDIRECTHOST= -#REDIRECTINFO=HOSTNAME -#RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT=0 -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -#STRELKA=1 -#THEHIVE=0 -#WAZUH=1 -# WEBUSER=onionuser@somewhere.invalid -# WEBPASSWD1=0n10nus3r -# WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-cloud-sensor b/setup/automation/distributed-cloud-sensor deleted file mode 100644 index bb7f8716f..000000000 --- a/setup/automation/distributed-cloud-sensor +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -#ALLOW_CIDR=0.0.0.0/0 -#ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-sensor -install_type=SENSOR -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -#MANAGERADV=BASIC -MANAGERUPDATES=1 -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -MSRV=distributed-manager -MSRVIP=10.99.1.20 -# MTU= -#NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -#NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -#OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -#PLAYBOOK=1 -# REDIRECTHOST= -#REDIRECTINFO=HOSTNAME -#RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT=0 -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -#STRELKA=1 -#THEHIVE=0 -#WAZUH=1 -# WEBUSER=onionuser@somewhere.invalid -# WEBPASSWD1=0n10nus3r -# WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-iso-manager b/setup/automation/distributed-iso-manager deleted file mode 100644 index c601d3283..000000000 --- a/setup/automation/distributed-iso-manager +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=7 -BASICSURI=7 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-manager -install_type=MANAGER -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-iso-search b/setup/automation/distributed-iso-search deleted file mode 100644 index 87165c053..000000000 --- a/setup/automation/distributed-iso-search +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -# ALLOW_CIDR=0.0.0.0/0 -# ALLOW_ROLE=a -# BASICZEEK=7 -# BASICSURI=7 -# BLOGS= -# BNICS=eth1 -# ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-search -install_type=SEARCHNODE -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -# MANAGERADV=BASIC -MANAGERUPDATES=1 -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -MSRV=distributed-manager -MSRVIP=10.66.166.42 -# MTU= -# NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=ADVANCED -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -# REDIRECTHOST= -# REDIRECTINFO=IP -# RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -# STRELKA=1 -# THEHIVE=0 -# WAZUH=1 -# WEBUSER=onionuser@somewhere.invalid -# WEBPASSWD1=0n10nus3r -# WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-iso-sensor b/setup/automation/distributed-iso-sensor deleted file mode 100644 index 6762488f7..000000000 --- a/setup/automation/distributed-iso-sensor +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -# ALLOW_CIDR=0.0.0.0/0 -# ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=Distributed-Sensor -install_type=SENSOR -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -# MANAGERADV=BASIC -MANAGERUPDATES=1 -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -MSRV=distributed-manager -MSRVIP=10.66.166.42 -MTU=1500 -# NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -# NODESETUP=NODEBASIC -NSMSETUP=ADVANCED -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -# REDIRECTHOST= -# REDIRECTINFO=IP -# RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -# STRELKA=1 -SURIPINS=(2 3) -# THEHIVE=0 -# WAZUH=1 -# WEBUSER=onionuser@somewhere.invalid -# WEBPASSWD1=0n10nus3r -# WEBPASSWD2=0n10nus3r -ZEEKPINS=(0 1) diff --git a/setup/automation/distributed-net-manager b/setup/automation/distributed-net-manager deleted file mode 100644 index fff5bdb39..000000000 --- a/setup/automation/distributed-net-manager +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=7 -BASICSURI=7 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=SURICATA -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-manager -install_type=MANAGER -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-net-search b/setup/automation/distributed-net-search deleted file mode 100644 index 8a3fb7784..000000000 --- a/setup/automation/distributed-net-search +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -# ALLOW_CIDR=0.0.0.0/0 -# ALLOW_ROLE=a -# BASICZEEK=7 -# BASICSURI=7 -# BLOGS= -# BNICS=eth1 -# ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-search -install_type=SEARCHNODE -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -# MANAGERADV=BASIC -MANAGERUPDATES=1 -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -MSRV=distributed-manager -MSRVIP=10.66.166.72 -# MTU= -# NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -# REDIRECTHOST= -# REDIRECTINFO=IP -# RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -# STRELKA=1 -# THEHIVE=0 -# WAZUH=1 -# WEBUSER=onionuser@somewhere.invalid -# WEBPASSWD1=0n10nus3r -# WEBPASSWD2=0n10nus3r diff --git a/setup/automation/distributed-net-sensor b/setup/automation/distributed-net-sensor deleted file mode 100644 index eb104f1a8..000000000 --- a/setup/automation/distributed-net-sensor +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -# ALLOW_CIDR=0.0.0.0/0 -# ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=SURICATA -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=distributed-sensor -install_type=SENSOR -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -# MANAGERADV=BASIC -MANAGERUPDATES=1 -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -MSRV=distributed-manager -MSRVIP=10.66.166.72 -# MTU= -# NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -# NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -# REDIRECTHOST= -# REDIRECTINFO=IP -# RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -# STRELKA=1 -# THEHIVE=0 -# WAZUH=1 -# WEBUSER=onionuser@somewhere.invalid -# WEBPASSWD1=0n10nus3r -# WEBPASSWD2=0n10nus3r diff --git a/setup/automation/eval-airgap b/setup/automation/eval-airgap deleted file mode 100644 index 45235ccda..000000000 --- a/setup/automation/eval-airgap +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=eval -install_type=EVAL -INTERWEBS=AIRGAP -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/eval-cloud b/setup/automation/eval-cloud deleted file mode 100644 index 8a18cb78c..000000000 --- a/setup/automation/eval-cloud +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=eval -install_type=EVAL -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -REDIRECTHOST=$(cat /root/public_ip) -REDIRECTINFO=OTHER -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/eval-iso b/setup/automation/eval-iso deleted file mode 100644 index a0bddf54f..000000000 --- a/setup/automation/eval-iso +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=eval -install_type=EVAL -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/eval-net b/setup/automation/eval-net deleted file mode 100644 index 9ecab5ee0..000000000 --- a/setup/automation/eval-net +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -# address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=eval -install_type=EVAL -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/import-airgap b/setup/automation/import-airgap deleted file mode 100644 index 1e3fdb70a..000000000 --- a/setup/automation/import-airgap +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=import -install_type=IMPORT -INTERWEBS=AIRGAP -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -# SOREMOTEPASS1=onionuser -# SOREMOTEPASS2=onionuser -STRELKA=1 -# THEHIVE=0 -# WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/import-cloud b/setup/automation/import-cloud deleted file mode 100644 index e12b00863..000000000 --- a/setup/automation/import-cloud +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=import -install_type=IMPORT -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -REDIRECTHOST=$(cat /root/public_ip) -REDIRECTINFO=OTHER -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -# SOREMOTEPASS1=onionuser -# SOREMOTEPASS2=onionuser -STRELKA=1 -# THEHIVE=0 -# WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/import-iso b/setup/automation/import-iso deleted file mode 100644 index ad111cff6..000000000 --- a/setup/automation/import-iso +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=import -install_type=IMPORT -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -# SOREMOTEPASS1=onionuser -# SOREMOTEPASS2=onionuser -STRELKA=1 -# THEHIVE=0 -# WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/import-net b/setup/automation/import-net deleted file mode 100644 index e58a3961a..000000000 --- a/setup/automation/import-net +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -# address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -#BNICS=eth1 -ZEEKVERSION=SURICATA -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=import -install_type=IMPORT -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -# OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -# PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -# SOREMOTEPASS1=onionuser -# SOREMOTEPASS2=onionuser -STRELKA=1 -# THEHIVE=0 -# WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/standalone-airgap b/setup/automation/standalone-airgap deleted file mode 100644 index 2c0a5af0f..000000000 --- a/setup/automation/standalone-airgap +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=standalone -install_type=STANDALONE -INTERWEBS=AIRGAP -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/standalone-cloud b/setup/automation/standalone-cloud deleted file mode 100644 index 01b3120fb..000000000 --- a/setup/automation/standalone-cloud +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=standalone -install_type=STANDALONE -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -REDIRECTHOST=$(cat /root/public_ip) -REDIRECTINFO=OTHER -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/standalone-iso b/setup/automation/standalone-iso deleted file mode 100644 index ea0f7ddb5..000000000 --- a/setup/automation/standalone-iso +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=ZEEK -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=standalone -install_type=STANDALONE -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r diff --git a/setup/automation/standalone-net b/setup/automation/standalone-net deleted file mode 100644 index 23019f788..000000000 --- a/setup/automation/standalone-net +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -TESTING=true - -# address_type=DHCP -ADMINUSER=onionuser -ADMINPASS1=onionuser -ADMINPASS2=onionuser -ALLOW_CIDR=0.0.0.0/0 -ALLOW_ROLE=a -BASICZEEK=2 -BASICSURI=2 -# BLOGS= -BNICS=eth1 -ZEEKVERSION=SURICATA -# CURCLOSEDAYS= -# EVALADVANCED=BASIC -# HELIXAPIKEY= -HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 -HNSENSOR=inherit -HOSTNAME=standalone -install_type=STANDALONE -# LSINPUTBATCHCOUNT= -# LSINPUTTHREADS= -# LSPIPELINEBATCH= -# LSPIPELINEWORKERS= -MANAGERADV=BASIC -# MDNS= -# MGATEWAY= -# MIP= -# MMASK= -MNIC=eth0 -# MSEARCH= -# MSRV= -# MTU= -NIDS=Suricata -# NODE_ES_HEAP_SIZE= -# NODE_LS_HEAP_SIZE= -NODESETUP=NODEBASIC -NSMSETUP=BASIC -NODEUPDATES=MANAGER -# OINKCODE= -OSQUERY=1 -# PATCHSCHEDULEDAYS= -# PATCHSCHEDULEHOURS= -PATCHSCHEDULENAME=auto -PLAYBOOK=1 -# REDIRECTHOST= -REDIRECTINFO=IP -RULESETUP=ETOPEN -# SHARDCOUNT= -# SKIP_REBOOT= -SOREMOTEPASS1=onionuser -SOREMOTEPASS2=onionuser -STRELKA=1 -THEHIVE=0 -WAZUH=1 -WEBUSER=onionuser@somewhere.invalid -WEBPASSWD1=0n10nus3r -WEBPASSWD2=0n10nus3r From 8f20e2bcb975bf8c8f4655f25b13eda38297a471 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 28 Feb 2023 14:29:22 -0500 Subject: [PATCH 03/43] refactor automated testing inputs due to streamlined setup process --- setup/so-setup | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 8a295afcd..b7b178c08 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -180,14 +180,14 @@ if [ -n "$test_profile" ]; then # The below settings are hardcoded purely for automated testing purposes. TESTING=true MSRV=manager - if [ "$test_profile" =~ *"-net" ]; then + if [[ "$test_profile" =~ "-net" ]]; then address_type=DHCP MSRVIP=10.66.166.72 - elif [ "$test_profile" =~ *"-cloud" ]; then + elif [[ "$test_profile" =~ "-cloud" ]]; then MSRVIP=10.99.1.20 - elif [ "$test_profile" =~ *"-iso" ]; then + elif [[ "$test_profile" =~ "-iso" ]]; then MSRVIP=10.66.166.42 - elif [ "$test_profile" =~ *"-airgap" ]; then + elif [[ "$test_profile" =~ "-airgap" ]]; then MSRVIP=10.66.166.52 fi if [ -f "/root/public_ip" ]; then From d456f681f18f16fed105af6a7c47fc6c999eebcb Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 28 Feb 2023 14:45:21 -0500 Subject: [PATCH 04/43] refactor automated testing inputs due to streamlined setup process --- setup/so-functions | 4 ++-- setup/so-setup | 26 ++++++++++++++++---------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index ef9174e74..d044bf326 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -17,11 +17,11 @@ log() { } error() { - log "$1" "E" + log "$1" "ERROR" } info() { - log "$1" "I" + log "$1" "INFO" } title() { diff --git a/setup/so-setup b/setup/so-setup index b7b178c08..7cbc876b0 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -175,20 +175,27 @@ progress() { if [ -n "$test_profile" ]; then install_type="$(echo $test_profile |awk -F- '{print $1}')" - info "Activating test profile: $test_profile" + info "Activating test profile; profile=$test_profile; install_type=$install_type" # The below settings are hardcoded purely for automated testing purposes. TESTING=true - MSRV=manager + if [[ "$test_profile" =~ "-sensor-" || "$test_profile" =~ "-search-" ]]; then + HOSTNAME=$test_profile + MSRV=manager + if [[ "$test_profile" =~ "-net" ]]; then + MSRVIP=10.66.166.72 + elif [[ "$test_profile" =~ "-cloud" ]]; then + MSRVIP=10.99.1.20 + elif [[ "$test_profile" =~ "-iso" ]]; then + MSRVIP=10.66.166.42 + elif [[ "$test_profile" =~ "-airgap" ]]; then + MSRVIP=10.66.166.52 + fi + else + HOSTNAME=manager + fi if [[ "$test_profile" =~ "-net" ]]; then address_type=DHCP - MSRVIP=10.66.166.72 - elif [[ "$test_profile" =~ "-cloud" ]]; then - MSRVIP=10.99.1.20 - elif [[ "$test_profile" =~ "-iso" ]]; then - MSRVIP=10.66.166.42 - elif [[ "$test_profile" =~ "-airgap" ]]; then - MSRVIP=10.66.166.52 fi if [ -f "/root/public_ip" ]; then REDIRECTHOST=$(cat /root/public_ip) @@ -199,7 +206,6 @@ if [ -n "$test_profile" ]; then ALLOW_CIDR=0.0.0.0/0 MNIC=eth0 BNICS=eth1 - HOSTNAME=$install_type WEBUSER=onionuser@somewhere.invalid WEBPASSWD1=0n10nus3r WEBPASSWD2=0n10nus3r From 749c299ed2c0a70d629310c409abaaf2f78b2bb4 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 28 Feb 2023 15:34:09 -0500 Subject: [PATCH 05/43] refactor automated testing inputs due to streamlined setup process --- setup/so-setup | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 7cbc876b0..69cbfbee1 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -175,34 +175,38 @@ progress() { if [ -n "$test_profile" ]; then install_type="$(echo $test_profile |awk -F- '{print $1}')" + install_type=${install_type^^} info "Activating test profile; profile=$test_profile; install_type=$install_type" # The below settings are hardcoded purely for automated testing purposes. TESTING=true + if [[ "$test_profile" =~ "-sensor-" || "$test_profile" =~ "-search-" ]]; then HOSTNAME=$test_profile - MSRV=manager - if [[ "$test_profile" =~ "-net" ]]; then - MSRVIP=10.66.166.72 - elif [[ "$test_profile" =~ "-cloud" ]]; then - MSRVIP=10.99.1.20 - elif [[ "$test_profile" =~ "-iso" ]]; then - MSRVIP=10.66.166.42 - elif [[ "$test_profile" =~ "-airgap" ]]; then - MSRVIP=10.66.166.52 - fi else HOSTNAME=manager fi + + MSRV=manager if [[ "$test_profile" =~ "-net" ]]; then address_type=DHCP + MSRVIP=10.66.166.72 + elif [[ "$test_profile" =~ "-cloud" ]]; then + MSRVIP=10.99.1.20 + elif [[ "$test_profile" =~ "-iso" ]]; then + MSRVIP=10.66.166.42 + elif [[ "$test_profile" =~ "-airgap" ]]; then + is_airgap=true + MSRVIP=10.66.166.52 fi + if [ -f "/root/public_ip" ]; then REDIRECTHOST=$(cat /root/public_ip) REDIRECTINFO=OTHER else REDIRECTINFO=IP fi + ALLOW_CIDR=0.0.0.0/0 MNIC=eth0 BNICS=eth1 From 205e3440342dbd4e119b70b53bfaf9eef50d8482 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 28 Feb 2023 15:40:08 -0500 Subject: [PATCH 06/43] dynamically choose test NICs in alphanumeric sort order --- setup/so-setup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 69cbfbee1..9f386c4a6 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -208,8 +208,8 @@ if [ -n "$test_profile" ]; then fi ALLOW_CIDR=0.0.0.0/0 - MNIC=eth0 - BNICS=eth1 + MNIC=$(ls -1 /sys/class/net | head -1) + BNICS=$(ls -1 /sys/class/net | head -2 | tail -1) WEBUSER=onionuser@somewhere.invalid WEBPASSWD1=0n10nus3r WEBPASSWD2=0n10nus3r From 13182fcda2f6792f79b61b3cf5a32d81b3e9557a Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 28 Feb 2023 16:31:17 -0500 Subject: [PATCH 07/43] refactor automated testing inputs due to streamlined setup process --- setup/so-setup | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 9f386c4a6..440965ca1 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -181,8 +181,10 @@ if [ -n "$test_profile" ]; then # The below settings are hardcoded purely for automated testing purposes. TESTING=true - if [[ "$test_profile" =~ "-sensor-" || "$test_profile" =~ "-search-" ]]; then - HOSTNAME=$test_profile + if [[ "$test_profile" =~ "-sensor-" ]]; then + HOSTNAME=sensor + elif [[ "$test_profile" =~ "-search-" ]]; then + HOSTNAME=search else HOSTNAME=manager fi From fd2068be8867516fe0a642732f0bac57575ef663 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 2 Mar 2023 15:23:53 -0500 Subject: [PATCH 08/43] Switch back to kilo images --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 197c4d5c2..7f2e97617 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.0 +2.4.0-kilo From 194565936956601c1920204d23af9f97926d7ba9 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 6 Mar 2023 15:59:08 -0500 Subject: [PATCH 09/43] Error is too common, found even in dashboard titles --- setup/so-verify | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-verify b/setup/so-verify index 8c68852be..20aedb890 100755 --- a/setup/so-verify +++ b/setup/so-verify @@ -32,7 +32,7 @@ log_has_errors() { # Ignore Failed: 0 since that is the salt state output, and we detect state failures # via Result: False already. - grep -E "FAILED|Failed|failed|ERROR|Error|Result: False" "$setup_log" | \ + grep -E "FAILED|Failed|failed|ERROR|Result: False" "$setup_log" | \ grep -vE "The Salt Master has cached the public key for this node" | \ grep -vE "Minion failed to authenticate with the master" | \ grep -vE "Failed to connect to ::1" | \ From f77068f73f29dbecf4f5264c47dbd9559f9896ac Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 6 Mar 2023 18:37:37 -0500 Subject: [PATCH 10/43] setup and so-verify/so-status interop --- salt/common/tools/sbin/so-status | 17 ++++++++++++++--- setup/so-functions | 4 ++++ setup/so-verify | 19 ++++++++++++++----- 3 files changed, 32 insertions(+), 8 deletions(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index da20fcacd..ec0ce94b1 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -24,11 +24,13 @@ def showUsage(options, args): print(' -h - Prints this usage information') print(' -q - Suppress output; useful for automation of exit code value') print(' -j - Output in JSON format') + print(' -i - Consider the installation outcome regardless of whether the system appears healthy') print('') print(' Exit codes:') print(' 0 - Success, system appears to be running correctly') print(' 1 - Error, one or more subsystems are not running') print(' 2 - System is starting') + print(' 3 - System installation encountered errors') print(' 99 - Installation in progress') sys.exit(1) @@ -38,6 +40,12 @@ def fail(msg): sys.exit(1) +def check_installation_status(options, console): + if "-i" in options and os.path.isfile('/root/failure'): + return 3 + return 0 + + def check_system_status(options, console): code = 0 highstate_end_time = 0 @@ -64,6 +72,8 @@ def output(options, console, code, data): elif "-q" not in options: if code == 2: console.print(" [bold yellow]:hourglass: [bold white]System appears to be starting. No highstate has completed since the system was restarted.") + if code == 3: + console.print(" [bold red]:exclamation: [bold white]Installation encountered errors.") elif code == 99: console.print(" [bold red]:exclamation: [bold white]Installation does not appear to be complete. A highstate has not fully completed.") else: @@ -137,7 +147,9 @@ def check_container_status(options, console): def check_status(options, console): container_list = [] - code = check_system_status(options, console) + code = check_installation_status(options, console) + if code == 0: + code = check_system_status(options, console) if code == 0: code, container_list = check_container_status(options, console) output(options, console, code, container_list) @@ -150,9 +162,8 @@ def main(): for option in args: if option.startswith("-"): options.append(option) - args.remove(option) - if len(args) != 0 or "-h" in options: + if "-h" in options or "--help" in options or "-?" in options: showUsage(options, None) if os.environ["USER"] != "root": diff --git a/setup/so-functions b/setup/so-functions index ede539a6c..0ca635872 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1774,6 +1774,10 @@ reinstall_init() { local service_retry_count=20 + # Disregard previous install outcomes + rm -f /root/failure + rm -f /root/success + { # remove all of root's cronjobs logCmd "crontab -r -u root" diff --git a/setup/so-verify b/setup/so-verify index 20aedb890..2ccc76b09 100755 --- a/setup/so-verify +++ b/setup/so-verify @@ -81,18 +81,27 @@ status_failed() { main() { exit_code=0 - if log_has_errors; then - echo "WARNING: Errors detected during setup" + if [ -f /root/success ]; then + echo "Successfully completed setup a while ago" + elif [ -f /root/failure ]; then + echo "WARNING: Failed setup a while ago" exit_code=1 + elif log_has_errors; then + echo "WARNING: Errors detected during setup" + exit_code=1 + touch /root/failure elif using_iso && cron_error_in_mail_spool; then - echo "WARNING: Unexpected cron job output in mail spool" + echo "WARNING: Unexpected cron job output in mail spool" exit_code=1 + touch /root/failure elif is_manager_node && status_failed; then echo "WARNING: Containers are not in a healthy state" exit_code=1 + touch /root/failure else - echo "Successfully completed setup!" - fi + echo "Successfully completed setup!" + touch /root/success + fi exit $exit_code } From b641dc37b6a133f1c965d3168f9ee49f1b8a5a77 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 6 Mar 2023 18:56:04 -0500 Subject: [PATCH 11/43] use high error code to flag an unrecoverable error --- salt/common/tools/sbin/so-status | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index ec0ce94b1..8b8dcb6ba 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -30,8 +30,8 @@ def showUsage(options, args): print(' 0 - Success, system appears to be running correctly') print(' 1 - Error, one or more subsystems are not running') print(' 2 - System is starting') - print(' 3 - System installation encountered errors') print(' 99 - Installation in progress') + print(' 100 - System installation encountered errors') sys.exit(1) @@ -42,7 +42,7 @@ def fail(msg): def check_installation_status(options, console): if "-i" in options and os.path.isfile('/root/failure'): - return 3 + return 100 return 0 @@ -72,10 +72,10 @@ def output(options, console, code, data): elif "-q" not in options: if code == 2: console.print(" [bold yellow]:hourglass: [bold white]System appears to be starting. No highstate has completed since the system was restarted.") - if code == 3: - console.print(" [bold red]:exclamation: [bold white]Installation encountered errors.") elif code == 99: console.print(" [bold red]:exclamation: [bold white]Installation does not appear to be complete. A highstate has not fully completed.") + elif code == 100: + console.print(" [bold red]:exclamation: [bold white]Installation encountered errors.") else: table = Table(title = "Security Onion Status", show_edge = False, safe_box = True, box = box.MINIMAL) table.add_column("Container", justify="right", style="white", no_wrap=True) From 66bb82950539c4585e6968df6d806b259a2a51ad Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 6 Mar 2023 22:18:08 -0500 Subject: [PATCH 12/43] if -i, either success or failure must be present --- salt/common/tools/sbin/so-status | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 8b8dcb6ba..f604f892d 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -41,8 +41,12 @@ def fail(msg): def check_installation_status(options, console): - if "-i" in options and os.path.isfile('/root/failure'): - return 100 + if "-i" in options: + if os.path.isfile('/root/failure'): + return 100 + if os.path.isfile('/root/success'): + return 0 + return 99 return 0 From 4f3cb2eb3dc7965a4a3feaf58d3e4f64236f4312 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 7 Mar 2023 14:42:10 -0500 Subject: [PATCH 13/43] Clarify playbook load time log message --- salt/common/tools/sbin/so-playbook-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-playbook-reset b/salt/common/tools/sbin/so-playbook-reset index d58078997..f7101ed5f 100755 --- a/salt/common/tools/sbin/so-playbook-reset +++ b/salt/common/tools/sbin/so-playbook-reset @@ -17,6 +17,6 @@ salt-call state.apply playbook,playbook.automation_user_create /usr/sbin/so-soctopus-restart -echo "Importing Plays - this will take some time...." +echo "Importing Plays - NOTE: this will continue after installation finishes and could take an hour or more. Rebooting while the import is in progress will delay playbook imports." sleep 5 so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 & From b9e3024521adfe7bb67fa984d82f28d4db42dd06 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Mar 2023 15:10:31 -0500 Subject: [PATCH 14/43] fix user sync issue after setup finishes --- salt/common/tools/sbin/so-user | 18 ------------------ setup/so-functions | 2 -- 2 files changed, 20 deletions(-) diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user index 4ad3983b4..aaa43cd9e 100755 --- a/salt/common/tools/sbin/so-user +++ b/salt/common/tools/sbin/so-user @@ -496,19 +496,6 @@ EOF fi } -function migrateLockedUsers() { - # This is a migration function to convert locked users from prior to 2.3.90 - # to inactive users using the newer Kratos functionality. This should only - # find locked users once. - lockedEmails=$(curl -s ${kratosUrl}/identities | jq -r '.[] | select(.traits.status == "locked") | .traits.email') - if [[ -n "$lockedEmails" ]]; then - echo "Disabling locked users..." - for email in $lockedEmails; do - updateStatus "$email" locked - done - fi -} - function updateStatus() { email=$1 status=$2 @@ -703,11 +690,6 @@ case "${operation}" in echo "Password is acceptable" ;; - "migrate") - migrateLockedUsers - echo "User migration complete" - ;; - *) fail "Unsupported operation: $operation" usage diff --git a/setup/so-functions b/setup/so-functions index 0ca635872..e006bac34 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -68,9 +68,7 @@ add_web_user() { wait_for_file /nsm/kratos/db/db.sqlite 30 5 { info "Attempting to add administrator user for web interface..."; - export SKIP_STATE_APPLY=true echo "$WEBPASSWD1" | /usr/sbin/so-user add --email "$WEBUSER" --role "superuser"; - unset SKIP_STATE_APPLY info "Add user result: $?"; } >> "/root/so-user-add.log" 2>&1 } From b6ce9f489ac79393e1c02c31adbb4a27dd8de6e0 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Mar 2023 11:02:01 -0500 Subject: [PATCH 15/43] autodetect manager IP --- setup/so-functions | 9 +++++++++ setup/so-setup | 5 ++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index e006bac34..26a97583f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1606,6 +1606,15 @@ networking_needful() { fi set_main_ip compare_main_nic_ip + + # Attempt to autodetect the manager IP, if an offset value exists + if [[ -n "$MSRVIP_OFFSET" && -z "$MSRVIP" ]]; then + mips1=$(echo "$MNIC_IP" | awk -F. '{print $1}') + mips2=$(echo "$MNIC_IP" | awk -F. '{print $2}') + mips3=$(echo "$MNIC_IP" | awk -F. '{print $3}') + mips4=$(echo "$MNIC_IP" | awk -F. '{print $4}') + MSRVIP="$mips1.$mips2.$mips3.$((mips4+$MSRVIP_OFFSET))" + fi } network_setup() { diff --git a/setup/so-setup b/setup/so-setup index 1bee9e617..f430efb4b 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -183,8 +183,10 @@ if [ -n "$test_profile" ]; then if [[ "$test_profile" =~ "-sensor-" ]]; then HOSTNAME=sensor + MSRVIP_OFFSET=-2 elif [[ "$test_profile" =~ "-search-" ]]; then HOSTNAME=search + MSRVIP_OFFSET=-1 else HOSTNAME=manager fi @@ -192,14 +194,11 @@ if [ -n "$test_profile" ]; then MSRV=manager if [[ "$test_profile" =~ "-net" ]]; then address_type=DHCP - MSRVIP=10.66.166.72 elif [[ "$test_profile" =~ "-cloud" ]]; then MSRVIP=10.99.1.20 elif [[ "$test_profile" =~ "-iso" ]]; then - MSRVIP=10.66.166.42 elif [[ "$test_profile" =~ "-airgap" ]]; then is_airgap=true - MSRVIP=10.66.166.52 fi if [ -f "/root/public_ip" ]; then From a4409b2979eca8331bd67c0c72329704e41ea80d Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Mar 2023 11:47:35 -0500 Subject: [PATCH 16/43] autodetect manager IP --- setup/so-setup | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index f430efb4b..5555cd8f9 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -181,10 +181,10 @@ if [ -n "$test_profile" ]; then # The below settings are hardcoded purely for automated testing purposes. TESTING=true - if [[ "$test_profile" =~ "-sensor-" ]]; then + if [[ "$test_profile" =~ "-sensor" ]]; then HOSTNAME=sensor MSRVIP_OFFSET=-2 - elif [[ "$test_profile" =~ "-search-" ]]; then + elif [[ "$test_profile" =~ "-search" ]]; then HOSTNAME=search MSRVIP_OFFSET=-1 else @@ -196,7 +196,6 @@ if [ -n "$test_profile" ]; then address_type=DHCP elif [[ "$test_profile" =~ "-cloud" ]]; then MSRVIP=10.99.1.20 - elif [[ "$test_profile" =~ "-iso" ]]; then elif [[ "$test_profile" =~ "-airgap" ]]; then is_airgap=true fi From b1f201ca87ad4a3025f6c8fbbcc73b2813ac1483 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Mar 2023 12:05:42 -0500 Subject: [PATCH 17/43] autodetect manager IP --- setup/so-setup | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 5555cd8f9..d45d7ca2d 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -175,7 +175,11 @@ progress() { if [ -n "$test_profile" ]; then install_type="$(echo $test_profile |awk -F- '{print $1}')" - install_type=${install_type^^} + if [[ install_type == "distributed" ]]; then + install_type=MANAGER + else + install_type=${install_type^^} + fi info "Activating test profile; profile=$test_profile; install_type=$install_type" # The below settings are hardcoded purely for automated testing purposes. From ecc300197dffca0c22bd833df79625eb9e675acf Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Mar 2023 12:11:27 -0500 Subject: [PATCH 18/43] autodetect manager IP --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index d45d7ca2d..49b549e65 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -175,7 +175,7 @@ progress() { if [ -n "$test_profile" ]; then install_type="$(echo $test_profile |awk -F- '{print $1}')" - if [[ install_type == "distributed" ]]; then + if [[ "$install_type" == "distributed" ]]; then install_type=MANAGER else install_type=${install_type^^} From 894a20b3adc1f16ad6d693399aa5e422be5ca1a2 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Mar 2023 12:58:51 -0500 Subject: [PATCH 19/43] autodetect manager IP --- setup/so-setup | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 49b549e65..a1a1c6d76 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -180,21 +180,24 @@ if [ -n "$test_profile" ]; then else install_type=${install_type^^} fi - info "Activating test profile; profile=$test_profile; install_type=$install_type" # The below settings are hardcoded purely for automated testing purposes. TESTING=true if [[ "$test_profile" =~ "-sensor" ]]; then + install_type=SENSOR HOSTNAME=sensor MSRVIP_OFFSET=-2 elif [[ "$test_profile" =~ "-search" ]]; then + install_type=SEARCH HOSTNAME=search MSRVIP_OFFSET=-1 else HOSTNAME=manager fi + info "Activating test profile; profile=$test_profile; install_type=$install_type" + MSRV=manager if [[ "$test_profile" =~ "-net" ]]; then address_type=DHCP From 23b344bf147cef4fb8473d0cd5e81f60373c3a2f Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Mar 2023 15:04:42 -0500 Subject: [PATCH 20/43] distributed testing --- setup/so-functions | 3 +++ setup/so-setup | 5 +++-- setup/so-verify | 15 +++++++++++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 26a97583f..e13457612 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2303,6 +2303,9 @@ set_initial_firewall_access() { if [[ ! -z "$ALLOW_CIDR" ]]; then $default_salt_dir/salt/common/tools/sbin/so-firewall --role=analyst --ip=$ALLOW_CIDR --apply=true fi + if [[ ! -z "$MINION_CIDR" ]]; then + $default_salt_dir/salt/common/tools/sbin/so-firewall --role=sensors --ip=$MINION_CIDR --apply=true + fi } # Set up the management interface on the ISO diff --git a/setup/so-setup b/setup/so-setup index a1a1c6d76..cff432c13 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -189,7 +189,7 @@ if [ -n "$test_profile" ]; then HOSTNAME=sensor MSRVIP_OFFSET=-2 elif [[ "$test_profile" =~ "-search" ]]; then - install_type=SEARCH + install_type=SEARCHNODE HOSTNAME=search MSRVIP_OFFSET=-1 else @@ -198,6 +198,7 @@ if [ -n "$test_profile" ]; then info "Activating test profile; profile=$test_profile; install_type=$install_type" + MINION_CIDR=10.0.0.0/8 MSRV=manager if [[ "$test_profile" =~ "-net" ]]; then address_type=DHCP @@ -473,7 +474,7 @@ if ! [[ -f $install_opt_file ]]; then add_mngr_ip_to_hosts check_manager_connection collect_idh_services - collect_idh_preferences + collect_idh_preferences set_minion_info whiptail_end_settings diff --git a/setup/so-verify b/setup/so-verify index 2ccc76b09..20acf1c09 100755 --- a/setup/so-verify +++ b/setup/so-verify @@ -79,6 +79,19 @@ status_failed() { return 1 } +create_temp_so_status_if_missing() { + if ! which so-status &> /dev/null; then + if [ -f /root/success ]; then + echo "echo 'Minion installation succeeded - so-status not yet available'" > /usr/sbin/so-status + echo "exit 0" >> /usr/sbin/so-status + else + echo "echo 'Installation failed - so-status not available'" > /usr/sbin/so-status + echo "exit 100" >> /usr/sbin/so-status + fi + chmod a+x /usr/sbin/so-status + fi +} + main() { exit_code=0 if [ -f /root/success ]; then @@ -103,6 +116,8 @@ main() { touch /root/success fi + create_temp_so_status_if_missing + exit $exit_code } From 0ee870a19950b7d12e6f23aead7a5527974b71f3 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Mar 2023 15:40:51 -0500 Subject: [PATCH 21/43] cleanup unnecessary code --- setup/so-functions | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index e13457612..b3c0b6126 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2289,14 +2289,11 @@ set_initial_firewall_policy() { title "Setting Initial Firewall Policy" if [ -f $default_salt_dir/salt/common/tools/sbin/so-firewall ]; then chmod +x $default_salt_dir/salt/common/tools/sbin/so-firewall; fi - case "$install_type" in - 'MANAGER') - $default_salt_dir/salt/common/tools/sbin/so-firewall --role=manager --ip=$MAINIP --apply=true - ;; - 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') - $default_salt_dir/salt/common/tools/sbin/so-firewall --role=$install_type --ip=$MAINIP --apply=true - ;; - esac + case "$install_type" in + 'EVAL' | 'MANAGER' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') + $default_salt_dir/salt/common/tools/sbin/so-firewall --role=$install_type --ip=$MAINIP --apply=true + ;; + esac } set_initial_firewall_access() { From ed8a23cedc535dd3f8b4dbf7ea57b0332cd24ac6 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Mar 2023 17:01:38 -0500 Subject: [PATCH 22/43] distributed testing --- setup/so-verify | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/setup/so-verify b/setup/so-verify index 20acf1c09..7e06cef86 100755 --- a/setup/so-verify +++ b/setup/so-verify @@ -79,11 +79,17 @@ status_failed() { return 1 } -create_temp_so_status_if_missing() { - if ! which so-status &> /dev/null; then +# Creates scripts that are going to be invoked by the automated test system. These scripts will +# overwritten by Salt, once the minion is accepted into the grid and the salt states run. +create_temp_scripts_if_missing() { + if [ ! -f /usr/sbin/so-status ]; then if [ -f /root/success ]; then - echo "echo 'Minion installation succeeded - so-status not yet available'" > /usr/sbin/so-status + echo "echo 'so-status not yet available'" > /usr/sbin/so-status echo "exit 0" >> /usr/sbin/so-status + + # Pretend so-test succeeded in the interim period while waiting for this minion to be accepted. This avoids tests getting hung up. + echo "echo 'so-test not yet available'" > /usr/sbin/so-test + echo "exit 0" >> /usr/sbin/so-test else echo "echo 'Installation failed - so-status not available'" > /usr/sbin/so-status echo "exit 100" >> /usr/sbin/so-status @@ -116,7 +122,7 @@ main() { touch /root/success fi - create_temp_so_status_if_missing + create_temp_scripts_if_missing exit $exit_code } From 5301f442f948b0f71b2f3669f9bbd73a159d01f8 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Mar 2023 19:31:04 -0500 Subject: [PATCH 23/43] distributed testing --- setup/so-verify | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-verify b/setup/so-verify index 7e06cef86..84f02e43c 100755 --- a/setup/so-verify +++ b/setup/so-verify @@ -90,6 +90,7 @@ create_temp_scripts_if_missing() { # Pretend so-test succeeded in the interim period while waiting for this minion to be accepted. This avoids tests getting hung up. echo "echo 'so-test not yet available'" > /usr/sbin/so-test echo "exit 0" >> /usr/sbin/so-test + chmod a+x /usr/sbin/so-test else echo "echo 'Installation failed - so-status not available'" > /usr/sbin/so-status echo "exit 100" >> /usr/sbin/so-status From fbefe229c1df363de269f387610c438c5067d614 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 15 Mar 2023 15:27:26 -0400 Subject: [PATCH 24/43] add test support to so-minion --- salt/common/tools/sbin/so-minion | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/salt/common/tools/sbin/so-minion b/salt/common/tools/sbin/so-minion index 03f26c556..b565f5a31 100755 --- a/salt/common/tools/sbin/so-minion +++ b/salt/common/tools/sbin/so-minion @@ -23,6 +23,7 @@ if [[ $# -lt 1 ]]; then echo " accept: Accepts a new key and adds the minion files" echo " delete: Removes the key and deletes the minion files" echo " reject: Rejects a key" + echo " test: Ingest test data" echo "" exit 1 fi @@ -75,6 +76,22 @@ function getinstallinfo() { source <(echo $INSTALLVARS) } +function testminion() { + # Always run on the host, since this is going to be the manager of a distributed grid, or an eval/standalone. + # Distributed managers must run this in order for the sensor nodes to have access to the so-tcpreplay image. + so-test + result=$? + + # If this so-minion script is not running on the given minion ID, run so-test remotely on the sensor as well + local_id=$(lookup_grain id) + if [[ ! "$local_id" =~ "${MINION_ID}_" ]]; then + salt "$MINION_ID" cmd.run 'so-test' + result=$? + fi + + exit $result +} + function listminions() { salt-key list -F --out=json exit $? @@ -277,3 +294,7 @@ if [[ "$OPERATION" = 'add' || "$OPERATION" = 'setup' ]]; then create$NODETYPE echo "Minion file created for $MINION_ID" fi + +if [[ "$OPERATION" = 'test' ]]; then + testminion +fi \ No newline at end of file From 0d30c14561874e2cead1aced9eb24684576d42bf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Mar 2023 16:33:33 -0400 Subject: [PATCH 25/43] Re-Work IDSTOOLS --- salt/idh/init.sls | 2 ++ salt/idstools/defaults.yaml | 5 +++++ salt/idstools/etc/rulecat.conf | 39 ++++++++++++++++------------------ 3 files changed, 25 insertions(+), 21 deletions(-) create mode 100644 salt/idstools/defaults.yaml diff --git a/salt/idh/init.sls b/salt/idh/init.sls index 2cf22c358..d1ba5ce33 100644 --- a/salt/idh/init.sls +++ b/salt/idh/init.sls @@ -74,6 +74,8 @@ so-idh: - file: opencanary_config - require: - file: opencanary_config + - extra_hosts: + - {{ GLOBALS.manager }}:{{ GLOBALS.manager_ip }} append_so-idh_so-status.conf: file.append: diff --git a/salt/idstools/defaults.yaml b/salt/idstools/defaults.yaml new file mode 100644 index 000000000..f9f4da55c --- /dev/null +++ b/salt/idstools/defaults.yaml @@ -0,0 +1,5 @@ +idstools: + config: + urls: [] + ruleset: ETOPEN + oinkcode: \ No newline at end of file diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf index 2b1a8cae1..771b87ff8 100644 --- a/salt/idstools/etc/rulecat.conf +++ b/salt/idstools/etc/rulecat.conf @@ -1,17 +1,14 @@ -{%- set URLS = salt['pillar.get']('idstools:config:urls') -%} -{%- set RULESET = salt['pillar.get']('idstools:config:ruleset') -%} -{%- set OINKCODE = salt['pillar.get']('idstools:config:oinkcode', '' ) -%} -{%- set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') -%} -{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') -%} -{%- set ENGINE = salt['pillar.get']('global:mdengine', '') %} -{%- if ISAIRGAP is sameas true -%} +{%- from 'vars/globals.map.jinja' import GLOBALS %} +{%- import_yaml 'idstools/defaults.yaml' as IDSTOOLSDEFAULTS %} +{%- set IDSTOOLSMERGED = salt['pillar.get']('idstools:config', IDSTOOLSDEFAULTS.config, merge=True) %} +{%- if GLOBALS.airgap is sameas true -%} --merged=/opt/so/rules/nids/all.rules --local=/opt/so/rules/nids/local.rules -{%- if ENGINE == "SURICATA" %} +{%- if GLOBAL.md_engine == "SURICATA" %} --local=/opt/so/rules/nids/sorules/extraction.rules --local=/opt/so/rules/nids/sorules/filters.rules -{%- endif %} ---url=http://{{ MANAGERIP }}:7788/rules/emerging-all.rules +{%- endif %} +--url=http://{{ GLOBALS.manager }}:7788/rules/emerging-all.rules --disable=/opt/so/idstools/etc/disable.conf --enable=/opt/so/idstools/etc/enable.conf --modify=/opt/so/idstools/etc/modify.conf @@ -19,23 +16,23 @@ --suricata-version=6.0 --merged=/opt/so/rules/nids/all.rules --local=/opt/so/rules/nids/local.rules -{%- if ENGINE == "SURICATA" %} +{%- if GLOBALS.md_engine == "SURICATA" %} --local=/opt/so/rules/nids/sorules/extraction.rules --local=/opt/so/rules/nids/sorules/filters.rules -{%- endif %} +{%- endif %} --disable=/opt/so/idstools/etc/disable.conf --enable=/opt/so/idstools/etc/enable.conf --modify=/opt/so/idstools/etc/modify.conf - {%- if RULESET == 'ETOPEN' %} +{%- if IDSTOOLSMERGED.ruleset == 'ETOPEN' %} --etopen - {%- elif RULESET == 'ETPRO' %} ---etpro={{ OINKCODE }} - {%- elif RULESET == 'TALOS' %} ---url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }} - {%- endif %} +{%- elif IDSTOOLSMERGED.ruleset == 'ETPRO' %} +--etpro={{ IDSTOOLSMERGED.oinkcode }} +{%- elif IDSTOOLSMERGED.ruleset == 'TALOS' %} +--url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ IDSTOOLSMERGED.oinkcode }} +{%- endif %} {%- endif %} -{%- if URLS != None %} -{%- for URL in URLS %} +{%- if IDSTOOLSMERGED.urls | length > 0 %} +{%- for URL in IDSTOOLSMERGED.urls %} --url={{ URL }} -{%- endfor %} +{%- endfor %} {%- endif %} \ No newline at end of file From b56baf900cf3ba547a045dad5271a9f04d17651b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Mar 2023 16:44:53 -0400 Subject: [PATCH 26/43] Re-Work IDSTOOLS --- pillar/top.sls | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pillar/top.sls b/pillar/top.sls index 60cface84..0c4c11957 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -51,6 +51,8 @@ base: - adv_global - manager.soc_manager - manager.adv_manager + - idstools.soc_idstools + - idstools.adv_idstools - soc.soc_soc - soc.adv_soc - kratos.soc_kratos @@ -90,6 +92,9 @@ base: - elasticsearch.soc_elasticsearch - elasticsearch.adv_elasticsearch - manager.soc_manager + - manager.adv_manager + - idstools.soc_idstools + - idstools.adv_idstools - soc.soc_soc - kratos.soc_kratos - kratos.adv_kratos @@ -120,6 +125,8 @@ base: - secrets - healthcheck.standalone - soc_global + - idstools.soc_idstools + - idstools.adv_idstools - kratos.soc_kratos - kratos.adv_kratos - redis.soc_redis @@ -129,6 +136,7 @@ base: - elasticsearch.soc_elasticsearch - elasticsearch.adv_elasticsearch - manager.soc_manager + - manager.adv_manager - soc.soc_soc - backup.soc_backup - backup.adv_backup @@ -195,6 +203,7 @@ base: - elasticsearch.soc_elasticsearch - elasticsearch.adv_elasticsearch - manager.soc_manager + - manager.adv_manager - soc.soc_soc - soc_global - adv_global From 02d013c0cc41bd37ee2d8ee4f1319910072a99c3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Mar 2023 16:47:43 -0400 Subject: [PATCH 27/43] Re-Work IDSTOOLS --- salt/idstools/etc/rulecat.conf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf index 771b87ff8..8a6840267 100644 --- a/salt/idstools/etc/rulecat.conf +++ b/salt/idstools/etc/rulecat.conf @@ -1,6 +1,6 @@ {%- from 'vars/globals.map.jinja' import GLOBALS %} {%- import_yaml 'idstools/defaults.yaml' as IDSTOOLSDEFAULTS %} -{%- set IDSTOOLSMERGED = salt['pillar.get']('idstools:config', IDSTOOLSDEFAULTS.config, merge=True) %} +{%- set IDSTOOLSMERGED = salt['pillar.get']('idstools', IDSTOOLSDEFAULTS, merge=True) %} {%- if GLOBALS.airgap is sameas true -%} --merged=/opt/so/rules/nids/all.rules --local=/opt/so/rules/nids/local.rules @@ -23,16 +23,16 @@ --disable=/opt/so/idstools/etc/disable.conf --enable=/opt/so/idstools/etc/enable.conf --modify=/opt/so/idstools/etc/modify.conf -{%- if IDSTOOLSMERGED.ruleset == 'ETOPEN' %} +{%- if IDSTOOLSMERGED.config.ruleset == 'ETOPEN' %} --etopen -{%- elif IDSTOOLSMERGED.ruleset == 'ETPRO' %} ---etpro={{ IDSTOOLSMERGED.oinkcode }} -{%- elif IDSTOOLSMERGED.ruleset == 'TALOS' %} ---url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ IDSTOOLSMERGED.oinkcode }} +{%- elif IDSTOOLSMERGED.config.ruleset == 'ETPRO' %} +--etpro={{ IDSTOOLSMERGED.config.oinkcode }} +{%- elif IDSTOOLSMERGED.config.ruleset == 'TALOS' %} +--url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ IDSTOOLSMERGED.config.oinkcode }} {%- endif %} {%- endif %} -{%- if IDSTOOLSMERGED.urls | length > 0 %} -{%- for URL in IDSTOOLSMERGED.urls %} +{%- if IDSTOOLSMERGED.config.urls | length > 0 %} +{%- for URL in IDSTOOLSMERGED.config.urls %} --url={{ URL }} {%- endfor %} {%- endif %} \ No newline at end of file From 28dc4907755c48d171362e6352e930f9d60abef5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Mar 2023 16:58:52 -0400 Subject: [PATCH 28/43] Re-Work IDSTOOLS --- salt/idstools/defaults.yaml | 2 +- setup/so-functions | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/salt/idstools/defaults.yaml b/salt/idstools/defaults.yaml index f9f4da55c..2d81c80e5 100644 --- a/salt/idstools/defaults.yaml +++ b/salt/idstools/defaults.yaml @@ -2,4 +2,4 @@ idstools: config: urls: [] ruleset: ETOPEN - oinkcode: \ No newline at end of file + oinkcode: "" \ No newline at end of file diff --git a/setup/so-functions b/setup/so-functions index 78033bda5..e11542639 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1362,8 +1362,7 @@ idstools_pillar() { printf '%s\n'\ "idstools:"\ " config:"\ - " ruleset: '$RULESETUP'"\ - " oinkcode: '$OINKCODE'"\ + " oinkcode: ''"\ " urls: []"\ " sids:"\ " enabled: []"\ From afcd1155bf4996f0b9e730d77d46bdb297ab4e24 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Mar 2023 17:19:33 -0400 Subject: [PATCH 29/43] Re-Work IDSTOOLS --- salt/idstools/defaults.yaml | 6 +++++- salt/idstools/etc/rulecat.conf | 2 +- setup/so-functions | 11 ----------- 3 files changed, 6 insertions(+), 13 deletions(-) diff --git a/salt/idstools/defaults.yaml b/salt/idstools/defaults.yaml index 2d81c80e5..d23f23dd9 100644 --- a/salt/idstools/defaults.yaml +++ b/salt/idstools/defaults.yaml @@ -2,4 +2,8 @@ idstools: config: urls: [] ruleset: ETOPEN - oinkcode: "" \ No newline at end of file + oinkcode: "" + sids: + enabled: [] + isabled: [] + modify: [] \ No newline at end of file diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf index 8a6840267..fad421243 100644 --- a/salt/idstools/etc/rulecat.conf +++ b/salt/idstools/etc/rulecat.conf @@ -1,6 +1,6 @@ {%- from 'vars/globals.map.jinja' import GLOBALS %} {%- import_yaml 'idstools/defaults.yaml' as IDSTOOLSDEFAULTS %} -{%- set IDSTOOLSMERGED = salt['pillar.get']('idstools', IDSTOOLSDEFAULTS, merge=True) %} +{%- set IDSTOOLSMERGED = salt['pillar.get']('idstools', IDSTOOLSDEFAULTS.idstools, merge=True) %} {%- if GLOBALS.airgap is sameas true -%} --merged=/opt/so/rules/nids/all.rules --local=/opt/so/rules/nids/local.rules diff --git a/setup/so-functions b/setup/so-functions index e11542639..2f5c8e1a0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1359,17 +1359,6 @@ ls_heapsize() { idstools_pillar() { title "Ading IDSTOOLS pillar options" touch $adv_idstools_pillar_file - printf '%s\n'\ - "idstools:"\ - " config:"\ - " oinkcode: ''"\ - " urls: []"\ - " sids:"\ - " enabled: []"\ - " disabled: []"\ - " modify: []"\ - "" > "$idstools_pillar_file" - } soc_pillar() { From d4f5209e392e7ce4c63aebf79fd423277720d096 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Mar 2023 17:22:54 -0400 Subject: [PATCH 30/43] Re-Work IDSTOOLS --- salt/idstools/defaults.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/idstools/defaults.yaml b/salt/idstools/defaults.yaml index d23f23dd9..e937ebc2d 100644 --- a/salt/idstools/defaults.yaml +++ b/salt/idstools/defaults.yaml @@ -4,6 +4,6 @@ idstools: ruleset: ETOPEN oinkcode: "" sids: - enabled: [] - isabled: [] - modify: [] \ No newline at end of file + enabled: [] + disabled: [] + modify: [] \ No newline at end of file From 3156b1ed0c122a241bd8ab4abc823f0d0b44a0fc Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Mar 2023 17:53:14 -0400 Subject: [PATCH 31/43] Re-Work Backups --- salt/backup/config_backup.sls | 1 + salt/backup/defaults.yaml | 3 ++- salt/backup/soc_backup.yaml | 10 ++++++++++ salt/backup/tools/sbin/so-config-backup.jinja | 3 ++- 4 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 salt/backup/soc_backup.yaml diff --git a/salt/backup/config_backup.sls b/salt/backup/config_backup.sls index b4eeccfc1..20616f780 100644 --- a/salt/backup/config_backup.sls +++ b/salt/backup/config_backup.sls @@ -19,6 +19,7 @@ config_backup_script: - source: salt://backup/tools/sbin/so-config-backup.jinja - defaults: BACKUPLOCATIONS: {{ BACKUP_MERGED.locations }} + DESTINATION: {{ BACKUP_MERGED.destination }} # Add config backup so_config_backup: diff --git a/salt/backup/defaults.yaml b/salt/backup/defaults.yaml index 9b8d5909d..1aae64910 100644 --- a/salt/backup/defaults.yaml +++ b/salt/backup/defaults.yaml @@ -3,4 +3,5 @@ backup: - /opt/so/saltstack/local - /etc/pki - /etc/salt - - /opt/so/conf/kratos + - /nsm/kratos + destination: "/nsm/backup" \ No newline at end of file diff --git a/salt/backup/soc_backup.yaml b/salt/backup/soc_backup.yaml new file mode 100644 index 000000000..bedecb1ca --- /dev/null +++ b/salt/backup/soc_backup.yaml @@ -0,0 +1,10 @@ +backup: + locations: + description: List of locations to back up to the destination. + helpLink: backup.html + global: True + destination: + description: Directory to store the configuration backups in. + helpLink: backup.html + global: True + \ No newline at end of file diff --git a/salt/backup/tools/sbin/so-config-backup.jinja b/salt/backup/tools/sbin/so-config-backup.jinja index c0e24cd80..23e407653 100755 --- a/salt/backup/tools/sbin/so-config-backup.jinja +++ b/salt/backup/tools/sbin/so-config-backup.jinja @@ -8,7 +8,8 @@ . /usr/sbin/so-common TODAY=$(date '+%Y_%m_%d') -BACKUPFILE="/nsm/backup/so-config-backup-$TODAY.tar" +BACKUPDIR={{ DESTINATION }} +BACKUPFILE="$BACKUPDIR/so-config-backup-$TODAY.tar" MAXBACKUPS=7 # Create backup dir if it does not exist From f288d0dd6162d0d29c6d85e6297f1643bf7c95f8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Mar 2023 17:58:15 -0400 Subject: [PATCH 32/43] Re-Work Backups --- setup/so-functions | 3 --- 1 file changed, 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 2f5c8e1a0..88cd8bb6c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1488,9 +1488,6 @@ create_strelka_pillar() { backup_pillar() { title "Create the backup pillar file" touch $adv_backup_pillar_file - printf '%s\n'\ - "backup:"\ - " locations: []" > "$backup_pillar_file" } soctopus_pillar() { From 49df376bcce6bb1b3236256397fd7be8c350d405 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 15 Mar 2023 19:24:03 -0400 Subject: [PATCH 33/43] Remove non-existant Ruby scanner --- salt/strelka/defaults.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/salt/strelka/defaults.yaml b/salt/strelka/defaults.yaml index 8060f520d..2c3b88513 100644 --- a/salt/strelka/defaults.yaml +++ b/salt/strelka/defaults.yaml @@ -308,11 +308,6 @@ strelka: priority: 5 options: limit: 1000 - 'ScanRuby': - - positive: - flavors: - - 'text/x-ruby' - priority: 5 'ScanSwf': - positive: flavors: From 3ab3e4712ce5474ea381e2da6c49961d606a922b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 16 Mar 2023 09:16:28 -0400 Subject: [PATCH 34/43] remove kilo for merge --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 7f2e97617..197c4d5c2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.0-kilo +2.4.0 From 53e93f01c6de24f0fedd6595d3173fa359d4bb0b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Mar 2023 09:49:57 -0400 Subject: [PATCH 35/43] Force an update after repo is configured --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index b3b1319a5..d0afbe9f8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1959,6 +1959,7 @@ securityonion_repo() { echo "Syncing Repo" repo_sync_local fi + logCmd "dnf -y update" fi } From a96473554d0c4d60c6a2025d66fb0ebf773eef1e Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 16 Mar 2023 12:56:04 -0400 Subject: [PATCH 36/43] Add IDH log ingest --- .../tools/sbin/so-elastic-fleet-integration-policy-load | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/salt/common/tools/sbin/so-elastic-fleet-integration-policy-load b/salt/common/tools/sbin/so-elastic-fleet-integration-policy-load index 4e60bf9ad..8d3d7735a 100755 --- a/salt/common/tools/sbin/so-elastic-fleet-integration-policy-load +++ b/salt/common/tools/sbin/so-elastic-fleet-integration-policy-load @@ -103,3 +103,9 @@ echo echo "Setting up Redis package policy..." curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/fleet/package_policies" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'{ "policy_id": "so-grid-nodes", "package": { "name": "redis", "version": "1.4.0" }, "id": "redis-logs", "name": "redis-logs", "description": "Redis logs", "namespace": "default", "inputs": { "redis-logfile": { "enabled": true, "streams": { "redis.log": { "enabled": true, "vars": { "paths": [ "/opt/so/log/redis/redis.log" ], "tags": [ "redis-log" ], "preserve_original_event": false } } } }, "redis-redis": { "enabled": false, "streams": { "redis.slowlog": { "enabled": false, "vars": { "hosts": [ "127.0.0.1:6379" ], "password": "" } } } }, "redis-redis/metrics": { "enabled": false, "vars": { "hosts": [ "127.0.0.1:6379" ], "idle_timeout": "20s", "maxconn": 10, "network": "tcp", "password": "" }, "streams": { "redis.info": { "enabled": false, "vars": { "period": "10s" } }, "redis.key": { "enabled": false, "vars": { "key.patterns": "- limit: 20\n pattern: '*'\n", "period": "10s" } }, "redis.keyspace": { "enabled": false, "vars": { "period": "10s" } } } } } }' echo + +# IDH logs +echo +echo "Setting up IDh package policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/fleet/package_policies" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'{"policy_id":"so-grid-nodes","package":{"name":"log","version":"1.1.1"},"id":"idh-logs","name":"idh-logs","namespace":"so","description":"IDH integration","inputs":{"logs-logfile":{"enabled":true,"streams":{"log.log":{"enabled":true,"vars":{"paths":["/nsm/idh/opencanary.log"],"data_stream.dataset":"idh","custom":"pipeline: common","processors": "\n- decode_json_fields:\n fields: [\"message\"]\n target: \"\"\n add_error_key: true\n- drop_fields:\n when:\n equals:\n logtype: \"1001\"\n fields: [\"src_host\", \"src_port\", \"dst_host\", \"dst_port\" ]\n ignore_missing: true\n- rename:\n fields:\n - from: \"src_host\"\n to: \"source.ip\"\n - from: \"src_port\"\n to: \"source.port\"\n - from: \"dst_host\"\n to: \"destination.host\"\n - from: \"dst_port\"\n to: \"destination.port\"\n ignore_missing: true\n- convert:\n fields:\n - {from: \"logtype\", to: \"event.code\", type: \"string\"}\n ignore_missing: true\n- drop_fields:\n fields: '\''[\"prospector\", \"input\", \"offset\", \"beat\"]'\''\n- add_fields:\n target: event\n fields:\n category: host\n module: opencanary","tags":[]}}}}}}' +echo \ No newline at end of file From d78128dbf4175e2f453bf0e151fa397a2500861b Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 16 Mar 2023 13:11:12 -0400 Subject: [PATCH 37/43] Formatting --- salt/common/tools/sbin/so-elastic-fleet-integration-policy-load | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-elastic-fleet-integration-policy-load b/salt/common/tools/sbin/so-elastic-fleet-integration-policy-load index 8d3d7735a..bc65161fa 100755 --- a/salt/common/tools/sbin/so-elastic-fleet-integration-policy-load +++ b/salt/common/tools/sbin/so-elastic-fleet-integration-policy-load @@ -106,6 +106,6 @@ echo # IDH logs echo -echo "Setting up IDh package policy..." +echo "Setting up IDH package policy..." curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/fleet/package_policies" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'{"policy_id":"so-grid-nodes","package":{"name":"log","version":"1.1.1"},"id":"idh-logs","name":"idh-logs","namespace":"so","description":"IDH integration","inputs":{"logs-logfile":{"enabled":true,"streams":{"log.log":{"enabled":true,"vars":{"paths":["/nsm/idh/opencanary.log"],"data_stream.dataset":"idh","custom":"pipeline: common","processors": "\n- decode_json_fields:\n fields: [\"message\"]\n target: \"\"\n add_error_key: true\n- drop_fields:\n when:\n equals:\n logtype: \"1001\"\n fields: [\"src_host\", \"src_port\", \"dst_host\", \"dst_port\" ]\n ignore_missing: true\n- rename:\n fields:\n - from: \"src_host\"\n to: \"source.ip\"\n - from: \"src_port\"\n to: \"source.port\"\n - from: \"dst_host\"\n to: \"destination.host\"\n - from: \"dst_port\"\n to: \"destination.port\"\n ignore_missing: true\n- convert:\n fields:\n - {from: \"logtype\", to: \"event.code\", type: \"string\"}\n ignore_missing: true\n- drop_fields:\n fields: '\''[\"prospector\", \"input\", \"offset\", \"beat\"]'\''\n- add_fields:\n target: event\n fields:\n category: host\n module: opencanary","tags":[]}}}}}}' echo \ No newline at end of file From 6e3194486c275f0beb6dba0386e2c209ec82a62a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Mar 2023 13:50:22 -0400 Subject: [PATCH 38/43] Force package update before syncing the repo --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index d0afbe9f8..b377a8d15 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1985,6 +1985,7 @@ repo_sync_local() { echo "gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub" >> /root/repodownload.conf dnf repolist + logCmd "dnf -c /root/repodownload.conf -y upgrade" # Make sure we can get to the sig repo logCmd "curl --retry 5 --retry-delay 60 -A 'gridinstall/$SOVERSION/$OS/$(uname -r)/1' https://sigs.securityonion.net/checkup --output /tmp/checkup" logCmd "dnf reposync --norepopath -g --delete -m -c /root/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" From 849e82e39f5170ac1c8cf5a93d707ef083af7c01 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Mar 2023 15:36:43 -0400 Subject: [PATCH 39/43] Force package updates and curl check fix --- setup/so-functions | 9 +++++---- setup/so-whiptail | 4 +++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index b377a8d15..3e2f55b3f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -139,11 +139,11 @@ check_admin_pass() { check_manager_connection() { # See if you can curl the manager. If not you can either try again or continue info "Checking manager connectivity" - man_test_err=$(curl -k -L -sS https://$MSRVIP/repo --connect-timeout 5 2>&1) + man_test_err=$(curl -s $MSRVIP:4505 --connect-timeout 5 2>&1) local ret=$? - if [[ $ret != 0 ]]; then + if [[ $ret != 1 ]]; then error "Could not reach $MSRV" whiptail_manager_unreachable fi @@ -1984,8 +1984,9 @@ repo_sync_local() { echo "gpgcheck=1" >> /root/repodownload.conf echo "gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub" >> /root/repodownload.conf - dnf repolist - logCmd "dnf -c /root/repodownload.conf -y upgrade" + logCmd "dnf repolist" + echo "This is trying to work" + logCmd "dnf -c /root/repodownload.conf -y upgrade --allowerasing" # Make sure we can get to the sig repo logCmd "curl --retry 5 --retry-delay 60 -A 'gridinstall/$SOVERSION/$OS/$(uname -r)/1' https://sigs.securityonion.net/checkup --output /tmp/checkup" logCmd "dnf reposync --norepopath -g --delete -m -c /root/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" diff --git a/setup/so-whiptail b/setup/so-whiptail index 6123ea97d..bf1463c67 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1143,11 +1143,13 @@ whiptail_reinstall() { read -r -d '' message <<- EOM Setup has detected a previous install. Continuing the install will remove the previous install configuration. + Selecting continue is a destructive action. + Would you like to continue? EOM whiptail --title "$whiptail_title" \ - --yesno "$message" 11 75 \ + --yesno "$message" 13 75 \ --yes-button "Continue" --no-button "Exit" --defaultno local exitstatus=$? From 957467eae0446e86ad7f4aaf9f02c03169789ec0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Mar 2023 15:41:29 -0400 Subject: [PATCH 40/43] Force package update before syncing the repo --- setup/so-functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 3e2f55b3f..70562fcf8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1985,8 +1985,9 @@ repo_sync_local() { echo "gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub" >> /root/repodownload.conf logCmd "dnf repolist" - echo "This is trying to work" + info "This is trying to work" logCmd "dnf -c /root/repodownload.conf -y upgrade --allowerasing" + info "There should be an update here # Make sure we can get to the sig repo logCmd "curl --retry 5 --retry-delay 60 -A 'gridinstall/$SOVERSION/$OS/$(uname -r)/1' https://sigs.securityonion.net/checkup --output /tmp/checkup" logCmd "dnf reposync --norepopath -g --delete -m -c /root/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" From 2b65c1498d856b1427871b777f77c9493807c93c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Mar 2023 15:45:04 -0400 Subject: [PATCH 41/43] Force package update before syncing the repo --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 70562fcf8..5a9af8000 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1987,7 +1987,7 @@ repo_sync_local() { logCmd "dnf repolist" info "This is trying to work" logCmd "dnf -c /root/repodownload.conf -y upgrade --allowerasing" - info "There should be an update here + info "There should be an update here" # Make sure we can get to the sig repo logCmd "curl --retry 5 --retry-delay 60 -A 'gridinstall/$SOVERSION/$OS/$(uname -r)/1' https://sigs.securityonion.net/checkup --output /tmp/checkup" logCmd "dnf reposync --norepopath -g --delete -m -c /root/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" From ef4882198a90c29e714136a7ca43ddc82c71aa34 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Mar 2023 15:48:57 -0400 Subject: [PATCH 42/43] Force package update before syncing the repo --- setup/so-functions | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 5a9af8000..3a6d2bbfd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1985,9 +1985,6 @@ repo_sync_local() { echo "gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub" >> /root/repodownload.conf logCmd "dnf repolist" - info "This is trying to work" - logCmd "dnf -c /root/repodownload.conf -y upgrade --allowerasing" - info "There should be an update here" # Make sure we can get to the sig repo logCmd "curl --retry 5 --retry-delay 60 -A 'gridinstall/$SOVERSION/$OS/$(uname -r)/1' https://sigs.securityonion.net/checkup --output /tmp/checkup" logCmd "dnf reposync --norepopath -g --delete -m -c /root/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" @@ -2385,7 +2382,7 @@ update_sudoers() { update_packages() { if [[ $is_rocky ]]; then logCmd "dnf repolist" - logCmd "dnf -y update --exclude=salt*,wazuh*,docker*,containerd*" + logCmd "dnf -y update --allowerasing --exclude=salt*,wazuh*,docker*,containerd*" else retry 150 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1 retry 150 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1 From d12367ed751bdef85e735dd18331d58053351518 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Mar 2023 15:54:00 -0400 Subject: [PATCH 43/43] Force package update before syncing the repo --- setup/so-functions | 1 - 1 file changed, 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 3a6d2bbfd..2378e31c5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1959,7 +1959,6 @@ securityonion_repo() { echo "Syncing Repo" repo_sync_local fi - logCmd "dnf -y update" fi }