From 2d7ff4e0fd3987b8b025219f4da5ba556aca4ab2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 6 Dec 2019 15:29:07 -0500 Subject: [PATCH] whiptail size adjustments. fix menus that couldn't be cancelled out of. add path for source so setup can be called from anywhere --- setup/functions.sh | 10 +++ setup/so-setup.sh | 12 ++- setup/whiptail.sh | 219 +++++++++++++++++++++++++++------------------ 3 files changed, 148 insertions(+), 93 deletions(-) diff --git a/setup/functions.sh b/setup/functions.sh index d251ecbac..ff546ea31 100644 --- a/setup/functions.sh +++ b/setup/functions.sh @@ -15,6 +15,9 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +SCRIPTDIR=$(dirname "$0") +source $SCRIPTDIR/whiptail.sh + accept_salt_key_local() { echo "Accept the key locally on the master" >> $SETUPLOG 2>&1 # Accept the key locally on the master @@ -45,6 +48,9 @@ add_master_hostfile() { MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter your Master Server IP Address" 10 60 X.X.X.X 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + } add_socore_user_master() { @@ -357,6 +363,8 @@ detect_os() { exit fi + echo "Found OS: $OS $OSVER" >> $SETUPLOG 2>&1 + } #disable_dnsmasq() { @@ -520,6 +528,8 @@ got_root() { install_cleanup() { + echo "install_cleanup called" >> $SETUPLOG 2>&1 + # Clean up after ourselves rm -rf /root/installtmp diff --git a/setup/so-setup.sh b/setup/so-setup.sh index 627e3bc2b..c3a6abab1 100644 --- a/setup/so-setup.sh +++ b/setup/so-setup.sh @@ -16,8 +16,9 @@ # along with this program. If not, see . # Source the other pieces of the setup -source functions.sh -source whiptail.sh +SCRIPTDIR=$(dirname "$0") +source $SCRIPTDIR/functions.sh +source $SCRIPTDIR/whiptail.sh # See if this is an ISO install OPTIONS=$1 @@ -42,6 +43,7 @@ SETUPLOG="/root/sosetup.log" # Reset the Install Log date -u >$SETUPLOG 2>&1 +echo "stty size is: $(stty size)" >> $SETUPLOG 2>&1 # Check for prerequisites got_root @@ -53,7 +55,8 @@ if [ $OS == ubuntu ]; then fi # Question Time -if (whiptail_you_sure); then +echo "Asking user if they are sure they want to proceed" >> $SETUPLOG 2>&1 +if (whiptail_you_sure) ; then # Create a temp dir to get started install_prep @@ -636,5 +639,6 @@ if (whiptail_you_sure); then fi else - exit + echo "User not sure. Cancelling setup.">> $SETUPLOG 2>&1 + whiptail_cancel fi diff --git a/setup/whiptail.sh b/setup/whiptail.sh index 146275bb8..bd40f5e83 100644 --- a/setup/whiptail.sh +++ b/setup/whiptail.sh @@ -18,7 +18,7 @@ whiptail_basic_bro() { BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the number of bro processes:" 10 60 $LBPROCS 3>&1 1>&2 2>&3) + "Enter the number of bro processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -28,7 +28,7 @@ whiptail_basic_bro() { whiptail_basic_suri() { BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the number of Suricata Processes:" 10 60 $LBPROCS 3>&1 1>&2 2>&3) + "Enter the number of Suricata Processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -37,17 +37,16 @@ whiptail_basic_suri() { whiptail_bro_pins() { - BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please Select $LBPROCS cores to pin Bro to:" 20 78 12 ${LISTCORES[@]} 3>&1 1>&2 2>&3 ) + BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please Select $LBPROCS cores to pin Bro to:" 20 75 12 ${LISTCORES[@]} 3>&1 1>&2 2>&3 ) local exitstatus=$? whiptail_check_exitstatus $exitstatus - } whiptail_bro_version() { - BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 78 4 "ZEEK" "Install Zeek (aka Bro)" ON \ + BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)" ON \ "COMMUNITY" "Install Community NSM" OFF "SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3) local exitstatus=$? @@ -62,23 +61,24 @@ whiptail_bond_nics() { nic_list+=($FNIC "Interface" "OFF") done - BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 78 12 ${nic_list[@]} 3>&1 1>&2 2>&3 ) + BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 ${nic_list[@]} 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus while [ -z "$BNICS" ] do - BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 78 12 ${nic_list[@]} 3>&1 1>&2 2>&3 ) + BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 ${nic_list[@]} 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus done - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - } whiptail_bond_nics_mtu() { # Set the MTU on the monitor interface MTU=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the MTU for the monitor NICs" 10 60 1500 3>&1 1>&2 2>&3) + "Enter the MTU for the monitor NICs" 10 75 1500 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -87,8 +87,12 @@ whiptail_bond_nics_mtu() { whiptail_cancel() { - whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 78 - install_cleanup + whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75 + if [ -d "/root/installtmp" ]; then + echo "/root/installtmp exists" >> $SETUPLOG 2>&1 + install_cleanup + echo "/root/installtmp removed" >> $SETUPLOG 2>&1 + fi exit } @@ -104,28 +108,34 @@ whiptail_check_exitstatus() { whiptail_create_socore_user() { - whiptail --title "Security Onion Setup" --msgbox "Set a password for the socore user. This account is used for adding sensors remotely." 8 78 + whiptail --title "Security Onion Setup" --msgbox "Set a password for the socore user. This account is used for adding sensors remotely." 8 75 } whiptail_create_socore_user_password1() { COREPASS1=$(whiptail --title "Security Onion Install" --passwordbox \ - "Enter a password for user socore" 10 60 3>&1 1>&2 2>&3) + "Enter a password for user socore" 10 75 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_create_socore_user_password2() { COREPASS2=$(whiptail --title "Security Onion Install" --passwordbox \ - "Re-enter a password for user socore" 10 60 3>&1 1>&2 2>&3) + "Re-enter a password for user socore" 10 75 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_cur_close_days() { CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \ - "Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 60 $CURCLOSEDAYS 3>&1 1>&2 2>&3) + "Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 75 $CURCLOSEDAYS 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -133,30 +143,37 @@ whiptail_cur_close_days() { } whiptail_enable_components() { COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \ - "Select Components to install" 20 78 8 \ + "Select Components to install" 20 75 8 \ "GRAFANA" "Enable Grafana for system monitoring" ON \ "OSQUERY" "Enable Fleet with osquery" ON \ "WAZUH" "Enable Wazuh" ON \ "THEHIVE" "Enable TheHive" ON \ "PLAYBOOK" "Enable Playbook" ON 3>&1 1>&2 2>&3 ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + } whiptail_eval_adv() { EVALADVANCED=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose your eval install:" 20 78 4 \ + "Choose your eval install:" 20 75 4 \ "BASIC" "Install basic components for evaluation" ON \ "ADVANCED" "Choose additional components to be installed" OFF 3>&1 1>&2 2>&3 ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus } whiptail_eval_adv_warning() { - whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 78 + whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75 } whiptail_homenet_master() { # Ask for the HOME_NET on the master HNMASTER=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter your HOME_NET separated by ," 10 60 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3) + "Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -166,14 +183,16 @@ whiptail_homenet_master() { whiptail_homenet_sensor() { # Ask to inherit from master - whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Master?" 8 78 + whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Master?" 8 75 local exitstatus=$? if [ $exitstatus == 0 ]; then HNSENSOR=inherit else HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter your HOME_NET separated by ," 10 60 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3) + "Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus fi } @@ -182,14 +201,14 @@ whiptail_install_type() { # What kind of install are we doing? INSTALLTYPE=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose Install Type:" 20 78 14 \ + "Choose Install Type:" 20 75 13 \ "SENSORONLY" "Create a forward only sensor" ON \ "STORAGENODE" "Add a Storage Hot Node with parsing" OFF \ "MASTERONLY" "Start a new grid" OFF \ - "PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF \ - "HOTNODE" "TODO Add a Hot Node (Storage Node without Parsing)" OFF \ - "WARMNODE" "TODO Add a Warm Node to an existing Hot or Storage node" OFF \ "EVALMODE" "Evaluate all the things" OFF \ + "PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF \ + "HOTNODE" "TODO Add Hot Node (Storage Node without Parsing)" OFF \ + "WARMNODE" "TODO Add Warm Node to existing Hot or Storage node" OFF \ "WAZUH" "TODO Stand Alone Wazuh Node" OFF \ "STRELKA" "TODO Stand Alone Strelka Node" OFF \ "FLEET" "TODO Stand Alone Fleet OSQuery Node" OFF 3>&1 1>&2 2>&3 ) @@ -203,7 +222,7 @@ whiptail_log_size_limit() { LOG_SIZE_LIMIT=$(whiptail --title "Security Onion Setup" --inputbox \ "Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \ - By default, this is set to 85% of the disk space allotted for /nsm." 10 60 $LOG_SIZE_LIMIT 3>&1 1>&2 2>&3) + By default, this is set to 85% of the disk space allotted for /nsm." 10 75 $LOG_SIZE_LIMIT 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -213,22 +232,23 @@ whiptail_log_size_limit() { whiptail_management_nic() { - MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 78 12 ${NICS[@]} 3>&1 1>&2 2>&3 ) + MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 ${NICS[@]} 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus while [ -z "$MNIC" ] do - MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 78 12 ${NICS[@]} 3>&1 1>&2 2>&3 ) + MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 ${NICS[@]} 3>&1 1>&2 2>&3 ) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus done - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - } whiptail_nids() { NIDS=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose which IDS to run:" 20 78 4 \ + "Choose which IDS to run:" 20 75 4 \ "Suricata" "Suricata 4.X" ON \ "Snort" "Snort 3.0 Beta" OFF 3>&1 1>&2 2>&3 ) @@ -240,7 +260,7 @@ whiptail_nids() { whiptail_oinkcode() { OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter your oinkcode" 10 60 XXXXXXX 3>&1 1>&2 2>&3) + "Enter your oinkcode" 10 75 XXXXXXX 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -249,7 +269,7 @@ whiptail_oinkcode() { whiptail_make_changes() { - whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $INSTALLTYPE. Please hit YES to make changes or NO to cancel." 8 78 + whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $INSTALLTYPE. Please hit YES to make changes or NO to cancel." 8 75 local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -259,7 +279,10 @@ whiptail_make_changes() { whiptail_management_server() { MSRV=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter your Master Server HOSTNAME. It is CASE SENSITIVE!" 10 60 XXXX 3>&1 1>&2 2>&3) + "Enter your Master Server HOSTNAME. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus # See if it resolves. Otherwise prompt to add to host file TESTHOST=$(host $MSRV) @@ -268,24 +291,25 @@ whiptail_management_server() { add_master_hostfile fi +} + +# Ask if you want to do advanced setup of the Master +whiptail_master_adv() { + + MASTERADV=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose what type of master install:" 20 75 4 \ + "BASIC" "Install master with recommended settings" ON \ + "ADVANCED" "Do additional configuration to the master" OFF 3>&1 1>&2 2>&3 ) local exitstatus=$? whiptail_check_exitstatus $exitstatus } -# Ask if you want to do advanced setup of the Master -whiptail_master_adv() { - MASTERADV=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose what type of master install:" 20 78 4 \ - "BASIC" "Install master with recommended settings" ON \ - "ADVANCED" "Do additional configuration to the master" OFF 3>&1 1>&2 2>&3 ) -} - # Ask which additional components to install whiptail_master_adv_service_brologs() { - BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 78 12 \ + BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 75 12 \ "conn" "Connection Logging" ON \ "dce_rpc" "RPC Logs" ON \ "dhcp" "DHCP Logs" ON \ @@ -324,11 +348,15 @@ whiptail_master_adv_service_brologs() { "mysql" "MySQL Logs" ON \ "socks" "SOCKS Logs" ON \ "x509" "x.509 Logs" ON 3>&1 1>&2 2>&3 ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + } whiptail_network_notice() { - whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Hit YES to continue." 8 78 + whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Hit YES to continue." 8 75 local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -338,7 +366,7 @@ whiptail_network_notice() { whiptail_node_advanced() { NODESETUP=$(whiptail --title "Security Onion Setup" --radiolist \ - "What type of config would you like to use?:" 20 78 4 \ + "What type of config would you like to use?:" 20 75 4 \ "NODEBASIC" "Install Storage Node with recommended settings" ON \ "NODEADVANCED" "Advanced Node Setup" OFF 3>&1 1>&2 2>&3 ) @@ -351,7 +379,7 @@ whiptail_node_es_heap() { es_heapsize NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter ES Heap Size: \n \n(Recommended value is pre-populated)" 10 60 $ES_HEAP_SIZE 3>&1 1>&2 2>&3) + "\nEnter ES Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $ES_HEAP_SIZE 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -362,7 +390,7 @@ whiptail_node_ls_heap() { ls_heapsize NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter LogStash Heap Size: \n \n(Recommended value is pre-populated)" 10 60 $LS_HEAP_SIZE 3>&1 1>&2 2>&3) + "\nEnter LogStash Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $LS_HEAP_SIZE 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -372,7 +400,7 @@ whiptail_node_ls_heap() { whiptail_node_ls_pipeline_worker() { LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 60 $CPUCORES 3>&1 1>&2 2>&3) + "\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 $CPUCORES 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -382,7 +410,7 @@ whiptail_node_ls_pipeline_worker() { whiptail_node_ls_pipline_batchsize() { LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 60 125 3>&1 1>&2 2>&3) + "\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -392,7 +420,7 @@ whiptail_node_ls_pipline_batchsize() { whiptail_node_ls_input_threads() { LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 60 1 3>&1 1>&2 2>&3) + "\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -402,7 +430,7 @@ whiptail_node_ls_input_threads() { whiptail_node_ls_input_batch_count() { LSINPUTBATCHCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter LogStash Input Batch Count: \n \n(Default value is pre-populated)" 10 60 125 3>&1 1>&2 2>&3) + "\nEnter LogStash Input Batch Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -411,22 +439,22 @@ whiptail_node_ls_input_batch_count() { whiptail_passwords_dont_match() { - whiptail --title "Security Onion Setup" --msgbox "Passwords don't match. Please re-enter." 8 78 + whiptail --title "Security Onion Setup" --msgbox "Passwords don't match. Please re-enter." 8 75 } whiptail_patch_name_new_schedule() { PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \ - "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 105 3>&1 1>&2 2>&3) + "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus while [[ -z "$PATCHSCHEDULENAME" ]]; do - whiptail --title "Security Onion Setup" --msgbox "Please enter a name for this OS patch schedule." 8 65 + whiptail --title "Security Onion Setup" --msgbox "Please enter a name for this OS patch schedule." 8 75 PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \ - "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 105 3>&1 1>&2 2>&3) + "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus done @@ -438,11 +466,11 @@ whiptail_patch_schedule() { # What kind of patch schedule are we doing? PATCHSCHEDULE=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose OS patch schedule. This will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 25 115 5 \ - "Automatic" "Package updates will be installed automatically every 8 hours if available" ON \ - "Manual" "Package updates will need to be installed manually" OFF \ - "Import Schedule" "Enter the name of an existing schedule on the following screen and inherit it" OFF \ - "New Schedule" "Configure and name a new schedule on the following screen" OFF 3>&1 1>&2 2>&3 ) + "Choose OS patch schedule. This will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 15 75 5 \ + "Automatic" "Updates installed every 8 hours if available" ON \ + "Manual" "Updates will be installed manually" OFF \ + "Import Schedule" "Import named schedule on following screen" OFF \ + "New Schedule" "Configure and name new schedule on next screen" OFF 3>&1 1>&2 2>&3 ) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -453,15 +481,15 @@ whiptail_patch_schedule_import() { unset PATCHSCHEDULENAME PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 60 3>&1 1>&2 2>&3) + "Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus while [[ -z "$PATCHSCHEDULENAME" ]]; do - whiptail --title "Security Onion Setup" --msgbox "Please enter a name for the OS patch schedule you want to inherit." 8 65 + whiptail --title "Security Onion Setup" --msgbox "Please enter a name for the OS patch schedule you want to inherit." 8 75 PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 60 3>&1 1>&2 2>&3) + "Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -472,7 +500,7 @@ whiptail_patch_schedule_import() { whiptail_patch_schedule_select_days() { # Select the days to patch PATCHSCHEDULEDAYS=($(whiptail --title "Security Onion Setup" --checklist \ - "Which days do you want to apply OS patches?" 20 55 9 \ + "Which days do you want to apply OS patches?" 15 75 8 \ "Monday" "" OFF \ "Tuesday" "" ON \ "Wednesday" "" OFF \ @@ -486,9 +514,9 @@ whiptail_patch_schedule_select_days() { } whiptail_patch_schedule_select_hours() { - # Select the hours to patch + # Select the hours to patch PATCHSCHEDULEHOURS=($(whiptail --title "Security Onion Setup" --checklist \ - "At which time, UTC, do you want to apply OS patches on the selected days?" 35 55 26 \ + "At which time, UTC, do you want to apply OS patches on the selected days? Hours 12 through 23 can be selected on the next screen." 22 75 13 \ "00:00" "" OFF \ "01:00" "" OFF \ "02:00" "" OFF \ @@ -500,7 +528,14 @@ whiptail_patch_schedule_select_hours() { "08:00" "" OFF \ "09:00" "" OFF \ "10:00" "" OFF \ - "11:00" "" OFF \ + "11:00" "" OFF 3>&1 1>&2 2>&3 )) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + # Select the hours to patch + PATCHSCHEDULEHOURS+=($(whiptail --title "Security Onion Setup" --checklist \ + "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \ "12:00" "" OFF \ "13:00" "" OFF \ "14:00" "" OFF \ @@ -522,7 +557,7 @@ whiptail_rule_setup() { # Get pulled pork info RULESETUP=$(whiptail --title "Security Onion Setup" --radiolist \ - "What IDS rules to use?:" 20 140 4 \ + "What IDS rules to use?:" 20 75 4 \ "ETOPEN" "Emerging Threats Open - no oinkcode required" ON \ "ETPRO" "Emerging Threats PRO - requires ETPRO oinkcode" OFF \ "TALOSET" "Snort Subscriber (Talos) ruleset and Emerging Threats NoGPL ruleset - requires Snort Subscriber oinkcode" OFF \ @@ -536,7 +571,7 @@ whiptail_rule_setup() { whiptail_sensor_config() { NSMSETUP=$(whiptail --title "Security Onion Setup" --radiolist \ - "What type of configuration would you like to use?:" 20 78 4 \ + "What type of configuration would you like to use?:" 20 75 4 \ "BASIC" "Install NSM components with recommended settings" ON \ "ADVANCED" "Configure each component individually" OFF 3>&1 1>&2 2>&3 ) @@ -548,30 +583,31 @@ whiptail_sensor_config() { whiptail_set_hostname() { HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the Hostname you would like to set." 10 60 $HOSTNAME 3>&1 1>&2 2>&3) - - while [[ "$HOSTNAME" == 'localhost' ]] ; do - whiptail --title "Security Onion Setup" --msgbox "Please choose a hostname that isn't localhost." 8 65 - HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter the Hostname you would like to set." 10 60 $HOSTNAME 3>&1 1>&2 2>&3) - done - + "Enter the Hostname you would like to set." 10 75 $HOSTNAME 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus + while [[ "$HOSTNAME" == 'localhost' ]] ; do + whiptail --title "Security Onion Setup" --msgbox "Please choose a hostname that isn't localhost." 8 75 + HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter the Hostname you would like to set." 10 75 $HOSTNAME 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + done + } whiptail_setup_complete() { - whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 78 + whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75 install_cleanup } whiptail_setup_failed() { - whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 78 + whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75 install_cleanup } @@ -579,7 +615,7 @@ whiptail_setup_failed() { whiptail_shard_count() { SHARDCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \ - "\nEnter ES Shard Count: \n \n(Default value is pre-populated)" 10 60 125 3>&1 1>&2 2>&3) + "\nEnter ES Shard Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -589,7 +625,7 @@ whiptail_shard_count() { whiptail_suricata_pins() { FILTEREDCORES=$(echo ${LISTCORES[@]} ${BROPINS[@]} | tr -d '"' | tr ' ' '\n' | sort | uniq -u | awk '{print $1 " \"" "core" "\""}') - SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please Select $LBPROCS cores to pin Suricata to:" 20 78 12 ${FILTEREDCORES[@]} 3>&1 1>&2 2>&3 ) + SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please Select $LBPROCS cores to pin Suricata to:" 20 75 12 ${FILTEREDCORES[@]} 3>&1 1>&2 2>&3 ) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -599,9 +635,9 @@ whiptail_suricata_pins() { whiptail_master_updates() { MASTERUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \ - "How would you like to download updates for your grid?:" 20 78 4 \ - "MASTER" "Have the master node act as a proxy for OS/Docker updates." ON \ - "OPEN" "Have each node connect to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) + "How would you like to download updates for your grid?:" 20 75 4 \ + "MASTER" "Master node is proxy for OS/Docker updates." ON \ + "OPEN" "Each node connect to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -611,7 +647,7 @@ whiptail_master_updates() { whiptail_node_updates() { NODEUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \ - "How would you like to download updates for this node?:" 20 78 4 \ + "How would you like to download updates for this node?:" 20 75 4 \ "MASTER" "Download OS/Docker updates from the Master." ON \ "OPEN" "Download updates directly from the Internet" OFF 3>&1 1>&2 2>&3 ) @@ -622,6 +658,11 @@ whiptail_node_updates() { whiptail_you_sure() { - whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 78 + echo "whiptail_you_sure called" >> $SETUPLOG 2>&1 + whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 75 + + local exitstatus=$? + echo "whiptail_you_sure returning $exitstatus" >> $SETUPLOG 2>&1 + return $exitstatus }