From fbbf9dab6047dcf282c4476a095ca0832eee4c8d Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 5 May 2020 13:57:36 -0400
Subject: [PATCH 1/8] Allow Firewall to update between versions

---
 pillar/firewall/analyst.sls          |  3 --
 pillar/firewall/beats_endpoint.sls   |  3 --
 pillar/firewall/forward_nodes.sls    |  3 --
 pillar/firewall/masterfw.sls         |  2 --
 pillar/firewall/minions.sls          |  3 --
 pillar/firewall/osquery_endpoint.sls |  3 --
 pillar/firewall/search_nodes.sls     |  2 --
 pillar/firewall/wazuh_endpoint.sls   |  2 --
 setup/so-functions                   | 53 ++++++++++++++++++----------
 setup/so-setup                       |  1 +
 10 files changed, 35 insertions(+), 40 deletions(-)
 delete mode 100644 pillar/firewall/analyst.sls
 delete mode 100644 pillar/firewall/beats_endpoint.sls
 delete mode 100644 pillar/firewall/forward_nodes.sls
 delete mode 100644 pillar/firewall/masterfw.sls
 delete mode 100644 pillar/firewall/minions.sls
 delete mode 100644 pillar/firewall/osquery_endpoint.sls
 delete mode 100644 pillar/firewall/search_nodes.sls
 delete mode 100644 pillar/firewall/wazuh_endpoint.sls

diff --git a/pillar/firewall/analyst.sls b/pillar/firewall/analyst.sls
deleted file mode 100644
index 0e505f72f..000000000
--- a/pillar/firewall/analyst.sls
+++ /dev/null
@@ -1,3 +0,0 @@
-analyst:
-  - 127.0.0.1
-  
diff --git a/pillar/firewall/beats_endpoint.sls b/pillar/firewall/beats_endpoint.sls
deleted file mode 100644
index adabee0d6..000000000
--- a/pillar/firewall/beats_endpoint.sls
+++ /dev/null
@@ -1,3 +0,0 @@
-beats_endpoint:
-  - 127.0.0.1
-  
diff --git a/pillar/firewall/forward_nodes.sls b/pillar/firewall/forward_nodes.sls
deleted file mode 100644
index 962cdd550..000000000
--- a/pillar/firewall/forward_nodes.sls
+++ /dev/null
@@ -1,3 +0,0 @@
-forward_nodes:
-  - 127.0.0.1
-  
diff --git a/pillar/firewall/masterfw.sls b/pillar/firewall/masterfw.sls
deleted file mode 100644
index d424812c4..000000000
--- a/pillar/firewall/masterfw.sls
+++ /dev/null
@@ -1,2 +0,0 @@
-masterfw:
-  - 127.0.0.1
diff --git a/pillar/firewall/minions.sls b/pillar/firewall/minions.sls
deleted file mode 100644
index ce522877e..000000000
--- a/pillar/firewall/minions.sls
+++ /dev/null
@@ -1,3 +0,0 @@
-minions:
-  - 127.0.0.1
-  
diff --git a/pillar/firewall/osquery_endpoint.sls b/pillar/firewall/osquery_endpoint.sls
deleted file mode 100644
index cfc6051b8..000000000
--- a/pillar/firewall/osquery_endpoint.sls
+++ /dev/null
@@ -1,3 +0,0 @@
-osquery_endpoint:
-  - 127.0.0.1
-  
diff --git a/pillar/firewall/search_nodes.sls b/pillar/firewall/search_nodes.sls
deleted file mode 100644
index d6563b873..000000000
--- a/pillar/firewall/search_nodes.sls
+++ /dev/null
@@ -1,2 +0,0 @@
-search_nodes:
-  - 127.0.0.1
diff --git a/pillar/firewall/wazuh_endpoint.sls b/pillar/firewall/wazuh_endpoint.sls
deleted file mode 100644
index d5d1a52f8..000000000
--- a/pillar/firewall/wazuh_endpoint.sls
+++ /dev/null
@@ -1,2 +0,0 @@
-wazuh_endpoint:
-  - 127.0.0.1
diff --git a/setup/so-functions b/setup/so-functions
index a6d39c293..3074de9de 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -705,9 +705,19 @@ fireeye_pillar() {
 
 }
 
-# Run a salt command to generate the minion key
-salt_firstcheckin() {
-	salt-call state.show_top >> /dev/null # send output to /dev/null because we don't actually care about the ouput
+# Generate Firewall Templates
+firewall_generate_templates() {
+
+	local firewall_pillar_path=/opt/so/saltstack/salt/firewall
+	mkdir -p "$firewall_pillar_path"
+
+	for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoints search_nodes wazuh_endpoint
+	do
+	  printf '%s\n'\
+	  "$i:"\
+	  "  - 127.0.0.1"\
+	  "" > "$firewall_pillar_path"
+	done
 }
 
 fleet_pillar() {
@@ -734,10 +744,6 @@ generate_passwords(){
   KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom  | fold -w 20 | head -n 1)
 }
 
-set_main_ip() {
-	MAINIP=$(ip route get 1 | awk '{print $7;exit}')
-}
-
 get_redirect() {
 	whiptail_set_redirect_info
 	whiptail_set_redirect
@@ -755,15 +761,6 @@ got_root() {
 	fi
 }
 
-install_cleanup() {
-	echo "Installer removing the following files:"
-	ls -lR "$temp_install_dir"
-
-	# Clean up after ourselves
-	rm -rf "$temp_install_dir"
-
-}
-
 get_minion_type() {
 	local minion_type
 	case "$install_type" in
@@ -780,9 +777,13 @@ get_minion_type() {
 	echo "$minion_type"
 }
 
-set_base_heapsizes() {
-	es_heapsize
-	ls_heapsize
+install_cleanup() {
+	echo "Installer removing the following files:"
+	ls -lR "$temp_install_dir"
+
+	# Clean up after ourselves
+	rm -rf "$temp_install_dir"
+
 }
 
 master_pillar() {
@@ -1173,6 +1174,20 @@ salt_checkin() {
 	} >> "$setup_log" 2>&1
 }
 
+# Run a salt command to generate the minion key
+salt_firstcheckin() {
+	salt-call state.show_top >> /dev/null # send output to /dev/null because we don't actually care about the ouput
+}
+
+set_base_heapsizes() {
+	es_heapsize
+	ls_heapsize
+}
+
+set_main_ip() {
+	MAINIP=$(ip route get 1 | awk '{print $7;exit}')
+}
+
 setup_salt_master_dirs() {
 	# Create salt paster directories
 	mkdir -p /opt/so/saltstack/salt
diff --git a/setup/so-setup b/setup/so-setup
index 314ffd65d..710c600c9 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -294,6 +294,7 @@ export percentage=0
 		set_progress_str 10 'Configuring Salt master'
 		copy_master_config 2>> "$setup_log"
 		setup_salt_master_dirs 2>> "$setup_log"
+		firewall_generate_templates 2>> "$setup_log"
 		
 		set_progress_str 11 'Updating sudoers file for soremote user'
 		update_sudoers 2>> "$setup_log"

From 6936bc9c3e3e9f9af8a8964313392695fc7851a4 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 5 May 2020 14:45:54 -0400
Subject: [PATCH 2/8] Fix file for firewall templates

---
 setup/so-functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index 3074de9de..92fb6cfda 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -716,7 +716,7 @@ firewall_generate_templates() {
 	  printf '%s\n'\
 	  "$i:"\
 	  "  - 127.0.0.1"\
-	  "" > "$firewall_pillar_path"
+	  "" > "$firewall_pillar_path/$i.sls"
 	done
 }
 

From 13e067c20ad47083c36379e3411ac4fac0ab8912 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 5 May 2020 17:45:19 -0400
Subject: [PATCH 3/8] Fix location for files

---
 setup/so-functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index 92fb6cfda..73ef1f50f 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -716,7 +716,7 @@ firewall_generate_templates() {
 	  printf '%s\n'\
 	  "$i:"\
 	  "  - 127.0.0.1"\
-	  "" > "$firewall_pillar_path/$i.sls"
+	  "" > "$firewall_pillar_path"/$i.sls
 	done
 }
 

From 77b07bb6f8901d39ce52ce7a3e95a11cfa0ce3c3 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 5 May 2020 23:02:50 -0400
Subject: [PATCH 4/8] Fix location for files

---
 setup/so-functions | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/setup/so-functions b/setup/so-functions
index 73ef1f50f..cebd1d86c 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -708,7 +708,7 @@ fireeye_pillar() {
 # Generate Firewall Templates
 firewall_generate_templates() {
 
-	local firewall_pillar_path=/opt/so/saltstack/salt/firewall
+	local firewall_pillar_path=/opt/so/saltstack/salt/firewall/
 	mkdir -p "$firewall_pillar_path"
 
 	for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoints search_nodes wazuh_endpoint
@@ -716,7 +716,8 @@ firewall_generate_templates() {
 	  printf '%s\n'\
 	  "$i:"\
 	  "  - 127.0.0.1"\
-	  "" > "$firewall_pillar_path"/$i.sls
+	  "" > "$firewall_pillar_path"$i.sls
+	  echo "Added $i Template"
 	done
 }
 

From 88df4cc7aeb7649afdd99c6515d34502b5292148 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 5 May 2020 23:31:34 -0400
Subject: [PATCH 5/8] Fix location for files

---
 setup/so-functions | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup/so-functions b/setup/so-functions
index cebd1d86c..033c195f6 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -708,7 +708,7 @@ fireeye_pillar() {
 # Generate Firewall Templates
 firewall_generate_templates() {
 
-	local firewall_pillar_path=/opt/so/saltstack/salt/firewall/
+	local firewall_pillar_path=/opt/so/saltstack/pillar/firewall
 	mkdir -p "$firewall_pillar_path"
 
 	for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoints search_nodes wazuh_endpoint
@@ -716,7 +716,7 @@ firewall_generate_templates() {
 	  printf '%s\n'\
 	  "$i:"\
 	  "  - 127.0.0.1"\
-	  "" > "$firewall_pillar_path"$i.sls
+	  "" > "$firewall_pillar_path"/$i.sls
 	  echo "Added $i Template"
 	done
 }

From 1fa1277e31136f425676d58a4ebb55d7862d9aa3 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Wed, 6 May 2020 11:29:28 -0400
Subject: [PATCH 6/8] Fix for osquery firewall

---
 setup/so-functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index 033c195f6..edcf498c2 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -711,7 +711,7 @@ firewall_generate_templates() {
 	local firewall_pillar_path=/opt/so/saltstack/pillar/firewall
 	mkdir -p "$firewall_pillar_path"
 
-	for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoints search_nodes wazuh_endpoint
+	for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoint search_nodes wazuh_endpoint
 	do
 	  printf '%s\n'\
 	  "$i:"\

From bc6c8c833261e723da0530fe8325914ba7678530 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 6 May 2020 14:06:02 -0400
Subject: [PATCH 7/8] Remove Parsing Node

---
 setup/so-setup    | 2 +-
 setup/so-whiptail | 9 ++++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/setup/so-setup b/setup/so-setup
index da528fdc3..e91018780 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -73,7 +73,7 @@ elif [ "$install_type" = 'SENSOR' ]; then
 	is_sensor=true
 	is_minion=true
 	STRELKA=1
-elif [[ "$install_type" =~ ^('SEARCHNODE'|'PARSINGNODE'|'HOTNODE'|'WARMNODE')$ ]]; then
+elif [[ "$install_type" =~ ^('SEARCHNODE'|'HOTNODE'|'WARMNODE')$ ]]; then
 	is_node=true
 	is_minion=true
 elif [ "$install_type" = 'HEAVYNODE' ]; then
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 846c1b745..8572f930c 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -394,12 +394,11 @@ whiptail_install_type() {
 	"HEAVYNODE" "Sensor + Search Node" OFF \
 	"HELIXSENSOR" "Connect this sensor to FireEye Helix" OFF \
 	"FLEET" "Dedicated Fleet Osquery Node" OFF \
-	"HOTNODE" "TODO Add Hot Node (Search Node without Parsing)" OFF \
+	"HOTNODE" "TODO Add Hot Node (Uses Elastic Clustering)" OFF \
 	"WARMNODE" "TODO Add Warm Node to existing Hot or Search node" OFF \
-	"WAZUH" "TODO Stand Alone Wazuh Node" OFF \
-	"STRELKA" "TODO Stand Alone Strelka Node" OFF \
-	"PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF 3>&1 1>&2 2>&3 )
-
+	"WAZUH" "TODO Stand Alone Wazuh Server" OFF \
+	"STRELKA" "TODO Stand Alone Strelka Node" OFF 3>&1 1>&2 2>&3 )
+	
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 

From 80aca604771f49b2b78493b26ce19d6d21a46773 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Wed, 6 May 2020 14:27:34 -0400
Subject: [PATCH 8/8] Added Production Mode

---
 setup/so-setup    | 5 +++++
 setup/so-whiptail | 3 ++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/setup/so-setup b/setup/so-setup
index e91018780..2bdc8c881 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -62,6 +62,11 @@ if [ "$install_type" = 'EVAL' ]; then
 	is_master=true
 	is_sensor=true
 	is_eval=true
+elif [ "$install_type" = 'PROD' ]; then
+	is_master=true
+	is_distmaster=true
+	is_node=true
+	is_sensor=true
 elif [ "$install_type" = 'MASTERSEARCH' ]; then
 	is_master=true
 	is_distmaster=true
diff --git a/setup/so-whiptail b/setup/so-whiptail
index 8572f930c..28b244b85 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -390,6 +390,7 @@ whiptail_install_type() {
 	"SEARCHNODE" "Add a Search Node with parsing" OFF \
 	"MASTER" "Start a new grid" OFF \
 	"EVAL" "Evaluate all the things" OFF \
+	"PROD" "Standalone full install of everything" OFF \
 	"MASTERSEARCH" "Master + Search Node" OFF \
 	"HEAVYNODE" "Sensor + Search Node" OFF \
 	"HELIXSENSOR" "Connect this sensor to FireEye Helix" OFF \
@@ -398,7 +399,7 @@ whiptail_install_type() {
 	"WARMNODE" "TODO Add Warm Node to existing Hot or Search node" OFF \
 	"WAZUH" "TODO Stand Alone Wazuh Server" OFF \
 	"STRELKA" "TODO Stand Alone Strelka Node" OFF 3>&1 1>&2 2>&3 )
-	
+
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus