diff --git a/setup/so-functions b/setup/so-functions index 3c056d23f..2505e1616 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1003,15 +1003,6 @@ get_redirect() { fi } -got_root() { - # Make sure you are root - uid="$(id -u)" - if [ "$uid" -ne 0 ]; then - echo "This script must be run using sudo!" - exit 1 - fi -} - get_minion_type() { local minion_type case "$install_type" in diff --git a/setup/so-setup b/setup/so-setup index 1c46a8bf9..2d48f88d8 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -15,7 +15,15 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +# Make sure you are root before doing anything +uid="$(id -u)" +if [ "$uid" -ne 0 ]; then + echo "This script must be run using sudo!" + exit 1 +fi + cd "$(dirname "$0")" || exit 255 + source ./so-functions source ./so-common-functions source ./so-whiptail @@ -108,8 +116,6 @@ esac # Allow execution of SO tools during setup export PATH=$PATH:../salt/common/tools/sbin -got_root - detect_os && detect_cloud set_network_dev_status_list @@ -185,6 +191,10 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then is_helix=true elif [ "$install_type" = 'IMPORT' ]; then is_import=true +elif [ "$install_type" = 'ANALYST' ]; then + cd .. || exit 255 + ./so-analyst-install + exit 0 fi # Say yes to the dress if its an ISO install diff --git a/setup/so-whiptail b/setup/so-whiptail index 0401146af..a6369c9b5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -560,11 +560,12 @@ whiptail_install_type() { # What kind of install are we doing? install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose install type:" 10 65 4 \ + "Choose install type:" 12 65 5 \ "EVAL" "Evaluation mode (not for production) " ON \ "STANDALONE" "Standalone production install " OFF \ "DISTRIBUTED" "Distributed install submenu " OFF \ "IMPORT" "Standalone to import PCAP or log files " OFF \ + "OTHER" "Other install types" OFF \ 3>&1 1>&2 2>&3 ) @@ -572,22 +573,50 @@ whiptail_install_type() { whiptail_check_exitstatus $exitstatus if [[ $install_type == "DISTRIBUTED" ]]; then - install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose distributed node type:" 13 60 6 \ - "MANAGER" "Start a new grid " ON \ - "SENSOR" "Create a forward only sensor " OFF \ - "SEARCHNODE" "Add a search node with parsing " OFF \ - "MANAGERSEARCH" "Manager + search node " OFF \ - "FLEET" "Dedicated Fleet Osquery Node " OFF \ - "HEAVYNODE" "Sensor + Search Node " OFF \ - 3>&1 1>&2 2>&3 - # "HOTNODE" "Add Hot Node (Uses Elastic Clustering)" OFF \ # TODO - # "WARMNODE" "Add Warm Node to existing Hot or Search node" OFF \ # TODO - # "WAZUH" "Stand Alone Wazuh Server" OFF \ # TODO - # "STRELKA" "Stand Alone Strelka Node" OFF \ # TODO - ) + whiptail_install_type_dist + elif [[ $install_type == "OTHER" ]]; then + whiptail_install_type_other fi + export install_type +} + +whiptail_install_type_dist() { + + [ -n "$TESTING" ] && return + + install_type=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose distributed node type:" 13 60 6 \ + "MANAGER" "Start a new grid " ON \ + "SENSOR" "Create a forward only sensor " OFF \ + "SEARCHNODE" "Add a search node with parsing " OFF \ + "MANAGERSEARCH" "Manager + search node " OFF \ + "FLEET" "Dedicated Fleet Osquery Node " OFF \ + "HEAVYNODE" "Sensor + Search Node " OFF \ + 3>&1 1>&2 2>&3 + # "HOTNODE" "Add Hot Node (Uses Elastic Clustering)" OFF \ # TODO + # "WARMNODE" "Add Warm Node to existing Hot or Search node" OFF \ # TODO + # "WAZUH" "Stand Alone Wazuh Server" OFF \ # TODO + # "STRELKA" "Stand Alone Strelka Node" OFF \ # TODO + ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + export install_type +} + +whiptail_install_type_other() { + + [ -n "$TESTING" ] && return + + install_type=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose distributed node type:" 9 65 2 \ + "ANALYST" "Quit setup and run so-analyst-install " ON \ + "HELIXSENSOR" "Create a Helix sensor " OFF \ + 3>&1 1>&2 2>&3 + ) + local exitstatus=$? whiptail_check_exitstatus $exitstatus