From e75f8ba2575f6fa9aefa9ddd3c24832c8bf9941b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 09:39:29 -0400 Subject: [PATCH 1/6] [fix] Move root check to top of so-setup --- setup/so-functions | 9 --------- setup/so-setup | 8 ++++++++ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 3c056d23f..2505e1616 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1003,15 +1003,6 @@ get_redirect() { fi } -got_root() { - # Make sure you are root - uid="$(id -u)" - if [ "$uid" -ne 0 ]; then - echo "This script must be run using sudo!" - exit 1 - fi -} - get_minion_type() { local minion_type case "$install_type" in diff --git a/setup/so-setup b/setup/so-setup index 1c46a8bf9..093b1d1fb 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -15,7 +15,15 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +# Make sure you are root before doing anything +uid="$(id -u)" +if [ "$uid" -ne 0 ]; then + echo "This script must be run using sudo!" + exit 1 +fi + cd "$(dirname "$0")" || exit 255 + source ./so-functions source ./so-common-functions source ./so-whiptail From 83c23dd5de3d392731110872653264f0b3a58e28 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 11:20:39 -0400 Subject: [PATCH 2/6] [fix] Remove old got_root call --- setup/so-setup | 2 -- 1 file changed, 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 093b1d1fb..f8a33a947 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -116,8 +116,6 @@ esac # Allow execution of SO tools during setup export PATH=$PATH:../salt/common/tools/sbin -got_root - detect_os && detect_cloud set_network_dev_status_list From 5054138be9323bd506c3b70447fb77f478d3516c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 11:21:03 -0400 Subject: [PATCH 3/6] [feat] Add analyst option + add back helix option --- setup/so-setup | 4 ++++ setup/so-whiptail | 60 +++++++++++++++++++++++++++++++++++------------ 2 files changed, 49 insertions(+), 15 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index f8a33a947..e1ba7cf00 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -191,6 +191,10 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then is_helix=true elif [ "$install_type" = 'IMPORT' ]; then is_import=true +elif [ "$install_type" = 'ANALYST' ]; then + cd "$(dirname "$0")/../" || exit 255 + ./so-analyst-install + exit 0 fi # Say yes to the dress if its an ISO install diff --git a/setup/so-whiptail b/setup/so-whiptail index 0401146af..4ad09e073 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -560,11 +560,12 @@ whiptail_install_type() { # What kind of install are we doing? install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose install type:" 10 65 4 \ + "Choose install type:" 10 65 5 \ "EVAL" "Evaluation mode (not for production) " ON \ "STANDALONE" "Standalone production install " OFF \ "DISTRIBUTED" "Distributed install submenu " OFF \ "IMPORT" "Standalone to import PCAP or log files " OFF \ + "OTHER" "Other install types" OFF \ 3>&1 1>&2 2>&3 ) @@ -572,21 +573,50 @@ whiptail_install_type() { whiptail_check_exitstatus $exitstatus if [[ $install_type == "DISTRIBUTED" ]]; then - install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose distributed node type:" 13 60 6 \ - "MANAGER" "Start a new grid " ON \ - "SENSOR" "Create a forward only sensor " OFF \ - "SEARCHNODE" "Add a search node with parsing " OFF \ - "MANAGERSEARCH" "Manager + search node " OFF \ - "FLEET" "Dedicated Fleet Osquery Node " OFF \ - "HEAVYNODE" "Sensor + Search Node " OFF \ - 3>&1 1>&2 2>&3 - # "HOTNODE" "Add Hot Node (Uses Elastic Clustering)" OFF \ # TODO - # "WARMNODE" "Add Warm Node to existing Hot or Search node" OFF \ # TODO - # "WAZUH" "Stand Alone Wazuh Server" OFF \ # TODO - # "STRELKA" "Stand Alone Strelka Node" OFF \ # TODO - ) + whiptail_install_type_dist fi + if [[ $install_type == "OTHER" ]]; then + whiptail_install_type_other + fi + + export install_type +} + +whiptail_install_type_dist() { + + [ -n "$TESTING" ] && return + + install_type=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose distributed node type:" 13 60 6 \ + "MANAGER" "Start a new grid " ON \ + "SENSOR" "Create a forward only sensor " OFF \ + "SEARCHNODE" "Add a search node with parsing " OFF \ + "MANAGERSEARCH" "Manager + search node " OFF \ + "FLEET" "Dedicated Fleet Osquery Node " OFF \ + "HEAVYNODE" "Sensor + Search Node " OFF \ + 3>&1 1>&2 2>&3 + # "HOTNODE" "Add Hot Node (Uses Elastic Clustering)" OFF \ # TODO + # "WARMNODE" "Add Warm Node to existing Hot or Search node" OFF \ # TODO + # "WAZUH" "Stand Alone Wazuh Server" OFF \ # TODO + # "STRELKA" "Stand Alone Strelka Node" OFF \ # TODO + ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + + export install_type +} + +whiptail_install_type_other() { + + [ -n "$TESTING" ] && return + + install_type=$(whiptail --title "Security Onion Setup" --radiolist \ + "Choose distributed node type:" 13 60 2 \ + "ANALYST" "Quit setup and run the installer for an analyst workstation" ON \ + "HELIXSENSOR" "Create a Helix sensor" OFF \ + 3>&1 1>&2 2>&3 + ) local exitstatus=$? whiptail_check_exitstatus $exitstatus From 970be4d530352d382d62aad61bd1a7cc7b6a2331 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 12:13:07 -0400 Subject: [PATCH 4/6] [fix] Change cd to relative Since the script already changes to the correct dir, we can work from relative directories now. --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index e1ba7cf00..2d48f88d8 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -192,7 +192,7 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then elif [ "$install_type" = 'IMPORT' ]; then is_import=true elif [ "$install_type" = 'ANALYST' ]; then - cd "$(dirname "$0")/../" || exit 255 + cd .. || exit 255 ./so-analyst-install exit 0 fi From 72dc267ab51092eec22e4c1fff1b223950b395b5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 12:14:44 -0400 Subject: [PATCH 5/6] [fix] Menu sizing fixes --- setup/so-whiptail | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 4ad09e073..9d2b2fcd6 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -560,7 +560,7 @@ whiptail_install_type() { # What kind of install are we doing? install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose install type:" 10 65 5 \ + "Choose install type:" 12 65 5 \ "EVAL" "Evaluation mode (not for production) " ON \ "STANDALONE" "Standalone production install " OFF \ "DISTRIBUTED" "Distributed install submenu " OFF \ @@ -612,9 +612,9 @@ whiptail_install_type_other() { [ -n "$TESTING" ] && return install_type=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose distributed node type:" 13 60 2 \ - "ANALYST" "Quit setup and run the installer for an analyst workstation" ON \ - "HELIXSENSOR" "Create a Helix sensor" OFF \ + "Choose distributed node type:" 9 65 2 \ + "ANALYST" "Quit setup and run so-analyst-install " ON \ + "HELIXSENSOR" "Create a Helix sensor " OFF \ 3>&1 1>&2 2>&3 ) From a043bc7cc4ad8c44306db18fe4fb01e55cdb226b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 27 Oct 2020 12:16:19 -0400 Subject: [PATCH 6/6] [fix] Second if to elif --- setup/so-whiptail | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 9d2b2fcd6..a6369c9b5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -574,8 +574,7 @@ whiptail_install_type() { if [[ $install_type == "DISTRIBUTED" ]]; then whiptail_install_type_dist - fi - if [[ $install_type == "OTHER" ]]; then + elif [[ $install_type == "OTHER" ]]; then whiptail_install_type_other fi