Merge branch 'dev' into quickfix/helix

salt/common/tools/sbin/so-allow

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-checkin

@@ -1 +1,20 @@
-sudo salt-call state.highstate
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+salt-call state.highstate

salt/common/tools/sbin/so-cortex-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-cortex-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-cortex-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-curator-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-curator-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-curator-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-elastalert-create

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or

salt/common/tools/sbin/so-elastalert-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-elastalert-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-elastalert-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-elastalert-test

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or

salt/common/tools/sbin/so-elastic-diagnose

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-elasticsearch-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-elasticsearch-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-elasticsearch-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-filebeat-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-filebeat-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-filebeat-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-fleet-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-fleet-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-fleet-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-get-parsed

@@ -1 +0,0 @@
-sudo docker exec -it so-redis redis-cli llen logstash:unparsed

salt/common/tools/sbin/so-get-unparsed

@@ -1 +0,0 @@
-sudo docker exec -it so-redis redis-cli llen logstash:unparsed

salt/common/tools/sbin/so-grafana-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-grafana-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-grafana-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-index-list

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+curl -X GET "localhost:9200/_cat/indices?v"

salt/common/tools/sbin/so-kibana-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-kibana-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-kibana-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-list-index

@@ -1 +0,0 @@
-curl -X GET "localhost:9200/_cat/indices?v"

salt/common/tools/sbin/so-logstash-get-parsed

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+docker exec -it so-redis redis-cli llen logstash:unparsed

salt/common/tools/sbin/so-logstash-get-unparsed

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+docker exec -it so-redis redis-cli llen logstash:unparsed

salt/common/tools/sbin/so-logstash-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-logstash-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-mysql-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-mysql-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-mysql-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-playbook-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-playbook-ruleupdate

@@ -1 +1,20 @@
-sudo docker exec so-soctopus python3 playbook_bulk-update.py
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+docker exec so-soctopus python3 playbook_bulk-update.py

salt/common/tools/sbin/so-playbook-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-playbook-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-playbook-sync

@@ -1 +1,20 @@
-sudo docker exec so-soctopus python3 playbook_play-sync.py
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+docker exec so-soctopus python3 playbook_play-sync.py

salt/common/tools/sbin/so-redis-count

@@ -1 +1,20 @@
-sudo docker exec -it so-redis redis-cli llen logstash:unparsed
+#!/bin/bash
+
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+docker exec -it so-redis redis-cli llen logstash:unparsed

salt/common/tools/sbin/so-redis-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-redis-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-redis-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-soctopus-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-soctopus-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-soctopus-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-tcpreplay

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 #    This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-tcpreplay-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-tcpreplay-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 #    This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-thehive-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-thehive-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-thehive-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-zeek-restart

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-zeek-start

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/common/tools/sbin/so-zeek-stop

@@ -1,5 +1,5 @@
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

salt/deprecated-bro/cron/zeek_clean

@@ -1,4 +1,5 @@
 #!/bin/bash
+
 # Delete Zeek Logs based on defined CRIT_DISK_USAGE value
 
 # Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC

salt/fleet/so-fleet-setup.sh

@@ -1,3 +1,5 @@
+#!/bin/bash
+
 #so-fleet-setup.sh $MasterIP $FleetEmail
 
 if [ ! "$(docker ps -q -f name=so-fleet)" ]; then
@@ -16,7 +18,7 @@ docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/o
 docker exec so-fleet fleetctl apply -f /packs/hh/hhdefault.yml
 docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/packs/*.yaml; do fleetctl apply -f "$pack"; done'
 
-esecret=$(sudo docker exec so-fleet fleetctl get enroll-secret)
+esecret=$(docker exec so-fleet fleetctl get enroll-secret)
 
 #Concat fleet.crt & ca.crt  - this is required for launcher connectivity
 cat /etc/pki/fleet.crt /etc/pki/ca.crt > /etc/pki/launcher.crt

salt/hive/init.sls

@@ -96,7 +96,7 @@ so-cortex:
 
 cortexscript:
   cmd.script:
-    - source: salt://hive/thehive/scripts/cortex_init.sh
+    - source: salt://hive/thehive/scripts/cortex_init
     - cwd: /opt/so
     - template: jinja
 
@@ -115,6 +115,6 @@ so-thehive:
 
 hivescript:
   cmd.script:
-    - source: salt://hive/thehive/scripts/hive_init.sh
+    - source: salt://hive/thehive/scripts/hive_init
     - cwd: /opt/so
     - template: jinja

salt/hive/thehive/scripts/cortex_init

@@ -1,5 +1,5 @@
 #!/bin/bash
-{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
+{% set MASTERIP = salt['pillar.get']('static:masterip', '') %}
 {%- set CORTEXUSER = salt['pillar.get']('static:cortexuser', '') %}
 {%- set CORTEXPASSWORD = salt['pillar.get']('static:cortexpassword', '') %}
 {%- set CORTEXKEY = salt['pillar.get']('static:cortexkey', '') %}

salt/hive/thehive/scripts/hive_init

@@ -1,5 +1,5 @@
 #!/bin/bash
-{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
+{% set MASTERIP = salt['pillar.get']('static:masterip', '') %}
 {%- set HIVEUSER = salt['pillar.get']('static:hiveuser', '') %}
 {%- set HIVEPASSWORD = salt['pillar.get']('static:hivepassword', '') %}
 {%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}

salt/logstash/conf/pipelines/eval/0800_input_eval.conf

@@ -188,6 +188,7 @@ input {
   file {
     path => "/osquery/logs/result.log"
     type => "osquery"
+    tags => ["osquery"]
   }
   file {
     path => "/strelka/strelka.log"

salt/logstash/conf/pipelines/eval/templates/9100_output_osquery.conf

@@ -3,11 +3,24 @@
 {%- else %}
 {%- set ES = salt['pillar.get']('node:mainip', '') -%}
 {%- endif %}
-# Author: Josh Brower
+# Author: Security Onion Solutions
-# Last Update: 12/29/2018
+# Last Update: 2/3/2020
-# Output to ES for osquery tagged logs
+# Output to ES for osquery tagged logs - EVAL install
 
 
+filter {
+    if "osquery" in [tags] {
+    mutate {
+      rename => { "host" => "beat_host" }
+      remove_tag => ["beat"]
+                }
+   json {
+    source => "message"
+    target => "osquery"
+        }
+  }
+}
+
 output {
   if "osquery" in [tags] {
     elasticsearch {

salt/master/files/registry/scripts/so-docker-download

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 MASTER={{ MASTER }}
-VERSION="HH1.1.3"
+VERSION="HH1.1.4"
 TRUSTED_CONTAINERS=( \
 "so-core:$VERSION" \
 "so-cyberchef:$VERSION" \

salt/utility/bin/crossthestream

@@ -1,5 +1,7 @@
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+#!/bin/bash
+{% set ES = salt['pillar.get']('master:mainip', '') %}
 {%- set MASTER = grains['master'] %}
+
 # Wait for ElasticSearch to come up, so that we can query for version infromation
 echo -n "Waiting for ElasticSearch..."
 COUNT=0
@@ -18,7 +20,7 @@ while [[ "$COUNT" -le 30 ]]; do
 done
 if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
   echo
-  echo -e "Connection attempt timed out.  Unable to connect to ElasticSearch.  \nPlease try: \n  -checking log(s) in /var/log/elasticsearch/\n  -running 'sudo docker ps' \n  -running 'sudo so-elastic-restart'"
+  echo -e "Connection attempt timed out.  Unable to connect to ElasticSearch.  \nPlease try: \n  -checking log(s) in /var/log/elasticsearch/\n  -running 'docker ps' \n  -running 'sudo so-elastic-restart'"
   echo
 
   exit

salt/utility/bin/eval

@@ -1,4 +1,6 @@
-{%- set ES = salt['pillar.get']('master:mainip', '') -%}
+#!/bin/bash
+{% set ES = salt['pillar.get']('master:mainip', '') %}
+
 # Wait for ElasticSearch to come up, so that we can query for version infromation
 echo -n "Waiting for ElasticSearch..."
 COUNT=0
@@ -17,7 +19,7 @@ while [[ "$COUNT" -le 30 ]]; do
 done
 if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
   echo
-  echo -e "Connection attempt timed out.  Unable to connect to ElasticSearch.  \nPlease try: \n  -checking log(s) in /var/log/elasticsearch/\n  -running 'sudo docker ps' \n  -running 'sudo so-elastic-restart'"
+  echo -e "Connection attempt timed out.  Unable to connect to ElasticSearch.  \nPlease try: \n  -checking log(s) in /var/log/elasticsearch/\n  -running 'docker ps' \n  -running 'sudo so-elastic-restart'"
   echo
 
   exit

salt/utility/init.sls

@@ -6,7 +6,7 @@ crossclusterson:
     - shell: /bin/bash
     - cwd: /opt/so
     - runas: socore
-    - source: salt://utility/bin/crossthestreams.sh
+    - source: salt://utility/bin/crossthestreams
     - template: jinja
 
 {% endif %}
@@ -16,6 +16,6 @@ fixsearch:
     - shell: /bin/bash
     - cwd: /opt/so
     - runas: socore
-    - source: salt://utility/bin/eval.sh
+    - source: salt://utility/bin/eval
     - template: jinja
 {% endif %}

salt/wazuh/files/wazuh-manager-whitelist

@@ -1,6 +1,6 @@
 {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
 #!/bin/bash
-#
+
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify

setup/so-functions

@@ -16,7 +16,7 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 SCRIPTDIR=$(dirname "$0")
-source $SCRIPTDIR/whiptail.sh
+source $SCRIPTDIR/so-whiptail
 
 accept_salt_key_local() {
   echo "Accept the key locally on the master" >> $SETUPLOG 2>&1
@@ -759,11 +759,11 @@ network_setup() {
   echo "... Setting ONBOOT for management interface" >> $SETUPLOG 2>&1
   nmcli con mod $MAININT connection.autoconnect "yes" >> $SETUPLOG 2>&1
 
-  echo "... Copying disable-checksum-offload.sh" >> $SETUPLOG 2>&1
+  echo "... Copying 00-so-checksum-offload-disable" >> $SETUPLOG 2>&1
-  cp $SCRIPTDIR/install_scripts/disable-checksum-offload.sh /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh  >> $SETUPLOG 2>&1
+  cp $SCRIPTDIR/install_scripts/00-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/00-so-checksum-offload-disable  >> $SETUPLOG 2>&1
 
-  echo "... Modifying disable-checksum-offload.sh" >> $SETUPLOG 2>&1
+  echo "... Modifying 00-so-checksum-offload-disable" >> $SETUPLOG 2>&1
-  sed -i "s/\$MAININT/${MAININT}/g" /etc/NetworkManager/dispatcher.d/disable-checksum-offload.sh >> $SETUPLOG 2>&1
+  sed -i "s/\$MAININT/${MAININT}/g" /etc/NetworkManager/dispatcher.d/00-so-checksum-offload-disable >> $SETUPLOG 2>&1
 }
 
 node_pillar() {
@@ -1109,7 +1109,7 @@ salt_checkin() {
   service salt-minion restart >> $SETUPLOG 2>&1
   sleep 15
   echo " Applyng a mine hack "
-  sudo salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt >> $SETUPLOG 2>&1
+  salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt >> $SETUPLOG 2>&1
   echo " Applying SSL state "
   salt-call state.apply ssl >> $SETUPLOG 2>&1
   echo "Still Working... Hang in there"
@@ -1361,9 +1361,9 @@ update_sudoers() {
 
   if ! grep -qE '^socore\ ALL=\(ALL\)\ NOPASSWD:(\/usr\/bin\/salt\-key|\/opt\/so\/saltstack)' /etc/sudoers; then
     # Update Sudoers so that socore can accept keys without a password
-    echo "socore ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | sudo tee -a /etc/sudoers
+    echo "socore ALL=(ALL) NOPASSWD:/usr/bin/salt-key" | tee -a /etc/sudoers
-    echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | sudo tee -a /etc/sudoers
+    echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/firewall/addfirewall.sh" | tee -a /etc/sudoers
-    echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | sudo tee -a /etc/sudoers
+    echo "socore ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers
   else
     echo "User socore already granted sudo privileges"
   fi

setup/so-setup

@@ -17,8 +17,8 @@
 
 # Source the other pieces of the setup
 SCRIPTDIR=$(dirname "$0")
-source $SCRIPTDIR/functions.sh
+source $SCRIPTDIR/so-functions
-source $SCRIPTDIR/whiptail.sh
+source $SCRIPTDIR/so-whiptail
 
 # See if this is an ISO install
 OPTIONS=$1

so-setup-network

@@ -15,4 +15,6 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-cd setup && bash so-setup.sh network
+cd setup
+
+./so-setup network