From 4af2f6d84ac630f5e3bbf0a1e1da152d57f8fbfe Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 24 Jun 2021 09:49:57 -0400 Subject: [PATCH 01/10] Fix airgap check --- salt/common/tools/sbin/so-common | 13 ------------- salt/common/tools/sbin/soup | 13 +++++++++++++ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 7fb17092f..341f9a55a 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -88,19 +88,6 @@ add_interface_bond0() { fi } -check_airgap() { - # See if this is an airgap install - AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap: | awk '{print $2}') - if [[ "$AIRGAP" == "True" ]]; then - is_airgap=0 - UPDATE_DIR=/tmp/soagupdate/SecurityOnion - AGDOCKER=/tmp/soagupdate/docker - AGREPO=/tmp/soagupdate/Packages - else - is_airgap=1 - fi -} - check_container() { docker ps | grep "$1:" > /dev/null 2>&1 return $? diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index c1e25b208..b7104f759 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -168,6 +168,19 @@ update_registry() { salt-call state.apply registry queue=True } +check_airgap() { + # See if this is an airgap install + AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap: | awk '{print $2}') + if [[ "$AIRGAP" == "True" ]]; then + is_airgap=0 + UPDATE_DIR=/tmp/soagupdate/SecurityOnion + AGDOCKER=/tmp/soagupdate/docker + AGREPO=/tmp/soagupdate/Packages + else + is_airgap=1 + fi +} + check_sudoers() { if grep -q "so-setup" /etc/sudoers; then echo "There is an entry for so-setup in the sudoers file, this can be safely deleted using \"visudo\"." From 66e88cef42de09b182680951a5858f9f06534001 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 24 Jun 2021 10:03:38 -0400 Subject: [PATCH 02/10] Move up script verification --- salt/common/tools/sbin/soup | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index b7104f759..cad6821e4 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -773,6 +773,10 @@ main() { check_airgap echo "Found that Security Onion $INSTALLEDVERSION is currently installed." echo "" + echo "" + echo "Verifying we have the latest soup script." + verify_latest_update_script + echo "" set_os set_palette check_elastic_license @@ -787,10 +791,6 @@ main() { clone_to_tmp fi check_os_updates - echo "" - echo "Verifying we have the latest soup script." - verify_latest_update_script - echo "" echo "Generating new repo archive" generate_and_clean_tarballs From 2681903c9396c7c9f1294c671c613109a015271e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 24 Jun 2021 10:24:00 -0400 Subject: [PATCH 03/10] Move up script verification --- salt/common/tools/sbin/soup | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index cad6821e4..c2d3a33e4 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -775,6 +775,11 @@ main() { echo "" echo "" echo "Verifying we have the latest soup script." + if [ -f /usr/sbin/so-image-common ]; then + . /usr/sbin/so-image-common + else + add_common + fi verify_latest_update_script echo "" set_os From a1ec40b54729b44cef64573d4aa73226e6ccb7a7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 24 Jun 2021 10:52:27 -0400 Subject: [PATCH 04/10] Revert "Move up script verification" This reverts commit 2681903c9396c7c9f1294c671c613109a015271e. --- salt/common/tools/sbin/soup | 5 ----- 1 file changed, 5 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index c2d3a33e4..cad6821e4 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -775,11 +775,6 @@ main() { echo "" echo "" echo "Verifying we have the latest soup script." - if [ -f /usr/sbin/so-image-common ]; then - . /usr/sbin/so-image-common - else - add_common - fi verify_latest_update_script echo "" set_os From 930d5b3627eccc39f77f47323b5c638e7c58e858 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 24 Jun 2021 10:52:53 -0400 Subject: [PATCH 05/10] Revert "Move up script verification" This reverts commit 66e88cef42de09b182680951a5858f9f06534001. --- salt/common/tools/sbin/soup | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index cad6821e4..b7104f759 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -773,10 +773,6 @@ main() { check_airgap echo "Found that Security Onion $INSTALLEDVERSION is currently installed." echo "" - echo "" - echo "Verifying we have the latest soup script." - verify_latest_update_script - echo "" set_os set_palette check_elastic_license @@ -791,6 +787,10 @@ main() { clone_to_tmp fi check_os_updates + echo "" + echo "Verifying we have the latest soup script." + verify_latest_update_script + echo "" echo "Generating new repo archive" generate_and_clean_tarballs From 3c85db1769670aeaa6dcfb4ce99f602f6d228f95 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 24 Jun 2021 11:04:56 -0400 Subject: [PATCH 06/10] Fix regression --- salt/common/tools/sbin/soup | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index b7104f759..fc9a4aa7e 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -771,26 +771,28 @@ main() { echo "Checking to see if this is an airgap install" echo "" check_airgap + echo "Update dir is $UPDATEDIR" echo "Found that Security Onion $INSTALLEDVERSION is currently installed." echo "" - set_os - set_palette - check_elastic_license - echo "" if [[ $is_airgap -eq 0 ]]; then # Let's mount the ISO since this is airgap + echo "This is airgap. Ask for a location." airgap_mounted else echo "Cloning Security Onion github repo into $UPDATE_DIR." echo "Removing previous upgrade sources." rm -rf $UPDATE_DIR + echo "Cloning the Security Onion Repo." clone_to_tmp fi - check_os_updates - echo "" echo "Verifying we have the latest soup script." verify_latest_update_script echo "" + set_os + set_palette + check_elastic_license + echo "" + check_os_updates echo "Generating new repo archive" generate_and_clean_tarballs From 42a63f8ea597ae7212bf0406987ba8bd585be2a0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 24 Jun 2021 11:15:16 -0400 Subject: [PATCH 07/10] remove a net check --- salt/common/tools/sbin/soup | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index fc9a4aa7e..fc57b7ac6 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -288,9 +288,7 @@ clone_to_tmp() { if [ -n "$BRANCH" ]; then SOUP_BRANCH="-b $BRANCH" fi - set +e - run_check_net_err "git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git" "Could not clone repo, please ensure network access to https://github.com" - set -e + git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git cd /tmp if [ ! -f $UPDATE_DIR/VERSION ]; then echo "Update was unable to pull from github. Please check your internet." From bdd1074be72eaf01736031cbe8cf956211741360 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 24 Jun 2021 11:24:12 -0400 Subject: [PATCH 08/10] remove a net check --- salt/common/tools/sbin/soup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index fc57b7ac6..a671bd9a5 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -18,6 +18,7 @@ . /usr/sbin/so-common UPDATE_DIR=/tmp/sogh/securityonion +DEFAULT_SALT_DIR=/opt/so/saltstack/default INSTALLEDVERSION=$(cat /etc/soversion) POSTVERSION=$INSTALLEDVERSION INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk '{print $2}') @@ -731,6 +732,7 @@ verify_latest_update_script() { echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup and its components. Might take multiple runs to complete" + echo "Can I see $UPDATE_DIR" cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ From 81bb7c6534da887bdaef3763d3080ac8e4bfda69 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 24 Jun 2021 11:32:01 -0400 Subject: [PATCH 09/10] remove a net check --- salt/common/tools/sbin/soup | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index a671bd9a5..47bff57e1 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -745,6 +745,7 @@ verify_latest_update_script() { main() { set -e + set +e trap 'check_err $?' EXIT echo "### Preparing soup at $(date) ###" @@ -808,7 +809,7 @@ main() { echo "Checking for Salt Master and Minion updates." upgrade_check_salt - + set -e if [ "$is_hotfix" == "true" ]; then echo "Applying $HOTFIXVERSION" From 3f8cb23cf6ef274a66c20551eec6e0d982b7f4de Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 24 Jun 2021 13:29:16 -0400 Subject: [PATCH 10/10] remove some debug statements --- salt/common/tools/sbin/soup | 2 -- 1 file changed, 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 47bff57e1..c2f5a7f08 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -732,7 +732,6 @@ verify_latest_update_script() { echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup and its components. Might take multiple runs to complete" - echo "Can I see $UPDATE_DIR" cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ @@ -772,7 +771,6 @@ main() { echo "Checking to see if this is an airgap install" echo "" check_airgap - echo "Update dir is $UPDATEDIR" echo "Found that Security Onion $INSTALLEDVERSION is currently installed." echo "" if [[ $is_airgap -eq 0 ]]; then