From 7a3c7322fc653fab331ba316ef845c86b95ad3b4 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 29 Jan 2021 15:36:50 -0500 Subject: [PATCH 1/8] [fix] Only check for ZEEKVERSION on manager installs --- setup/so-setup | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index ed0afe354..dc2a4a96b 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -459,7 +459,12 @@ if [[ $is_sensor && ! $is_eval ]]; then collect_homenet_snsr whiptail_sensor_config if [ $NSMSETUP == 'ADVANCED' ]; then - [[ $ZEEKVERSION == "ZEEK" ]] && whiptail_zeek_pins + if [[ $is_manager ]]; then + [[ $ZEEKVERSION == "ZEEK" ]] && whiptail_zeek_pins + else + whiptail_zeek_pins + fi + whiptail_suricata_pins collect_mtu else @@ -469,7 +474,13 @@ if [[ $is_sensor && ! $is_eval ]]; then else PROCS=$lb_procs fi - [[ $ZEEKVERSION == "ZEEK" ]] && collect_zeek + + if [[ $is_manager ]]; then + [[ $ZEEKVERSION == "ZEEK" ]] && collect_zeek + else + collect_zeek + fi + collect_suri fi fi From 36ce38920227e426b0b6a161e847fa3a4c4750c9 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 1 Feb 2021 10:55:14 -0500 Subject: [PATCH 2/8] Remove wait_for_apt, use common retry function to run apt commands --- salt/common/tools/sbin/so-common | 45 ------------ setup/so-functions | 121 +++++++++++-------------------- setup/so-setup | 2 +- 3 files changed, 45 insertions(+), 123 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index b1db4c04c..9d42cb797 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -248,51 +248,6 @@ retry() { return 1 } -wait_for_apt() { - local progress_callback=$1 - - local retry_count=30 - local retry_timeout='10s' - local lock_msg="Could not acquire dpkg lock, waiting $retry_timeout for lock to release." - if [[ -z $progress_callback ]]; then - if [[ -z $progress_bar_text ]]; then - local old_text="Installing..." - else - local old_text="$progress_bar_text" - fi - fi - local count=0 - while [[ "$count" -lt "$retry_count" ]]; do - ((count++)) - [[ -z $progress_callback ]] && echo "Attempting to acquire dpkg lock to run apt command... (Attempt $count/$retry_count)" - if __check_apt_lock; then - if [[ -z $progress_callback ]]; then - echo " $lock_msg" | tee -a "$setup_log" - else - $progress_callback "Could not acquire dpkg lock, waiting $retry_timeout ($count/$retry_count)" - fi - else - [[ -z $progress_callback ]] || $progress_callback "$old_text" - return 0 - fi - sleep "$retry_timeout" - done - - if __check_apt_lock; then - [[ -z $progress_callback ]] && echo "Could not acquire lock after $retry_count attempts, aborting." - return 1 - else - return 0 - fi -} - -__check_apt_lock() { - lsof /var/lib/dpkg/lock &> /dev/null - local lock=$? - - return $lock -} - valid_cidr() { # Verify there is a backslash in the string echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1 diff --git a/setup/so-functions b/setup/so-functions index 379cb6e30..2d035ae2c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -965,13 +965,13 @@ installer_prereq_packages() { echo "Installing required packages to run installer..." # Install network manager so we can do interface stuff if ! command -v nmcli > /dev/null 2>&1; then - if wait_for_apt; then apt-get install -y network-manager >> "$setup_log" 2<&1; else exit 1; fi + retry 50 10 "apt-get install -y network-manager" >> "$setup_log" 2>&1 || exit 1 { systemctl enable NetworkManager systemctl start NetworkManager } >> "$setup_log" 2<&1 fi - if wait_for_apt; then apt-get install -y bc curl >> "$setup_log" 2>&1; else exit 1; fi + retry 50 10 "apt-get install -y bc curl" >> "$setup_log" 2>&1 || exit 1 fi } @@ -1041,28 +1041,19 @@ docker_install() { else case "$install_type" in 'MANAGER' | 'EVAL' | 'STANDALONE' | 'MANAGERSEARCH' | 'IMPORT') - if wait_for_apt 'whiptail_prog_new_message'; then apt-get update >> "$setup_log" 2>&1; else kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1; fi + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 ;; *) - if wait_for_apt 'whiptail_prog_new_message'; then - { - apt-key add "$temp_install_dir"/gpg/docker.pub; - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"; - apt-get update; - } >> "$setup_log" 2>&1 - else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - fi + retry 50 10 "apt-key add $temp_install_dir/gpg/docker.pub" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"" >> "$setup_log" 2>&1 \ + || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 ;; esac - if wait_for_apt 'whiptail_prog_new_message'; then - if [ $OSVER != "xenial" ]; then - apt-get -y install docker-ce python3-docker >> "$setup_log" 2>&1 - else - apt-get -y install docker-ce python-docker >> "$setup_log" 2>&1 - fi + if [ $OSVER != "xenial" ]; then + retry 50 10 "apt-get -y install docker-ce python3-docker" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install docker-ce python-docker" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi fi docker_registry @@ -1873,11 +1864,7 @@ remove_package() { fi else if dpkg -l | grep -q "$package_name"; then - if wait_for_apt 'whiptail_prog_new_message'; then - apt purge -y "$package_name" - else - exit 1 - fi + retry 50 10 "apt purge -y \"$package_name\"" fi fi } @@ -1964,9 +1951,7 @@ saltify() { } >> "$setup_log" 2>&1 yum versionlock salt* else - if wait_for_apt 'whiptail_prog_new_message'; then - DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade >> "$setup_log" 2>&1 - else + if ! (DEBIAN_FRONTEND=noninteractive retry 50 10 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1); then kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi @@ -1974,18 +1959,18 @@ saltify() { # Switch to Python 3 as default if this is not xenial update-alternatives --install /usr/bin/python python /usr/bin/python3.6 10 >> "$setup_log" 2>&1 fi - if wait_for_apt 'whiptail_prog_new_message'; then - # Add the pre-requisites for installing docker-ce - apt-get -y install ca-certificates\ - curl\ - software-properties-common\ - apt-transport-https\ - openssl\ - netcat\ - jq >> "$setup_log" 2>&1 - else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - fi + + local pkg_arr=( + 'ca-certificates' + 'curl' + 'software-properties-common' + 'apt-transport-https' + 'openssl' + 'netcat' + 'jq' + ) + retry 50 10 "apt-get -y install ${pkg_arr[*]}" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + # Grab the version from the os-release file local ubuntu_version ubuntu_version=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}') @@ -1993,10 +1978,10 @@ saltify() { case "$install_type" in 'FLEET') - if wait_for_apt 'whiptail_prog_new_message'; then - if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$setup_log" 2>&1; else apt-get -y install python-mysqldb >> "$setup_log" 2>&1; fi + if [[ $OSVER != 'xenial' ]]; then + retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install python-mysqldb" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi ;; 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR') @@ -2007,7 +1992,7 @@ saltify() { # Add Docker repo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> "$setup_log" 2>&1 + retry 50 10 "add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 # Get gpg keys mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 @@ -2020,17 +2005,12 @@ saltify() { # Add repo echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" - if wait_for_apt 'whiptail_prog_new_message'; then - # Initialize the new repos - apt-get update >> "$setup_log" 2>&1 - set_progress_str 6 'Installing various dependencies' - apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1 - set_progress_str 7 'Installing salt-master' - apt-get -y install salt-master=3002.2+ds-1 >> "$setup_log" 2>&1 - apt-mark hold salt-master >> "$setup_log" 2>&1 - else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - fi + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + set_progress_str 6 'Installing various dependencies' + retry 50 10 "apt-get -y install sqlite3 argon2 libssl-dev" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + set_progress_str 7 'Installing salt-master' + retry 50 10 "apt-get -y install salt-master=3002.2+ds-1" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 ;; *) # Copy down the gpg keys and install them from the manager @@ -2044,19 +2024,15 @@ saltify() { echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" ;; esac - if wait_for_apt 'whiptail_prog_new_message'; then - apt-get update >> "$setup_log" 2>&1 - set_progress_str 8 'Installing salt-minion & python modules' - apt-get -y install salt-minion=3002.2+ds-1\ - salt-common=3002.2+ds-1 >> "$setup_log" 2>&1 - apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1 - if [ "$OSVER" != 'xenial' ]; then - apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 - else - apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb >> "$setup_log" 2>&1 - fi + + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + set_progress_str 8 'Installing salt-minion & python modules' + retry 50 10 "apt-get -y install salt-minion=3002.2+ds-1 salt-common=3002.2+ds-1" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + if [[ $OSVER != 'xenial' ]]; then + retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi fi } @@ -2522,12 +2498,8 @@ update_packages() { if [ "$OS" = 'centos' ]; then yum -y update >> "$setup_log" else - if wait_for_apt 'whiptail_prog_new_message'; then - apt-get -y update >> "$setup_log" - apt-get -y upgrade >> "$setup_log" - else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - fi + retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 fi } @@ -2572,11 +2544,6 @@ wait_for_file() { return 1 } -whiptail_prog_new_message() { - local message=$1 - set_progress_str "$percentage" "$message" -} - # Enable Zeek Logs zeek_logs_enabled() { echo "Enabling Zeek Logs" >> "$setup_log" 2>&1 diff --git a/setup/so-setup b/setup/so-setup index df9d8d851..67f9af65b 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -130,7 +130,7 @@ if [[ -f automation/$automation && $(basename $automation) == $automation ]]; th if [[ ! $is_iso ]]; then echo "Installing sshpass for automated testing." >> $setup_log 2>&1 if [ "$OS" == ubuntu ]; then - if wait_for_apt; then apt-get -y install sshpass >> $setup_log 2>&1; else exit 1; fi + retry 50 10 "apt-get -y install sshpass" >> $setup_log 2>&1 || exit 1 else yum -y install sshpass >> $setup_log 2>&1 fi From 02f0ef989bf751b3203a6f914c52d25c17941115 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 1 Feb 2021 11:11:01 -0500 Subject: [PATCH 3/8] [fix] || ; exit 1 will always exit, fix this --- setup/so-functions | 56 +++++++++++++++++++++++----------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 2d035ae2c..5a7caf849 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -760,7 +760,7 @@ compare_versions() { if [[ $manager_ver == '' ]]; then echo "Could not determine version of Security Onion running on manager $MSRV. Please check your network settings and run setup again." | tee -a "$setup_log" - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi [[ "$manager_ver" == "$SOVERSION" ]] @@ -1041,19 +1041,19 @@ docker_install() { else case "$install_type" in 'MANAGER' | 'EVAL' | 'STANDALONE' | 'MANAGERSEARCH' | 'IMPORT') - retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1 ;; *) - retry 50 10 "apt-key add $temp_install_dir/gpg/docker.pub" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-key add $temp_install_dir/gpg/docker.pub" >> "$setup_log" 2>&1 || exit 1 retry 50 10 "add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"" >> "$setup_log" 2>&1 \ - || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + || exit 1 + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1 ;; esac if [ $OSVER != "xenial" ]; then - retry 50 10 "apt-get -y install docker-ce python3-docker" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install docker-ce python3-docker" >> "$setup_log" 2>&1 || exit 1 else - retry 50 10 "apt-get -y install docker-ce python-docker" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install docker-ce python-docker" >> "$setup_log" 2>&1 || exit 1 fi fi docker_registry @@ -1136,7 +1136,7 @@ download_repo_tarball() { rm -rf $install_opt_file local message="Could not download $manager_ver.tar.gz from manager, please check your network settings and verify the file /opt/so/repo/$manager_ver.tar.gz exists on the manager." echo "$message" | tee -a "$setup_log" - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi mkdir -p /root/manager_setup/securityonion @@ -1812,7 +1812,7 @@ reinstall_init() { # Stop the systemctl process trying to kill the service, show user a message, then exit setup kill -9 $pid - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi sleep 5 @@ -1952,7 +1952,7 @@ saltify() { yum versionlock salt* else if ! (DEBIAN_FRONTEND=noninteractive retry 50 10 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1); then - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi if [ $OSVER != "xenial" ]; then @@ -1969,7 +1969,7 @@ saltify() { 'netcat' 'jq' ) - retry 50 10 "apt-get -y install ${pkg_arr[*]}" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install ${pkg_arr[*]}" >> "$setup_log" 2>&1 || exit 1 # Grab the version from the os-release file local ubuntu_version @@ -1979,9 +1979,9 @@ saltify() { case "$install_type" in 'FLEET') if [[ $OSVER != 'xenial' ]]; then - retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1 else - retry 50 10 "apt-get -y install python-mysqldb" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install python-mysqldb" >> "$setup_log" 2>&1 || exit 1 fi ;; 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR') @@ -1992,7 +1992,7 @@ saltify() { # Add Docker repo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 - retry 50 10 "add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"" >> "$setup_log" 2>&1 || exit 1 # Get gpg keys mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 @@ -2005,12 +2005,12 @@ saltify() { # Add repo echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" - retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1 set_progress_str 6 'Installing various dependencies' - retry 50 10 "apt-get -y install sqlite3 argon2 libssl-dev" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install sqlite3 argon2 libssl-dev" >> "$setup_log" 2>&1 || exit 1 set_progress_str 7 'Installing salt-master' - retry 50 10 "apt-get -y install salt-master=3002.2+ds-1" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - retry 50 10 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install salt-master=3002.2+ds-1" >> "$setup_log" 2>&1 || exit 1 + retry 50 10 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || exit 1 ;; *) # Copy down the gpg keys and install them from the manager @@ -2025,14 +2025,14 @@ saltify() { ;; esac - retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1 set_progress_str 8 'Installing salt-minion & python modules' - retry 50 10 "apt-get -y install salt-minion=3002.2+ds-1 salt-common=3002.2+ds-1" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install salt-minion=3002.2+ds-1 salt-common=3002.2+ds-1" >> "$setup_log" 2>&1 || exit 1 + retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1 if [[ $OSVER != 'xenial' ]]; then - retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb" >> "$setup_log" 2>&1 || exit 1 else - retry 50 10 "apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb" >> "$setup_log" 2>&1 || exit 1 fi fi } @@ -2073,7 +2073,7 @@ salt_checkin() { if [ $count -gt 12 ]; then echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1 kill -9 "$pid" - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi sleep 10; ((count++)) @@ -2085,7 +2085,7 @@ salt_checkin() { echo "salt minion cannot talk to salt master" >> "$setup_log" 2>&1 if [ $count -gt 30 ]; then echo "salt minion could not talk to salt master after 30 attempts, exiting" >> "$setup_log" 2>&1 - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi sleep 1; ((count++)) @@ -2096,7 +2096,7 @@ salt_checkin() { echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1 if [ $count -gt 30 ]; then echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1 - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi systemctl kill salt-minion systemctl start salt-minion @@ -2498,8 +2498,8 @@ update_packages() { if [ "$OS" = 'centos' ]; then yum -y update >> "$setup_log" else - retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1 + retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1 fi } From 44617fdddf58ba7e565bf6000d2c1ad28003eb27 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 1 Feb 2021 11:28:28 -0500 Subject: [PATCH 4/8] [fix] Run command being retried within quotes --- salt/common/tools/sbin/so-common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 9d42cb797..aa5e05230 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -229,7 +229,7 @@ retry() { while [[ $attempt -lt $maxAttempts ]]; do attempt=$((attempt+1)) echo "Executing command with retry support: $cmd" - output=$($cmd) + output=$("$cmd") exitcode=$? echo "Results: $output ($exitcode)" if [ -n "$expectedOutput" ]; then From daebe90b6e7434759969fc9a306792685b08165a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 1 Feb 2021 12:06:19 -0500 Subject: [PATCH 5/8] [fix] fix retry command handling * use eval "$cmd" to handle strings correctly * add-apt-repo doesn't need dpkg lock so don't use retry for those lines --- salt/common/tools/sbin/so-common | 2 +- setup/so-functions | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index aa5e05230..3cf1f5e88 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -229,7 +229,7 @@ retry() { while [[ $attempt -lt $maxAttempts ]]; do attempt=$((attempt+1)) echo "Executing command with retry support: $cmd" - output=$("$cmd") + output=$(eval "$cmd") exitcode=$? echo "Results: $output ($exitcode)" if [ -n "$expectedOutput" ]; then diff --git a/setup/so-functions b/setup/so-functions index 5a7caf849..e7112163e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1045,8 +1045,7 @@ docker_install() { ;; *) retry 50 10 "apt-key add $temp_install_dir/gpg/docker.pub" >> "$setup_log" 2>&1 || exit 1 - retry 50 10 "add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"" >> "$setup_log" 2>&1 \ - || exit 1 + add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> "$setup_log" 2>&1 retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1 ;; esac @@ -1992,7 +1991,7 @@ saltify() { # Add Docker repo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 - retry 50 10 "add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"" >> "$setup_log" 2>&1 || exit 1 + add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> "$setup_log" 2>&1 # Get gpg keys mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 From 8f476bbbddbd913a32f57da47ce6a3110742ac32 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 1 Feb 2021 13:11:51 -0500 Subject: [PATCH 6/8] [fix] Add back removed if statement --- setup/so-setup | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 67f9af65b..8cb985e70 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -397,7 +397,9 @@ if [[ ! $is_import ]]; then collect_patch_schedule fi -collect_homenet_mngr +if [[ $is_helix || $is_manager || $is_import ]]; then + collect_homenet_mngr +fi if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then set_base_heapsizes From 2253603544c53580a416d334e05128d64245024a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 2 Feb 2021 12:11:47 -0500 Subject: [PATCH 7/8] [fix] Don't try to inherit home net on standalone --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 8cb985e70..041084f11 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -458,7 +458,7 @@ if [[ $is_distmanager ]]; then fi if [[ $is_sensor && ! $is_eval ]]; then - collect_homenet_snsr + [[ $is_manager ]] || collect_homenet_snsr whiptail_sensor_config if [ $NSMSETUP == 'ADVANCED' ]; then if [[ $is_manager ]]; then From 46581c052881e88a9da2bddd3eef88d46aa6e67f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 2 Feb 2021 12:45:56 -0500 Subject: [PATCH 8/8] [fix] Don't use ZEEKVERSION var, check pillar value --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 041084f11..beb9b40a3 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -743,7 +743,7 @@ set_redirect >> $setup_log 2>&1 set_progress_str 66 "$(print_salt_state_apply 'suricata')" salt-call state.apply -l info suricata >> $setup_log 2>&1 - if [[ $ZEEKVERSION == 'ZEEK' ]]; then + if [[ $(lookup_pillar "mdengine") == 'ZEEK' ]]; then set_progress_str 67 "$(print_salt_state_apply 'zeek')" salt-call state.apply -l info zeek >> $setup_log 2>&1 fi