CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

[fix] Double quote variables, fix indents, remove useless cats

Browse Source
This commit is contained in:
William Wernert
2020-04-18 18:14:55 -04:00
parent 159799c91d
commit 9331ede408
1 changed files with 98 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
setup/so-functions
View File

@@ -22,26 +22,25 @@ SOVERSION=1.2.1
accept_salt_key_local() { accept_salt_key_local() {
echo "Accept the key locally on the master" >> "$SETUPLOG" 2>&1 echo "Accept the key locally on the master" >> "$SETUPLOG" 2>&1
# Accept the key locally on the master # Accept the key locally on the master
salt-key -ya $MINION_ID salt-key -ya "$MINION_ID"
} }
accept_salt_key_remote() { accept_salt_key_remote() {
echo "Accept the key remotely on the master" >> "$SETUPLOG" 2>&1 echo "Accept the key remotely on the master" >> "$SETUPLOG" 2>&1
# Delete the key just in case. # Delete the key just in case.
ssh -i /root/.ssh/so.key soremote@$MSRV sudo salt-key -d $MINION_ID -y ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -d "$MINION_ID" -y
salt-call state.apply ca salt-call state.apply ca
ssh -i /root/.ssh/so.key soremote@$MSRV sudo salt-key -a $MINION_ID -y ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -a "$MINION_ID" -y
} }
add_admin_user() { add_admin_user() {
# Add an admin user with full sudo rights if this is an ISO install. # Add an admin user with full sudo rights if this is an ISO install.
useradd $ADMINUSER && echo $ADMINUSER:$ADMINPASS1 | chpasswd --crypt-method=SHA512 useradd "$ADMINUSER"
usermod -aG wheel $ADMINUSER echo "$ADMINUSER":"$ADMINPASS1" | chpasswd --crypt-method=SHA512
usermod -aG wheel "$ADMINUSER"
} }
add_master_hostfile() { add_master_hostfile() {
@@ -113,7 +112,7 @@ wait_for_identity_db_to_exist() {
add_web_user() { add_web_user() {
wait_for_identity_db_to_exist wait_for_identity_db_to_exist
echo "Attempting to add administrator user for web interface..." echo "Attempting to add administrator user for web interface..."
echo "$WEBPASSWD1" | /usr/sbin/so-user add $WEBUSER echo "$WEBPASSWD1" | /usr/sbin/so-user add "$WEBUSER"
echo "Add user result: $?" echo "Add user result: $?"
} }
@@ -139,8 +138,8 @@ bro_logs_enabled() {
echo "brologs:" > pillar/brologs.sls echo "brologs:" > pillar/brologs.sls
echo " enabled:" >> pillar/brologs.sls echo " enabled:" >> pillar/brologs.sls
if [ $MASTERADV == 'ADVANCED' ]; then if [ "$MASTERADV" == 'ADVANCED' ]; then
for BLOG in ${BLOGS[@]}; do for BLOG in "${BLOGS[@]}"; do
echo " - $BLOG" | tr -d '"' >> pillar/brologs.sls echo " - $BLOG" | tr -d '"' >> pillar/brologs.sls
done done
else else
@@ -213,17 +212,13 @@ check_hive_init_then_reboot() {
WAIT_STEP=0 WAIT_STEP=0
MAX_WAIT=100 MAX_WAIT=100
until [ -f /opt/so/state/thehive.txt ] ; do until [ -f /opt/so/state/thehive.txt ] ; do
WAIT_STEP=$(( ${WAIT_STEP} + 1 )) WAIT_STEP=$(( WAIT_STEP + 1 ))
echo "Waiting on the_hive to init...Attempt #$WAIT_STEP" echo "Waiting on the_hive to init ($WAIT_STEP/$MAX_WAIT)..."
if [ ${WAIT_STEP} -gt ${MAX_WAIT} ]; then if [ ${WAIT_STEP} -gt ${MAX_WAIT} ]; then
echo "ERROR: We waited ${MAX_WAIT} seconds but the_hive is not working." echo "ERROR: We waited ${MAX_WAIT} seconds but the_hive is not working."
exit 5 return 5
fi fi
sleep 1s; sleep 1s;
done
docker stop so-thehive
docker rm so-thehive
shutdown -r now
} }
check_network_manager_conf() { check_network_manager_conf() {
@@ -324,22 +319,23 @@ configure_minion() {
echo "Configuring minion type as $TYPE" >> "$SETUPLOG" 2>&1 echo "Configuring minion type as $TYPE" >> "$SETUPLOG" 2>&1
touch /etc/salt/grains touch /etc/salt/grains
echo "role: so-$TYPE" > /etc/salt/grains echo "role: so-$TYPE" > /etc/salt/grains
if [ $TYPE == 'master' ] || [ $TYPE == 'eval' ] || [ $TYPE == 'mastersearch' ]; then if [ "$TYPE" == 'master' ] || [ "$TYPE" == 'eval' ] || [ "$TYPE" == 'mastersearch' ]; then
echo "master: $HOSTNAME" > /etc/salt/minion echo "master: $HOSTNAME" > /etc/salt/minion
echo "id: $MINION_ID" >> /etc/salt/minion printf '%s\n'\
echo "mysql.host: '$MAINIP'" >> /etc/salt/minion "id: $MINION_ID"\
echo "mysql.port: 3306" >> /etc/salt/minion "mysql.host: '$MAINIP'"\
echo "mysql.user: 'root'" >> /etc/salt/minion "mysql.port: 3306"\
"mysql.user: 'root'" >> /etc/salt/minion
if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
echo "mysql.pass: '$MYSQLPASS'" >> /etc/salt/minion echo "mysql.pass: '$MYSQLPASS'" >> /etc/salt/minion
else else
OLDPASS=$(cat /opt/so/saltstack/pillar/secrets.sls | grep mysql | awk {'print $2'}) OLDPASS=$(grep "mysql" /opt/so/saltstack/pillar/secrets.sls | awk '{print $2}')
echo "mysql.pass: '$OLDPASS'" >> /etc/salt/minion echo "mysql.pass: '$OLDPASS'" >> /etc/salt/minion
fi fi
elif [ $TYPE == 'helix' ]; then elif [ "$TYPE" == 'helix' ]; then
echo "master: $HOSTNAME" > /etc/salt/minion echo "master: $HOSTNAME" > /etc/salt/minion
echo "id: $MINION_ID" >> /etc/salt/minion echo "id: $MINION_ID" >> /etc/salt/minion
elif [ $TYPE == 'fleet' ]; then elif [ $"TYPE" == 'fleet' ]; then
echo "master: $MSRV" > /etc/salt/minion echo "master: $MSRV" > /etc/salt/minion
echo "id: $MINION_ID" >> /etc/salt/minion echo "id: $MINION_ID" >> /etc/salt/minion
else else
@@ -358,10 +354,10 @@ configure_minion() {
copy_master_config() { copy_master_config() {
# Copy the master config template to the proper directory # Copy the master config template to the proper directory
if [ $INSTALLMETHOD == 'iso' ]; then if [ "$INSTALLMETHOD" == 'iso' ]; then
cp /root/SecurityOnion/files/master /etc/salt/master cp /root/SecurityOnion/files/master /etc/salt/master
else else
cp $SCRIPTDIR/../files/master /etc/salt/master cp "$SCRIPTDIR"/../files/master /etc/salt/master
fi fi
# Restart the service so it picks up the changes -TODO Enable service on CentOS # Restart the service so it picks up the changes -TODO Enable service on CentOS
@@ -371,20 +367,21 @@ copy_master_config() {
copy_minion_tmp_files() { copy_minion_tmp_files() {
if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then if [ "$INSTALLTYPE" == 'MASTER' ] || [ "$INSTALLTYPE" == 'EVAL' ] || [ "$INSTALLTYPE" == 'HELIXSENSOR' ] || [ "$INSTALLTYPE" == 'MASTERSEARCH' ]; then
echo "Copying pillar and salt files in $TMP to /opt/so/saltstack" echo "Copying pillar and salt files in $TMP to /opt/so/saltstack"
cp -Rv $TMP/pillar/ /opt/so/saltstack/ >> "$SETUPLOG" 2>&1 cp -Rv "$TMP"/pillar/ /opt/so/saltstack/ >> "$SETUPLOG" 2>&1
if [ -d $TMP/salt ] ; then if [ -d "$TMP"/salt ] ; then
cp -Rv $TMP/salt/ /opt/so/saltstack/ >> "$SETUPLOG" 2>&1 cp -Rv "$TMP"/salt/ /opt/so/saltstack/ >> "$SETUPLOG" 2>&1
fi fi
else else
echo "scp pillar and salt files in $TMP to master /opt/so/saltstack" {
ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/pillar >> "$SETUPLOG" 2>&1 echo "scp pillar and salt files in $TMP to master /opt/so/saltstack";
ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/schedules >> "$SETUPLOG" 2>&1 ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar;
scp -prv -i /root/.ssh/so.key $TMP/pillar/minions/* soremote@$MSRV:/tmp/$MINION_ID/pillar/ >> "$SETUPLOG" 2>&1 ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules;
scp -prv -i /root/.ssh/so.key $TMP/salt/patch/os/schedules/* soremote@$MSRV:/tmp/$MINION_ID/schedules >> "$SETUPLOG" 2>&1 scp -prv -i /root/.ssh/so.key "$TMP"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/salt/master/files/add_minion.sh $MINION_ID >> "$SETUPLOG" 2>&1 scp -prv -i /root/.ssh/so.key "$TMP"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules;
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/salt/master/files/add_minion.sh "$MINION_ID";
} >> "$SETUPLOG" 2>&1
fi fi
} }
@@ -394,12 +391,11 @@ copy_ssh_key() {
echo "Generating SSH key" echo "Generating SSH key"
# Generate SSH key # Generate SSH key
mkdir -p /root/.ssh mkdir -p /root/.ssh
cat /dev/zero | ssh-keygen -f /root/.ssh/so.key -t rsa -q -N "" ssh-keygen -f /root/.ssh/so.key -t rsa -q -N "" < /dev/zero
chown -R $SUDO_USER:$SUDO_USER /root/.ssh chown -R "$SUDO_USER":"$SUDO_USER" /root/.ssh
echo "Copying the SSH key to the master" echo "Copying the SSH key to the master"
#Copy the key over to the master #Copy the key over to the master
ssh-copy-id -f -i /root/.ssh/so.key soremote@$MSRV ssh-copy-id -f -i /root/.ssh/so.key soremote@"$MSRV"
} }
@@ -678,15 +674,15 @@ docker_seed_registry() {
es_heapsize() { es_heapsize() {
# Determine ES Heap Size # Determine ES Heap Size
if [ $TOTAL_MEM -lt 8000 ] ; then if [ "$TOTAL_MEM" -lt 8000 ] ; then
ES_HEAP_SIZE="600m" ES_HEAP_SIZE="600m"
elif [ $TOTAL_MEM -ge 100000 ]; then elif [ "$TOTAL_MEM" -ge 100000 ]; then
# Set a max of 25GB for heap size # Set a max of 25GB for heap size
# https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html # https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html
ES_HEAP_SIZE="25000m" ES_HEAP_SIZE="25000m"
else else
# Set heap size to 25% of available memory # Set heap size to 25% of available memory
ES_HEAP_SIZE=$(($TOTAL_MEM / 4))"m" ES_HEAP_SIZE=$(( TOTAL_MEM / 4 ))"m"
fi fi
} }
@@ -697,19 +693,19 @@ filter_unused_nics() {
# If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string # If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string
if [[ $BNICS ]]; then if [[ $BNICS ]]; then
for BONDNIC in ${BNICS[@]}; do for BONDNIC in "${BNICS[@]}"; do
grep_string="$grep_string\|$BONDNIC" grep_string="$grep_string\|$BONDNIC"
done done
fi fi
# Finally, set FNICS to any NICs we aren't using (and ignore interfaces that aren't of use) # Finally, set FNICS to any NICs we aren't using (and ignore interfaces that aren't of use)
FNICS=$(ip link | grep -vwe $grep_string | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}') FNICS=$(ip link | grep -vwe "$grep_string" | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}')
} }
fireeye_pillar() { fireeye_pillar() {
FIREEYEPILLARPATH=/opt/so/saltstack/pillar/fireeye FIREEYEPILLARPATH=/opt/so/saltstack/pillar/fireeye
mkdir -p $FIREEYEPILLARPATH mkdir -p "$FIREEYEPILLARPATH"
echo "" >> $FIREEYEPILLARPATH/init.sls echo "" >> $FIREEYEPILLARPATH/init.sls
echo "fireeye:" >> $FIREEYEPILLARPATH/init.sls echo "fireeye:" >> $FIREEYEPILLARPATH/init.sls
@@ -732,14 +728,14 @@ fleet_pillar() {
generate_passwords(){ generate_passwords(){
# Generate Random Passwords for Things # Generate Random Passwords for Things
MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) MYSQLPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) FLEETPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
FLEETJWT=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) FLEETJWT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
HIVEKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) HIVEKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
CORTEXKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) CORTEXKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
CORTEXORGUSERKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) CORTEXORGUSERKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
SENSORONIKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) SENSORONIKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
KRATOSKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
} }
get_filesystem_nsm(){ get_filesystem_nsm(){
@@ -752,11 +748,11 @@ get_log_size_limit() {
if [ -d /nsm ]; then if [ -d /nsm ]; then
DISK_DIR="/nsm" DISK_DIR="/nsm"
fi fi
DISK_SIZE_K=`df $DISK_DIR |grep -v "^Filesystem" | awk '{print $2}'` DISK_SIZE_K=$(df $DISK_DIR |grep -v "^Filesystem" | awk '{print $2}')
PERCENTAGE=85 PERCENTAGE=85
DISK_SIZE=DISK_SIZE_K*1000 DISK_SIZE=$(( DISK_SIZE_K * 1000 ))
PERCENTAGE_DISK_SPACE=`echo $(($DISK_SIZE*$PERCENTAGE/100))` PERCENTAGE_DISK_SPACE=$(( DISK_SIZE * PERCENTAGE / 100 ))
LOG_SIZE_LIMIT=$(($PERCENTAGE_DISK_SPACE/1000000000)) LOG_SIZE_LIMIT=$(( PERCENTAGE_DISK_SPACE / 1000000000 ))
} }
@@ -797,20 +793,18 @@ got_root() {
install_cleanup() { install_cleanup() {
echo "install_cleanup removing the following files:" echo "Installer removing the following files:"
ls -lR $TMP ls -lR "$TMP"
# Clean up after ourselves # Clean up after ourselves
rm -rf /root/installtmp rm -rf "$TMP"
} }
install_prep() { install_prep() {
# Create a tmp space that isn't in /tmp # Create a tmp space that isn't in /tmp
mkdir /root/installtmp mkdir -p /root/installtmp/pillar/minions
mkdir /root/installtmp/pillar
mkdir /root/installtmp/pillar/minions
TMP=/root/installtmp TMP=/root/installtmp
} }
@@ -953,8 +947,8 @@ minio_generate_keys() {
local charSet="[:graph:]" local charSet="[:graph:]"
ACCESS_KEY=$(cat /dev/urandom | tr -cd "$charSet" | tr -d \' | tr -d \" | head -c 20) ACCESS_KEY=$(tr -cd "$charSet" < /dev/urandom | tr -d \' | tr -d \" | head -c 20)
ACCESS_SECRET=$(cat /dev/urandom | tr -cd "$charSet" | tr -d \' | tr -d \" | head -c 40) ACCESS_SECRET=$(tr -cd "$charSet" < /dev/urandom | tr -d \' | tr -d \" | head -c 40)
} }