diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 206c2fad6..a3c5c75ab 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -51,23 +51,6 @@ 'tcpreplay', 'docker_clean' ], - 'so-helixsensor': [ - 'salt.master', - 'ca', - 'ssl', - 'registry', - 'telegraf', - 'firewall', - 'idstools', - 'suricata.manager', - 'zeek', - 'redis', - 'elasticsearch', - 'logstash', - 'schedule', - 'tcpreplay', - 'docker_clean' - ], 'so-idh': [ 'ssl', 'telegraf', @@ -204,7 +187,7 @@ 'schedule', 'docker_clean' ], - 'so-workstation': [ + 'so-desktop': [ ], }, grain='role') %} @@ -245,7 +228,7 @@ {% do allowed_states.append('playbook') %} {% endif %} - {% if grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-receiver'] %} + {% if grains.role in ['so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-receiver'] %} {% do allowed_states.append('logstash') %} {% endif %} diff --git a/salt/common/files/analyst/README b/salt/common/files/analyst/README deleted file mode 100644 index 99c444ea8..000000000 --- a/salt/common/files/analyst/README +++ /dev/null @@ -1,79 +0,0 @@ -The following GUI tools are available on the analyst workstation: - -chromium - url: https://www.chromium.org/Home - To run chromium, click Applications > Internet > Chromium Web Browser - -Wireshark - url: https://www.wireshark.org/ - To run Wireshark, click Applications > Internet > Wireshark Network Analyzer - -NetworkMiner - url: https://www.netresec.com - To run NetworkMiner, click Applications > Internet > NetworkMiner - -The following CLI tools are available on the analyst workstation: - -bit-twist - url: http://bittwist.sourceforge.net - To run bit-twist, open a terminal and type: bittwist -h - -chaosreader - url: http://chaosreader.sourceforge.net - To run chaosreader, open a terminal and type: chaosreader -h - -dnsiff - url: https://www.monkey.org/~dugsong/dsniff/ - To run dsniff, open a terminal and type: dsniff -h - -foremost - url: http://foremost.sourceforge.net - To run foremost, open a terminal and type: foremost -h - -hping3 - url: http://www.hping.org/hping3.html - To run hping3, open a terminal and type: hping3 -h - -netsed - url: http://silicone.homelinux.org/projects/netsed/ - To run netsed, open a terminal and type: netsed -h - -ngrep - url: https://github.com/jpr5/ngrep - To run ngrep, open a terminal and type: ngrep -h - -scapy - url: http://www.secdev.org/projects/scapy/ - To run scapy, open a terminal and type: scapy - -ssldump - url: http://www.rtfm.com/ssldump/ - To run ssldump, open a terminal and type: ssldump -h - -sslsplit - url: https://github.com/droe/sslsplit - To run sslsplit, open a terminal and type: sslsplit -h - -tcpdump - url: http://www.tcpdump.org - To run tcpdump, open a terminal and type: tcpdump -h - -tcpflow - url: https://github.com/simsong/tcpflow - To run tcpflow, open a terminal and type: tcpflow -h - -tcpstat - url: https://frenchfries.net/paul/tcpstat/ - To run tcpstat, open a terminal and type: tcpstat -h - -tcptrace - url: http://www.tcptrace.org - To run tcptrace, open a terminal and type: tcptrace -h - -tcpxtract - url: http://tcpxtract.sourceforge.net/ - To run tcpxtract, open a terminal and type: tcpxtract -h - -whois - url: http://www.linux.it/~md/software/ - To run whois, open a terminal and type: whois -h diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index f25bdb431..d41c8fc0c 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -243,7 +243,7 @@ is_manager_node() { is_sensor_node() { # Check to see if this is a sensor (forward) node is_single_node_grid && return 0 - grep "role: so-" /etc/salt/grains | grep -E "sensor|heavynode|helix" &> /dev/null + grep "role: so-" /etc/salt/grains | grep -E "sensor|heavynode" &> /dev/null } is_single_node_grid() { diff --git a/salt/common/tools/sbin_jinja/so-desktop-install b/salt/common/tools/sbin_jinja/so-desktop-install index 96f1ddd49..716a1b8f9 100755 --- a/salt/common/tools/sbin_jinja/so-desktop-install +++ b/salt/common/tools/sbin_jinja/so-desktop-install @@ -26,7 +26,7 @@ if [ -f "$pillar_file" ]; then echo "## _______________________________ ##" echo "## ##" echo "## Installing the Security Onion ##" - echo "## analyst node on this device will ##" + echo "## Desktop node on this device will ##" echo "## make permanent changes to ##" echo "## the system. ##" echo "## A system reboot will be required ##" @@ -42,7 +42,7 @@ if [ -f "$pillar_file" ]; then done if [[ $INSTALL == "no" ]]; then - echo "Exiting analyst node installation." + echo "Exiting desktop node installation." exit 0 fi @@ -55,7 +55,7 @@ if [ -f "$pillar_file" ]; then echo "Applying the desktop state. This could take some time since there are many packages that need to be installed." if salt-call state.apply desktop -linfo queue=True; then # make sure the state ran successfully echo "" - echo "Analyst desktop has been installed!" + echo "Desktop desktop has been installed!" echo "Press ENTER to reboot or Ctrl-C to cancel." read pause diff --git a/salt/common/files/analyst/so-lockscreen.jpg b/salt/desktop/files/so-lockscreen.jpg similarity index 100% rename from salt/common/files/analyst/so-lockscreen.jpg rename to salt/desktop/files/so-lockscreen.jpg diff --git a/salt/common/files/analyst/so-login-logo-dark.svg b/salt/desktop/files/so-login-logo-dark.svg similarity index 100% rename from salt/common/files/analyst/so-login-logo-dark.svg rename to salt/desktop/files/so-login-logo-dark.svg diff --git a/salt/common/files/analyst/so-login-logo.svg b/salt/desktop/files/so-login-logo.svg similarity index 100% rename from salt/common/files/analyst/so-login-logo.svg rename to salt/desktop/files/so-login-logo.svg diff --git a/salt/common/files/analyst/so-wallpaper.jpg b/salt/desktop/files/so-wallpaper.jpg similarity index 100% rename from salt/common/files/analyst/so-wallpaper.jpg rename to salt/desktop/files/so-wallpaper.jpg diff --git a/salt/desktop/packages.sls b/salt/desktop/packages.sls index 4bf5122fb..f0fe000c8 100644 --- a/salt/desktop/packages.sls +++ b/salt/desktop/packages.sls @@ -305,6 +305,6 @@ desktop_packages: desktop_packages_os_fail: test.fail_without_changes: - - comment: 'SO Analyst Workstation can only be installed on Rocky' + - comment: 'SO desktop can only be installed on Rocky' {% endif %} diff --git a/salt/desktop/trusted-ca.sls b/salt/desktop/trusted-ca.sls index 0045f9cd2..352b747b6 100644 --- a/salt/desktop/trusted-ca.sls +++ b/salt/desktop/trusted-ca.sls @@ -31,6 +31,6 @@ update_ca_certs: desktop_trusted-ca_os_fail: test.fail_without_changes: - - comment: 'SO Analyst Workstation can only be installed on CentOS' + - comment: 'SO Desktop can only be installed on CentOS' {% endif %} diff --git a/salt/desktop/xwindows.sls b/salt/desktop/xwindows.sls index 75230c532..71de07120 100644 --- a/salt/desktop/xwindows.sls +++ b/salt/desktop/xwindows.sls @@ -18,6 +18,6 @@ graphical_target: desktop_xwindows_os_fail: test.fail_without_changes: - - comment: 'SO Analyst Workstation can only be installed on Rocky' + - comment: 'SO Desktop can only be installed on Rocky' {% endif %} diff --git a/salt/logstash/enabled.sls b/salt/logstash/enabled.sls index abc28cfe6..ac937ca7b 100644 --- a/salt/logstash/enabled.sls +++ b/salt/logstash/enabled.sls @@ -54,7 +54,7 @@ so-logstash: - /opt/so/log/logstash:/var/log/logstash:rw - /sys/fs/cgroup:/sys/fs/cgroup:ro - /opt/so/conf/logstash/etc/certs:/usr/share/logstash/certs:ro - {% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %} + {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %} - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro - /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro {% endif %} @@ -62,12 +62,12 @@ so-logstash: - /opt/so/conf/elastic-fleet/certs/elasticfleet-logstash.crt:/usr/share/logstash/elasticfleet-logstash.crt:ro - /opt/so/conf/elastic-fleet/certs/elasticfleet-logstash.p8:/usr/share/logstash/elasticfleet-logstash.key:ro {% endif %} - {% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %} + {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %} - /etc/pki/ca.crt:/usr/share/filebeat/ca.crt:ro {% else %} - /etc/ssl/certs/intca.crt:/usr/share/filebeat/ca.crt:ro {% endif %} - {% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-searchnode'] %} + {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-searchnode'] %} - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro - /opt/so/conf/ca/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro {% endif %} @@ -91,15 +91,15 @@ so-logstash: {% endfor %} {% endfor %} - require: - {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %} + {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %} - x509: etc_filebeat_crt {% endif %} - {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %} + {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %} - x509: pki_public_ca_crt {% else %} - x509: trusttheca {% endif %} - {% if grains.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %} + {% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %} - file: cacertz - file: capemz {% endif %} diff --git a/salt/manager/tools/sbin/so-minion b/salt/manager/tools/sbin/so-minion index df0adb73c..ad2188644 100755 --- a/salt/manager/tools/sbin/so-minion +++ b/salt/manager/tools/sbin/so-minion @@ -184,12 +184,12 @@ function add_logstash_to_minion() { " " >> $PILLARFILE } -# Analyst Workstation -function add_analyst_to_minion() { +# Security Onion Desktop +function add_desktop_to_minion() { printf '%s\n'\ "host:"\ " mainint: '$MNIC'"\ - "workstation:"\ + "desktop:"\ " gui:"\ " enabled: true"\ "sensoroni:"\ diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index a4e22040d..3c565c760 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -840,7 +840,7 @@ main() { if [[ $is_airgap -eq 0 ]]; then echo "" echo "Cleaning repos on remote Security Onion nodes." - salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone and G@os:CentOS' cmd.run "yum clean all" + salt -C 'not *_eval and not *_manager and not *_managersearch and not *_standalone and G@os:CentOS' cmd.run "yum clean all" echo "" fi fi diff --git a/salt/redis/enabled.sls b/salt/redis/enabled.sls index c9ba37094..2a4f5a179 100644 --- a/salt/redis/enabled.sls +++ b/salt/redis/enabled.sls @@ -30,7 +30,7 @@ so-redis: - /opt/so/conf/redis/working:/redis:rw - /etc/pki/redis.crt:/certs/redis.crt:ro - /etc/pki/redis.key:/certs/redis.key:ro - {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %} + {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %} - /etc/pki/ca.crt:/certs/ca.crt:ro {% else %} - /etc/ssl/certs/intca.crt:/certs/ca.crt:ro @@ -59,7 +59,7 @@ so-redis: - file: redisconf - x509: redis_crt - x509: redis_key - {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %} + {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %} - x509: pki_public_ca_crt {% else %} - x509: trusttheca diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index 96953ffff..358357459 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -16,7 +16,7 @@ {% set COMMONNAME = GLOBALS.manager %} {% endif %} -{% if grains.id.split('_')|last in ['manager', 'managersearch', 'eval', 'standalone', 'import', 'helixsensor'] %} +{% if grains.id.split('_')|last in ['manager', 'managersearch', 'eval', 'standalone', 'import'] %} include: - ca {% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %} @@ -94,7 +94,7 @@ influxkeyperms: - mode: 640 - group: 939 -{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %} +{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %} # Create a cert for Redis encryption redis_key: x509.private_key_managed: @@ -332,7 +332,7 @@ eflogstashcrtlink: {% endif %} -{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %} +{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %} etc_filebeat_key: x509.private_key_managed: - name: /etc/pki/filebeat.key @@ -554,7 +554,7 @@ msslkeyperms: {% endif %} -{% if grains['role'] in ['so-sensor', 'so-manager', 'so-searchnode', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-idh', 'so-import', 'so-receiver'] %} +{% if grains['role'] in ['so-sensor', 'so-manager', 'so-searchnode', 'so-eval', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-idh', 'so-import', 'so-receiver'] %} fbcertdir: file.directory: diff --git a/salt/telegraf/scripts/helixeps.sh b/salt/telegraf/scripts/helixeps.sh deleted file mode 100644 index b85db2a8c..000000000 --- a/salt/telegraf/scripts/helixeps.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -# -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -# if this script isn't already running -if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then - - PREVCOUNTFILE='/tmp/helixevents.txt' - EVENTCOUNTCURRENT="$(curl -s localhost:9600/_node/stats | jq '.pipelines.helix.events.out')" - - if [ ! -z "$EVENTCOUNTCURRENT" ]; then - - if [ -f "$PREVCOUNTFILE" ]; then - EVENTCOUNTPREVIOUS=`cat $PREVCOUNTFILE` - else - echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE - exit 0 - fi - - echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE - EVENTS=$(((EVENTCOUNTCURRENT - EVENTCOUNTPREVIOUS)/30)) - if [ "$EVENTS" -lt 0 ]; then - EVENTS=0 - fi - - echo "helixeps eps=${EVENTS%%.*}" - fi - -fi - -exit 0 diff --git a/salt/top.sls b/salt/top.sls index 11a594f29..e53791673 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -29,7 +29,7 @@ base: - salt.lasthighstate - docker - 'not *_workstation and G@saltversion:{{saltversion}}': + 'not *_desktop and G@saltversion:{{saltversion}}': - match: compound - common @@ -271,10 +271,10 @@ base: - schedule - docker_clean - 'J@workstation:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )': + 'J@desktop:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )': - match: compound - - workstation + - desktop - 'J@workstation:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )': + 'J@desktop:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )': - match: compound - - workstation.remove_gui + - desktop.remove_gui diff --git a/setup/so-functions b/setup/so-functions index 7bf388b99..814165fbb 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -83,7 +83,7 @@ analyze_system() { logCmd "ip a" } -analyst_salt_local() { +desktop_salt_local() { # Install everything using local salt # Set the repo @@ -93,9 +93,9 @@ analyst_salt_local() { logCmd "yum -y install salt-minion-3004.1 httpd-tools python3 python36-docker python36-dateutil python36-m2crypto python36-mysql python36-packaging python36-lxml yum-utils device-mapper-persistent-data lvm2 openssl jq" logCmd "yum -y update --exclude=salt*" - logCmd "salt-call state.apply workstation --local --file-root=../salt/ -l info" + logCmd "salt-call state.apply desktop --local --file-root=../salt/ -l info" read -r -d '' message <<- EOM - Finished Analyst workstation installation. + Finished Security Onion Desktop installation. Press the Enter key to reboot. EOM @@ -106,19 +106,20 @@ analyst_salt_local() { } -analyst_workstation_pillar() { +desktop_pillar() { local pillar_file=$local_salt_dir/pillar/minions/$MINION_ID.sls - # Create the analyst workstation pillar + # Create the desktop pillar printf '%s\n'\ "host:"\ " mainint: '$MNIC'"\ - "workstation:"\ + "desktop:"\ " gui:"\ " enabled: true" >> "$pillar_file"\ "sensoroni:"\ - " node_description: '${NODE_DESCRIPTION//\'/''}'" > $pillar_file + " config:"\ + " node_description: '${NODE_DESCRIPTION//\'/''}'" > $pillar_file } calculate_useable_cores() { @@ -603,8 +604,8 @@ collect_webuser_inputs() { configure_minion() { local minion_type=$1 - if [[ $is_analyst ]]; then - minion_type=workstation + if [[ $is_desktop ]]; then + minion_type=desktop fi info "Configuring minion type as $minion_type" echo "role: so-$minion_type" > /etc/salt/grains @@ -1585,7 +1586,7 @@ network_init() { title "Initializing Network" disable_ipv6 set_hostname - if [[ ( $is_iso || $is_analyst_iso ) ]]; then + if [[ ( $is_iso || $is_desktop_iso ) ]]; then set_management_interface fi } @@ -1697,9 +1698,9 @@ process_installtype() { is_import=true elif [ "$install_type" = 'RECEIVER' ]; then is_receiver=true - elif [ "$install_type" = 'ANALYST' ]; then - if [ "$setup_type" != 'analyst' ]; then - exec bash so-setup analyst + elif [ "$install_type" = 'DESKTOP' ]; then + if [ "$setup_type" != 'desktop' ]; then + exec bash so-setup desktop fi fi @@ -2107,10 +2108,10 @@ set_path() { set_minion_info() { short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}') - if [[ $is_analyst ]]; then - MINION_ID=$(echo "${short_name}_workstation" | tr '[:upper:]' '[:lower:]') + if [[ $is_desktop ]]; then + MINION_ID=$(echo "${short_name}_desktop" | tr '[:upper:]' '[:lower:]') fi - if [[ ! $is_analyst ]]; then + if [[ ! $is_desktop ]]; then MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]') fi export MINION_ID diff --git a/setup/so-setup b/setup/so-setup index 53dba8cfd..355c8eea2 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -65,13 +65,13 @@ done # Let's see what OS we are dealing with here detect_os -# Check to see if this is the setup type of "analyst". -is_analyst= -if [ "$setup_type" = 'analyst' ]; then - is_analyst=true +# Check to see if this is the setup type of "desktop". +is_desktop= +if [ "$setup_type" = 'desktop' ]; then + is_desktop=true # Check to see if this is an ISO. Usually this dir on exists on ISO installs. if [ -d /root/SecurityOnion ]; then - is_analyst_iso=true + is_desktop_iso=true fi fi @@ -86,19 +86,19 @@ if [[ "$setup_type" == 'iso' ]]; then fi fi -# Check to see if this is an analyst install. If it is let's run things differently -if [[ $is_analyst ]]; then - title "This is an analyst workstation install" +# Check to see if this is an desktop install. If it is let's run things differently +if [[ $is_desktop ]]; then + title "This is a desktop install" # Make sure it's CentOS or Rocky Linux - if [[ ! $is_centos ]]; then - info "Analyst Workstation is only supported on CentOS 7 or Rocky Linux 8" + if [[ ! $is_rocky ]]; then + info "Security Onion Desktop is only supported on Rocky Linux 9" exit 1 fi - if ! whiptail_analyst_install; then - if [[ $is_analyst_iso ]]; then - if whiptail_analyst_nongrid_iso; then + if ! whiptail_desktop_install; then + if [[ $is_desktop_iso ]]; then + if whiptail_desktop_nongrid_iso; then # Remove setup from auto launching parse_install_username sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1 @@ -111,13 +111,13 @@ if [[ $is_analyst ]]; then exit 0 fi else - if whiptail_analyst_nongrid_network; then + if whiptail_desktop_nongrid_network; then info "" info "" - info "Kicking off the automated setup of the analyst workstation. This can take a while depending on your network connection." + info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection." info "" info "" - analyst_salt_local + desktop_salt_local else # Abort! exit 0 @@ -231,11 +231,11 @@ fi # Make sure the setup type is suppoted. case "$setup_type" in - iso | network | analyst) # Accepted values + iso | network | desktop) # Accepted values info "Beginning Security Onion $setup_type install" ;; *) - error "Invalid install type, must be 'iso', 'network' or 'analyst'." + error "Invalid install type, must be 'iso', 'network' or 'desktop'." fail_setup ;; esac @@ -277,11 +277,11 @@ if ! [[ -f $install_opt_file ]]; then info "User cancelled setup." whiptail_cancel fi - # If this is an analyst install lets streamline the process. - if [[ $is_analyst ]]; then + # If this is an desktop install lets streamline the process. + if [[ $is_desktop ]]; then # Prompt for hostname collect_hostname - if [[ $is_analyst_iso ]]; then + if [[ $is_desktop_iso ]]; then # Prompt Network Setup whiptail_management_nic whiptail_dhcp_or_static @@ -294,7 +294,7 @@ if ! [[ -f $install_opt_file ]]; then fi fi - if [[ ! $is_analyst_iso ]]; then + if [[ ! $is_desktop_iso ]]; then # This should be a network install whiptail_network_notice # Warn about the dangers of DHCP @@ -326,7 +326,7 @@ if ! [[ -f $install_opt_file ]]; then true fi fi - if [[ ! $is_analyst ]]; then + if [[ ! $is_desktop ]]; then whiptail_install_type fi else diff --git a/setup/so-whiptail b/setup/so-whiptail index 30ef8bb4d..270d49cd5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -27,15 +27,15 @@ whiptail_airgap() { fi } -whiptail_analyst_install() { +whiptail_desktop_install() { [ -n "$TESTING" ] && return read -r -d '' message <<- EOM - Welcome to the Security Onion Analyst Workstation install! + Welcome to the Security Onion Desktop install! - Would you like to join this workstation to an existing grid? + Would you like to join this desktop to an existing grid? EOM whiptail --title "$whiptail_title" \ @@ -43,13 +43,13 @@ whiptail_analyst_install() { } -whiptail_analyst_nongrid_iso() { +whiptail_desktop_nongrid_iso() { [ -n "$TESTING" ] && return read -r -d '' message <<- EOM - You have selected this Analyst workstation to be independent. + You have selected this Security Onion Desktop to be independent. Would you still like to have the graphical interface loaded at boot? @@ -61,13 +61,13 @@ whiptail_analyst_nongrid_iso() { } -whiptail_analyst_nongrid_network() { +whiptail_desktop_nongrid_network() { [ -n "$TESTING" ] && return read -r -d '' message <<- EOM - You have selected this Analyst workstation to be independent. + You have selected this Security Onion Desktop to be independent. Would you still like to install and load the graphical interface? @@ -651,9 +651,9 @@ whiptail_install_type_dist_existing() { is_import=true elif [ "$install_type" = 'RECEIVER' ]; then is_receiver=true - elif [ "$install_type" = 'ANALYST' ]; then - if [ "$setup_type" != 'analyst' ]; then - exec bash so-setup analyst + elif [ "$install_type" = 'DESKTOP' ]; then + if [ "$setup_type" != 'desktop' ]; then + exec bash so-setup desktop fi fi @@ -668,10 +668,7 @@ whiptail_install_type_other() { install_type=$(whiptail --title "$whiptail_title" --menu \ "Choose node type:" 10 65 2 \ - "ANALYST" "Setup will run 'so-setup analyst' " \ - "HELIXSENSOR" "Create a Helix sensor " \ - 3>&1 1>&2 2>&3 - ) + "DESKTOP" "Setup will run 'so-setup desktop' " 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus diff --git a/so-analyst-install b/so-desktop-install similarity index 93% rename from so-analyst-install rename to so-desktop-install index 2e0e4fb34..33911fcbc 100755 --- a/so-analyst-install +++ b/so-desktop-install @@ -8,4 +8,4 @@ cd "$(dirname "$0")/setup" || exit 255 -./so-setup analyst "$@" +./so-setup desktop "$@"