Merge pull request #10667 from Security-Onion-Solutions/desktop

Fix some installs

salt/allowed_states.map.jinja

@@ -51,23 +51,6 @@
           'tcpreplay',
           'docker_clean'
           ],
-      'so-helixsensor': [
-          'salt.master',
-          'ca',
-          'ssl',
-          'registry',
-          'telegraf',
-          'firewall',
-          'idstools',
-          'suricata.manager',
-          'zeek',
-          'redis',
-          'elasticsearch',
-          'logstash',
-          'schedule',
-          'tcpreplay',
-          'docker_clean'
-          ],
      'so-idh': [
           'ssl',
           'telegraf',
@@ -204,7 +187,7 @@
           'schedule',
           'docker_clean'
           ],
-      'so-workstation': [
+      'so-desktop': [
           ],
   }, grain='role') %}
 
@@ -245,7 +228,7 @@
     {% do allowed_states.append('playbook') %}
   {% endif %}
 
-  {% if grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
+  {% if grains.role in ['so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
     {% do allowed_states.append('logstash') %}
   {% endif %}
 

salt/common/files/analyst/README

@@ -1,79 +0,0 @@
-The following GUI tools are available on the analyst workstation:
-
-chromium
-  url: https://www.chromium.org/Home
-  To run chromium, click Applications > Internet > Chromium Web Browser
-  
-Wireshark
-  url: https://www.wireshark.org/
-  To run Wireshark, click Applications > Internet > Wireshark Network Analyzer
-
-NetworkMiner
-  url: https://www.netresec.com
-  To run NetworkMiner, click Applications > Internet > NetworkMiner
-
-The following CLI tools are available on the analyst workstation:
-
-bit-twist
-  url: http://bittwist.sourceforge.net
-  To run bit-twist, open a terminal and type: bittwist -h
-
-chaosreader
-  url: http://chaosreader.sourceforge.net
-  To run chaosreader, open a terminal and type: chaosreader -h
-
-dnsiff
-  url: https://www.monkey.org/~dugsong/dsniff/
-  To run dsniff, open a terminal and type: dsniff -h
-
-foremost
-  url: http://foremost.sourceforge.net
-  To run foremost, open a terminal and type: foremost -h
-  
-hping3
-  url: http://www.hping.org/hping3.html
-  To run hping3, open a terminal and type: hping3 -h
-
-netsed
-  url: http://silicone.homelinux.org/projects/netsed/
-  To run netsed, open a terminal and type: netsed -h
-
-ngrep
-  url: https://github.com/jpr5/ngrep
-  To run ngrep, open a terminal and type: ngrep -h
-
-scapy
-  url: http://www.secdev.org/projects/scapy/
-  To run scapy, open a terminal and type: scapy
-
-ssldump
-  url: http://www.rtfm.com/ssldump/
-  To run ssldump, open a terminal and type: ssldump -h
-
-sslsplit
-  url: https://github.com/droe/sslsplit
-  To run sslsplit, open a terminal and type: sslsplit -h
-
-tcpdump
-  url: http://www.tcpdump.org
-  To run tcpdump, open a terminal and type: tcpdump -h
-
-tcpflow
-  url: https://github.com/simsong/tcpflow
-  To run tcpflow, open a terminal and type: tcpflow -h
-
-tcpstat
-  url: https://frenchfries.net/paul/tcpstat/
-  To run tcpstat, open a terminal and type: tcpstat -h
-
-tcptrace
-  url: http://www.tcptrace.org
-  To run tcptrace, open a terminal and type: tcptrace -h
-
-tcpxtract
-  url: http://tcpxtract.sourceforge.net/
-  To run tcpxtract, open a terminal and type: tcpxtract -h
-
-whois
-  url: http://www.linux.it/~md/software/
-  To run whois, open a terminal and type: whois -h

salt/common/tools/sbin/so-common

@@ -243,7 +243,7 @@ is_manager_node() {
 is_sensor_node() {
 	# Check to see if this is a sensor (forward) node
 	is_single_node_grid && return 0
-	grep "role: so-" /etc/salt/grains | grep -E "sensor|heavynode|helix" &> /dev/null
+	grep "role: so-" /etc/salt/grains | grep -E "sensor|heavynode" &> /dev/null
 }
 
 is_single_node_grid() {

salt/common/tools/sbin_jinja/so-desktop-install

@@ -26,7 +26,7 @@ if [ -f "$pillar_file" ]; then
         echo "##    _______________________________    ##"
         echo "##                                       ##"
         echo "##    Installing the Security Onion      ##"
-        echo "##   analyst node on this device will    ##"
+        echo "##   Desktop node on this device will    ##"
         echo "##       make permanent changes to       ##"
         echo "##              the system.              ##"
         echo "##    A system reboot will be required   ##"
@@ -42,7 +42,7 @@ if [ -f "$pillar_file" ]; then
     done
 
     if [[ $INSTALL == "no" ]]; then
-      echo "Exiting analyst node installation."
+      echo "Exiting desktop node installation."
       exit 0
     fi
 
@@ -55,7 +55,7 @@ if [ -f "$pillar_file" ]; then
     echo "Applying the desktop state. This could take some time since there are many packages that need to be installed."
     if salt-call state.apply desktop -linfo queue=True; then # make sure the state ran successfully
       echo ""
-      echo "Analyst desktop has been installed!"
+      echo "Desktop desktop has been installed!"
       echo "Press ENTER to reboot or Ctrl-C to cancel."
       read pause
 

salt/desktop/packages.sls

@@ -305,6 +305,6 @@ desktop_packages:
 
 desktop_packages_os_fail:
   test.fail_without_changes:
-    - comment: 'SO Analyst Workstation can only be installed on Rocky'
+    - comment: 'SO desktop can only be installed on Rocky'
 
 {% endif %}

salt/desktop/trusted-ca.sls

@@ -31,6 +31,6 @@ update_ca_certs:
 
 desktop_trusted-ca_os_fail:
   test.fail_without_changes:
-    - comment: 'SO Analyst Workstation can only be installed on CentOS'
+    - comment: 'SO Desktop can only be installed on CentOS'
 
 {% endif %}

salt/desktop/xwindows.sls

@@ -18,6 +18,6 @@ graphical_target:
 
 desktop_xwindows_os_fail:
   test.fail_without_changes:
-    - comment: 'SO Analyst Workstation can only be installed on Rocky'
+    - comment: 'SO Desktop can only be installed on Rocky'
 
 {% endif %}

salt/logstash/enabled.sls

@@ -54,7 +54,7 @@ so-logstash:
       - /opt/so/log/logstash:/var/log/logstash:rw
       - /sys/fs/cgroup:/sys/fs/cgroup:ro
       - /opt/so/conf/logstash/etc/certs:/usr/share/logstash/certs:ro
-      {% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
+      {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
       - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro
       - /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro
       {% endif %}
@@ -62,12 +62,12 @@ so-logstash:
       - /opt/so/conf/elastic-fleet/certs/elasticfleet-logstash.crt:/usr/share/logstash/elasticfleet-logstash.crt:ro
       - /opt/so/conf/elastic-fleet/certs/elasticfleet-logstash.p8:/usr/share/logstash/elasticfleet-logstash.key:ro
       {% endif %}
-      {% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+      {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}
       - /etc/pki/ca.crt:/usr/share/filebeat/ca.crt:ro
       {% else %}
       - /etc/ssl/certs/intca.crt:/usr/share/filebeat/ca.crt:ro
       {% endif %}
-      {% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-searchnode'] %}
+      {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-searchnode'] %}
       - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro
       - /opt/so/conf/ca/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro
       {% endif %}
@@ -91,15 +91,15 @@ so-logstash:
         {% endfor %}
       {% endfor %}
     - require:
-      {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
+      {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
       - x509: etc_filebeat_crt
       {% endif %}
-      {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+      {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}
       - x509: pki_public_ca_crt
       {% else %}
       - x509: trusttheca
       {% endif %}
-      {% if grains.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+      {% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}
       - file: cacertz
       - file: capemz
       {% endif %}

salt/manager/tools/sbin/so-minion

@@ -184,12 +184,12 @@ function add_logstash_to_minion() {
 		"  " >> $PILLARFILE
 }
 
-# Analyst Workstation
+# Security Onion Desktop
-function add_analyst_to_minion() {
+function add_desktop_to_minion() {
     printf '%s\n'\
 		"host:"\
 		"  mainint: '$MNIC'"\
-		"workstation:"\
+		"desktop:"\
 		"  gui:"\
 		"    enabled: true"\
 		"sensoroni:"\

salt/manager/tools/sbin/soup

@@ -840,7 +840,7 @@ main() {
       if [[ $is_airgap -eq 0 ]]; then
         echo ""
         echo "Cleaning repos on remote Security Onion nodes."
-        salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone and G@os:CentOS' cmd.run "yum clean all"
+        salt -C 'not *_eval and not *_manager and not *_managersearch and not *_standalone and G@os:CentOS' cmd.run "yum clean all"
         echo ""
       fi
     fi

salt/redis/enabled.sls

@@ -30,7 +30,7 @@ so-redis:
       - /opt/so/conf/redis/working:/redis:rw
       - /etc/pki/redis.crt:/certs/redis.crt:ro
       - /etc/pki/redis.key:/certs/redis.key:ro
-      {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+      {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}
       - /etc/pki/ca.crt:/certs/ca.crt:ro
       {% else %}
       - /etc/ssl/certs/intca.crt:/certs/ca.crt:ro
@@ -59,7 +59,7 @@ so-redis:
       - file: redisconf
       - x509: redis_crt
       - x509: redis_key
-      {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+      {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}
       - x509: pki_public_ca_crt
       {% else %}
       - x509: trusttheca

salt/ssl/init.sls

@@ -16,7 +16,7 @@
   {% set COMMONNAME = GLOBALS.manager %}
 {% endif %}
 
-{% if grains.id.split('_')|last in ['manager', 'managersearch', 'eval', 'standalone', 'import', 'helixsensor'] %}
+{% if grains.id.split('_')|last in ['manager', 'managersearch', 'eval', 'standalone', 'import'] %}
 include:
   - ca
     {% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %}
@@ -94,7 +94,7 @@ influxkeyperms:
     - mode: 640
     - group: 939
 
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %}
 # Create a cert for Redis encryption
 redis_key:
   x509.private_key_managed:
@@ -332,7 +332,7 @@ eflogstashcrtlink:
 
 {% endif %}
 
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
 etc_filebeat_key:
   x509.private_key_managed:
     - name: /etc/pki/filebeat.key
@@ -554,7 +554,7 @@ msslkeyperms:
 
 {% endif %}
 
-{% if grains['role'] in ['so-sensor', 'so-manager', 'so-searchnode', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-idh', 'so-import', 'so-receiver'] %}
+{% if grains['role'] in ['so-sensor', 'so-manager', 'so-searchnode', 'so-eval', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-idh', 'so-import', 'so-receiver'] %}
    
 fbcertdir:
   file.directory:

salt/telegraf/scripts/helixeps.sh

@@ -1,36 +0,0 @@
-#!/bin/bash
-#
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-
-
-# if this script isn't already running
-if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
-
-  PREVCOUNTFILE='/tmp/helixevents.txt'
-  EVENTCOUNTCURRENT="$(curl -s localhost:9600/_node/stats | jq '.pipelines.helix.events.out')"
-
-  if [ ! -z "$EVENTCOUNTCURRENT" ]; then
-
-    if [ -f "$PREVCOUNTFILE" ]; then
-      EVENTCOUNTPREVIOUS=`cat $PREVCOUNTFILE`
-    else
-      echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE
-      exit 0
-    fi
-
-    echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE
-    EVENTS=$(((EVENTCOUNTCURRENT - EVENTCOUNTPREVIOUS)/30))
-    if [ "$EVENTS" -lt 0 ]; then
-      EVENTS=0
-    fi
-
-    echo "helixeps eps=${EVENTS%%.*}"
-  fi
-
-fi
-
-exit 0

salt/top.sls

@@ -29,7 +29,7 @@ base:
     - salt.lasthighstate
     - docker
 
-  'not *_workstation and G@saltversion:{{saltversion}}':
+  'not *_desktop and G@saltversion:{{saltversion}}':
     - match: compound
     - common
   
@@ -271,10 +271,10 @@ base:
     - schedule
     - docker_clean
 
-  'J@workstation:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )':
+  'J@desktop:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )':
     - match: compound
-    - workstation
+    - desktop
 
-  'J@workstation:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )':
+  'J@desktop:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )':
     - match: compound
-    - workstation.remove_gui
+    - desktop.remove_gui

setup/so-functions

@@ -83,7 +83,7 @@ analyze_system() {
 	logCmd "ip a"
 }
 
-analyst_salt_local() {
+desktop_salt_local() {
 
 	# Install everything using local salt
 	# Set the repo
@@ -93,9 +93,9 @@ analyst_salt_local() {
 	logCmd "yum -y install salt-minion-3004.1 httpd-tools python3 python36-docker python36-dateutil python36-m2crypto python36-mysql python36-packaging python36-lxml yum-utils device-mapper-persistent-data lvm2 openssl jq"
 	logCmd "yum -y update --exclude=salt*"
 
-	logCmd "salt-call state.apply workstation --local --file-root=../salt/ -l info"
+	logCmd "salt-call state.apply desktop --local --file-root=../salt/ -l info"
 	read -r -d '' message <<- EOM
-		Finished Analyst workstation installation.
+		Finished Security Onion Desktop installation.
 
 		Press the Enter key to reboot.
 	EOM
@@ -106,19 +106,20 @@ analyst_salt_local() {
 
 }
 
-analyst_workstation_pillar() {
+desktop_pillar() {
 
 	local pillar_file=$local_salt_dir/pillar/minions/$MINION_ID.sls
 
-	# Create the analyst workstation pillar
+	# Create the desktop pillar
 	printf '%s\n'\
 		"host:"\
 		"  mainint: '$MNIC'"\
-		"workstation:"\
+		"desktop:"\
 		"  gui:"\
 		"    enabled: true" >> "$pillar_file"\
 		"sensoroni:"\
-		"  node_description: '${NODE_DESCRIPTION//\'/''}'" > $pillar_file
+		"  config:"\
+		"    node_description: '${NODE_DESCRIPTION//\'/''}'" > $pillar_file
 }
 
 calculate_useable_cores() {
@@ -603,8 +604,8 @@ collect_webuser_inputs() {
 
 configure_minion() {
 	local minion_type=$1
-	if [[ $is_analyst ]]; then 
+	if [[ $is_desktop ]]; then 
-		minion_type=workstation
+		minion_type=desktop
 	fi
 	info "Configuring minion type as $minion_type" 
 	echo "role: so-$minion_type" > /etc/salt/grains
@@ -1585,7 +1586,7 @@ network_init() {
 	title "Initializing Network"
 	disable_ipv6
 	set_hostname
-	if [[ ( $is_iso || $is_analyst_iso ) ]]; then
+	if [[ ( $is_iso || $is_desktop_iso ) ]]; then
 		set_management_interface
 	fi
 }
@@ -1697,9 +1698,9 @@ process_installtype() {
 		is_import=true
 	elif [ "$install_type" = 'RECEIVER' ]; then
 		is_receiver=true
-	elif [ "$install_type" = 'ANALYST' ]; then
+	elif [ "$install_type" = 'DESKTOP' ]; then
-		if [ "$setup_type" != 'analyst' ]; then
+		if [ "$setup_type" != 'desktop' ]; then
-			exec bash so-setup analyst
+			exec bash so-setup desktop
 		fi
 	fi
 
@@ -2107,10 +2108,10 @@ set_path() {
 set_minion_info() {
 	short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')
 
-	if [[ $is_analyst ]]; then
+	if [[ $is_desktop ]]; then
-		MINION_ID=$(echo "${short_name}_workstation" | tr '[:upper:]' '[:lower:]')
+		MINION_ID=$(echo "${short_name}_desktop" | tr '[:upper:]' '[:lower:]')
 	fi
-	if [[ ! $is_analyst ]]; then
+	if [[ ! $is_desktop ]]; then
 		MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]')
 	fi
 	export MINION_ID

setup/so-setup

@@ -65,13 +65,13 @@ done
 # Let's see what OS we are dealing with here
 detect_os
 
-# Check to see if this is the setup type of "analyst".
+# Check to see if this is the setup type of "desktop".
-is_analyst=
+is_desktop=
-if [ "$setup_type" = 'analyst' ]; then
+if [ "$setup_type" = 'desktop' ]; then
-	is_analyst=true
+	is_desktop=true
 	# Check to see if this is an ISO. Usually this dir on exists on ISO installs.
 	if [ -d /root/SecurityOnion ]; then
-		is_analyst_iso=true
+		is_desktop_iso=true
 	fi
 fi
 
@@ -86,19 +86,19 @@ if [[ "$setup_type" == 'iso' ]]; then
 	fi
 fi
 
-# Check to see if this is an analyst install. If it is let's run things differently
+# Check to see if this is an desktop install. If it is let's run things differently
-if [[ $is_analyst ]]; then
+if [[ $is_desktop ]]; then
-	title "This is an analyst workstation install"
+	title "This is a desktop install"
 
 	# Make sure it's CentOS or Rocky Linux
-	if [[ ! $is_centos ]]; then
+	if [[ ! $is_rocky ]]; then
-		info "Analyst Workstation is only supported on CentOS 7 or Rocky Linux 8"
+		info "Security Onion Desktop is only supported on Rocky Linux 9"
 		exit 1
 	fi
 
-	if ! whiptail_analyst_install; then
+	if ! whiptail_desktop_install; then
-		if [[ $is_analyst_iso ]]; then
+		if [[ $is_desktop_iso ]]; then
-			if whiptail_analyst_nongrid_iso; then
+			if whiptail_desktop_nongrid_iso; then
 				# Remove setup from auto launching
 				parse_install_username
 				sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
@@ -111,13 +111,13 @@ if [[ $is_analyst ]]; then
 				exit 0
 			fi
 		else
-			if whiptail_analyst_nongrid_network; then
+			if whiptail_desktop_nongrid_network; then
 				info ""
 				info ""
-				info "Kicking off the automated setup of the analyst workstation. This can take a while depending on your network connection."
+				info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection."
 				info ""
 				info ""
-				analyst_salt_local
+				desktop_salt_local
 			else
 				# Abort!
 				exit 0
@@ -231,11 +231,11 @@ fi
 
 # Make sure the setup type is suppoted.
 case "$setup_type" in
-	iso | network | analyst) # Accepted values
+	iso | network | desktop) # Accepted values
 		info "Beginning Security Onion $setup_type install"
 		;;
 	*)
-		error "Invalid install type, must be 'iso', 'network' or 'analyst'."
+		error "Invalid install type, must be 'iso', 'network' or 'desktop'."
 		fail_setup
 		;;
 esac
@@ -277,11 +277,11 @@ if ! [[ -f $install_opt_file ]]; then
 		info "User cancelled setup."
 		whiptail_cancel
 	fi
-	# If this is an analyst install lets streamline the process. 
+	# If this is an desktop install lets streamline the process. 
-	if [[ $is_analyst ]]; then
+	if [[ $is_desktop ]]; then
 		# Prompt for hostname
 		collect_hostname
-		if [[ $is_analyst_iso ]]; then
+		if [[ $is_desktop_iso ]]; then
 			# Prompt Network Setup
 			whiptail_management_nic
 			whiptail_dhcp_or_static
@@ -294,7 +294,7 @@ if ! [[ -f $install_opt_file ]]; then
 			fi
 		
 		fi
-		if [[ ! $is_analyst_iso ]]; then
+		if [[ ! $is_desktop_iso ]]; then
 			# This should be a network install
 			whiptail_network_notice
 			# Warn about the dangers of DHCP
@@ -326,7 +326,7 @@ if ! [[ -f $install_opt_file ]]; then
 			true
 		fi
 	fi
-	if [[ ! $is_analyst ]]; then
+	if [[ ! $is_desktop ]]; then
 		whiptail_install_type
 	fi
 else

setup/so-whiptail

@@ -27,15 +27,15 @@ whiptail_airgap() {
 	fi
 }
 
-whiptail_analyst_install() {
+whiptail_desktop_install() {
 
 	[ -n "$TESTING" ] && return
 
 	read -r -d '' message <<- EOM
 	
-	Welcome to the Security Onion Analyst Workstation install!
+	Welcome to the Security Onion Desktop install!
 
-	Would you like to join this workstation to an existing grid?
+	Would you like to join this desktop to an existing grid?
 
 	EOM
 	whiptail --title "$whiptail_title" \
@@ -43,13 +43,13 @@ whiptail_analyst_install() {
 
 }
 
-whiptail_analyst_nongrid_iso() {
+whiptail_desktop_nongrid_iso() {
 
 	[ -n "$TESTING" ] && return
 
 	read -r -d '' message <<- EOM
 	
-	You have selected this Analyst workstation to be independent.
+	You have selected this Security Onion Desktop to be independent.
 
 	Would you still like to have the graphical interface loaded at boot?
 
@@ -61,13 +61,13 @@ whiptail_analyst_nongrid_iso() {
 
 }
 
-whiptail_analyst_nongrid_network() {
+whiptail_desktop_nongrid_network() {
 
 	[ -n "$TESTING" ] && return
 
 	read -r -d '' message <<- EOM
 	
-	You have selected this Analyst workstation to be independent.
+	You have selected this Security Onion Desktop to be independent.
 
 	Would you still like to install and load the graphical interface?
 
@@ -651,9 +651,9 @@ whiptail_install_type_dist_existing() {
 		is_import=true
 	elif [ "$install_type" = 'RECEIVER' ]; then
 		is_receiver=true
-	elif [ "$install_type" = 'ANALYST' ]; then
+	elif [ "$install_type" = 'DESKTOP' ]; then
-		if [ "$setup_type" != 'analyst' ]; then
+		if [ "$setup_type" != 'desktop' ]; then
-			exec bash so-setup analyst
+			exec bash so-setup desktop
 		fi
 	fi
 
@@ -668,10 +668,7 @@ whiptail_install_type_other() {
 
 	install_type=$(whiptail --title "$whiptail_title" --menu \
 		"Choose node type:" 10 65 2 \
-		"ANALYST" "Setup will run 'so-setup analyst' " \
+		"DESKTOP" "Setup will run 'so-setup desktop' " 3>&1 1>&2 2>&3)
-		"HELIXSENSOR" "Create a Helix sensor " \
-		3>&1 1>&2 2>&3
-		)
 	
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus

so-desktop-install

@@ -8,4 +8,4 @@
 
 cd "$(dirname "$0")/setup" || exit 255
 
-./so-setup analyst "$@"
+./so-setup desktop "$@"