Merge pull request #10667 from Security-Onion-Solutions/desktop

Fix some installs
2025-12-06 09:12:45 +01:00 · 2023-06-26 18:51:55 -04:00
parent d70371c540 6adef20a06
commit 984971c63c
22 changed files with 82 additions and 216 deletions
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -51,23 +51,6 @@
          'tcpreplay',
          'docker_clean'
          ],
      'so-helixsensor': [
          'salt.master',
          'ca',
          'ssl',
          'registry',
          'telegraf',
          'firewall',
          'idstools',
          'suricata.manager',
          'zeek',
          'redis',
          'elasticsearch',
          'logstash',
          'schedule',
          'tcpreplay',
          'docker_clean'
          ],
     'so-idh': [
          'ssl',
          'telegraf',
@@ -204,7 +187,7 @@
          'schedule',
          'docker_clean'
          ],
-      'so-workstation': [
+      'so-desktop': [
          ],
  }, grain='role') %}
@@ -245,7 +228,7 @@
    {% do allowed_states.append('playbook') %}
  {% endif %}
-  {% if grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
+  {% if grains.role in ['so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
    {% do allowed_states.append('logstash') %}
  {% endif %}
--- a/salt/common/files/analyst/README
+++ b/salt/common/files/analyst/README
@@ -1,79 +0,0 @@
 The following GUI tools are available on the analyst workstation:
 chromium
  url: https://www.chromium.org/Home
  To run chromium, click Applications > Internet > Chromium Web Browser
 Wireshark
  url: https://www.wireshark.org/
  To run Wireshark, click Applications > Internet > Wireshark Network Analyzer
 NetworkMiner
  url: https://www.netresec.com
  To run NetworkMiner, click Applications > Internet > NetworkMiner
 The following CLI tools are available on the analyst workstation:
 bit-twist
  url: http://bittwist.sourceforge.net
  To run bit-twist, open a terminal and type: bittwist -h
 chaosreader
  url: http://chaosreader.sourceforge.net
  To run chaosreader, open a terminal and type: chaosreader -h
 dnsiff
  url: https://www.monkey.org/~dugsong/dsniff/
  To run dsniff, open a terminal and type: dsniff -h
 foremost
  url: http://foremost.sourceforge.net
  To run foremost, open a terminal and type: foremost -h
 hping3
  url: http://www.hping.org/hping3.html
  To run hping3, open a terminal and type: hping3 -h
 netsed
  url: http://silicone.homelinux.org/projects/netsed/
  To run netsed, open a terminal and type: netsed -h
 ngrep
  url: https://github.com/jpr5/ngrep
  To run ngrep, open a terminal and type: ngrep -h
 scapy
  url: http://www.secdev.org/projects/scapy/
  To run scapy, open a terminal and type: scapy
 ssldump
  url: http://www.rtfm.com/ssldump/
  To run ssldump, open a terminal and type: ssldump -h
 sslsplit
  url: https://github.com/droe/sslsplit
  To run sslsplit, open a terminal and type: sslsplit -h
 tcpdump
  url: http://www.tcpdump.org
  To run tcpdump, open a terminal and type: tcpdump -h
 tcpflow
  url: https://github.com/simsong/tcpflow
  To run tcpflow, open a terminal and type: tcpflow -h
 tcpstat
  url: https://frenchfries.net/paul/tcpstat/
  To run tcpstat, open a terminal and type: tcpstat -h
 tcptrace
  url: http://www.tcptrace.org
  To run tcptrace, open a terminal and type: tcptrace -h
 tcpxtract
  url: http://tcpxtract.sourceforge.net/
  To run tcpxtract, open a terminal and type: tcpxtract -h
 whois
  url: http://www.linux.it/~md/software/
  To run whois, open a terminal and type: whois -h
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -243,7 +243,7 @@ is_manager_node() {
 is_sensor_node() {
 	# Check to see if this is a sensor (forward) node
 	is_single_node_grid && return 0
-	grep "role: so-" /etc/salt/grains | grep -E "sensor|heavynode|helix" &> /dev/null
+	grep "role: so-" /etc/salt/grains | grep -E "sensor|heavynode" &> /dev/null
 }
 is_single_node_grid() {
--- a/salt/common/tools/sbin_jinja/so-desktop-install
+++ b/salt/common/tools/sbin_jinja/so-desktop-install
@@ -26,7 +26,7 @@ if [ -f "$pillar_file" ]; then
        echo "##    _______________________________    ##"
        echo "##                                       ##"
        echo "##    Installing the Security Onion      ##"
-        echo "##   analyst node on this device will    ##"
+        echo "##   Desktop node on this device will    ##"
        echo "##       make permanent changes to       ##"
        echo "##              the system.              ##"
        echo "##    A system reboot will be required   ##"
@@ -42,7 +42,7 @@ if [ -f "$pillar_file" ]; then
    done
    if [[ $INSTALL == "no" ]]; then
-      echo "Exiting analyst node installation."
+      echo "Exiting desktop node installation."
      exit 0
    fi
@@ -55,7 +55,7 @@ if [ -f "$pillar_file" ]; then
    echo "Applying the desktop state. This could take some time since there are many packages that need to be installed."
    if salt-call state.apply desktop -linfo queue=True; then # make sure the state ran successfully
      echo ""
-      echo "Analyst desktop has been installed!"
+      echo "Desktop desktop has been installed!"
      echo "Press ENTER to reboot or Ctrl-C to cancel."
      read pause
--- a/salt/common/files/analyst/so-lockscreen.jpg
+++ b/salt/common/files/analyst/so-lockscreen.jpg
--- a/salt/common/files/analyst/so-login-logo-dark.svg
+++ b/salt/common/files/analyst/so-login-logo-dark.svg
--- a/salt/common/files/analyst/so-login-logo.svg
+++ b/salt/common/files/analyst/so-login-logo.svg
--- a/salt/common/files/analyst/so-wallpaper.jpg
+++ b/salt/common/files/analyst/so-wallpaper.jpg
--- a/salt/desktop/packages.sls
+++ b/salt/desktop/packages.sls
@@ -305,6 +305,6 @@ desktop_packages:
 desktop_packages_os_fail:
  test.fail_without_changes:
-    - comment: 'SO Analyst Workstation can only be installed on Rocky'
+    - comment: 'SO desktop can only be installed on Rocky'
 {% endif %}
--- a/salt/desktop/trusted-ca.sls
+++ b/salt/desktop/trusted-ca.sls
@@ -31,6 +31,6 @@ update_ca_certs:
 desktop_trusted-ca_os_fail:
  test.fail_without_changes:
-    - comment: 'SO Analyst Workstation can only be installed on CentOS'
+    - comment: 'SO Desktop can only be installed on CentOS'
 {% endif %}
--- a/salt/desktop/xwindows.sls
+++ b/salt/desktop/xwindows.sls
@@ -18,6 +18,6 @@ graphical_target:
 desktop_xwindows_os_fail:
  test.fail_without_changes:
-    - comment: 'SO Analyst Workstation can only be installed on Rocky'
+    - comment: 'SO Desktop can only be installed on Rocky'
 {% endif %}
--- a/salt/logstash/enabled.sls
+++ b/salt/logstash/enabled.sls
@@ -54,7 +54,7 @@ so-logstash:
      - /opt/so/log/logstash:/var/log/logstash:rw
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
      - /opt/so/conf/logstash/etc/certs:/usr/share/logstash/certs:ro
-      {% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
+      {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
      - /etc/pki/filebeat.crt:/usr/share/logstash/filebeat.crt:ro
      - /etc/pki/filebeat.p8:/usr/share/logstash/filebeat.key:ro
      {% endif %}
@@ -62,12 +62,12 @@ so-logstash:
      - /opt/so/conf/elastic-fleet/certs/elasticfleet-logstash.crt:/usr/share/logstash/elasticfleet-logstash.crt:ro
      - /opt/so/conf/elastic-fleet/certs/elasticfleet-logstash.p8:/usr/share/logstash/elasticfleet-logstash.key:ro
      {% endif %}
-      {% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+      {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}
      - /etc/pki/ca.crt:/usr/share/filebeat/ca.crt:ro
      {% else %}
      - /etc/ssl/certs/intca.crt:/usr/share/filebeat/ca.crt:ro
      {% endif %}
-      {% if GLOBALS.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-searchnode'] %}
+      {% if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-searchnode'] %}
      - /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro
      - /opt/so/conf/ca/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro
      {% endif %}
@@ -91,15 +91,15 @@ so-logstash:
        {% endfor %}
      {% endfor %}
    - require:
-      {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
+      {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
      - x509: etc_filebeat_crt
      {% endif %}
-      {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+      {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}
      - x509: pki_public_ca_crt
      {% else %}
      - x509: trusttheca
      {% endif %}
-      {% if grains.role in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+      {% if grains.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}
      - file: cacertz
      - file: capemz
      {% endif %}
--- a/salt/manager/tools/sbin/so-minion
+++ b/salt/manager/tools/sbin/so-minion
@@ -184,12 +184,12 @@ function add_logstash_to_minion() {
 		"  " >> $PILLARFILE
 }
-# Analyst Workstation
+# Security Onion Desktop
-function add_analyst_to_minion() {
+function add_desktop_to_minion() {
    printf '%s\n'\
 		"host:"\
 		"  mainint: '$MNIC'"\
-		"workstation:"\
+		"desktop:"\
 		"  gui:"\
 		"    enabled: true"\
 		"sensoroni:"\
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -840,7 +840,7 @@ main() {
      if [[ $is_airgap -eq 0 ]]; then
        echo ""
        echo "Cleaning repos on remote Security Onion nodes."
-        salt -C 'not *_eval and not *_helixsensor and not *_manager and not *_managersearch and not *_standalone and G@os:CentOS' cmd.run "yum clean all"
+        salt -C 'not *_eval and not *_manager and not *_managersearch and not *_standalone and G@os:CentOS' cmd.run "yum clean all"
        echo ""
      fi
    fi
--- a/salt/redis/enabled.sls
+++ b/salt/redis/enabled.sls
@@ -30,7 +30,7 @@ so-redis:
      - /opt/so/conf/redis/working:/redis:rw
      - /etc/pki/redis.crt:/certs/redis.crt:ro
      - /etc/pki/redis.key:/certs/redis.key:ro
-      {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+      {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}
      - /etc/pki/ca.crt:/certs/ca.crt:ro
      {% else %}
      - /etc/ssl/certs/intca.crt:/certs/ca.crt:ro
@@ -59,7 +59,7 @@ so-redis:
      - file: redisconf
      - x509: redis_crt
      - x509: redis_key
-      {% if grains['role'] in ['so-manager', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import'] %}
+      {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-import'] %}
      - x509: pki_public_ca_crt
      {% else %}
      - x509: trusttheca
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -16,7 +16,7 @@
  {% set COMMONNAME = GLOBALS.manager %}
 {% endif %}
-{% if grains.id.split('_')|last in ['manager', 'managersearch', 'eval', 'standalone', 'import', 'helixsensor'] %}
+{% if grains.id.split('_')|last in ['manager', 'managersearch', 'eval', 'standalone', 'import'] %}
 include:
  - ca
    {% set trusttheca_text = salt['cp.get_file_str']('/etc/pki/ca.crt')|replace('\n', '') %}
@@ -94,7 +94,7 @@ influxkeyperms:
    - mode: 640
    - group: 939
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-fleet', 'so-receiver'] %}
 # Create a cert for Redis encryption
 redis_key:
  x509.private_key_managed:
@@ -332,7 +332,7 @@ eflogstashcrtlink:
 {% endif %}
-{% if grains['role'] in ['so-manager', 'so-eval', 'so-helix', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
+{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone', 'so-import', 'so-heavynode', 'so-receiver'] %}
 etc_filebeat_key:
  x509.private_key_managed:
    - name: /etc/pki/filebeat.key
@@ -554,7 +554,7 @@ msslkeyperms:
 {% endif %}
-{% if grains['role'] in ['so-sensor', 'so-manager', 'so-searchnode', 'so-eval', 'so-helix', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-idh', 'so-import', 'so-receiver'] %}
+{% if grains['role'] in ['so-sensor', 'so-manager', 'so-searchnode', 'so-eval', 'so-managersearch', 'so-heavynode', 'so-fleet', 'so-standalone', 'so-idh', 'so-import', 'so-receiver'] %}
 fbcertdir:
  file.directory:
--- a/salt/telegraf/scripts/helixeps.sh
+++ b/salt/telegraf/scripts/helixeps.sh
@@ -1,36 +0,0 @@
 #!/bin/bash
 #
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 # if this script isn't already running
 if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
  PREVCOUNTFILE='/tmp/helixevents.txt'
  EVENTCOUNTCURRENT="$(curl -s localhost:9600/_node/stats | jq '.pipelines.helix.events.out')"
  if [ ! -z "$EVENTCOUNTCURRENT" ]; then
    if [ -f "$PREVCOUNTFILE" ]; then
      EVENTCOUNTPREVIOUS=`cat $PREVCOUNTFILE`
    else
      echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE
      exit 0
    fi
    echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE
    EVENTS=$(((EVENTCOUNTCURRENT - EVENTCOUNTPREVIOUS)/30))
    if [ "$EVENTS" -lt 0 ]; then
      EVENTS=0
    fi
    echo "helixeps eps=${EVENTS%%.*}"
  fi
 fi
 exit 0
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -29,7 +29,7 @@ base:
    - salt.lasthighstate
    - docker
-  'not *_workstation and G@saltversion:{{saltversion}}':
+  'not *_desktop and G@saltversion:{{saltversion}}':
    - match: compound
    - common
@@ -271,10 +271,10 @@ base:
    - schedule
    - docker_clean
-  'J@workstation:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )':
+  'J@desktop:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )':
    - match: compound
-    - workstation
+    - desktop
-  'J@workstation:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )':
+  'J@desktop:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:Rocky )':
    - match: compound
-    - workstation.remove_gui
+    - desktop.remove_gui
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -83,7 +83,7 @@ analyze_system() {
 	logCmd "ip a"
 }
-analyst_salt_local() {
+desktop_salt_local() {
 	# Install everything using local salt
 	# Set the repo
@@ -93,9 +93,9 @@ analyst_salt_local() {
 	logCmd "yum -y install salt-minion-3004.1 httpd-tools python3 python36-docker python36-dateutil python36-m2crypto python36-mysql python36-packaging python36-lxml yum-utils device-mapper-persistent-data lvm2 openssl jq"
 	logCmd "yum -y update --exclude=salt*"
-	logCmd "salt-call state.apply workstation --local --file-root=../salt/ -l info"
+	logCmd "salt-call state.apply desktop --local --file-root=../salt/ -l info"
 	read -r -d '' message <<- EOM
-		Finished Analyst workstation installation.
+		Finished Security Onion Desktop installation.
 		Press the Enter key to reboot.
 	EOM
@@ -106,19 +106,20 @@ analyst_salt_local() {
 }
-analyst_workstation_pillar() {
+desktop_pillar() {
 	local pillar_file=$local_salt_dir/pillar/minions/$MINION_ID.sls
-	# Create the analyst workstation pillar
+	# Create the desktop pillar
 	printf '%s\n'\
 		"host:"\
 		"  mainint: '$MNIC'"\
-		"workstation:"\
+		"desktop:"\
 		"  gui:"\
 		"    enabled: true" >> "$pillar_file"\
 		"sensoroni:"\
-		"  node_description: '${NODE_DESCRIPTION//\'/''}'" > $pillar_file
+		"  config:"\
 		"    node_description: '${NODE_DESCRIPTION//\'/''}'" > $pillar_file
 }
 calculate_useable_cores() {
@@ -603,8 +604,8 @@ collect_webuser_inputs() {
 configure_minion() {
 	local minion_type=$1
-	if [[ $is_analyst ]]; then 
+	if [[ $is_desktop ]]; then 
-		minion_type=workstation
+		minion_type=desktop
 	fi
 	info "Configuring minion type as $minion_type" 
 	echo "role: so-$minion_type" > /etc/salt/grains
@@ -1585,7 +1586,7 @@ network_init() {
 	title "Initializing Network"
 	disable_ipv6
 	set_hostname
-	if [[ ( $is_iso || $is_analyst_iso ) ]]; then
+	if [[ ( $is_iso || $is_desktop_iso ) ]]; then
 		set_management_interface
 	fi
 }
@@ -1697,9 +1698,9 @@ process_installtype() {
 		is_import=true
 	elif [ "$install_type" = 'RECEIVER' ]; then
 		is_receiver=true
-	elif [ "$install_type" = 'ANALYST' ]; then
+	elif [ "$install_type" = 'DESKTOP' ]; then
-		if [ "$setup_type" != 'analyst' ]; then
+		if [ "$setup_type" != 'desktop' ]; then
-			exec bash so-setup analyst
+			exec bash so-setup desktop
 		fi
 	fi
@@ -2107,10 +2108,10 @@ set_path() {
 set_minion_info() {
 	short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')
-	if [[ $is_analyst ]]; then
+	if [[ $is_desktop ]]; then
-		MINION_ID=$(echo "${short_name}_workstation" | tr '[:upper:]' '[:lower:]')
+		MINION_ID=$(echo "${short_name}_desktop" | tr '[:upper:]' '[:lower:]')
 	fi
-	if [[ ! $is_analyst ]]; then
+	if [[ ! $is_desktop ]]; then
 		MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]')
 	fi
 	export MINION_ID
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -65,13 +65,13 @@ done
 # Let's see what OS we are dealing with here
 detect_os
-# Check to see if this is the setup type of "analyst".
+# Check to see if this is the setup type of "desktop".
-is_analyst=
+is_desktop=
-if [ "$setup_type" = 'analyst' ]; then
+if [ "$setup_type" = 'desktop' ]; then
-	is_analyst=true
+	is_desktop=true
 	# Check to see if this is an ISO. Usually this dir on exists on ISO installs.
 	if [ -d /root/SecurityOnion ]; then
-		is_analyst_iso=true
+		is_desktop_iso=true
 	fi
 fi
@@ -86,19 +86,19 @@ if [[ "$setup_type" == 'iso' ]]; then
 	fi
 fi
-# Check to see if this is an analyst install. If it is let's run things differently
+# Check to see if this is an desktop install. If it is let's run things differently
-if [[ $is_analyst ]]; then
+if [[ $is_desktop ]]; then
-	title "This is an analyst workstation install"
+	title "This is a desktop install"
 	# Make sure it's CentOS or Rocky Linux
-	if [[ ! $is_centos ]]; then
+	if [[ ! $is_rocky ]]; then
-		info "Analyst Workstation is only supported on CentOS 7 or Rocky Linux 8"
+		info "Security Onion Desktop is only supported on Rocky Linux 9"
 		exit 1
 	fi
-	if ! whiptail_analyst_install; then
+	if ! whiptail_desktop_install; then
-		if [[ $is_analyst_iso ]]; then
+		if [[ $is_desktop_iso ]]; then
-			if whiptail_analyst_nongrid_iso; then
+			if whiptail_desktop_nongrid_iso; then
 				# Remove setup from auto launching
 				parse_install_username
 				sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1
@@ -111,13 +111,13 @@ if [[ $is_analyst ]]; then
 				exit 0
 			fi
 		else
-			if whiptail_analyst_nongrid_network; then
+			if whiptail_desktop_nongrid_network; then
 				info ""
 				info ""
-				info "Kicking off the automated setup of the analyst workstation. This can take a while depending on your network connection."
+				info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection."
 				info ""
 				info ""
-				analyst_salt_local
+				desktop_salt_local
 			else
 				# Abort!
 				exit 0
@@ -231,11 +231,11 @@ fi
 # Make sure the setup type is suppoted.
 case "$setup_type" in
-	iso | network | analyst) # Accepted values
+	iso | network | desktop) # Accepted values
 		info "Beginning Security Onion $setup_type install"
 		;;
 	*)
-		error "Invalid install type, must be 'iso', 'network' or 'analyst'."
+		error "Invalid install type, must be 'iso', 'network' or 'desktop'."
 		fail_setup
 		;;
 esac
@@ -277,11 +277,11 @@ if ! [[ -f $install_opt_file ]]; then
 		info "User cancelled setup."
 		whiptail_cancel
 	fi
-	# If this is an analyst install lets streamline the process. 
+	# If this is an desktop install lets streamline the process. 
-	if [[ $is_analyst ]]; then
+	if [[ $is_desktop ]]; then
 		# Prompt for hostname
 		collect_hostname
-		if [[ $is_analyst_iso ]]; then
+		if [[ $is_desktop_iso ]]; then
 			# Prompt Network Setup
 			whiptail_management_nic
 			whiptail_dhcp_or_static
@@ -294,7 +294,7 @@ if ! [[ -f $install_opt_file ]]; then
 			fi
 		fi
-		if [[ ! $is_analyst_iso ]]; then
+		if [[ ! $is_desktop_iso ]]; then
 			# This should be a network install
 			whiptail_network_notice
 			# Warn about the dangers of DHCP
@@ -326,7 +326,7 @@ if ! [[ -f $install_opt_file ]]; then
 			true
 		fi
 	fi
-	if [[ ! $is_analyst ]]; then
+	if [[ ! $is_desktop ]]; then
 		whiptail_install_type
 	fi
 else
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -27,15 +27,15 @@ whiptail_airgap() {
 	fi
 }
-whiptail_analyst_install() {
+whiptail_desktop_install() {
 	[ -n "$TESTING" ] && return
 	read -r -d '' message <<- EOM
-	Welcome to the Security Onion Analyst Workstation install!
+	Welcome to the Security Onion Desktop install!
-	Would you like to join this workstation to an existing grid?
+	Would you like to join this desktop to an existing grid?
 	EOM
 	whiptail --title "$whiptail_title" \
@@ -43,13 +43,13 @@ whiptail_analyst_install() {
 }
-whiptail_analyst_nongrid_iso() {
+whiptail_desktop_nongrid_iso() {
 	[ -n "$TESTING" ] && return
 	read -r -d '' message <<- EOM
-	You have selected this Analyst workstation to be independent.
+	You have selected this Security Onion Desktop to be independent.
 	Would you still like to have the graphical interface loaded at boot?
@@ -61,13 +61,13 @@ whiptail_analyst_nongrid_iso() {
 }
-whiptail_analyst_nongrid_network() {
+whiptail_desktop_nongrid_network() {
 	[ -n "$TESTING" ] && return
 	read -r -d '' message <<- EOM
-	You have selected this Analyst workstation to be independent.
+	You have selected this Security Onion Desktop to be independent.
 	Would you still like to install and load the graphical interface?
@@ -651,9 +651,9 @@ whiptail_install_type_dist_existing() {
 		is_import=true
 	elif [ "$install_type" = 'RECEIVER' ]; then
 		is_receiver=true
-	elif [ "$install_type" = 'ANALYST' ]; then
+	elif [ "$install_type" = 'DESKTOP' ]; then
-		if [ "$setup_type" != 'analyst' ]; then
+		if [ "$setup_type" != 'desktop' ]; then
-			exec bash so-setup analyst
+			exec bash so-setup desktop
 		fi
 	fi
@@ -668,10 +668,7 @@ whiptail_install_type_other() {
 	install_type=$(whiptail --title "$whiptail_title" --menu \
 		"Choose node type:" 10 65 2 \
-		"ANALYST" "Setup will run 'so-setup analyst' " \
+		"DESKTOP" "Setup will run 'so-setup desktop' " 3>&1 1>&2 2>&3)
 		"HELIXSENSOR" "Create a Helix sensor " \
 		3>&1 1>&2 2>&3
 		)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
--- a/2
+++ b/2
@@ -8,4 +8,4 @@
 cd "$(dirname "$0")/setup" || exit 255
-./so-setup analyst "$@"
+./so-setup desktop "$@"
`@@ -8,4 +8,4 @@`

	`cd "$(dirname "$0")/setup" \|\| exit 255`	`cd "$(dirname "$0")/setup" \|\| exit 255`

	`./so-setup analyst "$@"`	`./so-setup desktop "$@"`