Add initial analyst install option to so-setup

setup/so-functions

@@ -138,6 +138,26 @@ analyze_system() {
 	logCmd "ip a"
 }
 
+analyst_workstation_pillar() {
+
+	local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
+
+	# Create the analyst workstation pillar
+	printf '%s\n'\
+	    "host:"\
+        "  mainint: '$INTERFACE'"\
+        "patch:"\
+        "  os:"\
+		"    source: $source"\
+        "    enabled: true"\
+        "    schedule_name: '$PATCHSCHEDULENAME'"\
+		"    splay: 300"\
+        "workstation:"\
+		"  gui:"\
+        "    enabled: true" >> "$pillar_file"
+
+}
+
 calculate_useable_cores() {
 
 	# Calculate reasonable core usage
@@ -1108,6 +1128,7 @@ detect_os() {
 	echo "Detecting Base OS" >> "$log" 2>&1
 	if [ -f /etc/redhat-release ]; then
 		OS=centos
+		is_centos=true
 		if grep -q "CentOS Linux release 7" /etc/redhat-release; then
 			OSVER=7
 		elif grep -q "CentOS Linux release 8" /etc/redhat-release; then
@@ -1207,7 +1228,7 @@ disable_ipv6() {
 
 docker_install() {
 
-	if [ $OS = 'centos' ]; then
+	if [[ $is_centos ]]; then
 		logCmd "yum clean expire-cache"
 		if [[ ! $is_iso ]]; then
 			logCmd "yum -y install docker-ce-20.10.5-3.el7 docker-ce-cli-20.10.5-3.el7 docker-ce-rootless-extras-20.10.5-3.el7 containerd.io-1.4.4-3.1.el7"
@@ -1759,7 +1780,7 @@ manager_global() {
 		"  rules: 1" >> "$global_pillar"
 		if [[ $is_airgap ]]; then
 		    printf '%s\n'\
-			    "  repos:"\
+			    "  repos:"\'$PATCHSCHEDULENAME'
 			    "    - 'https://$HOSTNAME/repo/rules/strelka'" >> "$global_pillar"
 	    else 
 		    printf '%s\n'\
@@ -1785,7 +1806,7 @@ manager_global() {
 
 	printf '%s\n'\
 		"  replicas: 0"\
-		"  discovery_nodes: 1"\
+		"  discovery_nodes: 1"\'$PATCHSCHEDULENAME'
 		"  hot_warm_enabled: False"\
 		"  cluster_routing_allocation_disk.threshold_enabled: true"\
 		"  cluster_routing_allocation_disk_watermark_low: '95%'"\
@@ -1805,8 +1826,7 @@ manager_global() {
                 "      index_template:"\
                 "        template:"\
                 "          settings:"\
-                "            index:"\
+                "            index:"\'$PATCHSCHEDULENAME'
-                "              number_of_shards: 1"\
 		"      warm: 7"\
 		"      close: 30"\
 		"      delete: 365"\
@@ -2178,7 +2198,7 @@ reset_proxy() {
 
 	[[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig
 	
-	if [[ $OS == 'centos' ]]; then
+	if [[ $is_centos ]]; then
 		sed -i "/proxy=/d" /etc/yum.conf
 	else
 		[[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf
@@ -2206,7 +2226,7 @@ backup_dir() {
 
 remove_package() {
 	local package_name=$1
-	if [ $OS = 'centos' ]; then
+	if [[ $is_centos ]]; then
 		if rpm -qa | grep -q "$package_name"; then
 			logCmd "yum remove -y $package_name"
 		fi
@@ -2371,7 +2391,7 @@ secrets_pillar(){
 
 securityonion_repo() {
 	# Remove all the current repos
-	if [[ "$OS" == "centos" ]]; then
+	if [[ $is_centos ]]; then
 		if [[ "$INTERWEBS" == "AIRGAP" ]]; then
 			echo "This is airgap I don't need to add this repo"
 		else
@@ -2462,7 +2482,7 @@ set_proxy() {
 		"}" > /root/.docker/config.json
 
 	# Set proxy for package manager
-	if [ "$OS" = 'centos' ]; then
+	if [[ $is_centos ]]; then
 		echo "proxy=$so_proxy" >> /etc/yum.conf
 	else
 		# Set it up so the updates roll through the manager
@@ -2741,7 +2761,7 @@ set_redirect() {
 
 set_updates() {
 	if [ "$MANAGERUPDATES" = '1' ]; then
-		if [ "$OS" = 'centos' ]; then
+		if [[ $is_centos ]]; then
 			if [[ ! $is_airgap ]] && ! ( grep -q "$MSRV" /etc/yum.conf); then
 				if grep -q "proxy=" /etc/yum.conf; then
 					sed -i "s/proxy=.*/proxy=http:\/\/$MSRV:3142/" /etc/yum.conf
@@ -2808,7 +2828,7 @@ update_sudoers() {
 }
 
 update_packages() {
-	if [ "$OS" = 'centos' ]; then
+	if [[ $is_centos ]]; then
 	    logCmd "yum repolist"
         logCmd "yum -y update --exclude=salt*,wazuh*,docker*,containerd*"
 	else

setup/so-setup

@@ -72,15 +72,37 @@ done
 
 detect_os
 
+if [ "$setup_type" = 'analyst' ]; then
+    is_analyst=true
+fi
+
 if [[ "$setup_type" == 'iso' ]]; then
-	if [[ "$OS" == 'centos' ]]; then
+	if [[ $is_centos ]]; then
-		is_iso=true
+	    is_iso=true
 	else
 		echo "Only use 'so-setup iso' for an ISO install on CentOS. Please run 'so-setup network' instead."
 		exit 1
 	fi
 fi
 
+# Check to see if this is an analyst install. If it is let's run things differently
+
+if [[ $is_analyst ]]; then
+
+    # Make sure it's CentOS
+    if [[ ! $is_centos ]]; then
+	    echo "Analyst Workstation is only supported on CentOS 7"
+	    exit 1
+	fi
+
+    whiptail_analyst_install
+
+	exit 0
+
+fi
+    
+
+
 if ! [ -f $install_opt_file ] && [ -d /root/manager_setup/securityonion ] && [[ $(pwd) != /root/manager_setup/securityonion/setup ]]; then
 	exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}"
 fi
@@ -674,7 +696,7 @@ echo "1" > /root/accept_changes
 	# Import the gpg keys
 	gpg_rpm_import >> $setup_log 2>&1
 	info "Disabling fastestmirror"
-	[[ $OS == 'centos' ]] && disable_fastestmirror
+	[[ $is_centos ]] && disable_fastestmirror
 	if [[ ! $is_airgap ]]; then
 	    securityonion_repo >> $setup_log 2>&1
 	    update_packages >> $setup_log 2>&1
@@ -817,7 +839,7 @@ echo "1" > /root/accept_changes
 	set_progress_str 61 "$(print_salt_state_apply 'firewall')"
 	salt-call state.apply -l info firewall >> $setup_log 2>&1
 
-	if [ $OS = 'centos' ]; then
+	if [[ $is_centos ]]; then
 		set_progress_str 61 'Installing Yum utilities'
 		salt-call state.apply -l info yum.packages >> $setup_log 2>&1
 	fi

setup/so-whiptail

@@ -33,6 +33,23 @@ whiptail_airgap() {
 	INTERWEBS=$(echo "${INTERWEBS^^}" | tr -d ' ')
 }
 
+whiptail_analyst_install() {
+
+	[ -n "$TESTING" ] && return
+
+	read -r -d '' message <<- EOM
+	
+	Welcome to the Security Onion Anaylst Workstation install!
+
+	You can choose to use join this workstation to an existing grid for managemnt or make it standalone.
+	EOM
+
+	whiptail --title "$whiptail_title" \
+		--yesno "$message" 11 75 \
+		--yes-button "Join" --no-button "Standalone" --defaultno
+
+}
+
 whiptail_avoid_default_hostname() {
 	[ -n "$TESTING" ] && return