From b029d9aca62b9bafd9fb2f1915287bb195967c2b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 22 May 2020 11:40:16 -0400 Subject: [PATCH 01/10] [feat] Initial work for running setup through proxy --- setup/so-functions | 49 ++++++++++++++++++++++++++++++++++++++++++++++ setup/so-setup | 7 ++++++- setup/so-whiptail | 2 +- so-setup-network | 4 ++-- 4 files changed, 58 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index a20953035..1e7bf7951 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -948,6 +948,35 @@ node_pillar() { cat "$pillar_file" >> "$setup_log" 2>&1 } +parse_options() { + case "$1" in + --turbo=*) + local proxy + proxy=$(echo "$1" | awk -F'--turbo=' '{print $2}') + use_proxy "http://$proxy" + ;; + --proxy=*) + echo "Unimplimented" + return + + if [[ $2 != --proxy-user=* ]] || [[ $3 != --proxy-pass=* ]]; then + echo "Invalid options passed for proxy. Order is --proxy-user= --proxy-pass=" + else + local proxy + local user + local password + proxy=$(echo "$1" | awk -F'--proxy=' '{print $2}') + user=$(echo "$2" | awk -F'--proxy-user=' '{print $2}') + password=$(echo "$3" | awk -F'--proxy-pass=' '{print $2}') + + use_proxy "$proxy" "$user" "$password" + fi + ;; + *) + echo "Invalid option" + esac +} + patch_pillar() { local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls @@ -1443,6 +1472,26 @@ update_packages() { fi } +use_proxy() { + local proxy_addr=$1 + #TODO: add options for username + pass + + if [[ $OS == 'centos' ]]; then + printf '%s\n'\ + "proxy=\"$proxy_addr\"" >> /etc/yum.conf + else + printf '%s\n'\ + "Acquire {"\ + "HTTP::proxy \"$proxy_addr\";"\ + "HTTPS::proxy \"$proxy_addr\";"\ + "}" > /etc/apt/apt.conf.d/proxy.conf + fi + mkdir -p /etc/systemd/system/docker.service.d + printf '%s\n'\ + "[Service]"\ + "ExecStart=/usr/bin/dockerd /usr/bin/dockerd -H fd:// --registry-mirror \"$proxy_addr\"" > /etc/systemd/system/docker.service.d/docker.conf +} + ls_heapsize() { if [ "$total_mem" -ge 32000 ]; then diff --git a/setup/so-setup b/setup/so-setup index 406d69763..5ec148208 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -48,7 +48,7 @@ fi setterm -blank 0 -if (whiptail_you_sure); then +if [ "$setup_type" == 'iso' ] || (whiptail_you_sure); then true else echo "User cancelled setup." >> $setup_log 2>&1 @@ -241,6 +241,11 @@ fi whiptail_make_changes +if [[ $# -gt 1 ]]; then + set -- "${@:2}" + parse_options "$@" +fi + if [[ "$setup_type" == 'iso' ]]; then # Init networking so rest of install works set_hostname_iso diff --git a/setup/so-whiptail b/setup/so-whiptail index cfe00b67b..559f791b7 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1048,7 +1048,7 @@ whiptail_you_sure() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 75 + whiptail --title "Security Onion Setup" --yesno "Are you sure you want to continue a network install of Security Onion?" 8 75 local exitstatus=$? return $exitstatus diff --git a/so-setup-network b/so-setup-network index ae9af4ffa..2528ff14b 100755 --- a/so-setup-network +++ b/so-setup-network @@ -15,6 +15,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -cd setup +cd setup || exit -./so-setup network +./so-setup network "$@" From c790b3827db56c3916752ee4bc1cf85650feea56 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 22 May 2020 13:25:17 -0400 Subject: [PATCH 02/10] [fix] yum.conf proxy should not contain quotes --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 1e7bf7951..38b0b5b9a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1478,7 +1478,7 @@ use_proxy() { if [[ $OS == 'centos' ]]; then printf '%s\n'\ - "proxy=\"$proxy_addr\"" >> /etc/yum.conf + "proxy=$proxy_addr" >> /etc/yum.conf else printf '%s\n'\ "Acquire {"\ From 4b505827b19c9ec23d139753da0d19ab37fb1937 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 22 May 2020 13:31:58 -0400 Subject: [PATCH 03/10] [fix] Use correct ports for acng and docker registry --- setup/so-functions | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 38b0b5b9a..934ff6cc1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1478,18 +1478,18 @@ use_proxy() { if [[ $OS == 'centos' ]]; then printf '%s\n'\ - "proxy=$proxy_addr" >> /etc/yum.conf + "proxy=$proxy_addr:3412" >> /etc/yum.conf else printf '%s\n'\ "Acquire {"\ - "HTTP::proxy \"$proxy_addr\";"\ - "HTTPS::proxy \"$proxy_addr\";"\ + "HTTP::proxy \"$proxy_addr:3412\";"\ + "HTTPS::proxy \"$proxy_addr:3412\";"\ "}" > /etc/apt/apt.conf.d/proxy.conf fi - mkdir -p /etc/systemd/system/docker.service.d printf '%s\n'\ - "[Service]"\ - "ExecStart=/usr/bin/dockerd /usr/bin/dockerd -H fd:// --registry-mirror \"$proxy_addr\"" > /etc/systemd/system/docker.service.d/docker.conf + "{"\ + " \"registry-mirrors\": [\"$proxy_addr:5000\"]"\ + "}" > /etc/docker/daemon.json } ls_heapsize() { From 78f6261fccfae63331e38e494296209fb018ff49 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 22 May 2020 14:00:01 -0400 Subject: [PATCH 04/10] [fix] acng should be port 3142 not 3412 --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 934ff6cc1..303590d55 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1478,12 +1478,12 @@ use_proxy() { if [[ $OS == 'centos' ]]; then printf '%s\n'\ - "proxy=$proxy_addr:3412" >> /etc/yum.conf + "proxy=$proxy_addr:3142" >> /etc/yum.conf else printf '%s\n'\ "Acquire {"\ - "HTTP::proxy \"$proxy_addr:3412\";"\ - "HTTPS::proxy \"$proxy_addr:3412\";"\ + "HTTP::proxy \"$proxy_addr:3142\";"\ + "HTTPS::proxy \"$proxy_addr:3142\";"\ "}" > /etc/apt/apt.conf.d/proxy.conf fi printf '%s\n'\ From 579b6229358f9fb11fa7e1d8a9692feddd1879e8 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 22 May 2020 14:36:55 -0400 Subject: [PATCH 05/10] [fix] Don't overwrite daemon.json, and only accept turbo mode on correct install types --- setup/so-functions | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 303590d55..ccfd59629 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -616,9 +616,10 @@ docker_registry() { echo "Setting up Docker Registry" >> "$setup_log" 2>&1 mkdir -p /etc/docker >> "$setup_log" 2>&1 # Make the host use the master docker registry + if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="$MSRV"; fi printf '%s\n'\ "{"\ - " \"registry-mirrors\": [\"https://$MSRV:5000\"]"\ + " \"registry-mirrors\": [\"https://$proxy:5000\"]"\ "}" > /etc/docker/daemon.json echo "Docker Registry Setup - Complete" >> "$setup_log" 2>&1 @@ -951,9 +952,15 @@ node_pillar() { parse_options() { case "$1" in --turbo=*) - local proxy - proxy=$(echo "$1" | awk -F'--turbo=' '{print $2}') - use_proxy "http://$proxy" + if [[ $is_master || $is_helix ]]; then + local proxy + proxy=$(echo "$1" | awk -F'--turbo=' '{print $2}') + proxy_addr="http://$proxy" + use_proxy "$proxy_addr" + TURBO="$proxy_addr" + else + echo "turbo is not supported on this install type" >> $setup_log 2>&1 + fi ;; --proxy=*) echo "Unimplimented" @@ -963,13 +970,13 @@ parse_options() { echo "Invalid options passed for proxy. Order is --proxy-user= --proxy-pass=" else local proxy - local user - local password + local proxy_user + local proxy_password proxy=$(echo "$1" | awk -F'--proxy=' '{print $2}') - user=$(echo "$2" | awk -F'--proxy-user=' '{print $2}') - password=$(echo "$3" | awk -F'--proxy-pass=' '{print $2}') + proxy_user=$(echo "$2" | awk -F'--proxy-user=' '{print $2}') + proxy_password=$(echo "$3" | awk -F'--proxy-pass=' '{print $2}') - use_proxy "$proxy" "$user" "$password" + use_proxy "$proxy" "$proxy_user" "$proxy_password" fi ;; *) @@ -1478,18 +1485,14 @@ use_proxy() { if [[ $OS == 'centos' ]]; then printf '%s\n'\ - "proxy=$proxy_addr:3142" >> /etc/yum.conf + "proxy=${proxy_addr}:3142" >> /etc/yum.conf else printf '%s\n'\ "Acquire {"\ - "HTTP::proxy \"$proxy_addr:3142\";"\ - "HTTPS::proxy \"$proxy_addr:3142\";"\ + "HTTP::proxy \"${proxy_addr}:3142\";"\ + "HTTPS::proxy \"${proxy_addr}:3142\";"\ "}" > /etc/apt/apt.conf.d/proxy.conf fi - printf '%s\n'\ - "{"\ - " \"registry-mirrors\": [\"$proxy_addr:5000\"]"\ - "}" > /etc/docker/daemon.json } ls_heapsize() { From 862631b93a1a8d84b333448a12be9eefeae6cc38 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 22 May 2020 14:47:00 -0400 Subject: [PATCH 06/10] [fix] Add space in daemon.json --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index ccfd59629..083b9db61 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -619,7 +619,7 @@ docker_registry() { if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="$MSRV"; fi printf '%s\n'\ "{"\ - " \"registry-mirrors\": [\"https://$proxy:5000\"]"\ + " \"registry-mirrors\": [ \"https://$proxy:5000\" ]"\ "}" > /etc/docker/daemon.json echo "Docker Registry Setup - Complete" >> "$setup_log" 2>&1 From 08564ed6d4e6807c0a51aa429542bfe350f5bfea Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 22 May 2020 14:50:42 -0400 Subject: [PATCH 07/10] [feat] Trim quotes from arguments --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 083b9db61..8c911c3d7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -972,9 +972,9 @@ parse_options() { local proxy local proxy_user local proxy_password - proxy=$(echo "$1" | awk -F'--proxy=' '{print $2}') - proxy_user=$(echo "$2" | awk -F'--proxy-user=' '{print $2}') - proxy_password=$(echo "$3" | awk -F'--proxy-pass=' '{print $2}') + proxy=$(echo "$1" | tr -d '"' | awk -F'--proxy=' '{print $2}') + proxy_user=$(echo "$2" | tr -d '"' | awk -F'--proxy-user=' '{print $2}') + proxy_password=$(echo "$3" | tr -d '"' | awk -F'--proxy-pass=' '{print $2}') use_proxy "$proxy" "$proxy_user" "$proxy_password" fi From ad96baab551c3f1970ded8a990369183513fd6e6 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 22 May 2020 14:50:58 -0400 Subject: [PATCH 08/10] [feat] Trim quotes from arguments --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 8c911c3d7..b29d4adef 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -954,7 +954,7 @@ parse_options() { --turbo=*) if [[ $is_master || $is_helix ]]; then local proxy - proxy=$(echo "$1" | awk -F'--turbo=' '{print $2}') + proxy=$(echo "$1" | tr -d '"' | awk -F'--turbo=' '{print $2}') proxy_addr="http://$proxy" use_proxy "$proxy_addr" TURBO="$proxy_addr" From d9feb0d95c3c463a6f15c76c6e77f40eb8c4ae70 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 22 May 2020 15:09:04 -0400 Subject: [PATCH 09/10] [fix] Don't repeat protocol in daemon.json --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index b29d4adef..4e01c935c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -616,10 +616,10 @@ docker_registry() { echo "Setting up Docker Registry" >> "$setup_log" 2>&1 mkdir -p /etc/docker >> "$setup_log" 2>&1 # Make the host use the master docker registry - if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="$MSRV"; fi + if [ -n "$TURBO" ]; then local proxy="$TURBO"; else local proxy="https://$MSRV"; fi printf '%s\n'\ "{"\ - " \"registry-mirrors\": [ \"https://$proxy:5000\" ]"\ + " \"registry-mirrors\": [ \"$proxy:5000\" ]"\ "}" > /etc/docker/daemon.json echo "Docker Registry Setup - Complete" >> "$setup_log" 2>&1 From 29726e957f408835eaf4b6ef016e19e0d7fd6b9d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 22 May 2020 15:16:57 -0400 Subject: [PATCH 10/10] [fix] Redirect parse_options output to setup log --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 5ec148208..4b0a4d6f6 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -243,7 +243,7 @@ whiptail_make_changes if [[ $# -gt 1 ]]; then set -- "${@:2}" - parse_options "$@" + parse_options "$@" >> $setup_log 2>&1 fi if [[ "$setup_type" == 'iso' ]]; then