Merge branch 'dev' into kilo

salt/common/tools/sbin/so-common

@@ -153,16 +153,16 @@ Do you agree to the terms of the Elastic License?
 If so, type AGREE to accept the Elastic License and continue.  Otherwise, press Enter to exit this program without making any changes.
 EOM
 
-AGREED=$(whiptail --title "Security Onion Setup" --inputbox \
-"$message" 20 75 3>&1 1>&2 2>&3)
+	AGREED=$(whiptail --title "$whiptail_title" --inputbox \
+	"$message" 20 75 3>&1 1>&2 2>&3)
 
-if [ "${AGREED^^}" = 'AGREE' ]; then
-  mkdir -p /opt/so/state
-  touch /opt/so/state/yeselastic.txt 
-else
-  echo "Starting in 2.3.40 you must accept the Elastic license if you want to run Security Onion."
-  exit 1
-fi
+	if [ "${AGREED^^}" = 'AGREE' ]; then
+		mkdir -p /opt/so/state
+		touch /opt/so/state/yeselastic.txt 
+	else
+		echo "Starting in 2.3.40 you must accept the Elastic license if you want to run Security Onion."
+		exit 1
+	fi
 
 }
 

salt/common/tools/sbin/so-zeek-logs

@@ -10,7 +10,7 @@ zeek_logs_enabled() {
 }
 
 whiptail_manager_adv_service_zeeklogs() {
-  BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 78 12 \
+  BLOGS=$(whiptail --title "so-zeek-logs" --checklist "Please Select Logs to Send:" 24 78 12 \
   "conn" "Connection Logging" ON \
   "dce_rpc" "RPC Logs" ON \
   "dhcp" "DHCP Logs" ON \
@@ -61,10 +61,10 @@ whiptail_manager_adv_service_zeeklogs
 return_code=$?
 case $return_code in
   1)
-    whiptail --title "Security Onion Setup" --msgbox "Cancelling. No changes have been made." 8 75
+    whiptail --title "so-zeek-logs" --msgbox "Cancelling. No changes have been made." 8 75
     ;;
   255)
-    whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting." 8 75
+    whiptail --title "so-zeek-logs" --msgbox "Whiptail error occured, exiting." 8 75
     ;;
   *)
     zeek_logs_enabled

salt/common/tools/sbin/so-zeek-stats

@@ -24,11 +24,11 @@ show_stats() {
   echo
   echo "Average throughput:"
   echo
-  docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin runuser -l zeek -c '/opt/zeek/bin/zeekctl capstats'
+  docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin /opt/zeek/bin/zeekctl capstats
   echo
   echo "Average packet loss:"
   echo
-  docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin runuser -l zeek -c '/opt/zeek/bin/zeekctl netstats'
+  docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin /opt/zeek/bin/zeekctl netstats
   echo
 }
 

salt/common/tools/sbin/soup

@@ -25,6 +25,7 @@ BATCHSIZE=5
 SOUP_LOG=/root/soup.log
 INFLUXDB_MIGRATION_LOG=/opt/so/log/influxdb/soup_migration.log
 WHATWOULDYOUSAYYAHDOHERE=soup
+whiptail_title='Security Onion UPdater'
 
 check_err() {
   local exit_code=$1
@@ -107,14 +108,13 @@ airgap_mounted() {
     echo "The ISO is already mounted"
   else
     echo ""
-    echo "Looks like we need access to the upgrade content"
-    echo "" 
-    echo "If you just copied the .iso file over you can specify the path."
-    echo "If you burned the ISO to a disk the standard way you can specify the device."
-    echo "Example: /home/user/securityonion-2.X.0.iso"
-    echo "Example: /dev/sdx1"
-    echo ""
-    read -rp 'Enter the location of the iso: ' ISOLOC
+    cat << EOF
+In order for soup to proceed, the path to the downloaded Security Onion ISO file, or the path to the CD-ROM or equivalent device containing the ISO media must be provided. 
+For example, if you have copied the new Security Onion ISO file to your home directory, then the path might look like /home/myuser/securityonion-2.x.y.iso. 
+Or, if you have burned the new ISO onto an optical disk then the path might look like /dev/cdrom.
+
+EOF
+    read -rp 'Enter the path to the new Security Onion ISO content: ' ISOLOC
     if [[ -f $ISOLOC ]]; then
       # Mounting the ISO image
       mkdir -p /tmp/soagupdate
@@ -289,7 +289,7 @@ generate_and_clean_tarballs() {
   local new_version
   new_version=$(cat $UPDATE_DIR/VERSION)
   [ -d /opt/so/repo ] || mkdir -p /opt/so/repo
-  tar -czf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR"
+  tar -czf "/opt/so/repo/$new_version.tar.gz" -C "$UPDATE_DIR" .
   find "/opt/so/repo" -type f -not -name "$new_version.tar.gz" -exec rm -rf {} \;
 }
 

salt/zeek/cron/packetloss.sh

@@ -1,2 +1,2 @@
 #!/bin/bash
-/usr/bin/docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin runuser -l zeek -c '/opt/zeek/bin/zeekctl netstats' | awk '{print $(NF-2),$(NF-1),$NF}' | awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/zeek/logs/packetloss.log 2>&1
+/usr/bin/docker exec so-zeek env -i PATH=/bin:/usr/bin:/sbin:/usr/sbin:/opt/bin:/usr/local/bin:/usr/local/sbin /opt/zeek/bin/zeekctl netstats | awk '{print $(NF-2),$(NF-1),$NF}' | awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/zeek/logs/packetloss.log 2>&1