Feature/Fleet-Standalone

setup/so-functions

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2014,2015,2016,2017,2018,2019 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -87,6 +87,8 @@ auth_pillar(){
     echo "auth:" >> /opt/so/saltstack/pillar/auth.sls
     echo "  mysql: $MYSQLPASS" >> /opt/so/saltstack/pillar/auth.sls
     echo "  fleet: $FLEETPASS" >> /opt/so/saltstack/pillar/auth.sls
+    echo "  fleet_jwt: $FLEETJWT" >> /opt/so/saltstack/pillar/auth.sls
+    echo "  fleet_enroll-secret: False" >> /opt/so/saltstack/pillar/auth.sls
   fi
 
 }
@@ -240,6 +242,9 @@ configure_minion() {
   elif [ $TYPE == 'helix' ]; then
     echo "master: $HOSTNAME" > /etc/salt/minion
     echo "id: $MINION_ID" >> /etc/salt/minion
+  elif [ $TYPE == 'fleet' ]; then
+    echo "master: $MSRV" > /etc/salt/minion
+    echo "id: $MINION_ID" >> /etc/salt/minion
   else
     echo "master: $MSRV" > /etc/salt/minion
     echo "id: $MINION_ID" >> /etc/salt/minion
@@ -577,10 +582,23 @@ fireeye_pillar() {
 
 }
 
+fleet_pillar() {
+
+  PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
+
+  # Create the fleet pillar
+  touch $PILLARFILE
+  echo "fleet:" >> $PILLARFILE
+  echo "  mainip: $MAINIP" >> $PILLARFILE
+  echo "  master: $MSRV" >> $PILLARFILE
+  echo "" >> $PILLARFILE
+}
+
 generate_passwords(){
   # Generate Random Passwords for Things
   MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
   FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
+  FLEETJWT=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
   HIVEKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
   CORTEXKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
   CORTEXORGUSERKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
@@ -760,7 +778,9 @@ master_static() {
   echo "  cortexorgname: SecurityOnion" >> /opt/so/saltstack/pillar/static.sls
   echo "  cortexorguser: soadmin" >> /opt/so/saltstack/pillar/static.sls
   echo "  cortexorguserkey: $CORTEXORGUSERKEY" >> /opt/so/saltstack/pillar/static.sls
-  echo "  fleetsetup: 0" >> /opt/so/saltstack/pillar/static.sls
+  echo "  fleet_master: False" >> /opt/so/saltstack/pillar/static.sls
+  echo "  fleet_node: False" >> /opt/so/saltstack/pillar/static.sls
+  echo "  fleet_packages-timestamp: N/A" >> /opt/so/saltstack/pillar/static.sls
   echo "  sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls
   if [[ $MASTERUPDATES == 'MASTER' ]]; then
     echo "  masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls
@@ -1060,6 +1080,8 @@ EOF
     if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
       yum -y install salt-master-2019.2.3 python3 python36-m2crypto salt-minion-2019.2.3 python36-dateutil python36-mysql python36-docker
       systemctl enable salt-master
+    elif [ $INSTALLTYPE == 'FLEET' ]; then 
+      yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker python36-mysql 
     else
       yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker
     fi
@@ -1132,7 +1154,7 @@ EOF
       echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH"
       apt-key add $TMP/gpg/SALTSTACK-GPG-KEY.pub
       apt-key add $TMP/gpg/GPG-KEY-WAZUH
-      echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest $OSVER main" > /etc/apt/sources.list.d/saltstack.list
+      echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack.list
       echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
       # Initialize the new repos
       apt-get update >> $SETUPLOG 2>&1
@@ -1281,7 +1303,7 @@ set_hostname() {
   echo "::1   localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts
   echo $HOSTNAME > /etc/hostname
   HOSTNAME=$(cat /etc/hostname)
-  if [ $INSTALLTYPE != 'MASTER' || $INSTALLTYPE != 'EVAL' || $INSTALLTYPE == 'HELIXSENSOR' || $INSTALLTYPE == 'MASTERSEARCH' ]; then
+  if [[ ! $INSTALLTYPE =~ ^(MASTER|EVAL|HELIXSENSOR|MASTERSEARCH)$ ]]; then
     if [[ $TESTHOST = *"not found"* ]] || [ -z $TESTHOST ] || [[ $TESTHOST = *"connection timed out"* ]]; then
       if ! grep -q $MSRVIP /etc/hosts; then
         echo "$MSRVIP   $MSRV" >> /etc/hosts
@@ -1347,6 +1369,10 @@ set_initial_firewall_policy() {
     ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
   fi
 
+  if [ $INSTALLTYPE == 'FLEET' ]; then
+    ssh -i /root/.ssh/so.key socore@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
+  fi
+
   if [ $INSTALLTYPE == 'PARSINGNODE' ]; then
     echo "blah"
   fi

setup/so-setup

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# Copyright 2014,2015,2016,2017,2018,2019 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -928,12 +928,77 @@ if (whiptail_you_sure) ; then
 
   fi
 
+###########################
+###  Standalone Fleet   ###
+###########################
 
-
-
-
-
-
+  if [ $INSTALLTYPE == 'FLEET' ]; then
+    whiptail_management_server
+    whiptail_master_updates
+    whiptail_make_changes
+    set_updates
+    set_hostname
+    clear_master
+    mkdir -p /nsm
+    get_filesystem_root
+    get_filesystem_nsm
+    if [ $INSTALLMETHOD == iso ]; then
+      add_admin_user
+      disable_onion_user
+    fi
+    copy_ssh_key >> $SETUPLOG 2>&1
+    {
+      sleep 0.5
+      echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
+      set_initial_firewall_policy >> $SETUPLOG 2>&1
+      #echo -e "XXX\n4\nGenerating Fleet Pillar... \nXXX"
+      fleet_pillar >> $SETUPLOG 2>&1
+      echo -e "XXX\n5\nInstalling mysql dependencies for saltstack... \nXXX"
+      salt_install_mysql_deps >> $SETUPLOG 2>&1
+      echo "** Generating the patch pillar **" >> $SETUPLOG
+      patch_pillar >> $SETUPLOG 2>&1
+      node_pillar >> $SETUPLOG 2>&1
+      echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
+      saltify >> $SETUPLOG 2>&1
+      echo -e "XXX\n20\nInstalling Docker... \nXXX"
+      docker_install >> $SETUPLOG 2>&1
+      echo -e "XXX\n22\nConfiguring Salt Minion... \nXXX"
+      configure_minion fleet >> $SETUPLOG 2>&1
+      echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
+      copy_minion_tmp_files >> $SETUPLOG 2>&1
+      echo -e "XXX\n25\nSending Salt Key to Master... \nXXX"
+      salt_firstcheckin >> $SETUPLOG 2>&1
+      echo -e "XXX\n26\nTelling the Master to Accept Key... \nXXX"
+      # Accept the Salt Key
+      accept_salt_key_remote >> $SETUPLOG 2>&1
+      echo -e "XXX\n27\nApplying SSL Certificates... \nXXX"
+      salt-call state.apply ca >> $SETUPLOG 2>&1
+      salt-call state.apply ssl >> $SETUPLOG 2>&1
+      echo -e "XXX\n35\nInstalling Core Components... \nXXX"
+      salt-call state.apply common >> $SETUPLOG 2>&1
+      salt-call state.apply firewall >> $SETUPLOG 2>&1
+      echo -e "XXX\n50\nInstalling MySQL... \nXXX"
+      salt-call state.apply mysql >> $SETUPLOG 2>&1
+      echo -e "XXX\n50\nInstalling Redis... \nXXX"
+      salt-call state.apply redis >> $SETUPLOG 2>&1
+      echo -e "XXX\n60\nInstalling Fleet... \nXXX"
+      salt-call state.apply fleet >> $SETUPLOG 2>&1
+      checkin_at_boot >> $SETUPLOG 2>&1
+      echo -e "XX\n97\nFinishing touches... \nXXX"
+      filter_unused_nics >> $SETUPLOG 2>&1
+      network_setup >> $SETUPLOG 2>&1
+      echo -e "XXX\n98\nVerifying Setup... \nXXX"
+      salt-call state.highstate >> $SETUPLOG 2>&1
+    } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
+    GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
+    if [[ $GOODSETUP == '0' ]]; then
+      whiptail_setup_complete
+      shutdown -r now
+    else
+      whiptail_setup_failed
+      shutdown -r now
+    fi
+  fi
 
 
 else

setup/so-whiptail

@@ -256,12 +256,12 @@ whiptail_install_type() {
   "MASTERSEARCH" "Master + Search Node" OFF \
   "HEAVYNODE" "Sensor + Search Node" OFF \
   "HELIXSENSOR" "Connect this sensor to FireEye Helix" OFF \
-  "PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF \
+  "FLEET" "Dedicated Fleet Osquery Node" OFF \
   "HOTNODE" "TODO Add Hot Node (Search Node without Parsing)" OFF \
   "WARMNODE" "TODO Add Warm Node to existing Hot or Search node" OFF \
   "WAZUH" "TODO Stand Alone Wazuh Node" OFF \
   "STRELKA" "TODO Stand Alone Strelka Node" OFF \
-  "FLEET" "TODO Stand Alone Fleet OSQuery Node" OFF 3>&1 1>&2 2>&3 )
+  "PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF 3>&1 1>&2 2>&3 )
 
   local exitstatus=$?
   whiptail_check_exitstatus $exitstatus
@@ -371,7 +371,7 @@ whiptail_management_server() {
   # See if it resolves. Otherwise prompt to add to host file
   TESTHOST=$(host $MSRV)
 
-  if [[ $TESTHOST = *"not found"* ]] || [[ $TESTHOST = *"connection timed out"* ]]; then
+  if [[ $TESTHOST = *"not found"* ]] || [ -z $TESTHOST ] || [[ $TESTHOST = *"connection timed out"* ]]; then
     add_master_hostfile
   fi