Add more logging to setup process

2025-12-06 17:22:49 +01:00 · 2022-09-12 14:20:59 -04:00
parent 2254512a2a
commit 9ca2e6e871
3 changed files with 117 additions and 318 deletions
--- a/salt/zeek/soc_zeek.yaml
+++ b/salt/zeek/soc_zeek.yaml
@@ -10,7 +10,7 @@ zeek:
      zeek_pins_enabled:
        description:
        node: True
-      zeeek_pins:
+      zeek_pins:
        description: List of CPUs you want to 
        node: True
    zeekctl:
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -48,13 +48,10 @@ airgap_rules() {
 }
 add_admin_user() {
-	# Add an admin user with full sudo rights if this is an ISO install. 
+	title "Adding $ADMINUSER to the system with sudo rights"
-	{
+	logCmd "useradd '$ADMINUSER'"
-		useradd "$ADMINUSER";
+	echo "$ADMINUSER":"$ADMINPASS1" | chpasswd --crypt-method=SHA512
-		echo "$ADMINUSER":"$ADMINPASS1" | chpasswd --crypt-method=SHA512;
+	logCmd "usermod -aG wheel '$ADMINUSER'"	
 		usermod -aG wheel "$ADMINUSER";
 	} >> "$setup_log" 2>&1
 }
 add_mngr_ip_to_hosts() {
@@ -62,21 +59,9 @@ add_mngr_ip_to_hosts() {
 	echo "$MSRVIP   $MSRV" >> /etc/hosts
 }
 addtotab_generate_templates() {
 	local addtotab_path=$local_salt_dir/pillar/data
 	for i in evaltab managersearchtab managertab nodestab sensorstab standalonetab receiverstab; do
 		printf '%s\n'\
 		"$i:"\
 		"" > "$addtotab_path"/$i.sls
 		info "Added $i Template"
 	done
 }
 add_socore_user_manager() {
-	so_add_user "socore" "939" "939" "/opt/so" >> "$setup_log" 2>&1
+	info "Adding socore user"
 	logCmd "so_add_user 'socore' '939' '939' '/opt/so'" 
 }
 add_web_user() {
@@ -110,7 +95,7 @@ analyst_salt_local() {
 	logCmd "yum -y install salt-minion-3004.1 httpd-tools python3 python36-docker python36-dateutil python36-m2crypto python36-mysql python36-packaging python36-lxml yum-utils device-mapper-persistent-data lvm2 openssl jq"
 	logCmd "yum -y update --exclude=salt*"
-	salt-call state.apply workstation --local --file-root=../salt/ -l info 2>&1 | tee -a outfile
+	logCmd "salt-call state.apply workstation --local --file-root=../salt/ -l info"
 	read -r -d '' message <<- EOM
 		Finished Analyst workstation installation.
@@ -153,11 +138,6 @@ check_admin_pass() {
 	check_pass_match "$ADMINPASS1" "$ADMINPASS2" "APMATCH"
 }
 check_manager_state() {
 	info "Checking state of manager services. This may take a moment..."
 	retry 2 15 "__check_so_status" >> $setup_log 2>&1 && retry 2 15 "__check_salt_master" >> $setup_log 2>&1 && return 0 || return 1
 }
 check_manager_connection() {
 	# See if you can curl the manager. If not you can either try again or continue
 	info "Checking manager connectivity"	
@@ -171,18 +151,6 @@ check_manager_connection() {
 	fi
 }
 __check_so_status() {
 	local so_status_output
 	so_status_output=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" cat /opt/so/log/sostatus/status.log)
 	[[ -z $so_status_output ]] && so_status_output=1
 	return $so_status_output
 }
 __check_salt_master() {
 	$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master
 	return $?
 }
 check_network_manager_conf() {
 	local gmdconf="/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf"
 	local nmconf="/etc/NetworkManager/NetworkManager.conf"
@@ -202,6 +170,7 @@ check_network_manager_conf() {
 }
 check_pass_match() {
 	info "Making sure passwords match"
 	local pass=$1
 	local confirm_pass=$2
 	local var=$3
@@ -221,16 +190,17 @@ check_service_status() {
 	systemctl status $service_name > /dev/null 2>&1
 	local status=$?
 	if [ $status -gt 0 ]; then
-		echo "  $service_name is not running" >> "$setup_log" 2>&1
+		info "  $service_name is not running" 
 		return 1;
 	else
-		echo "  $service_name is running" >> "$setup_log" 2>&1
+		info "  $service_name is running"
 		return 0;
 	fi
 }
 check_web_pass() {
 	info Making sure web credential passwords match
 	check_pass_match "$WEBPASSWD1" "$WEBPASSWD2" "WPMATCH"
 }
@@ -238,11 +208,10 @@ clear_manager() {
 	# Clear out the old manager public key in case this is a re-install.
 	# This only happens if you re-install the manager.
 	if [ -f /etc/salt/pki/minion/minion_master.pub ]; then
-		{
+		info "Clearing old Salt master key"
-			info "Clearing old Salt master key";
+		logCmd "rm -f /etc/salt/pki/minion/minion_master.pub"
-			rm -f /etc/salt/pki/minion/minion_master.pub;
+		info "Restarting Salt Minion"
-			systemctl -q restart salt-minion;
+		logCmd "systemctl -q restart salt-minion"
 		} >> "$setup_log" 2>&1
 	fi
 }
@@ -312,10 +281,6 @@ collect_gateway() {
 	done
 }
 collect_helix_key() {
 	whiptail_helix_apikey
 }
 collect_homenet_mngr() {
 	whiptail_homenet_manager "10.0.0.0/8,192.168.0.0/16,172.16.0.0/12"
@@ -777,7 +742,7 @@ check_requirements() {
 }
 check_sos_appliance() {
-	# Lets see if this is a SOS Appliance
+	title "Is this is an SOS Appliance?"
 	if [ -f "/etc/SOSMODEL" ]; then
 	  local MODEL=$(cat /etc/SOSMODEL)
 	  info "Found SOS Model $MODEL"
@@ -808,18 +773,6 @@ compare_main_nic_ip() {
 }
 compare_versions() {
 	manager_ver=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion)
 	if [[ $manager_ver == '' ]]; then
 		info "Could not determine version of Security Onion running on manager $MSRV. Please check your network settings and run setup again."
 		exit 1
 	fi
 	[[ "$manager_ver" == "$SOVERSION" ]]
 	return
 }
 configure_network_sensor() {
 	info "Setting up sensor interface"
@@ -830,7 +783,7 @@ configure_network_sensor() {
 	fi
 	# Create the bond interface only if it doesn't already exist
-	nmcli -f name,uuid -p con | grep -q "$INTERFACE" >> "$setup_log" 2>&1
+	logCmd "nmcli -f name,uuid -p con | grep -q '$INTERFACE'"
 	local found_int=$?
 	if [[ $found_int != 0 ]]; then
@@ -861,47 +814,18 @@ configure_network_sensor() {
 copy_salt_master_config() {
-	# Copy the Salt master config template to the proper directory
+	title "Copy the Salt master config template to the proper directory"
 	if [ "$setup_type" = 'iso' ]; then
-		cp /root/SecurityOnion/files/salt/master/master /etc/salt/master >> "$setup_log" 2>&1
+		logCmd "cp /root/SecurityOnion/files/salt/master/master /etc/salt/master"
-		cp /root/SecurityOnion/files/salt/master/salt-master.service /usr/lib/systemd/system/salt-master.service >> "$setup_log" 2>&1
+		logCmd "cp /root/SecurityOnion/files/salt/master/salt-master.service /usr/lib/systemd/system/salt-master.service"
 	else
-		cp ../files/salt/master/master /etc/salt/master >> "$setup_log" 2>&1
+		logCmd "cp ../files/salt/master/master /etc/salt/master"
-		cp ../files/salt/master/salt-master.service /usr/lib/systemd/system/salt-master.service >> "$setup_log" 2>&1
+		logCmd " ../files/salt/master/salt-master.service /usr/lib/systemd/system/salt-master.service"
 	fi
 	# Restart the service so it picks up the changes
-	systemctl daemon-reload >> "$setup_log" 2>&1
+	logCmd "systemctl daemon-reload"
-	systemctl restart salt-master >> "$setup_log" 2>&1
+	logCmd "systemctl restart salt-master"
 }
 copy_minion_tmp_files() {
 	case "$install_type" in
 		'MANAGER' | 'EVAL' | 'HELIXSENSOR' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT')
 			info "Copying pillar and salt files in $temp_install_dir to $local_salt_dir"
 			cp -Rv "$temp_install_dir"/pillar/ $local_salt_dir/ >> "$setup_log" 2>&1
 			if [ -d "$temp_install_dir"/salt ] ; then
 				cp -Rv "$temp_install_dir"/salt/ $local_salt_dir/ >> "$setup_log" 2>&1
 			fi
 			;;
 		*)
 			{
 				info "scp pillar and salt files in $temp_install_dir to manager $local_salt_dir";
 				$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar;
 				$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules;
 				$scpcmd -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
 				if [ -d $temp_install_dir/salt/patch/os/schedules/ ]; then
 					if [ "$(ls -A $temp_install_dir/salt/patch/os/schedules/)" ]; then
 						$scpcmd -prv -i /root/.ssh/so.key $temp_install_dir/salt/patch/os/schedules/* soremote@$MSRV:/tmp/$MINION_ID/schedules;
 					fi
 				fi
 				$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/manager/files/add_minion.sh "$MINION_ID";
 			} >> "$setup_log" 2>&1
 			;;
 	esac
 	info "Syncing all salt modules."
 	salt-call saltutil.sync_modules >> "$setup_log" 2>&1
 }
 create_local_directories() {
@@ -911,19 +835,19 @@ create_local_directories() {
 		for d in $(find $PILLARSALTDIR/$i -type d); do
 			suffixdir=${d//$PILLARSALTDIR/}
 			if [ ! -d "$local_salt_dir/$suffixdir" ]; then
-				mkdir -pv "$local_salt_dir$suffixdir" >> "$setup_log" 2>&1
+				logCmd "mkdir -pv '$local_salt_dir$suffixdir'"
 			fi
 		done
-		chown -R socore:socore "$local_salt_dir/$i"
+		logCmd "chown -R socore:socore '$local_salt_dir/$i'"
 	done
 }
 create_local_nids_rules() {
-	# Create a local.rules file so it doesn't get blasted on updates
+	title "Create a local.rules file so it doesn't get removed on updates"
-	mkdir -p /opt/so/saltstack/local/salt/idstools
+	logCmd "mkdir -p /opt/so/saltstack/local/salt/idstools"
 	echo "# Custom Suricata rules go in this file" > /opt/so/saltstack/local/salt/idstools/local.rules
-	salt-run fileserver.clear_file_list_cache
+	logCmd "salt-run fileserver.clear_file_list_cache"
 }
 create_manager_pillars() {
@@ -945,8 +869,8 @@ create_manager_pillars() {
 }
 create_repo() {
-	# Create the repo for airgap
+	title "Create the repo directory"
-	createrepo /nsm/repo
+	logCmd "createrepo /nsm/repo"
 }
 detect_cloud() {
@@ -1049,8 +973,8 @@ disable_auto_start() {
 disable_ipv6() {
 	{
 		info "Disabling ipv6"
-		sysctl -w net.ipv6.conf.all.disable_ipv6=1
+		logCmd "sysctl -w net.ipv6.conf.all.disable_ipv6=1"
-		sysctl -w net.ipv6.conf.default.disable_ipv6=1
+		logCmd "sysctl -w net.ipv6.conf.default.disable_ipv6=1"
 	}  >> "$setup_log" 2>&1
 	{
 		echo "net.ipv6.conf.all.disable_ipv6 = 1"
@@ -1061,8 +985,8 @@ disable_ipv6() {
 docker_registry() {
-	info "Setting up Docker Registry"
+	title "Setting up Docker Registry"
-	mkdir -p /etc/docker >> "$setup_log" 2>&1
+	logCmd "mkdir -p /etc/docker"
 	# This will get applied so docker can attempt to start
 	if [ -z "$DOCKERNET" ]; then
 		DOCKERNET=172.17.0.0
@@ -1088,9 +1012,6 @@ docker_registry() {
 docker_seed_update() {
 	local name=$1
 	local percent_delta=1
 	if [ "$install_type" == 'HELIXSENSOR' ]; then 
 		percent_delta=6
 	fi
 	((docker_seed_update_percent+=percent_delta))
 	set_progress_str "$docker_seed_update_percent" "Downloading $name"
@@ -1112,38 +1033,14 @@ docker_seed_registry() {
 		update_docker_containers 'netinstall' '' 'docker_seed_update' "$setup_log"
 	else
-		tar xvf /nsm/docker-registry/docker/registry.tar -C /nsm/docker-registry/docker >> "$setup_log" 2>&1
+		logCmd "tar xvf /nsm/docker-registry/docker/registry.tar -C /nsm/docker-registry/docker"
-		rm /nsm/docker-registry/docker/registry.tar >> "$setup_log" 2>&1
+		logCmd "rm /nsm/docker-registry/docker/registry.tar"
 	fi
 }
 download_repo_tarball() {
 	mkdir -p /root/manager_setup
 	local manager_ver
 	manager_ver=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion) >> "$setup_log" 2>&1
 	$scpcmd -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/manager_setup >> "$setup_log" 2>&1
 	# Fail if the file doesn't download
 	if ! [ -f /root/manager_setup/"$manager_ver".tar.gz ]; then
 		rm -rf $install_opt_file
 		local message="Could not download $manager_ver.tar.gz from manager, please check your network settings and verify the file /opt/so/repo/$manager_ver.tar.gz exists on the manager." 
 		info "$message"
 		exit 1
 	fi
 	mkdir -p /root/manager_setup/securityonion
 	{
 		tar -xzf /root/manager_setup/"$manager_ver".tar.gz -C /root/manager_setup/securityonion
 		rm -rf /root/manager_setup/"$manager_ver".tar.gz
 	} >> "$setup_log" 2>&1
 }
 elasticsearch_pillar() {
-	# Create Advanced File
+	title "Create Advanced File"
-	touch $adv_elasticsearch_pillar_file
+	logCmd "touch '$adv_elasticsearch_pillar_file'"
 	# Create the Elasticsearch pillar
 	printf '%s\n'\
 		"elasticsearch:"\
@@ -1188,7 +1085,7 @@ elasticsearch_pillar() {
 es_heapsize() {
-	# Determine ES Heap Size
+	title "Determine ES Heap Size"
 	if [ "$total_mem" -lt 8000 ] ; then
 		ES_HEAP_SIZE="600m"
 	elif [ "$total_mem" -ge 100000 ]; then
@@ -1247,26 +1144,14 @@ filter_unused_nics() {
 	export nic_list
 }
 fireeye_pillar() {
 	local fireeye_pillar_path=$local_salt_dir/pillar/fireeye
 	mkdir -p "$fireeye_pillar_path"
 	printf '%s\n'\
 		"fireeye:"\
 		"  helix:"\
 		"    api_key: '$HELIXAPIKEY'" \
 		"" > "$fireeye_pillar_path/init.sls"
 }
 # Generate Firewall Templates
 firewall_generate_templates() {
 	title "Generate Firewall Template"
 	local firewall_pillar_path=$local_salt_dir/salt/firewall
-	mkdir -p "$firewall_pillar_path"
+	logCmd "mkdir -p '$firewall_pillar_path'"
-	cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/ >> "$setup_log" 2>&1
+	logCmd "cp ../files/firewall/* /opt/so/saltstack/local/salt/firewall/"
 	for i in analyst beats_endpoint endgame sensor manager minion elastic_agent_endpoint search_node; do
 		$default_salt_dir/salt/common/tools/sbin/so-firewall includehost "$i" 127.0.0.1
@@ -1275,29 +1160,24 @@ firewall_generate_templates() {
 }
 generate_ca() {
-	{
+	title "Generating the certificate authority"
-		info "Building Certificate Authority";
+	logCmd "salt-call state.apply ca -l info"
 		salt-call state.apply ca;
 	info "Confirming existence of the CA certificate"
-		openssl x509 -in /etc/pki/ca.crt -noout -subject -issuer -dates
+	logCmd "openssl x509 -in /etc/pki/ca.crt -noout -subject -issuer -dates"
 	} >> "$setup_log" 2>&1
 }
 generate_ssl() {
 	{
 	# if the install type is a manager then we need to wait for the minion to be ready before trying
 	# to run the ssl state since we need the minion to sign the certs
 	if [[ "$install_type" =~ ^(EVAL|MANAGER|MANAGERSEARCH|STANDALONE|IMPORT|HELIXSENSOR)$ ]]; then
 		wait_for_salt_minion
 	fi
-		info "Applying SSL state";
+	info "Applying SSL state"
-		salt-call state.apply ssl;
+	logCmd "salt-call state.apply ssl -l info"
 	} >> "$setup_log" 2>&1
 }
 generate_passwords(){
-  # Generate Random Passwords for Things
+  title "Generate Random Passwords"
  MYSQLPASS=$(get_random_value)
  PLAYBOOKDBPASS=$(get_random_value)
  PLAYBOOKADMINPASS=$(get_random_value)
@@ -1308,10 +1188,8 @@ generate_passwords(){
 }
 generate_interface_vars() {
-	# Set the MTU
+	title "Setting the MTU to 9000 on all monitor NICS"
-	if [[ $NSMSETUP != 'ADVANCED' ]]; then
+	MTU=9000
 		if [[ $is_cloud ]]; then MTU=1575; else MTU=9000; fi
 	fi
 	export MTU
 	# Set interface variable
@@ -1343,10 +1221,10 @@ get_minion_type() {
 install_cleanup() {
 	if [ -f "$temp_install_dir" ]; then
 		info "Installer removing the following files:"
-		ls -lR "$temp_install_dir"
+		logCmd "ls -lR '$temp_install_dir'"
 		# Clean up after ourselves
-		rm -rf "$temp_install_dir"
+		logCmd "rm -rf '$temp_install_dir'"
 	fi
 	# All cleanup prior to this statement must be compatible with automated testing. Cleanup
@@ -1355,12 +1233,12 @@ install_cleanup() {
 	# If Mysql is running stop it
 	if docker ps --format "{{.Names}}" 2>&1 | grep -q "so-mysql"; then
-		/usr/sbin/so-mysql-stop
+		logVmd "/usr/sbin/so-mysql-stop"
 	fi
 	if [[ $setup_type == 'iso' ]]; then
 		info "Removing so-setup permission entry from sudoers file"
-		sed -i '/so-setup/d' /etc/sudoers
+		logCmd "sed -i '/so-setup/d' /etc/sudoers"
 	fi
 	if [[ -z $SO_ERROR ]]; then
@@ -1379,7 +1257,7 @@ import_registry_docker() {
 idh_pillar() {
 	touch $adv_idh_pillar_file
-	# Create the IDH Pillar
+	title "Create the IDH Pillar"
 	printf '%s\n'\
 		"idh:"\
 		"  listen_on_mgnt_int: True"\
@@ -1396,7 +1274,7 @@ idh_pillar() {
 logstash_pillar() {
 	# Create the logstash advanced pillar
 	touch $adv_logstash_pillar_file
-	# Create the logstash pillar
+	title "Create the logstash pillar"
 	printf '%s\n'\
 		"logstash_settings:"\
 		"  ls_host: '$HOSTNAME'"\
@@ -1409,7 +1287,7 @@ logstash_pillar() {
 # Set Logstash heap size based on total memory
 ls_heapsize() {
-
+	title "Setting Logstash heap size"
 	if [ "$total_mem" -ge 32000 ]; then
 		LS_HEAP_SIZE='1000m'
 		return
@@ -1435,6 +1313,7 @@ ls_heapsize() {
 }
 idstools_pillar() {
 	title "Ading IDSTOOLS pillar options"
 	touch $adv_idstools_pillar_file
 	printf '%s\n'\
 		"idstools:"\
@@ -1451,13 +1330,14 @@ idstools_pillar() {
 }
 soc_pillar() {
 	title "Creating the SOC pillar"
 	touch $adv_soc_pillar_file
 	touch $soc_pillar_file
 }
 manager_pillar() {
 	touch $adv_manager_pillar_file
-	# Create the manager pillar
+	title "Create the manager pillar"
 	printf '%s\n'\
 		"manager:"\
 		"  proxy: '$so_proxy'"\
@@ -1469,6 +1349,7 @@ manager_pillar() {
 }
 kratos_pillar() {
 	title "Create the Kratos pillar file"
 	touch $adv_kratos_pillar_file
 	printf '%s\n'\
 		"kratos:"\
@@ -1479,6 +1360,7 @@ kratos_pillar() {
 }
 create_global() {
 	title "Creating the global.sls"
 	touch $adv_global_pillar_file
 	if [ -z "$NODE_CHECKIN_INTERVAL_MS" ]; then
 		NODE_CHECKIN_INTERVAL_MS=10000
@@ -1523,6 +1405,7 @@ create_global() {
 }
 create_sensoroni_pillar() {
 	title "Create the sensoroni pillar file"
 	touch $adv_sensoroni_pillar_file
 	printf '%s\n'\
@@ -1534,6 +1417,7 @@ create_sensoroni_pillar() {
 }
 create_strelka_pillar() {
 	title "Create the Strelka pillar file"
 	touch $adv_strelka_pillar_file
 	printf '%s\n'\	
 		"strelka:"\
@@ -1551,6 +1435,7 @@ create_strelka_pillar() {
 }
 backup_pillar() {
 	title "Create the backup pillar file"
 	touch $adv_backup_pillar_file
 	printf '%s\n'\
 		"backup:"\
@@ -1559,6 +1444,7 @@ backup_pillar() {
 }
 soctopus_pillar() {
 	title "Create the soctopus pillar file"
 	touch $adv_soctopus_pillar_file
 	printf '%s\n'\
 		"soctopus:"\
@@ -1568,6 +1454,7 @@ soctopus_pillar() {
 }
 docker_pillar() {
 	title "Create the docker pillar file"
 	touch $adv_docker_pillar_file
 	printf '%s\n'\
 		"docker:"\
@@ -1576,6 +1463,7 @@ docker_pillar() {
 }
 redis_pillar() {
 	title "Create the redis pillar file"
 	touch $adv_redis_pillar_file
 	printf '%s\n'\
 		"redis_settings:"\
@@ -1583,11 +1471,12 @@ redis_pillar() {
 }
 mark_version() {
-	# Drop a file with the current version
+	title "Marking the current version"
 	echo "$SOVERSION" > /etc/soversion
 }
 network_init() {
 	title "Initializing Network"
 	disable_ipv6
 	set_hostname
 	if [[ ( $is_iso || $is_analyst_iso ) ]]; then
@@ -1637,15 +1526,11 @@ networking_needful() {
 }
 network_setup() {
-	{
+	info "Finishing up network setup"
-		info "Finishing up network setup";
+	info "... Copying 99-so-checksum-offload-disable"
-
+	logCmd "cp ./install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable"
 		info "... Copying 99-so-checksum-offload-disable";
 		cp ./install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable;
 	info "... Modifying 99-so-checksum-offload-disable";
-		sed -i "s/\$MNIC/${INTERFACE}/g" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable;
+	logCmd "sed -i '/\$MNIC/${INTERFACE}/g' /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable"
 	} >> "$setup_log" 2>&1
 }
 ntp_pillar_entries() {
@@ -1669,7 +1554,7 @@ parse_install_username() {
 }
 patch_pillar() {
-
+	title "Create the patch pillar file"
 	local pillar_file=$local_salt_dir/pillar/minions/$MINION_ID.sls
@@ -1691,10 +1576,11 @@ patch_pillar() {
 }
 patch_schedule_os_new() {
 	title "Create the patch schedule"
 	local OSPATCHSCHEDULEDIR="$temp_install_dir/salt/patch/os/schedules"
 	local OSPATCHSCHEDULE="$OSPATCHSCHEDULEDIR/$PATCHSCHEDULENAME.yml"
-	mkdir -p $OSPATCHSCHEDULEDIR
+	logCmd "mkdir -p '$OSPATCHSCHEDULEDIR'"
 	printf '%s\n'\
 		"patch:"\
@@ -2194,19 +2080,19 @@ setup_salt_master_dirs() {
 	# Copy over the salt code and templates
 	if [ "$setup_type" = 'iso' ]; then
-		rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
+		logCmd "rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/pillar/* $default_salt_dir/pillar/"
-		rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
+		ogCmd "rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/salt/* $default_salt_dir/salt/"
-		mkdir -p $local_salt_dir/salt/zeek/policy/intel >> "$setup_log" 2>&1
+		logCmd "mkdir -p $local_salt_dir/salt/zeek/policy/intel"
-		cp -Rv /home/$INSTALLUSERNAME/SecurityOnion/files/intel.dat $local_salt_dir/salt/zeek/policy/intel/ >> "$setup_log" 2>&1
+		logCmd "cp -Rv /home/$INSTALLUSERNAME/SecurityOnion/files/intel.dat $local_salt_dir/salt/zeek/policy/intel/"
 	else
-		cp -Rv ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1
+		logCmd "cp -Rv ../pillar/* $default_salt_dir/pillar/"
-		cp -Rv ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1
+		logCmd "cp -Rv ../salt/* $default_salt_dir/salt/"
-		mkdir -p $local_salt_dir/salt/zeek/policy/intel >> "$setup_log" 2>&1
+		logCmd "mkdir -p $local_salt_dir/salt/zeek/policy/intel"
-		cp -Rv files/intel.dat $local_salt_dir/salt/zeek/policy/intel/ >> "$setup_log" 2>&1
+		logCmd "cp -Rv files/intel.dat $local_salt_dir/salt/zeek/policy/intel/"
 	fi
 	info "Chown the salt dirs on the manager for socore"
-	chown -R socore:socore /opt/so
+	logCmd "chown -R socore:socore /opt/so"
 }
 set_progress_str() {
@@ -2233,20 +2119,6 @@ set_progress_str() {
 	fi
 }
 set_ssh_cmds() {
 	local automated=$1
 	if [ $automated == yes ]; then
 		sshcmd="sshpass -p $SOREMOTEPASS1 ssh -o StrictHostKeyChecking=no"
 		sshcopyidcmd="sshpass -p $SOREMOTEPASS1 ssh-copy-id -o StrictHostKeyChecking=no"
 		scpcmd="sshpass -p $SOREMOTEPASS1 scp -o StrictHostKeyChecking=no"
 	else
 		sshcmd='ssh'
 		sshcopyidcmd='ssh-copy-id'
 		scpcmd='scp'
 	fi
 }
 set_default_log_size() {
 	local percentage
@@ -2280,16 +2152,16 @@ set_default_log_size() {
 set_hostname() {
-	hostnamectl set-hostname --static "$HOSTNAME"
+	logcmd "hostnamectl set-hostname --static '$HOSTNAME'"
 	echo "127.0.0.1   $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost4 localhost4.localdomain" > /etc/hosts
 	echo "::1   $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts
 	echo "$HOSTNAME" > /etc/hostname
-	hostname -F /etc/hostname
+	logCmd "hostname -F /etc/hostname"
 }
 set_initial_firewall_policy() {
-
+	title "Setting Initial Firewall Policy"
 	if [ -f $default_salt_dir/salt/common/tools/sbin/so-firewall ]; then chmod +x $default_salt_dir/salt/common/tools/sbin/so-firewall; fi
 		case "$install_type" in
@@ -2303,59 +2175,16 @@ set_initial_firewall_policy() {
 				$default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP"
 				$default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP"
 				;;
 		'HELIXSENSOR')
 			$default_salt_dir/salt/common/tools/sbin/so-firewall includehost manager "$MAINIP"
 			$default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
 			$default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost sensor "$MAINIP"
 			;;
 		'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET' | 'IDH' | 'RECEIVER')
 			$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
 			case "$install_type" in
 				'SENSOR')
 					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost sensor "$MAINIP"
 					;;
 				'SEARCHNODE')
 					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost search_node "$MAINIP"
 					;;
 				'HEAVYNODE')
 					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost sensor "$MAINIP"
 					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost heavy_node "$MAINIP"
 					;;
 				'FLEET')
 				    $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost beats_endpoint_ssl "$MAINIP"
 					;;
 				'IDH')
 				    $sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost beats_endpoint_ssl "$MAINIP"
 					;;
 				'RECEIVER')
 					$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost receiver "$MAINIP"
 		esac
 			;;
 		'PARSINGNODE')
 			# TODO: implement
 			;;
 		'HOTNODE')
 			# TODO: implement
 			;;
 		'WARMNODE')
 			# TODO: implement
 			;;
 	esac
 	# Add some firewall rules for analyst workstations that get added to the grid
 	if [[ $is_analyst ]]; then
 		$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall includehost minion "$MAINIP"
 		$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/common/tools/sbin/so-firewall --apply includehost analyst "$MAINIP"
 	fi
 }
 # Set up the management interface on the ISO
 set_management_interface() {
-
+	title "Setting up the main interface"
 	if [ "$address_type" = 'DHCP' ]; then
-		nmcli con mod "$MNIC" connection.autoconnect yes >> "$setup_log" 2>&1
+		logCmd "nmcli con mod '$MNIC' connection.autoconnect yes"
-		nmcli con up "$MNIC" >> "$setup_log" 2>&1
+		logCmd "nmcli con up '$MNIC'"
 	else
 		# Set Static IP
 		nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\
@@ -2369,6 +2198,7 @@ set_management_interface() {
 }
 set_redirect() {
 	title "Setting redirect host"
 	case $REDIRECTINFO in
 		'IP')
 			REDIRECTIT="$MAINIP"
@@ -2381,27 +2211,6 @@ set_redirect() {
 			;;
 	esac
 }
 set_updates() {
 	if [ "$MANAGERUPDATES" = '1' ]; then
 		if [[ $is_centos ]]; then
 			if [[ ! $is_airgap ]] && ! ( grep -q "$MSRV" /etc/yum.conf); then
 				if grep -q "proxy=" /etc/yum.conf; then
 					sed -i "s/proxy=.*/proxy=http:\/\/$MSRV:3142/" /etc/yum.conf
 				else
 					echo "proxy=http://$MSRV:3142" >> /etc/yum.conf
 				fi
 			fi
 		else
 			# Set it up so the updates roll through the manager
 			printf '%s\n'\
 				"Acquire::http::Proxy \"http://$MSRV:3142\";"\
 				"Acquire::https::Proxy \"http://$MSRV:3142\";" > /etc/apt/apt.conf.d/00Proxy
 		fi
 	fi
 }
 # $5 => (optional) password variable
 so_add_user() {
 	local username=$1
 	local uid=$2
@@ -2410,8 +2219,8 @@ so_add_user() {
 	if [ "$5" ]; then local pass=$5; fi
 	info "Add $username user"
-	groupadd --gid "$gid" "$username"
+	logCmd "groupadd --gid '$gid' '$username'"
-	useradd -m --uid "$uid" --gid "$gid" --home-dir "$home_dir" "$username"
+	logCmd "useradd -m --uid '$uid' --gid '$gid' --home-dir '$home_dir' '$username'"
 	# If a password has been passed in, set the password
 	if [ "$pass" ]; then
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -199,16 +199,6 @@ if [[ -f automation/$automation && $(basename $automation) == $automation ]]; th
 		logCmd 'ip a | grep "$MNIC:" | grep "state UP"' 
 	done
 	info "Network is up on $MNIC"
 	if [[ ! $is_iso ]]; then
 		# We might not need this any more
 		info "Installing sshpass for automated testing."
 		if [ "$OS" == ubuntu ]; then
 			retry 50 10 "apt-get -y install sshpass" >> $setup_log 2>&1 || exit 1
 		else
 			logCmd "yum -y install sshpass"
 		fi
 	fi
 fi
 # Make sure the setup type is suppoted.