diff --git a/salt/ca/init.sls b/salt/ca/init.sls index 07cb75f31..0d35c10c1 100644 --- a/salt/ca/init.sls +++ b/salt/ca/init.sls @@ -42,6 +42,9 @@ pki_private_key: - replace: False - require: - file: /etc/pki + - timeout: 30 + - retry: 5 + - interval: 30 x509_pem_entries: module.run: diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index b1db4c04c..3cf1f5e88 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -229,7 +229,7 @@ retry() { while [[ $attempt -lt $maxAttempts ]]; do attempt=$((attempt+1)) echo "Executing command with retry support: $cmd" - output=$($cmd) + output=$(eval "$cmd") exitcode=$? echo "Results: $output ($exitcode)" if [ -n "$expectedOutput" ]; then @@ -248,51 +248,6 @@ retry() { return 1 } -wait_for_apt() { - local progress_callback=$1 - - local retry_count=30 - local retry_timeout='10s' - local lock_msg="Could not acquire dpkg lock, waiting $retry_timeout for lock to release." - if [[ -z $progress_callback ]]; then - if [[ -z $progress_bar_text ]]; then - local old_text="Installing..." - else - local old_text="$progress_bar_text" - fi - fi - local count=0 - while [[ "$count" -lt "$retry_count" ]]; do - ((count++)) - [[ -z $progress_callback ]] && echo "Attempting to acquire dpkg lock to run apt command... (Attempt $count/$retry_count)" - if __check_apt_lock; then - if [[ -z $progress_callback ]]; then - echo " $lock_msg" | tee -a "$setup_log" - else - $progress_callback "Could not acquire dpkg lock, waiting $retry_timeout ($count/$retry_count)" - fi - else - [[ -z $progress_callback ]] || $progress_callback "$old_text" - return 0 - fi - sleep "$retry_timeout" - done - - if __check_apt_lock; then - [[ -z $progress_callback ]] && echo "Could not acquire lock after $retry_count attempts, aborting." - return 1 - else - return 0 - fi -} - -__check_apt_lock() { - lsof /var/lib/dpkg/lock &> /dev/null - local lock=$? - - return $lock -} - valid_cidr() { # Verify there is a backslash in the string echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1 diff --git a/salt/elastalert/defaults.yaml b/salt/elastalert/defaults.yaml new file mode 100644 index 000000000..a22d65b7b --- /dev/null +++ b/salt/elastalert/defaults.yaml @@ -0,0 +1,48 @@ +elastalert: + config: + rules_folder: /opt/elastalert/rules/ + scan_subdirectories: true + disable_rules_on_error: false + run_every: + minutes: 3 + buffer_time: + minutes: 10 + old_query_limit: + minutes: 5 + es_host: {{salt['pillar.get']('manager:mainip', '')}} + es_port: {{salt['pillar.get']('manager:es_port', '')}} + es_conn_timeout: 55 + max_query_size: 5000 + #aws_region: us-east-1 + #profile: test + #es_url_prefix: elasticsearch + #use_ssl: True + #verify_certs: True + #es_send_get_body_as: GET + #es_username: someusername + #es_password: somepassword + writeback_index: elastalert_status + alert_time_limit: + days: 2 + index_settings: + shards: 1 + replicas: 0 + logging: + version: 1 + incremental: false + disable_existing_loggers: false + formatters: + logline: + format: '%(asctime)s %(levelname)+8s %(name)+20s %(message)s' + handlers: + file: + class: logging.FileHandler + formatter: logline + level: INFO + filename: /var/log/elastalert/elastalert.log + loggers: + '': + level: INFO + handlers: + - file + propagate: false \ No newline at end of file diff --git a/salt/elastalert/elastalert_config.map.jinja b/salt/elastalert/elastalert_config.map.jinja new file mode 100644 index 000000000..270872fee --- /dev/null +++ b/salt/elastalert/elastalert_config.map.jinja @@ -0,0 +1,4 @@ +{% import_yaml 'elastalert/defaults.yaml' as elastalert_defaults with context %} +{% set elastalert_pillar = salt['pillar.get']('elastalert:config', {}) %} + +{% do salt['defaults.merge'](elastalert_defaults.elastalert.config, elastalert_pillar, in_place=True) %} \ No newline at end of file diff --git a/salt/elastalert/files/elastalert_config.yaml b/salt/elastalert/files/elastalert_config.yaml deleted file mode 100644 index 28d26bac0..000000000 --- a/salt/elastalert/files/elastalert_config.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{% set esip = salt['pillar.get']('manager:mainip', '') %} -{% set esport = salt['pillar.get']('manager:es_port', '') %} -# This is the folder that contains the rule yaml files -# Any .yaml file will be loaded as a rule -rules_folder: /opt/elastalert/rules/ - -# Sets whether or not ElastAlert should recursively descend -# the rules directory - true or false -scan_subdirectories: true - -# Do not disable a rule when an uncaught exception is thrown - -# This setting should be tweaked once the following issue has been fixed -# https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/98 -disable_rules_on_error: false - -# How often ElastAlert will query Elasticsearch -# The unit can be anything from weeks to seconds -run_every: - minutes: 3 - -# ElastAlert will buffer results from the most recent -# period of time, in case some log sources are not in real time -buffer_time: - minutes: 10 - -# The maximum time between queries for ElastAlert to start at the most recently -# run query. When ElastAlert starts, for each rule, it will search elastalert_metadata -# for the most recently run query and start from that time, unless it is older than -# old_query_limit, in which case it will start from the present time. The default is one week. -old_query_limit: - minutes: 5 - -# The Elasticsearch hostname for metadata writeback -# Note that every rule can have its own Elasticsearch host -es_host: {{ esip }} - -# The Elasticsearch port -es_port: {{ esport }} - -# Sets timeout for connecting to and reading from es_host -es_conn_timeout: 55 - -# The maximum number of documents that will be downloaded from Elasticsearch in -# a single query. The default is 10,000, and if you expect to get near this number, -# consider using use_count_query for the rule. If this limit is reached, ElastAlert -# will scroll through pages the size of max_query_size until processing all results. -max_query_size: 5000 - -# The AWS region to use. Set this when using AWS-managed elasticsearch -#aws_region: us-east-1 - -# The AWS profile to use. Use this if you are using an aws-cli profile. -# See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html -# for details -#profile: test - -# Optional URL prefix for Elasticsearch -#es_url_prefix: elasticsearch - -# Connect with TLS to Elasticsearch -#use_ssl: True - -# Verify TLS certificates -#verify_certs: True - -# GET request with body is the default option for Elasticsearch. -# If it fails for some reason, you can pass 'GET', 'POST' or 'source'. -# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport -# for details -#es_send_get_body_as: GET - -# Option basic-auth username and password for Elasticsearch -#es_username: someusername -#es_password: somepassword - -# The index on es_host which is used for metadata storage -# This can be a unmapped index, but it is recommended that you run -# elastalert-create-index to set a mapping -writeback_index: elastalert_status - -# If an alert fails for some reason, ElastAlert will retry -# sending the alert until this time period has elapsed -alert_time_limit: - days: 2 - -index_settings: - shards: 1 - replicas: 0 - -logging: - version: 1 - incremental: false - disable_existing_loggers: false - formatters: - logline: - format: '%(asctime)s %(levelname)+8s %(name)+20s %(message)s' - - handlers: - file: - class : logging.FileHandler - formatter: logline - level: INFO - filename: /var/log/elastalert/elastalert.log - - loggers: - '': - level: INFO - handlers: - - file - propagate: false diff --git a/salt/elastalert/files/elastalert_config.yaml.jinja b/salt/elastalert/files/elastalert_config.yaml.jinja new file mode 100644 index 000000000..4e368ab30 --- /dev/null +++ b/salt/elastalert/files/elastalert_config.yaml.jinja @@ -0,0 +1 @@ +{{ elastalert_config | yaml(False) }} diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index fcab3f57c..9008832f1 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -15,6 +15,8 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} +{% from 'elastalert/elastalert_config.map.jinja' import elastalert_defaults as elastalert_config with context %} + {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} @@ -92,7 +94,9 @@ elastasomodulesync: elastaconf: file.managed: - name: /opt/so/conf/elastalert/elastalert_config.yaml - - source: salt://elastalert/files/elastalert_config.yaml + - source: salt://elastalert/files/elastalert_config.yaml.jinja + - context: + elastalert_config: {{ elastalert_config.elastalert.config }} - user: 933 - group: 933 - template: jinja @@ -119,6 +123,8 @@ so-elastalert: - {{MANAGER_URL}}:{{MANAGER_IP}} - require: - module: wait_for_elasticsearch + - watch: + - file: elastaconf append_so-elastalert_so-status.conf: file.append: diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index d6c06d6fd..8d6c65bea 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -67,6 +67,9 @@ removeesp12dir: - prereq: - x509: /etc/pki/influxdb.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 # Create a cert for the talking to influxdb /etc/pki/influxdb.crt: @@ -82,6 +85,9 @@ removeesp12dir: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/influxdb.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 influxkeyperms: file.managed: @@ -104,6 +110,9 @@ influxkeyperms: - prereq: - x509: /etc/pki/redis.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 /etc/pki/redis.crt: x509.certificate_managed: @@ -118,6 +127,9 @@ influxkeyperms: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/redis.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 rediskeyperms: file.managed: @@ -140,6 +152,9 @@ rediskeyperms: - prereq: - x509: /etc/pki/filebeat.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 # Request a cert and drop it where it needs to go to be distributed /etc/pki/filebeat.crt: @@ -159,6 +174,9 @@ rediskeyperms: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 cmd.run: - name: "/usr/bin/openssl pkcs8 -in /etc/pki/filebeat.key -topk8 -out /etc/pki/filebeat.p8 -nocrypt" - onchanges: @@ -213,6 +231,9 @@ fbcrtlink: - prereq: - x509: /etc/pki/registry.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 # Create a cert for the docker registry /etc/pki/registry.crt: @@ -228,6 +249,9 @@ fbcrtlink: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/registry.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 regkeyperms: file.managed: @@ -248,6 +272,9 @@ regkeyperms: - prereq: - x509: /etc/pki/minio.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 # Create a cert for minio /etc/pki/minio.crt: @@ -263,6 +290,9 @@ regkeyperms: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/minio.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 miniokeyperms: file.managed: @@ -284,6 +314,9 @@ miniokeyperms: - prereq: - x509: /etc/pki/elasticsearch.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 /etc/pki/elasticsearch.crt: x509.certificate_managed: @@ -298,6 +331,9 @@ miniokeyperms: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 cmd.run: - name: "/usr/bin/openssl pkcs12 -inkey /etc/pki/elasticsearch.key -in /etc/pki/elasticsearch.crt -export -out /etc/pki/elasticsearch.p12 -nodes -passout pass:" - onchanges: @@ -329,6 +365,9 @@ elasticp12perms: - prereq: - x509: /etc/pki/managerssl.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 # Create a cert for the reverse proxy /etc/pki/managerssl.crt: @@ -345,6 +384,9 @@ elasticp12perms: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/managerssl.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 msslkeyperms: file.managed: @@ -366,6 +408,9 @@ msslkeyperms: - prereq: - x509: /etc/pki/fleet.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 /etc/pki/fleet.crt: x509.certificate_managed: @@ -379,6 +424,9 @@ msslkeyperms: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/fleet.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 fleetkeyperms: file.managed: @@ -407,6 +455,9 @@ fbcertdir: - prereq: - x509: /opt/so/conf/filebeat/etc/pki/filebeat.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 # Request a cert and drop it where it needs to go to be distributed /opt/so/conf/filebeat/etc/pki/filebeat.crt: @@ -426,6 +477,9 @@ fbcertdir: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /opt/so/conf/filebeat/etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 # Convert the key to pkcs#8 so logstash will work correctly. filebeatpkcs: @@ -465,6 +519,9 @@ chownfilebeatp8: - prereq: - x509: /etc/pki/managerssl.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 # Create a cert for the reverse proxy /etc/pki/managerssl.crt: @@ -481,6 +538,9 @@ chownfilebeatp8: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/managerssl.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 msslkeyperms: file.managed: @@ -502,6 +562,9 @@ msslkeyperms: - prereq: - x509: /etc/pki/fleet.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 /etc/pki/fleet.crt: x509.certificate_managed: @@ -515,6 +578,9 @@ msslkeyperms: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/fleet.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 fleetkeyperms: file.managed: @@ -539,6 +605,9 @@ fleetkeyperms: - prereq: - x509: /etc/pki/elasticsearch.crt {%- endif %} + - timeout: 30 + - retry: 5 + - interval: 30 /etc/pki/elasticsearch.crt: x509.certificate_managed: @@ -553,6 +622,9 @@ fleetkeyperms: # https://github.com/saltstack/salt/issues/52167 # Will trigger 5 days (432000 sec) from cert expiration - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]' + - timeout: 30 + - retry: 5 + - interval: 30 cmd.run: - name: "/usr/bin/openssl pkcs12 -inkey /etc/pki/elasticsearch.key -in /etc/pki/elasticsearch.crt -export -out /etc/pki/elasticsearch.p12 -nodes -passout pass:" - onchanges: diff --git a/setup/so-functions b/setup/so-functions index 379cb6e30..e7112163e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -760,7 +760,7 @@ compare_versions() { if [[ $manager_ver == '' ]]; then echo "Could not determine version of Security Onion running on manager $MSRV. Please check your network settings and run setup again." | tee -a "$setup_log" - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi [[ "$manager_ver" == "$SOVERSION" ]] @@ -965,13 +965,13 @@ installer_prereq_packages() { echo "Installing required packages to run installer..." # Install network manager so we can do interface stuff if ! command -v nmcli > /dev/null 2>&1; then - if wait_for_apt; then apt-get install -y network-manager >> "$setup_log" 2<&1; else exit 1; fi + retry 50 10 "apt-get install -y network-manager" >> "$setup_log" 2>&1 || exit 1 { systemctl enable NetworkManager systemctl start NetworkManager } >> "$setup_log" 2<&1 fi - if wait_for_apt; then apt-get install -y bc curl >> "$setup_log" 2>&1; else exit 1; fi + retry 50 10 "apt-get install -y bc curl" >> "$setup_log" 2>&1 || exit 1 fi } @@ -1041,28 +1041,18 @@ docker_install() { else case "$install_type" in 'MANAGER' | 'EVAL' | 'STANDALONE' | 'MANAGERSEARCH' | 'IMPORT') - if wait_for_apt 'whiptail_prog_new_message'; then apt-get update >> "$setup_log" 2>&1; else kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1; fi + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1 ;; *) - if wait_for_apt 'whiptail_prog_new_message'; then - { - apt-key add "$temp_install_dir"/gpg/docker.pub; - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"; - apt-get update; - } >> "$setup_log" 2>&1 - else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - fi + retry 50 10 "apt-key add $temp_install_dir/gpg/docker.pub" >> "$setup_log" 2>&1 || exit 1 + add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> "$setup_log" 2>&1 + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1 ;; esac - if wait_for_apt 'whiptail_prog_new_message'; then - if [ $OSVER != "xenial" ]; then - apt-get -y install docker-ce python3-docker >> "$setup_log" 2>&1 - else - apt-get -y install docker-ce python-docker >> "$setup_log" 2>&1 - fi + if [ $OSVER != "xenial" ]; then + retry 50 10 "apt-get -y install docker-ce python3-docker" >> "$setup_log" 2>&1 || exit 1 else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install docker-ce python-docker" >> "$setup_log" 2>&1 || exit 1 fi fi docker_registry @@ -1145,7 +1135,7 @@ download_repo_tarball() { rm -rf $install_opt_file local message="Could not download $manager_ver.tar.gz from manager, please check your network settings and verify the file /opt/so/repo/$manager_ver.tar.gz exists on the manager." echo "$message" | tee -a "$setup_log" - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi mkdir -p /root/manager_setup/securityonion @@ -1821,7 +1811,7 @@ reinstall_init() { # Stop the systemctl process trying to kill the service, show user a message, then exit setup kill -9 $pid - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi sleep 5 @@ -1873,11 +1863,7 @@ remove_package() { fi else if dpkg -l | grep -q "$package_name"; then - if wait_for_apt 'whiptail_prog_new_message'; then - apt purge -y "$package_name" - else - exit 1 - fi + retry 50 10 "apt purge -y \"$package_name\"" fi fi } @@ -1964,28 +1950,26 @@ saltify() { } >> "$setup_log" 2>&1 yum versionlock salt* else - if wait_for_apt 'whiptail_prog_new_message'; then - DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade >> "$setup_log" 2>&1 - else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + if ! (DEBIAN_FRONTEND=noninteractive retry 50 10 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1); then + exit 1 fi if [ $OSVER != "xenial" ]; then # Switch to Python 3 as default if this is not xenial update-alternatives --install /usr/bin/python python /usr/bin/python3.6 10 >> "$setup_log" 2>&1 fi - if wait_for_apt 'whiptail_prog_new_message'; then - # Add the pre-requisites for installing docker-ce - apt-get -y install ca-certificates\ - curl\ - software-properties-common\ - apt-transport-https\ - openssl\ - netcat\ - jq >> "$setup_log" 2>&1 - else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - fi + + local pkg_arr=( + 'ca-certificates' + 'curl' + 'software-properties-common' + 'apt-transport-https' + 'openssl' + 'netcat' + 'jq' + ) + retry 50 10 "apt-get -y install ${pkg_arr[*]}" >> "$setup_log" 2>&1 || exit 1 + # Grab the version from the os-release file local ubuntu_version ubuntu_version=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}') @@ -1993,10 +1977,10 @@ saltify() { case "$install_type" in 'FLEET') - if wait_for_apt 'whiptail_prog_new_message'; then - if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$setup_log" 2>&1; else apt-get -y install python-mysqldb >> "$setup_log" 2>&1; fi + if [[ $OSVER != 'xenial' ]]; then + retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1 else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install python-mysqldb" >> "$setup_log" 2>&1 || exit 1 fi ;; 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR') @@ -2020,17 +2004,12 @@ saltify() { # Add repo echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" - if wait_for_apt 'whiptail_prog_new_message'; then - # Initialize the new repos - apt-get update >> "$setup_log" 2>&1 - set_progress_str 6 'Installing various dependencies' - apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1 - set_progress_str 7 'Installing salt-master' - apt-get -y install salt-master=3002.2+ds-1 >> "$setup_log" 2>&1 - apt-mark hold salt-master >> "$setup_log" 2>&1 - else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - fi + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1 + set_progress_str 6 'Installing various dependencies' + retry 50 10 "apt-get -y install sqlite3 argon2 libssl-dev" >> "$setup_log" 2>&1 || exit 1 + set_progress_str 7 'Installing salt-master' + retry 50 10 "apt-get -y install salt-master=3002.2+ds-1" >> "$setup_log" 2>&1 || exit 1 + retry 50 10 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || exit 1 ;; *) # Copy down the gpg keys and install them from the manager @@ -2044,19 +2023,15 @@ saltify() { echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" ;; esac - if wait_for_apt 'whiptail_prog_new_message'; then - apt-get update >> "$setup_log" 2>&1 - set_progress_str 8 'Installing salt-minion & python modules' - apt-get -y install salt-minion=3002.2+ds-1\ - salt-common=3002.2+ds-1 >> "$setup_log" 2>&1 - apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1 - if [ "$OSVER" != 'xenial' ]; then - apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 - else - apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb >> "$setup_log" 2>&1 - fi + + retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1 + set_progress_str 8 'Installing salt-minion & python modules' + retry 50 10 "apt-get -y install salt-minion=3002.2+ds-1 salt-common=3002.2+ds-1" >> "$setup_log" 2>&1 || exit 1 + retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1 + if [[ $OSVER != 'xenial' ]]; then + retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb" >> "$setup_log" 2>&1 || exit 1 else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + retry 50 10 "apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb" >> "$setup_log" 2>&1 || exit 1 fi fi } @@ -2097,7 +2072,7 @@ salt_checkin() { if [ $count -gt 12 ]; then echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1 kill -9 "$pid" - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi sleep 10; ((count++)) @@ -2109,7 +2084,7 @@ salt_checkin() { echo "salt minion cannot talk to salt master" >> "$setup_log" 2>&1 if [ $count -gt 30 ]; then echo "salt minion could not talk to salt master after 30 attempts, exiting" >> "$setup_log" 2>&1 - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi sleep 1; ((count++)) @@ -2120,7 +2095,7 @@ salt_checkin() { echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1 if [ $count -gt 30 ]; then echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1 - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 + exit 1 fi systemctl kill salt-minion systemctl start salt-minion @@ -2522,12 +2497,8 @@ update_packages() { if [ "$OS" = 'centos' ]; then yum -y update >> "$setup_log" else - if wait_for_apt 'whiptail_prog_new_message'; then - apt-get -y update >> "$setup_log" - apt-get -y upgrade >> "$setup_log" - else - kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1 - fi + retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1 + retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1 fi } @@ -2572,11 +2543,6 @@ wait_for_file() { return 1 } -whiptail_prog_new_message() { - local message=$1 - set_progress_str "$percentage" "$message" -} - # Enable Zeek Logs zeek_logs_enabled() { echo "Enabling Zeek Logs" >> "$setup_log" 2>&1 diff --git a/setup/so-setup b/setup/so-setup index ea67ef5f4..beb9b40a3 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -130,7 +130,7 @@ if [[ -f automation/$automation && $(basename $automation) == $automation ]]; th if [[ ! $is_iso ]]; then echo "Installing sshpass for automated testing." >> $setup_log 2>&1 if [ "$OS" == ubuntu ]; then - if wait_for_apt; then apt-get -y install sshpass >> $setup_log 2>&1; else exit 1; fi + retry 50 10 "apt-get -y install sshpass" >> $setup_log 2>&1 || exit 1 else yum -y install sshpass >> $setup_log 2>&1 fi @@ -397,7 +397,9 @@ if [[ ! $is_import ]]; then collect_patch_schedule fi -collect_homenet_mngr +if [[ $is_helix || $is_manager || $is_import ]]; then + collect_homenet_mngr +fi if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then set_base_heapsizes @@ -456,10 +458,15 @@ if [[ $is_distmanager ]]; then fi if [[ $is_sensor && ! $is_eval ]]; then - collect_homenet_snsr + [[ $is_manager ]] || collect_homenet_snsr whiptail_sensor_config if [ $NSMSETUP == 'ADVANCED' ]; then - [[ $ZEEKVERSION == "ZEEK" ]] && whiptail_zeek_pins + if [[ $is_manager ]]; then + [[ $ZEEKVERSION == "ZEEK" ]] && whiptail_zeek_pins + else + whiptail_zeek_pins + fi + whiptail_suricata_pins collect_mtu else @@ -469,7 +476,13 @@ if [[ $is_sensor && ! $is_eval ]]; then else PROCS=$lb_procs fi - [[ $ZEEKVERSION == "ZEEK" ]] && collect_zeek + + if [[ $is_manager ]]; then + [[ $ZEEKVERSION == "ZEEK" ]] && collect_zeek + else + collect_zeek + fi + collect_suri fi fi @@ -730,7 +743,7 @@ set_redirect >> $setup_log 2>&1 set_progress_str 66 "$(print_salt_state_apply 'suricata')" salt-call state.apply -l info suricata >> $setup_log 2>&1 - if [[ $ZEEKVERSION == 'ZEEK' ]]; then + if [[ $(lookup_pillar "mdengine") == 'ZEEK' ]]; then set_progress_str 67 "$(print_salt_state_apply 'zeek')" salt-call state.apply -l info zeek >> $setup_log 2>&1 fi