Merge branch 'dev' into automation/ami

2025-12-06 17:22:49 +01:00 · 2021-02-04 16:05:39 -05:00
parent 6b54a29ac7 d4e5ab477f
commit a13b31fbcc
10 changed files with 204 additions and 246 deletions
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -42,6 +42,9 @@ pki_private_key:
    - replace: False
    - require:
      - file: /etc/pki
    - timeout: 30
    - retry: 5
    - interval: 30
 x509_pem_entries:
  module.run:
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -229,7 +229,7 @@ retry() {
 	while [[ $attempt -lt $maxAttempts ]]; do			
 		attempt=$((attempt+1))
 		echo "Executing command with retry support: $cmd"
-		output=$($cmd)
+		output=$(eval "$cmd")
 		exitcode=$?
 		echo "Results: $output ($exitcode)"
 		if [ -n "$expectedOutput" ]; then
@@ -248,51 +248,6 @@ retry() {
 	return 1
 }
 wait_for_apt() {
 	local progress_callback=$1
 	local retry_count=30
 	local retry_timeout='10s'
 	local lock_msg="Could not acquire dpkg lock, waiting $retry_timeout for lock to release."
 	if [[ -z $progress_callback ]]; then
 		if [[ -z $progress_bar_text ]]; then
 			local old_text="Installing..."
 		else
 			local old_text="$progress_bar_text"
 		fi
 	fi
 	local count=0
 	while [[ "$count" -lt "$retry_count" ]]; do
 		((count++))
 		[[ -z $progress_callback ]] && echo "Attempting to acquire dpkg lock to run apt command... (Attempt $count/$retry_count)"
 		if __check_apt_lock; then
 			if [[ -z $progress_callback ]]; then
 				echo "  $lock_msg" | tee -a "$setup_log"
 			else
 				$progress_callback "Could not acquire dpkg lock, waiting $retry_timeout ($count/$retry_count)"
 			fi
 		else
 			[[ -z $progress_callback ]] || $progress_callback "$old_text"
 			return 0
 		fi
 		sleep "$retry_timeout"
 	done
 	if __check_apt_lock; then
 		[[ -z $progress_callback ]] &&	echo "Could not acquire lock after $retry_count attempts, aborting."
 		return 1
 	else
 		return 0
 	fi
 }
 __check_apt_lock() {
 	lsof /var/lib/dpkg/lock &> /dev/null
 	local lock=$?
 	return $lock
 }
 valid_cidr() {
 	# Verify there is a backslash in the string
 	echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1
--- a/salt/elastalert/defaults.yaml
+++ b/salt/elastalert/defaults.yaml
@@ -0,0 +1,48 @@
 elastalert:
  config:
    rules_folder: /opt/elastalert/rules/
    scan_subdirectories: true
    disable_rules_on_error: false
    run_every:
      minutes: 3
    buffer_time:
      minutes: 10
    old_query_limit:
      minutes: 5
    es_host: {{salt['pillar.get']('manager:mainip', '')}}
    es_port: {{salt['pillar.get']('manager:es_port', '')}}
    es_conn_timeout: 55
    max_query_size: 5000
    #aws_region: us-east-1
    #profile: test
    #es_url_prefix: elasticsearch
    #use_ssl: True
    #verify_certs: True
    #es_send_get_body_as: GET
    #es_username: someusername
    #es_password: somepassword
    writeback_index: elastalert_status
    alert_time_limit:
      days: 2
    index_settings:
      shards: 1
      replicas: 0
    logging:
      version: 1
      incremental: false
      disable_existing_loggers: false
      formatters:
        logline:
          format: '%(asctime)s %(levelname)+8s %(name)+20s %(message)s'
      handlers:
        file:
          class: logging.FileHandler
          formatter: logline
          level: INFO
          filename: /var/log/elastalert/elastalert.log
      loggers:
        '':
          level: INFO
          handlers:
            - file
          propagate: false
--- a/salt/elastalert/elastalert_config.map.jinja
+++ b/salt/elastalert/elastalert_config.map.jinja
@@ -0,0 +1,4 @@
 {% import_yaml 'elastalert/defaults.yaml' as elastalert_defaults with context %}
 {% set elastalert_pillar = salt['pillar.get']('elastalert:config', {}) %}
 {% do salt['defaults.merge'](elastalert_defaults.elastalert.config, elastalert_pillar, in_place=True) %}
--- a/salt/elastalert/files/elastalert_config.yaml
+++ b/salt/elastalert/files/elastalert_config.yaml
@@ -1,110 +0,0 @@
 {% set esip = salt['pillar.get']('manager:mainip', '') %}
 {% set esport = salt['pillar.get']('manager:es_port', '') %}
 # This is the folder that contains the rule yaml files
 # Any .yaml file will be loaded as a rule
 rules_folder: /opt/elastalert/rules/
 # Sets whether or not ElastAlert should recursively descend
 # the rules directory - true or false
 scan_subdirectories: true
 # Do not disable a rule when an uncaught exception is thrown -
 # This setting should be tweaked once the following issue has been fixed
 # https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/98
 disable_rules_on_error: false
 # How often ElastAlert will query Elasticsearch
 # The unit can be anything from weeks to seconds
 run_every:
  minutes: 3
 # ElastAlert will buffer results from the most recent
 # period of time, in case some log sources are not in real time
 buffer_time:
  minutes: 10
 # The maximum time between queries for ElastAlert to start at the most recently
 # run query. When ElastAlert starts, for each rule, it will search elastalert_metadata
 # for the most recently run query and start from that time, unless it is older than
 # old_query_limit, in which case it will start from the present time. The default is one week.
 old_query_limit:
  minutes: 5
 # The Elasticsearch hostname for metadata writeback
 # Note that every rule can have its own Elasticsearch host
 es_host: {{ esip }}
 # The Elasticsearch port
 es_port: {{ esport }}
 # Sets timeout for connecting to and reading from es_host
 es_conn_timeout: 55
 # The maximum number of documents that will be downloaded from Elasticsearch in
 # a single query. The default is 10,000, and if you expect to get near this number,
 # consider using use_count_query for the rule. If this limit is reached, ElastAlert
 # will scroll through pages the size of max_query_size until processing all results.
 max_query_size: 5000
 # The AWS region to use. Set this when using AWS-managed elasticsearch
 #aws_region: us-east-1
 # The AWS profile to use. Use this if you are using an aws-cli profile.
 # See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
 # for details
 #profile: test
 # Optional URL prefix for Elasticsearch
 #es_url_prefix: elasticsearch
 # Connect with TLS to Elasticsearch
 #use_ssl: True
 # Verify TLS certificates
 #verify_certs: True
 # GET request with body is the default option for Elasticsearch.
 # If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
 # See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
 # for details
 #es_send_get_body_as: GET
 # Option basic-auth username and password for Elasticsearch
 #es_username: someusername
 #es_password: somepassword
 # The index on es_host which is used for metadata storage
 # This can be a unmapped index, but it is recommended that you run
 # elastalert-create-index to set a mapping
 writeback_index: elastalert_status
 # If an alert fails for some reason, ElastAlert will retry
 # sending the alert until this time period has elapsed
 alert_time_limit:
  days: 2
 index_settings:
  shards: 1
  replicas: 0
 logging:
  version: 1
  incremental: false
  disable_existing_loggers: false
  formatters:
    logline:
      format: '%(asctime)s %(levelname)+8s %(name)+20s %(message)s'
  handlers:
    file:
      class : logging.FileHandler
      formatter: logline
      level: INFO
      filename: /var/log/elastalert/elastalert.log
  loggers:
    '':
      level: INFO
      handlers:
        - file
      propagate: false
--- a/salt/elastalert/files/elastalert_config.yaml.jinja
+++ b/salt/elastalert/files/elastalert_config.yaml.jinja
@@ -0,0 +1 @@
 {{ elastalert_config | yaml(False) }}
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -15,6 +15,8 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}
 {% from 'elastalert/elastalert_config.map.jinja' import elastalert_defaults as elastalert_config with context %}
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
@@ -92,7 +94,9 @@ elastasomodulesync:
 elastaconf:
  file.managed:
    - name: /opt/so/conf/elastalert/elastalert_config.yaml
-    - source: salt://elastalert/files/elastalert_config.yaml
+    - source: salt://elastalert/files/elastalert_config.yaml.jinja
    - context:
        elastalert_config: {{ elastalert_config.elastalert.config }}
    - user: 933
    - group: 933
    - template: jinja
@@ -119,6 +123,8 @@ so-elastalert:
      - {{MANAGER_URL}}:{{MANAGER_IP}}
    - require:
      - module: wait_for_elasticsearch
    - watch:
      - file: elastaconf
 append_so-elastalert_so-status.conf:
  file.append:
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -67,6 +67,9 @@ removeesp12dir:
    - prereq:
      - x509: /etc/pki/influxdb.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 # Create a cert for the talking to influxdb
 /etc/pki/influxdb.crt:
@@ -82,6 +85,9 @@ removeesp12dir:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/influxdb.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
 influxkeyperms:
  file.managed:
@@ -104,6 +110,9 @@ influxkeyperms:
    - prereq:
      - x509: /etc/pki/redis.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 /etc/pki/redis.crt:
  x509.certificate_managed:
@@ -118,6 +127,9 @@ influxkeyperms:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/redis.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
 rediskeyperms:
  file.managed:
@@ -140,6 +152,9 @@ rediskeyperms:
    - prereq:
      - x509: /etc/pki/filebeat.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 # Request a cert and drop it where it needs to go to be distributed
 /etc/pki/filebeat.crt:
@@ -159,6 +174,9 @@ rediskeyperms:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
  cmd.run:
    - name: "/usr/bin/openssl pkcs8 -in /etc/pki/filebeat.key -topk8 -out /etc/pki/filebeat.p8 -nocrypt"
    - onchanges:
@@ -213,6 +231,9 @@ fbcrtlink:
    - prereq:
      - x509: /etc/pki/registry.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 # Create a cert for the docker registry
 /etc/pki/registry.crt:
@@ -228,6 +249,9 @@ fbcrtlink:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/registry.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
 regkeyperms:
  file.managed:
@@ -248,6 +272,9 @@ regkeyperms:
    - prereq:
      - x509: /etc/pki/minio.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 # Create a cert for minio
 /etc/pki/minio.crt:
@@ -263,6 +290,9 @@ regkeyperms:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/minio.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
 miniokeyperms:
  file.managed:
@@ -284,6 +314,9 @@ miniokeyperms:
    - prereq:
      - x509: /etc/pki/elasticsearch.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 /etc/pki/elasticsearch.crt:
  x509.certificate_managed:
@@ -298,6 +331,9 @@ miniokeyperms:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
  cmd.run:
    - name: "/usr/bin/openssl pkcs12 -inkey /etc/pki/elasticsearch.key -in /etc/pki/elasticsearch.crt -export -out /etc/pki/elasticsearch.p12 -nodes -passout pass:"
    - onchanges:
@@ -329,6 +365,9 @@ elasticp12perms:
    - prereq:
      - x509: /etc/pki/managerssl.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 # Create a cert for the reverse proxy
 /etc/pki/managerssl.crt:
@@ -345,6 +384,9 @@ elasticp12perms:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/managerssl.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
 msslkeyperms:
  file.managed:
@@ -366,6 +408,9 @@ msslkeyperms:
    - prereq:
      - x509: /etc/pki/fleet.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 /etc/pki/fleet.crt:
  x509.certificate_managed:
@@ -379,6 +424,9 @@ msslkeyperms:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/fleet.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
 fleetkeyperms:
  file.managed:
@@ -407,6 +455,9 @@ fbcertdir:
    - prereq:
      - x509: /opt/so/conf/filebeat/etc/pki/filebeat.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 # Request a cert and drop it where it needs to go to be distributed
 /opt/so/conf/filebeat/etc/pki/filebeat.crt:
@@ -426,6 +477,9 @@ fbcertdir:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /opt/so/conf/filebeat/etc/pki/filebeat.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
 # Convert the key to pkcs#8 so logstash will work correctly.
 filebeatpkcs:
@@ -465,6 +519,9 @@ chownfilebeatp8:
    - prereq:
      - x509: /etc/pki/managerssl.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 # Create a cert for the reverse proxy
 /etc/pki/managerssl.crt:
@@ -481,6 +538,9 @@ chownfilebeatp8:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/managerssl.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
 msslkeyperms:
  file.managed:
@@ -502,6 +562,9 @@ msslkeyperms:
    - prereq:
      - x509: /etc/pki/fleet.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 /etc/pki/fleet.crt:
  x509.certificate_managed:
@@ -515,6 +578,9 @@ msslkeyperms:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/fleet.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
 fleetkeyperms:
  file.managed:
@@ -539,6 +605,9 @@ fleetkeyperms:
    - prereq:
      - x509: /etc/pki/elasticsearch.crt
    {%- endif %}
    - timeout: 30
    - retry: 5
    - interval: 30
 /etc/pki/elasticsearch.crt:
  x509.certificate_managed:
@@ -553,6 +622,9 @@ fleetkeyperms:
      # https://github.com/saltstack/salt/issues/52167
      # Will trigger 5 days (432000 sec) from cert expiration
      - 'enddate=$(date -d "$(openssl x509 -in /etc/pki/elasticsearch.crt -enddate -noout | cut -d= -f2)" +%s) ; now=$(date +%s) ; expire_date=$(( now + 432000)); [ $enddate -gt $expire_date ]'
    - timeout: 30
    - retry: 5
    - interval: 30
  cmd.run:
    - name: "/usr/bin/openssl pkcs12 -inkey /etc/pki/elasticsearch.key -in /etc/pki/elasticsearch.crt -export -out /etc/pki/elasticsearch.p12 -nodes -passout pass:"
    - onchanges:
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -760,7 +760,7 @@ compare_versions() {
 	if [[ $manager_ver == '' ]]; then
 		echo "Could not determine version of Security Onion running on manager $MSRV. Please check your network settings and run setup again." | tee -a "$setup_log"
-		kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+		exit 1
 	fi
 	[[ "$manager_ver" == "$SOVERSION" ]]
@@ -965,13 +965,13 @@ installer_prereq_packages() {
 		echo "Installing required packages to run installer..."
 		# Install network manager so we can do interface stuff
 		if ! command -v nmcli > /dev/null 2>&1; then
-			if wait_for_apt; then apt-get install -y network-manager >> "$setup_log" 2<&1; else exit 1; fi
+			retry 50 10 "apt-get install -y network-manager" >> "$setup_log" 2>&1 || exit 1
 			{
 				systemctl enable NetworkManager
 				systemctl start NetworkManager
 			} >> "$setup_log" 2<&1
 		fi
-		if wait_for_apt; then apt-get install -y bc curl >> "$setup_log" 2>&1; else exit 1; fi
+		retry 50 10 "apt-get install -y bc curl"  >> "$setup_log" 2>&1 || exit 1
 	fi
 }
@@ -1041,28 +1041,18 @@ docker_install() {
 	else
 		case "$install_type" in
 			'MANAGER' | 'EVAL' | 'STANDALONE' | 'MANAGERSEARCH' | 'IMPORT')
-				if wait_for_apt 'whiptail_prog_new_message'; then apt-get update >> "$setup_log" 2>&1; else kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1; fi
+				retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1
 				;;
 			*)
-				if wait_for_apt 'whiptail_prog_new_message'; then
+				retry 50 10 "apt-key add $temp_install_dir/gpg/docker.pub" >> "$setup_log" 2>&1 || exit 1
-					{
+				add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> "$setup_log" 2>&1
-						apt-key add "$temp_install_dir"/gpg/docker.pub;
+				retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1
 						add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable";
 						apt-get update;
 					} >> "$setup_log" 2>&1
 				else
 					kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
 				fi
 				;;
 		esac 
 		if wait_for_apt 'whiptail_prog_new_message'; then
 		if [ $OSVER != "xenial" ]; then
-				apt-get -y install docker-ce python3-docker >> "$setup_log" 2>&1
+			retry 50 10 "apt-get -y install docker-ce python3-docker" >> "$setup_log" 2>&1 || exit 1
 		else
-				apt-get -y install docker-ce python-docker >> "$setup_log" 2>&1
+			retry 50 10 "apt-get -y install docker-ce python-docker" >> "$setup_log" 2>&1 || exit 1
 			fi
 		else
 			kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
 		fi
 	fi
 	docker_registry
@@ -1145,7 +1135,7 @@ download_repo_tarball() {
 		rm -rf $install_opt_file
 		local message="Could not download $manager_ver.tar.gz from manager, please check your network settings and verify the file /opt/so/repo/$manager_ver.tar.gz exists on the manager." 
 		echo "$message" | tee -a "$setup_log"
-		kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+		exit 1
 	fi
 	mkdir -p /root/manager_setup/securityonion
@@ -1821,7 +1811,7 @@ reinstall_init() {
 					# Stop the systemctl process trying to kill the service, show user a message, then exit setup
 					kill -9 $pid
-					kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+					exit 1
 				fi
 				sleep 5
@@ -1873,11 +1863,7 @@ remove_package() {
 		fi
 	else
 		if dpkg -l | grep -q "$package_name"; then
-			if wait_for_apt 'whiptail_prog_new_message'; then
+			retry 50 10 "apt purge -y \"$package_name\""
 				apt purge -y "$package_name"
 			else
 				exit 1
 			fi
 		fi
 	fi
 }
@@ -1964,28 +1950,26 @@ saltify() {
 		} >> "$setup_log" 2>&1
 		yum versionlock salt*
 	else
-		if wait_for_apt 'whiptail_prog_new_message'; then
+		if ! (DEBIAN_FRONTEND=noninteractive retry 50 10 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1); then
-			DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade >> "$setup_log" 2>&1
+			exit 1
 		else
 			kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
 		fi
 		if [ $OSVER != "xenial" ]; then
 			# Switch to Python 3 as default if this is not xenial
 			update-alternatives --install /usr/bin/python python /usr/bin/python3.6 10 >> "$setup_log" 2>&1
 		fi
-		if wait_for_apt 'whiptail_prog_new_message'; then
+		
-			# Add the pre-requisites for installing docker-ce
+		local pkg_arr=(
-			apt-get -y install ca-certificates\
+			'ca-certificates'
-				curl\
+			'curl'
-				software-properties-common\
+			'software-properties-common'
-				apt-transport-https\
+			'apt-transport-https'
-				openssl\
+			'openssl'
-				netcat\
+			'netcat'
-				jq >> "$setup_log" 2>&1
+			'jq'
-		else
+		)
-			kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+		retry 50 10 "apt-get -y install ${pkg_arr[*]}" >> "$setup_log" 2>&1 || exit 1
-		fi
+
 		# Grab the version from the os-release file
 		local ubuntu_version
 		ubuntu_version=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}')
@@ -1993,10 +1977,10 @@ saltify() {
 		case "$install_type" in
 			'FLEET')
-				if wait_for_apt 'whiptail_prog_new_message'; then
+				if [[ $OSVER != 'xenial' ]]; then
-					if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$setup_log" 2>&1; else apt-get -y install python-mysqldb >> "$setup_log" 2>&1; fi
+					retry 50 10 "apt-get -y install python3-mysqldb" >> "$setup_log" 2>&1 || exit 1
 				else
-					kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+					retry 50 10 "apt-get -y install python-mysqldb" >> "$setup_log" 2>&1 || exit 1
 				fi
 				;;
 			'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR')
@@ -2020,17 +2004,12 @@ saltify() {
 				# Add repo
 				echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log"
-				if wait_for_apt 'whiptail_prog_new_message'; then
+				retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1
 					# Initialize the new repos
 					apt-get update >> "$setup_log" 2>&1
 				set_progress_str 6 'Installing various dependencies'
-					apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1
+				retry 50 10 "apt-get -y install sqlite3 argon2 libssl-dev" >> "$setup_log" 2>&1 || exit 1
 				set_progress_str 7 'Installing salt-master'
-					apt-get -y install salt-master=3002.2+ds-1 >> "$setup_log" 2>&1
+				retry 50 10 "apt-get -y install salt-master=3002.2+ds-1" >> "$setup_log" 2>&1 || exit 1
-					apt-mark hold salt-master >> "$setup_log" 2>&1
+				retry 50 10 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || exit 1
 				else
 					kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
 				fi
 				;;
 			*)
 				# Copy down the gpg keys and install them from the manager
@@ -2044,19 +2023,15 @@ saltify() {
 				echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log"
 				;;
 		esac
-		if wait_for_apt 'whiptail_prog_new_message'; then
+
-			apt-get update >> "$setup_log" 2>&1
+		retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1
 		set_progress_str 8 'Installing salt-minion & python modules'
-			apt-get -y install salt-minion=3002.2+ds-1\
+		retry 50 10 "apt-get -y install salt-minion=3002.2+ds-1 salt-common=3002.2+ds-1" >> "$setup_log" 2>&1 || exit 1
-						salt-common=3002.2+ds-1 >> "$setup_log" 2>&1
+		retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1
-			apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1
+		if [[ $OSVER != 'xenial' ]]; then
-			if [ "$OSVER" != 'xenial' ]; then 
+			retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb" >> "$setup_log" 2>&1 || exit 1
 				apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1
 		else
-				apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb  >> "$setup_log" 2>&1
+			retry 50 10 "apt-get -y install python-pip python-dateutil python-m2crypto python-mysqldb"  >> "$setup_log" 2>&1 || exit 1
 			fi
 		else
 			kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
 		fi
 	fi
 }
@@ -2097,7 +2072,7 @@ salt_checkin() {
 						if [ $count -gt 12 ]; then
 							echo "$service could not be restarted in 120 seconds, exiting" >> "$setup_log" 2>&1
 							kill -9 "$pid"
-							kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+							exit 1
 						fi
 						sleep 10;
 						((count++))
@@ -2109,7 +2084,7 @@ salt_checkin() {
 					echo "salt minion cannot talk to salt master" >> "$setup_log" 2>&1
 					if [ $count -gt 30 ]; then
 						echo "salt minion could not talk to salt master after 30 attempts, exiting" >> "$setup_log" 2>&1
-						kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+						exit 1
 					fi
 					sleep 1;
 					((count++))
@@ -2120,7 +2095,7 @@ salt_checkin() {
 					echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1
 					if [ $count -gt 30 ]; then
 						echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1
-						kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+						exit 1
 					fi
 					systemctl kill salt-minion
 					systemctl start salt-minion
@@ -2522,12 +2497,8 @@ update_packages() {
 	if [ "$OS" = 'centos' ]; then
 		yum -y update >> "$setup_log"
 	else
-		if wait_for_apt 'whiptail_prog_new_message'; then
+		retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1
-			apt-get -y update >> "$setup_log"
+		retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1
 			apt-get -y upgrade >> "$setup_log"
 		else
 			kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
 		fi
 	fi
 }
@@ -2572,11 +2543,6 @@ wait_for_file() {
 	return 1
 }
 whiptail_prog_new_message() {
 	local message=$1
 	set_progress_str "$percentage" "$message"
 }
 # Enable Zeek Logs
 zeek_logs_enabled() {
 	echo "Enabling Zeek Logs" >> "$setup_log" 2>&1
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -130,7 +130,7 @@ if [[ -f automation/$automation && $(basename $automation) == $automation ]]; th
 	if [[ ! $is_iso ]]; then
 		echo "Installing sshpass for automated testing." >> $setup_log 2>&1
 		if [ "$OS" == ubuntu ]; then
-			if wait_for_apt; then apt-get -y install sshpass >> $setup_log 2>&1; else exit 1; fi
+			retry 50 10 "apt-get -y install sshpass" >> $setup_log 2>&1 || exit 1
 		else
 			yum -y install sshpass >> $setup_log 2>&1
 		fi
@@ -397,7 +397,9 @@ if [[ ! $is_import ]]; then
 	collect_patch_schedule
 fi
 if [[ $is_helix ||  $is_manager || $is_import ]]; then
 	collect_homenet_mngr
 fi
 if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then
 	set_base_heapsizes
@@ -456,10 +458,15 @@ if [[ $is_distmanager ]]; then
 fi
 if [[ $is_sensor && ! $is_eval ]]; then
-	collect_homenet_snsr
+	[[ $is_manager ]] || collect_homenet_snsr
 	whiptail_sensor_config
 	if [ $NSMSETUP == 'ADVANCED' ]; then
 		if [[ $is_manager ]]; then
 			[[ $ZEEKVERSION == "ZEEK" ]] && whiptail_zeek_pins
 		else
 			whiptail_zeek_pins
 		fi
 		whiptail_suricata_pins
 		collect_mtu
 	else
@@ -469,7 +476,13 @@ if [[ $is_sensor && ! $is_eval ]]; then
 		else
 			PROCS=$lb_procs
 		fi
 		if [[ $is_manager ]]; then
 			[[ $ZEEKVERSION == "ZEEK" ]] && collect_zeek
 		else
 			collect_zeek
 		fi
 		collect_suri
 	fi
 fi
@@ -730,7 +743,7 @@ set_redirect >> $setup_log 2>&1
 		set_progress_str 66 "$(print_salt_state_apply 'suricata')"
 		salt-call state.apply -l info suricata >> $setup_log 2>&1
-		if [[ $ZEEKVERSION == 'ZEEK' ]]; then
+		if [[ $(lookup_pillar "mdengine") == 'ZEEK' ]]; then
 			set_progress_str 67 "$(print_salt_state_apply 'zeek')"
 			salt-call state.apply -l info zeek >> $setup_log 2>&1
 		fi