From 9a9d1480de89eab71cd2ba2f9a21073955dd6741 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 2 Nov 2021 10:41:36 -0400 Subject: [PATCH 1/8] Manage docker group's gid to prevent gid overlap --- salt/common/init.sls | 5 +++++ salt/salt/minion.sls | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index 05dd7023f..17cea3480 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -9,6 +9,11 @@ rmvariablesfile: file.absent: - name: /tmp/variables.txt +dockergroup: + group.present: + - name: docker + - gid: 920 + # Add socore Group socoregroup: group.present: diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 3db257d1b..04fc1769c 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -87,4 +87,4 @@ salt_minion_service: patch_pkg: pkg.installed: - - name: patch \ No newline at end of file + - name: patch From e6adb46364db153c66b51a4bde00bb172e8a5de1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 2 Nov 2021 11:18:23 -0400 Subject: [PATCH 2/8] Run so-preflight during setup --- setup/so-functions | 3 ++- setup/so-preflight | 40 +++++++++++++++++++++++++++++++++------- setup/so-setup | 17 ++++++++++++++++- setup/so-whiptail | 16 +++++++++++++++- 4 files changed, 66 insertions(+), 10 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 37e9b5ba9..6d46b4bb4 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1124,9 +1124,10 @@ detect_os() { installer_progress_loop() { local i=0 + local msg="${1:-Performing background actions...}" while true; do [[ $i -lt 98 ]] && ((i++)) - set_progress_str "$i" 'Checking that all required packages are installed and enabled...' nolog + set_progress_str "$i" "$msg" nolog [[ $i -gt 0 ]] && sleep 5s done } diff --git a/setup/so-preflight b/setup/so-preflight index 2943191eb..e30b7872d 100644 --- a/setup/so-preflight +++ b/setup/so-preflight @@ -18,7 +18,13 @@ source ../salt/common/tools/sbin/so-common source ./so-functions -preflight_log='/root/preflight.log' +script_run="$1" + +if [[ $script_run == true ]]; then + preflight_log="${2:-'/root/preflight.log'}" +else + preflight_log='/root/preflight.log' +fi check_default_repos() { local ret_code=0 @@ -72,7 +78,8 @@ check_new_repos() { check_misc_urls() { printf ' Checking various other URLs used by setup.' | tee -a "$preflight_log" - local so_version=$(cat ../VERSION) + local so_version + so_version=$(cat ../VERSION) local url_arr=( "https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS" "https://github.com/Neo23x0/signature-base" @@ -112,10 +119,18 @@ __check_url_arr() { } main() { + local intro_str="Beginning pre-flight checks." + local success_str="Pre-flight checks completed successfully!" + local fail_str="Pre-flight checks could not complete." + detect_os "$preflight_log" [[ -f $preflight_log ]] || touch "$preflight_log" - echo "Beginning pre-flight checks." | tee "$preflight_log" + if [[ $script_run == true ]]; then + echo "$intro_str" + else + echo "$intro_str" | tee "$preflight_log" + fi check_default_repos &&\ check_new_repos &&\ check_misc_urls @@ -124,12 +139,23 @@ main() { echo "" if [[ $success == 0 ]]; then - echo -e "Pre-flight checks completed successfully!\n" | tee -a "$preflight_log" + if [[ $script_run == true ]]; then + echo "$success_str" + else + echo "$success_str" | tee -a "$preflight_log" + echo "" + fi else - echo -e "Pre-flight checks could not complete." | tee -a "$preflight_log" - echo -e " Check $preflight_log for details.\n" - exit 1 + if [[ $script_run == true ]]; then + echo "$fail_str" + else + echo "$fail_str" | tee -a "$preflight_log" + echo "Check $preflight_log for details." + echo "" + fi fi + + exit $success } main diff --git a/setup/so-setup b/setup/so-setup index 2cef6d876..2dbf9935e 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -345,9 +345,24 @@ else rm -rf $install_opt_file >> "$setup_log" 2>&1 fi +if [[ -z $is_airgap ]]; then + percentage=0 + { + installer_progress_loop 'Running preflight checks...' & + progress_bg_proc=$! + ./so-preflight true "$setup_log" >> $setup_log 2>&1 + preflight_ret=$? + kill -9 "$progress_bg_proc" + wait "$progress_bg_proc" &> /dev/null + if [[ $preflight_ret -gt 0 ]] && ! ( whiptail_preflight_err ); then + whiptail_cancel + fi + } | progress '...' +fi + percentage=0 { - installer_progress_loop & # Run progress bar to 98 in ~8 minutes while waiting for package installs + installer_progress_loop 'Checking that all required packages are installed and enabled...' & # Run progress bar to 98 in ~8 minutes while waiting for package installs progress_bg_proc=$! installer_prereq_packages install_success=$? diff --git a/setup/so-whiptail b/setup/so-whiptail index 130ae96bb..371897eb8 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -95,7 +95,7 @@ whiptail_cancel() { title "User cancelled setup." - exit + exit 1 } whiptail_check_exitstatus() { @@ -1489,6 +1489,20 @@ whiptail_patch_schedule_select_hours() { } +whiptail_preflight_err() { + [ -n "$TESTING" ] && return + + read -r -d '' message <<- EOM + The so-preflight script failed checking one or more URLs required by setup. Check $setup_log for more details. + + Would you like to exit setup? + EOM + + whiptail --title "$whiptail_title" \ + --yesno "$message" 11 75 \ + --yes-button "Continue" --no-button "Exit" --defaultno +} + whiptail_proxy_ask() { [ -n "$TESTING" ] && return From 9671dab2a3a5d9bf7ba21ed7b9d2efd90772c16e Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 2 Nov 2021 11:48:24 -0400 Subject: [PATCH 3/8] Make so-preflight executable --- setup/so-preflight | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 setup/so-preflight diff --git a/setup/so-preflight b/setup/so-preflight old mode 100644 new mode 100755 From e4a77acfe6b490ef43c0d0924b7b1199e7db7914 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 2 Nov 2021 12:03:42 -0400 Subject: [PATCH 4/8] Move whiptail menus outside of progress func --- setup/so-setup | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 2dbf9935e..b4e469ced 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -352,12 +352,15 @@ if [[ -z $is_airgap ]]; then progress_bg_proc=$! ./so-preflight true "$setup_log" >> $setup_log 2>&1 preflight_ret=$? + echo "$preflight_ret" > /tmp/preflight_ret kill -9 "$progress_bg_proc" wait "$progress_bg_proc" &> /dev/null - if [[ $preflight_ret -gt 0 ]] && ! ( whiptail_preflight_err ); then - whiptail_cancel - fi } | progress '...' + [[ -f /tmp/setup_tmp_var ]] && preflight_ret=$(cat /tmp/preflight_ret) + rm /tmp/preflight_ret + if [[ -n $preflight_ret && $preflight_ret -gt 0 ]] && ! ( whiptail_preflight_err ); then + whiptail_cancel + fi fi percentage=0 From 7c7c225a415695fd854643e674e369c43e61f673 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 2 Nov 2021 14:01:21 -0400 Subject: [PATCH 5/8] Fix tmp file check --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index b4e469ced..d71511971 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -356,7 +356,7 @@ if [[ -z $is_airgap ]]; then kill -9 "$progress_bg_proc" wait "$progress_bg_proc" &> /dev/null } | progress '...' - [[ -f /tmp/setup_tmp_var ]] && preflight_ret=$(cat /tmp/preflight_ret) + [[ -f /tmp/preflight_ret ]] && preflight_ret=$(cat /tmp/preflight_ret) rm /tmp/preflight_ret if [[ -n $preflight_ret && $preflight_ret -gt 0 ]] && ! ( whiptail_preflight_err ); then whiptail_cancel From 8670aa6cd84e4b8d5ab8118567228d289eb6a492 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 2 Nov 2021 14:29:58 -0400 Subject: [PATCH 6/8] Run check-update in preflight instead of update --- setup/so-preflight | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-preflight b/setup/so-preflight index e30b7872d..fd6b5f736 100755 --- a/setup/so-preflight +++ b/setup/so-preflight @@ -33,7 +33,7 @@ check_default_repos() { if [[ $OS == 'centos' ]]; then printf '%s' 'yum update.' | tee -a "$preflight_log" echo "" >> "$preflight_log" - yum -y update >> $preflight_log 2>&1 + yum -y check-update >> $preflight_log 2>&1 ret_code=$? else printf '%s' 'apt update.' | tee -a "$preflight_log" From d927e79154ce318cad8513385d56077ff1c5b7b2 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 2 Nov 2021 16:17:08 -0400 Subject: [PATCH 7/8] Exit on failed preflight check during testing --- setup/so-whiptail | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 371897eb8..cbfa5a886 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -84,6 +84,8 @@ whiptail_bond_nics_mtu() { whiptail_cancel() { + [ -n "$TESTING" ] && exit 1 + whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75 if [ -d "/root/installtmp" ]; then { @@ -1490,7 +1492,7 @@ whiptail_patch_schedule_select_hours() { } whiptail_preflight_err() { - [ -n "$TESTING" ] && return + [ -n "$TESTING" ] && return 1 read -r -d '' message <<- EOM The so-preflight script failed checking one or more URLs required by setup. Check $setup_log for more details. From fb35ff40b49451b1ce3e27cd296b2e4f2e3eb971 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Wed, 3 Nov 2021 09:19:41 -0400 Subject: [PATCH 8/8] Just hide whiptail cancel message on test installs --- setup/so-whiptail | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index cbfa5a886..95650415c 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -83,10 +83,8 @@ whiptail_bond_nics_mtu() { } whiptail_cancel() { - - [ -n "$TESTING" ] && exit 1 - - whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75 + [ -z "$TESTING" ] && whiptail --title "$whiptail_title" --msgbox "Cancelling Setup." 8 75 + if [ -d "/root/installtmp" ]; then { echo "/root/installtmp exists";