CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Initial support for checking state of manager during setup

Browse Source
This commit is contained in:
William Wernert
2021-04-09 09:39:33 -04:00
parent 0ea57b4848
commit b2fcd438c2
4 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/common/init.sls
View File

@@ -304,6 +304,11 @@ sostatusdir:
- user: 0 - user: 0
- group: 0 - group: 0
- makedirs: True - makedirs: True
sostatus_log:
file.managed:
- name: /opt/so/log/sostatus/status.log
- mode: 644
# Install sostatus check cron # Install sostatus check cron
/usr/sbin/so-status -q && echo $? > /opt/so/log/sostatus/status.log 2>&1: /usr/sbin/so-status -q && echo $? > /opt/so/log/sostatus/status.log 2>&1:

19
setup/so-functions
View File

@@ -162,6 +162,25 @@ check_hive_init() {
docker rm so-thehive docker rm so-thehive
} }
check_manager_state() {
echo "Checking state of manager services. This may take a moment..."
retry 2 15 "__check_so_status" && retry 2 15 "__check_salt_master" && return 0 || return 1
}
__check_so_status() {
local so_status_output
so_status_output=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" cat /opt/so/log/sostatus/status.log)
[[ -z $so_status_output ]] && so_status_output=1
return $so_status_output
}
__check_salt_master() {
local salt_master_status
salt_master_status=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master)
[[ -z $salt_master_status ]] && salt_master_status=1
return $salt_master_status
}
check_network_manager_conf() { check_network_manager_conf() {
local gmdconf="/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf" local gmdconf="/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf"
local nmconf="/etc/NetworkManager/NetworkManager.conf" local nmconf="/etc/NetworkManager/NetworkManager.conf"

4
setup/so-setup
View File

@@ -574,6 +574,10 @@ if [[ $is_manager || $is_import ]]; then collect_so_allow; fi
# This block sets REDIRECTIT which is used by a function outside the below subshell # This block sets REDIRECTIT which is used by a function outside the below subshell
set_redirect >> $setup_log 2>&1 set_redirect >> $setup_log 2>&1
if [[ $is_minion ]] && ! check_manager_state; then
whiptail_manager_error || exit 1
fi
whiptail_end_settings whiptail_end_settings
# From here on changes will be made. # From here on changes will be made.

17
setup/so-whiptail
View File

@@ -79,7 +79,7 @@ whiptail_bond_nics_mtu() {
whiptail_cancel() { whiptail_cancel() {
whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75 whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup." 8 75
if [ -d "/root/installtmp" ]; then if [ -d "/root/installtmp" ]; then
{ {
echo "/root/installtmp exists"; echo "/root/installtmp exists";
@@ -88,7 +88,7 @@ whiptail_cancel() {
} >> $setup_log 2>&1 } >> $setup_log 2>&1
fi fi
title "User cancelled setup, no changes made." title "User cancelled setup."
exit exit
} }
@@ -1140,6 +1140,19 @@ whiptail_manager_adv_service_zeeklogs() {
} }
whiptail_manager_error() {
local msg
read -r -d '' <<- EOM
Setup could not determine if the manager $MSRV is in a good state.
Continuing without verifying all services on the manager are running may result in a failure.
Would you like to continue anyway?
EOM
whiptail --title "Security Onion Setup" --yesno "$msg" 13 75 || whiptail_check_exitstatus 1
}
whiptail_manager_updates() { whiptail_manager_updates() {
[ -n "$TESTING" ] && return [ -n "$TESTING" ] && return