From b552973e004dab7fc35cd62a01f8d22fd1557d62 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 15 Jul 2021 16:36:46 -0400 Subject: [PATCH] Add logic to show uppercase warning message when appropriate --- salt/common/tools/sbin/so-common | 14 +++++++++++++ setup/so-functions | 34 ++++++++++++++++++++++++++++++-- setup/so-whiptail | 13 ++++++++---- 3 files changed, 55 insertions(+), 6 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index c4f6aca30..ce59c64db 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -160,6 +160,14 @@ fail() { exit 1 } +fqdn_lowercase() { + local fqdn=$1 + + echo "$fqdn" | grep -qP '(?=^.{4,253}$)(^((?!-)[a-z0-9-]{0,62}[a-z0-9]\.)+[a-z]{2,63}$)' \ + && return 0 \ + || return 1 +} + get_random_value() { length=${1:-20} head -c 5000 /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $length | head -n 1 @@ -186,6 +194,12 @@ header() { printf '%s\n' "" "$banner" " $*" "$banner" } +hostname_lowercase() { + local hostname=$1 + + [[ $hostname =~ ^[a-z0-9\-]+$ ]] && return 0 || return 1 +} + init_monitor() { MONITORNIC=$1 diff --git a/setup/so-functions b/setup/so-functions index ff019953e..98dd007cb 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -423,14 +423,28 @@ collect_homenet_snsr() { } collect_hostname() { + collect_hostname_validate + + while ! hostname_lowercase "$HOSTNAME"; do + if ! (whiptail_uppercase_warning); then + collect_hostname_validate + else + no_use_hostname=true + break + fi + done +} + +collect_hostname_validate() { if [[ $automated == no ]] && [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi whiptail_set_hostname "$HOSTNAME" - if [[ $HOSTNAME == 'securityonion' ]]; then # Will only check HOSTNAME=securityonion once + if [[ -z $default_hostname_flag ]] && [[ $HOSTNAME == 'securityonion' ]]; then # Will only check HOSTNAME=securityonion once if ! (whiptail_avoid_default_hostname); then whiptail_set_hostname "$HOSTNAME" fi + default_hostname_flag=true fi while ! valid_hostname "$HOSTNAME"; do @@ -648,7 +662,23 @@ collect_proxy_details() { } collect_redirect_host() { - whiptail_set_redirect_host "$HOSTNAME" + collect_redirect_host_validate + + while ! hostname_lowercase "$REDIRECTHOST" && ! fqdn_lowercase "$REDIRECTHOST"; do + local text + ! valid_hostname "$REDIRECTHOST" && text="domain name" || text="hostname" + if ! (whiptail_uppercase_warning "$text"); then + collect_redirect_host_validate "$REDIRECTHOST" + else + break + fi + done +} + +collect_redirect_host_validate() { + local prefill=${1:-$HOSTNAME} + + whiptail_set_redirect_host "$prefill" while ! valid_ip4 "$REDIRECTHOST" && ! valid_hostname "$REDIRECTHOST" && ! valid_fqdn "$REDIRECTHOST"; do whiptail_invalid_input diff --git a/setup/so-whiptail b/setup/so-whiptail index e404152e5..10d86ec2b 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1661,11 +1661,16 @@ whiptail_set_redirect() { [ -n "$TESTING" ] && return + local options=() + options+=( "IP" "Use IP address to access the web interface" ON ) + [[ $no_use_hostname != true ]] && options+=( "HOSTNAME" "Use hostname to access the web interface" OFF ) + options+=("OTHER" "Use a different name like a FQDN or Load Balancer" OFF) + REDIRECTINFO=$(whiptail --title "$whiptail_title" --radiolist \ - "How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \ - "IP" "Use IP address to access the web interface" ON \ - "HOSTNAME" "Use hostname to access the web interface" OFF \ - "OTHER" "Use a different name like a FQDN or Load Balancer" OFF 3>&1 1>&2 2>&3 ) + "How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \ + "${options[@]}" \ + 3>&1 1>&2 2>&3 + ) local exitstatus=$? whiptail_check_exitstatus $exitstatus }