diff --git a/salt/top.sls b/salt/top.sls index 2a34c7548..ac6e909f0 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -1,6 +1,8 @@ -{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %} -{%- set OSQUERY = salt['pillar.get']('master:osquery', '0') %} -{%- set WAZUH = salt['pillar.get']('master:wazuh', '0') %} +{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') -%} +{%- set OSQUERY = salt['pillar.get']('master:osquery', '0') -%} +{%- set WAZUH = salt['pillar.get']('master:wazuh', '0') -%} +{%- set GRAFANA = salt['pillar.get']('master:grafana', '0') -%} +{%- set THEHIVE = salt['pillar.get']('master:thehive', '0') -%} base: 'G@role:so-sensor': - ca diff --git a/so-setup-network.sh b/so-setup-network.sh index 8e1207fd5..ef8e64b19 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -543,27 +543,6 @@ master_pillar() { echo " ls_input_threads: 1" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls echo " ls_batch_count: 125" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls echo " mtu: 1500" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - if [ $EVALADVANCED == 'ADVANCED' ]; then - if [ $EVALGRAFANA == '0' ]; then - echo " grafana: 1" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - else - echo " grafana: 0" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - fi - if [ $EVALOSQUERY == '0' ]; then - echo " osquery: 1" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - else - echo " osquery: 0" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - fi - if [ $EVALWAZUH == '0' ]; then - echo " wazuh: 1" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - else - echo " wazuh: 0" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - fi - else - echo " grafana: 0" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - echo " osquery: 0" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - echo " wazuh: 0" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - fi else echo " freq: 0" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls @@ -582,7 +561,10 @@ master_pillar() { echo " cur_close_days: $CURCLOSEDAYS" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls #echo " mysqlpass: $MYSQLPASS" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls #echo " fleetpass: $FLEETPASS" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls - + echo " grafana: $GRAFANA" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls + echo " osquery: $OSQUERY" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls + echo " wazuh: $WAZUH" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls + echo " hive: $HIVE" >> /opt/so/saltstack/pillar/masters/$HOSTNAME.sls } master_static() { @@ -638,6 +620,20 @@ node_pillar() { } +process_components() { + CLEAN=${COMPONENTS//\"} + GRAFANA=0 + OSQUERY=0 + WAZUH=0 + THEHIVE=0 + + IFS=$' ' + for item in $(echo "$CLEAN"); do + set $item=1 + done + unset IFS +} + saltify() { # Install updates and Salt @@ -1153,6 +1149,14 @@ whiptail_cur_close_days() { whiptail_check_exitstatus $exitstatus } +whiptail_enable_components() { + COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \ + "Select Components to install" 20 78 8 \ + "GRAFANA" "Enable Grafana for system monitoring" OFF \ + "OSQUERY" "Enable Fleet with osquery" OFF \ + "WAZUH" "Enable Wazuh" OFF \ + "THEHIVE" "Enable TheHive" OFF 3>&1 1>&2 2>&3 ) +} whiptail_eval_adv() { EVALADVANCED=$(whiptail --title "Security Onion Setup" --radiolist \ @@ -1772,15 +1776,7 @@ if (whiptail_you_sure); then # Snag the HOME_NET whiptail_homenet_master - - # Ask about advanced mode - whiptail_eval_adv - if [ $EVALADVANCED == 'ADVANCED' ]; then - whiptail_eval_adv_warning - whiptail_eval_adv_service_grafana - whiptail_eval_adv_service_osquery - whiptail_eval_adv_service_wazuh - fi + whiptail_enable_components # Set a bunch of stuff since this is eval es_heapsize @@ -1796,6 +1792,7 @@ if (whiptail_you_sure); then NIDS=Suricata BROVERSION=ZEEK CURCLOSEDAYS=30 + process_components whiptail_make_changes #eval_mode_hostsfile generate_passwords