Merge pull request #184 from Security-Onion-Solutions/issues/157

Issues/157
2025-12-06 17:22:49 +01:00 · 2019-12-30 13:47:46 -05:00
parent c6345a8950 1b8bb8e761
commit bbd95c977c
3 changed files with 99 additions and 115 deletions
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -3,20 +3,20 @@ base:
    - patch.needs_restarting

  'G@role:so-sensor':
-    - sensors.{{ grains.id }}
+    - minions.{{ grains.id }}
    - static
    - firewall.*
    - brologs

  'G@role:so-master':
-    - masters.{{ grains.id }}
+    - minions.{{ grains.id }}
    - static
    - firewall.*
    - data.*
    - auth

  'G@role:so-eval':
-    - masters.{{ grains.id }}
+    - minions.{{ grains.id }}
    - static
    - firewall.*
    - data.*
@@ -24,13 +24,12 @@ base:
    - auth

  'G@role:so-node':
-    - nodes.{{ grains.id }}
+    - minions.{{ grains.id }}
    - static
    - firewall.*

  'G@role:so-helix':
-    - masters.{{ grains.id }}
-    - sensors.{{ grains.id }}
+    - minions.{{ grains.id }}
    - static
    - firewall.*
    - fireeye
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -270,9 +270,9 @@ copy_minion_tmp_files() {

  if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
    echo "Copying pillar and salt files in $TMP to /opt/so/saltstack"
-    cp -Rv $TMP/pillar/ /opt/so/saltstack/pillar/ >> $SETUPLOG 2>&1
+    cp -Rv $TMP/pillar/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
    if [ -d $TMP/salt ] ; then
-      cp -Rv $TMP/salt/ /opt/so/saltstack/salt/ >> $SETUPLOG 2>&1
+      cp -Rv $TMP/salt/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
    fi
  else
    echo "scp pillar and salt files in $TMP to master /opt/so/saltstack"
@@ -545,7 +545,8 @@ got_root() {

 install_cleanup() {

-  echo "install_cleanup called" >> $SETUPLOG 2>&1
+  echo "install_cleanup removing the following files:"
+  ls -lR $TMP 

  # Clean up after ourselves
  rm -rf /root/installtmp
@@ -556,6 +557,8 @@ install_prep() {

  # Create a tmp space that isn't in /tmp
  mkdir /root/installtmp
+  mkdir /root/installtmp/pillar
+  mkdir /root/installtmp/pillar/minions
  TMP=/root/installtmp

 }
@@ -595,47 +598,50 @@ ls_heapsize() {

 master_pillar() {

+  PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
+
  # Create the master pillar
-  touch /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "master:" > /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  mainip: $MAINIP" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  mainint: $MAININT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  esheap: $ES_HEAP_SIZE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  esclustername: {{ grains.host }}" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
+  echo "master:" >> $PILLARFILE
+  echo "  mainip: $MAINIP" >> $PILLARFILE
+  echo "  mainint: $MAININT" >> $PILLARFILE
+  echo "  esheap: $ES_HEAP_SIZE" >> $PILLARFILE
+  echo "  esclustername: {{ grains.host }}" >> $PILLARFILE
  if [ $INSTALLTYPE == 'EVALMODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
-    echo "  freq: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-    echo "  domainstats: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-    echo "  ls_pipeline_batch_size: 125" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-    echo "  ls_input_threads: 1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-    echo "  ls_batch_count: 125" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-    echo "  mtu: 1500" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
+    echo "  freq: 0" >> $PILLARFILE
+    echo "  domainstats: 0" >> $PILLARFILE
+    echo "  ls_pipeline_batch_size: 125" >> $PILLARFILE
+    echo "  ls_input_threads: 1" >> $PILLARFILE
+    echo "  ls_batch_count: 125" >> $PILLARFILE
+    echo "  mtu: 1500" >> $PILLARFILE

  else
-    echo "  freq: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-    echo "  domainstats: 0" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
+    echo "  freq: 0" >> $PILLARFILE
+    echo "  domainstats: 0" >> $PILLARFILE
  fi
  if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
-    echo "  lsheap: 1000m" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
+    echo "  lsheap: 1000m" >> $PILLARFILE
  else
-    echo "  lsheap: $LS_HEAP_SIZE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
+    echo "  lsheap: $LS_HEAP_SIZE" >> $PILLARFILE
  fi
-  echo "  lsaccessip: 127.0.0.1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  elastalert: 1" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  ls_pipeline_workers: $CPUCORES" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  nids_rules: $RULESETUP" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  oinkcode: $OINKCODE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  #echo "  access_key: $ACCESS_KEY" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  #echo "  access_secret: $ACCESS_SECRET" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  es_port: $NODE_ES_PORT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  log_size_limit: $LOG_SIZE_LIMIT" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  cur_close_days: $CURCLOSEDAYS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  #echo "  mysqlpass: $MYSQLPASS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  #echo "  fleetpass: $FLEETPASS" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  grafana: $GRAFANA" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  osquery: $OSQUERY" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  wazuh: $WAZUH" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  thehive: $THEHIVE" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
-  echo "  playbook: $PLAYBOOK" >> /opt/so/saltstack/pillar/masters/$MINION_ID.sls
+  echo "  lsaccessip: 127.0.0.1" >> $PILLARFILE
+  echo "  elastalert: 1" >> $PILLARFILE
+  echo "  ls_pipeline_workers: $CPUCORES" >> $PILLARFILE
+  echo "  nids_rules: $RULESETUP" >> $PILLARFILE
+  echo "  oinkcode: $OINKCODE" >> $PILLARFILE
+  #echo "  access_key: $ACCESS_KEY" >> $PILLARFILE
+  #echo "  access_secret: $ACCESS_SECRET" >> $PILLARFILE
+  echo "  es_port: $NODE_ES_PORT" >> $PILLARFILE
+  echo "  log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE
+  echo "  cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE
+  #echo "  mysqlpass: $MYSQLPASS" >> $PILLARFILE
+  #echo "  fleetpass: $FLEETPASS" >> $PILLARFILE
+  echo "  grafana: $GRAFANA" >> $PILLARFILE
+  echo "  osquery: $OSQUERY" >> $PILLARFILE
+  echo "  wazuh: $WAZUH" >> $PILLARFILE
+  echo "  thehive: $THEHIVE" >> $PILLARFILE
+  echo "  playbook: $PLAYBOOK" >> $PILLARFILE
+  echo "" >> $PILLARFILE
+
  }

 master_static() {
@@ -695,53 +701,39 @@ network_setup() {

 node_pillar() {

-  NODEPILLARPATH=$TMP/pillar/nodes
-  if [ ! -d $NODEPILLARPATH ]; then
-    mkdir -p $NODEPILLARPATH
-  fi
+  PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls

  # Create the node pillar
-  touch $NODEPILLARPATH/$MINION_ID.sls
-  echo "node:" > $NODEPILLARPATH/$MINION_ID.sls
-  echo "  mainip: $MAINIP" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  mainint: $MAININT" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  esheap: $NODE_ES_HEAP_SIZE" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  esclustername: {{ grains.host }}" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  lsheap: $NODE_LS_HEAP_SIZE" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  ls_pipeline_workers: $LSPIPELINEWORKERS" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  ls_input_threads: $LSINPUTTHREADS" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  ls_batch_count: $LSINPUTBATCHCOUNT" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  es_shard_count: $SHARDCOUNT" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  node_type: $NODETYPE" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  es_port: $NODE_ES_PORT" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  log_size_limit: $LOG_SIZE_LIMIT" >> $NODEPILLARPATH/$MINION_ID.sls
-  echo "  cur_close_days: $CURCLOSEDAYS" >> $NODEPILLARPATH/$MINION_ID.sls
+  echo "node:" >> $PILLARFILE
+  echo "  mainip: $MAINIP" >> $PILLARFILE
+  echo "  mainint: $MAININT" >> $PILLARFILE
+  echo "  esheap: $NODE_ES_HEAP_SIZE" >> $PILLARFILE
+  echo "  esclustername: {{ grains.host }}" >> $PILLARFILE
+  echo "  lsheap: $NODE_LS_HEAP_SIZE" >> $PILLARFILE
+  echo "  ls_pipeline_workers: $LSPIPELINEWORKERS" >> $PILLARFILE
+  echo "  ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $PILLARFILE
+  echo "  ls_input_threads: $LSINPUTTHREADS" >> $PILLARFILE
+  echo "  ls_batch_count: $LSINPUTBATCHCOUNT" >> $PILLARFILE
+  echo "  es_shard_count: $SHARDCOUNT" >> $PILLARFILE
+  echo "  node_type: $NODETYPE" >> $PILLARFILE
+  echo "  es_port: $NODE_ES_PORT" >> $PILLARFILE
+  echo "  log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE
+  echo "  cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE
+  echo "" >> $PILLARFILE

 }

 patch_pillar() {

-  case $INSTALLTYPE in
-    MASTERONLY | EVALMODE | HELIXSENSOR)
-      PATCHPILLARPATH=/opt/so/saltstack/pillar/masters
-      ;;
-    SENSORONLY)
-      PATCHPILLARPATH=$SENSORPILLARPATH
-      ;;
-    SEARCHNODE | PARSINGNODE | HOTNODE | WARMNODE)
-      PATCHPILLARPATH=$NODEPILLARPATH
-      ;;
-  esac
-
-
-  echo "" >> $PATCHPILLARPATH/$MINION_ID.sls
-  echo "patch:" >> $PATCHPILLARPATH/$MINION_ID.sls
-  echo "  os:" >> $PATCHPILLARPATH/$MINION_ID.sls
-  echo "    schedule_name: $PATCHSCHEDULENAME" >> $PATCHPILLARPATH/$MINION_ID.sls
-  echo "    enabled: True" >> $PATCHPILLARPATH/$MINION_ID.sls
-  echo "    splay: 300" >> $PATCHPILLARPATH/$MINION_ID.sls
+  PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls

+  echo "" >> $PILLARFILE
+  echo "patch:" >> $PILLARFILE
+  echo "  os:" >> $PILLARFILE
+  echo "    schedule_name: $PATCHSCHEDULENAME" >> $PILLARFILE
+  echo "    enabled: True" >> $PILLARFILE
+  echo "    splay: 300" >> $PILLARFILE
+  echo "" >> $PILLARFILE

 }

@@ -1105,51 +1097,44 @@ salt_install_mysql_deps() {
 }

 sensor_pillar() {
-  if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
-    SENSORPILLARPATH=/opt/so/saltstack/pillar/sensors
-    mkdir -p $TMP
-    mkdir -p $SENSORPILLARPATH
-  else
-    SENSORPILLARPATH=$TMP/pillar/sensors
-  fi
-  if [ ! -d $SENSORPILLARPATH ]; then
-    mkdir -p $SENSORPILLARPATH
-  fi
+
+  PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls

  # Create the sensor pillar
-  touch $SENSORPILLARPATH/$MINION_ID.sls
-  echo "sensor:" > $SENSORPILLARPATH/$MINION_ID.sls
-  echo "  interface: bond0" >> $SENSORPILLARPATH/$MINION_ID.sls
-  echo "  mainip: $MAINIP" >> $SENSORPILLARPATH/$MINION_ID.sls
-  echo "  mainint: $MAININT" >> $SENSORPILLARPATH/$MINION_ID.sls
+  touch $PILLARFILE
+  echo "sensor:" >> $PILLARFILE
+  echo "  interface: bond0" >> $PILLARFILE
+  echo "  mainip: $MAINIP" >> $PILLARFILE
+  echo "  mainint: $MAININT" >> $PILLARFILE
  if [ $NSMSETUP == 'ADVANCED' ]; then
-    echo "  bro_pins:" >> $SENSORPILLARPATH/$MINION_ID.sls
+    echo "  bro_pins:" >> $PILLARFILE
    for PIN in $BROPINS; do
      PIN=$(echo $PIN |  cut -d\" -f2)
-    echo "    - $PIN" >> $SENSORPILLARPATH/$MINION_ID.sls
+    echo "    - $PIN" >> $PILLARFILE
    done
-    echo "  suripins:" >> $SENSORPILLARPATH/$MINION_ID.sls
+    echo "  suripins:" >> $PILLARFILE
    for SPIN in $SURIPINS; do
      SPIN=$(echo $SPIN |  cut -d\" -f2)
-    echo "    - $SPIN" >> $SENSORPILLARPATH/$MINION_ID.sls
+    echo "    - $SPIN" >> $PILLARFILE
    done
  elif [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
-    echo "  bro_lbprocs: $LBPROCS" >> $SENSORPILLARPATH/$MINION_ID.sls
-    echo "  suriprocs: $LBPROCS" >> $SENSORPILLARPATH/$MINION_ID.sls
+    echo "  bro_lbprocs: $LBPROCS" >> $PILLARFILE
+    echo "  suriprocs: $LBPROCS" >> $PILLARFILE
  else
-    echo "  bro_lbprocs: $BASICBRO" >> $SENSORPILLARPATH/$MINION_ID.sls
-    echo "  suriprocs: $BASICSURI" >> $SENSORPILLARPATH/$MINION_ID.sls
+    echo "  bro_lbprocs: $BASICBRO" >> $PILLARFILE
+    echo "  suriprocs: $BASICSURI" >> $PILLARFILE
  fi
-  echo "  brobpf:" >> $SENSORPILLARPATH/$MINION_ID.sls
-  echo "  pcapbpf:" >> $SENSORPILLARPATH/$MINION_ID.sls
-  echo "  nidsbpf:" >> $SENSORPILLARPATH/$MINION_ID.sls
-  echo "  master: $MSRV" >> $SENSORPILLARPATH/$MINION_ID.sls
-  echo "  mtu: $MTU" >> $SENSORPILLARPATH/$MINION_ID.sls
+  echo "  brobpf:" >> $PILLARFILE
+  echo "  pcapbpf:" >> $PILLARFILE
+  echo "  nidsbpf:" >> $PILLARFILE
+  echo "  master: $MSRV" >> $PILLARFILE
+  echo "  mtu: $MTU" >> $PILLARFILE
  if [ $HNSENSOR != 'inherit' ]; then
-  echo "  hnsensor: $HNSENSOR" >> $SENSORPILLARPATH/$MINION_ID.sls
+  echo "  hnsensor: $HNSENSOR" >> $PILLARFILE
  fi
-  echo "  access_key: $ACCESS_KEY" >> $SENSORPILLARPATH/$MINION_ID.sls
-  echo "  access_secret: $ACCESS_SECRET" >>  $SENSORPILLARPATH/$MINION_ID.sls
+  echo "  access_key: $ACCESS_KEY" >> $PILLARFILE
+  echo "  access_secret: $ACCESS_SECRET" >>  $PILLARFILE
+  echo "" >> $PILLARFILE

 }

--- a/setup/whiptail.sh
+++ b/setup/whiptail.sh
@@ -90,7 +90,7 @@ whiptail_cancel() {
  whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
  if [ -d "/root/installtmp" ]; then
    echo "/root/installtmp exists" >> $SETUPLOG 2>&1
-    install_cleanup
+    install_cleanup >> $SETUPLOG 2>&1
    echo "/root/installtmp removed" >> $SETUPLOG 2>&1
  fi
  exit
@@ -685,14 +685,14 @@ whiptail_set_hostname() {
 whiptail_setup_complete() {

  whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75
-  install_cleanup
+  install_cleanup >> $SETUPLOG 2>&1

 }

 whiptail_setup_failed() {

  whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75
-  install_cleanup
+  install_cleanup >> $SETUPLOG 2>&1

 }