diff --git a/.gitignore b/.gitignore
index 3d725761b..19447927b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,59 @@
+
+# Created by https://www.gitignore.io/api/macos,windows
+# Edit at https://www.gitignore.io/?templates=macos,windows
+
+### macOS ###
+# General
.DS_Store
-.idea
\ No newline at end of file
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# End of https://www.gitignore.io/api/macos,windows
\ No newline at end of file
diff --git a/pillar/top.sls b/pillar/top.sls
index f629558af..cc6863e22 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -1,7 +1,10 @@
base:
'*':
- patch.needs_restarting
- - docker.config
+
+ '*_eval or *_helix or *_heavynode or *_sensor':
+ - match: compound
+ - zeek
'*_mastersearch or *_heavynode':
- match: compound
diff --git a/pillar/zeek/init.sls b/pillar/zeek/init.sls
new file mode 100644
index 000000000..10b92bb03
--- /dev/null
+++ b/pillar/zeek/init.sls
@@ -0,0 +1,55 @@
+zeek:
+ zeekctl:
+ MailTo: root@localhost
+ MailConnectionSummary: 1
+ MinDiskSpace: 5
+ MailHostUpDown: 1
+ LogRotationInterval: 3600
+ LogExpireInterval: 0
+ StatsLogEnable: 1
+ StatsLogExpireInterval: 0
+ StatusCmdShowAll: 0
+ CrashExpireInterval: 0
+ SitePolicyScripts: local.zeek
+ LogDir: /nsm/zeek/logs
+ SpoolDir: /nsm/zeek/spool
+ CfgDir: /opt/zeek/etc
+ CompressLogs: 1
+ local:
+ '@load':
+ - misc/loaded-scripts
+ - tuning/defaults
+ - misc/capture-loss
+ - misc/stats
+ - frameworks/software/vulnerable
+ - frameworks/software/version-changes
+ - protocols/ftp/software
+ - protocols/smtp/software
+ - protocols/ssh/software
+ - protocols/http/software
+ - protocols/dns/detect-external-names
+ - protocols/ftp/detect
+ - protocols/conn/known-hosts
+ - protocols/conn/known-services
+ - protocols/ssl/known-certs
+ - protocols/ssl/validate-certs
+ - protocols/ssl/log-hostcerts-only
+ - protocols/ssh/geo-data
+ - protocols/ssh/detect-bruteforcing
+ - protocols/ssh/interesting-hostnames
+ - protocols/http/detect-sqli
+ - frameworks/files/hash-all-files
+ - frameworks/files/detect-MHR
+ - policy/frameworks/notice/extend-email/hostnames
+ - ja3
+ - hassh
+ - intel
+ - cve-2020-0601
+ - securityonion/bpfconf
+ - securityonion/communityid
+ - securityonion/file-extraction
+ '@load-sigs':
+ - frameworks/signatures/detect-windows-shells
+ redef:
+ - LogAscii::use_json = T;
+ - LogAscii::json_timestamps = JSON::TS_ISO8601;
\ No newline at end of file
diff --git a/salt/common/maps/broversion.map.jinja b/salt/common/maps/broversion.map.jinja
new file mode 100644
index 000000000..9a06b52ed
--- /dev/null
+++ b/salt/common/maps/broversion.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+ 'containers': [
+ 'so-zeek'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/domainstats.map.jinja b/salt/common/maps/domainstats.map.jinja
new file mode 100644
index 000000000..221dcde03
--- /dev/null
+++ b/salt/common/maps/domainstats.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+ 'containers': [
+ 'so-domainstats'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/eval.map.jinja b/salt/common/maps/eval.map.jinja
new file mode 100644
index 000000000..56f2116b9
--- /dev/null
+++ b/salt/common/maps/eval.map.jinja
@@ -0,0 +1,18 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-dockerregistry',
+ 'so-soc',
+ 'so-kratos',
+ 'so-idstools',
+ 'so-elasticsearch',
+ 'so-kibana',
+ 'so-steno',
+ 'so-suricata',
+ 'so-zeek',
+ 'so-curator',
+ 'so-elastalert',
+ 'so-soctopus'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/fleet.map.jinja b/salt/common/maps/fleet.map.jinja
new file mode 100644
index 000000000..c55223125
--- /dev/null
+++ b/salt/common/maps/fleet.map.jinja
@@ -0,0 +1,10 @@
+{% set docker = {
+ 'containers': [
+ 'so-mysql',
+ 'so-fleet',
+ 'so-redis',
+ 'so-filebeat',
+ 'so-nginx',
+ 'so-telegraf'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/fleet_master.map.jinja b/salt/common/maps/fleet_master.map.jinja
new file mode 100644
index 000000000..91850846c
--- /dev/null
+++ b/salt/common/maps/fleet_master.map.jinja
@@ -0,0 +1,7 @@
+{% set docker = {
+ 'containers': [
+ 'so-mysql',
+ 'so-fleet',
+ 'so-redis'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/freq.map.jinja b/salt/common/maps/freq.map.jinja
new file mode 100644
index 000000000..d3f692484
--- /dev/null
+++ b/salt/common/maps/freq.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+ 'containers': [
+ 'so-freqserver'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/grafana.map.jinja b/salt/common/maps/grafana.map.jinja
new file mode 100644
index 000000000..1118a50fe
--- /dev/null
+++ b/salt/common/maps/grafana.map.jinja
@@ -0,0 +1,6 @@
+{% set docker = {
+ 'containers': [
+ 'so-influxdb',
+ 'so-grafana'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/heavynode.map.jinja b/salt/common/maps/heavynode.map.jinja
new file mode 100644
index 000000000..2b8257a6a
--- /dev/null
+++ b/salt/common/maps/heavynode.map.jinja
@@ -0,0 +1,14 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-redis',
+ 'so-logstash',
+ 'so-elasticsearch',
+ 'so-curator',
+ 'so-steno',
+ 'so-suricata',
+ 'so-wazuh',
+ 'so-filebeat
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/helixsensor.map.jinja b/salt/common/maps/helixsensor.map.jinja
new file mode 100644
index 000000000..84866de3a
--- /dev/null
+++ b/salt/common/maps/helixsensor.map.jinja
@@ -0,0 +1,12 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-idstools',
+ 'so-steno',
+ 'so-zeek',
+ 'so-redis',
+ 'so-logstash',
+ 'so-filebeat
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/hotnode.map.jinja b/salt/common/maps/hotnode.map.jinja
new file mode 100644
index 000000000..bc9d58360
--- /dev/null
+++ b/salt/common/maps/hotnode.map.jinja
@@ -0,0 +1,9 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-logstash',
+ 'so-elasticsearch',
+ 'so-curator',
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/master.map.jinja b/salt/common/maps/master.map.jinja
new file mode 100644
index 000000000..84918c39f
--- /dev/null
+++ b/salt/common/maps/master.map.jinja
@@ -0,0 +1,18 @@
+{% set docker = {
+ 'containers': [
+ 'so-dockerregistry',
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-soc',
+ 'so-kratos',
+ 'so-acng',
+ 'so-idstools',
+ 'so-redis',
+ 'so-elasticsearch',
+ 'so-logstash',
+ 'so-kibana',
+ 'so-elastalert',
+ 'so-filebeat',
+ 'so-soctopus'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/mastersearch.map.jinja b/salt/common/maps/mastersearch.map.jinja
new file mode 100644
index 000000000..9c2e6eff7
--- /dev/null
+++ b/salt/common/maps/mastersearch.map.jinja
@@ -0,0 +1,18 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-soc',
+ 'so-kratos',
+ 'so-acng',
+ 'so-idstools',
+ 'so-redis',
+ 'so-logstash',
+ 'so-elasticsearch',
+ 'so-curator',
+ 'so-kibana',
+ 'so-elastalert',
+ 'so-filebeat',
+ 'so-soctopus'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/playbook.map.jinja b/salt/common/maps/playbook.map.jinja
new file mode 100644
index 000000000..064262119
--- /dev/null
+++ b/salt/common/maps/playbook.map.jinja
@@ -0,0 +1,6 @@
+{% set docker = {
+ 'containers': [
+ 'so-playbook',
+ 'so-navigator'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/searchnode.map.jinja b/salt/common/maps/searchnode.map.jinja
new file mode 100644
index 000000000..b46652742
--- /dev/null
+++ b/salt/common/maps/searchnode.map.jinja
@@ -0,0 +1,10 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-logstash',
+ 'so-elasticsearch',
+ 'so-curator',
+ 'so-filebeat'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/sensor.map.jinja b/salt/common/maps/sensor.map.jinja
new file mode 100644
index 000000000..e77352692
--- /dev/null
+++ b/salt/common/maps/sensor.map.jinja
@@ -0,0 +1,9 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-steno',
+ 'so-suricata',
+ 'so-filebeat'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/so-status.map.jinja b/salt/common/maps/so-status.map.jinja
new file mode 100644
index 000000000..39672410c
--- /dev/null
+++ b/salt/common/maps/so-status.map.jinja
@@ -0,0 +1,61 @@
+{% set role = grains.id.split('_') | last %}
+{% from 'common/maps/'~ role ~'.map.jinja' import docker with context %}
+
+# Check if the service is enabled and append it's required containers
+# to the list predefined by the role / minion id affix
+{% macro append_containers(pillar_name, k, compare )%}
+ {% if salt['pillar.get'](pillar_name~':'~k, {}) != compare %}
+ {% from 'common/maps/'~k~'.map.jinja' import docker as d with context %}
+ {% for li in d['containers'] %}
+ {{ docker['containers'].append(li) }}
+ {% endfor %}
+ {% endif %}
+{% endmacro %}
+
+{% set docker = salt['grains.filter_by']({
+ '*_'~role: {
+ 'containers': docker['containers']
+ }
+},grain='id', merge=salt['pillar.get']('docker')) %}
+
+{% if role == 'eval' %}
+ {{ append_containers('master', 'grafana', 0) }}
+ {{ append_containers('static', 'fleet_master', 0) }}
+ {{ append_containers('master', 'wazuh', 0) }}
+ {{ append_containers('master', 'thehive', 0) }}
+ {{ append_containers('master', 'playbook', 0) }}
+ {{ append_containers('master', 'freq', 0) }}
+ {{ append_containers('master', 'domainstats', 0) }}
+{% endif %}
+
+{% if role == 'heavynode' %}
+ {{ append_containers('static', 'broversion', 'SURICATA') }}
+{% endif %}
+
+{% if role == 'mastersearch' %}
+ {{ append_containers('master', 'grafana', 0) }}
+ {{ append_containers('static', 'fleet_master', 0) }}
+ {{ append_containers('master', 'wazuh', 0) }}
+ {{ append_containers('master', 'thehive', 0) }}
+ {{ append_containers('master', 'playbook', 0) }}
+ {{ append_containers('master', 'freq', 0) }}
+ {{ append_containers('master', 'domainstats', 0) }}
+{% endif %}
+
+{% if role == 'master' %}
+ {{ append_containers('master', 'grafana', 0) }}
+ {{ append_containers('static', 'fleet_master', 0) }}
+ {{ append_containers('master', 'wazuh', 0) }}
+ {{ append_containers('master', 'thehive', 0) }}
+ {{ append_containers('master', 'playbook', 0) }}
+ {{ append_containers('master', 'freq', 0) }}
+ {{ append_containers('master', 'domainstats', 0) }}
+{% endif %}
+
+{% if role == 'searchnode' %}
+ {{ append_containers('master', 'wazuh', 0) }}
+{% endif %}
+
+{% if role == 'sensor' %}
+ {{ append_containers('static', 'broversion', 'SURICATA') }}
+{% endif %}
\ No newline at end of file
diff --git a/salt/common/maps/thehive.map.jinja b/salt/common/maps/thehive.map.jinja
new file mode 100644
index 000000000..e4ca7d2a2
--- /dev/null
+++ b/salt/common/maps/thehive.map.jinja
@@ -0,0 +1,7 @@
+{% set docker = {
+ 'containers': [
+ 'so-thehive',
+ 'so-thehive-es',
+ 'so-cortex'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/warmnode.map.jinja b/salt/common/maps/warmnode.map.jinja
new file mode 100644
index 000000000..08cf2dbb8
--- /dev/null
+++ b/salt/common/maps/warmnode.map.jinja
@@ -0,0 +1,7 @@
+{% set docker = {
+ 'containers': [
+ 'so-nginx',
+ 'so-telegraf',
+ 'so-elasticsearch'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/wazuh.map.jinja b/salt/common/maps/wazuh.map.jinja
new file mode 100644
index 000000000..5217a79ee
--- /dev/null
+++ b/salt/common/maps/wazuh.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+ 'containers': [
+ 'so-wazuh'
+ ]
+} %}
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status
index 0fb202a51..29c029623 100755
--- a/salt/common/tools/sbin/so-status
+++ b/salt/common/tools/sbin/so-status
@@ -14,35 +14,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-
-{%- set pillar_suffix = ':containers' -%}
-{%- if (salt['grains.get']('role') == 'so-mastersearch') -%}
- {%- set pillar_val = 'master_search' -%}
-{%- elif (salt['grains.get']('role') == 'so-master') -%}
- {%- set pillar_val = 'master' -%}
-{%- elif (salt['grains.get']('role') == 'so-heavynode') -%}
- {%- set pillar_val = 'heavy_node' -%}
-{%- elif (salt['grains.get']('role') == 'so-sensor') -%}
- {%- set pillar_val = 'sensor' -%}
-{%- elif (salt['grains.get']('role') == 'so-eval') -%}
- {%- set pillar_val = 'eval' -%}
-{%- elif (salt['grains.get']('role') == 'so-fleet') -%}
- {%- set pillar_val = 'fleet' -%}
-{%- elif (salt['grains.get']('role') == 'so-helix') -%}
- {%- set pillar_val = 'helix' -%}
-{%- elif (salt['grains.get']('role') == 'so-node') -%}
- {%- if (salt['pillar.get']('node:node_type') == 'parser') -%}
- {%- set pillar_val = 'parser_node' -%}
- {%- elif (salt['pillar.get']('node:node_type') == 'hot') -%}
- {%- set pillar_val = 'hot_node' -%}
- {%- elif (salt['pillar.get']('node:node_type') == 'warm') -%}
- {%- set pillar_val = 'warm_node' -%}
- {%- elif (salt['pillar.get']('node:node_type') == 'search') -%}
- {%- set pillar_val = 'search_node' -%}
- {%- endif -%}
-{%- endif -%}
-{%- set pillar_name = pillar_val ~ pillar_suffix -%}
-{%- set container_list = salt['pillar.get'](pillar_name) %}
+{%- from 'common/maps/so-status.map.jinja' import docker with context %}
+{%- set container_list = docker['containers'] %}
if ! [ "$(id -u)" = 0 ]; then
echo "This command must be run as root"
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index 66720b85a..7785a3c20 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -13,6 +13,9 @@
{% set MAINIP = salt['pillar.get']('static:masterip') %}
{% endif %}
+include:
+ - mysql
+
#{% if grains.id.split('_')|last in ['master', 'eval', 'fleet'] %}
#so/fleet:
# event.send:
@@ -86,6 +89,8 @@ fleetdb:
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
+ - require:
+ - sls: mysql
fleetdbuser:
mysql_user.present:
@@ -95,6 +100,8 @@ fleetdbuser:
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
+ - require:
+ - fleetdb
fleetdbpriv:
mysql_grants.present:
@@ -106,6 +113,8 @@ fleetdbpriv:
- connection_port: 3306
- connection_user: root
- connection_pass: {{ MYSQLPASS }}
+ - require:
+ - fleetdb
{% if FLEETPASS == None or FLEETJWT == None %}
diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load
index 566e8cfc0..ad75374ea 100644
--- a/salt/kibana/bin/so-kibana-config-load
+++ b/salt/kibana/bin/so-kibana-config-load
@@ -1,6 +1,7 @@
#!/bin/bash
{%- set MASTER = salt['pillar.get']('static:masterip', '') %}
+{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
{%- set FLEET = salt['pillar.get']('static:fleet_ip', '') %}
{%- set KRATOS = salt['pillar.get']('kratos:redirect', '') %}
@@ -28,8 +29,10 @@ cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_o
# SOCtopus and Master
sed -i "s/PLACEHOLDER/{{ MASTER }}/g" /opt/so/conf/kibana/saved_objects.ndjson
+{% if FLEET_NODE %}
# Fleet IP
sed -i "s/FLEETPLACEHOLDER/{{ FLEET }}/g" /opt/so/conf/kibana/saved_objects.ndjson
+{% endif %}
# Kratos redirect
sed -i "s/PCAPPLACEHOLDER/{{ KRATOS }}/g" /opt/so/conf/kibana/saved_objects.ndjson
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index 894bebaea..f3ce61784 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -85,4 +85,9 @@ so-mysql:
- /opt/so/log/mysql:/var/log/mysql:rw
- watch:
- /opt/so/conf/mysql/etc
+ cmd.run:
+ - name: until nc -z {{ MAINIP }} 3306; do sleep 1; done
+ - timeout: 120
+ - onchanges:
+ - docker_container: so-mysql
{% endif %}
\ No newline at end of file
diff --git a/salt/nginx/etc/nginx.conf.so-eval b/salt/nginx/etc/nginx.conf.so-eval
index 61d91ba20..336d27343 100644
--- a/salt/nginx/etc/nginx.conf.so-eval
+++ b/salt/nginx/etc/nginx.conf.so-eval
@@ -146,6 +146,20 @@ http {
}
+ location /cyberchef/ {
+ auth_request /auth/sessions/whoami;
+ proxy_read_timeout 90;
+ proxy_connect_timeout 90;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Proxy "";
+ }
+
+ location /cyberchef {
+ rewrite ^ /cyberchef/ permanent;
+ }
+
location /packages/ {
try_files $uri =206;
auth_request /auth/sessions/whoami;
diff --git a/salt/nginx/etc/nginx.conf.so-master b/salt/nginx/etc/nginx.conf.so-master
index 46e910a17..33edb9c3e 100644
--- a/salt/nginx/etc/nginx.conf.so-master
+++ b/salt/nginx/etc/nginx.conf.so-master
@@ -146,6 +146,20 @@ http {
}
+ location /cyberchef/ {
+ auth_request /auth/sessions/whoami;
+ proxy_read_timeout 90;
+ proxy_connect_timeout 90;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Proxy "";
+ }
+
+ location /cyberchef {
+ rewrite ^ /cyberchef/ permanent;
+ }
+
location /packages/ {
try_files $uri =206;
auth_request /auth/sessions/whoami;
diff --git a/salt/nginx/etc/nginx.conf.so-mastersearch b/salt/nginx/etc/nginx.conf.so-mastersearch
index 46e910a17..33edb9c3e 100644
--- a/salt/nginx/etc/nginx.conf.so-mastersearch
+++ b/salt/nginx/etc/nginx.conf.so-mastersearch
@@ -146,6 +146,20 @@ http {
}
+ location /cyberchef/ {
+ auth_request /auth/sessions/whoami;
+ proxy_read_timeout 90;
+ proxy_connect_timeout 90;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Proxy "";
+ }
+
+ location /cyberchef {
+ rewrite ^ /cyberchef/ permanent;
+ }
+
location /packages/ {
try_files $uri =206;
auth_request /auth/sessions/whoami;
diff --git a/salt/top.sls b/salt/top.sls
index 3d0c70c53..6af94e26a 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -21,7 +21,6 @@ base:
- ssl
- registry
- common
- - nginx
- telegraf
- firewall
- idstools
@@ -37,7 +36,6 @@ base:
- ca
- ssl
- common
- - nginx
- telegraf
- firewall
- pcap
@@ -192,7 +190,6 @@ base:
- ca
- ssl
- common
- - nginx
- telegraf
- firewall
{%- if WAZUH != 0 %}
@@ -271,7 +268,6 @@ base:
- ca
- ssl
- common
- - nginx
- telegraf
- firewall
- redis
diff --git a/salt/zeek/defaults.yml b/salt/zeek/defaults.yml
deleted file mode 100644
index 07393abeb..000000000
--- a/salt/zeek/defaults.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-zeek:
- zeekctl:
- MailTo: root@localhost
- MailConnectionSummary: 1
- MinDiskSpace: 5
- MailHostUpDown: 1
- LogRotationInterval: 3600
- LogExpireInterval: 0
- StatsLogEnable: 1
- StatsLogExpireInterval: 0
- StatusCmdShowAll: 0
- CrashExpireInterval: 0
- SitePolicyScripts: local.zeek
- LogDir: /nsm/zeek/logs
- SpoolDir: /nsm/zeek/spool
- CfgDir: /opt/zeek/etc
- CompressLogs: 1
diff --git a/salt/zeek/files/local.zeek b/salt/zeek/files/local.zeek
deleted file mode 100644
index f32052328..000000000
--- a/salt/zeek/files/local.zeek
+++ /dev/null
@@ -1,132 +0,0 @@
-##! Local site policy. Customize as appropriate.
-##!
-##! This file will not be overwritten when upgrading or reinstalling!
-
-# This script logs which scripts were loaded during each run.
-@load misc/loaded-scripts
-
-# Apply the default tuning scripts for common tuning settings.
-@load tuning/defaults
-
-# Estimate and log capture loss.
-@load misc/capture-loss
-
-# Enable logging of memory, packet and lag statistics.
-@load misc/stats
-
-# Load the scan detection script. It's disabled by default because
-# it often causes performance issues.
-#@load misc/scan
-
-# Detect traceroute being run on the network. This could possibly cause
-# performance trouble when there are a lot of traceroutes on your network.
-# Enable cautiously.
-#@load misc/detect-traceroute
-
-# Generate notices when vulnerable versions of software are discovered.
-# The default is to only monitor software found in the address space defined
-# as "local". Refer to the software framework's documentation for more
-# information.
-@load frameworks/software/vulnerable
-
-# Detect software changing (e.g. attacker installing hacked SSHD).
-@load frameworks/software/version-changes
-
-# This adds signatures to detect cleartext forward and reverse windows shells.
-@load-sigs frameworks/signatures/detect-windows-shells
-
-# Load all of the scripts that detect software in various protocols.
-@load protocols/ftp/software
-@load protocols/smtp/software
-@load protocols/ssh/software
-@load protocols/http/software
-# The detect-webapps script could possibly cause performance trouble when
-# running on live traffic. Enable it cautiously.
-#@load protocols/http/detect-webapps
-
-# This script detects DNS results pointing toward your Site::local_nets
-# where the name is not part of your local DNS zone and is being hosted
-# externally. Requires that the Site::local_zones variable is defined.
-@load protocols/dns/detect-external-names
-
-# Script to detect various activity in FTP sessions.
-@load protocols/ftp/detect
-
-# Scripts that do asset tracking.
-@load protocols/conn/known-hosts
-@load protocols/conn/known-services
-@load protocols/ssl/known-certs
-
-# This script enables SSL/TLS certificate validation.
-@load protocols/ssl/validate-certs
-
-# This script prevents the logging of SSL CA certificates in x509.log
-@load protocols/ssl/log-hostcerts-only
-
-# Uncomment the following line to check each SSL certificate hash against the ICSI
-# certificate notary service; see http://notary.icsi.berkeley.edu .
-# @load protocols/ssl/notary
-
-# If you have GeoIP support built in, do some geographic detections and
-# logging for SSH traffic.
-@load protocols/ssh/geo-data
-# Detect hosts doing SSH bruteforce attacks.
-@load protocols/ssh/detect-bruteforcing
-# Detect logins using "interesting" hostnames.
-@load protocols/ssh/interesting-hostnames
-
-# Detect SQL injection attacks.
-@load protocols/http/detect-sqli
-
-#### Network File Handling ####
-
-# Enable MD5 and SHA1 hashing for all files.
-@load frameworks/files/hash-all-files
-
-# Detect SHA1 sums in Team Cymru's Malware Hash Registry.
-@load frameworks/files/detect-MHR
-
-# Extend email alerting to include hostnames
-@load policy/frameworks/notice/extend-email/hostnames
-
-# Uncomment the following line to enable detection of the heartbleed attack. Enabling
-# this might impact performance a bit.
-# @load policy/protocols/ssl/heartbleed
-
-# Uncomment the following line to enable logging of connection VLANs. Enabling
-# this adds two VLAN fields to the conn.log file.
-# @load policy/protocols/conn/vlan-logging
-
-# Uncomment the following line to enable logging of link-layer addresses. Enabling
-# this adds the link-layer address for each connection endpoint to the conn.log file.
-# @load policy/protocols/conn/mac-logging
-
-# JA3 - SSL Detection Goodness
-@load ja3
-
-# HASSH
-@load hassh
-
-# You can load your own intel into:
-# /opt/so/saltstack/bro/policy/intel/ on the master
-@load intel
-
-# Load a custom Bro policy
-# /opt/so/saltstack/bro/policy/custom/ on the master
-#@load custom/somebropolicy.bro
-
-# Write logs in JSON
-redef LogAscii::use_json = T;
-redef LogAscii::json_timestamps = JSON::TS_ISO8601;
-
-# CVE-2020-0601
-@load cve-2020-0601
-
-# BPF Configuration
-@load securityonion/bpfconf
-
-# Community ID
-@load securityonion/communityid
-
-# Extracted files
-@load securityonion/file-extraction
\ No newline at end of file
diff --git a/salt/zeek/files/local.zeek.jinja b/salt/zeek/files/local.zeek.jinja
new file mode 100644
index 000000000..61f5df7d8
--- /dev/null
+++ b/salt/zeek/files/local.zeek.jinja
@@ -0,0 +1,11 @@
+##! Local site policy.
+
+{%- set ALLOWEDOPTIONS = [ '@load', '@load-sigs', 'redef' ] %}
+
+{%- for k, v in LOCAL.items() %}
+ {%- if k|lower in ALLOWEDOPTIONS %}
+ {%- for li in v|sort %}
+{{ k }} {{ li }}
+ {%- endfor %}
+ {%- endif %}
+{%- endfor %}
\ No newline at end of file
diff --git a/salt/zeek/files/zeekctl.cfg.jinja b/salt/zeek/files/zeekctl.cfg.jinja
index 5da5ab824..6d28d4dbd 100644
--- a/salt/zeek/files/zeekctl.cfg.jinja
+++ b/salt/zeek/files/zeekctl.cfg.jinja
@@ -2,8 +2,8 @@
{%- set ALLOWEDOPTIONS = ['commtimeout','commandtimeout','compresscmd','compressextension','compresslogs','compresslogsinflight','controltopic','crashexpireinterval','croncmd','debug','env_vars','havenfs','keeplogs','logdir','logexpireinterval','logrotationinterval','mailalarmsinterval','mailalarmsto','mailarchivelogfail','mailconnectionsummary','mailfrom','mailhostupdown','mailreceivingpackets','mailreplyto','mailsubjectprefix','mailto','makearchivename','memlimit','mindiskspace','pfringclusterid','pfringclustertype','pfringfirstappinstance','prefixes','savetraces','sendmail','sitepluginpath','sitepolicypath','sitepolicyscripts','statslogenable','statslogexpireinterval','statuscmdshowall','stoptimeout','stopwait','timefmt','timemachinehost','timemachineport','zeekargs','zeekport','bindir','capstatspath','cfgdir','debuglog','defaultstoredir','helperdir','libdir','libdir64','libdirinternal','localnetscfg','lockfile','logexpireminutes','nodecfg','os','pcapbufsize','pcapsnaplen','plugindir','pluginzeekdir','policydir','policydirsiteinstall','policydirsiteinstallauto','postprocdir','scriptsdir','spooldir','standalone','statefile','staticdir','statsdir','statslog','time','tmpdir','tmpexecdir','tracesummary','version','zeek','zeekbase'] %}
-{%- for option in ZEEKCTL %}
+{%- for option in ZEEKCTL|sort %}
{%- if option|lower in ALLOWEDOPTIONS %}
{{ option }} = {{ ZEEKCTL[option] }}
{%- endif %}
-{%- endfor %}
+{%- endfor %}
\ No newline at end of file
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index ea238a162..246b43c90 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -4,8 +4,7 @@
{% set BPF_STATUS = 0 %}
{% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
-{% import_yaml 'zeek/defaults.yml' as ZEEKDEFAULTS %}
-{% set ZEEK = salt['pillar.get']('zeek', default=ZEEKDEFAULTS.zeek, merge=True) %}
+{% set ZEEK = salt['pillar.get']('zeek', {}) %}
# Zeek Salt State
@@ -144,13 +143,16 @@ zeekbpf:
- "ip or not ip"
{% endif %}
+
localzeeksync:
file.managed:
- name: /opt/so/conf/zeek/local.zeek
- - source: salt://zeek/files/local.zeek
+ - source: salt://zeek/files/local.zeek.jinja
- user: 937
- group: 939
- template: jinja
+ - defaults:
+ LOCAL: {{ ZEEK.local | tojson }}
so-zeek:
docker_container.running:
diff --git a/setup/install_scripts/99-so-checksum-offload-disable b/setup/install_scripts/99-so-checksum-offload-disable
index bcdd04029..b8c21a299 100755
--- a/setup/install_scripts/99-so-checksum-offload-disable
+++ b/setup/install_scripts/99-so-checksum-offload-disable
@@ -1,6 +1,6 @@
#!/bin/bash
-if [[ "$DEVICE_IFACE" != "$MAININT" && "$DEVICE_IFACE" != *"docker"* ]]; then
+if [[ "$DEVICE_IFACE" != "$MNIC" && "$DEVICE_IFACE" != *"docker"* ]]; then
for i in rx tx sg tso ufo gso gro lro; do
ethtool -K "$DEVICE_IFACE" "$i" off;
done
diff --git a/setup/public_keys/salt.pem b/setup/public_keys/salt.pem
new file mode 100644
index 000000000..919f2724c
--- /dev/null
+++ b/setup/public_keys/salt.pem
@@ -0,0 +1,31 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.22 (GNU/Linux)
+
+mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9
+m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW
+tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw
+WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts
+kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA
+gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr
+YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT
+qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q
+WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1
+yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o
+nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU
+4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA
+/NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q
+9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb
+9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx
+uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ
+zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr
+GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E
+PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ
+AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK
+WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4
+vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f
+T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N
+1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx
+fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS
+MA==
+=dtMN
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/setup/so-common-functions b/setup/so-common-functions
new file mode 100644
index 000000000..15cb3e686
--- /dev/null
+++ b/setup/so-common-functions
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+source ./so-variables
+
+# Helper functions
+
+filter_unused_nics() {
+
+ if [[ $MNIC ]]; then local grep_string="$MNIC\|bond0"; else local grep_string="bond0"; fi
+
+ # If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string
+ if [[ $BNICS ]]; then
+ grep_string="$grep_string"
+ for BONDNIC in "${BNICS[@]}"; do
+ grep_string="$grep_string\|$BONDNIC"
+ done
+ fi
+
+ # Finally, set filtered_nics to any NICs we aren't using (and ignore interfaces that aren't of use)
+ filtered_nics=$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "$grep_string" | sed 's/ //g')
+ readarray -t filtered_nics <<< "$filtered_nics"
+
+ nic_list=()
+ for nic in "${filtered_nics[@]}"; do
+ nic_list+=("$nic" "" "OFF")
+ done
+
+ export nic_list
+}
+
+calculate_useable_cores() {
+
+ # Calculate reasonable core usage
+ local cores_for_bro=$(( (num_cpu_cores/2) - 1 ))
+ local lb_procs_round
+ lb_procs_round=$(printf "%.0f\n" $cores_for_bro)
+
+ if [ "$lb_procs_round" -lt 1 ]; then lb_procs=1; else lb_procs=$lb_procs_round; fi
+ export lb_procs
+}
+
+set_defaul_log_size() {
+ local percentage
+
+ case $INSTALLTYPE in
+ EVAL | HEAVYNODE)
+ percentage=50
+ ;;
+ *)
+ percentage=80
+ ;;
+ esac
+
+ local disk_dir="/"
+ if [ -d /nsm ]; then
+ disk_dir="/nsm"
+ fi
+ local disk_size_1k
+ disk_size_1k=$(df $disk_dir | grep -v "^Filesystem" | awk '{print $2}')
+
+ local ratio="1048576"
+
+ local disk_size_gb
+ disk_size_gb=$( echo "$disk_size_1k" "$ratio" | awk '{print($1/$2)}' )
+
+ log_size_limit=$( echo "$disk_size_gb" "$percentage" | awk '{printf("%.0f", $1 * ($2/100))}')
+ export log_size_limit
+}
diff --git a/setup/so-functions b/setup/so-functions
index b50821fd8..a6d39c293 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -15,214 +15,195 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-SCRIPTDIR=$(dirname "$0")
-source $SCRIPTDIR/so-whiptail
+source ./so-whiptail
+source ./so-variables
+source ./so-common-functions
+
SOVERSION=1.2.2
-accept_salt_key_local() {
- echo "Accept the key locally on the master" >> $SETUPLOG 2>&1
- # Accept the key locally on the master
- salt-key -ya $MINION_ID
-
-}
-
accept_salt_key_remote() {
- echo "Accept the key remotely on the master" >> $SETUPLOG 2>&1
+ systemctl restart salt-minion
+
+ echo "Accept the key remotely on the master" >> "$setup_log" 2>&1
# Delete the key just in case.
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo salt-key -d $MINION_ID -y
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -d "$MINION_ID" -y
salt-call state.apply ca
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo salt-key -a $MINION_ID -y
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo salt-key -a "$MINION_ID" -y
}
+
add_admin_user() {
-
- # Add an admin user with full sudo rights if this is an ISO install.
- useradd $ADMINUSER && echo $ADMINUSER:$ADMINPASS1 | chpasswd --crypt-method=SHA512
- usermod -aG wheel $ADMINUSER
-
+ # Add an admin user with full sudo rights if this is an ISO install.
+ {
+ useradd "$ADMINUSER";
+ echo "$ADMINUSER":"$ADMINPASS1" | chpasswd --crypt-method=SHA512;
+ usermod -aG wheel "$ADMINUSER";
+ } >> "$setup_log" 2>&1
+
}
add_master_hostfile() {
- echo "Checking if I can resolve master. If not add to hosts file" >> $SETUPLOG 2>&1
+
+ [ -n "$TESTING" ] && return
+
+ echo "Checking if I can resolve master. If not add to hosts file" >> "$setup_log" 2>&1
# Pop up an input to get the IP address
MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your Master Server IP Address" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
+}
+# $5 => (optional) password variable
+so_add_user() {
+ local username=$1
+ local uid=$2
+ local gid=$3
+ local home_dir=$4
+ if [ "$5" ]; then local pass=$5; fi
+
+ echo "Add $username user" >> "$setup_log" 2>&1
+ groupadd --gid "$gid" "$username"
+ useradd --uid "$uid" --gid "$gid" --home-dir "$home_dir" "$username"
+
+ # If a password has been passed in, set the password
+ if [ "$pass" ]; then
+ echo "$username":"$pass" | chpasswd --crypt-method=SHA512
+ fi
}
add_socore_user_master() {
-
- echo "Add socore on the master" >>~/sosetup.log 2>&1
- # Add user "socore" to the master. This will be for things like accepting keys.
- if [ $OS == 'centos' ]; then
- local ADDUSER=adduser
- else
- local ADDUSER=useradd
- fi
- groupadd --gid 939 socore
- $ADDUSER --uid 939 --gid 939 --home-dir /opt/so socore
-
+ so_add_user "socore" "939" "939" "/opt/so" >> "$setup_log" 2>&1
}
add_soremote_user_master() {
-
- echo "Add soremote on the master" >>~/sosetup.log 2>&1
- # Add user "soremote" to the master. This will be for things like accepting keys.
- if [ $OS == 'centos' ]; then
- local ADDUSER=adduser
- else
- local ADDUSER=useradd
- fi
- groupadd --gid 947 soremote
- $ADDUSER --uid 947 --gid 947 soremote
-
- # Set the password for soremote that we got during setup
- echo soremote:$SOREMOTEPASS1 | chpasswd --crypt-method=SHA512
-
+ so_add_user "soremote" "947" "947" "/home/soremote" "$SOREMOTEPASS1" >> "$setup_log" 2>&1
}
-add_socore_user_notmaster() {
- echo "Add socore user on non master" >> $SETUPLOG 2>&1
- # Add socore user to the non master system. Probably not a bad idea to make system user
- groupadd --gid 939 socore
- $ADDUSER --uid 939 --gid 939 --home-dir /opt/so --no-create-home socore
+wait_for_file() {
+ local filename=$1
+ local max_attempts=$2 # this is multiplied by the wait interval, so make sure it isn't too large
+ local cur_attempts=0
+ local wait_interval=$3
+ local total_time=$(( max_attempts * wait_interval ))
+ local date
+ date=$(date)
-}
-
-wait_for_identity_db_to_exist() {
- MAXATTEMPTS=30
- attempts=0
- while [[ $attempts -lt $MAXATTEMPTS ]]; do
- # Check and see if the DB file is in there
- if [ -f /opt/so/conf/kratos/db/db.sqlite ]; then
- echo "Database file exists at $(date)"
- attempts=$MAXATTEMPTS
- else
- echo "Identity database does not yet exist; waiting 5 seconds and will check again ($attempts/$MAXATTEMPTS)..."
- sleep 5
- attempts=$((attempts+1))
- fi
- done
+ while [[ $cur_attempts < $max_attempts ]]; do
+ if [ -f "$filename" ]; then
+ echo "File $filename already exists at $date" >> "$setup_log" 2>&1
+ return
+ else
+ echo "File $filename does not exist; waiting ${wait_interval}s then checking again ($cur_attempts/$max_attempts)..." >> "$setup_log" 2>&1
+ ((cur_attempts++))
+ sleep "$wait_interval"
+ fi
+ done
+ echo "Could not find $filename after waiting ${total_time}s" >> "$setup_log" 2>&1
+ return 1
}
add_web_user() {
- wait_for_identity_db_to_exist
- echo "Attempting to add administrator user for web interface..."
- echo "$WEBPASSWD1" | /usr/sbin/so-user add $WEBUSER
- echo "Add user result: $?"
+ wait_for_file /opt/so/conf/kratos/db/db.sqlite 30 5
+ {
+ echo "Attempting to add administrator user for web interface...";
+ echo "$WEBPASSWD1" | /usr/sbin/so-user add "$WEBUSER";
+ echo "Add user result: $?";
+ } >> "$setup_log" 2>&1
}
# Create an secrets pillar so that passwords survive re-install
secrets_pillar(){
-
if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
- echo "Creating Secrets Pillar" >> $SETUPLOG 2>&1
- mkdir -p /opt/so/saltstack/pillar
- echo "secrets:" >> /opt/so/saltstack/pillar/secrets.sls
- echo " mysql: $MYSQLPASS" >> /opt/so/saltstack/pillar/secrets.sls
- echo " fleet: $FLEETPASS" >> /opt/so/saltstack/pillar/secrets.sls
- echo " fleet_jwt: $FLEETJWT" >> /opt/so/saltstack/pillar/secrets.sls
- echo " fleet_enroll-secret: False" >> /opt/so/saltstack/pillar/secrets.sls
+ echo "Creating Secrets Pillar" >> "$setup_log" 2>&1
+ mkdir -p /opt/so/saltstack/pillar
+ printf '%s\n'\
+ "secrets:"\
+ " mysql: $MYSQLPASS"\
+ " fleet: $FLEETPASS"\
+ " fleet_jwt: $FLEETJWT"\
+ " fleet_enroll-secret: False" > /opt/so/saltstack/pillar/secrets.sls
fi
-
}
# Enable Bro Logs
bro_logs_enabled() {
- echo "Enabling Bro Logs" >> $SETUPLOG 2>&1
+ echo "Enabling Bro Logs" >> "$setup_log" 2>&1
- echo "brologs:" > pillar/brologs.sls
- echo " enabled:" >> pillar/brologs.sls
+ local brologs_pillar=./pillar/brologs.sls
- if [ $MASTERADV == 'ADVANCED' ]; then
- for BLOG in ${BLOGS[@]}; do
- echo " - $BLOG" | tr -d '"' >> pillar/brologs.sls
+ printf '%s\n'\
+ "brologs:"\
+ " enabled:" > "$brologs_pillar"
+
+ if [ "$MASTERADV" = 'ADVANCED' ]; then
+ for BLOG in "${BLOGS[@]}"; do
+ echo " - $BLOG" | tr -d '"' >> "$brologs_pillar"
done
else
- echo " - conn" >> pillar/brologs.sls
- echo " - dce_rpc" >> pillar/brologs.sls
- echo " - dhcp" >> pillar/brologs.sls
- echo " - dhcpv6" >> pillar/brologs.sls
- echo " - dnp3" >> pillar/brologs.sls
- echo " - dns" >> pillar/brologs.sls
- echo " - dpd" >> pillar/brologs.sls
- echo " - files" >> pillar/brologs.sls
- echo " - ftp" >> pillar/brologs.sls
- echo " - http" >> pillar/brologs.sls
- echo " - intel" >> pillar/brologs.sls
- echo " - irc" >> pillar/brologs.sls
- echo " - kerberos" >> pillar/brologs.sls
- echo " - modbus" >> pillar/brologs.sls
- echo " - mqtt" >> pillar/brologs.sls
- echo " - notice" >> pillar/brologs.sls
- echo " - ntlm" >> pillar/brologs.sls
- echo " - openvpn" >> pillar/brologs.sls
- echo " - pe" >> pillar/brologs.sls
- echo " - radius" >> pillar/brologs.sls
- echo " - rfb" >> pillar/brologs.sls
- echo " - rdp" >> pillar/brologs.sls
- echo " - signatures" >> pillar/brologs.sls
- echo " - sip" >> pillar/brologs.sls
- echo " - smb_files" >> pillar/brologs.sls
- echo " - smb_mapping" >> pillar/brologs.sls
- echo " - smtp" >> pillar/brologs.sls
- echo " - snmp" >> pillar/brologs.sls
- echo " - software" >> pillar/brologs.sls
- echo " - ssh" >> pillar/brologs.sls
- echo " - ssl" >> pillar/brologs.sls
- echo " - syslog" >> pillar/brologs.sls
- echo " - telnet" >> pillar/brologs.sls
- echo " - tunnel" >> pillar/brologs.sls
- echo " - weird" >> pillar/brologs.sls
- echo " - mysql" >> pillar/brologs.sls
- echo " - socks" >> pillar/brologs.sls
- echo " - x509" >> pillar/brologs.sls
- fi
-}
-
-calculate_useable_cores() {
-
- # Calculate reasonable core usage
- local CORES4BRO=$(( $CPUCORES/2 - 1 ))
- LBPROCSROUND=$(printf "%.0f\n" $CORES4BRO)
- # We don't want it to be 0
- if [ "$LBPROCSROUND" -lt 1 ]; then
- LBPROCS=1
- else
- LBPROCS=$LBPROCSROUND
+ printf '%s\n'\
+ " - conn"\
+ " - dce_rpc"\
+ " - dhcp"\
+ " - dhcpv6"\
+ " - dnp3"\
+ " - dns"\
+ " - dpd"\
+ " - files"\
+ " - ftp"\
+ " - http"\
+ " - intel"\
+ " - irc"\
+ " - kerberos"\
+ " - modbus"\
+ " - mqtt"\
+ " - notice"\
+ " - ntlm"\
+ " - openvpn"\
+ " - pe"\
+ " - radius"\
+ " - rfb"\
+ " - rdp"\
+ " - signatures"\
+ " - sip"\
+ " - smb_files"\
+ " - smb_mapping"\
+ " - smtp"\
+ " - snmp"\
+ " - software"\
+ " - ssh"\
+ " - ssl"\
+ " - syslog"\
+ " - telnet"\
+ " - tunnel"\
+ " - weird"\
+ " - mysql"\
+ " - socks"\
+ " - x509" >> "$brologs_pillar"
fi
+ printf '%s\n' '----' >> "$setup_log" 2>&1
+ cat "$brologs_pillar" >> "$setup_log" 2>&1
}
check_admin_pass() {
-
- if [ $ADMINPASS1 == $ADMINPASS2 ]; then
- APMATCH=yes
- else
- whiptail_passwords_dont_match
- fi
-
+ check_pass_match "$ADMINPASS1" "$ADMINPASS2" "APMATCH"
}
check_hive_init_then_reboot() {
- WAIT_STEP=0
- MAX_WAIT=100
- until [ -f /opt/so/state/thehive.txt ] ; do
- WAIT_STEP=$(( ${WAIT_STEP} + 1 ))
- echo "Waiting on the_hive to init...Attempt #$WAIT_STEP"
- if [ ${WAIT_STEP} -gt ${MAX_WAIT} ]; then
- echo "ERROR: We waited ${MAX_WAIT} seconds but the_hive is not working."
- exit 5
- fi
- sleep 1s;
- done
- docker stop so-thehive
- docker rm so-thehive
- shutdown -r now
+
+ local return_val
+ return_val="$(wait_for_file /opt/so/state/thehive.txt 20 5)"
+
+ if [ "$return_val" != 0 ]; then
+ return "$return_val"
+ fi
+
+ docker stop so-thehive
+ docker rm so-thehive
+ shutdown -r now
}
check_network_manager_conf() {
@@ -236,155 +217,236 @@ check_network_manager_conf() {
mv "$gmdconf" "${gmdconf}.bak"
touch "$gmdconf"
systemctl restart NetworkManager
- } >> "$SETUPLOG" 2>&1
+ } >> "$setup_log" 2>&1
fi
fi
if test -f "$nmconf"; then
- sed -i 's/managed=false/managed=true/g' "$nmconf" >> $SETUPLOG 2>&1
+ sed -i 's/managed=false/managed=true/g' "$nmconf" >> "$setup_log" 2>&1
fi
if [[ ! -d "$preupdir" ]]; then
- mkdir "$preupdir" >> $SETUPLOG 2>&1
+ mkdir "$preupdir" >> "$setup_log" 2>&1
+ fi
+}
+
+check_pass_match() {
+ local pass=$1
+ local confirm_pass=$2
+ local var=$3
+
+ if [ "$pass" = "$confirm_pass" ]; then
+ export "$var=yes"
+ else
+ whiptail_passwords_dont_match
fi
}
check_soremote_pass() {
-
- if [ $SOREMOTEPASS1 == $SOREMOTEPASS2 ]; then
- SCMATCH=yes
- else
- whiptail_passwords_dont_match
- fi
-
+ check_pass_match "$SOREMOTEPASS1" "$SOREMOTEPASS2" "SCMATCH"
}
check_web_pass() {
-
- if [ $WEBPASSWD1 == $WEBPASSWD2 ]; then
- WPMATCH=yes
- else
- whiptail_passwords_dont_match
- fi
-
-}
-
-checkin_at_boot() {
- echo "Enabling checkin at boot" >> $SETUPLOG 2>&1
- echo "startup_states: highstate" >> /etc/salt/minion
-}
-
-chown_salt_master() {
-
- echo "Chown the salt dirs on the master for socore" >> $SETUPLOG 2>&1
- chown -R socore:socore /opt/so
-
+ check_pass_match "$WEBPASSWD1" "$WEBPASSWD2" "WPMATCH"
}
clear_master() {
# Clear out the old master public key in case this is a re-install.
# This only happens if you re-install the master.
if [ -f /etc/salt/pki/minion/minion_master.pub ]; then
- echo "Clearing old master key" >> $SETUPLOG 2>&1
- rm /etc/salt/pki/minion/minion_master.pub
- service salt-minion restart
+ {
+ echo "Clearing old master key";
+ rm -f /etc/salt/pki/minion/minion_master.pub;
+ sytemctl -q restart salt-minion;
+ } >> "$setup_log" 2>&1
fi
}
+collect_soremote_inputs() {
+ whiptail_create_soremote_user
+ SCMATCH=no
+ while [[ $SCMATCH != yes ]]; do
+ whiptail_create_soremote_user_password1
+ whiptail_create_soremote_user_password2
+ check_soremote_pass
+ done
+}
+
+collect_adminuser_inputs() {
+ whiptail_create_admin_user
+ APMATCH=no
+ while [[ $APMATCH != yes ]]; do
+ whiptail_create_admin_user_password1
+ whiptail_create_admin_user_password2
+ check_admin_pass
+ done
+}
+
+
+collect_webuser_inputs() {
+ # Get a password for the web admin user
+ local valid_user=no
+ while [[ $valid_user != yes ]]; do
+ whiptail_create_web_user
+ if so-user valemail "$WEBUSER" >> "$setup_log" 2>&1; then
+ valid_user=yes
+ else
+ whiptail_invalid_user_warning
+ fi
+ done
+
+ WPMATCH=no
+ while [[ $WPMATCH != yes ]]; do
+ whiptail_create_web_user_password1
+ if echo "$WEBPASSWD1" | so-user valpass >> "$setup_log" 2>&1; then
+ whiptail_create_web_user_password2
+ check_web_pass
+ else
+ whiptail_invalid_pass_warning
+ fi
+ done
+}
+
configure_minion() {
+ local minion_type=$1
+ echo "Configuring minion type as $minion_type" >> "$setup_log" 2>&1
+ echo "role: so-$minion_type" > /etc/salt/grains
- # You have to pass the TYPE to this function so it knows if its a master or not
- local TYPE=$1
- echo "Configuring minion type as $TYPE" >> $SETUPLOG 2>&1
- touch /etc/salt/grains
- echo "role: so-$TYPE" > /etc/salt/grains
- if [ $TYPE == 'master' ] || [ $TYPE == 'eval' ] || [ $TYPE == 'mastersearch' ]; then
- echo "master: $HOSTNAME" > /etc/salt/minion
- echo "id: $MINION_ID" >> /etc/salt/minion
- echo "mysql.host: '$MAINIP'" >> /etc/salt/minion
- echo "mysql.port: 3306" >> /etc/salt/minion
- echo "mysql.user: 'root'" >> /etc/salt/minion
- if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
- echo "mysql.pass: '$MYSQLPASS'" >> /etc/salt/minion
- else
- OLDPASS=$(cat /opt/so/saltstack/pillar/secrets.sls | grep mysql | awk {'print $2'})
- echo "mysql.pass: '$OLDPASS'" >> /etc/salt/minion
- fi
- elif [ $TYPE == 'helix' ]; then
- echo "master: $HOSTNAME" > /etc/salt/minion
- echo "id: $MINION_ID" >> /etc/salt/minion
- elif [ $TYPE == 'fleet' ]; then
- echo "master: $MSRV" > /etc/salt/minion
- echo "id: $MINION_ID" >> /etc/salt/minion
- else
- echo "master: $MSRV" > /etc/salt/minion
- echo "id: $MINION_ID" >> /etc/salt/minion
+ local minion_config=/etc/salt/minion
- fi
+ echo "id: $MINION_ID" > "$minion_config"
- echo "use_superseded:" >> /etc/salt/minion
- echo " - module.run" >> /etc/salt/minion
- echo "log_file: /opt/so/log/salt/minion" >> /etc/salt/minion
-
- service salt-minion restart
+ case "$minion_type" in
+ 'helix')
+ echo "master: $HOSTNAME" >> "$minion_config"
+ ;;
+ 'master' | 'eval' | 'mastersearch')
+ printf '%s\n'\
+ "master: $HOSTNAME"\
+ "mysql.host: '$MAINIP'"\
+ "mysql.port: 3306"\
+ "mysql.user: 'root'" >> "$minion_config"
+ if [ ! -f /opt/so/saltstack/pillar/secrets.sls ]; then
+ echo "mysql.pass: '$MYSQLPASS'" >> "$minion_config"
+ else
+ OLDPASS=$(grep "mysql" /opt/so/saltstack/pillar/secrets.sls | awk '{print $2}')
+ echo "mysql.pass: '$OLDPASS'" >> "$minion_config"
+ fi
+ ;;
+ *)
+ echo "master: $MSRV" >> "$minion_config"
+ ;;
+ esac
+ printf '%s\n'\
+ "use_superseded:"\
+ " - module.run"\
+ "log_file: /opt/so/log/salt/minion" >> "$minion_config"
+
+ {
+ systemctl restart salt-minion;
+ printf '%s\n' '----';
+ cat "$minion_config";
+ } >> "$setup_log" 2>&1
+
+
+}
+
+checkin_at_boot() {
+ local minion_config=/etc/salt/minion
+
+ echo "Enabling checkin at boot" >> "$setup_log" 2>&1
+ echo "startup_states: highstate" >> "$minion_config"
+}
+
+
+check_requirements() {
+ local eval_or_dist=$1
+ local node_type=$2 # optional
+ local req_mem
+ local req_cores
+ local nic_list
+ readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0" | sed 's/ //g')"
+ local num_nics=${#nic_list[@]}
+
+ if [[ "$eval_or_dist" == 'eval' ]]; then
+ req_mem=12
+ req_cores=4
+ req_nics=2
+ elif [[ "$eval_or_dist" == 'dist' ]]; then
+ req_mem=8
+ req_cores=4
+ if [[ "$node_type" == 'sensor' ]]; then req_nics=2; else req_nics=1; fi
+ fi
+
+ if [[ $num_nics -lt $req_nics ]]; then
+ whiptail_requirements_error "NICs" "$num_nics" "$req_nics"
+ fi
+
+ if [[ $num_cpu_cores -lt $req_cores ]]; then
+ whiptail_requirements_error "cores" "$num_cpu_cores" "$req_cores"
+ fi
+
+ if [[ $total_mem_hr -lt $req_mem ]]; then
+ whiptail_requirements_error "memory" "${total_mem_hr}GB" "${req_mem}GB"
+ fi
}
copy_master_config() {
# Copy the master config template to the proper directory
- if [ $INSTALLMETHOD == 'iso' ]; then
- cp /root/SecurityOnion/files/master /etc/salt/master
+ if [ "$setup_type" = 'iso' ]; then
+ cp /root/SecurityOnion/files/master /etc/salt/master >> "$setup_log" 2>&1
else
- cp $SCRIPTDIR/../files/master /etc/salt/master
+ cp ../files/master /etc/salt/master >> "$setup_log" 2>&1
fi
- # Restart the service so it picks up the changes -TODO Enable service on CentOS
- service salt-master restart
-
+ # Restart the service so it picks up the changes
+ systemctl restart salt-master >> "$setup_log" 2>&1
}
copy_minion_tmp_files() {
-
- if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- echo "Copying pillar and salt files in $TMP to /opt/so/saltstack"
- cp -Rv $TMP/pillar/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
- if [ -d $TMP/salt ] ; then
- cp -Rv $TMP/salt/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
- fi
- else
- echo "scp pillar and salt files in $TMP to master /opt/so/saltstack"
- ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/pillar >> $SETUPLOG 2>&1
- ssh -i /root/.ssh/so.key soremote@$MSRV mkdir -p /tmp/$MINION_ID/schedules >> $SETUPLOG 2>&1
- scp -prv -i /root/.ssh/so.key $TMP/pillar/minions/* soremote@$MSRV:/tmp/$MINION_ID/pillar/ >> $SETUPLOG 2>&1
- scp -prv -i /root/.ssh/so.key $TMP/salt/patch/os/schedules/* soremote@$MSRV:/tmp/$MINION_ID/schedules >> $SETUPLOG 2>&1
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/salt/master/files/add_minion.sh $MINION_ID >> $SETUPLOG 2>&1
-
- fi
-
- }
+ case "$install_type" in
+ 'MASTER' | 'EVAL' | 'HELIXSENSOR' | 'MASTERSEARCH')
+ echo "Copying pillar and salt files in $temp_install_dir to /opt/so/saltstack"
+ cp -Rv "$temp_install_dir"/pillar/ /opt/so/saltstack/ >> "$setup_log" 2>&1
+ if [ -d "$temp_install_dir"/salt ] ; then
+ cp -Rv "$temp_install_dir"/salt/ /opt/so/saltstack/ >> "$setup_log" 2>&1
+ fi
+ ;;
+ *)
+ {
+ echo "scp pillar and salt files in $temp_install_dir to master /opt/so/saltstack";
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar;
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules;
+ scp -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
+ scp -prv -i /root/.ssh/so.key "$temp_install_dir"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules;
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/salt/master/files/add_minion.sh "$MINION_ID";
+ } >> "$setup_log" 2>&1
+ ;;
+ esac
+}
copy_ssh_key() {
echo "Generating SSH key"
# Generate SSH key
mkdir -p /root/.ssh
- cat /dev/zero | ssh-keygen -f /root/.ssh/so.key -t rsa -q -N ""
- chown -R $SUDO_USER:$SUDO_USER /root/.ssh
+ ssh-keygen -f /root/.ssh/so.key -t rsa -q -N "" < /dev/zero
+ chown -R "$SUDO_USER":"$SUDO_USER" /root/.ssh
echo "Copying the SSH key to the master"
#Copy the key over to the master
- ssh-copy-id -f -i /root/.ssh/so.key soremote@$MSRV
-
+ ssh-copy-id -f -i /root/.ssh/so.key soremote@"$MSRV"
}
create_sensor_bond() {
- echo "Setting up sensor bond" >> $SETUPLOG 2>&1
+ echo "Setting up sensor bond" >> "$setup_log" 2>&1
local nic_error=0
- check_network_manager_conf >> $SETUPLOG 2>&1
+ check_network_manager_conf >> "$setup_log" 2>&1
# Set the MTU
if [[ $NSMSETUP != 'ADVANCED' ]]; then
@@ -397,17 +459,15 @@ create_sensor_bond() {
ipv4.method disabled \
ipv6.method ignore \
ethernet.mtu $MTU \
- connection.autoconnect "yes" >> "$SETUPLOG" 2>&1
+ connection.autoconnect "yes" >> "$setup_log" 2>&1
fi
- for BNIC in ${BNICS[@]}; do
- BONDNIC="$(echo -e "${BNIC}" | tr -d '"')" # Strip the quotes from the NIC names
-
+ for BNIC in "${BNICS[@]}"; do
# Check if specific offload features are able to be disabled
for string in "generic-segmentation-offload" "generic-receive-offload" "tcp-segmentation-offload"; do
- if ethtool -k "$BONDNIC" | grep $string | grep -q "on [fixed]"; then
- echo "The hardware or driver for interface ${BONDNIC} is not supported, packet capture may not work as expected." >> "$SETUPLOG" 2>&1
+ if ethtool -k "$BNIC" | grep $string | grep -q "on [fixed]"; then
+ echo "The hardware or driver for interface ${BNIC} is not supported, packet capture may not work as expected." >> "$setup_log" 2>&1
nic_error=1
break
fi
@@ -415,19 +475,18 @@ create_sensor_bond() {
# Turn off various offloading settings for the interface
for i in rx tx sg tso ufo gso gro lro; do
- ethtool -K $BONDNIC $i off >> $SETUPLOG 2>&1
+ ethtool -K "$BNIC" $i off >> "$setup_log" 2>&1
done
# Check if the bond slave connection has already been created
- if ! [[ $(nmcli -f name,uuid -p con | sed -n "s/bond0-slave-$BONDNIC //p" | tr -d ' ') ]]; then
+ if ! [[ $(nmcli -f name,uuid -p con | sed -n "s/bond0-slave-$BNIC //p" | tr -d ' ') ]]; then
# Create the slave interface and assign it to the bond
-
- nmcli con add type ethernet ifname "$BONDNIC" con-name "bond0-slave-$BONDNIC" master bond0 -- \
+ nmcli con add type ethernet ifname "$BNIC" con-name "bond0-slave-$BNIC" master bond0 -- \
ethernet.mtu $MTU \
- connection.autoconnect "yes" >> "$SETUPLOG" 2>&1
+ connection.autoconnect "yes" >> "$setup_log" 2>&1
fi
- nmcli con up "bond0-slave-$BONDNIC" >> "$SETUPLOG" 2>&1 # Bring the slave interface up
+ nmcli con up "bond0-slave-$BNIC" >> "$setup_log" 2>&1 # Bring the slave interface up
done
if [ $nic_error != 0 ]; then
@@ -438,7 +497,7 @@ create_sensor_bond() {
detect_os() {
# Detect Base OS
- echo "Detecting Base OS" >> $SETUPLOG 2>&1
+ echo "Detecting Base OS" >> "$setup_log" 2>&1
if [ -f /etc/redhat-release ]; then
OS=centos
if grep -q "CentOS Linux release 7" /etc/redhat-release; then
@@ -446,14 +505,17 @@ detect_os() {
elif grep -q "CentOS Linux release 8" /etc/redhat-release; then
OSVER=8
echo "We currently do not support CentOS $OSVER but we are working on it!"
- exit
+ exit 1
else
- echo "We do not support the version of CentOS you are trying to use"
- exit
+ echo "We do not support the version of CentOS you are trying to use."
+ exit 1
fi
# Install bind-utils so the host command exists
- yum -y install bind-utils
+ if ! command -v host > /dev/null 2>&1; then
+ echo "Installing required packages to run installer"
+ yum -y install bind-utils >> "$setup_log" 2>&1
+ fi
elif [ -f /etc/os-release ]; then
@@ -463,594 +525,472 @@ detect_os() {
elif grep -q "UBUNTU_CODENAME=xenial" /etc/os-release; then
OSVER=xenial
else
- echo "We do not support your current version of Ubuntu"
- exit
+ echo "We do not support your current version of Ubuntu."
+ exit 1
fi
# Install network manager so we can do interface stuff
- apt-get install -y network-manager
- /bin/systemctl enable NetworkManager
- /bin/systemctl start NetworkManager
+ if ! command -v nmcli > /dev/null 2>&1; then
+ echo "Installing required packages to run installer"
+ {
+ apt-get install -y network-manager;
+ systemctl enable NetworkManager;
+ systemctl start NetworkManager;
+ } >> "$setup_log" 2<&1
+ fi
+
else
- echo "We were unable to determine if you are using a supported OS." >> $SETUPLOG 2>&1
- exit
+ echo "We were unable to determine if you are using a supported OS."
+ exit 1
fi
- echo "Found OS: $OS $OSVER" >> $SETUPLOG 2>&1
+ echo "Found OS: $OS $OSVER" >> "$setup_log" 2>&1
}
-#disable_dnsmasq() {
-
-# if [ -f /etc/NetworkManager/NetworkManager.conf ]; then
-# echo "Disabling dnsmasq in /etc/NetworkManager/NetworkManager.conf"
-# sed -e 's/^dns=dnsmasq/#dns=dnsmasq/g' -i /etc/NetworkManager/NetworkManager.conf
-# fi
-
-#}
-
disable_onion_user() {
-
# Disable the default account cause security.
usermod -L onion
-
}
disable_misc_network_features() {
- for UNUSED_NIC in ${FNICS[@]}; do
- # Disable DHCPv4/v6 and autoconnect
- nmcli con mod "$UNUSED_NIC" \
- ipv4.method disabled \
- ipv6.method ignore \
- connection.autoconnect "no" >> $SETUPLOG 2>&1
+ if [ ${#filtered_nics[@]} -ne 0 ]; then
+ for unused_nic in "${filtered_nics[@]}"; do
+ # Disable DHCPv4/v6 and autoconnect
+ nmcli con mod "$unused_nic" \
+ ipv4.method disabled \
+ ipv6.method ignore \
+ connection.autoconnect "no" >> "$setup_log" 2>&1
- # Flush any existing IPs
- ip addr flush "$UNUSED_NIC" >> "$SETUPLOG" 2>&1
- done
- # Disable IPv6
- {
- echo "net.ipv6.conf.all.disable_ipv6 = 1"
- echo "net.ipv6.conf.default.disable_ipv6 = 1"
- echo "net.ipv6.conf.lo.disable_ipv6 = 1"
- } >> /etc/sysctl.conf
+ # Flush any existing IPs
+ ip addr flush "$unused_nic" >> "$setup_log" 2>&1
+ done
+ fi
+ # Disable IPv6
+ {
+ echo "net.ipv6.conf.all.disable_ipv6 = 1"
+ echo "net.ipv6.conf.default.disable_ipv6 = 1"
+ echo "net.ipv6.conf.lo.disable_ipv6 = 1"
+ } >> /etc/sysctl.conf
}
docker_install() {
- if [ $OS == 'centos' ]; then
- yum clean expire-cache
- yum -y install yum-utils device-mapper-persistent-data lvm2 openssl
- yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- yum -y update
- yum -y install docker-ce python36-docker
- if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ]; then
- docker_registry
- echo "Restarting Docker" >> $SETUPLOG 2>&1
- systemctl restart docker
- systemctl enable docker
- else
- docker_registry
- echo "Restarting Docker" >> $SETUPLOG 2>&1
- systemctl restart docker
- systemctl enable docker
- fi
-
- else
-
- if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ]; then
- apt-get update >> $SETUPLOG 2>&1
- if [ $OSVER != "xenial" ]; then
- apt-get -y install docker-ce python3-docker >> $SETUPLOG 2>&1
- else
- apt-get -y install docker-ce python-docker >> $SETUPLOG 2>&1
- fi
- docker_registry >> $SETUPLOG 2>&1
- echo "Restarting Docker" >> $SETUPLOG 2>&1
- systemctl restart docker >> $SETUPLOG 2>&1
- else
- apt-key add $TMP/gpg/docker.pub >> $SETUPLOG 2>&1
- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> $SETUPLOG 2>&1
- apt-get update >> $SETUPLOG 2>&1
- if [ $OSVER != "xenial" ]; then
- apt-get -y install docker-ce python3-docker >> $SETUPLOG 2>&1
- else
- apt-get -y install docker-ce python-docker >> $SETUPLOG 2>&1
- fi
- docker_registry >> $SETUPLOG 2>&1
- echo "Restarting Docker" >> $SETUPLOG 2>&1
- systemctl restart docker >> $SETUPLOG 2>&1
- fi
- fi
-
+ if [ $OS = 'centos' ]; then
+ {
+ yum clean expire-cache;
+ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
+ yum -y install docker-ce;
+ } >> "$setup_log" 2>&1
+
+ else
+ case "$install_type" in
+ 'MASTER' | 'EVAL')
+ apt-get update >> "$setup_log" 2>&1
+ ;;
+ *)
+ {
+ apt-key add "$temp_install_dir"/gpg/docker.pub;
+ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable";
+ apt-get update;
+ } >> "$setup_log" 2>&1
+ ;;
+ esac
+
+ if [ $OSVER != "xenial" ]; then
+ apt-get -y install docker-ce python3-docker >> "$setup_log" 2>&1
+ else
+ apt-get -y install docker-ce python-docker >> "$setup_log" 2>&1
+ fi
+ fi
+ docker_registry
+ {
+ echo "Restarting Docker";
+ systemctl restart docker;
+ systemctl enable docker;
+ } >> "$setup_log" 2>&1
}
docker_registry() {
- echo "Setting up Docker Registry" >> $SETUPLOG 2>&1
- mkdir -p /etc/docker >> $SETUPLOG 2>&1
+ echo "Setting up Docker Registry" >> "$setup_log" 2>&1
+ mkdir -p /etc/docker >> "$setup_log" 2>&1
# Make the host use the master docker registry
- echo "{" > /etc/docker/daemon.json
- echo " \"registry-mirrors\": [\"https://$MSRV:5000\"]" >> /etc/docker/daemon.json
- echo "}" >> /etc/docker/daemon.json
- echo "Docker Registry Setup - Complete" >> $SETUPLOG 2>&1
+ printf '%s\n'\
+ "{"\
+ " \"registry-mirrors\": [\"https://$MSRV:5000\"]"\
+ "}" > /etc/docker/daemon.json
+ echo "Docker Registry Setup - Complete" >> "$setup_log" 2>&1
}
+
docker_seed_registry() {
- VERSION="HH$SOVERSION"
- if [ $INSTALLTYPE != 'HELIXSENSOR' ]; then
- TRUSTED_CONTAINERS=( \
- "so-acng:$VERSION" \
- "so-nginx:$VERSION" \
- "so-thehive-cortex:$VERSION" \
- "so-curator:$VERSION" \
- "so-domainstats:$VERSION" \
- "so-elastalert:$VERSION" \
- "so-elasticsearch:$VERSION" \
- "so-filebeat:$VERSION" \
- "so-fleet:$VERSION" \
- "so-fleet-launcher:$VERSION" \
- "so-freqserver:$VERSION" \
- "so-grafana:$VERSION" \
- "so-idstools:$VERSION" \
- "so-influxdb:$VERSION" \
- "so-kibana:$VERSION" \
- "so-logstash:$VERSION" \
- "so-mysql:$VERSION" \
- "so-navigator:$VERSION" \
- "so-playbook:$VERSION" \
- "so-redis:$VERSION" \
- "so-soc:$VERSION" \
- "so-kratos:$VERSION" \
- "so-soctopus:$VERSION" \
- "so-steno:$VERSION" \
- "so-strelka-frontend:$VERSION" \
- "so-strelka-manager:$VERSION" \
- "so-strelka-backend:$VERSION" \
- "so-strelka-filestream:$VERSION" \
- "so-suricata:$VERSION" \
- "so-telegraf:$VERSION" \
- "so-thehive:$VERSION" \
- "so-thehive-es:$VERSION" \
- "so-wazuh:$VERSION" \
- "so-zeek:$VERSION" )
- else
- TRUSTED_CONTAINERS=( \
- "so-nginx:$VERSION" \
- "so-filebeat:$VERSION" \
- "so-idstools:$VERSION" \
- "so-logstash:$VERSION" \
- "so-redis:$VERSION" \
- #"so-sensoroni:$VERSION" \
- "so-steno:$VERSION" \
- "so-suricata:$VERSION" \
- "so-telegraf:$VERSION" \
- "so-zeek:$VERSION" )
- fi
+ local VERSION="HH$SOVERSION"
- if [ ! -f /nsm/docker-registry/docker/registry.tar ]; then
- # Download the container from the interwebs
- for i in "${TRUSTED_CONTAINERS[@]}"
- do
- # Pull down the trusted docker image
- echo "Downloading $i"
- docker pull --disable-content-trust=false docker.io/soshybridhunter/$i
- # Tag it with the new registry destination
- docker tag soshybridhunter/$i $HOSTNAME:5000/soshybridhunter/$i
- docker push $HOSTNAME:5000/soshybridhunter/$i
- done
-
- for i in "${TRUSTED_CONTAINERS[@]}"
- do
- echo "Removing $i locally"
- docker rmi soshybridhunter/$i
- done
- else
- # We already have the goods son
- cd /nsm/docker-registry/docker
- tar xvf registry.tar
- rm /nsm/docker-registry/docker/registry.tar
- fi
-
-}
-
-es_heapsize() {
-
- # Determine ES Heap Size
- if [ $TOTAL_MEM -lt 8000 ] ; then
- ES_HEAP_SIZE="600m"
- elif [ $TOTAL_MEM -ge 100000 ]; then
- # Set a max of 25GB for heap size
- # https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html
- ES_HEAP_SIZE="25000m"
- else
- # Set heap size to 25% of available memory
- ES_HEAP_SIZE=$(($TOTAL_MEM / 4))"m"
- fi
-
-}
-
-filter_unused_nics() {
- # Set the main NIC as the default grep search string
- grep_string=$MNIC
-
- # If we call this function and NICs have already been assigned to the bond interface then add them to the grep search string
- if [[ $BNICS ]]; then
- for BONDNIC in ${BNICS[@]}; do
- grep_string="$grep_string\|$BONDNIC"
+ if ! [ -f /nsm/docker-registry/docker/so-dockers-"$VERSION".tar ]; then
+ local TRUSTED_CONTAINERS=(\
+ "so-core:$VERSION" \
+ "so-filebeat:$VERSION" \
+ "so-logstash:$VERSION" \
+ "so-idstools:$VERSION" \
+ "so-redis:$VERSION" \
+ "so-steno:$VERSION" \
+ "so-suricata:$VERSION" \
+ "so-telegraf:$VERSION" \
+ "so-zeek:$VERSION"
+ )
+ if [ "$install_type" != 'HELIXSENSOR' ]; then
+ TRUSTED_CONTAINERS=("${TRUSTED_CONTAINERS[@]}" \
+ "so-acng:$VERSION" \
+ "so-thehive-cortex:$VERSION" \
+ "so-curator:$VERSION" \
+ "so-domainstats:$VERSION" \
+ "so-elastalert:$VERSION" \
+ "so-elasticsearch:$VERSION" \
+ "so-fleet:$VERSION" \
+ "so-fleet-launcher:$VERSION" \
+ "so-freqserver:$VERSION" \
+ "so-grafana:$VERSION" \
+ "so-influxdb:$VERSION" \
+ "so-kibana:$VERSION" \
+ "so-mysql:$VERSION" \
+ "so-navigator:$VERSION" \
+ "so-playbook:$VERSION" \
+ "so-soc:$VERSION" \
+ "so-kratos:$VERSION" \
+ "so-soctopus:$VERSION" \
+ "so-steno:$VERSION" \
+ "so-strelka-frontend:$VERSION" \
+ "so-strelka-manager:$VERSION" \
+ "so-strelka-backend:$VERSION" \
+ "so-strelka-filestream:$VERSION" \
+ "so-thehive:$VERSION" \
+ "so-thehive-es:$VERSION" \
+ "so-wazuh:$VERSION"
+ )
+ fi
+ local percent=25
+ for i in "${TRUSTED_CONTAINERS[@]}"; do
+ if [ "$install_type" != 'HELIXSENSOR' ]; then ((percent=percent+1)); else ((percent=percent+6)); fi
+ # Pull down the trusted docker image
+ set_progress_str "$percent" "Downloading $i"
+ {
+
+ if ! docker pull --disable-content-trust=false docker.io/soshybridhunter/"$i"; then
+ sleep 5
+ docker pull --disable-content-trust=false docker.io/soshybridhunter/"$i"
+ fi
+ # Tag it with the new registry destination
+ docker tag soshybridhunter/"$i" "$HOSTNAME":5000/soshybridhunter/"$i"
+ docker push "$HOSTNAME":5000/soshybridhunter/"$i"
+ docker rmi soshybridhunter/"$i"
+ } >> "$setup_log" 2>&1
done
+ else
+ tar xvf /nsm/docker-registry/docker/so-dockers-$VERSION.tar >> "$setup_log" 2>&1
+ rm /nsm/docker-registry/docker/so-dockers-$VERSION.tar >> "$setup_log" 2>&1
fi
- # Finally, set FNICS to any NICs we aren't using (and ignore interfaces that aren't of use)
- FNICS=$(ip link | grep -vwe $grep_string | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}')
}
fireeye_pillar() {
- FIREEYEPILLARPATH=/opt/so/saltstack/pillar/fireeye
- mkdir -p $FIREEYEPILLARPATH
+ local fireeye_pillar_path=/opt/so/saltstack/pillar/fireeye
+ mkdir -p "$fireeye_pillar_path"
- echo "" >> $FIREEYEPILLARPATH/init.sls
- echo "fireeye:" >> $FIREEYEPILLARPATH/init.sls
- echo " helix:" >> $FIREEYEPILLARPATH/init.sls
- echo " api_key: $HELIXAPIKEY" >> $FIREEYEPILLARPATH/init.sls
+ printf '%s\n'\
+ "fireeye:"\
+ " helix:"\
+ " api_key: $HELIXAPIKEY"
+ "" > "$fireeye_pillar_path"/init.sls
}
+# Run a salt command to generate the minion key
+salt_firstcheckin() {
+ salt-call state.show_top >> /dev/null # send output to /dev/null because we don't actually care about the ouput
+}
+
fleet_pillar() {
- PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
+ local pillar_file="$temp_install_dir"/pillar/minions/"$MINION_ID".sls
- # Create the fleet pillar
- touch $PILLARFILE
- echo "fleet:" >> $PILLARFILE
- echo " mainip: $MAINIP" >> $PILLARFILE
- echo " master: $MSRV" >> $PILLARFILE
- echo "" >> $PILLARFILE
+ # Create the fleet pillar
+ printf '%s\n'\
+ "fleet:"\
+ " mainip: $MAINIP"\
+ " master: $MSRV"\
+ "" > "$pillar_file"
}
generate_passwords(){
# Generate Random Passwords for Things
- MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
- FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
- FLEETJWT=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
- HIVEKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
- CORTEXKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
- CORTEXORGUSERKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
- SENSORONIKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
- KRATOSKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
+ MYSQLPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
+ FLEETPASS=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
+ FLEETJWT=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
+ HIVEKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
+ CORTEXKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
+ CORTEXORGUSERKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
+ SENSORONIKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
+ KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 20 | head -n 1)
}
-get_filesystem_nsm(){
- FSNSM=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
-}
-
-get_log_size_limit() {
-
- case $INSTALLTYPE in
- EVAL | HEAVYNODE)
- PERCENTAGE=50
- ;;
- *)
- PERCENTAGE=80
- ;;
- esac
-
- DISK_DIR="/"
-
- if [ -d /nsm ]; then
- DISK_DIR="/nsm"
- fi
-
- DISK_SIZE_K=`df $DISK_DIR |grep -v "^Filesystem" | awk '{print $2}'`
- DISK_SIZE=DISK_SIZE_K*1000
- PERCENTAGE_DISK_SPACE=`echo $(($DISK_SIZE*$PERCENTAGE/100))`
- LOG_SIZE_LIMIT=$(($PERCENTAGE_DISK_SPACE/1000000000))
-
-}
-
-get_filesystem_root(){
- FSROOT=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
-}
-
-get_main_ip() {
-
- # Get the main IP address the box is using
-
- # Add some logic because Bubntu 18.04 like to be different
- if [ $OSVER == 'bionic' ]; then
- MAINIP=$(ip route get 1 | awk '{print $7;exit}')
- else
- MAINIP=$(ip route get 1 | awk '{print $NF;exit}')
- fi
-
- MAININT=$(ip route get 1 | awk '{print $5;exit}')
-
+set_main_ip() {
+ MAINIP=$(ip route get 1 | awk '{print $7;exit}')
}
get_redirect() {
- whiptail_set_redirect_info
- whiptail_set_redirect
- if [ "$REDIRECTINFO" == "OTHER" ]; then
- whiptail_set_redirect_host
- fi
+ whiptail_set_redirect_info
+ whiptail_set_redirect
+ if [ "$REDIRECTINFO" = "OTHER" ]; then
+ whiptail_set_redirect_host
+ fi
}
got_root() {
-
# Make sure you are root
- if [ "$(id -u)" -ne 0 ]; then
- echo "This script must be run using sudo!"
- exit 1
+ uid="$(id -u)"
+ if [ "$uid" -ne 0 ]; then
+ echo "This script must be run using sudo!"
+ exit 1
fi
-
}
install_cleanup() {
-
- echo "install_cleanup removing the following files:"
- ls -lR $TMP
+ echo "Installer removing the following files:"
+ ls -lR "$temp_install_dir"
# Clean up after ourselves
- rm -rf /root/installtmp
+ rm -rf "$temp_install_dir"
}
-install_prep() {
-
- # Create a tmp space that isn't in /tmp
- mkdir /root/installtmp
- mkdir /root/installtmp/pillar
- mkdir /root/installtmp/pillar/minions
- TMP=/root/installtmp
-
+get_minion_type() {
+ local minion_type
+ case "$install_type" in
+ 'EVAL' | 'MASTERSEARCH' | 'MASTER' | 'SENSOR' | 'HEAVYNODE' | 'FLEET')
+ minion_type=$(echo "$install_type" | tr '[:upper:]' '[:lower:]')
+ ;;
+ 'HELIXSENSOR')
+ minion_type='helix'
+ ;;
+ '*NODE')
+ minion_type='node'
+ ;;
+ esac
+ echo "$minion_type"
}
-install_master() {
-
- # Install the salt master package
- if [ $OS == 'centos' ]; then
- #yum -y install wget salt-common salt-master python36-mysql python36-dateutil python36-m2crypto >> $SETUPLOG 2>&1
- echo ""
- # Create a place for the keys for Ubuntu minions
- #mkdir -p /opt/so/gpg
- #wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
- #wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg
- #wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH
-
- else
- if [ $OSVER != "xenial" ]; then
- apt-get install -y salt-common=2019.2.3+ds-1 salt-master=2019.2.3+ds-1 salt-minion=2019.2.3+ds-1 libssl-dev python-m2crypto
- apt-mark hold salt-common salt-master salt-minion
- else
- apt-get install -y salt-common=2019.2.3+ds-1 salt-master=2019.2.3+ds-1 salt-minion=2019.2.3+ds-1 libssl-dev python-m2crypto
- apt-mark hold salt-common salt-master salt-minion
- fi
- fi
-
- copy_master_config
-
-}
-
-ls_heapsize() {
-
- # Determine LS Heap Size
- if [ $TOTAL_MEM -ge 32000 ] || [ $INSTALLTYPE == 'MASTERSEARCH' ] || [ $INSTALLTYPE == 'HEAVYNODE' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
- LS_HEAP_SIZE="1000m"
- elif [ $INSTALLTYPE == 'EVAL' ]; then
- LS_HEAP_SIZE="700m"
- else
- # If minimal RAM, then set minimal heap
- LS_HEAP_SIZE="500m"
- fi
-
+set_base_heapsizes() {
+ es_heapsize
+ ls_heapsize
}
master_pillar() {
- PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
+ local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
- # Create the master pillar
- echo "master:" >> $PILLARFILE
- echo " mainip: $MAINIP" >> $PILLARFILE
- echo " mainint: $MAININT" >> $PILLARFILE
- echo " esheap: $ES_HEAP_SIZE" >> $PILLARFILE
- echo " esclustername: {{ grains.host }}" >> $PILLARFILE
- if [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- echo " freq: 0" >> $PILLARFILE
- echo " domainstats: 0" >> $PILLARFILE
- echo " ls_pipeline_batch_size: 125" >> $PILLARFILE
- echo " ls_input_threads: 1" >> $PILLARFILE
- echo " ls_batch_count: 125" >> $PILLARFILE
- echo " mtu: 1500" >> $PILLARFILE
+ # Create the master pillar
+ printf '%s\n'\
+ "master:"\
+ " mainip: $MAINIP"\
+ " mainint: $MNIC"\
+ " esheap: $ES_HEAP_SIZE"\
+ " esclustername: {{ grains.host }}"\
+ " freq: 0"\
+ " domainstats: 0" >> "$pillar_file"
- else
- echo " freq: 0" >> $PILLARFILE
- echo " domainstats: 0" >> $PILLARFILE
- fi
- echo " lsheap: $LS_HEAP_SIZE" >> $PILLARFILE
- echo " lsaccessip: 127.0.0.1" >> $PILLARFILE
- echo " elastalert: 1" >> $PILLARFILE
- echo " ls_pipeline_workers: $CPUCORES" >> $PILLARFILE
- echo " nids_rules: $RULESETUP" >> $PILLARFILE
- echo " oinkcode: $OINKCODE" >> $PILLARFILE
- #echo " access_key: $ACCESS_KEY" >> $PILLARFILE
- #echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE
- echo " es_port: $NODE_ES_PORT" >> $PILLARFILE
- echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE
- echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE
- #echo " mysqlpass: $MYSQLPASS" >> $PILLARFILE
- #echo " fleetpass: $FLEETPASS" >> $PILLARFILE
- echo " grafana: $GRAFANA" >> $PILLARFILE
- echo " osquery: $OSQUERY" >> $PILLARFILE
- echo " thehive: $THEHIVE" >> $PILLARFILE
- echo " playbook: $PLAYBOOK" >> $PILLARFILE
- echo "" >> $PILLARFILE
- echo "kratos:" >> $PILLARFILE
- if [[ $REDIRECTINFO == 'OTHER' ]]; then
- REDIRECTIT=$REDIRECT
- elif [[ $REDIRECTINFO == 'IP' ]]; then
- REDIRECTIT=$MAINIP
- elif [[ $REDIRECTINFO == 'HOSTNAME' ]]; then
- REDIRECTIT=$HOSTNAME
- fi
- echo " kratoskey: $KRATOSKEY" >> $PILLARFILE
- echo " redirect: $REDIRECTIT" >> $PILLARFILE
- echo "" >> $PILLARFILE
+ if [ "$install_type" = 'EVAL' ] || [ "$install_type" = 'HELIXSENSOR' ] || [ "$install_type" = 'MASTERSEARCH' ]; then
+ printf '%s\n'\
+ " ls_pipeline_batch_size: 125"\
+ " ls_input_threads: 1"\
+ " ls_batch_count: 125"\
+ " mtu: $MTU" >> "$pillar_file"
+ fi
+ printf '%s\n'\
+ " lsheap: $LS_HEAP_SIZE"\
+ " lsaccessip: 127.0.0.1"\
+ " elastalert: 1"\
+ " ls_pipeline_workers: $num_cpu_cores"\
+ " nids_rules: $RULESETUP"\
+ " oinkcode: $OINKCODE"\
+ " es_port: $node_es_port"\
+ " log_size_limit: $log_size_limit"\
+ " cur_close_days: $CURCLOSEDAYS"\
+ " grafana: $GRAFANA"\
+ " osquery: $OSQUERY"\
+ " wazuh: $WAZUH"\
+ " thehive: $THEHIVE"\
+ " playbook: $PLAYBOOK"\
+ " strelka: $STRELKA"\
+ ""\
+ "kratos:" >> "$pillar_file"
+ case $REDIRECTINFO in
+ 'IP')
+ REDIRECTIT="$MAINIP"
+ ;;
+ 'HOSTNAME')
+ REDIRECTIT=$HOSTNAME
+ ;;
+ *)
+ REDIRECTIT="$REDIRECTHOST"
+ ;;
+ esac
+
+ printf '%s\n'\
+ " kratoskey: $KRATOSKEY"\
+ " redirect: $REDIRECTIT"\
+ "" >> "$pillar_file"
+
+ printf '%s\n' '----' >> "$setup_log" 2>&1
+ cat "$pillar_file" >> "$setup_log" 2>&1
}
master_static() {
+ local static_pillar="/opt/so/saltstack/pillar/static.sls"
- # Create a static file for global values
- touch /opt/so/saltstack/pillar/static.sls
+ # Create a static file for global values
+ printf '%s\n'\
+ "static:"\
+ " soversion: HH$SOVERSION"\
+ " hnmaster: $HNMASTER"\
+ " ntpserver: $NTPSERVER"\
+ " proxy: $PROXY"\
+ " broversion: $BROVERSION"\
+ " ids: $NIDS"\
+ " masterip: $MAINIP"\
+ " hiveuser: hiveadmin"\
+ " hivepassword: hivechangeme"\
+ " hivekey: $HIVEKEY"\
+ " cortexuser: cortexadmin"\
+ " cortexpassword: cortexchangeme"\
+ " cortexkey: $CORTEXKEY"\
+ " cortexorgname: SecurityOnion"\
+ " cortexorguser: soadmin"\
+ " cortexorguserkey: $CORTEXORGUSERKEY"\
+ " fleet_master: False"\
+ " fleet_node: False"\
+ " fleet_packages-timestamp: N/A"\
+ " fleet_packages-version: 1"\
+ " fleet_hostname: N/A"\
+ " fleet_ip: N/A"\
+ " sensoronikey: $SENSORONIKEY"\
+ " masterupdate: $MASTERUPDATES" > "$static_pillar"
+ echo "elastic:" >> /opt/so/saltstack/pillar/static.sls
+ echo " features: False" >> /opt/so/saltstack/pillar/static.sls
- echo "static:" > /opt/so/saltstack/pillar/static.sls
- echo " soversion: HH$SOVERSION" >> /opt/so/saltstack/pillar/static.sls
- echo " hnmaster: $HNMASTER" >> /opt/so/saltstack/pillar/static.sls
- echo " ntpserver: $NTPSERVER" >> /opt/so/saltstack/pillar/static.sls
- echo " proxy: $PROXY" >> /opt/so/saltstack/pillar/static.sls
- echo " broversion: $BROVERSION" >> /opt/so/saltstack/pillar/static.sls
- echo " ids: $NIDS" >> /opt/so/saltstack/pillar/static.sls
- echo " masterip: $MAINIP" >> /opt/so/saltstack/pillar/static.sls
- echo " hiveuser: hiveadmin" >> /opt/so/saltstack/pillar/static.sls
- echo " hivepassword: hivechangeme" >> /opt/so/saltstack/pillar/static.sls
- echo " hivekey: $HIVEKEY" >> /opt/so/saltstack/pillar/static.sls
- echo " cortexuser: cortexadmin" >> /opt/so/saltstack/pillar/static.sls
- echo " cortexpassword: cortexchangeme" >> /opt/so/saltstack/pillar/static.sls
- echo " cortexkey: $CORTEXKEY" >> /opt/so/saltstack/pillar/static.sls
- echo " cortexorgname: SecurityOnion" >> /opt/so/saltstack/pillar/static.sls
- echo " cortexorguser: soadmin" >> /opt/so/saltstack/pillar/static.sls
- echo " cortexorguserkey: $CORTEXORGUSERKEY" >> /opt/so/saltstack/pillar/static.sls
- echo " fleet_master: False" >> /opt/so/saltstack/pillar/static.sls
- echo " fleet_node: False" >> /opt/so/saltstack/pillar/static.sls
- echo " fleet_packages-timestamp: N/A" >> /opt/so/saltstack/pillar/static.sls
- echo " fleet_packages-version: 1" >> /opt/so/saltstack/pillar/static.sls
- echo " fleet_hostname: N/A" >> /opt/so/saltstack/pillar/static.sls
- echo " fleet_ip: N/A" >> /opt/so/saltstack/pillar/static.sls
- echo " sensoronikey: $SENSORONIKEY" >> /opt/so/saltstack/pillar/static.sls
- echo " strelka: $STRELKA" >> /opt/so/saltstack/pillar/static.sls
- echo " wazuh: $WAZUH" >> /opt/so/saltstack/pillar/static.sls
- if [[ $MASTERUPDATES == 'MASTER' ]]; then
- echo " masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls
- else
- echo " masterupdate: 0" >> /opt/so/saltstack/pillar/static.sls
- fi
- echo "elastic:" >> /opt/so/saltstack/pillar/static.sls
- echo " features: False" >> /opt/so/saltstack/pillar/static.sls
+ printf '%s\n' '----' >> "$setup_log" 2>&1
+ cat "$static_pillar" >> "$setup_log" 2>&1
}
minio_generate_keys() {
local charSet="[:graph:]"
- ACCESS_KEY=$(cat /dev/urandom | tr -cd "$charSet" | tr -d \' | tr -d \" | head -c 20)
- ACCESS_SECRET=$(cat /dev/urandom | tr -cd "$charSet" | tr -d \' | tr -d \" | head -c 40)
+ ACCESS_KEY=$(tr -cd "$charSet" < /dev/urandom | tr -d \' | tr -d \" | head -c 20)
+ ACCESS_SECRET=$(tr -cd "$charSet" < /dev/urandom | tr -d \' | tr -d \" | head -c 40)
}
network_setup() {
- {
- echo "Finishing up network setup";
+ {
+ echo "Finishing up network setup";
- echo "... Verifying all network devices are managed by Network Manager";
- check_network_manager_conf;
+ echo "... Verifying all network devices are managed by Network Manager";
+ check_network_manager_conf;
- echo "... Disabling unused NICs";
- disable_misc_network_features;
+ echo "... Disabling unused NICs";
+ disable_misc_network_features;
- echo "... Setting ONBOOT for management interface";
- if ! netplan > /dev/null 2>&1; then
- nmcli con mod "$MAININT" connection.autoconnect "yes";
- fi
+ echo "... Setting ONBOOT for management interface";
+ if ! netplan > /dev/null 2>&1; then
+ nmcli con mod "$MNIC" connection.autoconnect "yes";
+ fi
echo "... Copying 99-so-checksum-offload-disable";
- cp "$SCRIPTDIR"/install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ;
+ cp ./install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ;
- echo "... Modifying 99-so-checksum-offload-disable";
- sed -i "s/\$MAININT/${MAININT}/g" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable;
- } >> "$SETUPLOG" 2>&1
+ echo "... Modifying 99-so-checksum-offload-disable";
+ sed -i "s/\$MNIC/${MNIC}/g" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable;
+ } >> "$setup_log" 2>&1
}
node_pillar() {
- PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
+ local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
# Create the node pillar
- echo "node:" >> $PILLARFILE
- echo " mainip: $MAINIP" >> $PILLARFILE
- echo " mainint: $MAININT" >> $PILLARFILE
- echo " esheap: $NODE_ES_HEAP_SIZE" >> $PILLARFILE
- echo " esclustername: {{ grains.host }}" >> $PILLARFILE
- echo " lsheap: $NODE_LS_HEAP_SIZE" >> $PILLARFILE
- echo " ls_pipeline_workers: $LSPIPELINEWORKERS" >> $PILLARFILE
- echo " ls_pipeline_batch_size: $LSPIPELINEBATCH" >> $PILLARFILE
- echo " ls_input_threads: $LSINPUTTHREADS" >> $PILLARFILE
- echo " ls_batch_count: $LSINPUTBATCHCOUNT" >> $PILLARFILE
- echo " es_shard_count: $SHARDCOUNT" >> $PILLARFILE
- echo " node_type: $NODETYPE" >> $PILLARFILE
- echo " es_port: $NODE_ES_PORT" >> $PILLARFILE
- echo " log_size_limit: $LOG_SIZE_LIMIT" >> $PILLARFILE
- echo " cur_close_days: $CURCLOSEDAYS" >> $PILLARFILE
- echo "" >> $PILLARFILE
+ printf '%s\n'\
+ "node:"\
+ " mainip: $MAINIP"\
+ " mainint: $MNIC"\
+ " esheap: $NODE_ES_HEAP_SIZE"\
+ " esclustername: {{ grains.host }}"\
+ " lsheap: $NODE_LS_HEAP_SIZE"\
+ " ls_pipeline_workers: $LSPIPELINEWORKERS"\
+ " ls_pipeline_batch_size: $LSPIPELINEBATCH"\
+ " ls_input_threads: $LSINPUTTHREADS"\
+ " ls_batch_count: $LSINPUTBATCHCOUNT"\
+ " es_shard_count: $SHARDCOUNT"\
+ " node_type: $NODETYPE"\
+ " es_port: $node_es_port"\
+ " log_size_limit: $log_size_limit"\
+ " cur_close_days: $CURCLOSEDAYS"\
+ "" >> "$pillar_file"
+ printf '%s\n' '----' >> "$setup_log" 2>&1
+ cat "$pillar_file" >> "$setup_log" 2>&1
}
patch_pillar() {
- PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
+ local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
- echo "" >> $PILLARFILE
- echo "patch:" >> $PILLARFILE
- echo " os:" >> $PILLARFILE
- echo " schedule_name: $PATCHSCHEDULENAME" >> $PILLARFILE
- echo " enabled: True" >> $PILLARFILE
- echo " splay: 300" >> $PILLARFILE
- echo "" >> $PILLARFILE
+ printf '%s\n'\
+ "patch:"\
+ " os:"\
+ " schedule_name: $PATCHSCHEDULENAME"\
+ " enabled: True"\
+ " splay: 300"\
+ "" >> "$pillar_file"
+
+ printf '%s\n' '----' >> "$setup_log" 2>&1
+ cat "$pillar_file" >> "$setup_log" 2>&1
}
patch_schedule_os_new() {
- OSPATCHSCHEDULEDIR="$TMP/salt/patch/os/schedules"
- OSPATCHSCHEDULE="$OSPATCHSCHEDULEDIR/$PATCHSCHEDULENAME.yml"
+ local OSPATCHSCHEDULEDIR="$temp_install_dir/salt/patch/os/schedules"
+ local OSPATCHSCHEDULE="$OSPATCHSCHEDULEDIR/$PATCHSCHEDULENAME.yml"
- if [ ! -d $OSPATCHSCHEDULEDIR ] ; then
- mkdir -p $OSPATCHSCHEDULEDIR
- fi
+ mkdir -p $OSPATCHSCHEDULEDIR
- echo "patch:" > $OSPATCHSCHEDULE
- echo " os:" >> $OSPATCHSCHEDULE
- echo " schedule:" >> $OSPATCHSCHEDULE
- for psd in "${PATCHSCHEDULEDAYS[@]}"
- do
- psd=$(echo $psd | sed 's/"//g')
- echo " - $psd:" >> $OSPATCHSCHEDULE
- for psh in "${PATCHSCHEDULEHOURS[@]}"
- do
- psh=$(echo $psh | sed 's/"//g')
- echo " - '$psh'" >> $OSPATCHSCHEDULE
- done
- done
+ printf '%s\n'\
+ "patch:"\
+ " os:"\
+ " schedule:"> "$OSPATCHSCHEDULE"
+ for psd in "${PATCHSCHEDULEDAYS[@]}";do
+ psd="${psd//\"/}"
+ echo " - $psd:" >> "$OSPATCHSCHEDULE"
+ for psh in "${PATCHSCHEDULEHOURS[@]}"
+ do
+ psh="${psh//\"/}"
+ echo " - '$psh'" >> "$OSPATCHSCHEDULE"
+ done
+ done
+ printf '%s\n' '----' >> "$setup_log" 2>&1
+ cat "$OSPATCHSCHEDULE" >> "$setup_log" 2>&1
}
-process_components() {
- CLEAN=${COMPONENTS//\"}
- GRAFANA=0
- OSQUERY=0
- WAZUH=0
- THEHIVE=0
- PLAYBOOK=0
- STRELKA=0
+print_salt_state_apply() {
+ local state=$1
- IFS=$' '
- for item in $(echo "$CLEAN"); do
- let $item=1
- done
- unset IFS
+ echo "Applying $state Salt state"
}
reserve_group_ids() {
-
# This is a hack to fix CentOS from taking group IDs that we need
groupadd -g 928 kratos
groupadd -g 930 elasticsearch
@@ -1059,559 +999,407 @@ reserve_group_ids() {
groupadd -g 933 elastalert
groupadd -g 934 curator
groupadd -g 937 zeek
- groupadd -g 939 socore
groupadd -g 940 suricata
groupadd -g 941 stenographer
groupadd -g 945 ossec
groupadd -g 946 cyberchef
- groupadd -g 947 soremote
-
}
saltify() {
- # Install updates and Salt
- if [ $OS == 'centos' ]; then
- ADDUSER=adduser
+ # Install updates and Salt
+ if [ $OS = 'centos' ]; then
+ set_progress_str 5 'Installing Salt repo'
+ {
+ sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/2019.2/SALTSTACK-GPG-KEY.pub;
+ cp ./yum_repos/salt-2019-2.repo /etc/yum.repos.d/salt-2019-2.repo;
+ } >> "$setup_log" 2>&1
+ set_progress_str 6 'Installing various dependencies'
+ yum -y install wget nmap >> "$setup_log" 2>&1
+ case "$install_type" in
+ 'MASTER' | 'EVAL' | 'MASTERSEARCH' | 'FLEET' | 'HELIXSENSOR')
+ reserve_group_ids >> "$setup_log" 2>&1
+ yum -y install epel-release sqlite3 argon2 curl mariadb-devel >> "$setup_log" 2>&1
+ # Download Ubuntu Keys in case master updates = 1
+ mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
+ wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
+ wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
+ wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
+ cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1
+ set_progress_str 7 'Installing salt-master'
+ yum -y install salt-master-2019.2.4 >> "$setup_log" 2>&1
+ systemctl enable salt-master >> "$setup_log" 2>&1
+ ;;
+ *)
+ if [ "$MASTERUPDATES" = '1' ]; then
+ {
+ # Create the GPG Public Key for the Salt Repo
+ cp ./public_keys/salt.pem /etc/pki/rpm-gpg/saltstack-signing-key;
- if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- reserve_group_ids
- yum -y install epel-release
- yum -y install wget https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
- cp /etc/yum.repos.d/salt-py3-latest.repo /etc/yum.repos.d/salt-py3-2019-2.repo
- sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-py3-2019-2.repo
- yum -y install sqlite3 argon2 curl jq openssl
- # Download Ubuntu Keys in case master updates = 1
- mkdir -p /opt/so/gpg
- wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub
- wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg
- wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH
- cat > /etc/yum.repos.d/wazuh.repo <<\EOF
-[wazuh_repo]
-gpgcheck=1
-gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
-enabled=1
-name=Wazuh repository
-baseurl=https://packages.wazuh.com/3.x/yum/
-protect=1
-EOF
+ # Copy repo files over
+ cp ./yum_repos/salt-latest.repo /etc/yum.repos.d/salt-latest.repo;
+ cp ./yum_repos/salt-2019-2.repo /etc/yum.repos.d/salt-2019-2.repo;
+ } >> "$setup_log" 2>&1
+ fi
+ ;;
+ esac
+ cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1
+ yum clean expire-cache >> "$setup_log" 2>&1
+ set_progress_str 8 'Installing salt-minion & python modules'
+ {
+ yum -y install epel-release\
+ salt-minion-2019.2.4\
+ python3\
+ python36-docker\
+ python36-dateutil\
+ python36-m2crypto\
+ python36-mysql\
+ yum-utils\
+ device-mapper-persistent-data\
+ lvm2\
+ openssl\
+ jq;
+ yum -y update exclude=salt*;
+ systemctl enable salt-minion
+ } >> "$setup_log" 2>&1
+ echo "exclude=salt*" >> /etc/yum.conf
+ else
+ DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade >> "$setup_log" 2>&1
- else
+ if [ $OSVER != "xenial" ]; then
+ # Switch to Python 3 as default if this is not xenial
+ update-alternatives --install /usr/bin/python python /usr/bin/python3.6 10 >> "$setup_log" 2>&1
+ fi
+ # Add the pre-requisites for installing docker-ce
+ apt-get -y install ca-certificates\
+ curl\
+ software-properties-common\
+ apt-transport-https\
+ openssl\
+ netcat\
+ jq >> "$setup_log" 2>&1
- if [ $MASTERUPDATES == 'MASTER' ]; then
+ # Grab the version from the os-release file
+ local ubuntu_version
+ ubuntu_version=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}')
- # Create the GPG Public Key for the Salt Repo
- echo "-----BEGIN PGP PUBLIC KEY BLOCK-----" > /etc/pki/rpm-gpg/saltstack-signing-key
- echo "Version: GnuPG v2.0.22 (GNU/Linux)" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "/NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "MA==" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "=dtMN" >> /etc/pki/rpm-gpg/saltstack-signing-key
- echo "-----END PGP PUBLIC KEY BLOCK-----" >> /etc/pki/rpm-gpg/saltstack-signing-key
+ case "$install_type" in
+ 'FLEET')
+ if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$setup_log" 2>&1; else apt-get -y install python-mysqldb >> "$setup_log" 2>&1; fi
+ ;;
+ 'MASTER' | 'EVAL' | 'MASTERSEARCH') # TODO: should this also be HELIXSENSOR?
+ if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi
- # Add the Wazuh Key
- cat > /etc/pki/rpm-gpg/GPG-KEY-WAZUH <<\EOF
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1
+ # Add saltstack repo(s)
+ wget --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/2019.2/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
+ echo "deb http://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack2019.list >> "$setup_log" 2>&1
-mQINBFeeyYwBEACyf4VwV8c2++J5BmCl6ofLCtSIW3UoVrF4F+P19k/0ngnSfjWb
-8pSWB11HjZ3Mr4YQeiD7yY06UZkrCXk+KXDlUjMK3VOY7oNPkqzNaP6+8bDwj4UA
-hADMkaXBvWooGizhCoBtDb1bSbHKcAnQ3PTdiuaqF5bcyKk8hv939CHulL2xH+BP
-mmTBi+PM83pwvR+VRTOT7QSzf29lW1jD79v4rtXHJs4KCz/amT/nUm/tBpv3q0sT
-9M9rH7MTQPdqvzMl122JcZST75GzFJFl0XdSHd5PAh2mV8qYak5NYNnwA41UQVIa
-+xqhSu44liSeZWUfRdhrQ/Nb01KV8lLAs11Sz787xkdF4ad25V/Rtg/s4UXt35K3
-klGOBwDnzPgHK/OK2PescI5Ve1z4x1C2bkGze+gk/3IcfGJwKZDfKzTtqkZ0MgpN
-7RGghjkH4wpFmuswFFZRyV+s7jXYpxAesElDSmPJ0O07O4lQXQMROE+a2OCcm0eF
-3+Cr6qxGtOp1oYMOVH0vOLYTpwOkAM12/qm7/fYuVPBQtVpTojjV5GDl2uGq7p0o
-h9hyWnLeNRbAha0px6rXcF9wLwU5n7mH75mq5clps3sP1q1/VtP/Fr84Lm7OGke4
-9eD+tPNCdRx78RNWzhkdQxHk/b22LCn1v6p1Q0qBco9vw6eawEkz1qwAjQARAQAB
-tDFXYXp1aC5jb20gKFdhenVoIFNpZ25pbmcgS2V5KSA8c3VwcG9ydEB3YXp1aC5j
-b20+iQI9BBMBCAAnBQJXnsmMAhsDBQkFo5qABQsJCAcDBRUKCQgLBRYCAwEAAh4B
-AheAAAoJEJaz7l8pERFFHEsQAIaslejcW2NgjgOZuvn1Bht4JFMbCIPOekg4Z5yF
-binRz0wmA7JNaawDHTBYa6L+A2Xneu/LmuRjFRMesqopUukVeGQgHBXbGMzY46eI
-rqq/xgvgWzHSbWweiOX0nn+exbEAM5IyW+efkWNz0e8xM1LcxdYZxkVOqFqkp3Wv
-J9QUKw6z9ifUOx++G8UO307O3hT2f+x4MUoGZeOF4q1fNy/VyBS2lMg2HF7GWy2y
-kjbSe0p2VOFGEZLuu2f5tpPNth9UJiTliZKmgSk/zbKYmSjiVY2eDqNJ4qjuqes0
-vhpUaBjA+DgkEWUrUVXG5yfQDzTiYIF84LknjSJBYSLZ4ABsMjNO+GApiFPcih+B
-Xc9Kx7E9RNsNTDqvx40y+xmxDOzVIssXeKqwO8r5IdG3K7dkt2Vkc/7oHOpcKwE5
-8uASMPiqqMo+t1RVa6Spckp3Zz8REILbotnnVwDIwo2HmgASirMGUcttEJzubaIa
-Mv43GKs8RUH9s5NenC02lfZG7D8WQCz5ZH7yEWrt5bCaQRNDXjhsYE17SZ/ToHi3
-OpWu050ECWOHdxlXNG3dOWIdFDdBJM7UfUNSSOe2Y5RLsWfwvMFGbfpdlgJcMSDV
-X+ienkrtXhBteTu0dwPu6HZTFOjSftvtAo0VIqGQrKMvKelkkdNGdDFLQw2mUDcw
-EQj6uQINBFeeyYwBEADD1Y3zW5OrnYZ6ghTd5PXDAMB8Z1ienmnb2IUzLM+i0yE2
-TpKSP/XYCTBhFa390rYgFO2lbLDVsiz7Txd94nHrdWXGEQfwrbxsvdlLLWk7iN8l
-Fb4B60OfRi3yoR96a/kIPNa0x26+n79LtDuWZ/DTq5JSHztdd9F1sr3h8i5zYmtv
-luj99ZorpwYejbBVUm0+gP0ioaXM37uO56UFVQk3po9GaS+GtLnlgoE5volgNYyO
-rkeIua4uZVsifREkHCKoLJip6P7S3kTyfrpiSLhouEZ7kV1lbMbFgvHXyjm+/AIx
-HIBy+H+e+HNt5gZzTKUJsuBjx44+4jYsOR67EjOdtPOpgiuJXhedzShEO6rbu/O4
-wM1rX45ZXDYa2FGblHCQ/VaS0ttFtztk91xwlWvjTR8vGvp5tIfCi+1GixPRQpbN
-Y/oq8Kv4A7vB3JlJscJCljvRgaX0gTBzlaF6Gq0FdcWEl5F1zvsWCSc/Fv5WrUPY
-5mG0m69YUTeVO6cZS1aiu9Qh3QAT/7NbUuGXIaAxKnu+kkjLSz+nTTlOyvbG7BVF
-a6sDmv48Wqicebkc/rCtO4g8lO7KoA2xC/K/6PAxDrLkVyw8WPsAendmezNfHU+V
-32pvWoQoQqu8ysoaEYc/j9fN4H3mEBCN3QUJYCugmHP0pu7VtpWwwMUqcGeUVwAR
-AQABiQIlBBgBCAAPBQJXnsmMAhsMBQkFo5qAAAoJEJaz7l8pERFFz8IP/jfBxJSB
-iOw+uML+C4aeYxuHSdxmSsrJclYjkw7Asha/fm4Kkve00YAW8TGxwH2kgS72ooNJ
-1Q7hUxNbVyrJjQDSMkRKwghmrPnUM3UyHmE0dq+G2NhaPdFo8rKifLOPgwaWAfSV
-wgMTK86o0kqRbGpXgVIG5eRwv2FcxM3xGfy7sub07J2VEz7Ba6rYQ3NTbPK42AtV
-+wRJDXcgS7y6ios4XQtSbIB5f6GI56zVlwfRd3hovV9ZAIJQ6DKM31wD6Kt/pRun
-DjwMZu0/82JMoqmxX/00sNdDT1S13guCfl1WhBu7y1ja9MUX5OpUzyEKg5sxme+L
-iY2Rhs6CjmbTm8ER4Uj8ydKyVTy8zbumbB6T8IwCAbEMtPxm6pKh/tgLpoJ+Bj0y
-AsGjmhV7R6PKZSDXg7/qQI98iC6DtWc9ibC/QuHLcvm3hz40mBgXAemPJygpxGst
-mVtU7O3oHw9cIUpkbMuVqSxgPFmSSq5vEYkka1CYeg8bOz6aCTuO5J0GDlLrpjtx
-6lyImbZAF/8zKnW19aq5lshT2qJlTQlZRwwDZX5rONhA6T8IEUnUyD4rAIQFwfJ+
-gsXa4ojD/tA9NLdiNeyEcNfyX3FZwXWCtVLXflzdRN293FKamcdnMjVRjkCnp7iu
-7eO7nMgcRoWddeU+2aJFqCoQtKCp/5EKhFey
-=UIVm
------END PGP PUBLIC KEY BLOCK-----
-EOF
+ # Add Docker repo
+ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1
+ add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> "$setup_log" 2>&1
- # Proxy is hating on me.. Lets just set it manually
- echo "[salt-latest]" > /etc/yum.repos.d/salt-latest.repo
- echo "name=SaltStack Latest Release Channel for RHEL/Centos \$releasever" >> /etc/yum.repos.d/salt-latest.repo
- echo "baseurl=https://repo.saltstack.com/py3/redhat/7/\$basearch/latest" >> /etc/yum.repos.d/salt-latest.repo
- echo "failovermethod=priority" >> /etc/yum.repos.d/salt-latest.repo
- echo "enabled=1" >> /etc/yum.repos.d/salt-latest.repo
- echo "gpgcheck=1" >> /etc/yum.repos.d/salt-latest.repo
- echo "gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key" >> /etc/yum.repos.d/salt-latest.repo
+ # Get gpg keys
+ mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
+ wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/"$ubuntu_version"/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
+ wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
+ wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
- # Proxy is hating on me.. Lets just set it manually
- echo "[salt-2019.2]" > /etc/yum.repos.d/salt-2019-2.repo
- echo "name=SaltStack Latest Release Channel for RHEL/Centos \$releasever" >> /etc/yum.repos.d/salt-2019-2.repo
- echo "baseurl=https://repo.saltstack.com/py3/redhat/7/\$basearch/2019.2" >> /etc/yum.repos.d/salt-2019-2.repo
- echo "failovermethod=priority" >> /etc/yum.repos.d/salt-2019-2.repo
- echo "enabled=1" >> /etc/yum.repos.d/salt-2019-2.repo
- echo "gpgcheck=1" >> /etc/yum.repos.d/salt-2019-2.repo
- echo "gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key" >> /etc/yum.repos.d/salt-2019-2.repo
-
- cat > /etc/yum.repos.d/wazuh.repo <<\EOF
-[wazuh_repo]
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-WAZUH
-enabled=1
-name=Wazuh repository
-baseurl=https://packages.wazuh.com/3.x/yum/
-protect=1
-EOF
- else
- yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
- cp /etc/yum.repos.d/salt-py3-latest.repo /etc/yum.repos.d/salt-2019-2.repo
- sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-2019-2.repo
-cat > /etc/yum.repos.d/wazuh.repo <<\EOF
-[wazuh_repo]
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-WAZUH
-enabled=1
-name=Wazuh repository
-baseurl=https://packages.wazuh.com/3.x/yum/
-protect=1
-EOF
- fi
- fi
-
- yum clean expire-cache
- yum -y install epel-release salt-minion-2019.2.3 yum-utils device-mapper-persistent-data lvm2 openssl jq
- yum -y update exclude=salt*
- systemctl enable salt-minion
-
- if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- yum -y install salt-master-2019.2.3 python3 python36-m2crypto salt-minion-2019.2.3 python36-dateutil python36-mysql python36-docker
- systemctl enable salt-master
- elif [ $INSTALLTYPE == 'FLEET' ]; then
- yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker python36-mysql
- else
- yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker
- fi
- echo "exclude=salt*" >> /etc/yum.conf
-
- # Our OS is not CentOS
- else
- ADDUSER=useradd
- DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade
-
- if [ $OSVER != "xenial" ]; then
-
- # Switch to Python 3 as default is this is not xenial
- update-alternatives --install /usr/bin/python python /usr/bin/python3.6 10
-
- fi
- # Add the pre-requisites for installing docker-ce
- apt-get -y install ca-certificates curl software-properties-common apt-transport-https openssl jq >> $SETUPLOG 2>&1
-
- # Grab the version from the os-release file
- UVER=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}')
-
- # Nasty hack but required for now
- if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
-
- if [ $OSVER != "xenial" ]; then
- # Install the repo for salt py3 edition
- wget --inet4-only -O - https://repo.saltstack.com/py3/ubuntu/$UVER/amd64/3000/SALTSTACK-GPG-KEY.pub | apt-key add -
- wget --inet4-only -O - https://repo.saltstack.com/py3/ubuntu/$UVER/amd64/2019.2/SALTSTACK-GPG-KEY.pub | apt-key add -
- echo "deb http://repo.saltstack.com/py3/ubuntu/$UVER/amd64/latest $OSVER main" > /etc/apt/sources.list.d/saltstack.list
- echo "deb http://repo.saltstack.com/py3/ubuntu/$UVER/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack2019.list
- else
- # Install the repo for salt
- wget --inet4-only -O - https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add -
- wget --inet4-only -O - https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2019.2/SALTSTACK-GPG-KEY.pub | apt-key add -
- echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest $OSVER main" > /etc/apt/sources.list.d/saltstack.list
- echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack2019.list
- fi
- # Lets get the docker repo added
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-
- # Create a place for the keys
- mkdir -p /opt/so/gpg
- wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest/SALTSTACK-GPG-KEY.pub
- wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg
- wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH
-
- # Get key and install wazuh
- curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add -
- # Add repo
- echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
-
- # Initialize the new repos
- apt-get update >> $SETUPLOG 2>&1
- if [ $OSVER != "xenial" ]; then
- apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
- apt-mark hold salt-minion salt-common
- else
- # Need to add python packages here
- apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1
- apt-mark hold salt-minion salt-common
- fi
- else
-
- # Copy down the gpg keys and install them from the master
- mkdir $TMP/gpg
- echo "scp the gpg keys and install them from the master"
- scp -v -i /root/.ssh/so.key soremote@$MSRV:/opt/so/gpg/* $TMP/gpg
- echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH"
- apt-key add $TMP/gpg/SALTSTACK-GPG-KEY.pub
- apt-key add $TMP/gpg/GPG-KEY-WAZUH
-
- if [ $OSVER != "xenial" ]; then
- # Install the repo for salt py3 edition
- wget --inet4-only -O - https://repo.saltstack.com/py3/ubuntu/$UVER/amd64/3000/SALTSTACK-GPG-KEY.pub | apt-key add -
- wget --inet4-only -O - https://repo.saltstack.com/py3/ubuntu/$UVER/amd64/2019.2/SALTSTACK-GPG-KEY.pub | apt-key add -
- echo "deb http://repo.saltstack.com/py3/ubuntu/$UVER/amd64/latest $OSVER main" > /etc/apt/sources.list.d/saltstack.list
- echo "deb http://repo.saltstack.com/py3/ubuntu/$UVER/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack2019.list
- else
- echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack.list
- fi
- echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list
-
- # Initialize the new repos
- apt-get update >> $SETUPLOG 2>&1
- if [ $OSVER != "xenial" ]; then
- apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto >> $SETUPLOG 2>&1
- apt-mark hold salt-minion salt-common
- else
- # Need to add python packages here
- apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto >> $SETUPLOG 2>&1
- apt-mark hold salt-minion salt-common
- fi
- fi
-
- fi
+ # Get key and install wazuh
+ curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - >> "$setup_log" 2>&1
+ # Add repo
+ echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list >> "$setup_log" 2>&1
+ # Initialize the new repos
+ apt-get update >> "$setup_log" 2>&1
+ set_progress_str 6 'Installing various dependencies'
+ apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1
+ set_progress_str 7 'Installing salt-master'
+ apt-get -y salt-master=2019.2.4+ds-1 >> "$setup_log" 2>&1
+ apt-mark hold salt-master >> "$setup_log" 2>&1
+ ;;
+ *)
+ # Copy down the gpg keys and install them from the master
+ mkdir "$temp_install_dir"/gpg >> "$setup_log" 2>&1
+ echo "scp the gpg keys and install them from the master" >> "$setup_log" 2>&1
+ scp -v -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/gpg/* "$temp_install_dir"/gpg >> "$setup_log" 2>&1
+ echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1
+ apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
+ apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
+ echo "deb http://repo.saltstack.com/apt/ubuntu/$ubuntu_version/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack.list >> "$setup_log" 2>&1
+ echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list >> "$setup_log" 2>&1
+ ;;
+ esac
+ apt-get update >> "$setup_log" 2>&1
+ set_progress_str 8 'Installing salt-minion & python modules'
+ apt-get -y install salt-minion=2019.2.4+ds-1\
+ salt-common=2019.2.4+ds-1 >> "$setup_log" 2>&1
+ apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1
+ if [ "$OSVER" != 'xenial' ]; then
+ apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1
+ else
+ apt-get -y install python-dateutil python-m2crypto python-mysqldb >> "$setup_log" 2>&1
+ fi
+ fi
}
salt_checkin() {
- # Master State to Fix Mine Usage
- if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- echo "Building Certificate Authority"
- salt-call state.apply ca >> $SETUPLOG 2>&1
- echo " *** Restarting Salt to fix any SSL errors. ***"
- service salt-master restart >> $SETUPLOG 2>&1
- sleep 5
- service salt-minion restart >> $SETUPLOG 2>&1
- sleep 15
- echo " Applyng a mine hack "
- salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt >> $SETUPLOG 2>&1
- echo " Applying SSL state "
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo "Still Working... Hang in there"
- #salt-call state.highstate
-
- else
-
- # Run Checkin
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- #salt-call state.highstate >> $SETUPLOG 2>&1
-
- fi
+ case "$install_type" in
+ 'MASTER' | 'EVAL' | 'HELIXSENSOR' | 'MASTERSEARCH') # Fix Mine usage
+ {
+ echo "Building Certificate Authority";
+ salt-call state.apply ca;
+ echo " *** Restarting Salt to fix any SSL errors. ***";
+ systemctl restart salt-master;
+ sleep 5;
+ systemctl restart salt-minion;
+ sleep 15;
+ echo " Applyng a mine hack";
+ salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt;
+ echo " Applying SSL state";
+ salt-call state.apply ssl;
+ } >> "$setup_log" 2>&1
+ ;;
+ *)
+ {
+ salt-call state.apply ca;
+ salt-call state.apply ssl;
+ } >> "$setup_log" 2>&1
+ ;;
+ esac
+ {
+ salt-call state.apply ca;
+ salt-call state.apply ssl;
+ } >> "$setup_log" 2>&1
}
-salt_firstcheckin() {
-
- #First Checkin
- salt-call state.highstate >> $SETUPLOG 2>&1
-
-}
-
-salt_master_directories() {
-
+setup_salt_master_dirs() {
# Create salt paster directories
mkdir -p /opt/so/saltstack/salt
mkdir -p /opt/so/saltstack/pillar
# Copy over the salt code and templates
- if [ $INSTALLMETHOD == 'iso' ]; then
- rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* /opt/so/saltstack/pillar/
- rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* /opt/so/saltstack/salt/
+ if [ "$setup_type" = 'iso' ]; then
+ rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* /opt/so/saltstack/pillar/ >> "$setup_log" 2>&1
+ rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* /opt/so/saltstack/salt/ >> "$setup_log" 2>&1
else
- cp -R $SCRIPTDIR/../pillar/* /opt/so/saltstack/pillar/
- cp -R $SCRIPTDIR/../salt/* /opt/so/saltstack/salt/
+ cp -R ../pillar/* /opt/so/saltstack/pillar/ >> "$setup_log" 2>&1
+ cp -R ../salt/* /opt/so/saltstack/salt/ >> "$setup_log" 2>&1
fi
- chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh
- chmod +x /opt/so/saltstack/pillar/data/addtotab.sh
-
+ echo "Chown the salt dirs on the master for socore" >> "$setup_log" 2>&1
+ chown -R socore:socore /opt/so
}
-salt_install_mysql_deps() {
+set_progress_str() {
+ local percentage_input
+ percentage_input=$1
+ local progress_bar_text
+ progress_bar_text=$2
- if [ $OS == 'centos' ]; then
- yum -y install mariadb-devel
- elif [ $OS == 'ubuntu' ]; then
- if [ $OSVER != "xenial" ]; then
- apt-get -y install python3-mysqldb >> $SETUPLOG 2>&1
- else
- apt-get -y install python-mysqldb
- fi
+ if [ "$percentage_input" -gt "$percentage" ]; then
+ percentage="$percentage_input"
fi
+ percentage_str="XXX\n${percentage}\n${progress_bar_text}\nXXX"
+
+ echo -e "$percentage_str"
+
+ printf '%s\n' '----' "${progress_bar_text^^}" "----" >> "$setup_log" 2>&1
+
+ sleep 5
}
sensor_pillar() {
- PILLARFILE=$TMP/pillar/minions/$MINION_ID.sls
+ local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls
# Create the sensor pillar
- touch $PILLARFILE
- echo "sensor:" >> $PILLARFILE
- echo " interface: bond0" >> $PILLARFILE
- echo " mainip: $MAINIP" >> $PILLARFILE
- echo " mainint: $MAININT" >> $PILLARFILE
- if [ $NSMSETUP == 'ADVANCED' ]; then
- echo " bro_pins:" >> $PILLARFILE
- for PIN in $BROPINS; do
- PIN=$(echo $PIN | cut -d\" -f2)
- echo " - $PIN" >> $PILLARFILE
+ printf '%s\n'\
+ "sensor:"\
+ " interface: bond0"\
+ " mainip: $MAINIP"\
+ " mainint: $MNIC" >> "$pillar_file"
+
+ if [ "$NSMSETUP" = 'ADVANCED' ]; then
+ echo " bro_pins:" >> "$pillar_file"
+ for PIN in "${BROPINS[@]}"; do
+ PIN=$(echo "$PIN" | cut -d\" -f2)
+ echo " - $PIN" >> "$pillar_file"
done
- echo " suripins:" >> $PILLARFILE
- for SPIN in $SURIPINS; do
- SPIN=$(echo $SPIN | cut -d\" -f2)
- echo " - $SPIN" >> $PILLARFILE
+ echo " suripins:" >> "$pillar_file"
+ for SPIN in "${SURIPINS[@]}"; do
+ SPIN=$(echo "$SPIN" | cut -d\" -f2)
+ echo " - $SPIN" >> "$pillar_file"
done
- elif [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
- echo " bro_lbprocs: $LBPROCS" >> $PILLARFILE
- echo " suriprocs: $LBPROCS" >> $PILLARFILE
+ elif [ "$install_type" = 'HELIXSENSOR' ]; then
+ echo " bro_lbprocs: $lb_procs" >> "$pillar_file"
+ echo " suriprocs: $lb_procs" >> "$pillar_file"
else
- echo " bro_lbprocs: $BASICBRO" >> $PILLARFILE
- echo " suriprocs: $BASICSURI" >> $PILLARFILE
+ echo " bro_lbprocs: $BASICBRO" >> "$pillar_file"
+ echo " suriprocs: $BASICSURI" >> "$pillar_file"
fi
- echo " brobpf:" >> $PILLARFILE
- echo " pcapbpf:" >> $PILLARFILE
- echo " nidsbpf:" >> $PILLARFILE
- echo " master: $MSRV" >> $PILLARFILE
- echo " mtu: $MTU" >> $PILLARFILE
- echo " uniqueid: $(date '+%s')" >> $PILLARFILE
- if [ $HNSENSOR != 'inherit' ]; then
- echo " hnsensor: $HNSENSOR" >> $PILLARFILE
+ printf '%s\n'\
+ " brobpf:"\
+ " pcapbpf:"\
+ " nidsbpf:"\
+ " master: $MSRV"\
+ " mtu: $MTU"\
+ " uniqueid: $(date '+%s')" >> "$pillar_file"
+ if [ "$HNSENSOR" != 'inherit' ]; then
+ echo " hnsensor: $HNSENSOR" >> "$pillar_file"
fi
- echo " access_key: $ACCESS_KEY" >> $PILLARFILE
- echo " access_secret: $ACCESS_SECRET" >> $PILLARFILE
- echo "" >> $PILLARFILE
-
-}
-
-set_environment_var() {
-
- echo "Setting environment variable: $1"
-
- export "$1"
- echo "$1" >> /etc/environment
+ printf '%s\n'\
+ " access_key: $ACCESS_KEY"\
+ " access_secret: $ACCESS_SECRET"\
+ "" >> "$pillar_file"
+ printf '%s\n' '----' >> "$setup_log" 2>&1
+ cat "$pillar_file" >> "$setup_log" 2>&1
}
set_hostname() {
- echo 'set_hostname called' >> $SETUPLOG 2>&1
- echo $TESTHOST >> $SETUPLOG 2>&1
- echo $INSTALLTYPE >> $SETUPLOG 2>&1
- hostnamectl set-hostname --static $HOSTNAME
- echo "127.0.0.1 $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost4 localhost4.localdomain" > /etc/hosts
- echo "::1 localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts
- echo $HOSTNAME > /etc/hostname
- HOSTNAME=$(cat /etc/hostname)
- if [[ ! $INSTALLTYPE =~ ^(MASTER|EVAL|HELIXSENSOR|MASTERSEARCH)$ ]]; then
- if [[ $TESTHOST = *"not found"* ]] || [ -z $TESTHOST ] || [[ $TESTHOST = *"connection timed out"* ]]; then
- if ! grep -q $MSRVIP /etc/hosts; then
- echo "$MSRVIP $MSRV" >> /etc/hosts
- fi
- fi
- fi
+ set_hostname_iso
+
+ HOSTNAME=$(cat /etc/hostname)
+ if [[ ! $install_type =~ ^(MASTER|EVAL|HELIXSENSOR|MASTERSEARCH)$ ]]; then
+ if [[ $TESTHOST = *"not found"* ]] || [ -z "$TESTHOST" ] || [[ $TESTHOST = *"connection timed out"* ]]; then
+ if ! grep -q "$MSRVIP" /etc/hosts; then
+ echo "$MSRVIP $MSRV" >> /etc/hosts
+ fi
+ fi
+ fi
}
set_hostname_iso() {
- hostnamectl set-hostname --static $HOSTNAME
+ hostnamectl set-hostname --static "$HOSTNAME"
echo "127.0.0.1 $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost4 localhost4.localdomain" > /etc/hosts
- echo "::1 localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts
- echo $HOSTNAME > /etc/hostname
+ echo "::1 $HOSTNAME $HOSTNAME localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts
+ echo "$HOSTNAME" > /etc/hostname
+
}
set_initial_firewall_policy() {
- get_main_ip
- if [ $INSTALLTYPE == 'MASTER' ]; then
- printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
- printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
- /opt/so/saltstack/pillar/data/addtotab.sh mastertab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
- fi
+ set_main_ip
- if [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
- printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
- printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/forward_nodes.sls
- printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/search_nodes.sls
- if [ $INSTALLTYPE == 'EVAL' ]; then
- /opt/so/saltstack/pillar/data/addtotab.sh evaltab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
- elif [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
- fi
- fi
-
- if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
- printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/minions.sls
- printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/masterfw.sls
- printf " - $MAINIP\n" >> /opt/so/saltstack/pillar/firewall/forward_nodes.sls
- fi
-
- if [ $INSTALLTYPE == 'SENSOR' ]; then
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
- fi
-
- if [ $INSTALLTYPE == 'SEARCHNODE' ]; then
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
- fi
-
- if [ $INSTALLTYPE == 'HEAVYNODE' ]; then
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes $MAINIP
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes $MAINIP
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM bond0
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab $MINION_ID $MAINIP $CPUCORES $RANDOMUID $MAININT $FSROOT $FSNSM
- fi
-
- if [ $INSTALLTYPE == 'FLEET' ]; then
- ssh -i /root/.ssh/so.key soremote@$MSRV sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions $MAINIP
- fi
-
- if [ $INSTALLTYPE == 'PARSINGNODE' ]; then
- echo "blah"
- fi
-
- if [ $INSTALLTYPE == 'HOTNODE' ]; then
- echo "blah"
- fi
-
- if [ $INSTALLTYPE == 'WARMNODE' ]; then
- echo "blah"
- fi
+ if [ -f /opt/so/saltstack/pillar/data/addtotab.sh ]; then chmod +x /opt/so/saltstack/pillar/data/addtotab.sh; fi
+ if [ -f /opt/so/saltstack/pillar/firewall/addfirewall.sh ]; then chmod +x /opt/so/saltstack/pillar/firewall/addfirewall.sh; fi
+ case "$install_type" in
+ 'MASTER')
+ printf " - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls /opt/so/saltstack/pillar/firewall/masterfw.sls
+ /opt/so/saltstack/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
+ ;;
+ 'EVAL' | 'MASTERSEARCH')
+ printf " - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls\
+ /opt/so/saltstack/pillar/firewall/masterfw.sls\
+ /opt/so/saltstack/pillar/firewall/forward_nodes.sls\
+ /opt/so/saltstack/pillar/firewall/search_nodes.sls
+ case "$install_type" in
+ 'EVAL')
+ /opt/so/saltstack/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
+ ;;
+ 'MASTERSEARCH')
+ /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
+ ;;
+ esac
+ ;;
+ 'HELIXSENSOR')
+ printf " - %s\n" "$MAINIP" | tee -a /opt/so/saltstack/pillar/firewall/minions.sls\
+ /opt/so/saltstack/pillar/firewall/masterfw.sls\
+ /opt/so/saltstack/pillar/firewall/forward_nodes.sls
+ ;;
+ 'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET')
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh minions "$MAINIP"
+ case "$INSTALLERTYPE" in
+ 'SENSOR')
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
+ ;;
+ 'SEARCHNODE')
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
+ ;;
+ 'HEAVYNODE')
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh forward_nodes "$MAINIP"
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/firewall/addfirewall.sh search_nodes "$MAINIP"
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh sensorstab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
+ ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo /opt/so/saltstack/pillar/data/addtotab.sh nodestab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
+ ;;
+ esac
+ ;;
+ 'PARSINGNODE')
+ # TODO: implement
+ ;;
+ 'HOTNODE')
+ # TODO: implement
+ ;;
+ 'WARMNODE')
+ # TODO: implement
+ ;;
+ esac
}
# Set up the management interface on the ISO
set_management_interface() {
- if [ $ADDRESSTYPE == 'DHCP' ]; then
- /usr/bin/nmcli con up $MNIC
- /usr/bin/nmcli con mod $MNIC connection.autoconnect yes
+ if [ "$address_type" = 'DHCP' ]; then
+ nmcli con mod "$MNIC" connection.autoconnect yes
+ nmcli con up "$MNIC"
else
# Set Static IP
- /usr/bin/nmcli con mod $MNIC ipv4.addresses $MIP/$MMASK ipv4.gateway $MGATEWAY \
- ipv4.dns $MDNS ipv4.dns-search $MSEARCH ipv4.method manual
- /usr/bin/nmcli con up $MNIC
- /usr/bin/nmcli con mod $MNIC connection.autoconnect yes
+ nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\
+ ipv4.gateway "$MGATEWAY" \
+ ipv4.dns "$MDNS"\
+ ipv4.dns-search "$MSEARCH"\
+ connection.autoconnect yes\
+ ipv4.method manual
+ nmcli con up "$MNIC"
fi
-
}
set_node_type() {
- # Determine the node type based on whiplash choice
- if [ $INSTALLTYPE == 'SEARCHNODE' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ] || [ $INSTALLTYPE == 'HEAVYNODE' ] ; then
- NODETYPE='search'
- fi
- if [ $INSTALLTYPE == 'PARSINGNODE' ]; then
- NODETYPE='parser'
- fi
- if [ $INSTALLTYPE == 'HOTNODE' ]; then
- NODETYPE='hot'
- fi
- if [ $INSTALLTYPE == 'WARMNODE' ]; then
- NODETYPE='warm'
- fi
-
+ case "$install_type" in
+ 'SEARCHNODE' | 'EVAL' | 'MASTERSEARCH' | 'HEAVYNODE')
+ NODETYPE='search'
+ ;;
+ 'PARSINGNODE')
+ NODETYPE='parser'
+ ;;
+ 'HOTNODE')
+ NODETYPE='hot'
+ ;;
+ 'WARMNODE')
+ NODETYPE='warm'
+ ;;
+ esac
}
set_updates() {
- echo "MASTERUPDATES is $MASTERUPDATES"
- if [ $MASTERUPDATES == 'MASTER' ]; then
- if [ $OS == 'centos' ]; then
- if ! grep -q $MSRV /etc/yum.conf; then
- echo "proxy=http://$MSRV:3142" >> /etc/yum.conf
- fi
-
+ if [ "$MASTERUPDATES" = '1' ]; then
+ if [ "$OS" = 'centos' ]; then
+ if ! grep -q "$MSRV" /etc/yum.conf; then
+ echo "proxy=http://$MSRV:3142" >> /etc/yum.conf
+ fi
else
-
- # Set it up so the updates roll through the master
- echo "Acquire::http::Proxy \"http://$MSRV:3142\";" > /etc/apt/apt.conf.d/00Proxy
- echo "Acquire::https::Proxy \"http://$MSRV:3142\";" >> /etc/apt/apt.conf.d/00Proxy
-
- fi
+ # Set it up so the updates roll through the master
+ printf '%s\n'\
+ "Acquire::http::Proxy \"http://$MSRV:3142\";"\
+ "Acquire::https::Proxy \"http://$MSRV:3142\";" > /etc/apt/apt.conf.d/00Proxy
fi
+ fi
}
+# FIXME: should this be a function?
set_version() {
- # Drop a file with the current version
- echo "$SOVERSION" > /etc/soversion
+ # Drop a file with the current version
+ echo "$SOVERSION" > /etc/soversion
}
update_sudoers() {
@@ -1623,7 +1411,63 @@ update_sudoers() {
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/pillar/data/addtotab.sh" | tee -a /etc/sudoers
echo "soremote ALL=(ALL) NOPASSWD:/opt/so/saltstack/salt/master/files/add_minion.sh" | tee -a /etc/sudoers
else
- echo "User soremote already granted sudo privileges"
+ echo "User soremote already granted sudo privileges" >> "$setup_log" 2>&1
+ fi
+}
+
+update_packages() {
+ if [ "$OS" = 'centos' ]; then
+ yum -y update >> "$setup_log"
+ else
+ apt-get -y update >> "$setup_log"
+ apt-get -y upgrade >> "$setup_log"
+ fi
+}
+
+ls_heapsize() {
+
+ if [ "$total_mem" -ge 32000 ]; then
+ LS_HEAP_SIZE='1000m'
+ return
fi
+ case "$install_type" in
+ 'MASTERSEARCH' | 'HEAVYNODE' | 'HELIXSENSOR')
+ LS_HEAP_SIZE='1000m'
+ ;;
+ 'EVAL')
+ LS_HEAP_SIZE='700m'
+ ;;
+ *)
+ LS_HEAP_SIZE='500m'
+ ;;
+ esac
+ export LS_HEAP_SIZE
+
+ if [[ "$install_type" =~ ^(EVAL|MASTERSEARCH)$ ]]; then
+ NODE_LS_HEAP_SIZE=LS_HEAP_SIZE
+ export NODE_LS_HEAP_SIZE
+ fi
+}
+
+
+es_heapsize() {
+
+ # Determine ES Heap Size
+ if [ "$total_mem" -lt 8000 ] ; then
+ ES_HEAP_SIZE="600m"
+ elif [ "$total_mem" -ge 100000 ]; then
+ # Set a max of 25GB for heap size
+ # https://www.elastic.co/guide/en/elasticsearch/guide/current/heap-sizing.html
+ ES_HEAP_SIZE="25000m"
+ else
+ # Set heap size to 25% of available memory
+ ES_HEAP_SIZE=$(( total_mem / 4 ))"m"
+ fi
+ export ES_HEAP_SIZE
+
+ if [[ "$install_type" =~ ^(EVAL|MASTERSEARCH)$ ]]; then
+ NODE_ES_HEAP_SIZE=ES_HEAP_SIZE
+ export NODE_ES_HEAP_SIZE
+ fi
}
diff --git a/setup/so-setup b/setup/so-setup
index ccec53bb5..3f813649b 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+# Copyright 2014-2020 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -15,1027 +15,455 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-# Source the other pieces of the setup
-SCRIPTDIR=$(dirname "$0")
-source $SCRIPTDIR/so-functions
-source $SCRIPTDIR/so-whiptail
+cd "$(dirname "$0")" || exit 255
+source ./so-functions
+source ./so-common-functions
+source ./so-whiptail
+source ./so-variables
-# See if this is an ISO install
-OPTIONS=$1
+setup_type=$1
+export setup_type
-if [[ $OPTIONS = 'iso' ]]; then
- INSTALLMETHOD="iso"
-else
- INSTALLMETHOD="network"
-fi
+case "$setup_type" in
+ iso | network) # Accepted values
+ echo "Beginning Security Onion $setup_type install"
+ ;;
+ *)
+ echo "Invalid install type, must be 'iso' or 'network'"
+ exit 1
+ ;;
+esac
# Allow execution of SO tools during setup
-export PATH=$PATH:"$SCRIPTDIR/../salt/common/tools/sbin"
+export PATH=$PATH:../salt/common/tools/sbin
-# Global Variables
-HOSTNAME=$(cat /etc/hostname)
-TOTAL_MEM=`grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//'`
-NICS=$(ip link | awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2 " \"" "Interface" "\"" " OFF"}')
-CPUCORES=$(cat /proc/cpuinfo | grep processor | grep -v KVM | wc -l)
-LISTCORES=$(cat /proc/cpuinfo | grep processor | grep -v KVM | awk '{print $3 " \"" "core" "\""}')
-RANDOMUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)
-NODE_ES_PORT="9200"
-SETUPLOG="/root/sosetup.log"
-# End Global Variables
+date -u > $setup_log 2>&1
-# Reset the Install Log
-date -u >$SETUPLOG 2>&1
-echo "stty size is: $(stty size)" >> $SETUPLOG 2>&1
-
-# Check for prerequisites
got_root
detect_os
-if [ $OS == ubuntu ]; then
- # Override the horrible Ubuntu whiptail color pallete
- update-alternatives --set newt-palette /etc/newt/palette.original
+if [ "$OS" == ubuntu ]; then
+ update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1
fi
-# Question Time
-echo "Asking user if they are sure they want to proceed" >> $SETUPLOG 2>&1
-if (whiptail_you_sure) ; then
-
- # Create a temp dir to get started
- install_prep
- setterm -blank 0
-
- if [ $INSTALLMETHOD == network ]; then
- # Let folks know they need their management interface already set up.
- whiptail_network_notice
-
- # Set the hostname to reduce errors
- whiptail_set_hostname
-
- # Set management nic
- whiptail_management_nic
-
- else
-
- # Set the hostname
- whiptail_set_hostname
- whiptail_management_nic
-
- # Ask if you want dhcp or static
- whiptail_dhcp_or_static
-
- # Do this if it static is selected
- if [ $ADDRESSTYPE != 'DHCP' ]; then
- whiptail_management_interface_ip
- whiptail_management_interface_mask
- whiptail_management_interface_gateway
- whiptail_management_interface_dns
- whiptail_management_interface_dns_search
- fi
-
- # Go ahead and bring up networking so other parts of the install work
- set_hostname_iso
- set_management_interface
-
- # Add an admin user
- whiptail_create_admin_user
-
- # Get a password for the admin user
- APMATCH=no
- while [ $APMATCH != yes ]; do
- whiptail_create_admin_user_password1
- whiptail_create_admin_user_password2
- check_admin_pass
- done
-
- fi
-
- # Go ahead and gen the keys so we can use them for any sensor type - Disabled for now
- #minio_generate_keys
-
- # What kind of install are we doing?
- whiptail_install_type
- SHORTNAME=$(echo $HOSTNAME | awk -F. {'print $1'})
- MINION_ID=$(echo $SHORTNAME'_'$INSTALLTYPE | tr '[:upper:]' '[:lower:]')
- echo "MINION_ID = $MINION_ID" >> $SETUPLOG 2>&1
-
- # How do we want to handle OS patching? manual, auto or scheduled days and hours
- whiptail_patch_schedule
- case $PATCHSCHEDULE in
- 'New Schedule')
- whiptail_patch_schedule_select_days
- whiptail_patch_schedule_select_hours
- whiptail_patch_name_new_schedule
- patch_schedule_os_new
- ;;
- 'Import Schedule')
- whiptail_patch_schedule_import
- ;;
- Automatic)
- PATCHSCHEDULENAME=auto
- ;;
- Manual)
- PATCHSCHEDULENAME=manual
- ;;
- esac
-
- ####################
- ## Helix ##
- ####################
- if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
- MASTERUPDATES=OPEN
- filter_unused_nics
- [[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
- whiptail_helix_apikey
- whiptail_homenet_master
- RULESETUP=ETOPEN
- NSMSETUP=BASIC
- HNSENSOR=inherit
- LS_HEAP_SIZE="1000m"
- calculate_useable_cores
- whiptail_make_changes
- set_hostname
- set_version
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- get_main_ip
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
-
- # Install salt and dependencies
- {
- sleep 0.5
- echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
- create_sensor_bond >> $SETUPLOG 2>&1
- echo -e "XXX\n1\nGenerating Sensor Pillar... \nXXX"
- sensor_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n2\nInstalling and configuring Salt... \nXXX"
- echo " ** Installing Salt and Dependencies **" >> $SETUPLOG
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n10\nConfiguring Salt Master... \nXXX"
- echo " ** Configuring Minion **" >> $SETUPLOG
- configure_minion helix >> $SETUPLOG 2>&1
- echo " ** Installing Salt Master **" >> $SETUPLOG
- install_master >> $SETUPLOG 2>&1
- salt_master_directories >> $SETUPLOG 2>&1
- update_sudoers >> $SETUPLOG 2>&1
- chown_salt_master >> $SETUPLOG 2>&1
- es_heapsize >> $SETUPLOG 2>&1
- ls_heapsize >> $SETUPLOG 2>&1
- echo -e "XXX\n25\nConfiguring Default Pillars... \nXXX"
- master_static >> $SETUPLOG 2>&1
- echo "** Generating the master pillar **" >> $SETUPLOG
- master_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- echo "** Generating the FireEye pillar **" >> $SETUPLOG
- fireeye_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- # Do a checkin to push the key up
- echo "** Pushing the key up to Master **" >> $SETUPLOG
- salt_firstcheckin >> $SETUPLOG 2>&1
- # Accept the Master Key
- echo "** Accepting the key on the master **" >> $SETUPLOG
- accept_salt_key_local >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nConfiguring Firewall... \nXXX"
- # Open the firewall
- echo "** Setting the initial firewall policy **" >> $SETUPLOG
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- echo -e "XXX\n40\nGenerating CA... \nXXX"
- salt_checkin >> $SETUPLOG 2>&1
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
- salt-call state.apply registry >> $SETUPLOG 2>&1
- docker_seed_registry >> $SETUPLOG 2>&1
- echo -e "XXX\n43\nInstalling Common Components... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- echo -e "XXX\n45\nApplying firewall rules... \nXXX"
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- salt-call state.apply master >> $SETUPLOG 2>&1
- salt-call state.apply idstools >> $SETUPLOG 2>&1
- echo -e "XXX\n40\nInstalling Redis... \nXXX"
- salt-call state.apply redis >> $SETUPLOG 2>&1
- echo -e "XXX\n60\nInstalling Redis... \nXXX"
- salt-call state.apply logstash >> $SETUPLOG 2>&1
- echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
- salt-call state.apply filebeat >> $SETUPLOG 2>&1
- salt-call state.apply utility >> $SETUPLOG 2>&1
- salt-call state.apply schedule >> $SETUPLOG 2>&1
- echo -e "XXX\n85\nEnabling Checking at Boot... \nXXX"
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- shutdown -r now
- else
- whiptail_setup_failed
- shutdown -r now
- fi
-
- fi
-
- function collect_webuser_inputs() {
- # Get a password for the web admin user
- VALIDUSER=no
- while [ $VALIDUSER != yes ]; do
- whiptail_create_web_user
- so-user valemail "$WEBUSER"
- if [ $? == 0 ]; then
- VALIDUSER=yes
- else
- whiptail_invalid_user_warning
- fi
- done
-
- WPMATCH=no
- while [ $WPMATCH != yes ]; do
- whiptail_create_web_user_password1
- echo "$WEBPASSWD1" | so-user valpass
- if [ $? == 0 ]; then
- whiptail_create_web_user_password2
- check_web_pass
- else
- whiptail_invalid_pass_warning
- fi
- done
- }
-
- ####################
- ## Master ##
- ####################
- if [ $INSTALLTYPE == 'MASTER' ]; then
-
- # Would you like to do an advanced install?
- whiptail_master_adv
-
- # Choose Zeek or Community NSM
- whiptail_bro_version
-
- # Select Snort or Suricata
- whiptail_nids
-
- # Snag the HOME_NET
- whiptail_homenet_master
-
- # Pick your Ruleset
- whiptail_rule_setup
-
- # Get the code if it isn't ET Open
- if [ $RULESETUP != 'ETOPEN' ]; then
- # Get the code
- whiptail_oinkcode
- fi
-
- # Find out how to handle updates
- whiptail_master_updates
- whiptail_enable_components
- process_components
-
- # Do Advacned Setup if they chose it
- if [ $MASTERADV == 'ADVANCED' ]; then
- # Ask which bro logs to enable - Need to add Suricata check
- if [ $BROVERSION != 'SURICATA' ]; then
- whiptail_master_adv_service_brologs
- fi
- fi
-
- # Get a password for the soremote user
- whiptail_create_soremote_user
- SCMATCH=no
- while [ $SCMATCH != yes ]; do
- whiptail_create_soremote_user_password1
- whiptail_create_soremote_user_password2
- check_soremote_pass
- done
-
- collect_webuser_inputs
- get_redirect
- # Last Chance to back out
- whiptail_make_changes
- set_hostname
- set_version
- generate_passwords
- secrets_pillar
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- # Enable Bro Logs
- # comment this out since we already copy this file to the destination that this function writes to
- #bro_logs_enabled
-
- # Figure out the main IP address
- get_main_ip
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
-
- # Add the user so we can sit back and relax
- add_socore_user_master
- add_soremote_user_master
-
- # Install salt and dependencies
- {
- sleep 0.5
- echo -e "XXX\n1\nInstalling and configuring Salt... \nXXX"
- echo " ** Installing Salt and Dependencies **" >> $SETUPLOG
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n10\nConfiguring Salt Master... \nXXX"
- echo " ** Configuring Minion **" >> $SETUPLOG
- configure_minion master >> $SETUPLOG 2>&1
- echo " ** Installing Salt Master **" >> $SETUPLOG
- install_master >> $SETUPLOG 2>&1
- salt_install_mysql_deps >> $SETUPLOG 2>&1
- salt_master_directories >> $SETUPLOG 2>&1
- update_sudoers >> $SETUPLOG 2>&1
- chown_salt_master >> $SETUPLOG 2>&1
- es_heapsize >> $SETUPLOG 2>&1
- ls_heapsize >> $SETUPLOG 2>&1
- echo -e "XXX\n25\nConfiguring Default Pillars... \nXXX"
- master_static >> $SETUPLOG 2>&1
- echo "** Generating the master pillar **" >> $SETUPLOG
- master_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n30\nAccepting Salt Keys... \nXXX"
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- # Do a checkin to push the key up
- echo "** Pushing the key up to Master **" >> $SETUPLOG
- salt_firstcheckin >> $SETUPLOG 2>&1
- # Accept the Master Key
- echo "** Accepting the key on the master **" >> $SETUPLOG
- accept_salt_key_local >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nConfiguring Firewall... \nXXX"
- # Open the firewall
- echo "** Setting the initial firewall policy **" >> $SETUPLOG
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- # Do the big checkin but first let them know it will take a bit.
- echo -e "XXX\n40\nGenerating CA... \nXXX"
- salt_checkin >> $SETUPLOG 2>&1
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- salt-call state.apply registry >> $SETUPLOG 2>&1
- echo -e "XXX\n42\nDownloading Containers from the Internet... \nXXX"
- docker_seed_registry >> $SETUPLOG 2>&1
- echo -e "XXX\n43\nInstalling Common Components... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- echo -e "XXX\n44\nInstalling SOC... \nXXX"
- salt-call state.apply soc >> $SETUPLOG 2>&1
- echo -e "XXX\n45\nApplying firewall rules... \nXXX"
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- salt-call state.apply master >> $SETUPLOG 2>&1
- salt-call state.apply idstools >> $SETUPLOG 2>&1
- echo -e "XXX\n46\nInstalling Redis... \nXXX"
- salt-call state.apply redis >> $SETUPLOG 2>&1
- if [[ $OSQUERY == '1' ]]; then
- echo -e "XXX\n48\nInstalling MySQL... \nXXX"
- salt-call state.apply mysql >> $SETUPLOG 2>&1
- fi
- if [[ $WAZUH == '1' ]]; then
- echo -e "XXX\n48\nInstalling Wazuh... \nXXX"
- salt-call state.apply wazuh >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n49\nInstalling Elastic Components... \nXXX"
- salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
- salt-call state.apply logstash >> $SETUPLOG 2>&1
- salt-call state.apply kibana >> $SETUPLOG 2>&1
- salt-call state.apply elastalert >> $SETUPLOG 2>&1
- echo -e "XXX\n75\nInstalling Filebeat... \nXXX"
- salt-call state.apply filebeat >> $SETUPLOG 2>&1
- salt-call state.apply utility >> $SETUPLOG 2>&1
- salt-call state.apply schedule >> $SETUPLOG 2>&1
- if [[ $OSQUERY == '1' ]]; then
- echo -e "XXX\n79\nInstalling Fleet... \nXXX"
- salt-call state.apply fleet >> $SETUPLOG 2>&1
- salt-call state.apply launcher >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n85\nConfiguring SOctopus... \nXXX"
- salt-call state.apply soctopus >> $SETUPLOG 2>&1
- if [[ $THEHIVE == '1' ]]; then
- echo -e "XXX\n87\nInstalling TheHive... \nXXX"
- salt-call state.apply hive >> $SETUPLOG 2>&1
- fi
- if [[ $PLAYBOOK == '1' ]]; then
- echo -e "XXX\n89\nInstalling Playbook... \nXXX"
- salt-call state.apply playbook >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n75\nEnabling Checking at Boot... \nXXX"
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nAdding user to SOC... \nXXX"
- add_web_user >> $SETUPLOG 2>&1
- echo -e "XXX\n99\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- if [[ $THEHIVE == '1' ]]; then
- check_hive_init_then_reboot
- else
- shutdown -r now
- fi
- else
- whiptail_setup_failed
- shutdown -r now
- fi
-
- fi
-
- ####################
- ## Sensor ##
- ####################
-
- if [ $INSTALLTYPE == 'SENSOR' ]; then
- filter_unused_nics
- [[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
- whiptail_management_server
- whiptail_master_updates
- whiptail_homenet_sensor
- whiptail_sensor_config
- # Calculate lbprocs so we can call it in the prompts
- calculate_useable_cores
- if [ $NSMSETUP == 'ADVANCED' ]; then
- whiptail_bro_pins
- whiptail_suricata_pins
- whiptail_bond_nics_mtu
- else
- whiptail_basic_bro
- whiptail_basic_suri
- fi
- whiptail_make_changes
- set_updates
- set_hostname
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
- copy_ssh_key >> $SETUPLOG 2>&1
- {
- sleep 0.5
- echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
- create_sensor_bond >> $SETUPLOG 2>&1
- echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
- sensor_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n20\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n22\nConfiguring Salt Minion... \nXXX"
- configure_minion sensor >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- echo -e "XXX\n25\nSending Salt Key to Master... \nXXX"
- salt_firstcheckin >> $SETUPLOG 2>&1
- echo -e "XXX\n26\nTelling the Master to Accept Key... \nXXX"
- # Accept the Salt Key
- accept_salt_key_remote >> $SETUPLOG 2>&1
- echo -e "XXX\n27\nApplying SSL Certificates... \nXXX"
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nInstalling Core Components... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nInstalling PCAP... \nXXX"
- salt-call state.apply pcap >> $SETUPLOG 2>&1
- echo -e "XXX\n60\nInstalling IDS components... \nXXX"
- salt-call state.apply suricata >> $SETUPLOG 2>&1
- echo -e "XXX\n70\nInstalling Strelka... \nXXX"
- salt-call state.apply strelka >> $SETUPLOG 2>&1
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- shutdown -r now
- else
- whiptail_setup_failed
- shutdown -r now
- fi
- fi
-
- #######################################
- ## Eval Mode or Master Search ##
- #######################################
-
- if [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
-
- # Filter out the management NIC
- filter_unused_nics
-
- if [ $INSTALLTYPE == 'EVAL' ]; then
- TYPE='eval'
- # Select which NICs are in the bond
- [[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
- elif [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- TYPE='mastersearch'
- fi
-
- # Snag the HOME_NET
- whiptail_homenet_master
-
- whiptail_eval_adv_warning
- whiptail_enable_components
-
- # Set a bunch of stuff since this is eval
- es_heapsize
- ls_heapsize
- NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
- NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
- LSPIPELINEWORKERS=1
- LSPIPELINEBATCH=125
- LSINPUTTHREADS=1
- LSINPUTBATCHCOUNT=125
- RULESETUP=ETOPEN
- NSMSETUP=BASIC
- NIDS=Suricata
- BROVERSION=ZEEK
- CURCLOSEDAYS=30
- process_components
- if [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
- # Find out how to handle updates
- whiptail_master_updates
- # Get a password for the soremote user
- whiptail_create_soremote_user
- SCMATCH=no
- while [ $SCMATCH != yes ]; do
- whiptail_create_soremote_user_password1
- whiptail_create_soremote_user_password2
- check_soremote_pass
- done
- fi
- collect_webuser_inputs
- get_redirect
- whiptail_make_changes
- set_hostname
- set_version
- generate_passwords
- secrets_pillar
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- get_log_size_limit
- get_main_ip
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
-
- # Add the user so we can sit back and relax
- add_socore_user_master
- add_soremote_user_master
- {
- sleep 0.5
- if [ $INSTALLTYPE == 'EVAL' ]; then
- echo -e "XXX\n0\nCreating Bond Interface... \nXXX"
- create_sensor_bond >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n1\nInstalling Python 3... \nXXX"
- echo -e "XXX\n2\nInstalling saltstack... \nXXX"
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n3\nInstalling docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling master code... \nXXX"
- install_master >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling mysql dependencies for saltstack... \nXXX"
- salt_install_mysql_deps >> $SETUPLOG 2>&1
- echo -e "XXX\n6\nCopying salt code... \nXXX"
- salt_master_directories >> $SETUPLOG 2>&1
- echo -e "XXX\n6\nupdating suduers... \nXXX"
- update_sudoers >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nFixing some permissions... \nXXX"
- chown_salt_master >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nCreating the static pillar... \nXXX"
- # Set the static values
- master_static >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nCreating the master pillar... \nXXX"
- master_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nConfiguring minion... \nXXX"
- configure_minion $TYPE >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nSetting the node type to $TYPE... \nXXX"
- set_node_type >> $SETUPLOG 2>&1
- echo -e "XXX\n7\nSearch node pillar... \nXXX"
- node_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n8\nCreating firewall policies... \nXXX"
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- echo -e "XXX\n10\nRegistering agent... \nXXX"
- salt_firstcheckin >> $SETUPLOG 2>&1
- echo -e "XXX\n11\nAccepting Agent... \nXXX"
- accept_salt_key_local >> $SETUPLOG 2>&1
- echo -e "XXX\n12\nRunning the SSL states... \nXXX"
- salt_checkin >> $SETUPLOG 2>&1
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- salt-call state.apply registry >> $SETUPLOG 2>&1
- echo -e "XXX\n14\nDownloading Containers from the Internet... \nXXX"
- docker_seed_registry >> $SETUPLOG 2>&1
- salt-call state.apply master >> $SETUPLOG 2>&1
- echo -e "XXX\n15\nInstalling core components... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- echo -e "XXX\n18\nInitializing firewall rules... \nXXX"
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- echo -e "XXX\n25\nInstalling master components... \nXXX"
- salt-call state.apply master >> $SETUPLOG 2>&1
- salt-call state.apply idstools >> $SETUPLOG 2>&1
- echo -e "XXX\n26\nInstalling SOC... \nXXX"
- salt-call state.apply soc >> $SETUPLOG 2>&1
- if [[ $OSQUERY == '1' ]]; then
- salt-call state.apply mysql >> $SETUPLOG 2>&1
- fi
- if [[ $WAZUH == '1' ]]; then
- echo -e "XXX\n27\nInstalling Wazuh components... \nXXX"
- salt-call state.apply wazuh >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n35\nInstalling ElasticSearch... \nXXX"
- salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
- echo -e "XXX\n40\nInstalling Logstash... \nXXX"
- salt-call state.apply logstash >> $SETUPLOG 2>&1
- echo -e "XXX\n45\nInstalling Kibana... \nXXX"
- salt-call state.apply kibana >> $SETUPLOG 2>&1
-
- if [ $INSTALLTYPE == 'EVAL' ]; then
- echo -e "XXX\n50\nInstalling pcap... \nXXX"
- salt-call state.apply pcap >> $SETUPLOG 2>&1
- echo -e "XXX\n52\nInstalling Suricata... \nXXX"
- salt-call state.apply suricata >> $SETUPLOG 2>&1
- echo -e "XXX\n54\nInstalling Zeek... \nXXX"
- salt-call state.apply bro >> $SETUPLOG 2>&1
- fi
-
- echo -e "XXX\n56\nInstalling curator... \nXXX"
- salt-call state.apply curator >> $SETUPLOG 2>&1
- echo -e "XXX\n58\nInstalling elastalert... \nXXX"
- salt-call state.apply elastalert >> $SETUPLOG 2>&1
- if [[ $OSQUERY == '1' ]]; then
- echo -e "XXX\n60\nInstalling fleet... \nXXX"
- salt-call state.apply fleet >> $SETUPLOG 2>&1
- salt-call state.apply redis >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n85\nInstalling filebeat... \nXXX"
- salt-call state.apply filebeat >> $SETUPLOG 2>&1
- salt-call state.apply utility >> $SETUPLOG 2>&1
- echo -e "XXX\n90\nInstalling misc components... \nXXX"
- salt-call state.apply schedule >> $SETUPLOG 2>&1
- salt-call state.apply soctopus >> $SETUPLOG 2>&1
- if [[ $THEHIVE == '1' ]]; then
- echo -e "XXX\n91\nInstalling The Hive... \nXXX"
- salt-call state.apply hive >> $SETUPLOG 2>&1
- fi
- if [[ $PLAYBOOK == '1' ]]; then
- echo -e "XXX\n93\nInstalling Playbook... \nXXX"
- salt-call state.apply playbook >> $SETUPLOG 2>&1
- fi
- if [[ $STRELKA == '1' ]]; then
- echo -e "XXX\n95\nInstalling Strelka... \nXXX"
- salt-call state.apply strelka >> $SETUPLOG 2>&1
- fi
- echo -e "XXX\n95\nSetting checkin to run on boot... \nXXX"
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nAdding user to SOC... \nXXX"
- add_web_user >> $SETUPLOG 2>&1
- echo -e "XXX\n99\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- if [[ $THEHIVE == '1' ]]; then
- check_hive_init_then_reboot
- else
- shutdown -r now
- fi
- else
- whiptail_setup_failed
- shutdown -r now
- fi
- fi
-
- ###################
- ## Nodes ##
- ###################
-
- if [ $INSTALLTYPE == 'SEARCHNODE' ] || [ $INSTALLTYPE == 'PARSINGNODE' ] || [ $INSTALLTYPE == 'HOTNODE' ] || [ $INSTALLTYPE == 'WARMNODE' ]; then
- whiptail_management_server
- whiptail_master_updates
- get_log_size_limit
- CURCLOSEDAYS=30
- es_heapsize
- ls_heapsize
- whiptail_node_advanced
- if [ $NODESETUP == 'NODEADVANCED' ]; then
- whiptail_node_es_heap
- whiptail_node_ls_heap
- whiptail_node_ls_pipeline_worker
- whiptail_node_ls_pipline_batchsize
- whiptail_node_ls_input_threads
- whiptail_node_ls_input_batch_count
- whiptail_cur_close_days
- whiptail_log_size_limit
- else
- NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
- NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
- LSPIPELINEWORKERS=$CPUCORES
- LSPIPELINEBATCH=125
- LSINPUTTHREADS=1
- LSINPUTBATCHCOUNT=125
- fi
- whiptail_make_changes
- set_updates
- set_hostname
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
- copy_ssh_key >> $SETUPLOG 2>&1
- {
- sleep 0.5
- echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- echo -e "XXX\n1\nInstalling pip3... \nXXX"
- echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n20\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n30\nInitializing Minion... \nXXX"
- configure_minion node >> $SETUPLOG 2>&1
- set_node_type >> $SETUPLOG 2>&1
- node_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nSending and Accepting Salt Key... \nXXX"
- salt_firstcheckin >> $SETUPLOG 2>&1
- # Accept the Salt Key
- accept_salt_key_remote >> $SETUPLOG 2>&1
- echo -e "XXX\n40\nApplying SSL Certificates... \nXXX"
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nConfiguring Firewall... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- echo -e "XXX\n70\nInstalling Elastic Components... \nXXX"
- salt-call state.apply logstash >> $SETUPLOG 2>&1
- salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
- salt-call state.apply curator >> $SETUPLOG 2>&1
- salt-call state.apply filebeat >> $SETUPLOG 2>&1
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- shutdown -r now
- else
- whiptail_setup_failed
- shutdown -r now
- fi
-
- fi
-
- ########################
- ## Heavy Node ##
- ########################
-
- if [ $INSTALLTYPE == 'HEAVYNODE' ]; then
-
- filter_unused_nics
- [[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
- whiptail_management_server
- whiptail_master_updates
- whiptail_homenet_sensor
- whiptail_sensor_config
- # Calculate lbprocs so we can call it in the prompts
- calculate_useable_cores
- if [ $NSMSETUP == 'ADVANCED' ]; then
- whiptail_bro_pins
- whiptail_suricata_pins
- whiptail_bond_nics_mtu
- else
- whiptail_basic_bro
- whiptail_basic_suri
- fi
-
- get_log_size_limit
- CURCLOSEDAYS=30
- es_heapsize
- ls_heapsize
- whiptail_node_advanced
- if [ $NODESETUP == 'NODEADVANCED' ]; then
- whiptail_node_es_heap
- whiptail_node_ls_heap
- whiptail_node_ls_pipeline_worker
- whiptail_node_ls_pipline_batchsize
- whiptail_node_ls_input_threads
- whiptail_node_ls_input_batch_count
- whiptail_cur_close_days
- whiptail_log_size_limit
- else
- NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
- NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
- LSPIPELINEWORKERS=$CPUCORES
- LSPIPELINEBATCH=125
- LSINPUTTHREADS=1
- LSINPUTBATCHCOUNT=125
- fi
- whiptail_make_changes
- set_updates
- set_hostname
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
- copy_ssh_key >> $SETUPLOG 2>&1
- {
- sleep 0.5
- echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
- set_initial_firewall_policy >> $SETUPLOG 2>&1
-
- echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
- create_sensor_bond >> $SETUPLOG 2>&1
- echo -e "XXX\n4\nGenerating Sensor Pillar... \nXXX"
- sensor_pillar >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
-
-
-
- echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n20\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n30\nInitializing Minion... \nXXX"
- configure_minion heavynode >> $SETUPLOG 2>&1
- set_node_type >> $SETUPLOG 2>&1
- node_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nSending and Accepting Salt Key... \nXXX"
- salt_firstcheckin >> $SETUPLOG 2>&1
- # Accept the Salt Key
- accept_salt_key_remote >> $SETUPLOG 2>&1
- echo -e "XXX\n40\nApplying SSL Certificates... \nXXX"
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nConfiguring Firewall... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- echo -e "XXX\n70\nInstalling Elastic Components... \nXXX"
- salt-call state.apply logstash >> $SETUPLOG 2>&1
- salt-call state.apply elasticsearch >> $SETUPLOG 2>&1
- salt-call state.apply curator >> $SETUPLOG 2>&1
- salt-call state.apply filebeat >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nInstalling PCAP... \nXXX"
- salt-call state.apply pcap >> $SETUPLOG 2>&1
- echo -e "XXX\n60\nInstalling IDS components... \nXXX"
- salt-call state.apply suricata >> $SETUPLOG 2>&1
-
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- shutdown -r now
- else
- whiptail_setup_failed
- shutdown -r now
- fi
-
- fi
-
-###########################
-### Standalone Fleet ###
-###########################
-
- if [ $INSTALLTYPE == 'FLEET' ]; then
- whiptail_management_server
- whiptail_master_updates
- whiptail_make_changes
- set_updates
- set_hostname
- clear_master
- mkdir -p /nsm
- get_filesystem_root
- get_filesystem_nsm
- if [ $INSTALLMETHOD == iso ]; then
- add_admin_user
- disable_onion_user
- fi
- copy_ssh_key >> $SETUPLOG 2>&1
- {
- sleep 0.5
- echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
- set_initial_firewall_policy >> $SETUPLOG 2>&1
- #echo -e "XXX\n4\nGenerating Fleet Pillar... \nXXX"
- fleet_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling mysql dependencies for saltstack... \nXXX"
- salt_install_mysql_deps >> $SETUPLOG 2>&1
- echo "** Generating the patch pillar **" >> $SETUPLOG
- patch_pillar >> $SETUPLOG 2>&1
- node_pillar >> $SETUPLOG 2>&1
- echo -e "XXX\n5\nInstalling Salt Components... \nXXX"
- saltify >> $SETUPLOG 2>&1
- echo -e "XXX\n20\nInstalling Docker... \nXXX"
- docker_install >> $SETUPLOG 2>&1
- echo -e "XXX\n22\nConfiguring Salt Minion... \nXXX"
- configure_minion fleet >> $SETUPLOG 2>&1
- echo -e "XXX\n24\nCopying Minion Pillars to Master... \nXXX"
- copy_minion_tmp_files >> $SETUPLOG 2>&1
- echo -e "XXX\n25\nSending Salt Key to Master... \nXXX"
- salt_firstcheckin >> $SETUPLOG 2>&1
- echo -e "XXX\n26\nTelling the Master to Accept Key... \nXXX"
- # Accept the Salt Key
- accept_salt_key_remote >> $SETUPLOG 2>&1
- echo -e "XXX\n27\nApplying SSL Certificates... \nXXX"
- salt-call state.apply ca >> $SETUPLOG 2>&1
- salt-call state.apply ssl >> $SETUPLOG 2>&1
- echo -e "XXX\n35\nInstalling Core Components... \nXXX"
- salt-call state.apply common >> $SETUPLOG 2>&1
- salt-call state.apply firewall >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nInstalling MySQL... \nXXX"
- salt-call state.apply mysql >> $SETUPLOG 2>&1
- echo -e "XXX\n50\nInstalling Redis... \nXXX"
- salt-call state.apply redis >> $SETUPLOG 2>&1
- echo -e "XXX\n60\nInstalling Fleet... \nXXX"
- salt-call state.apply fleet >> $SETUPLOG 2>&1
- checkin_at_boot >> $SETUPLOG 2>&1
- echo -e "XX\n97\nFinishing touches... \nXXX"
- filter_unused_nics >> $SETUPLOG 2>&1
- network_setup >> $SETUPLOG 2>&1
- echo -e "XXX\n98\nVerifying Setup... \nXXX"
- salt-call state.highstate >> $SETUPLOG 2>&1
- } |whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
- GOODSETUP=$(tail -10 $SETUPLOG | grep Failed | awk '{ print $2}')
- if [[ $GOODSETUP == '0' ]]; then
- whiptail_setup_complete
- shutdown -r now
- else
- whiptail_setup_failed
- shutdown -r now
- fi
- fi
-
+setterm -blank 0
+if (whiptail_you_sure); then
+ true
else
- echo "User not sure. Cancelling setup.">> $SETUPLOG 2>&1
- whiptail_cancel
+ echo "User cancelled setup." >> $setup_log 2>&1
+ whiptail_cancel
fi
+
+whiptail_install_type
+
+if [ "$install_type" = 'EVAL' ]; then
+ is_node=true
+ is_master=true
+ is_sensor=true
+ is_eval=true
+elif [ "$install_type" = 'MASTERSEARCH' ]; then
+ is_master=true
+ is_distmaster=true
+ is_node=true
+elif [ "$install_type" = 'MASTER' ]; then
+ is_master=true
+ is_distmaster=true
+elif [ "$install_type" = 'SENSOR' ]; then
+ is_sensor=true
+ is_minion=true
+ STRELKA=1
+elif [[ "$install_type" =~ ^('SEARCHNODE'|'PARSINGNODE'|'HOTNODE'|'WARMNODE')$ ]]; then
+ is_node=true
+ is_minion=true
+elif [ "$install_type" = 'HEAVYNODE' ]; then
+ is_node=true
+ is_minion=true
+ is_sensor=true
+elif [ "$install_type" = 'FLEET' ]; then
+ is_minion=true
+ OSQUERY=1
+elif [ "$install_type" = 'HELIXSENSOR' ]; then
+ is_helix=true
+fi
+
+if [[ $is_eval ]]; then
+ check_requirements "eval"
+elif [[ $is_distmaster || $is_minion ]]; then
+ check_requirements "dist"
+elif [[ $is_sensor && ! $is_eval ]]; then
+ check_requirements "dist" "sensor"
+fi
+
+whiptail_patch_schedule
+
+case "$setup_type" in
+ 'iso')
+ whiptail_set_hostname
+ whiptail_management_nic
+ whiptail_dhcp_or_static
+
+ if [ "$address_type" != 'DHCP' ]; then
+ whiptail_management_interface_ip
+ whiptail_management_interface_mask
+ whiptail_management_interface_gateway
+ whiptail_management_interface_dns
+ whiptail_management_interface_dns_search
+ fi
+
+ # Init networking so rest of install works
+ set_hostname_iso
+ set_management_interface
+
+ collect_adminuser_inputs
+ add_admin_user
+ disable_onion_user
+ ;;
+ 'network')
+ whiptail_network_notice
+ whiptail_set_hostname
+ whiptail_management_nic
+ ;;
+esac
+
+short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')
+
+MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]')
+export MINION_ID
+
+echo "MINION_ID = $MINION_ID" >> $setup_log 2>&1
+
+minion_type=$(get_minion_type)
+
+# Set any constants needed
+if [[ $is_helix ]]; then
+ RULESETUP=ETOPEN
+ NSMSETUP=BASIC
+ HNSENSOR=inherit
+ MASTERUPDATES=0
+fi
+if [[ $is_helix || ( $is_master && $is_node ) ]]; then
+ RULESETUP=ETOPEN
+ NSMSETUP=BASIC
+fi
+if [[ $is_master && $is_node ]]; then
+ LSPIPELINEWORKERS=1
+ LSPIPELINEBATCH=125
+ LSINPUTTHREADS=1
+ LSINPUTBATCHCOUNT=125
+ NIDS=Suricata
+ BROVERSION=ZEEK
+fi
+if [[ $is_node ]]; then
+ CURCLOSEDAYS=30
+fi
+
+# Start user prompts
+if [[ $is_helix || $is_sensor ]]; then
+ whiptail_bond_nics
+ calculate_useable_cores
+fi
+
+if [[ $is_helix || $is_master ]]; then
+ whiptail_homenet_master
+fi
+
+if [[ $is_helix || $is_master || $is_node ]]; then
+ set_base_heapsizes
+fi
+
+if [[ $is_master && ! $is_eval ]]; then
+ whiptail_master_adv
+ whiptail_bro_version
+ whiptail_nids
+ whiptail_rule_setup
+
+ if [ "$RULESETUP" != 'ETOPEN' ]; then
+ whiptail_oinkcode
+ fi
+
+ if [ "$MASTERADV" = 'ADVANCED' ] && [ "$BROVERSION" != 'SURICATA' ]; then
+ whiptail_master_adv_service_brologs
+ fi
+fi
+
+if [[ $is_master ]]; then
+ whiptail_components_adv_warning
+ whiptail_enable_components
+ collect_webuser_inputs
+ get_redirect
+fi
+
+if [[ $is_distmaster || ( $is_sensor || $is_node ) && ! $is_eval ]]; then
+ whiptail_master_updates
+fi
+
+if [[ $is_minion ]]; then
+ whiptail_management_server
+fi
+
+if [[ $is_distmaster ]]; then
+ collect_soremote_inputs
+fi
+
+if [[ $is_sensor && ! $is_eval ]]; then
+ whiptail_homenet_sensor
+ whiptail_sensor_config
+ if [ $NSMSETUP == 'ADVANCED' ]; then
+ whiptail_bro_pins
+ whiptail_suricata_pins
+ whiptail_bond_nics_mtu
+ else
+ whiptail_basic_bro
+ whiptail_basic_suri
+ fi
+fi
+
+if [[ $is_node && ! $is_eval ]]; then
+ whiptail_node_advanced
+ if [ "$NODESETUP" == 'NODEADVANCED' ]; then
+ whiptail_node_es_heap
+ whiptail_node_ls_heap
+ whiptail_node_ls_pipeline_worker
+ whiptail_node_ls_pipline_batchsize
+ whiptail_node_ls_input_threads
+ whiptail_node_ls_input_batch_count
+ whiptail_cur_close_days
+ whiptail_log_size_limit
+ else
+ NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
+ NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
+ LSPIPELINEWORKERS=$num_cpu_cores
+ LSPIPELINEBATCH=125
+ LSINPUTTHREADS=1
+ LSINPUTBATCHCOUNT=125
+ fi
+fi
+
+whiptail_make_changes
+
+set_hostname 2>> "$setup_log"
+set_version 2>> "$setup_log"
+clear_master 2>> "$setup_log"
+
+if [[ $is_master ]]; then
+ generate_passwords 2>> "$setup_log"
+ secrets_pillar 2>> "$setup_log"
+ add_socore_user_master 2>> "$setup_log"
+fi
+
+if [[ $is_master && ! $is_eval ]]; then
+ add_soremote_user_master 2>> "$setup_log"
+fi
+
+set_main_ip 2>> "$setup_log"
+
+if [[ $is_minion ]]; then
+ set_updates 2>> "$setup_log"
+ copy_ssh_key 2>> "$setup_log"
+fi
+
+# Begin install
+
+# Set initial percentage to 0
+export percentage=0
+{
+
+ if [[ $is_sensor || $is_helix ]]; then
+ set_progress_str 1 'Creating bond interface'
+ create_sensor_bond >> "$setup_log" 2>&1
+
+ set_progress_str 2 'Generating sensor pillar'
+ sensor_pillar >> "$setup_log" 2>&1
+ fi
+
+ set_progress_str 3 'Installing Salt and dependencies'
+ saltify 2>> "$setup_log"
+
+ set_progress_str 7 'Installing Docker and dependencies'
+ docker_install 2>> "$setup_log"
+
+ set_progress_str 8 'Generating patch pillar'
+ patch_pillar 2>> "$setup_log"
+
+ set_progress_str 9 'Initializing Salt minion'
+ configure_minion "$minion_type" 2>> "$setup_log"
+
+
+ if [[ $is_master || $is_helix ]]; then
+ set_progress_str 10 'Configuring Salt master'
+ copy_master_config 2>> "$setup_log"
+ setup_salt_master_dirs 2>> "$setup_log"
+
+ set_progress_str 11 'Updating sudoers file for soremote user'
+ update_sudoers 2>> "$setup_log"
+
+ set_progress_str 12 'Generating master static pillar'
+ master_static 2>> "$setup_log"
+
+ set_progress_str 13 'Generating master pillar'
+ master_pillar 2>> "$setup_log"
+ fi
+
+ if [[ $is_minion ]]; then
+ set_progress_str 14 'Configuring firewall'
+ set_initial_firewall_policy 2>> "$setup_log"
+ fi
+
+ set_progress_str 16 'Running first Salt checkin'
+ salt_firstcheckin 2>> "$setup_log"
+
+ if [[ $is_helix ]]; then
+ set_progress_str 17 'Generating the FireEye pillar'
+ fireeye_pillar 2>> "$setup_log"
+ fi
+
+ if [[ $is_node ]]; then
+ set_progress_str 18 'Setting node type'
+ set_node_type 2>> "$setup_log"
+
+ set_progress_str 19 'Generating search node pillar'
+ node_pillar 2>> "$setup_log"
+ fi
+
+ if [[ $is_minion ]]; then
+ set_progress_str 20 'Accepting Salt key on master'
+ accept_salt_key_remote 2>> "$setup_log"
+ fi
+
+ if [[ $is_master ]]; then
+ set_progress_str 20 'Accepting Salt key'
+ salt-key -ya "$MINION_ID" >> "$setup_log" 2>&1
+ fi
+
+ set_progress_str 21 'Copying minion pillars to master'
+ copy_minion_tmp_files 2>> "$setup_log"
+
+ set_progress_str 22 'Generating CA and checking in'
+ salt_checkin 2>> "$setup_log"
+
+
+ if [[ $is_master || $is_helix ]]; then
+ set_progress_str 25 'Configuring firewall'
+ set_initial_firewall_policy 2>> "$setup_log"
+
+ set_progress_str 26 'Downloading containers from the internet'
+ salt-call state.apply -l info registry >> "$setup_log" 2>&1
+ docker_seed_registry 2>> "$setup_log" # ~ 60% when finished
+ fi
+
+ set_progress_str 62 "$(print_salt_state_apply 'firewall')"
+ salt-call state.apply -l info firewall >> $setup_log 2>&1
+
+ set_progress_str 63 "$(print_salt_state_apply 'common')"
+ salt-call state.apply -l info common >> $setup_log 2>&1
+
+ if [[ $is_master || $is_node ]]; then
+ set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')"
+ salt-call state.apply -l info elasticsearch >> $setup_log 2>&1
+ fi
+
+ if [[ $is_sensor ]]; then
+ set_progress_str 65 "$(print_salt_state_apply 'pcap')"
+ salt-call state.apply -l info pcap >> $setup_log 2>&1
+
+ set_progress_str 66 "$(print_salt_state_apply 'suricata')"
+ salt-call state.apply -l info suricata >> $setup_log 2>&1
+
+ set_progress_str 67 "$(print_salt_state_apply 'zeek')"
+ salt-call state.apply -l info zeek >> $setup_log 2>&1
+ fi
+
+ if [[ $is_node ]]; then
+ set_progress_str 68 "$(print_salt_state_apply 'curator')"
+ salt-call state.apply -l info curator >> $setup_log 2>&1
+ fi
+
+ if [[ $is_master ]]; then
+ set_progress_str 69 "$(print_salt_state_apply 'soc')"
+ salt-call state.apply -l info soc >> "$setup_log" 2>&1
+
+ set_progress_str 70 "$(print_salt_state_apply 'kibana')"
+ salt-call state.apply -l info kibana >> $setup_log 2>&1
+
+ set_progress_str 71 "$(print_salt_state_apply 'elastalert')"
+ salt-call state.apply -l info elastalert >> $setup_log 2>&1
+
+ set_progress_str 72 "$(print_salt_state_apply 'soctopus')"
+ salt-call state.apply -l info soctopus >> $setup_log 2>&1
+ fi
+
+ if [[ "$OSQUERY" = 1 ]]; then
+ set_progress_str 73 "$(print_salt_state_apply 'fleet')"
+ salt-call state.apply -l info fleet >> $setup_log 2>&1
+
+ set_progress_str 74 "$(print_salt_state_apply 'redis')"
+ salt-call state.apply -l info redis >> $setup_log 2>&1
+ fi
+
+ if [[ "$WAZUH" = 1 ]]; then
+ set_progress_str 75 "$(print_salt_state_apply 'wazuh')"
+ salt-call state.apply -l info wazuh >> $setup_log 2>&1
+ fi
+
+ if [[ "$THEHIVE" = 1 ]]; then
+ set_progress_str 76 "$(print_salt_state_apply 'hive')"
+ salt-call state.apply -l info hive >> $setup_log 2>&1
+ fi
+
+ if [[ "$STRELKA" = 1 ]]; then
+ set_progress_str 77 "$(print_salt_state_apply 'strelka')"
+ salt-call state.apply -l info strelka >> $setup_log 2>&1
+ fi
+
+ if [[ "$PLAYBOOK" = 1 ]]; then
+ set_progress_str 78 "$(print_salt_state_apply 'playbook')"
+ salt-call state.apply -l info playbook >> $setup_log 2>&1
+ fi
+
+ if [[ $is_master || $is_helix ]]; then
+ set_progress_str 79 "$(print_salt_state_apply 'master')"
+ salt-call state.apply -l info master >> $setup_log 2>&1
+
+ set_progress_str 80 "$(print_salt_state_apply 'idstools')"
+ salt-call state.apply -l info idstools >> $setup_log 2>&1
+
+ set_progress_str 81 "$(print_salt_state_apply 'utility')"
+ salt-call state.apply -l info utility >> $setup_log 2>&1
+ fi
+
+ if [[ ( $is_helix || $is_master || $is_node ) && ! $is_eval ]]; then
+ set_progress_str 82 "$(print_salt_state_apply 'logstash')"
+ salt-call state.apply -l info logstash >> $setup_log 2>&1
+
+ set_progress_str 83 "$(print_salt_state_apply 'filebeat')"
+ salt-call state.apply -l info filebeat >> $setup_log 2>&1
+ fi
+
+ set_progress_str 85 'Applying finishing touches'
+ filter_unused_nics 2>> "$setup_log"
+ network_setup 2>> "$setup_log"
+
+ set_progress_str 86 'Updating packages'
+ update_packages 2>> "$setup_log"
+
+ set_progress_str 90 'Enabling checkin at boot'
+ checkin_at_boot 2>> "$setup_log"
+
+ set_progress_str 95 'Verifying setup'
+ salt-call -l info state.highstate >> $setup_log 2>&1
+
+} | whiptail --title "Hybrid Hunter Install" --gauge "Please wait while installing" 6 60 0
+
+success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
+if [[ "$success" = 0 ]]; then
+ whiptail_setup_complete
+ if [[ $THEHIVE == 1 ]]; then
+ check_hive_init_then_reboot
+ else
+ shutdown -r now
+ fi
+else
+ whiptail_setup_failed
+ shutdown -r now
+fi
\ No newline at end of file
diff --git a/setup/so-variables b/setup/so-variables
new file mode 100644
index 000000000..786a4ca9b
--- /dev/null
+++ b/setup/so-variables
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+total_mem=$(grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//')
+export total_mem
+
+total_mem_hr=$(grep MemTotal /proc/meminfo | awk '{ printf("%.0f", $2/1024/1024); }')
+export total_mem_hr
+
+num_cpu_cores=$(nproc)
+export num_cpu_cores
+
+readarray -t cpu_core_list <<< "$(grep "processor" /proc/cpuinfo | grep -v "KVM" | awk '{print $3}')"
+export cpu_core_list
+
+random_uid=$(.
+source ./so-variables
+source ./so-common-functions
+
+
whiptail_basic_bro() {
- BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the number of bro processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter the number of bro processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_basic_suri() {
- BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the number of Suricata Processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter the number of Suricata processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_bro_pins() {
- BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please Select $LBPROCS cores to pin Bro to:" 20 75 12 ${LISTCORES[@]} 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ local cpu_core_list_whiptail=()
+ for item in "${cpu_core_list[@]}"; do
+ cpu_core_list_whiptail+=("$item" "OFF")
+ done
+ BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please select $lb_procs cores to pin Bro to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ BROPINS=$(echo "$BROPINS" | tr -d '"')
+
+ IFS=' ' read -ra BROPINS <<< "$BROPINS"
}
whiptail_bro_version() {
- BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)" ON \
- "SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)" ON \
+ "SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_bond_nics() {
- local nic_list=()
- for FNIC in ${FNICS[@]}; do
- nic_list+=($FNIC "Interface" "OFF")
- done
+ [ -n "$TESTING" ] && return
- BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 ${nic_list[@]} 3>&1 1>&2 2>&3 )
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ filter_unused_nics
- while [ -z "$BNICS" ]
- do
- BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 ${nic_list[@]} 3>&1 1>&2 2>&3 )
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
- done
+ BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3)
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+ while [ -z "$BNICS" ]
+ do
+ BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+ done
+
+ BNICS=$(echo "$BNICS" | tr -d '"')
+
+ IFS=' ' read -ra BNICS <<< "$BNICS"
}
whiptail_bond_nics_mtu() {
- # Set the MTU on the monitor interface
- MTU=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the MTU for the monitor NICs" 10 75 1500 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ # Set the MTU on the monitor interface
+ MTU=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter the MTU for the monitor NICs" 10 75 1500 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_cancel() {
- whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
- if [ -d "/root/installtmp" ]; then
- echo "/root/installtmp exists" >> $SETUPLOG 2>&1
- install_cleanup >> $SETUPLOG 2>&1
- echo "/root/installtmp removed" >> $SETUPLOG 2>&1
- fi
- exit
+ whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
+ if [ -d "/root/installtmp" ]; then
+ {
+ echo "/root/installtmp exists";
+ install_cleanup;
+ echo "/root/installtmp removed";
+ } >> $setup_log 2>&1
+ fi
+ exit
}
whiptail_check_exitstatus() {
-
- if [ $1 == '1' ]; then
- echo "They hit cancel"
- whiptail_cancel
- fi
-
+ case $1 in
+ 1)
+ whiptail_cancel
+ ;;
+ 255)
+ whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75
+ exit
+ ;;
+ esac
}
whiptail_create_admin_user() {
- ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
- "Please enter a username for your new admin user. The onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
+
+ ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
+ "Please enter a username for your new admin user. The onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
}
whiptail_create_admin_user_password1() {
- ADMINPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
- "Enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ ADMINPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
+ "Enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_create_admin_user_password2() {
- ADMINPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
- "Re-enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ ADMINPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
+ "Re-enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_create_soremote_user() {
- whiptail --title "Security Onion Setup" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75
+ [ -n "$TESTING" ] && return
+
+ whiptail --title "Security Onion Setup" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75
}
whiptail_create_soremote_user_password1() {
- SOREMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
- "Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ SOREMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
+ "Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_create_soremote_user_password2() {
- SOREMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
- "Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ SOREMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
+ "Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_create_web_user() {
- WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \
- "Please enter an email address to create an administrator account for the web interface." 10 60 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \
+ "Please enter an email address to create an administrator account for the web interface." 10 60 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_invalid_user_warning() {
- whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
+
+ [ -n "$TESTING" ] && return
+
+ whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
}
whiptail_create_web_user_password1() {
- WEBPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \
- "Enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ WEBPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \
+ "Enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_create_web_user_password2() {
- WEBPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \
- "Re-enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ WEBPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \
+ "Re-enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
+whiptail_requirements_error() {
+
+ local requirement_needed=$1
+ local current_val=$2
+ local needed_val=$3
+
+ [ -n "$TESTING" ] && return
+
+ whiptail --title "Security Onion Setup" \
+ --yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 8 75
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+}
+
whiptail_invalid_pass_warning() {
- whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75
+
+ [ -n "$TESTING" ] && return
+
+ whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75
}
whiptail_cur_close_days() {
- CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
- "Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 75 $CURCLOSEDAYS 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 75 $CURCLOSEDAYS 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_dhcp_or_static() {
- ADDRESSTYPE=$(whiptail --title "Security Onion Setup" --radiolist \
- "Choose how to set up your management interface:" 20 78 4 \
- "STATIC" "Set a static IPv4 address" ON \
- "DHCP" "Use DHCP to configure the Management Interface" OFF 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
+
+ address_type=$(whiptail --title "Security Onion Setup" --radiolist \
+ "Choose how to set up your management interface:" 20 78 4 \
+ "STATIC" "Set a static IPv4 address" ON \
+ "DHCP" "Use DHCP to configure the Management Interface" OFF 3>&1 1>&2 2>&3 )
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ export address_type
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
}
whiptail_enable_components() {
- COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \
- "Select Components to install" 20 75 8 \
- "GRAFANA" "Enable Grafana for system monitoring" ON \
- "OSQUERY" "Enable Fleet with osquery" ON \
- "WAZUH" "Enable Wazuh" ON \
- "THEHIVE" "Enable TheHive" ON \
- "PLAYBOOK" "Enable Playbook" ON \
- "STRELKA" "Enable Strelka" ON 3>&1 1>&2 2>&3 )
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ [ -n "$TESTING" ] && return
+ COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \
+ "Select Components to install" 20 75 8 \
+ GRAFANA "Enable Grafana for system monitoring" ON \
+ OSQUERY "Enable Fleet with osquery" ON \
+ WAZUH "Enable Wazuh" ON \
+ THEHIVE "Enable TheHive" ON \
+ PLAYBOOK "Enable Playbook" ON \
+ STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3)
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ COMPONENTS=$(echo "$COMPONENTS" | tr -d '"')
+
+ IFS=' ' read -ra COMPONENTS <<< "$COMPONENTS"
+
+ # Set any variables to 1 if they exist in COMPONENTS
+ for component in "${COMPONENTS[@]}"; do
+ export "$component=1"
+ done
}
whiptail_eval_adv() {
- EVALADVANCED=$(whiptail --title "Security Onion Setup" --radiolist \
- "Choose your eval install:" 20 75 4 \
- "BASIC" "Install basic components for evaluation" ON \
- "ADVANCED" "Choose additional components to be installed" OFF 3>&1 1>&2 2>&3 )
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ [ -n "$TESTING" ] && return
+
+ EVALADVANCED=$(whiptail --title "Security Onion Setup" --radiolist \
+ "Choose your eval install:" 20 75 4 \
+ "BASIC" "Install basic components for evaluation" ON \
+ "ADVANCED" "Choose additional components to be installed" OFF 3>&1 1>&2 2>&3 )
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
-whiptail_eval_adv_warning() {
- whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75
+whiptail_components_adv_warning() {
+
+ [ -n "$TESTING" ] && return
+
+ whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75
}
whiptail_helix_apikey() {
- HELIXAPIKEY=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your Helix API Key: \n \nThis can be set later using so-helix-apikey" 10 75 3>&1 1>&2 2>&3)
- local exitstatus=$?
- whiptail_check_exitstatus
+ [ -n "$TESTING" ] && return
+
+ HELIXAPIKEY=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter your Helix API Key: \n \nThis can be set later using so-helix-apikey" 10 75 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus
}
whiptail_homenet_master() {
- # Ask for the HOME_NET on the master
- HNMASTER=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ HNMASTER=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+ export HNMASTER
}
whiptail_homenet_sensor() {
- # Ask to inherit from master
- whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Master?" 8 75
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- if [ $exitstatus == 0 ]; then
- HNSENSOR=inherit
- else
- HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
- fi
+ # Ask to inherit from master
+ whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Master?" 8 75
+
+ local exitstatus=$?
+
+ if [ $exitstatus == 0 ]; then
+ export HNSENSOR=inherit
+ else
+ HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ export HNSENSOR
+
+ fi
}
whiptail_install_type() {
- # What kind of install are we doing?
- INSTALLTYPE=$(whiptail --title "Security Onion Setup" --radiolist \
- "Choose Install Type:" 20 75 13 \
- "SENSOR" "Create a forward only sensor" ON \
- "SEARCHNODE" "Add a Search Node with parsing" OFF \
- "MASTER" "Start a new grid" OFF \
- "EVAL" "Evaluate all the things" OFF \
- "MASTERSEARCH" "Master + Search Node" OFF \
- "HEAVYNODE" "Sensor + Search Node" OFF \
- "HELIXSENSOR" "Connect this sensor to FireEye Helix" OFF \
- "FLEET" "Dedicated Fleet Osquery Node" OFF \
- "HOTNODE" "TODO Add Hot Node (Search Node without Parsing)" OFF \
- "WARMNODE" "TODO Add Warm Node to existing Hot or Search node" OFF \
- "WAZUH" "TODO Stand Alone Wazuh Node" OFF \
- "STRELKA" "TODO Stand Alone Strelka Node" OFF \
- "PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
+
+ # What kind of install are we doing?
+ install_type=$(whiptail --title "Security Onion Setup" --radiolist \
+ "Choose Install Type:" 20 75 13 \
+ "SENSOR" "Create a forward only sensor" ON \
+ "SEARCHNODE" "Add a Search Node with parsing" OFF \
+ "MASTER" "Start a new grid" OFF \
+ "EVAL" "Evaluate all the things" OFF \
+ "MASTERSEARCH" "Master + Search Node" OFF \
+ "HEAVYNODE" "Sensor + Search Node" OFF \
+ "HELIXSENSOR" "Connect this sensor to FireEye Helix" OFF \
+ "FLEET" "Dedicated Fleet Osquery Node" OFF \
+ "HOTNODE" "TODO Add Hot Node (Search Node without Parsing)" OFF \
+ "WARMNODE" "TODO Add Warm Node to existing Hot or Search node" OFF \
+ "WAZUH" "TODO Stand Alone Wazuh Node" OFF \
+ "STRELKA" "TODO Stand Alone Strelka Node" OFF \
+ "PARSINGNODE" "TODO Add a dedicated Parsing Node" OFF 3>&1 1>&2 2>&3 )
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ export install_type
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
}
whiptail_log_size_limit() {
- LOG_SIZE_LIMIT=$(whiptail --title "Security Onion Setup" --inputbox \
- "Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \
- By default, this is set to 80% of the disk space allotted for /nsm." 10 75 $LOG_SIZE_LIMIT 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
+
+ set_defaul_log_size
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \
+ By default, this is set to 80% of the disk space allotted for /nsm." 10 75 "$log_size_limit" 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_management_interface_dns() {
- MDNS=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your DNS server using space between multiple" 10 60 8.8.8.8 8.8.4.4 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
+
+ MDNS=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter your DNS server using space between multiple" 10 60 8.8.8.8 8.8.4.4 3>&1 1>&2 2>&3)
}
whiptail_management_interface_dns_search() {
- MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your DNS search domain" 10 60 searchdomain.local 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
+
+ MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter your DNS search domain" 10 60 searchdomain.local 3>&1 1>&2 2>&3)
}
whiptail_management_interface_gateway() {
- MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your gateway" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
+
+ MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter your gateway" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
}
whiptail_management_interface_ip() {
- MIP=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your IP address" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
+
+ MIP=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter your IP address" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
}
whiptail_management_interface_mask() {
- MMASK=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the bit mask for your subnet" 10 60 24 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
+
+ MMASK=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter the bit mask for your subnet" 10 60 24 3>&1 1>&2 2>&3)
}
whiptail_management_nic() {
- MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 ${NICS[@]} 3>&1 1>&2 2>&3 )
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ [ -n "$TESTING" ] && return
- while [ -z "$MNIC" ]
- do
- MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 ${NICS[@]} 3>&1 1>&2 2>&3 )
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
- done
+ filter_unused_nics
+
+ MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ while [ -z "$MNIC" ]
+ do
+ MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+ done
}
whiptail_nids() {
- NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
- "Choose which IDS to run:" 20 75 4 \
- "Suricata" "Suricata 4.X" ON \
- "Snort" "Snort 3.0 Beta" OFF 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
+ "Choose which IDS to run:" 20 75 4 \
+ "Suricata" "Suricata 4.X" ON \
+ "Snort" "Snort 3.0 Beta" OFF 3>&1 1>&2 2>&3 )
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_oinkcode() {
- OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your oinkcode" 10 75 XXXXXXX 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter your oinkcode" 10 75 XXXXXXX 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_make_changes() {
- whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $INSTALLTYPE. Please hit YES to make changes or NO to cancel." 8 75
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_management_server() {
- MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter your Master Server HOSTNAME. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter your Master Server hostname. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
- # See if it resolves. Otherwise prompt to add to host file
- TESTHOST=$(host $MSRV)
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
- if [[ $TESTHOST = *"not found"* ]] || [ -z $TESTHOST ] || [[ $TESTHOST = *"connection timed out"* ]]; then
- add_master_hostfile
- fi
+ if ! getent hosts "$MSRV"; then
+ add_master_hostfile
+ fi
}
# Ask if you want to do advanced setup of the Master
whiptail_master_adv() {
- MASTERADV=$(whiptail --title "Security Onion Setup" --radiolist \
- "Choose what type of master install:" 20 75 4 \
- "BASIC" "Install master with recommended settings" ON \
- "ADVANCED" "Do additional configuration to the master" OFF 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ MASTERADV=$(whiptail --title "Security Onion Setup" --radiolist \
+ "Choose what type of master install:" 20 75 4 \
+ "BASIC" "Install master with recommended settings" ON \
+ "ADVANCED" "Do additional configuration to the master" OFF 3>&1 1>&2 2>&3 )
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
# Ask which additional components to install
whiptail_master_adv_service_brologs() {
- BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 75 12 \
- "conn" "Connection Logging" ON \
- "dce_rpc" "RPC Logs" ON \
- "dhcp" "DHCP Logs" ON \
- "dhcpv6" "DHCP IPv6 Logs" ON \
- "dnp3" "DNP3 Logs" ON \
- "dns" "DNS Logs" ON \
- "dpd" "DPD Logs" ON \
- "files" "Files Logs" ON \
- "ftp" "FTP Logs" ON \
- "http" "HTTP Logs" ON \
- "intel" "Intel Hits Logs" ON \
- "irc" "IRC Chat Logs" ON \
- "kerberos" "Kerberos Logs" ON \
- "modbus" "MODBUS Logs" ON \
- "mqtt" "MQTT Logs" ON \
- "notice" "Zeek Notice Logs" ON \
- "ntlm" "NTLM Logs" ON \
- "openvpn" "OPENVPN Logs" ON \
- "pe" "PE Logs" ON \
- "radius" "Radius Logs" ON \
- "rfb" "RFB Logs" ON \
- "rdp" "RDP Logs" ON \
- "signatures" "Signatures Logs" ON \
- "sip" "SIP Logs" ON \
- "smb_files" "SMB Files Logs" ON \
- "smb_mapping" "SMB Mapping Logs" ON \
- "smtp" "SMTP Logs" ON \
- "snmp" "SNMP Logs" ON \
- "software" "Software Logs" ON \
- "ssh" "SSH Logs" ON \
- "ssl" "SSL Logs" ON \
- "syslog" "Syslog Logs" ON \
- "telnet" "Telnet Logs" ON \
- "tunnel" "Tunnel Logs" ON \
- "weird" "Zeek Weird Logs" ON \
- "mysql" "MySQL Logs" ON \
- "socks" "SOCKS Logs" ON \
- "x509" "x.509 Logs" ON 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please select Logs to Send:" 24 75 12 \
+ "conn" "Connection Logging" ON \
+ "dce_rpc" "RPC Logs" ON \
+ "dhcp" "DHCP Logs" ON \
+ "dhcpv6" "DHCP IPv6 Logs" ON \
+ "dnp3" "DNP3 Logs" ON \
+ "dns" "DNS Logs" ON \
+ "dpd" "DPD Logs" ON \
+ "files" "Files Logs" ON \
+ "ftp" "FTP Logs" ON \
+ "http" "HTTP Logs" ON \
+ "intel" "Intel Hits Logs" ON \
+ "irc" "IRC Chat Logs" ON \
+ "kerberos" "Kerberos Logs" ON \
+ "modbus" "MODBUS Logs" ON \
+ "mqtt" "MQTT Logs" ON \
+ "notice" "Zeek Notice Logs" ON \
+ "ntlm" "NTLM Logs" ON \
+ "openvpn" "OPENVPN Logs" ON \
+ "pe" "PE Logs" ON \
+ "radius" "Radius Logs" ON \
+ "rfb" "RFB Logs" ON \
+ "rdp" "RDP Logs" ON \
+ "signatures" "Signatures Logs" ON \
+ "sip" "SIP Logs" ON \
+ "smb_files" "SMB Files Logs" ON \
+ "smb_mapping" "SMB Mapping Logs" ON \
+ "smtp" "SMTP Logs" ON \
+ "snmp" "SNMP Logs" ON \
+ "software" "Software Logs" ON \
+ "ssh" "SSH Logs" ON \
+ "ssl" "SSL Logs" ON \
+ "syslog" "Syslog Logs" ON \
+ "telnet" "Telnet Logs" ON \
+ "tunnel" "Tunnel Logs" ON \
+ "weird" "Zeek Weird Logs" ON \
+ "mysql" "MySQL Logs" ON \
+ "socks" "SOCKS Logs" ON \
+ "x509" "x.509 Logs" ON 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ BLOGS=$(echo "$BLOGS" | tr -d '"')
+
+ IFS=' ' read -ra BLOGS <<< "$BLOGS"
}
whiptail_network_notice() {
- whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Hit YES to continue." 8 75
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Press YES to continue." 8 75
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_node_advanced() {
- NODESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
- "What type of config would you like to use?:" 20 75 4 \
- "NODEBASIC" "Install Search Node with recommended settings" ON \
- "NODEADVANCED" "Advanced Node Setup" OFF 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ NODESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
+ "What type of config would you like to use?:" 20 75 4 \
+ "NODEBASIC" "Install Search Node with recommended settings" ON \
+ "NODEADVANCED" "Advanced Node Setup" OFF 3>&1 1>&2 2>&3 )
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_node_es_heap() {
- es_heapsize
- NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter ES Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $ES_HEAP_SIZE 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
+ "\nEnter ES Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $ES_HEAP_SIZE 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_heap() {
- ls_heapsize
- NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter LogStash Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $LS_HEAP_SIZE 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
+ "\nEnter LogStash Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $LS_HEAP_SIZE 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_pipeline_worker() {
- LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 $CPUCORES 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
+ "\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_pipline_batchsize() {
- LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
+ "\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_input_threads() {
- LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \
+ "\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_input_batch_count() {
- LSINPUTBATCHCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter LogStash Input Batch Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ LSINPUTBATCHCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
+ "\nEnter LogStash Input Batch Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
+
+#TODO: helper function to display error message or exit if batch mode
+# exit_if_batch <"Error string">
+
whiptail_passwords_dont_match() {
- whiptail --title "Security Onion Setup" --msgbox "Passwords don't match. Please re-enter." 8 75
+ whiptail --title "Security Onion Setup" --msgbox "Passwords don't match. Please re-enter." 8 75
}
whiptail_patch_name_new_schedule() {
- PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
+ "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
- while [[ -z "$PATCHSCHEDULENAME" ]]; do
- whiptail --title "Security Onion Setup" --msgbox "Please enter a name for this OS patch schedule." 8 75
- PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
- done
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ while [[ -z "$PATCHSCHEDULENAME" ]]; do
+ whiptail --title "Security Onion Setup" --msgbox "Please enter a name for this OS patch schedule." 8 75
+ PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
+ "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+ done
}
whiptail_patch_schedule() {
- # What kind of patch schedule are we doing?
- PATCHSCHEDULE=$(whiptail --title "Security Onion Setup" --radiolist \
- "Choose OS patch schedule. This will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 15 75 5 \
- "Automatic" "Updates installed every 8 hours if available" ON \
- "Manual" "Updates will be installed manually" OFF \
- "Import Schedule" "Import named schedule on following screen" OFF \
- "New Schedule" "Configure and name new schedule on next screen" OFF 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
+
+ local patch_schedule
+ patch_schedule=$(whiptail --title "Security Onion Setup" --radiolist \
+ "Choose OS patch schedule. This will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 15 75 5 \
+ "Automatic" "Updates installed every 8 hours if available" ON \
+ "Manual" "Updates will be installed manually" OFF \
+ "Import Schedule" "Import named schedule on following screen" OFF \
+ "New Schedule" "Configure and name new schedule on next screen" OFF 3>&1 1>&2 2>&3 )
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+
+ case $patch_schedule in
+ 'New Schedule')
+ whiptail_patch_schedule_select_days
+ whiptail_patch_schedule_select_hours
+ whiptail_patch_name_new_schedule
+ patch_schedule_os_new
+ ;;
+ 'Import Schedule')
+ whiptail_patch_schedule_import
+ ;;
+ 'Automatic')
+ PATCHSCHEDULENAME='auto'
+ ;;
+ 'Manual')
+ PATCHSCHEDULENAME='manual'
+ ;;
+ esac
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
}
whiptail_patch_schedule_import() {
- unset PATCHSCHEDULENAME
- PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ unset PATCHSCHEDULENAME
+ PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
- while [[ -z "$PATCHSCHEDULENAME" ]]; do
- whiptail --title "Security Onion Setup" --msgbox "Please enter a name for the OS patch schedule you want to inherit." 8 75
- PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
- done
+ while [[ -z "$PATCHSCHEDULENAME" ]]; do
+ whiptail --title "Security Onion Setup" --msgbox "Please enter a name for the OS patch schedule you want to inherit." 8 75
+ PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+ done
}
whiptail_patch_schedule_select_days() {
- # Select the days to patch
- PATCHSCHEDULEDAYS=($(whiptail --title "Security Onion Setup" --checklist \
- "Which days do you want to apply OS patches?" 15 75 8 \
- "Monday" "" OFF \
- "Tuesday" "" ON \
- "Wednesday" "" OFF \
- "Thursday" "" OFF \
- "Friday" "" OFF \
- "Saturday" "" OFF \
- "Sunday" "" OFF 3>&1 1>&2 2>&3 ))
+
+ [ -n "$TESTING" ] && return
+
+ # Select the days to patch
+ PATCHSCHEDULEDAYS=$(whiptail --title "Security Onion Setup" --checklist \
+ "Which days do you want to apply OS patches?" 15 75 8 \
+ Monday "" OFF \
+ Tuesday "" ON \
+ Wednesday "" OFF \
+ Thursday "" OFF \
+ Friday "" OFF \
+ Saturday "" OFF \
+ Sunday "" OFF 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ PATCHSCHEDULEDAYS=$(echo "$PATCHSCHEDULEDAYS" | tr -d '"')
+
+ IFS=' ' read -ra PATCHSCHEDULEDAYS <<< "$PATCHSCHEDULEDAYS"
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
}
whiptail_patch_schedule_select_hours() {
- # Select the hours to patch
- PATCHSCHEDULEHOURS=($(whiptail --title "Security Onion Setup" --checklist \
- "At which time, UTC, do you want to apply OS patches on the selected days? Hours 12 through 23 can be selected on the next screen." 22 75 13 \
- "00:00" "" OFF \
- "01:00" "" OFF \
- "02:00" "" OFF \
- "03:00" "" OFF \
- "04:00" "" OFF \
- "05:00" "" OFF \
- "06:00" "" OFF \
- "07:00" "" OFF \
- "08:00" "" OFF \
- "09:00" "" OFF \
- "10:00" "" OFF \
- "11:00" "" OFF 3>&1 1>&2 2>&3 ))
+
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ # Select the hours to patch
+ PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \
+ "At which time, UTC, do you want to apply OS patches on the selected days? Hours 12 through 23 can be selected on the next screen." 22 75 13 \
+ 00:00 "" OFF \
+ 01:00 "" OFF \
+ 02:00 "" OFF \
+ 03:00 "" OFF \
+ 04:00 "" OFF \
+ 05:00 "" OFF \
+ 06:00 "" OFF \
+ 07:00 "" OFF \
+ 08:00 "" OFF \
+ 09:00 "" OFF \
+ 10:00 "" OFF \
+ 11:00 "" OFF 3>&1 1>&2 2>&3 )
- # Select the hours to patch
- PATCHSCHEDULEHOURS+=($(whiptail --title "Security Onion Setup" --checklist \
- "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \
- "12:00" "" OFF \
- "13:00" "" OFF \
- "14:00" "" OFF \
- "15:00" "" ON \
- "16:00" "" OFF \
- "17:00" "" OFF \
- "18:00" "" OFF \
- "19:00" "" OFF \
- "20:00" "" OFF \
- "21:00" "" OFF \
- "22:00" "" OFF \
- "23:00" "" OFF 3>&1 1>&2 2>&3 ))
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ # Select the hours to patch
+ PATCHSCHEDULEHOURS+=$(whiptail --title "Security Onion Setup" --checklist \
+ "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \
+ 12:00 "" OFF \
+ 13:00 "" OFF \
+ 14:00 "" OFF \
+ 15:00 "" ON \
+ 16:00 "" OFF \
+ 17:00 "" OFF \
+ 18:00 "" OFF \
+ 19:00 "" OFF \
+ 20:00 "" OFF \
+ 21:00 "" OFF \
+ 22:00 "" OFF \
+ 23:00 "" OFF 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"')
+
+ IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS"
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
}
whiptail_rule_setup() {
- # Get pulled pork info
- RULESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
- "Which IDS ruleset would you like to use?\n\nThis master server is responsible for downloading the IDS ruleset from the Internet.\n\nSensors then pull a copy of this ruleset from the master server.\n\nIf you select a commercial ruleset, it is your responsibility to purchase enough licenses for all of your sensors in compliance with your vendor's policies." 20 75 4 \
- "ETOPEN" "Emerging Threats Open" ON \
- "ETPRO" "Emerging Threats PRO" OFF \
- "TALOSET" "Snort Subscriber (Talos) and ET NoGPL rulesets" OFF \
- "TALOS" "Snort Subscriber (Talos) ruleset and set a policy" OFF \
- 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ # Get pulled pork info
+ RULESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
+ "Which IDS ruleset would you like to use?\n\nThis master server is responsible for downloading the IDS ruleset from the Internet.\n\nSensors then pull a copy of this ruleset from the master server.\n\nIf you select a commercial ruleset, it is your responsibility to purchase enough licenses for all of your sensors in compliance with your vendor's policies." 20 75 4 \
+ "ETOPEN" "Emerging Threats Open" ON \
+ "ETPRO" "Emerging Threats PRO" OFF \
+ "TALOSET" "Snort Subscriber (Talos) and ET NoGPL rulesets" OFF \
+ "TALOS" "Snort Subscriber (Talos) ruleset and set a policy" OFF \
+ 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_sensor_config() {
- NSMSETUP=$(whiptail --title "Security Onion Setup" --radiolist \
- "What type of configuration would you like to use?:" 20 75 4 \
- "BASIC" "Install NSM components with recommended settings" ON \
- "ADVANCED" "Configure each component individually" OFF 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ NSMSETUP=$(whiptail --title "Security Onion Setup" --radiolist \
+ "What type of configuration would you like to use?:" 20 75 4 \
+ "BASIC" "Install NSM components with recommended settings" ON \
+ "ADVANCED" "Configure each component individually" OFF 3>&1 1>&2 2>&3 )
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_set_hostname() {
- HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the Hostname you would like to set." 10 75 $HOSTNAME 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter the Hostname you would like to set." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
- while [[ "$HOSTNAME" == *'localhost'* ]] ; do
- whiptail --title "Security Onion Setup" --msgbox "Please choose a hostname that doesn't contain localhost." 8 75
- HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the Hostname you would like to set." 10 75 $HOSTNAME 3>&1 1>&2 2>&3)
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
- done
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ while [[ "$HOSTNAME" == *'localhost'* ]] ; do
+ whiptail --title "Security Onion Setup" --msgbox "Please choose a hostname that doesn't contain localhost." 8 75
+ HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter the Hostname you would like to set." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+ done
}
whiptail_set_redirect() {
- REDIRECTINFO=$(whiptail --title "Security Onion Setup" --radiolist \
- "Choose the access method for the web interface:" 20 75 4 \
- "IP" "Use IP to access the web interface" ON \
- "HOSTNAME" "Use Hostname ($HOSTNAME) to access the web interface" OFF \
- "OTHER" "Use a different name like a FQDN or Load Balancer" OFF 3>&1 1>&2 2>&3 )
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+
+ [ -n "$TESTING" ] && return
+
+ REDIRECTINFO=$(whiptail --title "Security Onion Setup" --radiolist \
+ "Choose the access method for the web interface:" 20 75 4 \
+ "IP" "Use IP to access the web interface" ON \
+ "HOSTNAME" "Use hostname to access the web interface" OFF \
+ "OTHER" "Use a different name like a FQDN or Load Balancer" OFF 3>&1 1>&2 2>&3 )
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_set_redirect_host() {
- REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
- "Enter the Hostname or IP you would like to use for the web interface." 10 75 $HOSTNAME 3>&1 1>&2 2>&3)
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+
+ [ -n "$TESTING" ] && return
+
+ REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
+ "Enter the Hostname or IP you would like to use for the web interface." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_set_redirect_info() {
- whiptail --title "Security Onion Setup" --msgbox "The following selection refers to accessing the web interface. \n
+
+ [ -n "$TESTING" ] && return
+
+ whiptail --title "Security Onion Setup" --msgbox "The following selection refers to accessing the web interface. \n
For security reasons, we use strict cookie enforcement." 10 75
}
whiptail_setup_complete() {
- whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75
- install_cleanup >> $SETUPLOG 2>&1
+ [ -n "$TESTING" ] && return
+
+ whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $install_type. Press Enter to reboot." 8 75
+ install_cleanup >> $setup_log 2>&1
}
whiptail_setup_failed() {
- whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75
- install_cleanup >> $SETUPLOG 2>&1
+ [ -n "$TESTING" ] && return
+
+ whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $setup_log for details. Press Enter to reboot." 8 75
+ install_cleanup >> $setup_log 2>&1
}
whiptail_shard_count() {
- SHARDCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
- "\nEnter ES Shard Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ SHARDCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
+ "\nEnter ES Shard Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_suricata_pins() {
- FILTEREDCORES=$(echo ${LISTCORES[@]} ${BROPINS[@]} | tr -d '"' | tr ' ' '\n' | sort | uniq -u | awk '{print $1 " \"" "core" "\""}')
- SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please Select $LBPROCS cores to pin Suricata to:" 20 75 12 ${FILTEREDCORES[@]} 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ local filtered_core_list
+ readarray -t filtered_core_list <<< "$(echo "${cpu_core_list[@]}" "${BROPINS[@]}" | xargs -n1 | sort | uniq -u | awk '{print $1}')"
+
+ local filtered_core_str=()
+ for item in "${filtered_core_list[@]}"; do
+ filtered_core_str+=("$item" "")
+ done
+
+ SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please select $lb_procs cores to pin Suricata to:" 20 75 12 "${filtered_core_str[@]}" 3>&1 1>&2 2>&3 )
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ SURIPINS=$(echo "$SURIPINS" | tr -d '"')
+
+ IFS=' ' read -ra SURIPINS <<< "$SURIPINS"
}
whiptail_master_updates() {
- MASTERUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
- "How would you like to download updates for your grid?:" 20 75 4 \
- "MASTER" "Master node is proxy for OS/Docker updates." ON \
- "OPEN" "Each node connect to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
+
+ local update_string
+ update_string=$(whiptail --title "Security Onion Setup" --radiolist \
+ "How would you like to download updates for your grid?:" 20 75 4 \
+ "MASTER" "Master node is proxy for OS/Docker updates." ON \
+ "OPEN" "Each node connect to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
+
+ case "$update_string" in
+ 'MASTER')
+ MASTERUPDATES='1'
+ ;;
+ *)
+ MASTERUPDATES='0'
+ ;;
+ esac
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
}
whiptail_node_updates() {
- NODEUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
- "How would you like to download updates for this node?:" 20 75 4 \
- "MASTER" "Download OS/Docker updates from the Master." ON \
- "OPEN" "Download updates directly from the Internet" OFF 3>&1 1>&2 2>&3 )
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- whiptail_check_exitstatus $exitstatus
+ NODEUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
+ "How would you like to download updates for this node?:" 20 75 4 \
+ "MASTER" "Download OS/Docker updates from the Master." ON \
+ "OPEN" "Download updates directly from the Internet" OFF 3>&1 1>&2 2>&3 )
+
+ local exitstatus=$?
+ whiptail_check_exitstatus $exitstatus
}
whiptail_you_sure() {
- echo "whiptail_you_sure called" >> $SETUPLOG 2>&1
- whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 75
+ [ -n "$TESTING" ] && return
- local exitstatus=$?
- echo "whiptail_you_sure returning $exitstatus" >> $SETUPLOG 2>&1
- return $exitstatus
+ whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 75
+
+ local exitstatus=$?
+ return $exitstatus
}
diff --git a/setup/yum_repos/salt-2019-2.repo b/setup/yum_repos/salt-2019-2.repo
new file mode 100644
index 000000000..1826e0101
--- /dev/null
+++ b/setup/yum_repos/salt-2019-2.repo
@@ -0,0 +1,6 @@
+[saltstack-repo]
+name=SaltStack repo for RHEL/CentOS $releasever PY3
+baseurl=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/2019.2
+enabled=1
+gpgcheck=1
+gpgkey=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/2019.2/SALTSTACK-GPG-KEY.pub
diff --git a/setup/yum_repos/salt-latest.repo b/setup/yum_repos/salt-latest.repo
new file mode 100644
index 000000000..709053a9b
--- /dev/null
+++ b/setup/yum_repos/salt-latest.repo
@@ -0,0 +1,7 @@
+[salt-latest]
+name=SaltStack Latest Release Channel for RHEL/Centos $releasever
+baseurl=https://repo.saltstack.com/py3/redhat/7/$basearch/latest
+failovermethod=priority
+enabled=1
+gpgcheck=1
+gpgkey=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
\ No newline at end of file
diff --git a/setup/yum_repos/wazuh.repo b/setup/yum_repos/wazuh.repo
new file mode 100644
index 000000000..ae462c62f
--- /dev/null
+++ b/setup/yum_repos/wazuh.repo
@@ -0,0 +1,7 @@
+[wazuh_repo]
+gpgcheck=1
+gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
+enabled=1
+name=Wazuh repository
+baseurl=https://packages.wazuh.com/3.x/yum/
+protect=1
diff --git a/upgrade/so-update-functions b/upgrade/so-update-functions
index c5ba05a47..5666fc2d6 100644
--- a/upgrade/so-update-functions
+++ b/upgrade/so-update-functions
@@ -156,12 +156,12 @@ salt_highstate() {
update_held_packages() {
if [ $OS == "centos" ]
- SALTVER=2019.2.3
+ SALTVER=2019.2.4
DOCKERVER=
yum -y --disableexcludes=all update salt-$SALTVER
yum -y --disableexcludes=all update docker-ce-$DOCKERVER
else
- SALTVER=2019.2.3+ds-1
+ SALTVER=2019.2.4+ds-1
DOCKERVER=5:19.03.8~3-0~ubuntu-xenial
fi