Merge pull request #4835 from Security-Onion-Solutions/feature/uppercase-warning

Show warning to user when trying to use uppercase characters in hostname or domain name
2025-12-07 09:42:46 +01:00 · 2021-07-16 15:44:47 -04:00
parent 7f9d0b59b8 0deb77468f
commit c2fc2df54c
3 changed files with 72 additions and 14 deletions
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -372,6 +372,14 @@ set_version() {
 	fi
 }

+has_uppercase() {
+	local string=$1
+
+	echo "$string" | grep -qP '[A-Z]' \
+		&& return 0 \
+		|| return 1
+}
+
 valid_cidr() {
 	# Verify there is a backslash in the string
 	echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -423,14 +423,28 @@ collect_homenet_snsr() {
 }

 collect_hostname() {
+	collect_hostname_validate
+
+	while has_uppercase "$HOSTNAME"; do
+		if ! (whiptail_uppercase_warning); then
+			collect_hostname_validate
+		else
+			no_use_hostname=true
+			break
+		fi
+	done
+}
+
+collect_hostname_validate() {
 	if [[ $automated == no ]] && [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi

 	whiptail_set_hostname "$HOSTNAME"

-	if [[ $HOSTNAME == 'securityonion' ]]; then # Will only check HOSTNAME=securityonion once
+	if [[ -z $default_hostname_flag ]] && [[ $HOSTNAME == 'securityonion' ]]; then # Will only check HOSTNAME=securityonion once
 		if ! (whiptail_avoid_default_hostname); then
 			whiptail_set_hostname "$HOSTNAME"
 		fi
+		default_hostname_flag=true
 	fi

 	while ! valid_hostname "$HOSTNAME"; do
@@ -648,7 +662,23 @@ collect_proxy_details() {
 }

 collect_redirect_host() {
-	whiptail_set_redirect_host "$HOSTNAME"
+	collect_redirect_host_validate
+
+	while has_uppercase "$REDIRECTHOST"; do
+		local text
+		! valid_hostname "$REDIRECTHOST" && text="domain name" || text="hostname"
+		if ! (whiptail_uppercase_warning "$text"); then
+			collect_redirect_host_validate "$REDIRECTHOST"
+		else
+			break
+		fi
+	done
+}
+
+collect_redirect_host_validate() {
+	local prefill=${1:-$HOSTNAME}
+
+	whiptail_set_redirect_host "$prefill"

 	while ! valid_ip4 "$REDIRECTHOST" && ! valid_hostname "$REDIRECTHOST" && ! valid_fqdn "$REDIRECTHOST"; do
 		whiptail_invalid_input
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -1661,11 +1661,16 @@ whiptail_set_redirect() {

 	[ -n "$TESTING" ] && return

+	local options=()
+	options+=( "IP" "Use IP address to access the web interface" ON )
+	[[ $no_use_hostname != true ]] && options+=( "HOSTNAME" "Use hostname to access the web interface" OFF )
+	options+=("OTHER" "Use a different name like a FQDN or Load Balancer" OFF)
+
 	REDIRECTINFO=$(whiptail --title "$whiptail_title" --radiolist \
-	"How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \
-	"IP" "Use IP address to access the web interface" ON  \
-	"HOSTNAME" "Use hostname to access the web interface" OFF \
-	"OTHER" "Use a different name like a FQDN or Load Balancer" OFF 3>&1 1>&2 2>&3 )
+		"How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \
+		"${options[@]}" \
+		3>&1 1>&2 2>&3 
+	)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 }
@@ -1844,18 +1849,33 @@ whiptail_suricata_pins() {

 }

-whiptail_node_updates() {
+# shellcheck disable=2120
+whiptail_uppercase_warning() {
+	local type=$1

-	[ -n "$TESTING" ] && return
+	local msg
+	if [[ -z $type ]]; then
+		type="hostname"
+		read -r -d '' msg <<- EOM
+		The value "$HOSTNAME" contains uppercase characters.
+		
+		Continuing with this hostname could render the system unusable in certain cases, and will also disable the option later in setup to access Security Onion's web interface via the hostname.
+		EOM
+	else
+		read -r -d '' msg <<- EOM
+		The value "$REDIRECTHOST" contains uppercase characters.
+		
+		Continuing with this value could render the system unusable in certain cases.
+		EOM
+	fi

-	NODEUPDATES=$(whiptail --title "$whiptail_title" --radiolist \
-	"How would you like to download OS package updates for your grid?" 20 75 4 \
-	"MANAGER" "Manager node is proxy for updates." ON \
-	"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
+	read -r -d '' msg <<- EOM
+	$msg

-	local exitstatus=$?
-	whiptail_check_exitstatus $exitstatus
+	For best results, it is recommended to only use lowercase ${type}s with Security Onion. For more information see https://docs.securityonion.com/uppercase (URL TBD)
+	EOM

+	whiptail --title "$whiptail_title" --yesno "$msg" --yes-button "Continue anyway" --no-button "Go back" --defaultno 16 75
 }

 whiptail_you_sure() {