[feat][WIP] Add option to run so-allow -a <ip/cidr> during setup

salt/common/tools/sbin/so-allow

@@ -89,7 +89,7 @@ if [ "$SKIP" -eq 0 ]; then
     echo "[p] - Wazuh API - port 55000/tcp"
     echo "[r] - Wazuh registration service - 1515/tcp"
     echo ""
-    echo "Please enter your selection (a - analyst, b - beats, o - osquery, w - wazuh):"
+    echo "Please enter your selection:"
     read -r ROLE
     echo "Enter a single ip address or range to allow (example: 10.10.10.10 or 10.10.0.0/16):"
     read -r IP

setup/so-setup

@@ -331,6 +331,8 @@ else
 	FLEETNODEPASSWD1=$WEBPASSWD1
 fi
 
+if [[ $is_master ]]; then whiptail_so_allow; fi
+
 whiptail_make_changes
 
 if [[ -n "$TURBO" ]]; then
@@ -620,7 +622,7 @@ if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then
 	IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1
 fi
 
-if [[ $success != 0 || $SO_ERROR == 1 ]]; then whiptail_setup_failed
+if [[ $success != 0 || -n $SO_ERROR ]]; then whiptail_setup_failed
 else 
 	whiptail_setup_complete
 	if [[ $THEHIVE == 1 ]]; then check_hive_init; fi

setup/so-whiptail

@@ -435,9 +435,7 @@ whiptail_homenet_sensor() {
 		whiptail_check_exitstatus $exitstatus
 
 		export HNSENSOR
-
 	fi
-
 }
 
 whiptail_install_type() {
@@ -1057,6 +1055,29 @@ whiptail_shard_count() {
 
 }
 
+whiptail_so_allow() {
+
+	[ -n "$TESTING" ] && return
+
+	whiptail --title "Security Onion Setup" \
+	--yesno "Do you want to run so-allow to allow access to the web tools?" \
+	8 75
+
+	local exitstatus=$?
+
+	if [[ $exitstatus == 0 ]]; then
+		ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \
+		--inputbox "Enter a single ip address or range (in CIDR notation) to allow" \
+		10 75 125 3>&1 1>&2 2>&3)
+		local exitstatus=$?
+		
+		export ALLOW_ROLE='a'
+		export ALLOW_CIDR
+	fi
+
+	whiptail_check_exitstatus $exitstatus
+}
+
 whiptail_strelka_rules() {
 
         [ -n "$TESTING" ] && return
@@ -1073,7 +1094,6 @@ whiptail_strelka_rules() {
                 export STRELKARULES
 
         fi
-
 }
 
 whiptail_suricata_pins() {