From e30958b9eca042ca180ba9ee07455ccdd709eb16 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 24 Sep 2020 11:41:02 -0400
Subject: [PATCH 1/4] Airgap SOUP changes

---
 salt/common/tools/sbin/soup | 74 ++++++++++++++++++++++++++++++++++---
 1 file changed, 69 insertions(+), 5 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index e4582a524..87777c97c 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -36,6 +36,49 @@ manager_check() {
   fi
 }
 
+airgap_mounted() {
+  # Let's see if the ISO is already mounted. 
+  if [ -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
+    echo "The ISO is already mounted"
+  else
+    echo "Looks like we need to mount the ISO"
+    echo "" 
+    echo "You will need the full path of the ISO"
+    echo "Example: /home/user/securityonion-2.3.0.iso"
+    echo ""
+    read -p 'Enter the FULL path of the iso: ' ISOLOC
+    if [ ! -f $ISOLOC ]; then
+      echo "Unable to locate ISO image. Please try soup again"
+      exit 0
+    else
+      # Mounting the ISO
+      mkdir -p /tmp/soagupdate
+      mount -t iso9660 -o loop $ISOLOC /tmp/soagupdate
+      # Make sure mounting was successful
+      if [ ! -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
+        echo "Something went wrong trying to mount the ISO."
+        echo "Ensure you verify the ISO that you downloaded."
+        exit 0
+      else
+        echo "ISO has been mounted!"
+      fi
+    fi
+  fi
+}
+
+check_airgap() {
+  # See if this is an airgap install
+  AIRGAP=$(cat /opt/so/saltstack/local/pillar/global.sls | grep airgap | awk '{print $2}')
+  if [[ "$AIRGAP" == "True" ]]; then
+      is_airgap=true
+      UPDATE_DIR=/tmp/soagupdate/SecurityOnion
+      AGDOCKER=/tmp/soagupdate/docker
+      AGREPO=/tmp/soagupdate/Packages
+  else 
+      is_airgap=false
+  fi
+}
+
 clean_dockers() {
   # Place Holder for cleaning up old docker images
   echo "Trying to clean up old dockers."
@@ -63,7 +106,7 @@ clone_to_tmp() {
 
 copy_new_files() {
   # Copy new files over to the salt dir
-  cd /tmp/sogh/securityonion
+  cd $UPDATE_DIR
   rsync -a salt $DEFAULT_SALT_DIR/
   rsync -a pillar $DEFAULT_SALT_DIR/
   chown -R socore:socore $DEFAULT_SALT_DIR/
@@ -207,6 +250,19 @@ space_check() {
 }
 
 update_dockers() {
+  if [[ $is_airgap ]]; then
+    # Let's copy the tarball
+    if [ ! -f $AGDOCKER/registry.tar ]; then
+      echo "Unable to locate registry. Exiting"
+      exit 0
+    else
+      echo "Stopping the registry docker"
+      docker stop so-dockerregistry
+      docker rm so-dockerregistry
+      echo "Copying the new dockers over"
+      tar xvf $AGDOCKER/registry.tar -C /nsm/docker-registry/docker 
+    fi
+  else
     # List all the containers
     if [ $MANAGERCHECK == 'so-import' ]; then
       TRUSTED_CONTAINERS=( \
@@ -282,7 +338,7 @@ update_dockers() {
       docker tag $IMAGEREPO/$i:$NEWVERSION $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION
       docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION 
     done
-
+  fi
     # Cleanup on Aisle 4
     clean_dockers
 
@@ -345,7 +401,7 @@ upgrade_check_salt() {
 verify_latest_update_script() {
     # Check to see if the update scripts match. If not run the new one.
     CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}')
-    GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup | awk '{print $1}')
+    GITSOUP=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/soup | awk '{print $1}')
     if [[ "$CURRENTSOUP" == "$GITSOUP" ]]; then
       echo "This version of the soup script is up to date. Proceeding."
     else
@@ -377,12 +433,20 @@ done
 echo "Checking to see if this is a manager."
 echo ""
 manager_check
+echo "Checking to see if this is an airgap install"
+echo ""
+check_airgap
 echo "Found that Security Onion $INSTALLEDVERSION is currently installed."
 echo ""
 detect_os
 echo ""
-echo "Cloning Security Onion github repo into $UPDATE_DIR."
-clone_to_tmp
+if [[ $is_airgap ]]; then
+  # Let's mount the ISO since this is airgap
+  airgap_mounted
+else
+  echo "Cloning Security Onion github repo into $UPDATE_DIR."
+  clone_to_tmp
+fi
 echo ""
 echo "Verifying we have the latest soup script."
 verify_latest_update_script

From 6a4d6f7a6d24730ee3ba8e560aa73c3e3cbe4b1b Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 28 Sep 2020 10:12:52 -0400
Subject: [PATCH 2/4] Additional logic

---
 salt/common/tools/sbin/soup | 64 ++++++++++++++++++++++++++++---------
 1 file changed, 49 insertions(+), 15 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 87777c97c..486846551 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -41,17 +41,17 @@ airgap_mounted() {
   if [ -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
     echo "The ISO is already mounted"
   else
-    echo "Looks like we need to mount the ISO"
-    echo "" 
-    echo "You will need the full path of the ISO"
-    echo "Example: /home/user/securityonion-2.3.0.iso"
     echo ""
-    read -p 'Enter the FULL path of the iso: ' ISOLOC
-    if [ ! -f $ISOLOC ]; then
-      echo "Unable to locate ISO image. Please try soup again"
-      exit 0
-    else
-      # Mounting the ISO
+    echo "Looks like we need access to the upgrade content"
+    echo "" 
+    echo "If you just copied the .iso file over you can specify the path."
+    echo "If you burned the ISO to a disk the standard way you can specify the device."
+    echo "Example: /home/user/securityonion-2.X.0.iso"
+    echo "Example: /dev/cdrom"
+    echo ""
+    read -p 'Enter the location of the iso: ' ISOLOC
+    if [ -f $ISOLOC ]; then
+      # Mounting the ISO image
       mkdir -p /tmp/soagupdate
       mount -t iso9660 -o loop $ISOLOC /tmp/soagupdate
       # Make sure mounting was successful
@@ -61,7 +61,20 @@ airgap_mounted() {
         exit 0
       else
         echo "ISO has been mounted!"
-      fi
+      fi  
+    elif [ -f $ISOLOC/SecurityOnion/VERSION ]; then
+      ln -s $ISOLOC /tmp/soagupdate
+      echo "Found the update content"
+    else 
+      mkdir -p /tmp/soagupdate
+      mount $ISOLOC /tmp/soagupdate
+      if [ ! -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
+        echo "Something went wrong trying to mount the device."
+        echo "Ensure you verify the ISO that you downloaded."
+        exit 0
+      else
+        echo "Device has been mounted!"
+      fi        
     fi
   fi
 }
@@ -168,7 +181,6 @@ pillar_changes() {
     [[ "$INSTALLEDVERSION" =~ rc.1 ]] && rc1_to_rc2
     [[ "$INSTALLEDVERSION" =~ rc.2 ]] && rc2_to_rc3
     [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0
-    
 
 }
 
@@ -233,9 +245,12 @@ rc2_to_rc3() {
 
 }
 
-rc3_to_2.3.0() [
-  echo ""
-]
+rc3_to_2.3.0() {
+  # Fix Tab Complete
+  if [ ! -f /etc/profile.d/securityonion.sh ]; then
+    echo "complete -cf sudo" > /etc/profile.d/securityonion.sh
+  fi
+}
 
 space_check() {
   # Check to see if there is enough space
@@ -249,6 +264,19 @@ space_check() {
   
 }
 
+unmount_update() {
+  cd /tmp
+  umount /tmp/soagupdate
+}
+
+update_centos_repo() {
+  # Update the files in the repo
+  echo "Syncing new updates to /nsm/repo"
+  rsync -a $AGDOCKER/repo /nsm/repo
+  echo "Creating repo"
+  createrepo /nsm/repo
+}
+
 update_dockers() {
   if [[ $is_airgap ]]; then
     # Let's copy the tarball
@@ -477,6 +505,11 @@ echo ""
 echo "Updating dockers to $NEWVERSION."
 update_dockers
 
+# Only update the repo if its airgap
+if [ $is_airgap ]; then
+update_centos_repo
+fi
+
 echo ""
 echo "Copying new Security Onion code from $UPDATE_DIR to $DEFAULT_SALT_DIR."
 copy_new_files
@@ -508,6 +541,7 @@ echo "Starting Salt Master service."
 systemctl start salt-master
 highstate
 playbook
+unmount_update
 
 SALTUPGRADED="True"
 if [[ "$SALTUPGRADED" == "True" ]]; then

From 2cdf76473c5341e8927abeaee2ee81759cfbeeb8 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 28 Sep 2020 14:19:43 -0400
Subject: [PATCH 3/4] Add Registry back from cleanup

---
 salt/common/tools/sbin/soup | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 486846551..3032130b3 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -288,7 +288,8 @@ update_dockers() {
       docker stop so-dockerregistry
       docker rm so-dockerregistry
       echo "Copying the new dockers over"
-      tar xvf $AGDOCKER/registry.tar -C /nsm/docker-registry/docker 
+      tar xvf $AGDOCKER/registry.tar -C /nsm/docker-registry/docker
+      docker load -i $AGDOCKER/registry_image.tar 
     fi
   else
     # List all the containers

From 6b8b0f1b26191d7de2edf0b463c6e17923442260 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 28 Sep 2020 16:48:02 -0400
Subject: [PATCH 4/4] Change add registry

---
 salt/common/tools/sbin/soup | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 3032130b3..bb9d9d343 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -96,6 +96,7 @@ clean_dockers() {
   # Place Holder for cleaning up old docker images
   echo "Trying to clean up old dockers."
   docker system prune -a -f
+
 }
 
 clone_to_tmp() {
@@ -289,7 +290,6 @@ update_dockers() {
       docker rm so-dockerregistry
       echo "Copying the new dockers over"
       tar xvf $AGDOCKER/registry.tar -C /nsm/docker-registry/docker
-      docker load -i $AGDOCKER/registry_image.tar 
     fi
   else
     # List all the containers
@@ -370,6 +370,10 @@ update_dockers() {
   fi
     # Cleanup on Aisle 4
     clean_dockers
+    echo "Add Registry back if airgap"
+    if [[ $is_airgap ]]; then
+      docker load -i $AGDOCKER/registry_image.tar
+    fi 
 
 }