Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into issue/5809

2025-12-06 17:22:49 +01:00 · 2021-11-12 15:02:22 -05:00
parent 7f3379e034 8c46a2d1db
commit cc1dea446c
6 changed files with 69 additions and 37 deletions
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -390,20 +390,30 @@ has_uppercase() {
 }
 valid_cidr() {
-	# Verify there is a backslash in the string
+	local cidr=$1
 	echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1
-	local cidr
+	read -r -d '' cidr_python <<- EOM
-	local ip
+	import ipaddress
 	import sys
-	cidr=$(echo "$1" | sed 's/.*\///')
+	def validate_cidr(cidr: str) -> bool:
-	ip=$(echo "$1" | sed 's/\/.*//' )
+	  # We want the string to be a cidr block and not a single ip
 	  if '/' not in cidr:
 	  	return False
 	  try:
 	    ipaddress.ip_network(cidr)
 	  except ValueError:
 	    return False
 	  return True
-	if valid_ip4 "$ip"; then
+	if validate_cidr('$cidr'):
-		[[ $cidr =~ ([0-9]|[1-2][0-9]|3[0-2]) ]] && return 0 || return 1
+	  sys.exit(0)
-	else
+	else:
-		return 1
+	  sys.exit(1)
-	fi
+	EOM
 	python3 -c "$cidr_python"
 	return $?
 }
 valid_cidr_list() {
@@ -447,7 +457,26 @@ valid_hostname() {
 valid_ip4() {
 	local ip=$1
-	echo "$ip" | grep -qP '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$' && return 0 || return 1
+	local ip_python
 	read -r -d '' ip_python <<- EOM
 	import ipaddress
 	import sys
 	def validate_ip(ip: str) -> bool:
 	  try:
 	    ipaddress.ip_address(ip)
 	  except ValueError:
 	    return False
 	  return True
 	if validate_ip('$ip'):
 	  sys.exit(0)
 	else:
 	  sys.exit(1)
 	EOM
 	python3 -c "$ip_python"
 	return $?
 }
 valid_int() {
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -690,9 +690,12 @@ up_2.3.5X_to_2.3.80() {
 }
 up_2.3.80_to_2.3.90() {
  for i in manager eval standalone; do
        echo "soc:" >> /opt/so/saltstack/local/pillar/minions/*$i*.sls
        sed -i "/^soc:/a \\  es_index_patterns: '*:so-*,*:endgame-*'" /opt/so/saltstack/local/pillar/minions/*$i*.sls
  done
  INSTALLEDVERSION=2.3.90
 }
 verify_upgradespace() {
--- a/salt/soc/files/soc/menu.actions.json
+++ b/salt/soc/files/soc/menu.actions.json
@@ -1,4 +1,4 @@
-{% set HIGHLANDER = salt['pillar.get']('global:highlander', False) %}
+{%- set ENDGAMEHOST = salt['pillar.get']('soc:endgamehost', False) %}
 [
  { "name": "actionHunt", "description": "actionHuntHelp", "icon": "fa-crosshairs", "target": "", 
            "links": [
@@ -31,11 +31,10 @@
            "links": [
              "https://www.virustotal.com/gui/search/{value}"
 	    ]}
- {%- if HIGHLANDER %}
+ {%- if ENDGAMEGHOST %}
   {%- set EGHOST = salt['pillar.get']('soc:endgamehost', 'EGHOSTNOTPOPULATED') %}
   ,{ "name": "Endgame", "description": "Endgame Endpoint Investigation and Response", "icon": "fa-external-link-alt", "target": "_blank",
            "links": [
-              "https://{{ EGHOST }}/endpoints/{:agent.id}"
+              "https://{{ ENDGAMEHOST }}/endpoints/{:agent.id}"
            ]}
 {% endif %}
 ]
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1637,13 +1637,14 @@ manager_pillar() {
 	printf '%s\n'\
 		"  kratoskey: '$KRATOSKEY'"\
 		"" >> "$pillar_file"
-
+	printf '%s\n'\
-        if [[ -n $ENDGAMEHOST ]]; then
+		"soc:"\
-        	printf '%s\n'\
+		"  es_index_patterns: '*:so-*,*:endgame-*'"\
-			"soc:"\
+		"" >> "$pillar_file"
-                	"  endgamehost: '$ENDGAMEHOST'"\
+	if [[ -n $ENDGAMEHOST ]]; then
-			"  es_index_patterns: '*:so-*,*:endgame-*'"\
+		printf '%s\n'\
-                	"" >> "$pillar_file"
+			"  endgamehost: '$ENDGAMEHOST'"\
 			"" >> "$pillar_file"
 	fi
 }
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -721,7 +721,7 @@ whiptail_install_type() {
 	# What kind of install are we doing?
 	install_type=$(whiptail --title "$whiptail_title" --radiolist \
-	"Choose install type. See https://docs.securityonion.net/architecture for details." 12 65 5 \
+	"Choose install type. \nSee https://docs.securityonion.net/architecture for details." 13 65 5 \
 		"EVAL" "Evaluation mode (not for production) " ON \
 		"STANDALONE" "Standalone production install " OFF \
 		"DISTRIBUTED" "Distributed install submenu " OFF \
--- a/tests/validation.sh
+++ b/tests/validation.sh
@@ -46,7 +46,7 @@ test_fun 1 valid_fqdn "rwwiv."
 test_fun 1 valid_fqdn ""
-sleep 0.15s
+sleep 0.15
 header "ip4"
@@ -62,13 +62,13 @@ test_fun 1 valid_ip4 "192.168.1.1."
 test_fun 1 valid_ip4 ""
-sleep 0.15s
+sleep 0.15
 header "CIDR (ipv4)"
 test_fun 0 valid_cidr "192.168.1.0/24"
-test_fun 0 valid_cidr "192.168.1.0/12"
+test_fun 0 valid_cidr "192.160.0.0/12"
 test_fun 1 valid_cidr "192.168.1.0"
@@ -78,7 +78,7 @@ test_fun 1 valid_ip4 "/24"
 test_fun 1 valid_cidr ""
-sleep 0.15s
+sleep 0.15
 header "CIDR list"
@@ -90,7 +90,7 @@ test_fun 1 valid_cidr_list "10.0.0.0/8,192.168.0.0/16172.16.0.0/12"
 test_fun 1 valid_cidr_list "10.0.0.0"
-sleep 0.15s
+sleep 0.15
 header "DNS"
@@ -104,7 +104,7 @@ test_fun 1 valid_dns_list "8.8.8.,8.8.4.4"
 test_fun 1 valid_dns_list "192.168.9."
-sleep 0.15s
+sleep 0.15
 header "int (default min: 1, default max: 1000000000)"
@@ -130,7 +130,7 @@ test_fun 1 valid_int "not_a_num"
 test_fun 1 valid_int ""
-sleep 0.15s
+sleep 0.15
 header "hostname"
@@ -146,7 +146,7 @@ test_fun 1 valid_hostname "localhost"
 test_fun 1 valid_hostname ""
-sleep 0.15s
+sleep 0.15
 header "string (default min_length: 1, default max_length: 64)"
@@ -168,7 +168,7 @@ test_fun 1 valid_string "too_long" "" "4"
 test_fun 1 valid_string ""
-sleep 0.15s
+sleep 0.15
 header "Linux user"