From b70d9c089275206daa36f35b0837a07f534a19a5 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Tue, 6 Apr 2021 13:20:46 -0400
Subject: [PATCH 01/13] Add end summary and warning about SSH host key change

---
 setup/so-setup    |   9 +-
 setup/so-whiptail | 203 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 208 insertions(+), 4 deletions(-)

diff --git a/setup/so-setup b/setup/so-setup
index 48322f246..509ad419d 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -572,14 +572,14 @@ fi
 
 if [[ $is_manager || $is_import ]]; then collect_so_allow; fi
 
-whiptail_make_changes
+# This block sets REDIRECTIT which is used by a function outside the below subshell
+set_redirect >> $setup_log 2>&1
+
+whiptail_end_settings
 
 # From here on changes will be made.
 echo "1" > /root/accept_changes
 
-# This block sets REDIRECTIT which is used by a function outside the below subshell
-set_redirect >> $setup_log 2>&1
-
 
 # Begin install
 {
@@ -962,6 +962,7 @@ else
 	} | whiptail_gauge_post_setup "Running post-installation steps..."
 
 	whiptail_setup_complete
+	[[ $setup_type != 'iso' ]] && whitpail_ssh_warning
 	echo "Post-installation steps have completed." >> $setup_log 2>&1
 fi
 
diff --git a/setup/so-whiptail b/setup/so-whiptail
index c71db9508..45b263f96 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -423,6 +423,193 @@ whiptail_enable_components() {
 	done
 }
 
+whiptail_end_settings() {
+	[ -n "$TESTING" ] && return
+
+	# BASIC INFO (NETWORK, HOSTNAME, DESCRIPTION, ETC)
+
+	read -r -d '' end_msg <<- EOM
+	The following options have been set, would you like to proceed?
+
+	Node Type: $install_type
+	Hostname: $HOSTNAME
+	EOM
+
+	[[ -n $NODE_DESCRIPTION ]] && __append_end_msg "Description: $NODE_DESCRIPTION"
+
+	[[ $is_airgap ]] && __append_end_msg "Airgap: True"
+
+	if [[ $is_minion ]]; then 
+		__append_end_msg "Manager Hostname: $MSRV"
+		__append_end_msg "Manager IP: $MSRVIP"
+	fi
+
+
+	[[ $is_iso ]] && __append_end_msg "Network: $address_type"
+
+	__append_end_msg "Management NIC: $MNIC"
+	__append_end_msg "Management IP: $MAINIP"
+
+	if [[ $address_type == 'STATIC' ]]; then
+		__append_end_msg "Gateway: $MGATEWAY"
+		__append_end_msg "DNS: $MDNS"
+		__append_end_msg "DNS Domain: $MSEARCH"
+	fi
+
+	if [[ $is_sensor ]]; then
+		__append_end_msg "Bond NIC(s):"
+		for nic in "${BNICS[@]}"; do
+			__append_end_msg "  - $nic"
+		done
+	fi
+
+	local homenet_arr
+	if [[ -n $HNMANAGER ]]; then
+		__append_end_msg "Home Network(s):"
+		IFS="," read -r -a homenet_arr <<< "$HNMANAGER"
+		for net in "${homenet_arr[@]}"; do
+			__append_end_msg "  - $net"
+		done
+	elif [[ -n $HNSENSOR ]]; then
+		__append_end_msg "Home Network(s):"
+		IFS="," read -r -a homenet_arr <<< "$HNSENSOR"
+		for net in "${homenet_arr[@]}"; do
+			__append_end_msg "  - $net"
+		done
+	fi
+
+	[[ -n $REDIRECTIT ]] && __append_end_msg "Access URL: https://${REDIRECTIT}"
+
+	[[ -n $ALLOW_CIDR ]] && __append_end_msg "Allowed IP or Subnet: $ALLOW_CIDR"
+
+	[[ -n $WEBUSER ]] && __append_end_msg "Web User: $WEBUSER"
+
+	[[ -n $FLEETNODEUSER ]] && __append_end_msg "Fleet User: $FLEETNODEUSER"
+
+	if [[ $is_manager ]]; then
+		__append_end_msg "Enabled Optional Components:"
+		for component in "${COMPONENTS[@]}"; do
+			__append_end_msg "  - $component"
+		done
+	fi
+	
+	# METADATA / IDS
+
+	if [[ -n $ZEEKVERSION ]]; then
+		local md_tool_string=${ZEEKVERSION,;}
+		md_tool_string=${md_tool_string^}
+
+		__append_end_msg "Metadata Tool: $md_tool_string"
+	fi
+
+	[[ -n $RULESETUP ]] && __append_end_msg "IDS Ruleset: $RULESETUP"
+	[[ -n $OINKCODE ]] && __append_end_msg "Oinkcode: $OINKCODE"
+
+	# PATCH SCHEDULE
+
+	[[ -n $PATCHSCHEDULENAME ]] && __append_end_msg "Patch schedule: $PATCHSCHEDULENAME"
+	
+	if [[ ${#PATCHSCHEDULEDAYS[@]} -gt 0 ]]; then
+		__append_end_msg "Day(s):"
+		for day in "${PATCHSCHEDULEDAYS[@]}"; do
+			__append_end_msg "  - $day"
+		done
+	fi
+
+	if [[ ${#PATCHSCHEDULEHOURS[@]} -gt 0 ]]; then
+		__append_end_msg "Hours(s):"
+		for hour in "${PATCHSCHEDULEHOURS[@]}"; do
+			__append_end_msg "  - $hour"
+		done
+	fi
+
+	# MISC
+
+	[[ $is_helix ]] && __append_end_msg "Helix API key: $HELIXAPIKEY"
+	[[ -n $DOCKERNET ]] && __append_end_msg "Docker network: $DOCKERNET"
+	if [[ -n $MANAGERUPDATES ]]; then
+		__append_end_msg "OS Package Updates: Manager"
+	else
+		__append_end_msg "OS Package Updates: Open"
+	fi
+	if [[ ${#ntp_servers[@]} -gt 0 ]]; then
+		__append_end_msg "NTP Servers:"
+		for server in "${ntp_servers[@]}"; do
+			__append_end_msg "  - $server"
+		done
+	fi
+
+	# ADVANCED OR REGULAR
+
+	if [[ $NODESETUP == 'NODEADVANCED' ]]; then
+		__append_end_msg "Advanced Node Settings:"
+		__append_end_msg "  Elasticsearch Heap Size: $NODE_ES_HEAP_SIZE"
+		__append_end_msg "  Logstash Heap Size: $NODE_LS_HEAP_SIZE"
+		__append_end_msg "  Logstash Worker Count: $LSPIPELINEWORKERS"
+		__append_end_msg "  Logstash Batch Size: $LSPIPELINEBATCH"
+		__append_end_msg "  Logstash Input Threads: $LSINPUTTHREADS"
+		__append_end_msg "  Curator Day Cutoff: $CURCLOSEDAYS days"
+		__append_end_msg "  Elasticsearch Storage Space: ${log_size_limit}GB"
+	else
+		__append_end_msg "Elasticsearch Heap Size: $NODE_ES_HEAP_SIZE"
+		__append_end_msg "Logstash Heap Size: $NODE_LS_HEAP_SIZE"
+		__append_end_msg "Logstash Worker Count: $LSPIPELINEWORKERS"
+		__append_end_msg "Logstash Batch Size: $LSPIPELINEBATCH"
+		__append_end_msg "Logstash Input Threads: $LSINPUTTHREADS"
+		__append_end_msg "Curator Close After: $CURCLOSEDAYS days"
+		__append_end_msg "Elasticsearch Storage Space: ${log_size_limit}GB"
+	fi
+
+
+	# ADVANCED
+	if [[ $MANAGERADV == 'ADVANCED' ]]; then
+		__append_end_msg "Advanced Manager Settings:"
+		__append_end_msg "  ES Cluster Name: $ESCLUSTERNAME"
+		if [[ ${#BLOGS[@]} -gt 0 ]]; then
+			__append_end_msg "  Zeek Logs Enabled:"
+			for log in "${BLOGS[@]}"; do
+				__append_end_msg "    - $log"
+			done
+		fi
+	fi
+
+	if [[ $NSMSETUP == 'ADVANCED' ]]; then
+		__append_end_msg "Advanced NSM Settings:"
+		if [[ ${#ZEEKPINS[@]} -gt 0 ]]; then
+			local zeek_pin_str
+			for core in "${ZEEKPINS[@]}"; do
+				zeek_pin_str="${zeek_pin_str}${core},"
+			done
+			zeek_pin_str=${zeek_pin_str%,}
+			__append_end_msg "  Zeek Pinned Cores: ${zeek_pin_str}"
+		fi
+		if [[ ${#SURIPINS[@]} -gt 0 ]]; then
+			local suri_pin_str
+			for core in "${SURIPINS[@]}"; do
+				suri_pin_str="${suri_pin_str}${core},"
+			done
+			suri_pin_str=${suri_pin_str%,}
+			__append_end_msg "  Suricata Pinned Cores: ${suri_pin_str}"
+		fi
+	else
+		[[ -n $BASICZEEK ]] && __append_end_msg "  Zeek Processes: $BASICZEEK"
+		[[ -n $BASICSURI ]] && __append_end_msg "  Suricata Processes: $BASICSURI"
+	fi
+
+	whiptail --yesno "$end_msg" 24 75 --scrolltext
+	local exitstatus=$?
+	whiptail_check_exitstatus
+}
+
+__append_end_msg() {
+	local newline=$1
+
+	read -r -d '' end_msg <<- EOM
+	$end_msg
+	$newline
+	EOM
+}
+
 whiptail_eval_adv() {
 
 	[ -n "$TESTING" ] && return
@@ -1491,6 +1678,22 @@ whiptail_so_allow() {
 	whiptail_check_exitstatus $exitstatus
 }
 
+whitpail_ssh_warning() {
+	[ -n "$TESTING" ] && return
+
+	local msg
+
+	read -r -d '' msg <<- EOM
+	NOTE: You will recceive a warning upon SSH reconnect that the host key has changed.
+
+	This is expected due to hardening of the OpenSSH server config.
+	
+	The host key algorithm will now be ED25519, follow the instructions given by your SSH client to remove the old key fingerprint then retry the connection.
+	EOM
+
+	whiptail --msgbox "$msg" 14 75
+}
+
 whiptail_storage_requirements() {
 	local mount=$1
 	local current_val=$2

From 6d6829ba340a86d9ef2150c34765c305dd1d1558 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Tue, 6 Apr 2021 13:21:07 -0400
Subject: [PATCH 02/13] Remove duplicate variable assignment

---
 setup/so-setup | 1 -
 1 file changed, 1 deletion(-)

diff --git a/setup/so-setup b/setup/so-setup
index 509ad419d..5b1a7417c 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -558,7 +558,6 @@ if [[ $is_node && ! $is_eval ]]; then
 		LSPIPELINEWORKERS=$num_cpu_cores
 		LSPIPELINEBATCH=125
 		LSINPUTTHREADS=1
-		LSPIPELINEBATCH=125
 	fi
 fi
 

From 099ac2ff19a86d2ffbf658a60b42266ba8e868aa Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 7 Apr 2021 09:06:22 -0400
Subject: [PATCH 03/13] Minor formatting changes to whiptail end screen

---
 setup/so-whiptail | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index 45b263f96..e81c0be7c 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -429,8 +429,6 @@ whiptail_end_settings() {
 	# BASIC INFO (NETWORK, HOSTNAME, DESCRIPTION, ETC)
 
 	read -r -d '' end_msg <<- EOM
-	The following options have been set, would you like to proceed?
-
 	Node Type: $install_type
 	Hostname: $HOSTNAME
 	EOM
@@ -539,6 +537,11 @@ whiptail_end_settings() {
 		done
 	fi
 
+	if [[ $NSMSETUP != 'ADVANCED' ]]; then
+		[[ -n $BASICZEEK ]] && __append_end_msg "Zeek Processes: $BASICZEEK"
+		[[ -n $BASICSURI ]] && __append_end_msg "Suricata Processes: $BASICSURI"
+	fi
+
 	# ADVANCED OR REGULAR
 
 	if [[ $NODESETUP == 'NODEADVANCED' ]]; then
@@ -591,14 +594,12 @@ whiptail_end_settings() {
 			suri_pin_str=${suri_pin_str%,}
 			__append_end_msg "  Suricata Pinned Cores: ${suri_pin_str}"
 		fi
-	else
-		[[ -n $BASICZEEK ]] && __append_end_msg "  Zeek Processes: $BASICZEEK"
-		[[ -n $BASICSURI ]] && __append_end_msg "  Suricata Processes: $BASICSURI"
 	fi
 
-	whiptail --yesno "$end_msg" 24 75 --scrolltext
+	whiptail --title "The following options have been set, would you like to proceed?" --yesno "$end_msg" 24 75 --scrolltext
+
 	local exitstatus=$?
-	whiptail_check_exitstatus
+	whiptail_check_exitstatus $exitstatus
 }
 
 __append_end_msg() {

From 88c565feae5934fe5a327201ec570188c802559c Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 7 Apr 2021 10:14:16 -0400
Subject: [PATCH 04/13] Fix proxy test logic

---
 setup/so-functions | 4 +++-
 setup/so-whiptail  | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index 8a751a4ad..e2e779775 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -563,7 +563,7 @@ collect_patch_schedule_name_import() {
 
 collect_proxy() {
 	[[ -n $TESTING ]] && return
-	collect_proxy_details
+	collect_proxy_details || return
 	while ! proxy_validate; do
 		if whiptail_invalid_proxy; then
 			collect_proxy_details no_ask
@@ -608,6 +608,8 @@ collect_proxy_details() {
 			so_proxy="$proxy_addr"
 		fi
 		export so_proxy
+	else
+		return 1
 	fi
 }
 
diff --git a/setup/so-whiptail b/setup/so-whiptail
index e81c0be7c..fddf3b0fa 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -391,6 +391,7 @@ whiptail_dockernet_net() {
 	whiptail_check_exitstatus $exitstatus
 
 }
+
 whiptail_enable_components() {
 
 	[ -n "$TESTING" ] && return

From 5b3014496bdd493211bfd376f26dc91cddb1eece Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 7 Apr 2021 10:35:59 -0400
Subject: [PATCH 05/13] Proxy fixes

* Adjust proxy test timeout
* Don't show proxy on error
* Add echo statement so user knows what setup is doing
---
 setup/so-functions | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/setup/so-functions b/setup/so-functions
index e2e779775..0724f5851 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1872,12 +1872,13 @@ print_salt_state_apply() {
 }
 
 proxy_validate() {
+	echo "Testing proxy..."
 	local test_url="https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS"
-	proxy_test_err=$(curl -sS "$test_url" --proxy "$so_proxy" 2>&1)
+	proxy_test_err=$(curl -sS "$test_url" --proxy "$so_proxy" --connect-timeout 5 2>&1) # set short connection timeout so user doesn't sit waiting for proxy test to timeout
 	local ret=$?
 
 	if [[ $ret != 0 ]]; then
-		error "Could not reach $test_url using proxy $so_proxy"
+		error "Could not reach $test_url using proxy provided"
 		error "Received error: $proxy_test_err"
 		if [[ -n $TESTING ]]; then
 			error "Exiting setup"

From ceb1ea61dcf25f3e9dfc021b11d0ff3e53240b40 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 7 Apr 2021 13:15:49 -0400
Subject: [PATCH 06/13] Summary screen changes

---
 setup/so-whiptail | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index fddf3b0fa..eccf8c69c 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -460,6 +460,7 @@ whiptail_end_settings() {
 		for nic in "${BNICS[@]}"; do
 			__append_end_msg "  - $nic"
 		done
+		__append_end_msg "MTU: $MTU"
 	fi
 
 	local homenet_arr
@@ -506,20 +507,25 @@ whiptail_end_settings() {
 
 	# PATCH SCHEDULE
 
-	[[ -n $PATCHSCHEDULENAME ]] && __append_end_msg "Patch schedule: $PATCHSCHEDULENAME"
-	
-	if [[ ${#PATCHSCHEDULEDAYS[@]} -gt 0 ]]; then
-		__append_end_msg "Day(s):"
-		for day in "${PATCHSCHEDULEDAYS[@]}"; do
-			__append_end_msg "  - $day"
-		done
-	fi
-
-	if [[ ${#PATCHSCHEDULEHOURS[@]} -gt 0 ]]; then
-		__append_end_msg "Hours(s):"
-		for hour in "${PATCHSCHEDULEHOURS[@]}"; do
-			__append_end_msg "  - $hour"
-		done
+	if [[ -n $PATCHSCHEDULENAME ]]; then
+		__append_end_msg "Patch Schedule:"
+		if [[ $PATCHSCHEDULENAME != 'auto' && $PATCHSCHEDULENAME != 'manual' ]]; then
+			__append_end_msg "  Type: $PATCHSCHEDULENAME"
+		else
+			__append_end_msg "  Name: $PATCHSCHEDULENAME"
+		fi
+		if [[ ${#PATCHSCHEDULEDAYS[@]} -gt 0 ]]; then
+			__append_end_msg "  Day(s):"
+			for day in "${PATCHSCHEDULEDAYS[@]}"; do
+				__append_end_msg "    - $day"
+			done
+		fi
+		if [[ ${#PATCHSCHEDULEHOURS[@]} -gt 0 ]]; then
+			__append_end_msg "  Hours(s):"
+			for hour in "${PATCHSCHEDULEHOURS[@]}"; do
+				__append_end_msg "    - $hour"
+			done
+		fi
 	fi
 
 	# MISC

From 377b14ccb1dab47eb8d6743cf626d047551f99fa Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 7 Apr 2021 13:20:55 -0400
Subject: [PATCH 07/13] ESCLUSTERNAME is empty for standalone, so check if it's
 set before listing

---
 setup/so-whiptail | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index eccf8c69c..2522e65f9 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -574,7 +574,7 @@ whiptail_end_settings() {
 	# ADVANCED
 	if [[ $MANAGERADV == 'ADVANCED' ]]; then
 		__append_end_msg "Advanced Manager Settings:"
-		__append_end_msg "  ES Cluster Name: $ESCLUSTERNAME"
+		[[ -n $ESCLUSTERNAME ]] && __append_end_msg "  ES Cluster Name: $ESCLUSTERNAME"
 		if [[ ${#BLOGS[@]} -gt 0 ]]; then
 			__append_end_msg "  Zeek Logs Enabled:"
 			for log in "${BLOGS[@]}"; do

From f83ac5a2788089946ab5dc79a5bdb06e712bce04 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 7 Apr 2021 13:38:47 -0400
Subject: [PATCH 08/13] Print install summary to file and setup log after user
 confirms

---
 setup/so-whiptail | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index 2522e65f9..3e4a79a91 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -607,6 +607,9 @@ whiptail_end_settings() {
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
+
+	echo "$end_msg" > /root/install_summary
+	printf '%s\n' 'Install summary:' "$end_msg" >> "$setup_log"
 }
 
 __append_end_msg() {

From ec076bba4ae58d11a92974b39d84cf44b80783e4 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 7 Apr 2021 13:42:18 -0400
Subject: [PATCH 09/13] MTU is not always set by the user, so don't always show
 in summary

---
 setup/so-whiptail | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index 3e4a79a91..7c2665363 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -460,7 +460,7 @@ whiptail_end_settings() {
 		for nic in "${BNICS[@]}"; do
 			__append_end_msg "  - $nic"
 		done
-		__append_end_msg "MTU: $MTU"
+		[[ -n $MTU ]] && __append_end_msg "MTU: $MTU"
 	fi
 
 	local homenet_arr

From 3a4cf8aa269cc1dee056f27a4d54eb784fb5d1ae Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 7 Apr 2021 13:54:01 -0400
Subject: [PATCH 10/13] Add proxy url/user to summary

---
 setup/so-whiptail | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index 7c2665363..000aa2ba4 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -449,6 +449,14 @@ whiptail_end_settings() {
 	__append_end_msg "Management NIC: $MNIC"
 	__append_end_msg "Management IP: $MAINIP"
 
+	if [[ -n $so_proxy ]]; then
+		__append_end_msg "Proxy:"
+		__append_end_msg "  Server URL: $proxy_addr"
+		[[ -n $proxy_user ]] && __append_end_msg "  User: $proxy_user"
+	else
+		__append_end_msg "Proxy: N/A"
+	fi
+
 	if [[ $address_type == 'STATIC' ]]; then
 		__append_end_msg "Gateway: $MGATEWAY"
 		__append_end_msg "DNS: $MDNS"

From 3c69c0c24cbb501e628dc40ab00cf50092589298 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 7 Apr 2021 14:15:02 -0400
Subject: [PATCH 11/13] Correct patch schedule name logic in summary

---
 setup/so-whiptail | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index 000aa2ba4..33053a273 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -517,7 +517,7 @@ whiptail_end_settings() {
 
 	if [[ -n $PATCHSCHEDULENAME ]]; then
 		__append_end_msg "Patch Schedule:"
-		if [[ $PATCHSCHEDULENAME != 'auto' && $PATCHSCHEDULENAME != 'manual' ]]; then
+		if [[ $PATCHSCHEDULENAME == 'auto'|| $PATCHSCHEDULENAME == 'manual' ]]; then
 			__append_end_msg "  Type: $PATCHSCHEDULENAME"
 		else
 			__append_end_msg "  Name: $PATCHSCHEDULENAME"

From a5f5888913e00ab59d3459701d01f37e6e357b1e Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 7 Apr 2021 17:03:08 -0400
Subject: [PATCH 12/13] Summary order change

---
 setup/so-whiptail | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index 33053a273..493ae7a68 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -449,6 +449,12 @@ whiptail_end_settings() {
 	__append_end_msg "Management NIC: $MNIC"
 	__append_end_msg "Management IP: $MAINIP"
 
+	if [[ $address_type == 'STATIC' ]]; then
+		__append_end_msg "Gateway: $MGATEWAY"
+		__append_end_msg "DNS: $MDNS"
+		__append_end_msg "DNS Domain: $MSEARCH"
+	fi
+
 	if [[ -n $so_proxy ]]; then
 		__append_end_msg "Proxy:"
 		__append_end_msg "  Server URL: $proxy_addr"
@@ -457,12 +463,6 @@ whiptail_end_settings() {
 		__append_end_msg "Proxy: N/A"
 	fi
 
-	if [[ $address_type == 'STATIC' ]]; then
-		__append_end_msg "Gateway: $MGATEWAY"
-		__append_end_msg "DNS: $MDNS"
-		__append_end_msg "DNS Domain: $MSEARCH"
-	fi
-
 	if [[ $is_sensor ]]; then
 		__append_end_msg "Bond NIC(s):"
 		for nic in "${BNICS[@]}"; do

From b53815d04af3731f59fdf466653f040715d10f7f Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 8 Apr 2021 11:42:41 -0400
Subject: [PATCH 13/13] Fix Telegraf sostatus

---
 salt/telegraf/etc/telegraf.conf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf
index f6bcbdaf5..1b172485b 100644
--- a/salt/telegraf/etc/telegraf.conf
+++ b/salt/telegraf/etc/telegraf.conf
@@ -663,6 +663,15 @@
 
 # # Read metrics from one or more commands that can output to stdout
 
+[[inputs.exec]]
+   commands = [
+      "/scripts/sostatus.sh"
+   ]
+   data_format = "influx"
+   timeout = "15s"
+   interval = "180s"
+
+
 #   ## Commands array
 {% if grains['role'] in ['so-manager', 'so-managersearch'] %}
 [[inputs.exec]]