Setup Script - New Changes for 1.1.1

2025-12-06 09:12:45 +01:00 · 2019-09-24 12:32:08 -04:00
parent b1f582d218
commit d65c900981
1 changed files with 106 additions and 22 deletions
--- a/so-setup-network.sh
+++ b/so-setup-network.sh
@@ -61,17 +61,33 @@ add_master_hostfile() {
 }
 add_socore_user_master() {
-  echo "Add socore on the master" >> $SETUPLOG 2>&1
+
  echo "Add socore on the master" >>~/sosetup.log 2>&1
  # Add user "socore" to the master. This will be for things like accepting keys.
  if [ $OS == 'centos' ]; then
    local ADDUSER=adduser
  else
    local ADDUSER=useradd
  fi
  # Add user "socore" to the master. This will be for things like accepting keys.
  groupadd --gid 939 socore
  $ADDUSER --uid 939 --gid 939 --home-dir /opt/so socore
-  # Prompt the user to set a password for the user
+  # Set the password for socore that we got during setup
-  passwd socore
+  echo socore:$COREPASS1 | chpasswd --crypt-method=SHA512
 }
 #add_socore_user_master() {
 #  echo "Add socore on the master" >> $SETUPLOG 2>&1
 #  if [ $OS == 'centos' ]; then
 #    local ADDUSER=adduser
 #  else
 #    local ADDUSER=useradd
 #  fi
 #  # Add user "socore" to the master. This will be for things like accepting keys.
 #  groupadd --gid 939 socore
 #  $ADDUSER --uid 939 --gid 939 --home-dir /opt/so socore
 #  # Prompt the user to set a password for the user
 #  passwd socore
 }
@@ -168,6 +184,16 @@ checkin_at_boot() {
  echo "startup_states: highstate" >> /etc/salt/minion
 }
 check_socore_pass() {
  if [ $COREPASS1 == $COREPASS2 ]; then
    SCMATCH=yes
  else
    whiptail_passwords_dont_match
  fi
 }
 chown_salt_master() {
  echo "Chown the salt dirs on the master for socore" >> $SETUPLOG 2>&1
@@ -910,6 +936,14 @@ sensor_pillar() {
 }
 set_hostname() {
  hostnamectl set-hostname $HOSTNAME
  echo "127.0.0.1   $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost4 localhost4.localdomain" > /etc/hosts
  echo "::1   localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts
 }
 set_initial_firewall_policy() {
  get_main_ip
@@ -1090,6 +1124,27 @@ whiptail_check_exitstatus() {
 }
 whiptail_create_socore_user() {
  whiptail --title "Security Onion Setup" --msgbox "Set a password for the socore user. This account is used \
  for adding sensors remotely." 8 78
 }
 whiptail_create_socore_user_password1() {
  COREPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
  "Enter a password for user socore" 10 60 3>&1 1>&2 2>&3)
 }
 whiptail_create_socore_user_password2() {
  COREPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
  "Re-enter a password for user socore" 10 60 3>&1 1>&2 2>&3)
 }
 whiptail_cur_close_days() {
  CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
@@ -1376,6 +1431,12 @@ whiptail_node_ls_input_batch_count() {
 }
 whiptail_passwords_dont_match() {
  whiptail --title "Security Onion Setup" --msgbox "Passwords don't match. Please re-enter." 8 78
 }
 whiptail_rule_setup() {
  # Get pulled pork info
@@ -1403,6 +1464,16 @@ whiptail_sensor_config() {
 }
 whiptail_set_hostname() {
  HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
  "Enter the Hostname you would like to set." 10 60 localhost 3>&1 1>&2 2>&3)
  local exitstatus=$?
  whiptail_check_exitstatus $exitstatus
 }
 whiptail_setup_complete() {
  whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE." 8 78
@@ -1499,6 +1570,9 @@ if (whiptail_you_sure); then
  # Let folks know they need their management interface already set up.
  whiptail_network_notice
  # Set the hostname to reduce errors
  whiptail_set_hostname
  # Go ahead and gen the keys so we can use them for any sensor type - Disabled for now
  #minio_generate_keys
@@ -1548,8 +1622,13 @@ if (whiptail_you_sure); then
      fi
    fi
    whiptail_create_socore_user
    whiptail_create_socore_user_password1
    whiptail_create_socore_user_password2
    # Last Chance to back out
    whiptail_make_changes
    set_hostname
    generate_passwords
    auth_pillar
    clear_master
@@ -1563,9 +1642,9 @@ if (whiptail_you_sure); then
    get_main_ip
    # Add the user so we can sit back and relax
-    echo ""
+    #echo ""
-    echo "**** Please set a password for socore. You will use this password when setting up other Nodes/Sensors"
+    #echo "**** Please set a password for socore. You will use this password when setting up other Nodes/Sensors"
-    echo ""
+    #echo ""
    add_socore_user_master
    # Install salt and dependencies
@@ -1681,6 +1760,7 @@ if (whiptail_you_sure); then
      whiptail_basic_suri
    fi
    whiptail_make_changes
    set_hostname
    clear_master
    mkdir -p /nsm
    get_filesystem_root
@@ -1763,8 +1843,11 @@ if (whiptail_you_sure); then
    BROVERSION=ZEEK
    CURCLOSEDAYS=30
    process_components
    whiptail_create_socore_user
    whiptail_create_socore_user_password1
    whiptail_create_socore_user_password2
    whiptail_make_changes
-    #eval_mode_hostsfile
+    set_hostname
    generate_passwords
    auth_pillar
    clear_master
@@ -1913,6 +1996,7 @@ if (whiptail_you_sure); then
      LSINPUTBATCHCOUNT=125
    fi
    whiptail_make_changes
    set_hostname
    clear_master
    mkdir -p /nsm
    get_filesystem_root
@@ -1958,22 +2042,22 @@ if (whiptail_you_sure); then
      whiptail_setup_failed
    fi
-    set_initial_firewall_policy
+    #set_initial_firewall_policy
-    saltify
+    #saltify
-    docker_install
+    #docker_install
-    configure_minion node
+    #configure_minion node
-    set_node_type
+    #set_node_type
-    node_pillar
+    #node_pillar
-    copy_minion_pillar nodes
+    #copy_minion_pillar nodes
-    salt_checkin
+    #salt_checkin
    # Accept the Salt Key
-    accept_salt_key_remote
+    #accept_salt_key_remote
    # Do the big checkin but first let them know it will take a bit.
-    salt_checkin_message
+    #salt_checkin_message
-    salt_checkin
+    #salt_checkin
-    checkin_at_boot
+    #checkin_at_boot
-    whiptail_setup_complete
+    #whiptail_setup_complete
  fi
 else