From 5d0a7f99e91aee191266d0e122cd158e73bb6e30 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 26 May 2020 18:45:29 -0400 Subject: [PATCH 1/3] Improve logging of automated setup --- setup/so-setup | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index fdc69076b..0d309bfc3 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -28,6 +28,8 @@ automation=$2 automated=no +echo "---- Starting setup at $(date -u) ----" >> $setup_log 2>&1 + function progress() { if [ $automated == no ]; then whiptail --title "Security Onion Install" --gauge 'Please wait while installing' 6 60 0 @@ -35,31 +37,51 @@ function progress() { } if [[ -f automation/$automation && $(basename $automation) == $automation ]]; then - echo "Preselecting variable values based on automated setup: $automation" + echo "Preselecting variable values based on automated setup: $automation" >> $setup_log 2>&1 source automation/$automation automated=yes + echo "Checking network configuration" >> $setup_log 2>&1g + ip a >> $setup_log 2>&1 + attempt=1 attempts=60 - ip a | grep "$MNIC:" | grep "state UP" + ip a | grep "$MNIC:" | grep "state UP" >> $setup_log 2>&1 while [ $? -ne 0 ]; do + ip a >> $setup_log 2>&1 if [ $attempt -gt $attempts ]; then - echo "Network unavailable - setup cannot continue" + echo "Network unavailable - setup cannot continue" >> $setup_log 2>&1 exit 1 fi - echo "Waiting for network to come up (attempt $attempt of $attempts)" + echo "Waiting for network to come up (attempt $attempt of $attempts)" >> $setup_log 2>&1 attempt=$((attempt + 1)) sleep 10; - ip a | grep "$MNIC:" | grep "state UP" + ip a | grep "$MNIC:" | grep "state UP" >> $setup_log 2>&1 done + echo "Network is up on $MNIC" >> $setup_log 2>&1 + + attempt=1 + attempts=60 + ping -c google.com >> $setup_log 2>&1 + while [ $? -ne 0 ]; do + if [ $attempt -gt $attempts ]; then + echo "DNS unavailable - setup cannot continue" >> $setup_log 2>&1 + exit 1 + fi + echo "Waiting for DNS to become available (attempt $attempt of $attempts)" >> $setup_log 2>&1 + attempt=$((attempt + 1)) + sleep 10; + ping -c google.com >> $setup_log 2>&1 + done + echo "DNS is available" >> $setup_log 2>&1 fi case "$setup_type" in iso | network) # Accepted values - echo "Beginning Security Onion $setup_type install" + echo "Beginning Security Onion $setup_type install" >> $setup_log 2>&1 ;; *) - echo "Invalid install type, must be 'iso' or 'network'" + echo "Invalid install type, must be 'iso' or 'network'" | tee $setup_log exit 1 ;; esac @@ -67,8 +89,6 @@ esac # Allow execution of SO tools during setup export PATH=$PATH:../salt/common/tools/sbin -date -u > $setup_log 2>&1 - got_root if [[ $# -gt 1 ]]; then @@ -87,7 +107,7 @@ setterm -blank 0 if [ "$setup_type" == 'iso' ] || (whiptail_you_sure); then true else - echo "User cancelled setup." >> $setup_log 2>&1 + echo "User cancelled setup." | tee $setup_log whiptail_cancel fi From 65431e0fccc7a82979637ac65cf5f1a353e15c1f Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 26 May 2020 22:39:18 -0400 Subject: [PATCH 2/3] Do not expect network access to be available prior to the NIC being configured for DHCP/Static --- setup/so-setup | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 0d309bfc3..d18f60089 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -59,21 +59,6 @@ if [[ -f automation/$automation && $(basename $automation) == $automation ]]; th ip a | grep "$MNIC:" | grep "state UP" >> $setup_log 2>&1 done echo "Network is up on $MNIC" >> $setup_log 2>&1 - - attempt=1 - attempts=60 - ping -c google.com >> $setup_log 2>&1 - while [ $? -ne 0 ]; do - if [ $attempt -gt $attempts ]; then - echo "DNS unavailable - setup cannot continue" >> $setup_log 2>&1 - exit 1 - fi - echo "Waiting for DNS to become available (attempt $attempt of $attempts)" >> $setup_log 2>&1 - attempt=$((attempt + 1)) - sleep 10; - ping -c google.com >> $setup_log 2>&1 - done - echo "DNS is available" >> $setup_log 2>&1 fi case "$setup_type" in From f3809cb93d3871eabf722427499ab6d5aeac64e0 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 27 May 2020 08:31:14 -0400 Subject: [PATCH 3/3] Wrap with quotes --- salt/strelka/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index a9842924d..5767531f4 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -112,5 +112,5 @@ strelka_filestream: strelka_zeek_extracted_sync: cron.present: - user: root - - name: [ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1 + - name: '[ -d /nsm/zeek/extracted/complete/ ] && mv /nsm/zeek/extracted/complete/* /nsm/strelka/ > /dev/null 2>&1' - minute: '*'