diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index b76ad05ff..cdc8b4772 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -340,6 +340,26 @@ valid_int() { # {% raw %} +valid_proxy() { + local proxy=$1 + local url_prefixes=( 'http://' 'https://' ) + + local has_prefix=false + for prefix in "${url_prefixes[@]}"; do + echo "$proxy" | grep "$prefix" && has_prefix=true && proxy=${proxy#"$prefix"} + done + + local url + readarray -t url -d ':' <<< "$proxy" + + local valid_url=true + if ! valid_ip4 "$proxy" && ! valid_fqdn "$proxy"; then + valid_url=false + fi + + [[ $has_prefix == true ]] && [[ $valid_url ]] && return 0 || return 1 +} + valid_string() { local str=$1 local min_length=${2:-1} diff --git a/setup/so-functions b/setup/so-functions index f19f60e72..d457e7005 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -535,6 +535,17 @@ collect_patch_schedule_name_import() { done } +collect_proxy() { + if whiptail_proxy_ask; then + whiptail_proxy_addr + + while ! valid_proxy "$proxy_addr"; do + whiptail_invalid_input + whiptail_proxy_addr + done + fi +} + collect_redirect_host() { whiptail_set_redirect_host "$HOSTNAME" @@ -1511,7 +1522,7 @@ manager_global() { " hnmanager: '$HNMANAGER'"\ " ntpserver: '$NTPSERVER'"\ " dockernet: '$DOCKERNET'"\ - " proxy: '$PROXY'"\ + " proxy: '$proxy_addr'"\ " mdengine: '$ZEEKVERSION'"\ " ids: '$NIDS'"\ " url_base: '$REDIRECTIT'"\ @@ -2184,7 +2195,46 @@ set_main_ip() { # Add /usr/sbin to everyone's path set_path() { - echo "complete -cf sudo" > /etc/profile.d/securityonion.sh + echo "complete -cf sudo" >> "$profile_d_config_file" +} + +set_proxy() { + # Don't proxy localhost, local ip, and management ip + local no_proxy_string="localhost, 127.0.0.1, ${MAINIP}" + + # Set proxy environment variables used by curl, wget, docker, and others + { + echo "export use_proxy=on" + echo "export http_proxy=\"${proxy_addr}\"" + echo "export https_proxy=\"\$http_addr\"" + echo "export ftp_proxy=\"\$http_addr\"" + echo "export no_proxy=\"${no_proxy_string}\"" + } >> "$profile_d_config_file" + + # Create proxy config for dockerd + printf '%s\n'\ + "[Service]"\ + "Environment=\"HTTP_PROXY=${proxy_addr}\""\ + "Environment=\"HTTPS_PROXY=${proxy_addr}\""\ + "Environment=\"NO_PROXY=${no_proxy_string}\"" > /etc/systemd/system/docker.service.d/http-proxy.conf + + systemctl daemon-reload + systemctl restart docker + + # Set proxy for package manager + if [ "$OS" = 'centos' ]; then + echo "proxy=$proxy_addr" >> /etc/yum.conf + else + # Set it up so the updates roll through the manager + printf '%s\n'\ + "Acquire::http::Proxy \"$proxy_addr\";"\ + "Acquire::https::Proxy \"$proxy_addr\";" > /etc/apt/apt.conf.d/00-proxy.conf + fi + + # Set global git proxy + printf '%s\n'\ + "[http]"\ + " proxy = ${proxy_addr}" > /etc/gitconfig } setup_salt_master_dirs() { diff --git a/setup/so-variables b/setup/so-variables index a2fdf03c6..cd6478fa7 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -72,3 +72,5 @@ export install_opt_file net_init_file=/root/net_init export net_init_file + +export profile_d_config_file='/etc/profile.d/securityonion.sh' diff --git a/setup/so-whiptail b/setup/so-whiptail index 7bb265de1..6baa143ad 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1216,6 +1216,21 @@ whiptail_patch_schedule_select_hours() { } +whiptail_proxy_ask() { + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" --yesno "Do you want to use a proxy server to complete setup?" 7 60 +} + +whiptail_proxy_addr() { + [ -n "$TESTING" ] && return + + proxy_addr=$(whiptail --title "Security Onion Setup" --inputbox "Please input the proxy server you wish to use, including the URL prefix (ex: https://your.proxy.com:1234):" 8 60 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + whiptail_requirements_error() { local requirement_needed=$1