[wip] Initial work for setting up proxy on manager

2025-12-07 17:52:46 +01:00 · 2021-03-02 17:41:49 -05:00
parent 4df53b3c70
commit de77d3ebc9
4 changed files with 89 additions and 2 deletions
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -340,6 +340,26 @@ valid_int() {
 # {% raw %}
 valid_proxy() {
 	local proxy=$1
 	local url_prefixes=( 'http://' 'https://' )
 	local has_prefix=false
 	for prefix in "${url_prefixes[@]}"; do
 		echo "$proxy" | grep "$prefix" && has_prefix=true && proxy=${proxy#"$prefix"}
 	done
 	local url
 	readarray -t url -d ':' <<< "$proxy"
 	local valid_url=true
 	if ! valid_ip4 "$proxy" && ! valid_fqdn "$proxy"; then
 		valid_url=false
 	fi
 	[[ $has_prefix == true ]] && [[ $valid_url ]] && return 0 || return 1
 }
 valid_string() {
 	local str=$1
 	local min_length=${2:-1}
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -535,6 +535,17 @@ collect_patch_schedule_name_import() {
 	done
 }
 collect_proxy() {
 	if whiptail_proxy_ask; then
 		whiptail_proxy_addr
 		while ! valid_proxy "$proxy_addr"; do
 			whiptail_invalid_input
 			whiptail_proxy_addr
 		done
 	fi
 }
 collect_redirect_host() {
 	whiptail_set_redirect_host "$HOSTNAME"
@@ -1511,7 +1522,7 @@ manager_global() {
 		"  hnmanager: '$HNMANAGER'"\
 		"  ntpserver: '$NTPSERVER'"\
 		"  dockernet: '$DOCKERNET'"\
-		"  proxy: '$PROXY'"\
+		"  proxy: '$proxy_addr'"\
 		"  mdengine: '$ZEEKVERSION'"\
 		"  ids: '$NIDS'"\
 		"  url_base: '$REDIRECTIT'"\
@@ -2184,7 +2195,46 @@ set_main_ip() {
 # Add /usr/sbin to everyone's path
 set_path() {
-	echo "complete -cf sudo" > /etc/profile.d/securityonion.sh
+	echo "complete -cf sudo" >> "$profile_d_config_file"
 }
 set_proxy() {
 	# Don't proxy localhost, local ip, and management ip
 	local no_proxy_string="localhost, 127.0.0.1, ${MAINIP}"
 	# Set proxy environment variables used by curl, wget, docker, and others
 	{
 		echo "export use_proxy=on"
 		echo "export http_proxy=\"${proxy_addr}\""
 		echo "export https_proxy=\"\$http_addr\""
 		echo "export ftp_proxy=\"\$http_addr\""
 		echo "export no_proxy=\"${no_proxy_string}\""
 	} >> "$profile_d_config_file"
 	# Create proxy config for dockerd 
 	printf '%s\n'\
 		"[Service]"\
 		"Environment=\"HTTP_PROXY=${proxy_addr}\""\
 		"Environment=\"HTTPS_PROXY=${proxy_addr}\""\
 		"Environment=\"NO_PROXY=${no_proxy_string}\"" > /etc/systemd/system/docker.service.d/http-proxy.conf
 	systemctl daemon-reload
 	systemctl restart docker
 	# Set proxy for package manager
 	if [ "$OS" = 'centos' ]; then
 		echo "proxy=$proxy_addr" >> /etc/yum.conf
 	else
 		# Set it up so the updates roll through the manager
 		printf '%s\n'\
 			"Acquire::http::Proxy \"$proxy_addr\";"\
 			"Acquire::https::Proxy \"$proxy_addr\";" > /etc/apt/apt.conf.d/00-proxy.conf
 	fi
 	# Set global git proxy
 	printf '%s\n'\
 		"[http]"\
 		"  proxy = ${proxy_addr}" > /etc/gitconfig
 }
 setup_salt_master_dirs() {
--- a/setup/so-variables
+++ b/setup/so-variables
@@ -72,3 +72,5 @@ export install_opt_file
 net_init_file=/root/net_init
 export net_init_file
 export profile_d_config_file='/etc/profile.d/securityonion.sh'
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -1216,6 +1216,21 @@ whiptail_patch_schedule_select_hours() {
 }
 whiptail_proxy_ask() {
 	[ -n "$TESTING" ] && return
 	whiptail --title "Security Onion Setup" --yesno "Do you want to use a proxy server to complete setup?" 7 60
 }
 whiptail_proxy_addr() {
 	[ -n "$TESTING" ] && return
 	proxy_addr=$(whiptail --title "Security Onion Setup" --inputbox "Please input the proxy server you wish to use, including the URL prefix (ex: https://your.proxy.com:1234):" 8 60 3>&1 1>&2 2>&3)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 }
 whiptail_requirements_error() {
 	local requirement_needed=$1