[wip] Initial work for setting up proxy on manager

2025-12-07 17:52:46 +01:00 · 2021-03-02 17:41:49 -05:00
parent 4df53b3c70
commit de77d3ebc9
4 changed files with 89 additions and 2 deletions
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -340,6 +340,26 @@ valid_int() {

 # {% raw %}

+valid_proxy() {
+	local proxy=$1
+	local url_prefixes=( 'http://' 'https://' )
+
+	local has_prefix=false
+	for prefix in "${url_prefixes[@]}"; do
+		echo "$proxy" | grep "$prefix" && has_prefix=true && proxy=${proxy#"$prefix"}
+	done
+	
+	local url
+	readarray -t url -d ':' <<< "$proxy"
+
+	local valid_url=true
+	if ! valid_ip4 "$proxy" && ! valid_fqdn "$proxy"; then
+		valid_url=false
+	fi
+
+	[[ $has_prefix == true ]] && [[ $valid_url ]] && return 0 || return 1
+}
+
 valid_string() {
 	local str=$1
 	local min_length=${2:-1}
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -535,6 +535,17 @@ collect_patch_schedule_name_import() {
 	done
 }

+collect_proxy() {
+	if whiptail_proxy_ask; then
+		whiptail_proxy_addr
+
+		while ! valid_proxy "$proxy_addr"; do
+			whiptail_invalid_input
+			whiptail_proxy_addr
+		done
+	fi
+}
+
 collect_redirect_host() {
 	whiptail_set_redirect_host "$HOSTNAME"

@@ -1511,7 +1522,7 @@ manager_global() {
 		"  hnmanager: '$HNMANAGER'"\
 		"  ntpserver: '$NTPSERVER'"\
 		"  dockernet: '$DOCKERNET'"\
-		"  proxy: '$PROXY'"\
+		"  proxy: '$proxy_addr'"\
 		"  mdengine: '$ZEEKVERSION'"\
 		"  ids: '$NIDS'"\
 		"  url_base: '$REDIRECTIT'"\
@@ -2184,7 +2195,46 @@ set_main_ip() {

 # Add /usr/sbin to everyone's path
 set_path() {
-	echo "complete -cf sudo" > /etc/profile.d/securityonion.sh
+	echo "complete -cf sudo" >> "$profile_d_config_file"
+}
+
+set_proxy() {
+	# Don't proxy localhost, local ip, and management ip
+	local no_proxy_string="localhost, 127.0.0.1, ${MAINIP}"
+
+	# Set proxy environment variables used by curl, wget, docker, and others
+	{
+		echo "export use_proxy=on"
+		echo "export http_proxy=\"${proxy_addr}\""
+		echo "export https_proxy=\"\$http_addr\""
+		echo "export ftp_proxy=\"\$http_addr\""
+		echo "export no_proxy=\"${no_proxy_string}\""
+	} >> "$profile_d_config_file"
+
+	# Create proxy config for dockerd 
+	printf '%s\n'\
+		"[Service]"\
+		"Environment=\"HTTP_PROXY=${proxy_addr}\""\
+		"Environment=\"HTTPS_PROXY=${proxy_addr}\""\
+		"Environment=\"NO_PROXY=${no_proxy_string}\"" > /etc/systemd/system/docker.service.d/http-proxy.conf
+
+	systemctl daemon-reload
+	systemctl restart docker
+
+	# Set proxy for package manager
+	if [ "$OS" = 'centos' ]; then
+		echo "proxy=$proxy_addr" >> /etc/yum.conf
+	else
+		# Set it up so the updates roll through the manager
+		printf '%s\n'\
+			"Acquire::http::Proxy \"$proxy_addr\";"\
+			"Acquire::https::Proxy \"$proxy_addr\";" > /etc/apt/apt.conf.d/00-proxy.conf
+	fi
+
+	# Set global git proxy
+	printf '%s\n'\
+		"[http]"\
+		"  proxy = ${proxy_addr}" > /etc/gitconfig
 }

 setup_salt_master_dirs() {
--- a/setup/so-variables
+++ b/setup/so-variables
@@ -72,3 +72,5 @@ export install_opt_file

 net_init_file=/root/net_init
 export net_init_file
+
+export profile_d_config_file='/etc/profile.d/securityonion.sh'
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -1216,6 +1216,21 @@ whiptail_patch_schedule_select_hours() {

 }

+whiptail_proxy_ask() {
+	[ -n "$TESTING" ] && return
+
+	whiptail --title "Security Onion Setup" --yesno "Do you want to use a proxy server to complete setup?" 7 60
+}
+
+whiptail_proxy_addr() {
+	[ -n "$TESTING" ] && return
+
+	proxy_addr=$(whiptail --title "Security Onion Setup" --inputbox "Please input the proxy server you wish to use, including the URL prefix (ex: https://your.proxy.com:1234):" 8 60 3>&1 1>&2 2>&3)
+
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+}
+
 whiptail_requirements_error() {

 	local requirement_needed=$1