Merge branch 'dev' into feature/logscan

salt/common/tools/sbin/so-common

@@ -372,6 +372,14 @@ set_version() {
 	fi
 }
 
+has_uppercase() {
+	local string=$1
+
+	echo "$string" | grep -qP '[A-Z]' \
+		&& return 0 \
+		|| return 1
+}
+
 valid_cidr() {
 	# Verify there is a backslash in the string
 	echo "$1" | grep -qP "^[^/]+/[^/]+$" || return 1

salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja

@@ -6,7 +6,7 @@
 {%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
 {%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
 output {
-  if "beat-ext" in [tags] and "import" not in [tags] {
+  if "beat-ext" in [tags] and "import" not in [tags] and "filebeat" not in [metadata][pipeline] {
     elasticsearch {
       pipeline => "beats.common" 
       hosts => "{{ ES }}"

salt/soc/files/soc/soc.json

@@ -91,9 +91,11 @@
       {%- if ISAIRGAP is sameas true %}
       "docsUrl": "/docs/",
       "cheatsheetUrl": "/docs/cheatsheet.pdf",
+      "releaseNotesUrl": "/docs/#release-notes",
       {%- else %}
       "docsUrl": "https://docs.securityonion.net/en/2.3/",
       "cheatsheetUrl": "https://github.com/Security-Onion-Solutions/securityonion-docs/raw/2.3/images/cheat-sheet/Security-Onion-Cheat-Sheet.pdf",
+      "releaseNotesUrl": "https://docs.securityonion.net/en/2.3/release-notes",
       {%- endif %}
       "apiTimeoutMs": {{ API_TIMEOUT }},
       "webSocketTimeoutMs": {{ WEBSOCKET_TIMEOUT }},

setup/so-functions

@@ -423,14 +423,28 @@ collect_homenet_snsr() {
 }
 
 collect_hostname() {
+	collect_hostname_validate
+
+	while has_uppercase "$HOSTNAME"; do
+		if ! (whiptail_uppercase_warning); then
+			collect_hostname_validate
+		else
+			no_use_hostname=true
+			break
+		fi
+	done
+}
+
+collect_hostname_validate() {
 	if [[ $automated == no ]] && [[ "$HOSTNAME" == *'localhost'* ]]; then HOSTNAME=securityonion; fi
 
 	whiptail_set_hostname "$HOSTNAME"
 
-	if [[ $HOSTNAME == 'securityonion' ]]; then # Will only check HOSTNAME=securityonion once
+	if [[ -z $default_hostname_flag ]] && [[ $HOSTNAME == 'securityonion' ]]; then # Will only check HOSTNAME=securityonion once
 		if ! (whiptail_avoid_default_hostname); then
 			whiptail_set_hostname "$HOSTNAME"
 		fi
+		default_hostname_flag=true
 	fi
 
 	while ! valid_hostname "$HOSTNAME"; do
@@ -648,7 +662,23 @@ collect_proxy_details() {
 }
 
 collect_redirect_host() {
-	whiptail_set_redirect_host "$HOSTNAME"
+	collect_redirect_host_validate
+
+	while has_uppercase "$REDIRECTHOST"; do
+		local text
+		! valid_hostname "$REDIRECTHOST" && text="domain name" || text="hostname"
+		if ! (whiptail_uppercase_warning "$text"); then
+			collect_redirect_host_validate "$REDIRECTHOST"
+		else
+			break
+		fi
+	done
+}
+
+collect_redirect_host_validate() {
+	local prefill=${1:-$HOSTNAME}
+
+	whiptail_set_redirect_host "$prefill"
 
 	while ! valid_ip4 "$REDIRECTHOST" && ! valid_hostname "$REDIRECTHOST" && ! valid_fqdn "$REDIRECTHOST"; do
 		whiptail_invalid_input

setup/so-whiptail

@@ -1661,11 +1661,16 @@ whiptail_set_redirect() {
 
 	[ -n "$TESTING" ] && return
 
+	local options=()
+	options+=( "IP" "Use IP address to access the web interface" ON )
+	[[ $no_use_hostname != true ]] && options+=( "HOSTNAME" "Use hostname to access the web interface" OFF )
+	options+=("OTHER" "Use a different name like a FQDN or Load Balancer" OFF)
+
 	REDIRECTINFO=$(whiptail --title "$whiptail_title" --radiolist \
-	"How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \
-	"IP" "Use IP address to access the web interface" ON  \
-	"HOSTNAME" "Use hostname to access the web interface" OFF \
-	"OTHER" "Use a different name like a FQDN or Load Balancer" OFF 3>&1 1>&2 2>&3 )
+		"How would you like to access the web interface?\n\nSecurity Onion uses strict cookie enforcement, so whatever you choose here will be the only way that you can access the web interface.\n\nIf you choose something other than IP address, then you'll need to ensure that you can resolve the name via DNS or hosts entry. If you are unsure, please select IP." 20 75 4 \
+		"${options[@]}" \
+		3>&1 1>&2 2>&3 
+	)
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 }
@@ -1844,18 +1849,33 @@ whiptail_suricata_pins() {
 
 }
 
-whiptail_node_updates() {
+# shellcheck disable=2120
+whiptail_uppercase_warning() {
+	local type=$1
 
-	[ -n "$TESTING" ] && return
+	local msg
+	if [[ -z $type ]]; then
+		type="hostname"
+		read -r -d '' msg <<- EOM
+		The value "$HOSTNAME" contains uppercase characters.
+		
+		Continuing with this hostname could render the system unusable in certain cases, and will also disable the option later in setup to access Security Onion's web interface via the hostname.
+		EOM
+	else
+		read -r -d '' msg <<- EOM
+		The value "$REDIRECTHOST" contains uppercase characters.
+		
+		Continuing with this value could render the system unusable in certain cases.
+		EOM
+	fi
 
-	NODEUPDATES=$(whiptail --title "$whiptail_title" --radiolist \
-	"How would you like to download OS package updates for your grid?" 20 75 4 \
-	"MANAGER" "Manager node is proxy for updates." ON \
-	"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
+	read -r -d '' msg <<- EOM
+	$msg
 
-	local exitstatus=$?
-	whiptail_check_exitstatus $exitstatus
+	For best results, it is recommended to only use lowercase ${type}s with Security Onion. For more information see https://docs.securityonion.com/uppercase (URL TBD)
+	EOM
 
+	whiptail --title "$whiptail_title" --yesno "$msg" --yes-button "Continue anyway" --no-button "Go back" --defaultno 16 75
 }
 
 whiptail_you_sure() {