change reference from bro to zeek

setup/automation/pm_standalone_defaults

@@ -23,11 +23,11 @@ ADMINPASS1=onionuser
 ADMINPASS2=onionuser
 ALLOW_CIDR=0.0.0.0/0
 ALLOW_ROLE=a
-BASICBRO=7
+BASICZEEK=7
 BASICSURI=7
 # BLOGS=
 BNICS=eth1
-BROVERSION=ZEEK
+ZEEKVERSION=ZEEK
 # CURCLOSEDAYS=
 # EVALADVANCED=BASIC
 GRAFANA=1

setup/so-common-functions

@@ -32,9 +32,9 @@ filter_unused_nics() {
 calculate_useable_cores() {
 
 	# Calculate reasonable core usage
-	local cores_for_bro=$(( (num_cpu_cores/2) - 1 ))
+	local cores_for_zeek=$(( (num_cpu_cores/2) - 1 ))
 	local lb_procs_round
-	lb_procs_round=$(printf "%.0f\n" $cores_for_bro)
+	lb_procs_round=$(printf "%.0f\n" $cores_for_zeek)
 
 	if [ "$lb_procs_round" -lt 1 ]; then lb_procs=1; else lb_procs=$lb_procs_round; fi
     export lb_procs

setup/so-functions

@@ -143,18 +143,18 @@ secrets_pillar(){
 }
 
 # Enable Bro Logs
-bro_logs_enabled() {
+zeek_logs_enabled() {
 	echo "Enabling Bro Logs" >> "$setup_log" 2>&1
 
-	local brologs_pillar=./pillar/brologs.sls
+	local zeeklogs_pillar=./pillar/zeeklogs.sls
 
 	printf '%s\n'\
-		"brologs:"\
-		"  enabled:" > "$brologs_pillar"
+		"zeeklogs:"\
+		"  enabled:" > "$zeeklogs_pillar"
 
 	if [ "$MANAGERADV" = 'ADVANCED' ]; then
 		for BLOG in "${BLOGS[@]}"; do
-			echo "    - $BLOG" | tr -d '"' >> "$brologs_pillar"
+			echo "    - $BLOG" | tr -d '"' >> "$zeeklogs_pillar"
 		done
 	else
 		printf '%s\n'\
@@ -195,11 +195,11 @@ bro_logs_enabled() {
 			"    - weird"\
 			"    - mysql"\
 			"    - socks"\
-			"    - x509" >> "$brologs_pillar"
+			"    - x509" >> "$zeeklogs_pillar"
 	fi
 
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
-	cat "$brologs_pillar" >> "$setup_log" 2>&1
+	cat "$zeeklogs_pillar" >> "$setup_log" 2>&1
 }
 
 check_admin_pass() {
@@ -1002,7 +1002,7 @@ manager_static() {
 		"  hnmanager: $HNMANAGER"\
 		"  ntpserver: $NTPSERVER"\
 		"  proxy: $PROXY"\
-		"  broversion: $BROVERSION"\
+		"  zeekversion: $ZEEKVERSION"\
 		"  ids: $NIDS"\
 		"  managerip: $MAINIP"\
 		"  hiveuser: $WEBUSER"\
@@ -1470,7 +1470,7 @@ sensor_pillar() {
 	
 	if [ "$NSMSETUP" = 'ADVANCED' ]; then
 		echo "  zeek_pins:" >> "$pillar_file"
-		for PIN in "${BROPINS[@]}"; do
+		for PIN in "${ZEEKPINS[@]}"; do
 			PIN=$(echo "$PIN" |  cut -d\" -f2)
 		echo "    - $PIN" >> "$pillar_file"
 		done
@@ -1483,11 +1483,11 @@ sensor_pillar() {
 		echo "  zeek_lbprocs: $lb_procs" >> "$pillar_file"
 		echo "  suriprocs: $lb_procs" >> "$pillar_file"
 	else
-		echo "  zeek_lbprocs: $BASICBRO" >> "$pillar_file"
+		echo "  zeek_lbprocs: $BASICZEEK" >> "$pillar_file"
 		echo "  suriprocs: $BASICSURI" >> "$pillar_file"
 	fi
 	printf '%s\n'\
-		"  brobpf:"\
+		"  zeekbpf:"\
 		"  pcapbpf:"\
 		"  nidsbpf:"\
 		"  manager: $MSRV"\

setup/so-setup

@@ -230,7 +230,7 @@ if [[ $is_manager && $is_node ]]; then
 	LSINPUTTHREADS=1
 	LSINPUTBATCHCOUNT=125
 	NIDS=Suricata
-	BROVERSION=ZEEK
+	ZEEKVERSION=ZEEK
 fi
 
 if [[ $is_node ]]; then
@@ -253,7 +253,7 @@ fi
 
 if [[ $is_manager && ! $is_eval ]]; then
 	whiptail_manager_adv
-	whiptail_bro_version
+	whiptail_zeek_version
 	whiptail_nids
 	whiptail_rule_setup
 
@@ -261,8 +261,8 @@ if [[ $is_manager && ! $is_eval ]]; then
 		whiptail_oinkcode
 	fi
 
-	if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$BROVERSION" != 'SURICATA' ]; then
-		whiptail_manager_adv_service_brologs
+	if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then
+		whiptail_manager_adv_service_zeeklogs
 	fi
 fi
 
@@ -295,11 +295,11 @@ if [[ $is_sensor && ! $is_eval ]]; then
 	whiptail_homenet_sensor
 	whiptail_sensor_config
 	if [ $NSMSETUP == 'ADVANCED' ]; then
-		whiptail_bro_pins
+		whiptail_zeek_pins
 		whiptail_suricata_pins
 		whiptail_bond_nics_mtu
 	else
-		whiptail_basic_bro
+		whiptail_basic_zeek
 		whiptail_basic_suri
 	fi
 fi

setup/so-whiptail

@@ -19,11 +19,11 @@ source ./so-variables
 source ./so-common-functions
 
 
-whiptail_basic_bro() {
+whiptail_basic_zeek() {
 
 	[ -n "$TESTING" ] && return
 
-	BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \
+	BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter the number of zeek processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
@@ -42,7 +42,7 @@ whiptail_basic_suri() {
 
 }
 
-whiptail_bro_pins() {
+whiptail_zeek_pins() {
 
 	[ -n "$TESTING" ] && return
 
@@ -51,20 +51,20 @@ whiptail_bro_pins() {
 		cpu_core_list_whiptail+=("$item" "OFF")
 	done
 
-	BROPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $lb_procs cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
+	ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $lb_procs cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
 
-	BROPINS=$(echo "$BROPINS" | tr -d '"')
+	ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"')
 
-	IFS=' ' read -ra BROPINS <<< "$BROPINS"
+	IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS"
 }
 
-whiptail_bro_version() {
+whiptail_zeek_version() {
 
 	[ -n "$TESTING" ] && return
 
-	BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)"  ON \
+	ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)"  ON \
 	"SURICATA" "Use Suricata 5" OFF 3>&1 1>&2 2>&3)
 
 	local exitstatus=$?
@@ -642,7 +642,7 @@ whiptail_manager_adv() {
 }
 
 # Ask which additional components to install
-whiptail_manager_adv_service_brologs() {
+whiptail_manager_adv_service_zeeklogs() {
 
 	[ -n "$TESTING" ] && return
 
@@ -1122,7 +1122,7 @@ whiptail_suricata_pins() {
 	[ -n "$TESTING" ] && return
 
 	local filtered_core_list
-	readarray -t filtered_core_list <<< "$(echo "${cpu_core_list[@]}" "${BROPINS[@]}" | xargs -n1 | sort | uniq -u | awk '{print $1}')"
+	readarray -t filtered_core_list <<< "$(echo "${cpu_core_list[@]}" "${ZEEKPINS[@]}" | xargs -n1 | sort | uniq -u | awk '{print $1}')"
 
 	local filtered_core_str=()
     for item in "${filtered_core_list[@]}"; do