[refactor] Change how whiptail asks for proxy settings

setup/automation/distributed-airgap-manager

@@ -42,7 +42,6 @@ INTERWEBS=AIRGAP
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/distributed-ami-manager

@@ -41,7 +41,6 @@ install_type=MANAGER
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/distributed-iso-manager

@@ -41,7 +41,6 @@ install_type=MANAGER
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/distributed-net-centos-manager

@@ -41,7 +41,6 @@ install_type=MANAGER
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/distributed-net-ubuntu-manager

@@ -41,7 +41,6 @@ install_type=MANAGER
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/distributed-net-ubuntu-suricata-manager

@@ -41,7 +41,6 @@ install_type=MANAGER
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/eval-airgap

@@ -42,7 +42,6 @@ INTERWEBS=AIRGAP
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/eval-ami

@@ -41,7 +41,6 @@ install_type=EVAL
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/eval-iso

@@ -41,7 +41,6 @@ install_type=EVAL
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/eval-net-centos

@@ -41,7 +41,6 @@ install_type=EVAL
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=0
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/eval-net-ubuntu

@@ -41,7 +41,6 @@ install_type=EVAL
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/import-airgap

@@ -42,7 +42,6 @@ INTERWEBS=AIRGAP
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=0
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/import-ami

@@ -41,7 +41,6 @@ install_type=IMPORT
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=0
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/import-iso

@@ -41,7 +41,6 @@ install_type=IMPORT
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=0
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/import-net-centos

@@ -41,7 +41,6 @@ install_type=IMPORT
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=0
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/import-net-ubuntu

@@ -41,7 +41,6 @@ install_type=IMPORT
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/standalone-airgap

@@ -42,7 +42,6 @@ INTERWEBS=AIRGAP
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/standalone-ami

@@ -41,7 +41,6 @@ install_type=STANDALONE
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/standalone-iso

@@ -41,7 +41,6 @@ install_type=STANDALONE
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/standalone-iso-suricata

@@ -41,7 +41,6 @@ install_type=STANDALONE
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/standalone-net-centos

@@ -41,7 +41,6 @@ install_type=STANDALONE
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/standalone-net-centos-proxy

@@ -41,7 +41,6 @@ install_type=STANDALONE
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/automation/standalone-net-ubuntu

@@ -41,7 +41,6 @@ install_type=STANDALONE
 # LSPIPELINEBATCH=
 # LSPIPELINEWORKERS=
 MANAGERADV=BASIC
-MANAGERUPDATES=1
 # MDNS=
 # MGATEWAY=
 # MIP=

setup/so-functions

@@ -480,6 +480,21 @@ collect_mtu() {
 	done
 }
 
+collect_net_method() {
+	whiptail_net_method
+
+	[[ -n $network_traffic ]] && collect_proxy
+
+	if [[ "$network_traffic" == *"_MANAGER" ]]; then
+		whiptail_manager_updates_warning
+		MANAGERUPDATES=1
+	fi
+
+	if [[ "$network_traffic" == "PROXY"* ]]; then
+		collect_proxy no_ask
+	fi
+}
+
 collect_node_es_heap() {
 	whiptail_node_es_heap "$ES_HEAP_SIZE"
 }
@@ -582,7 +597,9 @@ collect_patch_schedule_name_import() {
 
 collect_proxy() {
 	[[ -n $TESTING ]] && return
-	collect_proxy_details || return
+	local ask=${1:-true}
+
+	collect_proxy_details "$ask" || return
 	while ! proxy_validate; do
 		if whiptail_invalid_proxy; then
 			collect_proxy_details no_ask
@@ -2671,10 +2688,10 @@ set_redirect() {
 set_updates() {
 	if [ "$MANAGERUPDATES" = '1' ]; then
 		if [ "$OS" = 'centos' ]; then
-		    if [[ ! $is_airgap ]]; then
-			    if ! grep -q "$MSRV" /etc/yum.conf; then
-				    echo "proxy=http://$MSRV:3142" >> /etc/yum.conf
-			    fi
+			if [[ ! $is_airgap ]]; then
+				if ! grep -q "$MSRV" /etc/yum.conf; then
+					echo "proxy=http://$MSRV:3142" >> /etc/yum.conf
+				fi
 			fi
 		else
 			# Set it up so the updates roll through the manager

setup/so-setup

@@ -211,7 +211,7 @@ if ! [[ -f $install_opt_file ]]; then
 			set_main_ip >> $setup_log 2>&1
 			compare_main_nic_ip
 			reset_proxy
-			collect_proxy
+			collect_net_method
 			[[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1
 			whiptail_net_setup_complete
 		else
@@ -319,7 +319,7 @@ if ! [[ -f $install_opt_file ]]; then
 
 	reset_proxy
 	if [[ -z $is_airgap ]]; then
-		collect_proxy
+		collect_net_method
 		[[ -n "$so_proxy" ]] && set_proxy >> $setup_log 2>&1
 	fi
 
@@ -499,13 +499,6 @@ if [[ $is_manager || $is_import ]]; then
 	get_redirect
 fi
 
-if [[ ! $is_airgap && ( $is_distmanager || ( $is_sensor || $is_node || $is_fleet_standalone ) && ! $is_eval ) ]]; then
-	whiptail_manager_updates
-	if [[ $setup_type == 'network' && $MANAGERUPDATES == 1 ]]; then
-		whiptail_manager_updates_warning
-	fi
-fi
-
 if [[ $is_distmanager ]]; then
 	collect_soremote_inputs
 fi

setup/so-whiptail

@@ -1027,6 +1027,68 @@ whiptail_management_interface_setup() {
 	whiptail_check_exitstatus $exitstatus
 }
 
+whiptail_net_method() {
+	[ -n "$TESTING" ] && return
+
+	[[ $is_airgap ]] && return
+
+	local pkg_mngr
+	if [[ $OS = 'centos' ]]; then pkg_mngr="yum"; else pkg_mngr='apt'; fi
+
+	read -r -d '' options_msg <<- EOM
+	"Direct" - Internet requests connect directly to the Internet.
+
+	EOM
+	local options=(
+		" Direct" ""
+	)
+	local proxy_desc="proxy the traffic for git, docker client, wget, curl, ${pkg_mngr}, and various other SO components through a separate server in your environment."
+
+	if [[ $is_minion ]]; then
+		local mngr_article
+		if [[ $is_distmanager ]]; then mngr_article="this"; else mngr_article="the"; fi
+
+		read -r -d '' options_msg <<- EOM
+		${options_msg}
+
+		"Direct + Manager" - all traffic passes to the Internet normally, but ${pkg_mngr} updates will instead be pulled from ${mngr_article} manager. 
+
+		"Proxy" - ${proxy_desc}
+
+		"Proxy + Manager" - proxy all traffic from the "Proxy" option except ${pkg_mngr} updates, which will instead pull from the manager.
+		EOM
+		
+		options+=(
+			" Direct + Manager" ""
+			" Proxy" ""
+			" Proxy + Manager" ""
+		)
+		local height=25
+	else
+		read -r -d '' options_msg <<- EOM
+			${options_msg}
+
+			"Proxy" - ${proxy_desc}
+		EOM
+		options+=(
+			" Proxy" ""
+		)
+		local height=17
+	fi
+
+	local msg
+	read -r -d '' msg <<- EOM
+	How would you like to connect to the Internet? 
+
+	$options_msg
+	EOM
+
+	local option_count=$(( ${#options[@]} / 2 ))
+
+	network_traffic=$(whiptail --title "Security Onion Setup" --menu "$msg" $height 75 $option_count "${options[@]}" 3>&1 1>&2 2>&3)
+	network_traffic=$(echo "${network_traffic^^}" | tr -d ' ' | tr '+' '_')
+}
+
 whiptail_net_setup_complete() {
 	[ -n "$TESTING" ] && return
 
@@ -1161,29 +1223,6 @@ whiptail_manager_error() {
 	whiptail --title "Security Onion Setup" --yesno "$msg" 13 75 || whiptail_check_exitstatus 1
 }
 
-whiptail_manager_updates() {
-
-	[ -n "$TESTING" ] && return
-
-	local update_string
-	update_string=$(whiptail --title "Security Onion Setup" --radiolist \
-	"How would you like to download OS package updates for your grid?" 20 75 4 \
-	"MANAGER" "Manager node is proxy for updates" ON \
-	"OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
-	local exitstatus=$?
-	whiptail_check_exitstatus $exitstatus
-
-	case "$update_string" in
-		'MANAGER')
-			export MANAGERUPDATES='1'
-			;;
-		*)
-			export MANAGERUPDATES='0'
-			;;
-	esac
-
-}
-
 whiptail_manager_updates_warning() {
 	[ -n "$TESTING" ] && return
 
@@ -1485,7 +1524,9 @@ whiptail_patch_schedule_select_hours() {
 whiptail_proxy_ask() {
 	[ -n "$TESTING" ] && return
 
-	whiptail --title "Security Onion Setup" --yesno "Do you want to set a proxy server for this installation?" 7 60 --defaultno
+	local pkg_mngr
+	if [[ $OS = 'centos' ]]; then pkg_mngr="yum"; else pkg_mngr='apt'; fi
+	whiptail --title "Security Onion Setup" --yesno "Do you want to proxy the traffic for git, docker client, wget, curl, ${pkg_mngr}, and various other SO components through a separate server in your environment?" 9 65 --defaultno
 }
 
 whiptail_proxy_addr() {