diff --git a/salt/common/tools/sbin/so-saltstack-update b/salt/common/tools/sbin/so-saltstack-update index e68af9a7d..81b00ace5 100755 --- a/salt/common/tools/sbin/so-saltstack-update +++ b/salt/common/tools/sbin/so-saltstack-update @@ -32,11 +32,17 @@ copy_new_files() { # Copy new files over to the salt dir cd /tmp/sogh/securityonion git checkout $BRANCH + VERSION=$(cat VERSION) + # We need to overwrite if there is a repo file + if [ -d /opt/so/repo ]; then + tar -czf /opt/so/repo/"$VERSION".tar.gz -C "$(pwd)/.." . + fi rsync -a salt $default_salt_dir/ rsync -a pillar $default_salt_dir/ chown -R socore:socore $default_salt_dir/salt chown -R socore:socore $default_salt_dir/pillar chmod 755 $default_salt_dir/pillar/firewall/addfirewall.sh + rm -rf /tmp/sogh } diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 70e300cb0..0db0e8b84 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -422,6 +422,7 @@ preupgrade_changes() { [[ "$INSTALLEDVERSION" == 2.3.80 ]] && up_to_2.3.90 [[ "$INSTALLEDVERSION" == 2.3.90 || "$INSTALLEDVERSION" == 2.3.91 ]] && up_to_2.3.100 [[ "$INSTALLEDVERSION" == 2.3.100 ]] && up_to_2.3.110 + [[ "$INSTALLEDVERISON" == 2.3.110 ]] && up_to_2.3.120 true } @@ -435,6 +436,8 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.3.60 || "$POSTVERSION" == 2.3.61 || "$POSTVERSION" == 2.3.70 || "$POSTVERSION" == 2.3.80 ]] && post_to_2.3.90 [[ "$POSTVERSION" == 2.3.90 || "$POSTVERSION" == 2.3.91 ]] && post_to_2.3.100 [[ "$POSTVERSION" == 2.3.100 ]] && post_to_2.3.110 + [[ "$POSTVERSION" == 2.3.110 ]] && post_to_2.3.120 + true } @@ -498,6 +501,13 @@ post_to_2.3.110() { POSTVERSION=2.3.110 } +post_to_2.3.120() { + echo "Post Processing for 2.3.120" + POSTVERSION=2.3.120 +} + + + stop_salt_master() { # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts set +e @@ -749,11 +759,16 @@ up_to_2.3.100() { } up_to_2.3.110() { - echo "Updating to Security Onion 2.3.110" - echo "Updating shard settings for Elasticsearch index templates" sed -i 's|shards|index_template:\n template:\n settings:\n index:\n number_of_shards|g' /opt/so/saltstack/local/pillar/global.sls } +up_to_2.3.120() { + # Stop thehive services since these will be broken in .120 + so-thehive-stop + so-thehive-es-stop + so-cortex-stop + } + verify_upgradespace() { CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//') if [ "$CURRENTSPACE" -lt "10" ]; then diff --git a/setup/so-functions b/setup/so-functions index 26c39a8d7..349fb54aa 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -149,7 +149,14 @@ analyst_salt_local() { logCmd "yum -y update --exclude=salt*" salt-call state.apply workstation --local --file-root=../salt/ -l info 2>&1 | tee -a outfile - echo "Whiptail to reboot here" + read -r -d '' message <<- EOM + Finished Analyst workstation installation. + + Press ENTER to reboot. + EOM + + whiptail --title "$whiptail_title" --msgbox "$message" 12 75 + reboot exit 0 } @@ -897,6 +904,8 @@ check_requirements() { if [[ -n $nsm_mount ]]; then if [[ "$standalone_or_dist" == 'import' ]]; then req_storage=50 + elif [[ "$node_type" == 'idh' ]]; then + req_storage=12 else req_storage=100 fi @@ -909,6 +918,8 @@ check_requirements() { else if [[ "$standalone_or_dist" == 'import' ]]; then req_storage=50 + elif [[ "$node_type" == 'idh' ]]; then + req_storage=12 else req_storage=200 fi @@ -1508,7 +1519,7 @@ generate_passwords(){ } generate_repo_tarball() { - mkdir /opt/so/repo + mkdir -p /opt/so/repo tar -czf /opt/so/repo/"$SOVERSION".tar.gz -C "$(pwd)/.." . } diff --git a/setup/so-setup b/setup/so-setup index 1b6725181..e767a7dde 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -1082,6 +1082,11 @@ echo "1" > /root/accept_changes set_progress_str 87 'Adding user to SOC' add_web_user >> $setup_log 2>&1 fi + + if [[ $is_analyst ]]; then + # Remove access to the manager from the analyst workstation + rm -rf /root/.ssh/so.key* + fi set_progress_str 90 'Enabling checkin at boot' checkin_at_boot >> $setup_log 2>&1 diff --git a/setup/so-whiptail b/setup/so-whiptail index b4e954b85..a141485d7 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -55,7 +55,7 @@ whiptail_analyst_nongrid_iso() { read -r -d '' message <<- EOM - You have selected this Analyst workstation to be independant. + You have selected this Analyst workstation to be independent. Would you still like to have the graphical interface loaded at boot? @@ -73,7 +73,7 @@ whiptail_analyst_nongrid_network() { read -r -d '' message <<- EOM - You have selected this Analyst workstation to be independant. + You have selected this Analyst workstation to be independent. Would you still like to install and load the graphical interface? @@ -630,14 +630,16 @@ whiptail_end_settings() { __append_end_msg " Logstash Batch Size: $LSPIPELINEBATCH" __append_end_msg " Logstash Input Threads: $LSINPUTTHREADS" else - if [[ ! $is_receiver ]]; then - __append_end_msg "Elasticsearch Heap Size: $NODE_ES_HEAP_SIZE" - __append_end_msg "Elasticsearch Storage Space: ${log_size_limit}GB" + if [[ ! $is_analyst ]]; then + if [[ ! $is_receiver ]]; then + __append_end_msg "Elasticsearch Heap Size: $NODE_ES_HEAP_SIZE" + __append_end_msg "Elasticsearch Storage Space: ${log_size_limit}GB" + fi + __append_end_msg "Logstash Heap Size: $NODE_LS_HEAP_SIZE" + __append_end_msg "Logstash Worker Count: $LSPIPELINEWORKERS" + __append_end_msg "Logstash Batch Size: $LSPIPELINEBATCH" + __append_end_msg "Logstash Input Threads: $LSINPUTTHREADS" fi - __append_end_msg "Logstash Heap Size: $NODE_LS_HEAP_SIZE" - __append_end_msg "Logstash Worker Count: $LSPIPELINEWORKERS" - __append_end_msg "Logstash Batch Size: $LSPIPELINEBATCH" - __append_end_msg "Logstash Input Threads: $LSINPUTTHREADS" fi