Merge pull request #7772 from Security-Onion-Solutions/awlocal

2025-12-06 17:22:49 +01:00 · 2022-04-12 15:45:56 -04:00
parent dbddff7be7 2977604d96
commit ecc29b586d
5 changed files with 52 additions and 13 deletions
--- a/salt/common/tools/sbin/so-saltstack-update
+++ b/salt/common/tools/sbin/so-saltstack-update
@@ -32,11 +32,17 @@ copy_new_files() {
  # Copy new files over to the salt dir
  cd /tmp/sogh/securityonion
  git checkout $BRANCH
+  VERSION=$(cat VERSION)
+  # We need to overwrite if there is a repo file
+  if [ -d /opt/so/repo ]; then
+    tar -czf /opt/so/repo/"$VERSION".tar.gz -C "$(pwd)/.." .
+  fi
  rsync -a salt $default_salt_dir/
  rsync -a pillar $default_salt_dir/
  chown -R socore:socore $default_salt_dir/salt
  chown -R socore:socore $default_salt_dir/pillar
  chmod 755 $default_salt_dir/pillar/firewall/addfirewall.sh
+
  rm -rf /tmp/sogh
 }

--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -422,6 +422,7 @@ preupgrade_changes() {
    [[ "$INSTALLEDVERSION" == 2.3.80 ]] && up_to_2.3.90
    [[ "$INSTALLEDVERSION" == 2.3.90 || "$INSTALLEDVERSION" == 2.3.91 ]] && up_to_2.3.100
    [[ "$INSTALLEDVERSION" == 2.3.100 ]] && up_to_2.3.110
+    [[ "$INSTALLEDVERISON" == 2.3.110 ]] && up_to_2.3.120
    true
 }

@@ -435,6 +436,8 @@ postupgrade_changes() {
    [[ "$POSTVERSION" == 2.3.60 || "$POSTVERSION" == 2.3.61 || "$POSTVERSION" == 2.3.70 || "$POSTVERSION" == 2.3.80 ]] && post_to_2.3.90
    [[ "$POSTVERSION" == 2.3.90 || "$POSTVERSION" == 2.3.91 ]] && post_to_2.3.100
    [[ "$POSTVERSION" == 2.3.100 ]] && post_to_2.3.110
+    [[ "$POSTVERSION" == 2.3.110 ]] && post_to_2.3.120
+
    true
 }

@@ -498,6 +501,13 @@ post_to_2.3.110() {
  POSTVERSION=2.3.110
 }

+post_to_2.3.120() {
+  echo "Post Processing for 2.3.120"
+  POSTVERSION=2.3.120
+}
+
+
+
 stop_salt_master() {
    # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
    set +e
@@ -749,11 +759,16 @@ up_to_2.3.100() {
 }

 up_to_2.3.110() {
-  echo "Updating to Security Onion 2.3.110"
-  echo "Updating shard settings for Elasticsearch index templates"
  sed -i 's|shards|index_template:\n        template:\n          settings:\n            index:\n              number_of_shards|g' /opt/so/saltstack/local/pillar/global.sls
 }

+up_to_2.3.120() {
+  # Stop thehive services since these will be broken in .120
+  so-thehive-stop
+  so-thehive-es-stop
+  so-cortex-stop
+  }
+
 verify_upgradespace() {
  CURRENTSPACE=$(df -BG / | grep -v Avail | awk '{print $4}' | sed 's/.$//')
  if [ "$CURRENTSPACE" -lt "10" ]; then
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -149,7 +149,14 @@ analyst_salt_local() {
 	logCmd "yum -y update --exclude=salt*"

 	salt-call state.apply workstation --local --file-root=../salt/ -l info 2>&1 | tee -a outfile
-	echo "Whiptail to reboot here"
+	read -r -d '' message <<- EOM
+		Finished Analyst workstation installation.
+
+		Press ENTER to reboot.
+	EOM
+
+	whiptail --title "$whiptail_title" --msgbox "$message" 12 75
+	reboot
 	exit 0 

 }
@@ -897,6 +904,8 @@ check_requirements() {
 		if [[ -n $nsm_mount ]]; then
 			if [[ "$standalone_or_dist" == 'import' ]]; then
 				req_storage=50
+			elif [[ "$node_type" == 'idh' ]]; then
+			    req_storage=12
 			else
 				req_storage=100
 			fi
@@ -909,6 +918,8 @@ check_requirements() {
 		else
 			if [[ "$standalone_or_dist" == 'import' ]]; then
 				req_storage=50
+			elif [[ "$node_type" == 'idh' ]]; then
+			        req_storage=12
 			else
 				req_storage=200
 			fi
@@ -1508,7 +1519,7 @@ generate_passwords(){
 }

 generate_repo_tarball() {
-	mkdir /opt/so/repo
+	mkdir -p /opt/so/repo
 	tar -czf /opt/so/repo/"$SOVERSION".tar.gz -C "$(pwd)/.." .
 }

--- a/setup/so-setup
+++ b/setup/so-setup
@@ -1083,6 +1083,11 @@ echo "1" > /root/accept_changes
 		add_web_user >> $setup_log 2>&1
 	fi
 	
+	if [[ $is_analyst ]]; then
+		# Remove access to the manager from the analyst workstation
+		rm -rf /root/.ssh/so.key*
+	fi
+
 	set_progress_str 90 'Enabling checkin at boot'
 	checkin_at_boot >> $setup_log 2>&1

--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -55,7 +55,7 @@ whiptail_analyst_nongrid_iso() {

 	read -r -d '' message <<- EOM
 	
-	You have selected this Analyst workstation to be independant.
+	You have selected this Analyst workstation to be independent.

 	Would you still like to have the graphical interface loaded at boot?

@@ -73,7 +73,7 @@ whiptail_analyst_nongrid_network() {

 	read -r -d '' message <<- EOM
 	
-	You have selected this Analyst workstation to be independant.
+	You have selected this Analyst workstation to be independent.

 	Would you still like to install and load the graphical interface?

@@ -630,6 +630,7 @@ whiptail_end_settings() {
 		__append_end_msg "  Logstash Batch Size: $LSPIPELINEBATCH"
 		__append_end_msg "  Logstash Input Threads: $LSINPUTTHREADS"
 	else
+		if [[ ! $is_analyst ]]; then
 			if [[ ! $is_receiver ]]; then
 				__append_end_msg "Elasticsearch Heap Size: $NODE_ES_HEAP_SIZE"
 				__append_end_msg "Elasticsearch Storage Space: ${log_size_limit}GB"
@@ -639,6 +640,7 @@ whiptail_end_settings() {
 			__append_end_msg "Logstash Batch Size: $LSPIPELINEBATCH"
 			__append_end_msg "Logstash Input Threads: $LSINPUTTHREADS"
 		fi
+	fi


 	# ADVANCED