CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into salt3003.1

Browse Source
This commit is contained in:
m0duspwnens
2021-04-09 09:37:35 -04:00
parent 6650ad5cdd 69ad3ad491
commit ecda46c04b
9 changed files with 326 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
setup/so-functions
View File

@@ -563,7 +563,7 @@ collect_patch_schedule_name_import() {
collect_proxy() {
[[ -n $TESTING ]] && return
collect_proxy_details
collect_proxy_details || return
while ! proxy_validate; do
if whiptail_invalid_proxy; then
collect_proxy_details no_ask
@@ -608,6 +608,8 @@ collect_proxy_details() {
so_proxy="$proxy_addr"
fi
export so_proxy
else
return 1
fi
}
@@ -1012,7 +1014,7 @@ create_repo() {
detect_cloud() {
echo "Testing if setup is running on a cloud instance..." | tee -a "$setup_log"
if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || ( dmidecode -s bios-vendor | grep -q Google > /dev/null); then export is_cloud="true"; fi
if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || ( dmidecode -s bios-vendor | grep -q Google > /dev/null) || [ -f /var/log/waagent.log ]; then export is_cloud="true"; fi
}
detect_os() {
@@ -1870,12 +1872,13 @@ print_salt_state_apply() {
}
proxy_validate() {
echo "Testing proxy..."
local test_url="https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS"
proxy_test_err=$(curl -sS "$test_url" --proxy "$so_proxy" 2>&1)
proxy_test_err=$(curl -sS "$test_url" --proxy "$so_proxy" --connect-timeout 5 2>&1) # set short connection timeout so user doesn't sit waiting for proxy test to timeout
local ret=$?
if [[ $ret != 0 ]]; then
error "Could not reach $test_url using proxy $so_proxy"
error "Could not reach $test_url using proxy provided"
error "Received error: $proxy_test_err"
if [[ -n $TESTING ]]; then
error "Exiting setup"
@@ -2286,13 +2289,21 @@ secrets_pillar(){
securityonion_repo() {
# Remove all the current repos
if [[ "$OS" == "centos" ]]; then
mkdir -p /root/oldrepos
mv /etc/yum.repos.d/* /root/oldrepos/
rm -f /etc/yum.repos.d/*
if [[ ! $is_manager && "$MANAGERUPDATES" == "1" ]]; then
cp -f ../salt/common/yum_repos/securityonioncache.repo /etc/yum.repos.d/
if [[ "$INTERWEBS" == "AIRGAP" ]]; then
echo "This is airgap I don't need to add this repo"
else
cp -f ../salt/common/yum_repos/securityonion.repo /etc/yum.repos.d/
mkdir -p /root/oldrepos
mv -v /etc/yum.repos.d/* /root/oldrepos/
ls -la /etc/yum.repos.d/
rm -rf /etc/yum.repos.d
yum clean all
yum repolist all
mkdir -p /etc/yum.repos.d
if [[ ! $is_manager && "$MANAGERUPDATES" == "1" ]]; then
cp -f ../salt/common/yum_repos/securityonioncache.repo /etc/yum.repos.d/
else
cp -f ../salt/common/yum_repos/securityonion.repo /etc/yum.repos.d/
fi
fi
else
echo "This is Ubuntu"
@@ -2707,7 +2718,7 @@ update_sudoers() {
update_packages() {
if [ "$OS" = 'centos' ]; then
yum repolist >> /dev/null
yum -y update >> "$setup_log"
yum -y update --exclude=salt* >> "$setup_log"
else
retry 50 10 "apt-get -y update" >> "$setup_log" 2>&1 || exit 1
retry 50 10 "apt-get -y upgrade" >> "$setup_log" 2>&1 || exit 1