CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into dev

Browse Source
This commit is contained in:
m0duspwnens
2020-04-06 13:41:18 -04:00
parent 304e43e2ae 0048ffde70
commit ed392ac4c2
25 changed files with 847 additions and 685 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pillar/firewall/fleet_nodes.sls
View File

@@ -1,3 +0,0 @@
fleet_nodes:
- 127.0.0.1

2
salt/common/tools/sbin/so-status
View File

@@ -107,7 +107,7 @@ populate_container_lists() {
systemctl is-active --quiet docker
if [[ $? = 0 ]]; then
mapfile -t docker_raw_list < <(curl -s --unix-socket /var/run/docker.sock http:/v2/containers/json?all=1 \
mapfile -t docker_raw_list < <(curl -s --unix-socket /var/run/docker.sock http:/v1.40/containers/json?all=1 \
| jq -c '.[] | { Name: .Names[0], State: .State }' \
| tr -d '/{"}')
else

1
salt/elasticsearch/files/ingest/ossec.alert
View File

@@ -33,6 +33,7 @@
{ "rename": { "field": "data.win.eventdata.user", "target_field": "user.name", "ignore_missing": true } },
{ "rename": { "field": "data.win.system.eventID", "target_field": "event.code", "ignore_missing": true } },
{ "rename": { "field": "predecoder.program_name", "target_field": "process.name", "ignore_missing": true } },
{ "rename": { "field": "rule.description", "target_field": "rule.name", "ignore_missing": true } },
{ "set": { "if": "ctx.rule.level == 1", "field": "rule.category", "value": "None" } },
{ "set": { "if": "ctx.rule.level == 2", "field": "rule.category", "value": "System low priority notification" } },
{ "set": { "if": "ctx.rule.level == 3", "field": "rule.category", "value": "Successful/authorized event" } },

2
salt/elasticsearch/files/ingest/strelka.file
View File

@@ -5,7 +5,7 @@
{ "rename": { "field": "message2.file", "target_field": "file", "ignore_missing": true } },
{ "rename": { "field": "message2.scan", "target_field": "scan", "ignore_missing": true } },
{ "rename": { "field": "message2.request", "target_field": "request", "ignore_missing": true } },
{ "rename": { "field": "scan.hash", "target_field": "file.hash", "ignore_missing": true } },
{ "rename": { "field": "scan.hash", "target_field": "hash", "ignore_missing": true } },
{ "remove": { "field": ["host", "path"], "ignore_missing": true } },
{ "pipeline": { "name": "common" } }
]

6
salt/elasticsearch/files/ingest/zeek.dnp3
View File

@@ -3,9 +3,9 @@
"processors" : [
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.fc_request", "target_field": "fc_request", "ignore_missing": true } },
{ "rename": { "field": "message2.fc_reply", "target_field": "fc_reply", "ignore_missing": true } },
{ "rename": { "field": "message2.iin", "target_field": "iin", "ignore_missing": true } },
{ "rename": { "field": "message2.fc_request", "target_field": "dnp3.fc_request", "ignore_missing": true } },
{ "rename": { "field": "message2.fc_reply", "target_field": "dnp3.fc_reply", "ignore_missing": true } },
{ "rename": { "field": "message2.iin", "target_field": "dnp3.iin", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]
}

4
salt/elasticsearch/files/ingest/zeek.files
View File

@@ -4,8 +4,8 @@
{ "remove": { "field": ["host"], "ignore_failure": true } },
{ "json": { "field": "message", "target_field": "message2", "ignore_failure": true } },
{ "rename": { "field": "message2.fuid", "target_field": "log.id.fuid", "ignore_missing": true } },
{ "rename": { "field": "message2.rx_hosts", "target_field": "file.receive_ip", "ignore_missing": true } },
{ "rename": { "field": "message2.tx_hosts", "target_field": "file.transmit_ip", "ignore_missing": true } },
{ "rename": { "field": "message2.rx_hosts", "target_field": "destination.ip", "ignore_missing": true } },
{ "rename": { "field": "message2.tx_hosts", "target_field": "source.ip", "ignore_missing": true } },
{ "set": { "field": "server.ip", "value": "{{source.ip}}", "ignore_failure": true } },
{ "set": { "field": "client.ip", "value": "{{destination.ip}}", "ignore_failure": true } },
{ "rename": { "field": "message2.conn_uids", "target_field": "log.id.uids", "ignore_missing": true } },

28
salt/elasticsearch/files/ingest/zeek.notice
View File

@@ -7,20 +7,20 @@
{ "rename": { "field": "message2.mime", "target_field": "file.mimetype", "ignore_missing": true } },
{ "rename": { "field": "message2.desc", "target_field": "file.description", "ignore_missing": true } },
{ "rename": { "field": "message2.proto", "target_field": "network.protocol", "ignore_missing": true } },
{ "rename": { "field": "message2.note", "target_field": "note", "ignore_missing": true } },
{ "rename": { "field": "message2.msg", "target_field": "msg", "ignore_missing": true } },
{ "rename": { "field": "message2.sub", "target_field": "sub_msg", "ignore_missing": true } },
{ "rename": { "field": "message2.p", "target_field": "p", "ignore_missing": true } },
{ "rename": { "field": "message2.n", "target_field": "n", "ignore_missing": true } },
{ "rename": { "field": "message2.peer_descr", "target_field": "peer_description", "ignore_missing": true } },
{ "rename": { "field": "message2.actions", "target_field": "action", "ignore_missing": true } },
{ "rename": { "field": "message2.suppress_for", "target_field": "suppress_for", "ignore_missing": true } },
{ "rename": { "field": "message2.dropped", "target_field": "dropped", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_country_code", "target_field": "destination_country_code", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_region", "target_field": "destination_region", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_city", "target_field": "destination_city", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_latitude", "target_field": "destination_latitude", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_longitude", "target_field": "destination_longitude", "ignore_missing": true } },
{ "rename": { "field": "message2.note", "target_field": "notice.note", "ignore_missing": true } },
{ "rename": { "field": "message2.msg", "target_field": "notice.message", "ignore_missing": true } },
{ "rename": { "field": "message2.sub", "target_field": "notice.sub_message", "ignore_missing": true } },
{ "rename": { "field": "message2.p", "target_field": "notice.p", "ignore_missing": true } },
{ "rename": { "field": "message2.n", "target_field": "notice.n", "ignore_missing": true } },
{ "rename": { "field": "message2.peer_descr", "target_field": "notice.peer_description", "ignore_missing": true } },
{ "rename": { "field": "message2.actions", "target_field": "notice.action", "ignore_missing": true } },
{ "rename": { "field": "message2.suppress_for", "target_field": "notice.suppress_for", "ignore_missing": true } },
{ "rename": { "field": "message2.dropped", "target_field": "notice.dropped", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_country_code", "target_field": "geo.destination_country_code", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_region", "target_field": "geo.destination_region", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_city", "target_field": "geo.destination_city", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_latitude", "target_field": "geo.destination_latitude", "ignore_missing": true } },
{ "rename": { "field": "message2.destination_longitude", "target_field": "geo.destination_longitude", "ignore_missing": true } },
{ "pipeline": { "name": "zeek.common" } }
]
}

2
salt/elasticsearch/files/ingest/zeek.rfb
View File

@@ -8,7 +8,7 @@
{ "rename": { "field": "message2.server_major_version", "target_field": "rfb.server_major_version", "ignore_missing": true } },
{ "rename": { "field": "message2.server_minor_version", "target_field": "rfb.server_minor_version", "ignore_missing": true } },
{ "rename": { "field": "message2.authentication_method", "target_field": "rfb.authentication.method","ignore_missing": true } },
{ "rename": { "field": "message2.auth", "target_field": "rfb.authenticaiton.success", "ignore_missing": true } },
{ "rename": { "field": "message2.auth", "target_field": "rfb.authentication.success", "ignore_missing": true } },
{ "rename": { "field": "message2.share_flag", "target_field": "rfb.share_flag", "ignore_missing": true } },
{ "rename": { "field": "message2.desktop_name", "target_field": "rfb.desktop.name", "ignore_missing": true } },
{ "rename": { "field": "message2.width", "target_field": "rfb.desktop.width", "ignore_missing": true } },

4
salt/filebeat/etc/filebeat.yml
View File

@@ -7,8 +7,8 @@
{%- set HOSTNAME = salt['grains.get']('host', '') %}
{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %}
{%- set WAZUHENABLED = salt['pillar.get']('static:wazuh_enabled', '1') %}
{%- set STRELKAENABLED = salt['pillar.get']('static:strelka_enabled', '1') %}
{%- set WAZUHENABLED = salt['pillar.get']('master:wazuh_enabled', '0') %}
{%- set STRELKAENABLED = salt['pillar.get']('master:strelka_enabled', '0') %}
{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}

18
salt/firewall/init.sls
View File

@@ -8,6 +8,8 @@
{%- elif grains['role'] == 'so-fleet' %}
{%- set ip = salt['pillar.get']('node:mainip', '') %}
{%- endif %}
{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
{%- set FLEET_NODE_IP = salt['pillar.get']('static:fleet_ip') %}
# Quick Fix for Docker being difficult
iptables_fix_docker:
@@ -424,6 +426,22 @@ enable_forwardnode_sensoroni_9822_{{ip}}:
{% endfor %}
# Allow Fleet Node to send its beats traffic
{% if FLEET_NODE %}
enable_fleetnode_beats_5644_{{FLEET_NODE_IP}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ FLEET_NODE_IP }}
- dport: 5644
- position: 1
- save: True
{% endif %}
{% for ip in pillar.get('search_nodes') %}
enable_searchnode_redis_6379_{{ip}}:

2
salt/fleet/event_gen-packages.sls
View File

@@ -1,4 +1,4 @@
{% set ENROLLSECRET = salt['pillar.get']('auth:fleet_enroll-secret') %}
{% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
so/fleet:
event.send:

31
salt/fleet/files/dedicated-index.html
View File

@@ -86,40 +86,9 @@ a {
<p>
<div style="text-align: center;">
<h1>Security Onion - Dedicated Fleet Node</h1>
<h2>Osquery Packages</h2>
</div>
<br/>
<h2>Notes</h2>
<ul>
<li>These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from <a href="https://osquery.io/downloads">osquery.io</a></li>
<li>Packages are not signed.</li>
</ul>
<br/>
<h2>Downloads</h2>
<div>
Generated: {{ PACKAGESTS }}
<br/>
<br/>
Packages:
<ul>
<li><a href="/launcher.msi" download="msi-launcher.msi">MSI (Windows)</a></li>
<li><a href="/launcher.deb" download="deb-launcher.deb">DEB (Debian)</a></li>
<li><a href="/launcher.rpm" download="rpm-launcher.rpm">RPM (RPM)</a></li>
<li><a href="/launcher.pkg" download="pkg-launcher.pkg">PKG (MacOS)</a></li>
</ul>
<br/>
<br/>
Config Files:
<ul>
<li><a href="/launcher.flags" download="launcher.flags.txt">RPM & DEB Flag File</a></li>
<li><a href="/launcher-msi.flags" download="launcher-msi.flags.txt">MSI Flag File</a></li>
</ul>
</div>
<br/>
<h2>Known Issues</h2>
<ul>
<li>None</li>
</ul>
</p>
</div>
</div>

11
salt/kibana/bin/so-kibana-config-load
View File

@@ -1,12 +1,12 @@
{%- set MASTER = salt['pillar.get']('static:masterip', '') %}
#!/bin/bash
KIBANA_VERSION="7.6.1"
MAX_WAIT=60
# Check to see if Kibana is available
wait_step=0
until curl -s -XGET http://localhost:5601 > /dev/null ; do
until curl "{{ MASTER }}:5601/nonexistenturl" 2>&1 |grep -q "Not Found" ; do
wait_step=$(( ${wait_step} + 1 ))
echo "Waiting on Kibana...Attempt #$wait_step"
echo "Waiting on Kibana ({{ MASTER }}:5601)...Attempt #$wait_step"
if [ ${wait_step} -gt ${MAX_WAIT} ]; then
echo "ERROR: Kibana not available for more than ${MAX_WAIT} seconds."
exit 5
@@ -30,5 +30,10 @@ curl -X PUT "localhost:5601/api/saved_objects/config/$KIBANA_VERSION" -H 'kbn-xs
}
}'
# Sub our IP for placholders
for i in PLACEHOLDER FLEETPLACEHOLDER PCAPPLACEHOLDER SOCTOPUSPLACEHOLDER; do
sed -i "s/$i/{{ MASTER }}/g" /opt/so/saltstack/salt/kibana/saved_objects.ndjson
done
# Load saved objects
curl -X POST "localhost:5601/api/saved_objects/_import" -H "kbn-xsrf: true" --form file=@/opt/so/saltstack/salt/kibana/saved_objects.ndjson

1
salt/kibana/init.sls
View File

@@ -84,6 +84,7 @@ so-kibana-config-load:
- shell: /bin/bash
- runas: socore
- source: salt://kibana/bin/so-kibana-config-load
- template: jinja
# Keep the setting correct
#KibanaHappy:

1278
salt/kibana/saved_objects.ndjson
View File

File diff suppressed because one or more lines are too long

16
salt/logstash/pipelines/templates/so/so-common-template.json
View File

@@ -184,6 +184,10 @@
"type":"object",
"dynamic": true
},
"irc":{
"type":"object",
"dynamic": true
},
"kerberos":{
"type":"object",
"dynamic": true
@@ -208,10 +212,18 @@
"type":"object",
"dynamic": true
},
"mysql":{
"type":"object",
"dynamic": true
},
"network":{
"type":"object",
"dynamic": true
},
"notice":{
"type":"object",
"dynamic": true
},
"ntlm":{
"type":"object",
"dynamic": true
@@ -316,6 +328,10 @@
"type":"object",
"dynamic": true
},
"syslog":{
"type":"object",
"dynamic": true
},
"tags":{
"type":"text",
"fields":{

8
salt/reactor/fleet.sls
View File

@@ -15,9 +15,9 @@ def run():
MAINIP = data['data']['mainip']
STATICFILE = '/opt/so/saltstack/pillar/static.sls'
AUTHFILE = '/opt/so/saltstack/pillar/auth.sls'
SECRETSFILE = '/opt/so/saltstack/pillar/secrets.sls'
if MINIONID.split('_')[-1] in ['master','eval','fleet']:
if MINIONID.split('_')[-1] in ['master','eval','fleet','mastersearch']:
if ACTION == 'enablefleet':
logging.info('so/fleet enablefleet reactor')
@@ -29,8 +29,8 @@ def run():
line = re.sub(r'fleet_master: \S*', f"fleet_master: True", line.rstrip())
print(line)
# Update the enroll secret in the auth pillar
for line in fileinput.input(AUTHFILE, inplace=True):
# Update the enroll secret in the secrets pillar
for line in fileinput.input(SECRETSFILE, inplace=True):
line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
print(line)

11
salt/soctopus/files/SOCtopus.conf
View File

@@ -4,6 +4,10 @@
[es]
es_url = http://{{ip}}:9200
es_user = YOURESUSER
es_pass = YOURESPASS
es_index_pattern = so-*
es_verifycert = no
[cortex]
auto_analyze_alerts = no
@@ -20,6 +24,7 @@ fir_confidentiality = 1
fir_detection = 2
fir_plan = 8
fir_severity = 4
fir_verifycert = no
[grr]
grr_url = YOURGRRURL
@@ -30,12 +35,12 @@ grr_pass = YOURGRRPASS
hive_url = https://{{ip}}/thehive/
hive_key = {{ HIVEKEY }}
hive_tlp = 3
hive_verifycert = False
hive_verifycert = no
[misp]
misp_url = YOURMISPURL
misp_key = YOURMISPKEY
misp_verifycert = False
misp_verifycert = no
distrib = 0
threat = 4
analysis = 0
@@ -47,6 +52,7 @@ rtir_user = YOURRTIRUSER
rtir_pass = YOURRTIRPASS
rtir_queue = Incidents
rtir_creator = root
rtir_verifycert = no
[slack]
slack_url = YOURSLACKWORKSPACE
@@ -55,6 +61,7 @@ slack_webhook = YOURSLACKWEBHOOK
[playbook]
playbook_url = https://{{ip}}/playbook
playbook_key = a4a34538782804adfcb8dfae96262514ad70c37c
playbook_verifycert = no
[log]
logfile = /var/log/SOCtopus/soctopus.log

14
salt/soctopus/init.sls
View File

@@ -10,12 +10,22 @@ soctopusdir:
soctopussync:
file.recurse:
- name: /opt/so/conf/soctopus
- source: salt://soctopus/files
- name: /opt/so/conf/soctopus/templates
- source: salt://soctopus/files/templates
- user: 939
- group: 939
- template: jinja
soctopusconf:
file.managed:
- name: /opt/so/conf/soctopus/SOCtopus.conf
- source: salt://soctopus/files/SOCtopus.conf
- user: 939
- group: 939
- replace: False
- mode: 600
- template: jinja
soctopuslogdir:
file.directory:
- name: /opt/so/log/soctopus

2
salt/ssl/init.sls
View File

@@ -142,7 +142,7 @@ fbcrtlink:
backup: True
{% endif %}
{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-master' or grains['role'] == 'so-node' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' or grains['role'] == 'so-heavynode' %}
{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-master' or grains['role'] == 'so-node' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' or grains['role'] == 'so-heavynode' or grains['role'] == 'so-fleet' %}
fbcertdir:
file.directory:

3
salt/strelka/init.sls
View File

@@ -89,6 +89,7 @@ strelka_backend:
- /opt/so/conf/strelka/backend/yara:/etc/yara/:ro
- name: so-strelka-backend
- command: strelka-backend
- restart_policy: on-failure
strelka_manager:
docker_container.running:
@@ -109,6 +110,6 @@ strelka_filestream:
strelka_zeek_extracted_sync:
cron.present:
- user: socore
- user: root
- name: mv /nsm/zeek/extracted/complete/* /nsm/strelka
- minute: '*'

2
salt/top.sls
View File

@@ -6,7 +6,7 @@
{%- set DOMAINSTATS = salt['pillar.get']('master:domainstats', '0') -%}
{%- set FLEETMASTER = salt['pillar.get']('static:fleet_master', False) -%}
{%- set FLEETNODE = salt['pillar.get']('static:fleet_node', False) -%}
{%- set STRELKA = salt['pillar.get']('master:strelka', '1') -%}
{%- set STRELKA = salt['pillar.get']('master:strelka', '0') -%}
base:

12
setup/so-functions
View File

@@ -234,7 +234,7 @@ check_network_manager_conf() {
{
mv "$gmdconf" "${gmdconf}.bak"
touch "$gmdconf"
systemctl restart network-manager
systemctl restart NetworkManager
} >> $SETUPLOG 2>&1
fi
@@ -395,7 +395,7 @@ create_sensor_bond() {
ethernet.mtu $MTU \
connection.autoconnect "yes" >> $SETUPLOG 2>&1
for BNIC in "${BNICS[@]}"; do
for BNIC in ${BNICS[@]}; do
BONDNIC="$(echo -e "${BNIC}" | tr -d '"')" # Strip the quotes from the NIC names
# Check if specific offload features are able to be disabled
@@ -458,8 +458,8 @@ detect_os() {
fi
# Install network manager so we can do interface stuff
apt-get install -y network-manager
/bin/systemctl enable network-manager
/bin/systemctl start network-manager
/bin/systemctl enable NetworkManager
/bin/systemctl start NetworkManager
else
echo "We were unable to determine if you are using a supported OS." >> $SETUPLOG 2>&1
exit
@@ -486,7 +486,7 @@ disable_onion_user() {
}
disable_misc_network_features() {
for UNUSED_NIC in "${FNICS[@]}"; do
for UNUSED_NIC in ${FNICS[@]}; do
# Disable DHCPv4/v6 and autoconnect
nmcli con mod "$UNUSED_NIC" \
ipv4.method disabled \
@@ -745,7 +745,7 @@ get_main_ip() {
get_redirect() {
whiptail_set_redirect_info
whiptail_set_redirect
if [ $REDIRECTINFO == 'OTHER' ]; then
if [ "$REDIRECTINFO" == "OTHER" ]; then
whiptail_set_redirect_host
fi
}

57
setup/so-setup
View File

@@ -29,6 +29,9 @@ else
INSTALLMETHOD="network"
fi
# Allow execution of SO tools during setup
export PATH=$PATH:../salt/common/tools/sbin
# Global Variables
HOSTNAME=$(cat /etc/hostname)
TOTAL_MEM=`grep MemTotal /proc/meminfo | awk '{print $2}' | sed -r 's/.{3}$//'`
@@ -141,7 +144,7 @@ if (whiptail_you_sure) ; then
if [ $INSTALLTYPE == 'HELIXSENSOR' ]; then
MASTERUPDATES=OPEN
filter_unused_nics
whiptail_bond_nics
[[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
whiptail_helix_apikey
whiptail_homenet_master
RULESETUP=ETOPEN
@@ -244,6 +247,32 @@ if (whiptail_you_sure) ; then
fi
function collect_webuser_inputs() {
# Get a password for the web admin user
VALIDUSER=no
while [ $VALIDUSER != yes ]; do
whiptail_create_web_user
so-user valemail "$WEBUSER"
if [ $? == 0 ]; then
VALIDUSER=yes
else
whiptail_invalid_user_warning
fi
done
WPMATCH=no
while [ $WPMATCH != yes ]; do
whiptail_create_web_user_password1
echo "$WEBPASSWD1" | so-user valpass
if [ $? == 0 ]; then
whiptail_create_web_user_password2
check_web_pass
else
whiptail_invalid_pass_warning
fi
done
}
####################
## Master ##
####################
@@ -292,14 +321,7 @@ if (whiptail_you_sure) ; then
check_soremote_pass
done
# Get a password for the web admin user
whiptail_create_web_user
WPMATCH=no
while [ $WPMATCH != yes ]; do
whiptail_create_web_user_password1
whiptail_create_web_user_password2
check_web_pass
done
collect_webuser_inputs
get_redirect
# Last Chance to back out
whiptail_make_changes
@@ -446,7 +468,7 @@ if (whiptail_you_sure) ; then
if [ $INSTALLTYPE == 'SENSOR' ]; then
filter_unused_nics
whiptail_bond_nics
[[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
whiptail_management_server
whiptail_master_updates
set_updates
@@ -506,6 +528,8 @@ if (whiptail_you_sure) ; then
salt-call state.apply pcap >> $SETUPLOG 2>&1
echo -e "XXX\n60\nInstalling IDS components... \nXXX"
salt-call state.apply suricata >> $SETUPLOG 2>&1
echo -e "XXX\n70\nInstalling Strelka... \nXXX"
salt-call state.apply strelka >> $SETUPLOG 2>&1
checkin_at_boot >> $SETUPLOG 2>&1
echo -e "XX\n97\nFinishing touches... \nXXX"
filter_unused_nics >> $SETUPLOG 2>&1
@@ -535,7 +559,7 @@ if (whiptail_you_sure) ; then
if [ $INSTALLTYPE == 'EVAL' ]; then
TYPE='eval'
# Select which NICs are in the bond
whiptail_bond_nics
[[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
elif [ $INSTALLTYPE == 'MASTERSEARCH' ]; then
TYPE='mastersearch'
fi
@@ -573,14 +597,7 @@ if (whiptail_you_sure) ; then
check_soremote_pass
done
fi
# Get a password for the web admin user
whiptail_create_web_user
WPMATCH=no
while [ $WPMATCH != yes ]; do
whiptail_create_web_user_password1
whiptail_create_web_user_password2
check_web_pass
done
collect_webuser_inputs
get_redirect
whiptail_make_changes
set_hostname
@@ -832,7 +849,7 @@ if (whiptail_you_sure) ; then
if [ $INSTALLTYPE == 'HEAVYNODE' ]; then
filter_unused_nics
whiptail_bond_nics
[[ $SKIP_BOND != 'yes' ]] && whiptail_bond_nics
whiptail_management_server
whiptail_master_updates
set_updates

8
setup/so-whiptail
View File

@@ -163,8 +163,13 @@ whiptail_create_web_user() {
WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \
"Please enter an email address to create an administrator account for the web interface." 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_invalid_user_warning() {
whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
}
whiptail_create_web_user_password1() {
@@ -185,6 +190,9 @@ whiptail_create_web_user_password2() {
}
whiptail_invalid_pass_warning() {
whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75
}
whiptail_cur_close_days() {