CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

[feat] Add TESTING flag to whiptail menus for automated setup script testing

Browse Source
This commit is contained in:
William Wernert
2020-04-28 14:11:08 -04:00
parent 8b76b30266
commit f22cb9aac1
2 changed files with 139 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
setup/so-functions
View File

@@ -44,6 +44,9 @@ add_admin_user() {
} }
add_master_hostfile() { add_master_hostfile() {
[ -n "$TESTING" ] && return
echo "Checking if I can resolve master. If not add to hosts file" >> $SETUPLOG 2>&1 echo "Checking if I can resolve master. If not add to hosts file" >> $SETUPLOG 2>&1
# Pop up an input to get the IP address # Pop up an input to get the IP address
MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \ MSRVIP=$(whiptail --title "Security Onion Setup" --inputbox \

136
setup/so-whiptail
View File

@@ -17,6 +17,8 @@
whiptail_basic_bro() { whiptail_basic_bro() {
[ -n "$TESTING" ] && return
BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \ BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the number of bro processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3) "Enter the number of bro processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3)
@@ -27,6 +29,8 @@ whiptail_basic_bro() {
whiptail_basic_suri() { whiptail_basic_suri() {
[ -n "$TESTING" ] && return
BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \ BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the number of Suricata Processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3) "Enter the number of Suricata Processes:" 10 75 $LBPROCS 3>&1 1>&2 2>&3)
@@ -37,6 +41,8 @@ whiptail_basic_suri() {
whiptail_bro_pins() { whiptail_bro_pins() {
[ -n "$TESTING" ] && return
BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please Select $LBPROCS cores to pin Bro to:" 20 75 12 ${LISTCORES[@]} 3>&1 1>&2 2>&3 ) BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please Select $LBPROCS cores to pin Bro to:" 20 75 12 ${LISTCORES[@]} 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
@@ -46,6 +52,8 @@ whiptail_bro_pins() {
whiptail_bro_version() { whiptail_bro_version() {
[ -n "$TESTING" ] && return
BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)" ON \ BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)" ON \
"SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3) "SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3)
@@ -56,6 +64,8 @@ whiptail_bro_version() {
whiptail_bond_nics() { whiptail_bond_nics() {
[ -n "$TESTING" ] && return
local nic_list=() local nic_list=()
for FNIC in ${FNICS[@]}; do for FNIC in ${FNICS[@]}; do
nic_list+=($FNIC "Interface" "OFF") nic_list+=($FNIC "Interface" "OFF")
@@ -76,6 +86,8 @@ whiptail_bond_nics() {
whiptail_bond_nics_mtu() { whiptail_bond_nics_mtu() {
[ -n "$TESTING" ] && return
# Set the MTU on the monitor interface # Set the MTU on the monitor interface
MTU=$(whiptail --title "Security Onion Setup" --inputbox \ MTU=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the MTU for the monitor NICs" 10 75 1500 3>&1 1>&2 2>&3) "Enter the MTU for the monitor NICs" 10 75 1500 3>&1 1>&2 2>&3)
@@ -87,6 +99,8 @@ whiptail_bond_nics_mtu() {
whiptail_cancel() { whiptail_cancel() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75 whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
if [ -d "/root/installtmp" ]; then if [ -d "/root/installtmp" ]; then
echo "/root/installtmp exists" >> $SETUPLOG 2>&1 echo "/root/installtmp exists" >> $SETUPLOG 2>&1
@@ -99,6 +113,8 @@ whiptail_cancel() {
whiptail_check_exitstatus() { whiptail_check_exitstatus() {
[ -n "$TESTING" ] && return
if [ $1 == '1' ]; then if [ $1 == '1' ]; then
echo "They hit cancel" echo "They hit cancel"
whiptail_cancel whiptail_cancel
@@ -108,6 +124,8 @@ whiptail_check_exitstatus() {
whiptail_create_admin_user() { whiptail_create_admin_user() {
[ -n "$TESTING" ] && return
ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \ ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
"Please enter a username for your new admin user. The onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3) "Please enter a username for your new admin user. The onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
@@ -115,6 +133,8 @@ whiptail_create_admin_user() {
whiptail_create_admin_user_password1() { whiptail_create_admin_user_password1() {
[ -n "$TESTING" ] && return
ADMINPASS1=$(whiptail --title "Security Onion Install" --passwordbox \ ADMINPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
"Enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3) "Enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3)
@@ -124,6 +144,8 @@ whiptail_create_admin_user_password1() {
whiptail_create_admin_user_password2() { whiptail_create_admin_user_password2() {
[ -n "$TESTING" ] && return
ADMINPASS2=$(whiptail --title "Security Onion Install" --passwordbox \ ADMINPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
"Re-enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3) "Re-enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3)
@@ -134,12 +156,16 @@ whiptail_create_admin_user_password2() {
whiptail_create_soremote_user() { whiptail_create_soremote_user() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75 whiptail --title "Security Onion Setup" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75
} }
whiptail_create_soremote_user_password1() { whiptail_create_soremote_user_password1() {
[ -n "$TESTING" ] && return
SOREMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \ SOREMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
"Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3) "Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
@@ -150,6 +176,8 @@ whiptail_create_soremote_user_password1() {
whiptail_create_soremote_user_password2() { whiptail_create_soremote_user_password2() {
[ -n "$TESTING" ] && return
SOREMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \ SOREMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
"Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3) "Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
@@ -160,6 +188,8 @@ whiptail_create_soremote_user_password2() {
whiptail_create_web_user() { whiptail_create_web_user() {
[ -n "$TESTING" ] && return
WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \ WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \
"Please enter an email address to create an administrator account for the web interface." 10 60 3>&1 1>&2 2>&3) "Please enter an email address to create an administrator account for the web interface." 10 60 3>&1 1>&2 2>&3)
@@ -168,11 +198,15 @@ whiptail_create_web_user() {
} }
whiptail_invalid_user_warning() { whiptail_invalid_user_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75 whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
} }
whiptail_create_web_user_password1() { whiptail_create_web_user_password1() {
[ -n "$TESTING" ] && return
WEBPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \ WEBPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \
"Enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3) "Enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
@@ -182,6 +216,8 @@ whiptail_create_web_user_password1() {
whiptail_create_web_user_password2() { whiptail_create_web_user_password2() {
[ -n "$TESTING" ] && return
WEBPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \ WEBPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \
"Re-enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3) "Re-enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
@@ -191,11 +227,15 @@ whiptail_create_web_user_password2() {
} }
whiptail_invalid_pass_warning() { whiptail_invalid_pass_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75 whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75
} }
whiptail_cur_close_days() { whiptail_cur_close_days() {
[ -n "$TESTING" ] && return
CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \ CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
"Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 75 $CURCLOSEDAYS 3>&1 1>&2 2>&3) "Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 75 $CURCLOSEDAYS 3>&1 1>&2 2>&3)
@@ -206,6 +246,8 @@ whiptail_cur_close_days() {
whiptail_dhcp_or_static() { whiptail_dhcp_or_static() {
[ -n "$TESTING" ] && return
ADDRESSTYPE=$(whiptail --title "Security Onion Setup" --radiolist \ ADDRESSTYPE=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose how to set up your management interface:" 20 78 4 \ "Choose how to set up your management interface:" 20 78 4 \
"STATIC" "Set a static IPv4 address" ON \ "STATIC" "Set a static IPv4 address" ON \
@@ -216,6 +258,8 @@ whiptail_dhcp_or_static() {
} }
whiptail_enable_components() { whiptail_enable_components() {
[ -n "$TESTING" ] && return
COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \ COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \
"Select Components to install" 20 75 8 \ "Select Components to install" 20 75 8 \
"GRAFANA" "Enable Grafana for system monitoring" ON \ "GRAFANA" "Enable Grafana for system monitoring" ON \
@@ -231,6 +275,8 @@ whiptail_enable_components() {
} }
whiptail_eval_adv() { whiptail_eval_adv() {
[ -n "$TESTING" ] && return
EVALADVANCED=$(whiptail --title "Security Onion Setup" --radiolist \ EVALADVANCED=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose your eval install:" 20 75 4 \ "Choose your eval install:" 20 75 4 \
"BASIC" "Install basic components for evaluation" ON \ "BASIC" "Install basic components for evaluation" ON \
@@ -241,10 +287,14 @@ whiptail_eval_adv() {
} }
whiptail_eval_adv_warning() { whiptail_eval_adv_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75 whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75
} }
whiptail_helix_apikey() { whiptail_helix_apikey() {
[ -n "$TESTING" ] && return
HELIXAPIKEY=$(whiptail --title "Security Onion Setup" --inputbox \ HELIXAPIKEY=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your Helix API Key: \n \nThis can be set later using so-helix-apikey" 10 75 3>&1 1>&2 2>&3) "Enter your Helix API Key: \n \nThis can be set later using so-helix-apikey" 10 75 3>&1 1>&2 2>&3)
@@ -255,6 +305,8 @@ whiptail_helix_apikey() {
whiptail_homenet_master() { whiptail_homenet_master() {
[ -n "$TESTING" ] && return
# Ask for the HOME_NET on the master # Ask for the HOME_NET on the master
HNMASTER=$(whiptail --title "Security Onion Setup" --inputbox \ HNMASTER=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3) "Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
@@ -266,6 +318,8 @@ whiptail_homenet_master() {
whiptail_homenet_sensor() { whiptail_homenet_sensor() {
[ -n "$TESTING" ] && return
# Ask to inherit from master # Ask to inherit from master
whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Master?" 8 75 whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Master?" 8 75
@@ -283,6 +337,8 @@ whiptail_homenet_sensor() {
whiptail_install_type() { whiptail_install_type() {
[ -n "$TESTING" ] && return
# What kind of install are we doing? # What kind of install are we doing?
INSTALLTYPE=$(whiptail --title "Security Onion Setup" --radiolist \ INSTALLTYPE=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose Install Type:" 20 75 13 \ "Choose Install Type:" 20 75 13 \
@@ -307,6 +363,8 @@ whiptail_install_type() {
whiptail_log_size_limit() { whiptail_log_size_limit() {
[ -n "$TESTING" ] && return
LOG_SIZE_LIMIT=$(whiptail --title "Security Onion Setup" --inputbox \ LOG_SIZE_LIMIT=$(whiptail --title "Security Onion Setup" --inputbox \
"Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \ "Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \
By default, this is set to 80% of the disk space allotted for /nsm." 10 75 $LOG_SIZE_LIMIT 3>&1 1>&2 2>&3) By default, this is set to 80% of the disk space allotted for /nsm." 10 75 $LOG_SIZE_LIMIT 3>&1 1>&2 2>&3)
@@ -318,6 +376,8 @@ whiptail_log_size_limit() {
whiptail_management_interface_dns() { whiptail_management_interface_dns() {
[ -n "$TESTING" ] && return
MDNS=$(whiptail --title "Security Onion Setup" --inputbox \ MDNS=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your DNS server using space between multiple" 10 60 8.8.8.8 8.8.4.4 3>&1 1>&2 2>&3) "Enter your DNS server using space between multiple" 10 60 8.8.8.8 8.8.4.4 3>&1 1>&2 2>&3)
@@ -325,6 +385,8 @@ whiptail_management_interface_dns() {
whiptail_management_interface_dns_search() { whiptail_management_interface_dns_search() {
[ -n "$TESTING" ] && return
MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \ MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your DNS search domain" 10 60 searchdomain.local 3>&1 1>&2 2>&3) "Enter your DNS search domain" 10 60 searchdomain.local 3>&1 1>&2 2>&3)
@@ -332,6 +394,8 @@ whiptail_management_interface_dns_search() {
whiptail_management_interface_gateway() { whiptail_management_interface_gateway() {
[ -n "$TESTING" ] && return
MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \ MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your gateway" 10 60 X.X.X.X 3>&1 1>&2 2>&3) "Enter your gateway" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
@@ -339,6 +403,8 @@ whiptail_management_interface_gateway() {
whiptail_management_interface_ip() { whiptail_management_interface_ip() {
[ -n "$TESTING" ] && return
MIP=$(whiptail --title "Security Onion Setup" --inputbox \ MIP=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your IP address" 10 60 X.X.X.X 3>&1 1>&2 2>&3) "Enter your IP address" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
@@ -346,6 +412,8 @@ whiptail_management_interface_ip() {
whiptail_management_interface_mask() { whiptail_management_interface_mask() {
[ -n "$TESTING" ] && return
MMASK=$(whiptail --title "Security Onion Setup" --inputbox \ MMASK=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the bit mask for your subnet" 10 60 24 3>&1 1>&2 2>&3) "Enter the bit mask for your subnet" 10 60 24 3>&1 1>&2 2>&3)
@@ -353,6 +421,8 @@ whiptail_management_interface_mask() {
whiptail_management_nic() { whiptail_management_nic() {
[ -n "$TESTING" ] && return
MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 ${NICS[@]} 3>&1 1>&2 2>&3 ) MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 ${NICS[@]} 3>&1 1>&2 2>&3 )
local exitstatus=$? local exitstatus=$?
whiptail_check_exitstatus $exitstatus whiptail_check_exitstatus $exitstatus
@@ -368,6 +438,8 @@ whiptail_management_nic() {
whiptail_nids() { whiptail_nids() {
[ -n "$TESTING" ] && return
NIDS=$(whiptail --title "Security Onion Setup" --radiolist \ NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose which IDS to run:" 20 75 4 \ "Choose which IDS to run:" 20 75 4 \
"Suricata" "Suricata 4.X" ON \ "Suricata" "Suricata 4.X" ON \
@@ -380,6 +452,8 @@ whiptail_nids() {
whiptail_oinkcode() { whiptail_oinkcode() {
[ -n "$TESTING" ] && return
OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \ OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your oinkcode" 10 75 XXXXXXX 3>&1 1>&2 2>&3) "Enter your oinkcode" 10 75 XXXXXXX 3>&1 1>&2 2>&3)
@@ -390,6 +464,8 @@ whiptail_oinkcode() {
whiptail_make_changes() { whiptail_make_changes() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $INSTALLTYPE. Please hit YES to make changes or NO to cancel." 8 75 whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $INSTALLTYPE. Please hit YES to make changes or NO to cancel." 8 75
local exitstatus=$? local exitstatus=$?
@@ -399,6 +475,8 @@ whiptail_make_changes() {
whiptail_management_server() { whiptail_management_server() {
[ -n "$TESTING" ] && return
MSRV=$(whiptail --title "Security Onion Setup" --inputbox \ MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your Master Server HOSTNAME. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3) "Enter your Master Server HOSTNAME. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
@@ -417,6 +495,8 @@ whiptail_management_server() {
# Ask if you want to do advanced setup of the Master # Ask if you want to do advanced setup of the Master
whiptail_master_adv() { whiptail_master_adv() {
[ -n "$TESTING" ] && return
MASTERADV=$(whiptail --title "Security Onion Setup" --radiolist \ MASTERADV=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose what type of master install:" 20 75 4 \ "Choose what type of master install:" 20 75 4 \
"BASIC" "Install master with recommended settings" ON \ "BASIC" "Install master with recommended settings" ON \
@@ -430,6 +510,8 @@ whiptail_master_adv() {
# Ask which additional components to install # Ask which additional components to install
whiptail_master_adv_service_brologs() { whiptail_master_adv_service_brologs() {
[ -n "$TESTING" ] && return
BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 75 12 \ BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 75 12 \
"conn" "Connection Logging" ON \ "conn" "Connection Logging" ON \
"dce_rpc" "RPC Logs" ON \ "dce_rpc" "RPC Logs" ON \
@@ -477,6 +559,8 @@ whiptail_master_adv_service_brologs() {
whiptail_network_notice() { whiptail_network_notice() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Hit YES to continue." 8 75 whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Hit YES to continue." 8 75
local exitstatus=$? local exitstatus=$?
@@ -486,6 +570,8 @@ whiptail_network_notice() {
whiptail_node_advanced() { whiptail_node_advanced() {
[ -n "$TESTING" ] && return
NODESETUP=$(whiptail --title "Security Onion Setup" --radiolist \ NODESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
"What type of config would you like to use?:" 20 75 4 \ "What type of config would you like to use?:" 20 75 4 \
"NODEBASIC" "Install Search Node with recommended settings" ON \ "NODEBASIC" "Install Search Node with recommended settings" ON \
@@ -498,6 +584,8 @@ whiptail_node_advanced() {
whiptail_node_es_heap() { whiptail_node_es_heap() {
[ -n "$TESTING" ] && return
es_heapsize es_heapsize
NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \ NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter ES Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $ES_HEAP_SIZE 3>&1 1>&2 2>&3) "\nEnter ES Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $ES_HEAP_SIZE 3>&1 1>&2 2>&3)
@@ -509,6 +597,8 @@ whiptail_node_es_heap() {
whiptail_node_ls_heap() { whiptail_node_ls_heap() {
[ -n "$TESTING" ] && return
ls_heapsize ls_heapsize
NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \ NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $LS_HEAP_SIZE 3>&1 1>&2 2>&3) "\nEnter LogStash Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $LS_HEAP_SIZE 3>&1 1>&2 2>&3)
@@ -520,6 +610,8 @@ whiptail_node_ls_heap() {
whiptail_node_ls_pipeline_worker() { whiptail_node_ls_pipeline_worker() {
[ -n "$TESTING" ] && return
LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \ LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 $CPUCORES 3>&1 1>&2 2>&3) "\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 $CPUCORES 3>&1 1>&2 2>&3)
@@ -530,6 +622,8 @@ whiptail_node_ls_pipeline_worker() {
whiptail_node_ls_pipline_batchsize() { whiptail_node_ls_pipline_batchsize() {
[ -n "$TESTING" ] && return
LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \ LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3) "\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
@@ -540,6 +634,8 @@ whiptail_node_ls_pipline_batchsize() {
whiptail_node_ls_input_threads() { whiptail_node_ls_input_threads() {
[ -n "$TESTING" ] && return
LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \ LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3) "\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)
@@ -550,6 +646,8 @@ whiptail_node_ls_input_threads() {
whiptail_node_ls_input_batch_count() { whiptail_node_ls_input_batch_count() {
[ -n "$TESTING" ] && return
LSINPUTBATCHCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \ LSINPUTBATCHCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Input Batch Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3) "\nEnter LogStash Input Batch Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
@@ -560,12 +658,16 @@ whiptail_node_ls_input_batch_count() {
whiptail_passwords_dont_match() { whiptail_passwords_dont_match() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Passwords don't match. Please re-enter." 8 75 whiptail --title "Security Onion Setup" --msgbox "Passwords don't match. Please re-enter." 8 75
} }
whiptail_patch_name_new_schedule() { whiptail_patch_name_new_schedule() {
[ -n "$TESTING" ] && return
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \ PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
"What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3) "What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3)
@@ -585,6 +687,8 @@ whiptail_patch_name_new_schedule() {
whiptail_patch_schedule() { whiptail_patch_schedule() {
[ -n "$TESTING" ] && return
# What kind of patch schedule are we doing? # What kind of patch schedule are we doing?
PATCHSCHEDULE=$(whiptail --title "Security Onion Setup" --radiolist \ PATCHSCHEDULE=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose OS patch schedule. This will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 15 75 5 \ "Choose OS patch schedule. This will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 15 75 5 \
@@ -600,6 +704,8 @@ whiptail_patch_schedule() {
whiptail_patch_schedule_import() { whiptail_patch_schedule_import() {
[ -n "$TESTING" ] && return
unset PATCHSCHEDULENAME unset PATCHSCHEDULENAME
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \ PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3) "Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/<schedulename>.yml" 10 75 3>&1 1>&2 2>&3)
@@ -619,6 +725,8 @@ whiptail_patch_schedule_import() {
} }
whiptail_patch_schedule_select_days() { whiptail_patch_schedule_select_days() {
[ -n "$TESTING" ] && return
# Select the days to patch # Select the days to patch
PATCHSCHEDULEDAYS=($(whiptail --title "Security Onion Setup" --checklist \ PATCHSCHEDULEDAYS=($(whiptail --title "Security Onion Setup" --checklist \
"Which days do you want to apply OS patches?" 15 75 8 \ "Which days do you want to apply OS patches?" 15 75 8 \
@@ -635,6 +743,8 @@ whiptail_patch_schedule_select_days() {
} }
whiptail_patch_schedule_select_hours() { whiptail_patch_schedule_select_hours() {
[ -n "$TESTING" ] && return
# Select the hours to patch # Select the hours to patch
PATCHSCHEDULEHOURS=($(whiptail --title "Security Onion Setup" --checklist \ PATCHSCHEDULEHOURS=($(whiptail --title "Security Onion Setup" --checklist \
"At which time, UTC, do you want to apply OS patches on the selected days? Hours 12 through 23 can be selected on the next screen." 22 75 13 \ "At which time, UTC, do you want to apply OS patches on the selected days? Hours 12 through 23 can be selected on the next screen." 22 75 13 \
@@ -676,6 +786,8 @@ whiptail_patch_schedule_select_hours() {
whiptail_rule_setup() { whiptail_rule_setup() {
[ -n "$TESTING" ] && return
# Get pulled pork info # Get pulled pork info
RULESETUP=$(whiptail --title "Security Onion Setup" --radiolist \ RULESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
"Which IDS ruleset would you like to use?\n\nThis master server is responsible for downloading the IDS ruleset from the Internet.\n\nSensors then pull a copy of this ruleset from the master server.\n\nIf you select a commercial ruleset, it is your responsibility to purchase enough licenses for all of your sensors in compliance with your vendor's policies." 20 75 4 \ "Which IDS ruleset would you like to use?\n\nThis master server is responsible for downloading the IDS ruleset from the Internet.\n\nSensors then pull a copy of this ruleset from the master server.\n\nIf you select a commercial ruleset, it is your responsibility to purchase enough licenses for all of your sensors in compliance with your vendor's policies." 20 75 4 \
@@ -692,6 +804,8 @@ whiptail_rule_setup() {
whiptail_sensor_config() { whiptail_sensor_config() {
[ -n "$TESTING" ] && return
NSMSETUP=$(whiptail --title "Security Onion Setup" --radiolist \ NSMSETUP=$(whiptail --title "Security Onion Setup" --radiolist \
"What type of configuration would you like to use?:" 20 75 4 \ "What type of configuration would you like to use?:" 20 75 4 \
"BASIC" "Install NSM components with recommended settings" ON \ "BASIC" "Install NSM components with recommended settings" ON \
@@ -704,6 +818,8 @@ whiptail_sensor_config() {
whiptail_set_hostname() { whiptail_set_hostname() {
[ -n "$TESTING" ] && return
HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \ HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the Hostname you would like to set." 10 75 $HOSTNAME 3>&1 1>&2 2>&3) "Enter the Hostname you would like to set." 10 75 $HOSTNAME 3>&1 1>&2 2>&3)
@@ -721,6 +837,8 @@ whiptail_set_hostname() {
} }
whiptail_set_redirect() { whiptail_set_redirect() {
[ -n "$TESTING" ] && return
REDIRECTINFO=$(whiptail --title "Security Onion Setup" --radiolist \ REDIRECTINFO=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose the access method for the web interface:" 20 75 4 \ "Choose the access method for the web interface:" 20 75 4 \
"IP" "Use IP to access the web interface" ON \ "IP" "Use IP to access the web interface" ON \
@@ -731,6 +849,8 @@ whiptail_set_redirect() {
} }
whiptail_set_redirect_host() { whiptail_set_redirect_host() {
[ -n "$TESTING" ] && return
REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \ REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the Hostname or IP you would like to use for the web interface." 10 75 $HOSTNAME 3>&1 1>&2 2>&3) "Enter the Hostname or IP you would like to use for the web interface." 10 75 $HOSTNAME 3>&1 1>&2 2>&3)
local exitstatus=$? local exitstatus=$?
@@ -738,12 +858,16 @@ whiptail_set_redirect_host() {
} }
whiptail_set_redirect_info() { whiptail_set_redirect_info() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "The following selection refers to accessing the web interface. \n whiptail --title "Security Onion Setup" --msgbox "The following selection refers to accessing the web interface. \n
For security reasons, we use strict cookie enforcement." 10 75 For security reasons, we use strict cookie enforcement." 10 75
} }
whiptail_setup_complete() { whiptail_setup_complete() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75 whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $INSTALLTYPE. Press Enter to reboot." 8 75
install_cleanup >> $SETUPLOG 2>&1 install_cleanup >> $SETUPLOG 2>&1
@@ -751,6 +875,8 @@ whiptail_setup_complete() {
whiptail_setup_failed() { whiptail_setup_failed() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75 whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $SETUPLOG for details. Press Enter to reboot." 8 75
install_cleanup >> $SETUPLOG 2>&1 install_cleanup >> $SETUPLOG 2>&1
@@ -758,6 +884,8 @@ whiptail_setup_failed() {
whiptail_shard_count() { whiptail_shard_count() {
[ -n "$TESTING" ] && return
SHARDCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \ SHARDCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter ES Shard Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3) "\nEnter ES Shard Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
@@ -768,6 +896,8 @@ whiptail_shard_count() {
whiptail_suricata_pins() { whiptail_suricata_pins() {
[ -n "$TESTING" ] && return
FILTEREDCORES=$(echo ${LISTCORES[@]} ${BROPINS[@]} | tr -d '"' | tr ' ' '\n' | sort | uniq -u | awk '{print $1 " \"" "core" "\""}') FILTEREDCORES=$(echo ${LISTCORES[@]} ${BROPINS[@]} | tr -d '"' | tr ' ' '\n' | sort | uniq -u | awk '{print $1 " \"" "core" "\""}')
SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please Select $LBPROCS cores to pin Suricata to:" 20 75 12 ${FILTEREDCORES[@]} 3>&1 1>&2 2>&3 ) SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please Select $LBPROCS cores to pin Suricata to:" 20 75 12 ${FILTEREDCORES[@]} 3>&1 1>&2 2>&3 )
@@ -778,6 +908,8 @@ whiptail_suricata_pins() {
whiptail_master_updates() { whiptail_master_updates() {
[ -n "$TESTING" ] && return
MASTERUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \ MASTERUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
"How would you like to download updates for your grid?:" 20 75 4 \ "How would you like to download updates for your grid?:" 20 75 4 \
"MASTER" "Master node is proxy for OS/Docker updates." ON \ "MASTER" "Master node is proxy for OS/Docker updates." ON \
@@ -790,6 +922,8 @@ whiptail_master_updates() {
whiptail_node_updates() { whiptail_node_updates() {
[ -n "$TESTING" ] && return
NODEUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \ NODEUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
"How would you like to download updates for this node?:" 20 75 4 \ "How would you like to download updates for this node?:" 20 75 4 \
"MASTER" "Download OS/Docker updates from the Master." ON \ "MASTER" "Download OS/Docker updates from the Master." ON \
@@ -802,6 +936,8 @@ whiptail_node_updates() {
whiptail_you_sure() { whiptail_you_sure() {
[ -n "$TESTING" ] && return
echo "whiptail_you_sure called" >> $SETUPLOG 2>&1 echo "whiptail_you_sure called" >> $SETUPLOG 2>&1
whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 75 whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 75