diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 551cff0ac..53c8664d2 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -210,7 +210,7 @@ gpg_rpm_import() { rpm --import $RPMKEYSLOC/$RPMKEY echo "Imported $RPMKEY" done - else + elif [[ $is_rpm ]]; then info "Importing the security onion GPG key" rpm --import ../salt/repo/client/files/oracle/keys/securityonion.pub fi diff --git a/salt/desktop/packages.sls b/salt/desktop/packages.sls index c0cbe9349..401be0cd6 100644 --- a/salt/desktop/packages.sls +++ b/salt/desktop/packages.sls @@ -46,10 +46,9 @@ desktop_packages: - cairo-gobject - cairomm - checkpolicy - - cheese - - cheese-libs - chkconfig - chrome-gnome-shell + - chromium - clutter - clutter-gst3 - clutter-gtk @@ -72,9 +71,11 @@ desktop_packages: - dejavu-sans-mono-fonts - dejavu-serif-fonts - desktop-file-utils + - dsniff + - ethtool - evolution-data-server - evolution-data-server-langpacks - - firefox + - file - flac-libs - flashrom - flatpak @@ -282,6 +283,8 @@ desktop_packages: - lohit-odia-fonts - lohit-tamil-fonts - lohit-telugu-fonts + - lshw + - lsof - mesa-dri-drivers - mesa-filesystem - mesa-libEGL @@ -292,17 +295,20 @@ desktop_packages: - mesa-vulkan-drivers - microcode_ctl - mobile-broadband-provider-info - - mozilla-filesystem - mpfr - mpg123-libs - mtdev - mtr - nautilus - nautilus-extensions + - net-tools + - nvme-cli + - open-vm-tools-desktop - oracle-backgrounds - oracle-indexhtml - oracle-logos - pcaudiolib + - pciutils - pinentry - pinentry-gnome3 - pinfo @@ -351,6 +357,7 @@ desktop_packages: - system-config-printer-udev - taglib - tcpdump + - tcpflow - thai-scalable-fonts-common - thai-scalable-waree-fonts - totem @@ -393,9 +400,11 @@ desktop_packages: - webkit2gtk3 - webkit2gtk3-jsc - webrtc-audio-processing + - whois - wireless-regdb - wireplumber - wireplumber-libs + - wireshark - woff2 - words - wpa_supplicant @@ -422,310 +431,8 @@ desktop_packages: - xorg-x11-xauth - xorg-x11-xinit - xorg-x11-xinit-session -# -# - aajohan-comfortaa-fonts -# - abattis-cantarell-fonts -# - acl -# - alsa-ucm -# - alsa-utils -# - anaconda -# - anaconda-install-env-deps -# - at -# - attr -# - audit -# - authselect -# - basesystem -# - bash -# - bash-completion -# - bc -# - blktrace -# - bluez -# - bolt -# - bpftool -# - bzip2 -# - chkconfig -# - chromium -# - chrony -# - cockpit -# - coreutils -# - cpio -# - cronie -# - crontabs -# - crypto-policies -# - crypto-policies-scripts -# - cryptsetup -# - curl -# - cyrus-sasl-plain -# - dbus -# - dejavu-sans-fonts -# - dejavu-sans-mono-fonts -# - dejavu-serif-fonts -# - dnf -# - dnf-plugins-core -# - dos2unix -# - dosfstools -# - dracut-config-rescue -# - dracut-live -# - dsniff -# - e2fsprogs -# - ed -# - efibootmgr -# - efi-filesystem -# - efivar-libs -# - eom -# - ethtool -# - file -# - filesystem -# - firewall-config -# - firewalld -# - fprintd-pam -# - gdm -# - git -# - glibc -# - glibc-all-langpacks -# - gnome-autoar -# - gnome-bluetooth -# - gnome-bluetooth-libs -# - gnome-calculator -# - gnome-characters -# - gnome-color-manager -# - gnome-control-center -# - gnome-desktop3 -# - gnome-disk-utility -# - gnome-font-viewer -# - gnome-initial-setup -# - gnome-keyring -# - gnome-keyring-pam -# - gnome-logs -# - gnome-menus -# - gnome-online-accounts -# - gnome-remote-desktop -# - gnome-screenshot -# - gnome-session -# - gnome-session-wayland-session -# - gnome-session-xsession -# - gnome-settings-daemon -# - gnome-shell -# - gnome-software -# - gnome-system-monitor -# - gnome-terminal -# - gnome-terminal-nautilus -# - gnome-tour -# - gnupg2 -# - google-noto-emoji-color-fonts -# - google-noto-sans-cjk-ttc-fonts -# - google-noto-sans-gurmukhi-fonts -# - google-noto-sans-sinhala-vf-fonts -# - google-noto-serif-cjk-ttc-fonts -# - grub2-common -# - grub2-pc-modules -# - grub2-tools -# - grub2-tools-efi -# - grub2-tools-extra -# - grub2-tools-minimal -# - grubby -# - gstreamer1-plugins-bad-free -# - gstreamer1-plugins-good -# - gstreamer1-plugins-ugly-free -# - gvfs-gphoto2 -# - gvfs-mtp -# - gvfs-smb -# - hostname -# - hyperv-daemons -# - ibus-anthy -# - ibus-hangul -# - ibus-libpinyin -# - ibus-libzhuyin -# - ibus-m17n -# - ibus-typing-booster -# - imsettings-systemd -# - initial-setup-gui -# - initscripts -# - initscripts-rename-device -# - iproute -# - iproute-tc -# - iprutils -# - iputils -# - irqbalance -# - iwl1000-firmware -# - iwl100-firmware -# - iwl105-firmware -# - iwl135-firmware -# - iwl2000-firmware -# - iwl2030-firmware -# - iwl3160-firmware -# - iwl5000-firmware -# - iwl5150-firmware -# - iwl6000g2a-firmware -# - iwl6000g2b-firmware -# - iwl6050-firmware -# - iwl7260-firmware -# - jomolhari-fonts -# - julietaula-montserrat-fonts -# - kbd -# - kernel -# - kernel-modules -# - kernel-modules-extra -# - kernel-tools -# - kexec-tools -# - khmer-os-system-fonts -# - kmod-kvdo -# - ledmon -# - less -# - liberation-mono-fonts -# - liberation-sans-fonts -# - liberation-serif-fonts -# - libertas-sd8787-firmware -# - libstoragemgmt -# - libsysfs -# - lightdm -# - linux-firmware -# - logrotate -# - lohit-assamese-fonts -# - lohit-bengali-fonts -# - lohit-devanagari-fonts -# - lohit-gujarati-fonts -# - lohit-kannada-fonts -# - lohit-odia-fonts -# - lohit-tamil-fonts -# - lohit-telugu-fonts -# - lshw -# - lsof -# - lsscsi -# - lvm2 -# - mailcap -# - man-db -# - man-pages -# - mcelog -# - mdadm -# - memtest86+ -# - metacity -# - microcode_ctl -# - mlocate -# - mtr -# - nano -# - ncurses -# - netronome-firmware -# - net-tools -# - NetworkManager -# - NetworkManager-adsl -# - NetworkManager-bluetooth -# - NetworkManager-l2tp-gnome -# - NetworkManager-libreswan-gnome -# - NetworkManager-openconnect-gnome -# - NetworkManager-openvpn-gnome -# - NetworkManager-ppp -# - NetworkManager-pptp-gnome -# - NetworkManager-team -# - NetworkManager-tui -# - NetworkManager-wifi -# - NetworkManager-wwan -# - ngrep -# - nmap-ncat -# - nm-connection-editor -# - nvme-cli -# - openssh-clients -# - openssh-server -# - open-vm-tools-desktop -# - p11-kit -# - PackageKit-gstreamer-plugin -# - paktype-naskh-basic-fonts -# - parole -# - parted -# - passwd -# - pciutils -# - pinfo -# - pipewire -# - pipewire-alsa -# - pipewire-gstreamer -# - pipewire-jack-audio-connection-kit -# - pipewire-pulseaudio -# - pipewire-utils -# - plymouth -# - policycoreutils -# - powerline -# - ppp -# - prefixdevname -# - procps-ng -# - psacct -# - pt-sans-fonts -# - python3-libselinux -# - python3-scapy -# - qemu-guest-agent -# - quota -# - realmd -# - redshift-gtk -# - rootfiles -# - rpm -# - rpm-plugin-audit -# - rsync -# - rsyslog -# - rsyslog-gnutls -# - rsyslog-gssapi -# - rsyslog-relp -# - salt-minion -# - sane-backends-drivers-scanners -# - selinux-policy-targeted -# - setroubleshoot -# - setup -# - sg3_utils -# - sg3_utils-libs -# - shadow-utils -# - sil-abyssinica-fonts -# - sil-nuosu-fonts -# - sil-padauk-fonts -# - slick-greeter -# - slick-greeter-cinnamon -# - smartmontools -# - smc-meera-fonts -# - sos -# - spice-vdagent -# - ssldump -# - sssd -# - sssd-common -# - sssd-kcm -# - stix-fonts -# - strace -# - sudo -# - symlinks -# - syslinux -# - systemd -# - systemd-udev -# - tar -# - tcpdump -# - tcpflow -# - teamd -# - thai-scalable-waree-fonts -# - time -# - tmux -# - tmux-powerline -# - transmission -# - tree -# - tuned -# - unzip -# - usb_modeswitch -# - usbutils -# - util-linux -# - util-linux-user -# - vdo -# - vim-enhanced -# - vim-minimal -# - vim-powerline -# - virt-what -# - wget -# - which -# - whois -# - wireplumber -# - wireshark -# - words -# - xdg-user-dirs-gtk -# - xed -# - xfsdump -# - xfsprogs -# - xreader -# - yum -# - zip -# + - zip + {% else %} desktop_packages_os_fail: diff --git a/setup/so-functions b/setup/so-functions index de2e5cd40..d46c42e0e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1054,12 +1054,8 @@ installer_prereq_packages() { if ! command -v nmcli > /dev/null 2>&1; then info "Installing network-manager" retry 150 10 "apt-get -y install network-manager ethtool" >> "$setup_log" 2>&1 || fail_setup - if [[ $is_debian ]]; then - info "Enabling network manager for the main interface" - logCmd "sed -i 's/managed=false/managed=true/g' /etc/NetworkManager/NetworkManager.conf" - fi - logCmd systemctl enable NetworkManager - logCmd systemctl start NetworkManager + logCmd "systemctl enable NetworkManager" + logCmd "systemctl start NetworkManager" fi if ! command -v curl > /dev/null 2>&1; then retry 150 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || fail_setup @@ -1902,14 +1898,42 @@ securityonion_repo() { logCmd "dnf -v clean all" logCmd "mkdir -vp /root/oldrepos" logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/" - if [[ ! $waitforstate ]]; then + if [[ $is_desktop_iso ]]; then + gpg_rpm_import + if [[ ! $is_airgap ]]; then + echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /etc/yum/mirror.txt + echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /etc/yum/mirror.txt + echo "[main]" > /etc/yum.repos.d/securityonion.repo + echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo + echo "installonly_limit=3" >> /etc/yum.repos.d/securityonion.repo + echo "clean_requirements_on_remove=True" >> /etc/yum.repos.d/securityonion.repo + echo "best=True" >> /etc/yum.repos.d/securityonion.repo + echo "skip_if_unavailable=False" >> /etc/yum.repos.d/securityonion.repo + echo "cachedir=/opt/so/conf/reposync/cache" >> /etc/yum.repos.d/securityonion.repo + echo "keepcache=0" >> /etc/yum.repos.d/securityonion.repo + echo "[securityonionsync]" >> /etc/yum.repos.d/securityonion.repo + echo "name=Security Onion Repo repo" >> /etc/yum.repos.d/securityonion.repo + echo "mirrorlist=file:///etc/yum/mirror.txt" >> /etc/yum.repos.d/securityonion.repo + echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo + echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo + logCmd "dnf repolist" + else + echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo + echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo + echo "baseurl=https://$MSRV/repo" >> /etc/yum.repos.d/securityonion.repo + echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo + echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo + echo "sslverify=0" >> /etc/yum.repos.d/securityonion.repo + logCmd "dnf repolist" + fi + elif [[ ! $waitforstate ]]; then echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo echo "baseurl=https://$MSRV/repo" >> /etc/yum.repos.d/securityonion.repo echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo echo "sslverify=0" >> /etc/yum.repos.d/securityonion.repo - else + elif [[ $waitforstate ]]; then echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo echo "baseurl=file:///nsm/repo/" >> /etc/yum.repos.d/securityonion.repo @@ -1973,7 +1997,7 @@ repo_sync_local() { logCmd "dnf -y install https://dl.fedoraproject.org/pub/epel/epel-next-release-latest-9.noarch.rpm" else logCmd "dnf config-manager --set-enabled crb" - logCmd "dnf -y install epel-release epel-next" + logCmd "dnf -y install epel-release" fi dnf install -y yum-utils device-mapper-persistent-data lvm2 curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo diff --git a/setup/so-setup b/setup/so-setup index b696b6f7b..ce0aa83f7 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -86,6 +86,16 @@ if [[ $not_supported ]]; then fi fi +# we need to upgrade packages on debian prior to install and reboot if there are due to iptables-restore not running properly +# if packages are updated and the box isn't rebooted +if [[ $is_debian ]]; then + update_packages + if [[ -f "/var/run/reboot-required" ]]; then + whiptail_debian_reboot_required + reboot + fi +fi + # Check to see if this is the setup type of "desktop". is_desktop= if [ "$setup_type" = 'desktop' ]; then @@ -107,52 +117,6 @@ if [[ "$setup_type" == 'iso' ]]; then fi fi -# Check to see if this is an desktop install. If it is let's run things differently -if [[ $is_desktop ]]; then - title "This is a desktop install" - - # Make sure it's CentOS or Rocky Linux - if [[ $is_rpm ]]; then - info "Security Onion Desktop is supported on this OS." - else - info "Security Onion Desktop is not supported on this OS." - exit 1 - fi - - if ! whiptail_desktop_install; then - if [[ $is_desktop_iso ]]; then - if whiptail_desktop_nongrid_iso; then - # Remove setup from auto launching - parse_install_username - sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1 - info "Enabling graphical interface and setting it to load at boot" - systemctl set-default graphical.target - startx - exit 0 - else - # Abort! - exit 0 - fi - else - if whiptail_desktop_nongrid_network; then - info "" - info "" - info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection." - info "" - info "" - desktop_salt_local - else - # Abort! - exit 0 - fi - fi - fi - - # If you got this far then you want to join the grid - is_minion=true - -fi - if ! [ -f $install_opt_file ] && [ -d /root/manager_setup/securityonion ] && [[ $(pwd) != /root/manager_setup/securityonion/setup ]]; then exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}" fi @@ -356,6 +320,57 @@ fi # Process the install type process_installtype +# Check to see if this is an desktop install. If it is let's run things differently +if [[ $is_desktop ]]; then + title "This is a desktop install" + + # Make sure it's oracle + if [[ $is_oracle ]]; then + info "Security Onion Desktop is supported on this OS." + else + info "Security Onion Desktop is not supported on this OS." + exit 1 + fi + +# if ! whiptail_desktop_install; then + if [[ $is_desktop_iso ]]; then + if whiptail_desktop_nongrid_iso; then + # Remove setup from auto launching + parse_install_username + sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile >> "$setup_log" 2>&1 + securityonion_repo + info "Enabling graphical interface and setting it to load at boot" + systemctl set-default graphical.target + echo "Desktop Install Complete!" + echo "" + echo "Please reboot to start graphical interface." + exit 0 + else + # Abort! + exit 0 + fi + else + if whiptail_desktop_nongrid_network; then + info "" + info "" + info "Kicking off the automated setup of the Security Onion Desktop. This can take a while depending on your network connection." + info "" + info "" + desktop_salt_local + else + # Abort! + exit 0 + fi + fi +# fi + + # If you got this far then you want to join the grid + is_minion=true + +fi + + + # If this is not an automated install prompt if ! [[ -f $install_opt_file ]]; then # If you are a manager ask ALL the manager things here. I know there is code re-use but this makes it easier to add new roles @@ -459,7 +474,6 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_sensor ]]; then info "Setting up as node type sensor" - installer_prereq_packages monints=true check_requirements "sensor" calculate_useable_cores @@ -489,7 +503,6 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_searchnode ]]; then info "Setting up as node type searchnode" - installer_prereq_packages check_requirements "elasticsearch" networking_needful check_network_manager_conf @@ -503,7 +516,6 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_heavynode ]]; then info "Setting up as node type heavynode" - installer_prereq_packages monints=true check_requirements "heavynode" calculate_useable_cores @@ -520,7 +532,6 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_idh ]]; then info "Setting up as node type idh" - installer_prereq_packages check_requirements "idh" networking_needful collect_mngr_hostname @@ -553,7 +564,6 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_receiver ]]; then info "Setting up as node type receiver" - installer_prereq_packages check_requirements "receiver" networking_needful collect_mngr_hostname @@ -682,12 +692,14 @@ if ! [[ -f $install_opt_file ]]; then if [[ ! $is_airgap ]]; then title "Downloading IDS Rules" logCmd "so-rule-update" - title "Restarting Suricata to pick up the new rules" - logCmd "so-suricata-restart" title "Downloading YARA rules" logCmd "su socore -c '/usr/sbin/so-yara-download'" - title "Restarting Strelka to use new rules" - logCmd "so-strelka-restart" + if [[ $monints ]]; then + title "Restarting Suricata to pick up the new rules" + logCmd "so-suricata-restart" + title "Restarting Strelka to use new rules" + logCmd "so-strelka-restart" + fi fi title "Setting up Kibana Default Space" logCmd "so-kibana-space-defaults" diff --git a/setup/so-whiptail b/setup/so-whiptail index 3c5a2504e..4e9ccea60 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -27,6 +27,23 @@ whiptail_airgap() { fi } +whiptail_debian_reboot_required() { + + [ -n "$TESTING" ] && return + + read -r -d '' message <<- EOM + + Packages were upgraded and a reboot is required prior to Security Onion installation. + + Once the reboot has completed, rerun Security Onion setup. + + Press TAB and then the ENTER key to reboot the system. + + EOM + + whiptail --title "$whiptail_title" --msgbox "$message" 24 75 --scrolltext +} + whiptail_desktop_install() { [ -n "$TESTING" ] && return