Merge pull request #2343 from Security-Onion-Solutions/experimental

Experimental
2025-12-06 17:22:49 +01:00 · 2020-12-14 14:27:52 -05:00
parent aa479b9c8e 3e2a9cc884
commit f4c4a16f54
5 changed files with 275 additions and 134 deletions
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -155,6 +155,13 @@ copy_new_files() {
  cd /tmp
 }

+generate_and_clean_tarballs() {
+  local new_version
+  new_version=$(cat $UPDATE_DIR/VERSION)
+  tar -cxf "/opt/so/repo/$new_version.tar.gz" "$UPDATE_DIR"
+  find "/opt/so/repo" -type f -not -name "$new_version.tar.gz" -exec rm -rf {} \;
+}
+
 highstate() {
  # Run a highstate.
  salt-call state.highstate -l info queue=True
@@ -417,6 +424,8 @@ else
  echo "Cloning Security Onion github repo into $UPDATE_DIR."
  clone_to_tmp
 fi
+echo "Generating new repo archive"
+generate_and_clean_tarballs
 if [ -f /usr/sbin/so-image-common ]; then
  . /usr/sbin/so-image-common
 else 
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -557,6 +557,19 @@ check_requirements() {
 	fi
 }

+compare_versions() {
+	manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion)
+
+	if [[ $manager_ver == "" ]]; then
+		rm /root/install_opt
+		echo "Could not determine version of Security Onion running on manager $MSRV. Please check your network settings and run setup again." | tee -a "$setup_log"
+		kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+	fi
+
+	[[ "$manager_ver" == "$SOVERSION" ]]
+	return
+}
+
 configure_network_sensor() {
 	echo "Setting up sensor interface" >> "$setup_log" 2>&1
 	local nic_error=0
@@ -692,7 +705,7 @@ copy_ssh_key() {
 	chown -R "$SUDO_USER":"$SUDO_USER" /root/.ssh

 	echo "Removing old entry for manager from known_hosts if it exists"
-	sed -i "/${MSRV}/d" /root/.ssh/known_hosts
+	grep -q "$MSRV" /root/.ssh/known_hosts && sed -i "/${MSRV}/d" /root/.ssh/known_hosts

 	echo "Copying the SSH key to the manager"
 	#Copy the key over to the manager
@@ -952,6 +965,28 @@ docker_seed_registry() {

 }

+download_repo_tarball() {
+	mkdir -p /root/manager_setup/securityonion
+	{
+		local manager_ver
+		manager_ver=$(ssh -i /root/.ssh/so.key soremote@"$MSRV" cat /etc/soversion)
+		scp -i /root/.ssh/so.key soremote@"$MSRV":/opt/so/repo/"$manager_ver".tar.gz /root/manager_setup
+	} >> "$setup_log" 2>&1
+	
+	# Fail if the file doesn't download
+	if ! [ -f /root/manager_setup/"$manager_ver".tar.gz ]; then
+		rm /root/install_opt
+		local message="Could not download $manager_ver.tar.gz from manager, please check your network settings and verify the file /opt/so/repo/$manager_ver.tar.gz exists on the manager." 
+		echo "$message" | tee -a "$setup_log"
+		kill -SIGUSR1 "$(ps --pid $$ -oppid=)"; exit 1
+	fi
+	
+	{
+		tar -xzf /root/manager_setup/"$manager_ver".tar.gz -C /root/manager_setup/securityonion
+		rm -rf /root/manager_setup/"$manager_ver".tar.gz
+	} >> "$setup_log" 2>&1
+}
+
 fireeye_pillar() {

 	local fireeye_pillar_path=$local_salt_dir/pillar/fireeye
@@ -1011,6 +1046,11 @@ generate_passwords(){
  KRATOSKEY=$(get_random_value)
 }

+generate_repo_tarball() {
+	mkdir /opt/so/repo
+	tar -czf /opt/so/repo/"$SOVERSION".tar.gz ../.
+}
+
 get_redirect() {
 	whiptail_set_redirect
 	if [ "$REDIRECTINFO" = "OTHER" ]; then
@@ -1049,18 +1089,22 @@ host_pillar() {
 }

 install_cleanup() {
-	echo "Installer removing the following files:"
-	ls -lR "$temp_install_dir"
+	if [ -f "$temp_install_dir" ]; then
+		echo "Installer removing the following files:"
+		ls -lR "$temp_install_dir"

-	# Clean up after ourselves
-	rm -rf "$temp_install_dir"
+		# Clean up after ourselves
+		rm -rf "$temp_install_dir"
+	fi
 	
 	# All cleanup prior to this statement must be compatible with automated testing. Cleanup
 	# that will disrupt automated tests should be placed beneath this statement.
 	[ -n "$TESTING" ] && return

 	# If Mysql is running stop it
-	/usr/sbin/so-mysql-stop
+	if docker ps --format "{{.Names}}" 2>&1 | grep -q "so-mysql"; then
+		/usr/sbin/so-mysql-stop
+	fi

 	if [[ $setup_type == 'iso' ]]; then
 		info "Removing so-setup permission entry from sudoers file"
@@ -1328,12 +1372,10 @@ network_setup() {
 		disable_misc_network_features;

 		echo "... Setting ONBOOT for management interface";
-		if ! netplan > /dev/null 2>&1; then
-			nmcli con mod "$MNIC" connection.autoconnect "yes";
-		fi
+		command -v netplan &> /dev/null || nmcli con mod "$MNIC" connection.autoconnect "yes"

-        echo "... Copying 99-so-checksum-offload-disable";
-        cp ./install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ;
+		echo "... Copying 99-so-checksum-offload-disable";
+		cp ./install_scripts/99-so-checksum-offload-disable /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable ;

 		echo "... Modifying 99-so-checksum-offload-disable";
 		sed -i "s/\$MNIC/${MNIC}/g" /etc/NetworkManager/dispatcher.d/pre-up.d/99-so-checksum-offload-disable;
@@ -1376,7 +1418,7 @@ elasticsearch_pillar() {

 parse_install_username() {
 	# parse out the install username so things copy correctly
-    INSTALLUSERNAME=$(pwd | sed -E 's/\// /g'  | awk '{ print $2 }')
+	INSTALLUSERNAME=${SUDO_USER:-${USER}}
 }

 patch_pillar() {
@@ -1668,7 +1710,7 @@ saltify() {
 				apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
 				echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.2/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
 				echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log"
-                ;;
+				;;
 		esac
 		apt-get update >> "$setup_log" 2>&1
 		set_progress_str 8 'Installing salt-minion & python modules'
@@ -1798,6 +1840,19 @@ set_network_dev_status_list() {

 set_main_ip() {
 	MAINIP=$(ip route get 1 | awk '{print $7;exit}')
+	MNIC_IP=$(ip a s "$MNIC" | grep -oE 'inet [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | cut -d' ' -f2)
+}
+
+compare_main_nic_ip() {
+	if [[ "$MAINIP" != "$MNIC_IP" ]]; then
+		read -r -d '' message <<- EOM
+			The IP being routed by Linux is not the IP address assigned to the management interface ($MNIC).
+
+			This is not a supported configuration, please remediate and rerun setup.
+		EOM
+		whiptail --title "Security Onion Setup" --msgbox "$message" 10 75
+		kill -SIGINT "$(ps --pid $$ -oppid=)"; exit 1
+	fi
 }

 # Add /usr/sbin to everyone's path
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -22,6 +22,9 @@ if [ "$uid" -ne 0 ]; then
 	exit 1
 fi

+# Save the original argument array since we modify it
+readarray -t original_args <<< "$@"
+
 cd "$(dirname "$0")" || exit 255

 # Source the generic function libraries that are also used by the product after
@@ -64,32 +67,31 @@ while [[ $# -gt 0 ]]; do
 	esac
 done

+if ! [ -f /root/install_opt ] && [ -d /root/manager_setup/securityonion ] && [[ $(pwd) != /root/manager_setup/securityonion/setup ]]; then
+	exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}"
+fi
+
 if [[ -f /root/accept_changes ]]; then
 	is_reinstall=true

 	# Move last setup log to backup
 	mv "$setup_log" "$setup_log.bak"
+	[ -f "$error_log" ] && mv "$error_log" "$error_log.bak"
 fi

-# Begin Installation pre-processing
 parse_install_username

-title "Initializing Setup"
-info "Installing as the $INSTALLUSERNAME user"
+if ! [ -f /root/install_opt ]; then
+	# Begin Installation pre-processing
+	title "Initializing Setup"
+	info "Installing as the $INSTALLUSERNAME user"

-analyze_system
+	analyze_system
+fi

 automated=no
 function progress() {
 	local title='Security Onion Install'
-	if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root ]]; then
-		if [[ -s /var/spool/mail/root ]]; then 
-			echo '[ ERROR ]  /var/spool/mail/root grew unexpectedly' >> $setup_log 2>&1
-		fi
-
-		export SO_ERROR=1
-		title="Error found, please check $setup_log"
-	fi

 	if [ $automated == no ]; then
 		whiptail --title "$title" --gauge 'Please wait while installing...' 6 60 0 # append to text
@@ -125,7 +127,7 @@ case "$setup_type" in
 		echo "Beginning Security Onion $setup_type install" >> $setup_log 2>&1
 		;;
 	*)
-		echo "Invalid install type, must be 'iso' or 'network'" | tee $setup_log
+		echo "Invalid install type, must be 'iso' or 'network'" | tee -a $setup_log
 		exit 1
 		;;
 esac
@@ -162,14 +164,18 @@ if [ "$automated" == no ]; then
 	fi
 fi

-if (whiptail_you_sure); then
-	true
-else
-	echo "User cancelled setup." | tee $setup_log
-	whiptail_cancel
-fi
+if ! [ -f /root/install_opt ]; then
+	if (whiptail_you_sure); then
+		true
+	else
+		echo "User cancelled setup." | tee -a "$setup_log"
+		whiptail_cancel
+	fi

-whiptail_install_type
+	whiptail_install_type
+else
+	source /root/install_opt
+fi

 if [ "$install_type" = 'EVAL' ]; then
 	is_node=true
@@ -182,7 +188,6 @@ elif [ "$install_type" = 'STANDALONE' ]; then
 	is_distmanager=true
 	is_node=true
 	is_sensor=true
-	is_smooshed=true
 elif [ "$install_type" = 'MANAGERSEARCH' ]; then
 	is_manager=true
 	is_distmanager=true
@@ -200,7 +205,6 @@ elif [ "$install_type" = 'HEAVYNODE' ]; then
 	is_node=true
 	is_minion=true
 	is_sensor=true
-	is_smooshed=true
 elif [ "$install_type" = 'FLEET' ]; then
 	is_minion=true
 	is_fleet_standalone=true
@@ -210,9 +214,7 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then
 elif [ "$install_type" = 'IMPORT' ]; then
 	is_import=true
 elif [ "$install_type" = 'ANALYST' ]; then
-	cd .. || exit 255
-	./so-analyst-install
-	exit 0
+	is_analyst=true
 fi

 # Say yes to the dress if its an ISO install
@@ -221,56 +223,96 @@ if [[ "$setup_type" == 'iso' ]]; then
 fi

 # Check if this is an airgap install
-
-if [[ $is_manager ]]; then
-    if [[ $is_iso ]]; then
-      whiptail_airgap
-      if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
-        is_airgap=true
-      fi
-    fi
+if [[ ( $is_manager || $is_import ) && $is_iso ]]; then
+	whiptail_airgap
+	if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
+		is_airgap=true
+	fi
 fi

-if [[ $is_manager && $is_sensor ]]; then
-	check_requirements "standalone"
-elif [[ $is_fleet_standalone ]]; then
-	check_requirements "dist" "fleet"
-elif [[ $is_sensor && ! $is_eval ]]; then
-	check_requirements "dist" "sensor"
-elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then
-	check_requirements "dist"
-elif [[ $is_import ]]; then
-	check_requirements "import"
+if ! [ -f /root/install_opt ]; then
+	if [[ $is_manager && $is_sensor ]]; then
+		check_requirements "standalone"
+	elif [[ $is_fleet_standalone ]]; then
+		check_requirements "dist" "fleet"
+	elif [[ $is_sensor && ! $is_eval ]]; then
+		check_requirements "dist" "sensor"
+	elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then
+		check_requirements "dist"
+	elif [[ $is_import ]]; then
+		check_requirements "import"
+	fi
+
+	case "$setup_type" in
+		'iso')
+			whiptail_set_hostname
+			whiptail_management_nic
+			whiptail_dhcp_or_static
+
+			if [ "$address_type" != 'DHCP' ]; then
+				whiptail_management_interface_ip
+				whiptail_management_interface_mask
+				whiptail_management_interface_gateway
+				whiptail_management_interface_dns
+				whiptail_management_interface_dns_search
+			fi
+			;;
+		'network')
+			whiptail_network_notice
+			whiptail_dhcp_warn
+			whiptail_set_hostname
+			whiptail_management_nic
+			;;
+	esac
+
+	if [[ $is_minion ]]; then
+		whiptail_management_server
+	fi
+
+	if [[ $is_minion || $is_iso ]]; then
+		whiptail_management_interface_setup
+	fi
+
+	# Init networking so rest of install works
+	disable_ipv6
+	set_hostname
+	if [[ "$setup_type" == 'iso' ]]; then
+		set_management_interface
+	fi
+
+	if [[ -n "$TURBO" ]]; then
+		use_turbo_proxy
+	fi
+
+	if [[ $is_minion ]]; then
+		add_mngr_ip_to_hosts
+	fi
+
+	if [[ $is_minion ]]; then
+		[ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1
+	fi
+
+	if [[ $is_minion ]] && ! (compare_versions); then
+		info "Installer version mismatch, downloading correct version from manager"
+		printf '%s\n' \
+			"install_type=$install_type" \
+			"MNIC=$MNIC" \
+			"HOSTNAME=$HOSTNAME" \
+			"MSRV=$MSRV"\
+			"MSRVIP=$MSRVIP" > /root/install_opt
+		download_repo_tarball
+		exec bash /root/manager_setup/securityonion/setup/so-setup "${original_args[@]}"
+	fi
+
+	if [[ $is_analyst ]]; then
+		cd .. || exit 255
+		exec bash so-analyst-install
+	fi
+
+else
+	rm -rf /root/install_opt >> "$setup_log" 2>&1
 fi

-if [[ ! $is_import ]]; then
-	whiptail_patch_schedule
-fi
-
-case "$setup_type" in
-	'iso')
-		whiptail_set_hostname
-		whiptail_management_nic
-		whiptail_dhcp_or_static
-
-		if [ "$address_type" != 'DHCP' ]; then
-			whiptail_management_interface_ip
-			whiptail_management_interface_mask
-			whiptail_management_interface_gateway
-			whiptail_management_interface_dns
-			whiptail_management_interface_dns_search
-		fi
-
-		#collect_adminuser_inputs
-		;;
-	'network')
-		whiptail_network_notice
-		whiptail_dhcp_warn
-		whiptail_set_hostname
-		whiptail_management_nic
-		;;
-esac
-
 short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')

 MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]')
@@ -337,6 +379,10 @@ if [[ $is_helix || $is_sensor || $is_import ]]; then
 	calculate_useable_cores
 fi

+if [[ ! $is_import ]]; then
+	whiptail_patch_schedule
+fi
+
 whiptail_homenet_manager
 whiptail_dockernet_check

@@ -348,7 +394,7 @@ if [[ $is_manager && ! $is_eval ]]; then
 	whiptail_manager_adv
 	if [ "$MANAGERADV" = 'ADVANCED' ]; then
 	  if [ "$install_type" = 'MANAGER' ] || [ "$install_type" = 'MANAGERSEARCH' ]; then
-	  whiptail_manager_adv_escluster
+	  	whiptail_manager_adv_escluster
 	  fi
 	fi
 	whiptail_zeek_version
@@ -361,9 +407,9 @@ if [[ $is_manager && ! $is_eval ]]; then
 		whiptail_oinkcode
 	fi

-	if [[ "$STRELKA" == 1 ]]; then
-            STRELKARULES=1
-        fi
+	if [[ "$STRELKA" = 1 ]]; then
+		STRELKARULES=1
+	fi

 	if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then
 		whiptail_manager_adv_service_zeeklogs
@@ -387,10 +433,6 @@ if [[ $is_distmanager || ( $is_sensor || $is_node || $is_fleet_standalone ) && !
 	fi
 fi

-if [[ $is_minion ]]; then
-	whiptail_management_server
-fi
-
 if [[ $is_distmanager ]]; then
 	collect_soremote_inputs
 fi
@@ -448,35 +490,15 @@ trap 'catch $LINENO' SIGUSR1

 catch() {
 	info "Fatal error occurred at $1 in so-setup, failing setup."
+	grep --color=never "ERROR" "$setup_log" > "$error_log"
 	whiptail_setup_failed
 	exit
 }

-# Init networking so rest of install works
-if [[ -n "$TURBO" ]]; then
-	use_turbo_proxy
-fi
-
-if [[ "$setup_type" == 'iso' ]]; then
-	set_hostname >> $setup_log 2>&1
-	set_management_interface
-fi
-
-disable_ipv6
-
-if [[ "$setup_type" != 'iso' ]]; then
-	set_hostname >> $setup_log 2>&1
-fi
-
-if [[ $is_minion ]]; then
-	add_mngr_ip_to_hosts
-fi
-
 # This block sets REDIRECTIT which is used by a function outside the below subshell
-{
-	set_main_ip;
-	set_redirect;
-} >> $setup_log 2>&1
+set_main_ip >> $setup_log 2>&1
+compare_main_nic_ip
+set_redirect >> $setup_log 2>&1

 # Begin install
 {
@@ -516,7 +538,6 @@ fi

 	if [[ $is_minion || $is_import ]]; then
 		set_updates >> $setup_log 2>&1
-		[ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1
 	fi

 	if [[ $is_manager && $is_airgap ]]; then
@@ -756,7 +777,7 @@ fi
 			set_progress_str 81 "$(print_salt_state_apply 'strelka')"
 			salt-call state.apply -l info strelka >> $setup_log 2>&1
 		fi
-		if [[ "$STRELKARULES" == 1 ]]; then
+		if [[ "$STRELKARULES" = 1 ]]; then
 			/usr/sbin/so-yara-update >> $setup_log 2>&1	
 		fi
 	fi
@@ -795,21 +816,32 @@ success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
 if [[ $success != 0 ]]; then SO_ERROR=1; fi

 # Check entire setup log for errors or unexpected salt states and ensure cron jobs are not reporting errors to root's mailbox
-if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then SO_ERROR=1; fi
+if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then 
+	SO_ERROR=1
+
+	grep --color=never "ERROR" "$setup_log" > "$error_log"
+fi

 if [[ -n $SO_ERROR ]]; then 
 	echo "Errors detected during setup; skipping post-setup steps to allow for analysis of failures." >> $setup_log 2>&1
+
 	SKIP_REBOOT=1
 	whiptail_setup_failed
+
 else 
 	echo "Successfully completed setup! Continuing with post-installation steps" >> $setup_log 2>&1
 	{
 		export percentage=95 # set to last percentage used in previous subshell
 		if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then 
-			set_progress_str 98 "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}"
+			set_progress_str 97 "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}"
 			IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1
 		fi

+		if [[ $is_manager ]]; then
+			set_progress_str 98 "Generating archive for setup directory"
+			generate_repo_tarball >> "$setup_log" 2>&1
+		fi
+
 		if [[ $THEHIVE == 1 ]]; then 
 			set_progress_str 99 'Waiting for TheHive to start up'
 			check_hive_init >> $setup_log 2>&1
@@ -820,6 +852,6 @@ else
 	echo "Post-installation steps have completed." >> $setup_log 2>&1
 fi

-install_cleanup >> $setup_log 2>&1
+install_cleanup >> "$setup_log" 2>&1

 if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi
--- a/setup/so-variables
+++ b/setup/so-variables
@@ -23,6 +23,9 @@ export node_es_port
 setup_log="/root/sosetup.log"
 export setup_log

+error_log="/root/errors.log"
+export error_log
+
 filesystem_root=$(df / | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }')
 export filesystem_root

@@ -61,5 +64,5 @@ mkdir -p "$default_salt_dir"
 export local_salt_dir=/opt/so/saltstack/local
 mkdir -p "$local_salt_dir"

-SCRIPTDIR=$(cd "$(dirname "$0")" && pwd)
+SCRIPTDIR=$(pwd)
 export SCRIPTDIR
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -32,7 +32,7 @@ whiptail_basic_suri() {

 	[ -n "$TESTING" ] && return
 	
-	if [[ $is_smooshed ]]; then
+	if [[ $is_node && $is_sensor && ! $is_eval ]]; then
 	  local PROCS=$(expr $lb_procs / 2)
      if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
 	else
@@ -51,7 +51,7 @@ whiptail_basic_zeek() {

 	[ -n "$TESTING" ] && return

-	if [[ $is_smooshed ]]; then
+	if [[ $is_node && $is_sensor && ! $is_eval ]]; then
 	  local PROCS=$(expr $lb_procs / 2)
      if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
 	else
@@ -276,7 +276,7 @@ whiptail_requirements_error() {

 	if [[ $(echo "$requirement_needed" | tr '[:upper:]' '[:lower:]') == 'nics' ]]; then
 		whiptail --title "Security Onion Setup" \
-			--msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press OK to exit setup and reconfigure the machine."  10 75
+			--msgbox "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select OK to exit setup and reconfigure the machine."  10 75
 		
 		# Same as whiptail_cancel, but changed the wording to exit instead of cancel.
 		whiptail --title "Security Onion Setup" --msgbox "Exiting Setup. No changes have been made." 8 75
@@ -290,7 +290,7 @@ whiptail_requirements_error() {
 		exit
 	else
 		whiptail --title "Security Onion Setup" \
-			--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel."  10 75
+			--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Select YES to continue anyway, or select NO to cancel."  10 75

 		local exitstatus=$?
 		whiptail_check_exitstatus $exitstatus
@@ -311,7 +311,7 @@ whiptail_storage_requirements() {

 		Visit https://docs.securityonion.net/en/2.1/hardware.html for more information.

-		Press YES to continue anyway, or press NO to cancel.
+		Select YES to continue anyway, or select NO to cancel.
 	EOM

 	whiptail \
@@ -372,7 +372,7 @@ whiptail_dhcp_warn() {
 	[ -n "$TESTING" ] && return

 	if [[ $setup_type == "iso" ]]; then
-		local interaction_text="Press YES to keep DHCP or NO to go back."
+		local interaction_text="Select YES to keep DHCP or NO to go back."
 		local window_type="yesno"
 	else
 		local interaction_text="Press ENTER to continue."
@@ -743,6 +743,35 @@ whiptail_management_nic() {

 }

+whiptail_management_interface_setup() {
+	[ -n "$TESTING" ] && return
+
+	local minion_msg
+	local msg
+
+	if [[ $is_minion ]]; then
+		minion_msg="copy the ssh key for soremote to the manager"
+	else
+		minion_msg="" 
+	fi
+
+	if [[ $is_iso ]]; then
+		if [[ $minion_msg != "" ]]; then
+			msg="initialize networking and $minion_msg"
+		else
+			msg="initialize networking"
+		fi
+	else
+		msg=$minion_msg
+	fi
+
+	whiptail --title "Security Onion Setup" --yesno "Setup will now $msg. Select YES to continue or NO to cancel." 8 75
+	local exitstatus=$?
+	whiptail_check_exitstatus $exitstatus
+}
+
+
+
 whiptail_management_server() {

 	[ -n "$TESTING" ] && return
@@ -922,7 +951,7 @@ whiptail_network_notice() {

 	[ -n "$TESTING" ] && return

-	whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Press YES to continue." 8 75
+	whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Select YES to continue." 8 75

 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -1339,7 +1368,20 @@ whiptail_setup_failed() {

 	[ -n "$TESTING" ] && return

-	whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $setup_log for details. Press Ok to exit." 8 75
+	local check_err_msg
+	local height
+
+	[ -f "$error_log" ] && check_err_msg="A summary of errors can be found in $error_log.\n"
+
+	if [[ -n $check_err_msg ]]; then height=11; else height=10; fi
+
+	read -r -d '' message <<- EOM
+			Install had a problem. Please see $setup_log for details.\n
+			$check_err_msg
+			Press Ok to exit.
+		EOM
+
+	whiptail --title "Security Onion Setup" --msgbox "$message" $height 75
 }

 whiptail_shard_count() {
@@ -1420,11 +1462,11 @@ whiptail_suricata_pins() {
 	readarray -t filtered_core_list <<< "$(echo "${cpu_core_list[@]}" "${ZEEKPINS[@]}" | xargs -n1 | sort | uniq -u | awk '{print $1}')"

 	local filtered_core_str=()
-    for item in "${filtered_core_list[@]}"; do
-        filtered_core_str+=("$item" "")
-    done
+	for item in "${filtered_core_list[@]}"; do
+		filtered_core_str+=("$item" "")
+	done

-	if [[ $is_smooshed ]]; then
+	if [[ $is_node && $is_sensor && ! $is_eval ]]; then
 	  local PROCS=$(expr $lb_procs / 2)
      if [ "$PROCS" -lt 1 ]; then PROCS=1; else PROCS=$PROCS; fi
 	else