#!/bin/bash local_salt_dir=/opt/so/saltstack/local zeek_logs_enabled() { echo "zeeklogs:" > $local_salt_dir/pillar/zeeklogs.sls echo " enabled:" >> $local_salt_dir/pillar/zeeklogs.sls for BLOG in "${BLOGS[@]}"; do echo " - $BLOG" | tr -d '"' >> $local_salt_dir/pillar/zeeklogs.sls done } whiptail_manager_adv_service_zeeklogs() { BLOGS=$(whiptail --title "so-zeek-logs" --checklist "Please select logs to send:" 24 78 12 \ "conn" "" ON \ "dce_rpc" "" ON \ "dhcp" "" ON \ "dnp3" "" ON \ "dns" "" ON \ "dpd" "" ON \ "files" "" ON \ "ftp" "" ON \ "http" "" ON \ "intel" "" ON \ "irc" "" ON \ "kerberos" "" ON \ "modbus" "" ON \ "notice" "" ON \ "ntlm" "" ON \ "pe" "" ON \ "radius" "" ON \ "rfb" "" ON \ "rdp" "" ON \ "sip" "" ON \ "smb_files" "" ON \ "smb_mapping" "" ON \ "smtp" "" ON \ "snmp" "" ON \ "software" "" ON \ "ssh" "" ON \ "ssl" "" ON \ "syslog" "" ON \ "tunnel" "" ON \ "weird" "" ON \ "mysql" "" ON \ "socks" "" ON \ "x509" "" ON \ "bacnet" "" ON \ "bacnet_discovery" "" ON \ "bacnet_property" "" ON \ "bsap_ip_header" "" ON \ "bsap_ip_rdb" "" ON \ "bsap_ip_unknown" "" ON \ "bsap_serial_header" "" ON \ "bsap_serial_rdb" "" ON \ "bsap_serial_rdb_ext" "" ON \ "bsap_serial_unknown" "" ON \ "cip" "" ON \ "cip_identity" "" ON \ "cip_io" "" ON \ "cotp" "" ON \ "dnp3_objects" "" ON \ "ecat_aoe_info" "" ON \ "ecat_arp_info" "" ON \ "ecat_coe_info" "" ON \ "ecat_dev_info" "" ON \ "ecat_foe_info" "" ON \ "ecat_log_address" "" ON \ "ecat_registers" "" ON \ "ecat_soe_info" "" ON \ "enip" "" ON \ "modbus_detailed" "" ON \ "modbus_mask_write_register" "" ON \ "modbus_read_write_multiple_registers" "" ON \ "opcua_binary" "" ON \ "opcua_binary_activate_session" "" ON \ "opcua_binary_activate_session_client_software_cert" "" ON \ "opcua_binary_activate_session_diagnostic_info" "" ON \ "opcua_binary_activate_session_locale_id" "" ON \ "opcua_binary_browse" "" ON \ "opcua_binary_browse_description" "" ON \ "opcua_binary_browse_diagnostic_info" "" ON \ "opcua_binary_browse_request_continuation_point" "" ON \ "opcua_binary_browse_response_references" "" ON \ "opcua_binary_browse_result" "" ON \ "opcua_binary_create_session" "" ON \ "opcua_binary_create_session_discovery" "" ON \ "opcua_binary_create_session_endpoints" "" ON \ "opcua_binary_create_session_user_token" "" ON \ "opcua_binary_create_subscription" "" ON \ "opcua_binary_diag_info_detail" "" ON \ "opcua_binary_get_endpoints" "" ON \ "opcua_binary_get_endpoints_description" "" ON \ "opcua_binary_get_endpoints_discovery" "" ON \ "opcua_binary_get_endpoints_locale_id" "" ON \ "opcua_binary_get_endpoints_profile_uri" "" ON \ "opcua_binary_get_endpoints_user_token" "" ON \ "opcua_binary_opensecure_channel" "" ON \ "opcua_binary_read" "" ON \ "opcua_binary_read_array_dims" "" ON \ "opcua_binary_read_array_dims_link" "" ON \ "opcua_binary_read_diagnostic_info" "" ON \ "opcua_binary_read_extension_object" "" ON \ "opcua_binary_read_extension_object_link" "" ON \ "opcua_binary_read_nodes_to_read" "" ON \ "opcua_binary_read_results" "" ON \ "opcua_binary_read_results_link" "" ON \ "opcua_binary_read_status_code" "" ON \ "opcua_binary_read_variant_data" "" ON \ "opcua_binary_read_variant_data_link" "" ON \ "opcua_binary_status_code_detail" "" ON \ "profinet" "" ON \ "profinet_dce_rpc" "" ON \ "profinet_debug" "" ON \ "s7comm" "" ON \ "s7comm_plus" "" ON \ "s7comm_read_szl" "" ON \ "s7comm_upload_download" "" ON \ "stun" "" ON \ "stun_nat" "" ON \ "tds" "" ON \ "tds_rpc" "" ON \ "tds_sql_batch" "" ON \ "wireguard" "" ON 3>&1 1>&2 2>&3 ) local exitstatus=$? IFS=' ' read -ra BLOGS <<< "$BLOGS" return $exitstatus } whiptail_manager_adv_service_zeeklogs return_code=$? case $return_code in 1) whiptail --title "so-zeek-logs" --msgbox "Cancelling. No changes have been made." 8 75 ;; 255) whiptail --title "so-zeek-logs" --msgbox "Whiptail error occured, exiting." 8 75 ;; *) zeek_logs_enabled ;; esac