#!/bin/bash
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
source ./so-variables
source ./so-common-functions
whiptail_basic_bro() {
[ -n "$TESTING" ] && return
BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the number of bro processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_basic_suri() {
[ -n "$TESTING" ] && return
BASICSURI=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the number of Suricata processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_bro_pins() {
[ -n "$TESTING" ] && return
local cpu_core_list_whiptail=()
for item in "${cpu_core_list[@]}"; do
cpu_core_list_whiptail+=("$item" "OFF")
done
BROPINS=$(whiptail --noitem --title "Pin Bro CPUS" --checklist "Please select $lb_procs cores to pin Bro to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
BROPINS=$(echo "$BROPINS" | tr -d '"')
IFS=' ' read -ra BROPINS <<< "$BROPINS"
}
whiptail_bro_version() {
[ -n "$TESTING" ] && return
BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)" ON \
"SURICATA" "SUPER EXPERIMENTAL" OFF 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_bond_nics() {
[ -n "$TESTING" ] && return
filter_unused_nics
BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [ -z "$BNICS" ]
do
BNICS=$(whiptail --title "NIC Setup" --checklist "Please add NICs to the Monitor Interface" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
BNICS=$(echo "$BNICS" | tr -d '"')
IFS=' ' read -ra BNICS <<< "$BNICS"
}
whiptail_bond_nics_mtu() {
[ -n "$TESTING" ] && return
# Set the MTU on the monitor interface
MTU=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the MTU for the monitor NICs" 10 75 1500 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_cancel() {
whiptail --title "Security Onion Setup" --msgbox "Cancelling Setup. No changes have been made." 8 75
if [ -d "/root/installtmp" ]; then
{
echo "/root/installtmp exists";
install_cleanup;
echo "/root/installtmp removed";
} >> $setup_log 2>&1
fi
exit
}
whiptail_check_exitstatus() {
case $1 in
1)
whiptail_cancel
;;
255)
whiptail --title "Security Onion Setup" --msgbox "Whiptail error occured, exiting. Check log for details." 8 75
exit
;;
esac
}
whiptail_create_admin_user() {
[ -n "$TESTING" ] && return
ADMINUSER=$(whiptail --title "Security Onion Install" --inputbox \
"Please enter a username for a new system admin user. The local onion account will be disabled during this install" 10 60 3>&1 1>&2 2>&3)
}
whiptail_create_admin_user_password1() {
[ -n "$TESTING" ] && return
ADMINPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
"Enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_create_admin_user_password2() {
[ -n "$TESTING" ] && return
ADMINPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
"Re-enter a password for $ADMINUSER" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_create_soremote_user() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Set a password for the soremote user. This account is used for adding sensors remotely." 8 75
}
whiptail_create_soremote_user_password1() {
[ -n "$TESTING" ] && return
SOREMOTEPASS1=$(whiptail --title "Security Onion Install" --passwordbox \
"Enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_create_soremote_user_password2() {
[ -n "$TESTING" ] && return
SOREMOTEPASS2=$(whiptail --title "Security Onion Install" --passwordbox \
"Re-enter a password for user soremote" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_create_web_user() {
[ -n "$TESTING" ] && return
WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \
"Please enter an email address to create an administrator account for the web interface." 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_invalid_user_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please enter a valid email address." 8 75
}
whiptail_create_web_user_password1() {
[ -n "$TESTING" ] && return
WEBPASSWD1=$(whiptail --title "Security Onion Install" --passwordbox \
"Enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_create_web_user_password2() {
[ -n "$TESTING" ] && return
WEBPASSWD2=$(whiptail --title "Security Onion Install" --passwordbox \
"Re-enter a password for $WEBUSER" 10 60 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_requirements_error() {
local requirement_needed=$1
local current_val=$2
local needed_val=$3
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" \
--yesno "This machine currently has $current_val $requirement_needed, but needs $needed_val to meet minimum requirements. Press YES to continue anyway, or press NO to cancel." 8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_invalid_pass_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please choose a more secure password." 8 75
}
whiptail_cur_close_days() {
[ -n "$TESTING" ] && return
CURCLOSEDAYS=$(whiptail --title "Security Onion Setup" --inputbox \
"Please specify the threshold (in days) at which Elasticsearch indices will be closed" 10 75 $CURCLOSEDAYS 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_dhcp_or_static() {
[ -n "$TESTING" ] && return
address_type=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose how to set up your management interface:" 20 78 4 \
"STATIC" "Set a static IPv4 address" ON \
"DHCP" "Use DHCP to configure the Management Interface" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
export address_type
}
whiptail_enable_components() {
[ -n "$TESTING" ] && return
COMPONENTS=$(whiptail --title "Security Onion Setup" --checklist \
"Select Components to install" 20 75 8 \
GRAFANA "Enable Grafana for system monitoring" ON \
OSQUERY "Enable Fleet with osquery" ON \
WAZUH "Enable Wazuh" ON \
THEHIVE "Enable TheHive" ON \
PLAYBOOK "Enable Playbook" ON \
NAVIGATOR "Enable ATT&CK Navigator" ON \
STRELKA "Enable Strelka" ON 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
COMPONENTS=$(echo "$COMPONENTS" | tr -d '"')
IFS=' ' read -ra COMPONENTS <<< "$COMPONENTS"
# Set any variables to 1 if they exist in COMPONENTS
for component in "${COMPONENTS[@]}"; do
export "$component=1"
done
}
whiptail_eval_adv() {
[ -n "$TESTING" ] && return
EVALADVANCED=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose your eval install:" 20 75 4 \
"BASIC" "Install basic components for evaluation" ON \
"ADVANCED" "Choose additional components to be installed" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_components_adv_warning() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Please keep in mind the more services that you enable the more RAM that is required." 8 75
}
whiptail_helix_apikey() {
[ -n "$TESTING" ] && return
HELIXAPIKEY=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your Helix API Key: \n \nThis can be set later using so-helix-apikey" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus
}
whiptail_homenet_master() {
[ -n "$TESTING" ] && return
HNMASTER=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
export HNMASTER
}
whiptail_homenet_sensor() {
[ -n "$TESTING" ] && return
# Ask to inherit from master
whiptail --title "Security Onion Setup" --yesno "Do you want to inherit the HOME_NET from the Master?" 8 75
local exitstatus=$?
if [ $exitstatus == 0 ]; then
export HNSENSOR=inherit
else
HNSENSOR=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your HOME_NET separated by ," 10 75 10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
export HNSENSOR
fi
}
whiptail_install_type() {
[ -n "$TESTING" ] && return
# What kind of install are we doing?
install_type=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose Install Type:" 20 75 13 \
"SENSOR" "Create a forward only sensor" ON \
"SEARCHNODE" "Add a Search Node with parsing" OFF \
"MASTER" "Start a new grid" OFF \
"EVAL" "Evaluate all the things" OFF \
"PROD" "Standalone full install of everything" OFF \
"MASTERSEARCH" "Master + Search Node" OFF \
"HEAVYNODE" "Sensor + Search Node" OFF \
"HELIXSENSOR" "Connect this sensor to FireEye Helix" OFF \
"FLEET" "Dedicated Fleet Osquery Node" OFF \
"HOTNODE" "TODO Add Hot Node (Uses Elastic Clustering)" OFF \
"WARMNODE" "TODO Add Warm Node to existing Hot or Search node" OFF \
"WAZUH" "TODO Stand Alone Wazuh Server" OFF \
"STRELKA" "TODO Stand Alone Strelka Node" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
export install_type
}
whiptail_log_size_limit() {
[ -n "$TESTING" ] && return
set_defaul_log_size
log_size_limit=$(whiptail --title "Security Onion Setup" --inputbox \
"Please specify the amount of disk space (in GB) you would like to allocate for Elasticsearch data storage. \
By default, this is set to 80% of the disk space allotted for /nsm." 10 75 "$log_size_limit" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_management_interface_dns() {
[ -n "$TESTING" ] && return
MDNS=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your DNS server using space between multiple" 10 60 8.8.8.8 8.8.4.4 3>&1 1>&2 2>&3)
}
whiptail_management_interface_dns_search() {
[ -n "$TESTING" ] && return
MSEARCH=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your DNS search domain" 10 60 searchdomain.local 3>&1 1>&2 2>&3)
}
whiptail_management_interface_gateway() {
[ -n "$TESTING" ] && return
MGATEWAY=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your gateway" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
}
whiptail_management_interface_ip() {
[ -n "$TESTING" ] && return
MIP=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your IP address" 10 60 X.X.X.X 3>&1 1>&2 2>&3)
}
whiptail_management_interface_mask() {
[ -n "$TESTING" ] && return
MMASK=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the bit mask for your subnet" 10 60 24 3>&1 1>&2 2>&3)
}
whiptail_management_nic() {
[ -n "$TESTING" ] && return
filter_unused_nics
MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [ -z "$MNIC" ]
do
MNIC=$(whiptail --title "NIC Setup" --radiolist "Please select your management NIC" 20 75 12 "${nic_list[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
}
whiptail_nids() {
[ -n "$TESTING" ] && return
NIDS=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose which IDS to run:" 20 75 4 \
"Suricata" "Suricata 4.X" ON \
"Snort" "Snort 3.0 Beta" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_oinkcode() {
[ -n "$TESTING" ] && return
OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your oinkcode" 10 75 XXXXXXX 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_make_changes() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno "We are going to set this machine up as a $install_type. Please press YES to make changes or NO to cancel." 8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_management_server() {
[ -n "$TESTING" ] && return
MSRV=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter your Master Server hostname. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
if ! getent hosts "$MSRV"; then
add_master_hostfile
fi
}
# Ask if you want to do advanced setup of the Master
whiptail_master_adv() {
[ -n "$TESTING" ] && return
MASTERADV=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose what type of master install:" 20 75 4 \
"BASIC" "Install master with recommended settings" ON \
"ADVANCED" "Do additional configuration to the master" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
# Ask which additional components to install
whiptail_master_adv_service_brologs() {
[ -n "$TESTING" ] && return
BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please select Logs to Send:" 24 75 12 \
"conn" "Connection Logging" ON \
"dce_rpc" "RPC Logs" ON \
"dhcp" "DHCP Logs" ON \
"dhcpv6" "DHCP IPv6 Logs" ON \
"dnp3" "DNP3 Logs" ON \
"dns" "DNS Logs" ON \
"dpd" "DPD Logs" ON \
"files" "Files Logs" ON \
"ftp" "FTP Logs" ON \
"http" "HTTP Logs" ON \
"intel" "Intel Hits Logs" ON \
"irc" "IRC Chat Logs" ON \
"kerberos" "Kerberos Logs" ON \
"modbus" "MODBUS Logs" ON \
"mqtt" "MQTT Logs" ON \
"notice" "Zeek Notice Logs" ON \
"ntlm" "NTLM Logs" ON \
"openvpn" "OPENVPN Logs" ON \
"pe" "PE Logs" ON \
"radius" "Radius Logs" ON \
"rfb" "RFB Logs" ON \
"rdp" "RDP Logs" ON \
"signatures" "Signatures Logs" ON \
"sip" "SIP Logs" ON \
"smb_files" "SMB Files Logs" ON \
"smb_mapping" "SMB Mapping Logs" ON \
"smtp" "SMTP Logs" ON \
"snmp" "SNMP Logs" ON \
"software" "Software Logs" ON \
"ssh" "SSH Logs" ON \
"ssl" "SSL Logs" ON \
"syslog" "Syslog Logs" ON \
"telnet" "Telnet Logs" ON \
"tunnel" "Tunnel Logs" ON \
"weird" "Zeek Weird Logs" ON \
"mysql" "MySQL Logs" ON \
"socks" "SOCKS Logs" ON \
"x509" "x.509 Logs" ON 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
BLOGS=$(echo "$BLOGS" | tr -d '"')
IFS=' ' read -ra BLOGS <<< "$BLOGS"
}
whiptail_network_notice() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno "Since this is a network install we assume the management interface, DNS, Hostname, etc are already set up. Press YES to continue." 8 75
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_node_advanced() {
[ -n "$TESTING" ] && return
NODESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
"What type of config would you like to use?:" 20 75 4 \
"NODEBASIC" "Install Search Node with recommended settings" ON \
"NODEADVANCED" "Advanced Node Setup" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_node_es_heap() {
[ -n "$TESTING" ] && return
NODE_ES_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter ES Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $ES_HEAP_SIZE 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_heap() {
[ -n "$TESTING" ] && return
NODE_LS_HEAP_SIZE=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Heap Size: \n \n(Recommended value is pre-populated)" 10 75 $LS_HEAP_SIZE 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_pipeline_worker() {
[ -n "$TESTING" ] && return
LSPIPELINEWORKERS=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Pipeline Workers: \n \n(Recommended value is pre-populated)" 10 75 "$num_cpu_cores" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_pipline_batchsize() {
[ -n "$TESTING" ] && return
LSPIPELINEBATCH=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Pipeline Batch Size: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_input_threads() {
[ -n "$TESTING" ] && return
LSINPUTTHREADS=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Input Threads: \n \n(Default value is pre-populated)" 10 75 1 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_node_ls_input_batch_count() {
[ -n "$TESTING" ] && return
LSINPUTBATCHCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter LogStash Input Batch Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
#TODO: helper function to display error message or exit if batch mode
# exit_if_batch <"Error string">
whiptail_passwords_dont_match() {
whiptail --title "Security Onion Setup" --msgbox "Passwords don't match. Please re-enter." 8 75
}
whiptail_patch_name_new_schedule() {
[ -n "$TESTING" ] && return
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
"What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [[ -z "$PATCHSCHEDULENAME" ]]; do
whiptail --title "Security Onion Setup" --msgbox "Please enter a name for this OS patch schedule." 8 75
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
"What name do you want to give this OS patch schedule? This schedule needs to be named uniquely. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
}
whiptail_patch_schedule() {
[ -n "$TESTING" ] && return
local patch_schedule
patch_schedule=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose OS patch schedule. This will NOT update Security Onion related tools such as Zeek, Elasticsearch, Kibana, SaltStack, etc." 15 75 5 \
"Automatic" "Updates installed every 8 hours if available" ON \
"Manual" "Updates will be installed manually" OFF \
"Import Schedule" "Import named schedule on following screen" OFF \
"New Schedule" "Configure and name new schedule on next screen" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
case $patch_schedule in
'New Schedule')
whiptail_patch_schedule_select_days
whiptail_patch_schedule_select_hours
whiptail_patch_name_new_schedule
patch_schedule_os_new
;;
'Import Schedule')
whiptail_patch_schedule_import
;;
'Automatic')
PATCHSCHEDULENAME='auto'
;;
'Manual')
PATCHSCHEDULENAME='manual'
;;
esac
}
whiptail_patch_schedule_import() {
[ -n "$TESTING" ] && return
unset PATCHSCHEDULENAME
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [[ -z "$PATCHSCHEDULENAME" ]]; do
whiptail --title "Security Onion Setup" --msgbox "Please enter a name for the OS patch schedule you want to inherit." 8 75
PATCHSCHEDULENAME=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the name of the OS patch schedule you want to inherit. Available schedules can be found on the master under /opt/so/salt/patch/os/schedules/.yml" 10 75 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
}
whiptail_patch_schedule_select_days() {
[ -n "$TESTING" ] && return
# Select the days to patch
PATCHSCHEDULEDAYS=$(whiptail --title "Security Onion Setup" --checklist \
"Which days do you want to apply OS patches?" 15 75 8 \
Monday "" OFF \
Tuesday "" ON \
Wednesday "" OFF \
Thursday "" OFF \
Friday "" OFF \
Saturday "" OFF \
Sunday "" OFF 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
PATCHSCHEDULEDAYS=$(echo "$PATCHSCHEDULEDAYS" | tr -d '"')
IFS=' ' read -ra PATCHSCHEDULEDAYS <<< "$PATCHSCHEDULEDAYS"
}
whiptail_patch_schedule_select_hours() {
[ -n "$TESTING" ] && return
# Select the hours to patch
PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \
"At which time, UTC, do you want to apply OS patches on the selected days? Hours 12 through 23 can be selected on the next screen." 22 75 13 \
00:00 "" OFF \
01:00 "" OFF \
02:00 "" OFF \
03:00 "" OFF \
04:00 "" OFF \
05:00 "" OFF \
06:00 "" OFF \
07:00 "" OFF \
08:00 "" OFF \
09:00 "" OFF \
10:00 "" OFF \
11:00 "" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
# Select the hours to patch
PATCHSCHEDULEHOURS+=$(whiptail --title "Security Onion Setup" --checklist \
"At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \
12:00 "" OFF \
13:00 "" OFF \
14:00 "" OFF \
15:00 "" ON \
16:00 "" OFF \
17:00 "" OFF \
18:00 "" OFF \
19:00 "" OFF \
20:00 "" OFF \
21:00 "" OFF \
22:00 "" OFF \
23:00 "" OFF 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"')
IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS"
}
whiptail_rule_setup() {
[ -n "$TESTING" ] && return
# Get pulled pork info
RULESETUP=$(whiptail --title "Security Onion Setup" --radiolist \
"Which IDS ruleset would you like to use?\n\nThis master server is responsible for downloading the IDS ruleset from the Internet.\n\nSensors then pull a copy of this ruleset from the master server.\n\nIf you select a commercial ruleset, it is your responsibility to purchase enough licenses for all of your sensors in compliance with your vendor's policies." 20 75 4 \
"ETOPEN" "Emerging Threats Open" ON \
"ETPRO" "Emerging Threats PRO" OFF \
"TALOSET" "Snort Subscriber (Talos) and ET NoGPL rulesets" OFF \
"TALOS" "Snort Subscriber (Talos) ruleset and set a policy" OFF \
3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_sensor_config() {
[ -n "$TESTING" ] && return
NSMSETUP=$(whiptail --title "Security Onion Setup" --radiolist \
"What type of configuration would you like to use?:" 20 75 4 \
"BASIC" "Install NSM components with recommended settings" ON \
"ADVANCED" "Configure each component individually" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_set_hostname() {
[ -n "$TESTING" ] && return
HOSTNAME=$(cat /etc/hostname)
HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the Hostname you would like to set." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
while [[ "$HOSTNAME" == *'localhost'* ]] ; do
whiptail --title "Security Onion Setup" --msgbox "Please choose a hostname that doesn't contain localhost." 8 75
HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the Hostname you would like to set." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
done
}
whiptail_set_redirect() {
[ -n "$TESTING" ] && return
REDIRECTINFO=$(whiptail --title "Security Onion Setup" --radiolist \
"Choose the access method for the web interface:" 20 75 4 \
"IP" "Use IP to access the web interface" ON \
"HOSTNAME" "Use hostname to access the web interface" OFF \
"OTHER" "Use a different name like a FQDN or Load Balancer" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_set_redirect_host() {
[ -n "$TESTING" ] && return
REDIRECTHOST=$(whiptail --title "Security Onion Setup" --inputbox \
"Enter the Hostname or IP you would like to use for the web interface." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_set_redirect_info() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "The following selection refers to accessing the web interface. \n
For security reasons, we use strict cookie enforcement." 10 75
}
whiptail_setup_complete() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Finished installing this as an $install_type. Press Enter to reboot." 8 75
install_cleanup >> $setup_log 2>&1
}
whiptail_setup_failed() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --msgbox "Install had a problem. Please see $setup_log for details. Press Enter to reboot." 8 75
install_cleanup >> $setup_log 2>&1
}
whiptail_shard_count() {
[ -n "$TESTING" ] && return
SHARDCOUNT=$(whiptail --title "Security Onion Setup" --inputbox \
"\nEnter ES Shard Count: \n \n(Default value is pre-populated)" 10 75 125 3>&1 1>&2 2>&3)
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_suricata_pins() {
[ -n "$TESTING" ] && return
local filtered_core_list
readarray -t filtered_core_list <<< "$(echo "${cpu_core_list[@]}" "${BROPINS[@]}" | xargs -n1 | sort | uniq -u | awk '{print $1}')"
local filtered_core_str=()
for item in "${filtered_core_list[@]}"; do
filtered_core_str+=("$item" "")
done
SURIPINS=$(whiptail --noitem --title "Pin Suricata CPUS" --checklist "Please select $lb_procs cores to pin Suricata to:" 20 75 12 "${filtered_core_str[@]}" 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
SURIPINS=$(echo "$SURIPINS" | tr -d '"')
IFS=' ' read -ra SURIPINS <<< "$SURIPINS"
}
whiptail_master_updates() {
[ -n "$TESTING" ] && return
local update_string
update_string=$(whiptail --title "Security Onion Setup" --radiolist \
"How would you like to download updates for your grid?:" 20 75 4 \
"MASTER" "Master node is proxy for OS/Docker updates." ON \
"OPEN" "Each node connect to the Internet for updates" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
case "$update_string" in
'MASTER')
MASTERUPDATES='1'
;;
*)
MASTERUPDATES='0'
;;
esac
}
whiptail_node_updates() {
[ -n "$TESTING" ] && return
NODEUPDATES=$(whiptail --title "Security Onion Setup" --radiolist \
"How would you like to download updates for this node?:" 20 75 4 \
"MASTER" "Download OS/Docker updates from the Master." ON \
"OPEN" "Download updates directly from the Internet" OFF 3>&1 1>&2 2>&3 )
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
}
whiptail_you_sure() {
[ -n "$TESTING" ] && return
whiptail --title "Security Onion Setup" --yesno "Are you sure you want to install Security Onion over the internet?" 8 75
local exitstatus=$?
return $exitstatus
}