CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3e322c38eb4559e8f3ccf34f321e47175c4d00ad
securityonion/setup/so-setup
Mike Reeves 69ae4577f5 Merge pull request #2174 from Security-Onion-Solutions/escluster 
Escluster
2020-12-02 13:23:08 -05:00

801 lines
21 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright 2014-2020 Security Onion Solutions, LLC
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Make sure you are root before doing anything
uid="$(id -u)"
if [ "$uid" -ne 0 ]; then
echo "This script must be run using sudo!"
exit 1
fi
cd "$(dirname "$0")" || exit 255
source ./so-functions
source ./so-common-functions
source ./so-whiptail
source ./so-variables
# Parse command line arguments
setup_type=$1
automation=$2
while [[ $# -gt 0 ]]; do
arg="$1"
shift
case "$arg" in
"--turbo="* )
export TURBO="http://${arg#*=}";;
"--proxy="* )
export {http,https,ftp,rsync,all}_proxy="${arg#*=}";;
"--allow-role="* )
export ALLOW_ROLE="${arg#*=}";;
"--allow-cidr="* )
export ALLOW_CIDR="${arg#*=}";;
"--skip-reboot" )
export SKIP_REBOOT=1;;
* )
if [[ "$arg" == "--"* ]]; then
echo "Invalid option"
fi
esac
done
if [[ -f /root/accept_changes ]]; then
is_reinstall=true
# Move last setup log to backup
mv "$setup_log" "$setup_log.bak"
fi
# Begin Installation pre-processing
parse_install_username
title "Initializing Setup"
info "Installing as the $INSTALLUSERNAME user"
analyze_system
automated=no
function progress() {
local title='Security Onion Install'
if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root ]]; then
if [[ -s /var/spool/mail/root ]]; then
echo '[ ERROR ] /var/spool/mail/root grew unexpectedly' >> $setup_log 2>&1
fi
export SO_ERROR=1
title="Error found, please check $setup_log"
fi
if [ $automated == no ]; then
whiptail --title "$title" --gauge 'Please wait while installing...' 6 60 0 # append to text
else
cat >> $setup_log 2>&1
fi
}
if [[ -f automation/$automation && $(basename $automation) == $automation ]]; then
echo "Preselecting variable values based on automated setup: $automation" >> $setup_log 2>&1
source automation/$automation
automated=yes
attempt=1
attempts=60
ip a | grep "$MNIC:" | grep "state UP" >> $setup_log 2>&1
while [ $? -ne 0 ]; do
ip a >> $setup_log 2>&1
if [ $attempt -gt $attempts ]; then
echo "Network unavailable - setup cannot continue" >> $setup_log 2>&1
exit 1
fi
echo "Waiting for network to come up (attempt $attempt of $attempts)" >> $setup_log 2>&1
attempt=$((attempt + 1))
sleep 10;
ip a | grep "$MNIC:" | grep "state UP" >> $setup_log 2>&1
done
echo "Network is up on $MNIC" >> $setup_log 2>&1
fi
case "$setup_type" in
iso | network) # Accepted values
echo "Beginning Security Onion $setup_type install" >> $setup_log 2>&1
;;
*)
echo "Invalid install type, must be 'iso' or 'network'" | tee $setup_log
exit 1
;;
esac
# Allow execution of SO tools during setup
local_sbin="$(pwd)/../salt/common/tools/sbin"
export PATH=$PATH:$local_sbin
detect_os && detect_cloud
set_network_dev_status_list
if [ "$OS" == ubuntu ]; then
update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1
fi
# Kernel messages can overwrite whiptail screen #812
# https://github.com/Security-Onion-Solutions/securityonion/issues/812
dmesg -D
# Kernel consoleblank is causing whiptail progress screen to appear to hang #1084
# https://github.com/Security-Onion-Solutions/securityonion/issues/1084
if [ "$automated" == no ]; then
TTY=$(tty)
echo "Setup is running on TTY $TTY" >> $setup_log 2>&1
if echo $TTY | grep -q "/dev/tty"; then
CONSOLEBLANK=$(cat /sys/module/kernel/parameters/consoleblank)
echo "Kernel consoleblank value before: $CONSOLEBLANK" >> $setup_log 2>&1
if [ $CONSOLEBLANK -gt 0 ]; then
echo "Running 'setterm -blank 0' for TTY $TTY" >> $setup_log 2>&1
TERM=linux setterm -blank 0 >$TTY <$TTY
CONSOLEBLANK=$(cat /sys/module/kernel/parameters/consoleblank)
echo "Kernel consoleblank value after: $CONSOLEBLANK" >> $setup_log 2>&1
fi
fi
fi
if (whiptail_you_sure); then
true
else
echo "User cancelled setup." | tee $setup_log
whiptail_cancel
fi
whiptail_install_type
if [ "$install_type" = 'EVAL' ]; then
is_node=true
is_manager=true
is_sensor=true
is_eval=true
STRELKARULES=1
elif [ "$install_type" = 'STANDALONE' ]; then
is_manager=true
is_distmanager=true
is_node=true
is_sensor=true
is_smooshed=true
elif [ "$install_type" = 'MANAGERSEARCH' ]; then
is_manager=true
is_distmanager=true
is_node=true
elif [ "$install_type" = 'MANAGER' ]; then
is_manager=true
is_distmanager=true
elif [ "$install_type" = 'SENSOR' ]; then
is_sensor=true
is_minion=true
elif [[ "$install_type" =~ ^('SEARCHNODE'|'HOTNODE'|'WARMNODE')$ ]]; then
is_node=true
is_minion=true
elif [ "$install_type" = 'HEAVYNODE' ]; then
is_node=true
is_minion=true
is_sensor=true
is_smooshed=true
elif [ "$install_type" = 'FLEET' ]; then
is_minion=true
is_fleet_standalone=true
OSQUERY=1
elif [ "$install_type" = 'HELIXSENSOR' ]; then
is_helix=true
elif [ "$install_type" = 'IMPORT' ]; then
is_import=true
elif [ "$install_type" = 'ANALYST' ]; then
cd .. || exit 255
./so-analyst-install
exit 0
fi
# Say yes to the dress if its an ISO install
if [[ "$setup_type" == 'iso' ]]; then
is_iso=true
fi
# Check if this is an airgap install
if [[ $is_manager ]]; then
if [[ $is_iso ]]; then
whiptail_airgap
if [[ "$INTERWEBS" == 'AIRGAP' ]]; then
is_airgap=true
fi
fi
fi
if [[ $is_manager && $is_sensor ]]; then
check_requirements "standalone"
elif [[ $is_fleet_standalone ]]; then
check_requirements "dist" "fleet"
elif [[ $is_sensor && ! $is_eval ]]; then
check_requirements "dist" "sensor"
elif [[ $is_distmanager || $is_minion ]] && [[ ! $is_import ]]; then
check_requirements "dist"
elif [[ $is_import ]]; then
check_requirements "import"
fi
if [[ ! $is_import ]]; then
whiptail_patch_schedule
fi
case "$setup_type" in
'iso')
whiptail_set_hostname
whiptail_management_nic
whiptail_dhcp_or_static
if [ "$address_type" != 'DHCP' ]; then
whiptail_management_interface_ip
whiptail_management_interface_mask
whiptail_management_interface_gateway
whiptail_management_interface_dns
whiptail_management_interface_dns_search
fi
#collect_adminuser_inputs
;;
'network')
whiptail_network_notice
whiptail_dhcp_warn
whiptail_set_hostname
whiptail_management_nic
;;
esac
short_name=$(echo "$HOSTNAME" | awk -F. '{print $1}')
MINION_ID=$(echo "${short_name}_${install_type}" | tr '[:upper:]' '[:lower:]')
export MINION_ID
echo "MINION_ID = $MINION_ID" >> $setup_log 2>&1
minion_type=$(get_minion_type)
# Set any variables needed
set_default_log_size >> $setup_log 2>&1
if [[ $is_helix ]]; then
RULESETUP=ETOPEN
NSMSETUP=BASIC
HNSENSOR=inherit
MANAGERUPDATES=0
fi
if [[ $is_helix || ( $is_manager && $is_node ) ]]; then
RULESETUP=ETOPEN
NSMSETUP=BASIC
fi
if [[ $is_manager && $is_node ]]; then
LSPIPELINEWORKERS=1
LSPIPELINEBATCH=125
LSINPUTTHREADS=1
LSPIPELINEBATCH=125
NIDS=Suricata
ZEEKVERSION=ZEEK
fi
if [[ $is_node ]]; then
CURCLOSEDAYS=30
fi
if [[ $is_import ]]; then
PATCHSCHEDULENAME=auto
MTU=1500
RULESETUP=ETOPEN
NSMSETUP=BASIC
HNSENSOR=inherit
MANAGERUPDATES=0
MANAGERADV=BASIC
INTERFACE=bond0
ZEEKVERSION=ZEEK
NIDS=Suricata
RULESETUP=ETOPEN
GRAFANA=0
OSQUERY=0
WAZUH=0
THEHIVE=0
PLAYBOOK=0
fi
# Start user prompts
if [[ $is_helix || $is_sensor ]]; then
whiptail_sensor_nics
fi
if [[ $is_helix || $is_sensor || $is_import ]]; then
calculate_useable_cores
fi
whiptail_homenet_manager
whiptail_dockernet_check
if [[ $is_helix || $is_manager || $is_node || $is_import ]]; then
set_base_heapsizes
fi
if [[ $is_manager && ! $is_eval ]]; then
whiptail_manager_adv
if [ "$MANAGERADV" = 'ADVANCED' ]; then
if [ "$install_type" = 'MANAGER' ] || [ "$install_type" = 'MANAGERSEARCH' ]; then
whiptail_manager_adv_escluster
fi
fi
whiptail_zeek_version
# Don't run this function for now since Snort is not yet supported
# whiptail_nids
NIDS=Suricata
whiptail_rule_setup
if [ "$RULESETUP" != 'ETOPEN' ]; then
whiptail_oinkcode
fi
if [[ "$STRELKA" == 1 ]]; then
STRELKARULES=1
fi
if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then
whiptail_manager_adv_service_zeeklogs
fi
fi
if [[ $is_manager ]]; then
whiptail_components_adv_warning
whiptail_enable_components
fi
if [[ $is_manager || $is_import ]]; then
collect_webuser_inputs
get_redirect
fi
if [[ $is_distmanager || ( $is_sensor || $is_node || $is_fleet_standalone ) && ! $is_eval ]]; then
whiptail_manager_updates
if [[ $setup_type == 'network' && $MANAGERUPDATES == 1 ]]; then
whiptail_manager_updates_warning
fi
fi
if [[ $is_minion ]]; then
whiptail_management_server
fi
if [[ $is_distmanager ]]; then
collect_soremote_inputs
fi
if [[ $is_sensor && ! $is_eval ]]; then
whiptail_homenet_sensor
whiptail_sensor_config
if [ $NSMSETUP == 'ADVANCED' ]; then
whiptail_zeek_pins
whiptail_suricata_pins
whiptail_bond_nics_mtu
else
whiptail_basic_zeek
whiptail_basic_suri
fi
fi
if [[ $is_node && ! $is_eval ]]; then
whiptail_node_advanced
if [ "$NODESETUP" == 'NODEADVANCED' ]; then
whiptail_node_es_heap
whiptail_node_ls_heap
whiptail_node_ls_pipeline_worker
whiptail_node_ls_pipline_batchsize
whiptail_node_ls_input_threads
whiptail_cur_close_days
whiptail_log_size_limit
else
NODE_ES_HEAP_SIZE=$ES_HEAP_SIZE
NODE_LS_HEAP_SIZE=$LS_HEAP_SIZE
LSPIPELINEWORKERS=$num_cpu_cores
LSPIPELINEBATCH=125
LSINPUTTHREADS=1
LSPIPELINEBATCH=125
fi
fi
if [ "$install_type" == 'FLEET' ]; then
collect_fleetuser_inputs
collect_fleet_custom_hostname_inputs
else
FLEETNODEUSER=$WEBUSER
FLEETNODEPASSWD1=$WEBPASSWD1
fi
if [[ $is_manager || $is_import ]]; then whiptail_so_allow; fi
whiptail_make_changes
# From here on changes will be made.
echo "1" > /root/accept_changes
if [[ $is_reinstall ]]; then
reinstall_init
fi
if [[ -n "$TURBO" ]]; then
use_turbo_proxy
fi
if [[ "$setup_type" == 'iso' ]]; then
# Init networking so rest of install works
set_hostname
set_management_interface
fi
disable_ipv6
disable_auto_start
if [[ "$setup_type" != 'iso' ]]; then
set_hostname
fi
if [[ $is_minion ]]; then
add_mngr_ip_to_hosts
fi
{
mark_version;
clear_manager;
} >> $setup_log 2>&1
if [[ $is_manager || $is_import ]]; then
{
generate_passwords;
secrets_pillar;
add_socore_user_manager;
} >> $setup_log 2>&1
fi
if [[ $is_manager && ! $is_eval ]]; then
add_soremote_user_manager >> $setup_log 2>&1
fi
{
set_main_ip;
set_redirect;
} >> $setup_log 2>&1
host_pillar >> $setup_log 2>&1
if [[ $is_minion || $is_import ]]; then
set_updates >> $setup_log 2>&1
[ "$automated" == no ] && copy_ssh_key >> $setup_log 2>&1
fi
# Begin install
{
# Set initial percentage to 0
export percentage=0
set_path
if [[ $is_manager && $is_airgap ]]; then
info "Creating airgap repo"
create_repo >> $setup_log 2>&1
airgap_rules >> $setup_log 2>&1
fi
if [[ $is_minion ]]; then
set_progress_str 1 'Configuring firewall'
set_initial_firewall_policy >> $setup_log 2>&1
fi
set_progress_str 2 'Updating packages'
update_packages >> $setup_log 2>&1
if [[ $is_sensor || $is_helix ]]; then
set_progress_str 3 'Configuring sensor interface'
configure_network_sensor >> $setup_log 2>&1
fi
if [[ $is_sensor || $is_helix || $is_import ]]; then
set_progress_str 4 'Generating sensor pillar'
sensor_pillar >> $setup_log 2>&1
if [[ $is_sensor || $is_helix ]]; then
steno_pillar >> $setup_log
fi
fi
set_progress_str 5 'Installing Salt and dependencies'
saltify 2>> $setup_log
set_progress_str 6 'Installing Docker and dependencies'
docker_install >> $setup_log 2>&1
set_progress_str 7 'Generating patch pillar'
patch_pillar >> $setup_log 2>&1
set_progress_str 8 'Initializing Salt minion'
configure_minion "$minion_type" >> $setup_log 2>&1
if [[ $is_manager || $is_helix || $is_import ]]; then
set_progress_str 9 'Configuring Salt master'
{
create_local_directories;
addtotab_generate_templates;
copy_salt_master_config;
setup_salt_master_dirs;
firewall_generate_templates;
} >> $setup_log 2>&1
set_progress_str 10 'Updating sudoers file for soremote user'
update_sudoers >> $setup_log 2>&1
set_progress_str 11 'Generating manager global pillar'
#minio_generate_keys
manager_global >> $setup_log 2>&1
set_progress_str 12 'Generating manager pillar'
manager_pillar >> $setup_log 2>&1
zeek_logs_enabled >> $setup_log 2>&1
fi
set_progress_str 16 'Running first Salt checkin'
salt_firstcheckin >> $setup_log 2>&1
if [[ $is_helix ]]; then
set_progress_str 17 'Generating the FireEye pillar'
fireeye_pillar >> $setup_log 2>&1
fi
if [[ $is_node ]]; then
set_progress_str 18 'Setting node type'
set_node_type >> $setup_log 2>&1
if ! [[ $is_manager || $is_helix ]]; then
set_progress_str 19 'Generating search node pillar'
elasticsearch_pillar >> $setup_log 2>&1
fi
fi
if [[ $is_minion ]]; then
set_progress_str 20 'Accepting Salt key on manager'
accept_salt_key_remote >> $setup_log 2>&1
fi
if [[ $is_manager || $is_import ]]; then
set_progress_str 20 'Accepting Salt key'
salt-key -ya "$MINION_ID" >> $setup_log 2>&1
fi
set_progress_str 21 'Copying minion pillars to manager'
copy_minion_tmp_files >> $setup_log 2>&1
if [[ $is_minion ]]; then
set_progress_str 22 'Checking if the Salt Minion needs to be updated'
salt-call state.apply salt.minion -l info >> $setup_log 2>&1
fi
set_progress_str 23 'Generating CA and checking in'
salt_checkin >> $setup_log 2>&1
if [[ $is_manager || $is_helix || $is_import ]]; then
set_progress_str 25 'Configuring firewall'
set_initial_firewall_policy >> $setup_log 2>&1
# create these so the registry state can add so-registry to /opt/so/conf/so-status/so-status.conf
mkdir -p /opt/so/conf/so-status/ >> $setup_log 2>&1
touch /opt/so/conf/so-status/so-status.conf >> $setup_log 2>&1
if [[ "$setup_type" == 'iso' ]]; then
set_progress_str 26 'Copying containers from iso'
else
set_progress_str 26 'Downloading containers from the internet'
fi
import_registry_docker >> $setup_log 2>&1
salt-call state.apply -l info registry >> $setup_log 2>&1
docker_seed_registry # ~ 60% when finished
set_progress_str 60 "$(print_salt_state_apply 'manager')"
salt-call state.apply -l info manager >> $setup_log 2>&1
set_progress_str 61 "$(print_salt_state_apply 'idstools')"
create_local_nids_rules >> $setup_log 2>&1
salt-call state.apply -l info idstools >> $setup_log 2>&1
set_progress_str 61 "$(print_salt_state_apply 'suricata.manager')"
salt-call state.apply -l info suricata.manager >> $setup_log 2>&1
fi
set_progress_str 62 "$(print_salt_state_apply 'firewall')"
salt-call state.apply -l info firewall >> $setup_log 2>&1
if [ $OS = 'centos' ]; then
set_progress_str 63 'Installing Yum utilities'
salt-call state.apply -l info yum.packages >> $setup_log 2>&1
fi
set_progress_str 63 "$(print_salt_state_apply 'common')"
salt-call state.apply -l info common >> $setup_log 2>&1
set_progress_str 64 "$(print_salt_state_apply 'nginx')"
salt-call state.apply -l info nginx >> $setup_log 2>&1
if [[ $is_manager || $is_node || $is_import ]]; then
set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')"
salt-call state.apply -l info elasticsearch >> $setup_log 2>&1
fi
if [[ $is_sensor || $is_import ]]; then
set_progress_str 65 "$(print_salt_state_apply 'pcap')"
salt-call state.apply -l info pcap >> $setup_log 2>&1
fi
if [[ $is_sensor || $is_import || $is_helix ]]; then
set_progress_str 66 "$(print_salt_state_apply 'suricata')"
salt-call state.apply -l info suricata >> $setup_log 2>&1
if [[ $ZEEKVERSION == 'ZEEK' ]]; then
set_progress_str 67 "$(print_salt_state_apply 'zeek')"
salt-call state.apply -l info zeek >> $setup_log 2>&1
fi
fi
if [[ $is_node ]]; then
set_progress_str 68 "$(print_salt_state_apply 'curator')"
salt-call state.apply -l info curator >> $setup_log 2>&1
fi
if [[ $is_manager || $is_import ]]; then
set_progress_str 69 "$(print_salt_state_apply 'soc')"
salt-call state.apply -l info soc >> $setup_log 2>&1
set_progress_str 70 "$(print_salt_state_apply 'kibana')"
salt-call state.apply -l info kibana >> $setup_log 2>&1
fi
if [[ "$PLAYBOOK" = 1 ]]; then
set_progress_str 71 "$(print_salt_state_apply 'playbook.db_init')"
salt-call state.apply -l info playbook.db_init >> $setup_log 2>&1
set_progress_str 71 "$(print_salt_state_apply 'playbook')"
salt-call state.apply -l info playbook >> $setup_log 2>&1
set_progress_str 71 "$(print_salt_state_apply 'playbook.automation_user_create')"
salt-call state.apply -l info playbook.automation_user_create >> $setup_log 2>&1
fi
if [[ $is_manager ]]; then
set_progress_str 72 "$(print_salt_state_apply 'elastalert')"
salt-call state.apply -l info elastalert >> $setup_log 2>&1
set_progress_str 73 "$(print_salt_state_apply 'soctopus')"
salt-call state.apply -l info soctopus >> $setup_log 2>&1
if [[ "$PLAYBOOK" = 1 ]]; then
set_progress_str 73 "Update playbook rules"
so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 &
fi
fi
if [[ "$OSQUERY" = 1 ]]; then
set_progress_str 75 "$(print_salt_state_apply 'fleet.event_enable-fleet')"
salt-call state.apply -l info fleet.event_enable-fleet >> $setup_log 2>&1
set_progress_str 75 "$(print_salt_state_apply 'fleet')"
salt-call state.apply -l info fleet >> $setup_log 2>&1
set_progress_str 76 "$(print_salt_state_apply 'redis')"
salt-call state.apply -l info redis >> $setup_log 2>&1
if [[ $is_fleet_standalone && $FLEETCUSTOMHOSTNAME != '' ]]; then
set_progress_str 77 "$(print_salt_state_apply 'fleet.event_update-custom-hostname')"
pillar_override="{\"global\":{\"fleet_custom_hostname\": \"$FLEETCUSTOMHOSTNAME\"}}"
salt-call state.apply -l info fleet.event_update-custom-hostname pillar="$pillar_override" >> $setup_log 2>&1
fi
set_progress_str 78 "$(print_salt_state_apply 'so-fleet-setup')"
so-fleet-setup "$FLEETNODEUSER" "$FLEETNODEPASSWD1" >> $setup_log 2>&1
fi
if [[ "$WAZUH" = 1 ]]; then
set_progress_str 79 "$(print_salt_state_apply 'wazuh')"
salt-call state.apply -l info wazuh >> $setup_log 2>&1
fi
if [[ "$THEHIVE" = 1 ]]; then
set_progress_str 80 "$(print_salt_state_apply 'thehive')"
salt-call state.apply -l info thehive >> $setup_log 2>&1
fi
if [[ "$STRELKA" = 1 ]]; then
if [[ $is_sensor ]]; then
set_progress_str 81 "$(print_salt_state_apply 'strelka')"
salt-call state.apply -l info strelka >> $setup_log 2>&1
fi
if [[ $STRELKARULES == 1 ]]; then
/usr/sbin/so-yara-update >> $setup_log 2>&1
fi
fi
if [[ $is_manager || $is_helix || $is_import ]]; then
set_progress_str 82 "$(print_salt_state_apply 'utility')"
salt-call state.apply -l info utility >> $setup_log 2>&1
fi
if [[ ( $is_helix || $is_manager || $is_node ) && ! $is_eval ]]; then
set_progress_str 83 "$(print_salt_state_apply 'logstash')"
salt-call state.apply -l info logstash >> $setup_log 2>&1
set_progress_str 84 "$(print_salt_state_apply 'filebeat')"
salt-call state.apply -l info filebeat >> $setup_log 2>&1
fi
set_progress_str 85 'Applying finishing touches'
filter_unused_nics >> $setup_log 2>&1
network_setup >> $setup_log 2>&1
if [[ $is_manager || $is_import ]]; then
set_progress_str 87 'Adding user to SOC'
add_web_user >> $setup_log 2>&1
fi
set_progress_str 90 'Enabling checkin at boot'
checkin_at_boot >> $setup_log 2>&1
set_progress_str 95 'Verifying setup'
salt-call -l info state.highstate >> $setup_log 2>&1
} | progress
success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
if [[ $success != 0 ]]; then SO_ERROR=1; fi
# Check entire setup log for errors or unexpected salt states and ensure cron jobs are not reporting errors to root's mailbox
if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then SO_ERROR=1; fi
if [[ -n $SO_ERROR ]]; then
echo "Errors detected during setup; skipping post-setup steps to allow for analysis of failures." >> $setup_log 2>&1
SKIP_REBOOT=1
whiptail_setup_failed
else
echo "Successfully completed setup! Continuing with post-installation steps" >> $setup_log 2>&1
{
export percentage=95 # set to last percentage used in previous subshell
if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then
set_progress_str 98 "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}"
IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1
fi
if [[ $THEHIVE == 1 ]]; then
set_progress_str 99 'Waiting for TheHive to start up'
check_hive_init >> $setup_log 2>&1
fi
} | whiptail_gauge_post_setup "Running post-installation steps..."
whiptail_setup_complete
echo "Post-installation steps have completed." >> $setup_log 2>&1
fi
install_cleanup >> $setup_log 2>&1
if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi
Reference in New Issue View Git Blame Copy Permalink