securityonion
securityonion copied to clipboard
Do not overwrite /etc/hosts and /etc/hostname if already configured
The function below is faulty: https://github.com/Security-Onion-Solutions/securityonion/blob/aa15f3ca4a00acd7f6d0af21c3627520f608f8d2/setup/so-functions#L1979-L1987
As discussion https://github.com/Security-Onion-Solutions/securityonion/discussions/2399#discussioncomment-266163 indicates, the function above appears to be the cause of many non-ISO server installs failing.
As a best practice, app installers should avoid replace existing critical system files. Append if you need to, but never overwrite without explicit informed consent from the sysadmin.
If a person has already setup their administrative interface, then it's a sure bet they have already selected a hostname as well. Perhaps the solution is to have this function test whether the hostname you're about to set is identical to the existing entry in /etc/hostname. If it is, don't overwrite /etc/hostname and only append to /etc/hosts.
In any case, the /etc/hosts file should always contain a mapping between the administrative interface's IP and the system's hostname, and that's missing here, which seems to be the reason so many installs hang at 80%. Related: https://github.com/Security-Onion-Solutions/securityonion/issues/2973
FYI, this issue is still present in 2.3.50. I have to manually re-add the main IP to hostname entry in /etc/hosts during the installation via a second shell.