Remove 'so-curator-cluster-warm' and remove unncessary Curator default values

2025-12-06 17:22:49 +01:00 · 2023-03-07 16:21:55 +00:00
parent df94e830c5
commit 073054b447
3 changed files with 0 additions and 171 deletions
--- a/salt/curator/defaults.yaml
+++ b/salt/curator/defaults.yaml
@@ -1,182 +1,47 @@
 elasticsearch:
  index_settings:
-    so-aws:
-      warm: 7
-      close: 30
-      delete: 365
-    so-azure:
-      warm: 7
-      close: 30
-      delete: 365
-    so-barracuda:
-      warm: 7
-      close: 30
-      delete: 365
    so-beats:
-      warm: 7
-      close: 30
-      delete: 365
-    so-bluecoat:
-      warm: 7
-      close: 30
-      delete: 365
-    so-cef:
-      warm: 7
-      close: 30
-      delete: 365
-    so-checkpoint:
-      warm: 7
-      close: 30
-      delete: 365
-    so-cisco:
-      warm: 7
-      close: 30
-      delete: 365
-    so-cyberark:
-      warm: 7
-      close: 30
-      delete: 365
-    so-cylance:
-      warm: 7
      close: 30
      delete: 365
    so-elasticsearch:
-      warm: 7
-      close: 30
-      delete: 365
-    so-endgame:
-      warm: 7
-      close: 30
-      delete: 365
-    so-f5:
-      warm: 7
      close: 30
      delete: 365
    so-firewall:
-      warm: 7
-      close: 30
-      delete: 365
-    so-fortinet:
-      warm: 7
-      close: 30
-      delete: 365
-    so-gcp:
-      warm: 7
-      close: 30
-      delete: 365
-    so-google_workspace:
-      warm: 7
      close: 30
      delete: 365
    so-ids:
-      warm: 7
-      close: 30
-      delete: 365
-    so-imperva:
-      warm: 7
      close: 30
      delete: 365
    so-import:
-      warm: 7
      close: 73000
      delete: 73001
-    so-infoblox:
-      warm: 7
-      close: 30
-      delete: 365
-    so-juniper:
-      warm: 7
-      close: 30
-      delete: 365
    so-kratos:
-      warm: 7
      close: 30
      delete: 365
    so-kibana:
-      warm: 7
      close: 30
      delete: 365
    so-logstash:
-      warm: 7
-      close: 30
-      delete: 365
-    so-microsoft:
-      warm: 7
-      close: 30
-      delete: 365
-    so-misp:
-      warm: 7
      close: 30
      delete: 365
    so-netflow:
-      warm: 7
-      close: 30
-      delete: 365
-    so-netscout:
-      warm: 7
-      close: 30
-      delete: 365
-    so-o365:
-      warm: 7
-      close: 30
-      delete: 365
-    so-okta:
-      warm: 7
      close: 30
      delete: 365
    so-osquery:
-      warm: 7
      close: 30
      delete: 365
    so-ossec:
-      warm: 7
-      close: 30
-      delete: 365
-    so-proofpoint:
-      warm: 7
-      close: 30
-      delete: 365
-    so-radware:
-      warm: 7
      close: 30
      delete: 365
    so-redis:
-      warm: 7
-      close: 30
-      delete: 365
-    so-snort:
-      warm: 7
-      close: 30
-      delete: 365
-    so-snyk:
-      warm: 7
-      close: 30
-      delete: 365
-    so-sonicwall:
-      warm: 7
-      close: 30
-      delete: 365
-    so-sophos:
-      warm: 7
      close: 30
      delete: 365
    so-strelka:
-      warm: 7
      close: 30
      delete: 365
    so-syslog:
-      warm: 7
-      close: 30
-      delete: 365
-    so-tomcat:
-      warm: 7
      close: 30
      delete: 365
    so-zeek:
-      warm: 7
-      close: 30
-      delete: 365
-    so-zscaler:
-      warm: 7
      close: 30
      delete: 365
--- a/salt/curator/files/bin/so-curator-cluster-warm
+++ b/salt/curator/files/bin/so-curator-cluster-warm
@@ -1,26 +0,0 @@
-#!/bin/bash
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-
-APP=warm
-lf=/tmp/$APP-pidLockFile
-# create empty lock file if none exists
-cat /dev/null >> $lf
-read lastPID < $lf
-# if lastPID is not null and a process with that pid exists , exit
-[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
-echo $$ > $lf
-
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-warm.yml > /dev/null 2>&1; 
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-warm.yml > /dev/null 2>&1; 
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-warm.yml > /dev/null 2>&1; 
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-warm.yml > /dev/null 2>&1; 
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-warm.yml > /dev/null 2>&1;
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-kratos-warm.yml > /dev/null 2>&1; 
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-warm.yml > /dev/null 2>&1; 
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-warm.yml > /dev/null 2>&1; 
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-warm.yml > /dev/null 2>&1; 
-docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-warm.yml > /dev/null 2>&1;
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -182,16 +182,6 @@ so-curatorclusterdelete:
    - month: '*'
    - dayweek: '*'

-so-curatorclusterwarm:
-  cron.present:
-    - name: /usr/sbin/so-curator-cluster-warm > /opt/so/log/curator/cron-warm.log 2>&1
-    - user: root
-    - minute: '2'
-    - hour: '*/1'
-    - daymonth: '*'
-    - month: '*'
-    - dayweek: '*'
-
 {% else %}

 {{sls}}_state_not_allowed: