CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/TOoSmOotH/securityonion-saltstack

Browse Source
This commit is contained in:
Mike Reeves
2018-12-13 13:22:04 -05:00
parent eb04bd1bb4 f538eddb5f
commit 07a2b34583
12 changed files with 478 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
salt/common/nginx/nginx.conf.so-eval
View File

@@ -110,6 +110,20 @@ http {
proxy_set_header Proxy ""; proxy_set_header Proxy "";
} }
location /api/ {
proxy_pass https://{{ masterip }}:8080/api/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
location /fleet/ { location /fleet/ {
rewrite /fleet/(.*) /$1 break; rewrite /fleet/(.*) /$1 break;
proxy_pass https://{{ masterip }}:8080/; proxy_pass https://{{ masterip }}:8080/;

12
salt/common/nginx/nginx.conf.so-master
View File

@@ -111,6 +111,18 @@ http {
} }
location /api/ {
proxy_pass https://{{ masterip }}:8080/api/;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
location /fleet/ { location /fleet/ {
rewrite /fleet/(.*) /$1 break; rewrite /fleet/(.*) /$1 break;

14
salt/filebeat/etc/filebeat.yml
View File

@@ -12,6 +12,7 @@ filebeat.modules:
# List of prospectors to fetch data. # List of prospectors to fetch data.
filebeat.prospectors: filebeat.prospectors:
#------------------------------ Log prospector -------------------------------- #------------------------------ Log prospector --------------------------------
{%- if grains['role'] == 'so-sensor' or grains['role'] == "so-eval" %}
{%- if BROVER != 'SURICATA' %} {%- if BROVER != 'SURICATA' %}
{%- for LOGNAME in salt['pillar.get']('brologs:enabled', '') %} {%- for LOGNAME in salt['pillar.get']('brologs:enabled', '') %}
- type: log - type: log
@@ -36,6 +37,7 @@ filebeat.prospectors:
fields_under_root: true fields_under_root: true
clean_removed: false clean_removed: false
close_removed: false close_removed: false
{%- endif %}
{%- if WAZUHENABLED == '1' %} {%- if WAZUHENABLED == '1' %}
@@ -47,6 +49,16 @@ filebeat.prospectors:
fields_under_root: true fields_under_root: true
clean_removed: false clean_removed: false
close_removed: false close_removed: false
- type: log
paths:
- /wazuh/archives/archives.json
fields:
type: ossec_archive
fields_under_root: true
clean_removed: false
close_removed: false
{%- endif %} {%- endif %}
#----------------------------- Logstash output --------------------------------- #----------------------------- Logstash output ---------------------------------
@@ -63,7 +75,6 @@ output.logstash:
# Set gzip compression level. # Set gzip compression level.
compression_level: 3 compression_level: 3
# Enable SSL support. SSL is automatically enabled, if any SSL setting is set. # Enable SSL support. SSL is automatically enabled, if any SSL setting is set.
ssl.enabled: true ssl.enabled: true
@@ -87,7 +98,6 @@ output.logstash:
# Client Certificate Key # Client Certificate Key
ssl.key: "/usr/share/filebeat/filebeat.key" ssl.key: "/usr/share/filebeat/filebeat.key"
# Elasticsearch template settings # Elasticsearch template settings
#setup.template.settings: #setup.template.settings:

7
salt/filebeat/init.sls
View File

@@ -61,8 +61,15 @@ so-filebeat:
- /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro - /opt/so/conf/filebeat/etc/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- /nsm/bro:/nsm/bro:ro - /nsm/bro:/nsm/bro:ro
- /opt/so/log/suricata:/suricata:ro - /opt/so/log/suricata:/suricata:ro
- /opt/so/wazuh/logs/alerts/:/wazuh/alerts:ro
- /opt/so/wazuh/logs/archives/:/wazuh/archives:ro
{%- if grains['role'] == 'so-master' %}
- /etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
- /etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
{%- else %}
- /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro - /opt/so/conf/filebeat/etc/pki/filebeat.crt:/usr/share/filebeat/filebeat.crt:ro
- /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro - /opt/so/conf/filebeat/etc/pki/filebeat.key:/usr/share/filebeat/filebeat.key:ro
{%- endif %}
- /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro - /etc/ssl/certs/intca.crt:/usr/share/filebeat/intraca.crt:ro
- watch: - watch:
- file: /opt/so/conf/filebeat/etc - file: /opt/so/conf/filebeat/etc

37
salt/firewall/init.sls
View File

@@ -1,5 +1,19 @@
# Firewall Magic for the grid # Firewall Magic for the grid
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
{%- set ip = salt['pillar.get']('static:masterip', '') %}
{% elif grains['role'] == 'so-node'%}
{%- set ip = salt['pillar.get']('node:mainip', '') %}
{% elif grains['role'] == 'so-sensor'%}
{%- set ip = salt['pillar.get']('sensor:mainip', '') %}
{% endif %}
# Keep localhost in the game # Keep localhost in the game
iptables_allow_localhost: iptables_allow_localhost:
iptables.append: iptables.append:
@@ -86,6 +100,29 @@ enable_docker_user_established:
- match: conntrack - match: conntrack
- ctstate: 'RELATED,ESTABLISHED' - ctstate: 'RELATED,ESTABLISHED'
# Add rule(s) for Wazuh manager
enable_wazuh_manager_1514_tcp_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: tcp
- source: {{ ip }}
- dport: 1514
- position: 1
- save: True
enable_wazuh_manager_1514_udp_{{ip}}:
iptables.insert:
- table: filter
- chain: DOCKER-USER
- jump: ACCEPT
- proto: udp
- source: {{ ip }}
- dport: 1514
- position: 1
- save: True
# Rules if you are a Master # Rules if you are a Master
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %} {% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
#This should be more granular #This should be more granular

12
salt/fleet/init.sls
View File

@@ -10,6 +10,13 @@ fleetcdir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
fleetlogdir:
file.directory:
- name: /opt/so/log/fleet
- user: 939
- group: 939
- makedirs: True
fleetdb: fleetdb:
mysql_database.present: mysql_database.present:
- name: fleet - name: fleet
@@ -44,8 +51,11 @@ so-fleet:
- KOLIDE_SERVER_KEY=/ssl/server.key - KOLIDE_SERVER_KEY=/ssl/server.key
- KOLIDE_LOGGING_JSON=true - KOLIDE_LOGGING_JSON=true
- KOLIDE_AUTH_JWT_KEY=thisisatest - KOLIDE_AUTH_JWT_KEY=thisisatest
- KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/osquery/status.log
- KOLIDE_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
- binds: - binds:
- /etc/pki/fleet.key:/ssl/server.key:ro - /etc/pki/fleet.key:/ssl/server.key:ro
- /etc/pki/fleet.crt:/ssl/server.cert - /etc/pki/fleet.crt:/ssl/server.cert:ro
- /opt/so/log/fleet:/var/log/osquery
- watch: - watch:
- /opt/so/conf/fleet/etc - /opt/so/conf/fleet/etc

5
salt/logstash/files/dynamic/0006_input_beats.conf
View File

@@ -9,7 +9,7 @@ input {
} }
} }
filter { filter {
if [type] == "ids" { if [type] == "ids" or [type] =~ "bro" {
mutate { mutate {
rename => { "host" => "beat_host" } rename => { "host" => "beat_host" }
remove_tag => ["beat"] remove_tag => ["beat"]
@@ -17,11 +17,10 @@ filter {
add_field => { "syslog-host_from" => "%{[beat][name]}" } add_field => { "syslog-host_from" => "%{[beat][name]}" }
} }
} }
if "bro" in [tags] { if [type] =~ "ossec" {
mutate { mutate {
rename => { "host" => "beat_host" } rename => { "host" => "beat_host" }
remove_tag => ["beat"] remove_tag => ["beat"]
add_field => { "sensor_name" => "%{[beat][name]}" }
add_field => { "syslog-host_from" => "%{[beat][name]}" } add_field => { "syslog-host_from" => "%{[beat][name]}" }
} }
} }

9
salt/top.sls
View File

@@ -10,6 +10,7 @@ base:
{%- if BROVER != 'SURICATA' %} {%- if BROVER != 'SURICATA' %}
- bro - bro
{%- endif %} {%- endif %}
- wazuh
- filebeat - filebeat
- schedule - schedule
@@ -29,11 +30,11 @@ base:
- bro - bro
- curator - curator
- elastalert - elastalert
- fleet
- wazuh
- filebeat - filebeat
- utility - utility
- schedule - schedule
- fleet
- wazuh
'G@role:so-master': 'G@role:so-master':
@@ -49,6 +50,8 @@ base:
- logstash - logstash
- kibana - kibana
- elastalert - elastalert
- wazuh
- filebeat
- utility - utility
- schedule - schedule
- fleet - fleet
@@ -87,6 +90,8 @@ base:
- logstash - logstash
- elasticsearch - elasticsearch
- curator - curator
- wazuh
- filebeat
- schedule - schedule
'G@role:mastersensor': 'G@role:mastersensor':

199
salt/wazuh/files/agent/ossec.conf Normal file
View File

@@ -0,0 +1,199 @@
{%- if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
{%- set ip = salt['pillar.get']('static:masterip', '') %}
{%- elif grains['role'] == 'so-node' }
{%- set ip = salt['pillar.get']('node:mainip', '') %}
{%- elif grains['role'] == 'so-sensor' }
{%- set ip = salt['pillar.get']('sensor:mainip', '') %}
{%- endif %}
<!--
Wazuh - Agent - Default configuration for ubuntu 16.04
More info at: https://documentation.wazuh.com
Mailing list: https://groups.google.com/forum/#!forum/wazuh
-->
<ossec_config>
<client>
<server>
<address>{{ip}}</address>
<port>1514</port>
<protocol>udp</protocol>
</server>
<config-profile>ubuntu, ubuntu16, ubuntu16.04</config-profile>
<notify_time>10</notify_time>
<time-reconnect>60</time-reconnect>
<auto_restart>yes</auto_restart>
<crypto_method>aes</crypto_method>
</client>
<client_buffer>
<!-- Agent buffer options -->
<disabled>no</disabled>
<queue_size>5000</queue_size>
<events_per_second>500</events_per_second>
</client_buffer>
<!-- Policy monitoring -->
<rootcheck>
<disabled>no</disabled>
<check_unixaudit>yes</check_unixaudit>
<check_files>yes</check_files>
<check_trojans>yes</check_trojans>
<check_dev>yes</check_dev>
<check_sys>yes</check_sys>
<check_pids>yes</check_pids>
<check_ports>yes</check_ports>
<check_if>yes</check_if>
<!-- Frequency that rootcheck is executed - every 12 hours -->
<frequency>43200</frequency>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/system_audit_ssh.txt</system_audit>
<skip_nfs>yes</skip_nfs>
</rootcheck>
<wodle name="open-scap">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
</wodle>
<wodle name="cis-cat">
<disabled>yes</disabled>
<timeout>1800</timeout>
<interval>1d</interval>
<scan-on-start>yes</scan-on-start>
<java_path>wodles/java</java_path>
<ciscat_path>wodles/ciscat</ciscat_path>
</wodle>
<!-- Osquery integration -->
<wodle name="osquery">
<disabled>yes</disabled>
<run_daemon>yes</run_daemon>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
</wodle>
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<ports all="no">yes</ports>
<processes>yes</processes>
</wodle>
<!-- File integrity monitoring -->
<syscheck>
<disabled>no</disabled>
<!-- Frequency that syscheck is executed default every 12 hours -->
<frequency>43200</frequency>
<scan_on_start>yes</scan_on_start>
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin,/boot</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/random.seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/etc/utmpx</ignore>
<ignore>/etc/wtmpx</ignore>
<ignore>/etc/cups/certs</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/svc/volatile</ignore>
<ignore>/sys/kernel/security</ignore>
<ignore>/sys/kernel/debug</ignore>
<!-- Check the file, but never compute the diff -->
<nodiff>/etc/ssl/private.key</nodiff>
<skip_nfs>yes</skip_nfs>
<!-- Remove not monitored files -->
<remove_old_diff>yes</remove_old_diff>
<!-- Allow the system to restart Auditd after installing the plugin -->
<restart_audit>yes</restart_audit>
</syscheck>
<!-- Log analysis -->
<localfile>
<log_format>command</log_format>
<command>df -P</command>
<frequency>360</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
<alias>netstat listening ports</alias>
<frequency>360</frequency>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>last -n 20</command>
<frequency>360</frequency>
</localfile>
<!-- Active response -->
<active-response>
<disabled>no</disabled>
<ca_store>/var/ossec/etc/wpk_root.pem</ca_store>
<ca_verification>yes</ca_verification>
</active-response>
<!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
<logging>
<log_format>plain</log_format>
</logging>
</ossec_config>
<ossec_config>
<localfile>
<log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/auth.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/syslog</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/dpkg.log</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/kern.log</location>
</localfile>
</ossec_config>

139
salt/wazuh/files/agent/wazuh-register-agent Executable file
View File

@@ -0,0 +1,139 @@
{%- if grains['role'] == 'so-master' or grains['role'] == 'so-eval' %}
{%- set ip = salt['pillar.get']('static:masterip', '') %}
{%- elif grains['role'] == 'so-node' }
{%- set ip = salt['pillar.get']('node:mainip', '') %}
{%- elif grains['role'] == 'so-sensor' }
{%- set ip = salt['pillar.get']('sensor:mainip', '') %}
{%- endif %}
#!/bin/bash
###
# Shell script for registering agents automatically with the API
# Copyright (C) 2017 Wazuh, Inc. All rights reserved.
# Wazuh.com
#
# This program is a free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License (version 2) as published by the FSF - Free Software
# Foundation.
###
#
# 12/11/2018
# This script has been modified by Security Onion Solutions
# - Added Agent IP variable and option
###
# Connection variables
API_IP="localhost"
API_PORT="55000"
PROTOCOL="https"
USER="foo"
PASSWORD="bar"
AGENT_NAME=$(hostname)
AGENT_IP="{{ip}}"
display_help() {
cat <<HELP_USAGE
$0 [-h] [-f|--force] [-q|--quiet] [agent]
-h Show this message.
-f|--force Force agent removal (if already registered)
The agent will be re-regitered with a new ID
-s|--silent Surpress the output while removing the agent
agent Agent name (if missing we will use the output
of the hostname command)
HELP_USAGE
}
register_agent() {
# Adding agent and getting Id from manager
echo ""
echo "Adding agent:"
echo "curl -s -u $USER:**** -k -X POST -d 'name=$AGENT_NAME&ip=$AGENT_IP' $PROTOCOL://$API_IP:$API_PORT/agents"
API_RESULT=$(curl -s -u $USER:"$PASSWORD" -k -X POST -d 'name='$AGENT_NAME'&ip='$AGENT_IP $PROTOCOL://$API_IP:$API_PORT/agents)
echo -e $API_RESULT | grep -q "\"error\":0" 2>&1
if [ "$?" != "0" ]; then
echo -e $API_RESULT | sed -rn 's/.*"message":"(.+)".*/\1/p'
exit 0
fi
# Get agent id and agent key
AGENT_ID=$(echo $API_RESULT | cut -d':' -f 4 | cut -d ',' -f 1)
AGENT_KEY=$(echo $API_RESULT | cut -d':' -f 5 | cut -d '}' -f 1)
echo "Agent '$AGENT_NAME' with ID '$AGENT_ID' added."
echo "Key for agent '$AGENT_ID' received."
# Importing key
echo ""
echo "Importing authentication key:"
echo "y" | /var/ossec/bin/manage_agents -i $AGENT_KEY
# Restarting agent
echo ""
echo "Restarting:"
echo ""
/var/ossec/bin/ossec-control restart
exit 0
}
remove_agent() {
echo "Found: $AGENT_ID"
echo "Removing previous registration for '$AGENT_NAME' using ID: $AGENT_ID ..."
# curl -u foo:bar -k -X DELETE "https://127.0.0.1:55000/agents/001
REMOVE_AGENT=$(curl -s -u $USER:"$PASSWORD" -k -X DELETE $PROTOCOL://$API_IP:$API_PORT/agents/$AGENT_ID)
echo -e $REMOVE_AGENT
}
get_agent_id() {
echo ""
echo "Checking for Agent ID..."
AGENT_ID=$(curl -s -u $USER:"$PASSWORD" -k -X GET $PROTOCOL://$API_IP:$API_PORT/agents/name/$AGENT_NAME | rev | cut -d: -f1 | rev | grep -o '".*"' | tr -d '"')
}
# MAIN
# ENTRY POINT
while getopts ':hfsi:' OPTION; do
case "$OPTION" in
h)
display_help
exit 0
;;
f|--force)
FORCE=true
;;
i|--ip)
AGENT_IP=${OPTARG}
;;
s|--silent)
SILENT=true
;;
esac
done
# reset $1, $2 .... as normal argument after the flag
shift $(($OPTIND - 1))
# if no arguments are passed in after the flags, we assign the hostname value to the AGENT_NAME
#AGENT_NAME=${1:-$(hostname)}
#get_agent_id
# check the return value. If we get an integer back then the agent is already registered. Anything else -> agent is not registered
# if ! [ "$AGENT_ID" -eq "$AGENT_ID" ] 2> /dev/null ; then
# echo "Starting registration process ..."
# :
# elif [[ "$FORCE" = true && "$SILENT" = "true" ]] ; then
# remove_agent > /dev/null 2>&1
# else
# if [[ "$FORCE" = true ]] ; then
# remove_agent
# fi
# fi
# Default action -> try to register the agent
sleep 10s
register_agent
#remove_agent

34
salt/wazuh/init.sls
View File

@@ -1,10 +1,6 @@
{%- set HOSTNAME = salt['grains.get']('host', '') %} {%- set HOSTNAME = salt['grains.get']('host', '') %}
#vm.max_map_count: # Add ossec group
# sysctl.present:
# - value: 262144
# Add ossec Group
ossecgroup: ossecgroup:
group.present: group.present:
- name: ossec - name: ossec
@@ -41,6 +37,25 @@ wazuhpkgs:
- pkgs: - pkgs:
- wazuh-agent - wazuh-agent
# Add Wazuh agent conf
wazuhagentconf:
file.managed:
- name: /var/ossec/etc/ossec.conf
- source: salt://wazuh/files/agent/ossec.conf
- user: 0
- group: 945
- template: jinja
# Add Wazuh agent conf
wazuhagentregister:
file.managed:
- name: /usr/sbin/wazuh-register-agent
- source: salt://wazuh/files/agent/wazuh-register-agent
- user: 0
- group: 0
- mode: 755
- template: jinja
so-wazuh: so-wazuh:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-wazuh:HH1.0.5 - image: soshybridhunter/so-wazuh:HH1.0.5
@@ -48,8 +63,15 @@ so-wazuh:
- name: so-wazuh - name: so-wazuh
- detach: True - detach: True
- port_bindings: - port_bindings:
- 0.0.0.0:1514:1514 - 0.0.0.0:1514:1514/udp
- 0.0.0.0:1514:1514/tcp
- 0.0.0.0:55000:55000 - 0.0.0.0:55000:55000
- binds: - binds:
- /opt/so/wazuh/:/var/ossec/data/:rw - /opt/so/wazuh/:/var/ossec/data/:rw
# Register the agent
registertheagent:
cmd.run:
- name: /usr/sbin/wazuh-register-agent
- cwd: /
#- stateful: True

10
so-setup-network.sh
View File

@@ -220,6 +220,14 @@ configure_minion() {
} }
configure_wazuh_agent(){
# Configure Wazuh agent to talk to manager
echo "Configuring Wazuh agent to talk to manager..."
/usr/sbin/wazuh-register-agent -i $MAINIP
}
copy_master_config() { copy_master_config() {
# Copy the master config template to the proper directory # Copy the master config template to the proper directory
@@ -1629,6 +1637,7 @@ if (whiptail_you_sure); then
CURCLOSEDAYS=30 CURCLOSEDAYS=30
whiptail_make_changes whiptail_make_changes
generate_passwords generate_passwords
auth_pillar
clear_master clear_master
mkdir -p /nsm mkdir -p /nsm
get_filesystem_root get_filesystem_root
@@ -1664,6 +1673,7 @@ if (whiptail_you_sure); then
salt_checkin_message salt_checkin_message
salt_checkin salt_checkin
checkin_at_boot checkin_at_boot
#configure_wazuh_agent
whiptail_setup_complete whiptail_setup_complete
fi fi