From 883d9560a0097690b83406bc7e9521397b020012 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Jun 2023 19:20:40 -0400 Subject: [PATCH 001/125] Initial Support --- setup/so-functions | 43 +++++++++++++++++++++++++++++++------------ setup/so-setup | 6 ++++-- 2 files changed, 35 insertions(+), 14 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 814165fbb..39c4144db 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -950,6 +950,11 @@ detect_os() { OSVER=9 is_rocky=true pkgman="dnf" + elif grep -q "CentOS Stream release 9" /etc/redhat-release; then + OS=centos + OSVER=9 + is_centos=true + pkgman=dnf else info "We do not support the operating system you are trying to use." fail_setup @@ -1847,7 +1852,7 @@ reset_proxy() { [[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig - if [[ $is_rocky ]]; then + if [[ $is_rocky || $is_centos ]]; then sed -i "/proxy=/d" /etc/dnf/dnf.conf else [[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf @@ -1893,7 +1898,7 @@ drop_install_options() { remove_package() { local package_name=$1 - if [[ $is_rocky ]]; then + if [[ $is_rocky || $is_centos ]]; then if rpm -qa | grep -q "$package_name"; then logCmd "dnf remove -y $package_name" fi @@ -1914,7 +1919,7 @@ remove_package() { securityonion_repo() { # Remove all the current repos - if [[ $is_rocky ]]; then + if [[ $is_rocky || $is_centos ]]; then logCmd "dnf -v clean all" logCmd "mkdir -vp /root/oldrepos" logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/" @@ -1939,10 +1944,15 @@ securityonion_repo() { # update this package because the repo config files get added back # if the package is updated when the update_packages function is called if [ -f "/etc/yum.repos.d/rocky.repo" ]; then - info "Backing up the .repo files that were added by the centos-release package." + info "Backing up the .repo files that were added by the rocky-release package." logCmd "mv -bvf /etc/yum.repos.d/rocky* /root/oldrepos/" logCmd "dnf repolist all" fi + if [ -f "/etc/yum.repos.d/centos.repo" ]; then + info "Backing up the .repo files that were added by the centos-release package." + logCmd "mv -bvf /etc/yum.repos.d/centos* /root/oldrepos/" + logCmd "dnf repolist all" + fi if [[ $waitforstate ]]; then if [[ ! $is_airgap ]]; then # Build the repo locally so we can use it @@ -1959,8 +1969,13 @@ repo_sync_local() { info "Backing up old repos" mkdir -p /nsm/repo mkdir -p /opt/so/conf/reposync/cache - echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt - echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt + if [[ $is_rocky ]]; then + echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt + echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt + else + echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt + echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt + fi echo "[main]" > /opt/so/conf/reposync/repodownload.conf echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf @@ -1971,7 +1986,6 @@ repo_sync_local() { echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf - echo "#baseurl=https://repo.securityonion.net/file/so-repo/2.4/" >> /opt/so/conf/reposync/repodownload.conf echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf @@ -2031,7 +2045,7 @@ saltify() { fi - if [[ $is_rocky ]]; then + if [[ $is_rocky || $is_centos ]]; then if [[ $waitforstate ]]; then # install all for a manager logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION" @@ -2169,7 +2183,7 @@ set_proxy() { "}" > /root/.docker/config.json # Set proxy for package manager - if [[ $is_rocky ]]; then + if [[ $is_rocky | $is_centos ]]; then echo "proxy=$so_proxy" >> /etc/yum.conf else # Set it up so the updates roll through the manager @@ -2364,11 +2378,16 @@ update_sudoers_for_testing() { } update_packages() { - if [[ $is_rocky ]]; then + if [[ $is_rocky || $is_centos ]]; then logCmd "dnf repolist" logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" - RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo") - info "Removing repo files added by rocky-repos package update" + if [[ $is_rocky ]]; then + RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo") + info "Removing repo files added by rocky-repos package update" + else + RMREPOFILES=("centos-addons.repo" "centos-devel.repo" "centos-extras.repo" "centos.repo") + info "Removing repo files added by centos-repos package update" + fi for FILE in ${RMREPOFILES[@]}; do logCmd "rm -f /etc/yum.repos.d/$FILE" done diff --git a/setup/so-setup b/setup/so-setup index 355c8eea2..8b06ea484 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -91,8 +91,10 @@ if [[ $is_desktop ]]; then title "This is a desktop install" # Make sure it's CentOS or Rocky Linux - if [[ ! $is_rocky ]]; then - info "Security Onion Desktop is only supported on Rocky Linux 9" + if [[ $is_rocky || $is_centos ]]; then + info "Security Onion Desktop is supported on this OS." + else + info "Security Onion Desktop is not supported on this OS." exit 1 fi From d519369c6ff2bb84fe1b983a68769e4e678895a7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Jun 2023 19:22:33 -0400 Subject: [PATCH 002/125] Initial Support --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 39c4144db..53ce44a33 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -951,7 +951,7 @@ detect_os() { is_rocky=true pkgman="dnf" elif grep -q "CentOS Stream release 9" /etc/redhat-release; then - OS=centos + OS=centos OSVER=9 is_centos=true pkgman=dnf From c37a179a3c89b23e97969ee2fd0a77d0c2ba677a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Jun 2023 12:46:13 -0400 Subject: [PATCH 003/125] Fix syntax error --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 53ce44a33..20a6e463b 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2183,7 +2183,7 @@ set_proxy() { "}" > /root/.docker/config.json # Set proxy for package manager - if [[ $is_rocky | $is_centos ]]; then + if [[ $is_rocky || $is_centos ]]; then echo "proxy=$so_proxy" >> /etc/yum.conf else # Set it up so the updates roll through the manager From 6b6724afcf9b62451898657cca552d58c91583a7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Jun 2023 12:52:53 -0400 Subject: [PATCH 004/125] Fix whiptail logic --- setup/so-whiptail | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 270d49cd5..4cb53be53 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -523,7 +523,7 @@ whiptail_install_type() { [ -n "$TESTING" ] && return # What kind of install are we doing? - if [[ $OS = 'rocky' ]]; then + if [[ $is_rocky || $is_centos ]]; then install_type=$(whiptail --title "$whiptail_title" --menu \ "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \ "IMPORT" "Import PCAP or log files " \ @@ -563,7 +563,7 @@ whiptail_install_type_dist() { [ -n "$TESTING" ] && return - if [[ $OS = 'rocky' ]]; then + if [[ $is_rocky || $is_centos ]]; then dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \ "New Deployment " "Create a new Security Onion deployment" \ "Existing Deployment " "Join to an existing Security Onion deployment " \ From cc3c28135d99aa08d945f41197107cec0fb6d875 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Jun 2023 12:53:18 -0400 Subject: [PATCH 005/125] Fix whiptail logic --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 20a6e463b..b7878a882 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -680,7 +680,7 @@ configure_ntp() { 'rtcsync' \ 'logdir /var/log/chrony' >> $chrony_conf - if [ "$OS" == 'rocky' ]; then + if [[ $is_rocky || $is_centos ]]; then systemctl enable chronyd systemctl restart chronyd elif [ "$OS" == 'ubuntu' ]; then From 387ce2238592f5cb1ea0bbc7c0115cbaa3e2dbae Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Jun 2023 13:57:53 -0400 Subject: [PATCH 006/125] Fix gpg things --- salt/common/tools/sbin/so-common | 29 +++++++------ salt/manager/tools/sbin/soup | 1 - .../files/centos/keys/RPM-GPG-KEY-EPEL-7 | 29 ------------- .../files/centos/keys/RPM-GPG-KEY-EPEL-9 | 29 +++++++++++++ .../keys/SALT-PROJECT-GPG-PUBKEY-2023.pub | 41 +++++++++++++++++++ .../files/centos/keys/SALTSTACK-GPG-KEY.pub | 31 -------------- .../files/centos/securityonionlocal.repo | 8 ---- setup/so-functions | 8 ++-- setup/so-whiptail | 4 +- 9 files changed, 92 insertions(+), 88 deletions(-) delete mode 100644 salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-7 create mode 100644 salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 create mode 100644 salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub delete mode 100644 salt/repo/client/files/centos/keys/SALTSTACK-GPG-KEY.pub delete mode 100644 salt/repo/client/files/centos/securityonionlocal.repo diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index d41c8fc0c..9d15f0f95 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -199,11 +199,11 @@ get_random_value() { } gpg_rpm_import() { - if [[ "$OS" == "rocky" ]]; then + if [[ $is_rocky || $is_centos ]]; then if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then - local RPMKEYSLOC="../salt/repo/client/files/rocky/keys" + local RPMKEYSLOC="../salt/repo/client/files/$OS/keys" else - local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/rocky/keys" + local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys" fi RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub') @@ -384,19 +384,22 @@ salt_minion_count() { } -set_cron_service_name() { - if [[ "$OS" == "rocky" ]]; then - cron_service_name="crond" - else - cron_service_name="cron" - fi -} - set_os() { if [ -f /etc/redhat-release ]; then - OS=rocky + if grep -q "Rocky Linux release 9" /etc/redhat-release; then + OS=rocky + OSVER=9 + is_rocky=true + elif grep -q "CentOS Stream release 9" /etc/redhat-release; then + OS=centos + OSVER=9 + is_centos=true + fi + cron_service_name="crond" else OS=ubuntu + is_ubuntu=true + cron_service_name="cron" fi } @@ -405,7 +408,7 @@ set_minionid() { } set_palette() { - if [ "$OS" == ubuntu ]; then + if [[ $is_ubuntu ]]; then update-alternatives --set newt-palette /etc/newt/palette.original fi } diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 3c565c760..4f113fab7 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -651,7 +651,6 @@ main() { echo "" set_os - set_cron_service_name if ! check_salt_master_status; then echo "Could not talk to salt master" echo "Please run 'systemctl status salt-master' to ensure the salt-master service is running and check the log at /opt/so/log/salt/master." diff --git a/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-7 b/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-7 deleted file mode 100644 index f205ede46..000000000 --- a/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-7 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (GNU/Linux) - -mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB -OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm -jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP -vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM -jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 -S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ -n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB -9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 -T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj -GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf -uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB -tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB -AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk -5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q -ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu -MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re -9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax -CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv -HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB -VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q -thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc -ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 -vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt -RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== -=hdPa ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 b/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 new file mode 100644 index 000000000..0cc05ecb3 --- /dev/null +++ b/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp +CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 +2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW +DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu +n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z +39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy +XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK +44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS +9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH +DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq +uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB +tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI +ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF +3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC +nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n +R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG +4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe +CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL +9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 +w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT +/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd +fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE +r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux +VL469Kj5m13T6w== +=Mjs/ +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub b/salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub new file mode 100644 index 000000000..be55ef561 --- /dev/null +++ b/salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGPazmABDAC6qc2st6/Uh/5AL325OB5+Z1XMFM2HhQNjB/VcYbLvcCx9AXsU +eaEmNPm6OY3p5+j8omjpXPYSU7DUQ0lIutuAtwkDMROH7uH/r9IY7iu88S6w3q89 +bgbnqhu4mrSik2RNH2NqEiJkylz5rwj4F387y+UGH3aXIGryr+Lux9WxfqoRRX7J +WCf6KOaduLSp9lF4qdpAb4/Z5yExXtQRA9HULSJZqNVhfhWInTkVPw+vUo/P9AYv +mJVv6HRNlTb4HCnl6AZGcAYv66J7iWukavmYKxuIbdn4gBJwE0shU9SaP70dh/LT +WqIUuGRZBVH/LCuVGzglGYDh2iiOvR7YRMKf26/9xlR0SpeU/B1g6tRu3p+7OgjA +vJFws+bGSPed07asam3mRZ0Y9QLCXMouWhQZQpx7Or1pUl5Wljhe2W84MfW+Ph6T +yUm/j0yRlZJ750rGfDKA5gKIlTUXr+nTvsK3nnRiHGH2zwrC1BkPG8K6MLRluU/J +ChgZo72AOpVNq9MAEQEAAbQ5U2FsdCBQcm9qZWN0IFBhY2thZ2luZyA8c2FsdHBy +b2plY3QtcGFja2FnaW5nQHZtd2FyZS5jb20+iQHSBBMBCAA8FiEEEIV//dP5Hq5X +eiHWZMu8gXPXaz8FAmPazmACGwMFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheA +AAoJEGTLvIFz12s/yf0L/jyP/LfduA4DwpjKX9Vpk26tgis9Q0I54UerpD5ibpTA +krzZxK1yFOPddcOjo+Xqg+I8aA+0nJkf+vsfnRgcpLs2qHZkikwZbPduZwkNUHX7 +6YPSXTwyFlzhaRycwPtvBPLFjfmjjjTi/aH4V/frfxfjH/wFvH/xiaiFsYbP3aAP +sJNTLh3im480ugQ7P54ukdte2QHKsjJ3z4tkjnu1ogc1+ZLCSZVDxfR4gLfE6GsN +YFNd+LF7+NtAeJRuJceXIisj8mTQYg+esTF9QtWovdg7vHVPz8mmcsrG9shGr+G9 +iwwtCig+hAGtXFAuODRMur9QfPlP6FhJw0FX/36iJ2p6APZB0EGqn7LJ91EyOnWv +iRimLLvlGFiVB9Xxw1TxnQMNj9jmB1CA4oNqlromO/AA0ryh13TpcIo5gbn6Jcdc +fD4Rbj5k+2HhJTkQ78GpZ0q95P08XD2dlaM2QxxKQGqADJOdV2VgjB2NDXURkInq +6pdkcaRgAKme8b+xjCcVjLkBjQRj2s5gAQwAxmgflHInM8oKQnsXezG5etLmaUsS +EkV5jjQFCShNn9zJEF/PWJk5Df/mbODj02wyc749dSJbRlTY3LgGz1AeywOsM1oQ +XkhfRZZqMwqvfx8IkEPjMvGIv/UI9pqqg/TY7OiYLEDahYXHJDKmlnmCBlnU96cL +yh7a/xY3ZC20/JwbFVAFzD4biWOrAm1YPpdKbqCPclpvRP9N6nb6hxvKKmDo7MqS +uANZMaoqhvnGazt9n435GQkYRvtqmqmOvt8I4oCzV0Y39HfbCHhhy64HSIowKYE7 +YWIujJcfoIDQqq2378T631BxLEUPaoSOV4B8gk/Jbf3KVu4LNqJive7chR8F1C2k +eeAKpaf2CSAe7OrbAfWysHRZ060bSJzRk3COEACk/UURY+RlIwh+LQxEKb1YQueS +YGjxIjV1X7ScyOvam5CmqOd4do9psOS7MHcQNeUbhnjm0TyGT9DF8ELoE0NSYa+J +PvDGHo51M33s31RUO4TtJnU5xSRb2sOKzIuBABEBAAGJAbYEGAEIACAWIQQQhX/9 +0/kerld6IdZky7yBc9drPwUCY9rOYAIbDAAKCRBky7yBc9drP8ctC/9wGi01cBAW +BPEKEnfrKdvlsaLeRxotriupDqGSWxqVxBVd+n0Xs0zPB/kuZFTkHOHpbAWkhPr+ +hP+RJemxCKMCo7kT2FXVR1OYej8Vh+aYWZ5lw6dJGtgo3Ebib2VSKdasmIOI2CY/ +03G46jv05qK3fP6phz+RaX+9hHgh1XW9kKbdkX5lM9RQSZOof3/67IN8w+euy61O +UhNcrsDKrp0kZxw3S+b/02oP1qADXHz2BUerkCZa4RVK1pM0UfRUooOHiEdUxKKM +DE501hwQsMH7WuvlIR8Oc2UGkEtzgukhmhpQPSsVPg54y9US+LkpztM+yq+zRu33 +gAfssli0MvSmkbcTDD22PGbgPMseyYxfw7vuwmjdqvi9Z4jdln2gyZ6sSZdgUMYW +PGEjZDoMzsZx9Zx6SO9XCS7XgYHVc8/B2LGSxj+rpZ6lBbywH88lNnrm/SpQB74U +4QVLffuw76FanTH6advqdWIqtlWPoAQcEkKf5CdmfT2ei2wX1QLatTs= +=ZKPF +-----END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/centos/keys/SALTSTACK-GPG-KEY.pub b/salt/repo/client/files/centos/keys/SALTSTACK-GPG-KEY.pub deleted file mode 100644 index 14bd7d98c..000000000 --- a/salt/repo/client/files/centos/keys/SALTSTACK-GPG-KEY.pub +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 - -mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9 -m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW -tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw -WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts -kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA -gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr -YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT -qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q -WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1 -yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o -nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU -4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA -/NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q -9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb -9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx -uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ -zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr -GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E -PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ -AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK -WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4 -vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f -T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N -1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx -fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS -MA== -=dtMN ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/centos/securityonionlocal.repo b/salt/repo/client/files/centos/securityonionlocal.repo deleted file mode 100644 index cd928eb79..000000000 --- a/salt/repo/client/files/centos/securityonionlocal.repo +++ /dev/null @@ -1,8 +0,0 @@ -[solocal] -name=Security Onion Repo -baseurl=file:///nsm/repo/ -enabled=1 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 - - diff --git a/setup/so-functions b/setup/so-functions index b7878a882..4310a7ef8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -683,7 +683,7 @@ configure_ntp() { if [[ $is_rocky || $is_centos ]]; then systemctl enable chronyd systemctl restart chronyd - elif [ "$OS" == 'ubuntu' ]; then + elif [[ $is_ubuntu ]]; then systemctl enable chrony systemctl restart chrony fi @@ -1022,7 +1022,7 @@ installer_prereq_packages() { # logCmd "systemctl start NetworkManager" # el - if [ "$OS" == ubuntu ]; then + if [[ $is_ubuntu ]]; then # Print message to stdout so the user knows setup is doing something info "Running apt-get update" retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup @@ -1831,7 +1831,7 @@ reinstall_init() { # Remove the old launcher package in case the config changes remove_package launcher-final - if [[ $OS == 'ubuntu' ]]; then + if [[ $is_ubuntu ]]; then info "Unholding previously held packages." apt-mark unhold $(apt-mark showhold) fi @@ -2355,7 +2355,7 @@ so_add_user() { } ubuntu_check() { - if [[ $OS == "ubuntu" ]]; then + if [[ $is_ubuntu ]]; then if [[ $waitforstate ]]; then whiptail_ubuntu_notsupported fail_setup diff --git a/setup/so-whiptail b/setup/so-whiptail index 4cb53be53..3ae14bf65 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -533,7 +533,7 @@ whiptail_install_type() { "OTHER" "Other install types" \ 3>&1 1>&2 2>&3 ) - elif [[ $OS = 'ubuntu' ]]; then + elif [[ $is_ubuntu ]]; then install_type=$(whiptail --title "$whiptail_title" --menu \ "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \ "DISTRIBUTED" "Distributed install submenu " \ @@ -569,7 +569,7 @@ whiptail_install_type_dist() { "Existing Deployment " "Join to an existing Security Onion deployment " \ 3>&1 1>&2 2>&3 ) - elif [[ $OS = 'ubuntu' ]]; then + elif [[ $is_ubuntu ]]; then dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \ "Existing Deployment " "Join to an existing Security Onion deployment " \ 3>&1 1>&2 2>&3 From 6fc988740d738245d22153e8c008c6e91d607e6a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 13:46:25 -0400 Subject: [PATCH 007/125] Fix keys --- salt/common/tools/sbin/so-common | 8 +- .../files/centos/keys/MariaDB-Server-GPG-KEY | 236 ++++++++++++++++++ 2 files changed, 241 insertions(+), 3 deletions(-) create mode 100644 salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 9d15f0f95..32fb513c5 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -205,9 +205,11 @@ gpg_rpm_import() { else local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys" fi - - RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub') - + if [[ $is_rocky ]]; then + RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub') + else + RPMKEYS=('RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY') + fi for RPMKEY in "${RPMKEYS[@]}"; do rpm --import $RPMKEYSLOC/$RPMKEY echo "Imported $RPMKEY" diff --git a/salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY b/salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY new file mode 100644 index 000000000..f76d5f4ac --- /dev/null +++ b/salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY @@ -0,0 +1,236 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.14 (GNU/Linux) + +mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis +497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM +LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8 +p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn +U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb +XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j +zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx +cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H +48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ +YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu +b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK +CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3 +kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I +9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3 +P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb +Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF +iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl +sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0 +u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2 +YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b +GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ +7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD +EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb +LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk +Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3 +d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo +8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr +q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6 +4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI +UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl +J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B +TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF +F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6 ++Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR +tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYKJAhwEEwEIAAYF +AlOoWhYACgkQJhw1C503mSxeqRAApW8UY3vvyKqjoqJu94RIyI7AIkwn4Vw5LxDS +gN623ghE2IIwF2Ytp9fMXID8BRZVjnESTrTvuBFp8GT4T1lUEv6zC8tMzZdO9BeU +pmT9odeen0h92GKgUfRwWTjViJHSDrV8wHcHhA8FX3mEVy17s7Nvvj2Ki3AIG6WW +LzZOSmbQJV+DaHXionQqecsVousCgwwuWWNqKXSJASzcOS1LRoVJDnZyGXmi1thX +thU0FcyLyaKjLfCP6ZoorGaxcEev6nxUUWAfO7MWVUTB6ij2PL/d6oRgbyOUsdne +NRBa6sblLDRivI38KKC5GCw7Eh4yoQJzG2r3QQBgJto/bDoUMJW+EFeM2qgcISCD +6eGrVy9ZHVBOPgBS8awEAvaR5/Gy/kn6YYUg5ReC8O+HCWDIxVrbrwyeCxHg+HUI +mgtVfyZfLnpBzp0p1jSAlC3N7KWviPt+/MQmW0a7+WMnbVxJiJmJQHuFoGcHFFM8 +wOA8i1KUXzWgT+IYOw9/nw2qyHMwV3BO/Py9OfRUKlybGar5rGBos7uFHk7pe+Yp +7pdES5Ie83Zw7CHMDp8u7VeEJHSqxVd+jaeHl6nnuG1Hoo4AVLTm5ATbj1Zdq+td +8sNWVyMue0nRvuAtTlN0iBkH/KVor6GGf2HZYXfDcGu7zojtNHlYXngBuz60YlDL +oPeFaoeJAhwEEQEKAAYFAlOoUqcACgkQgHar3gJLs9HE1hAAxzxXG1jNu1ntjEkv +M3js4j84rS+JI1XhR+7JalndjXAbHjwMlo/KOLhRtKYXdpkXpGmrE87FDdW8mci5 +nSahPMn/+vaEdVYyXqo1w0UvZChHxWnsE9FRgggOxTbCZae1P5LVSTB1XZcHZ7+9 +cG0cO43FCB20AMCOHcFr8j0F4HYi+KllI3kawdV8l6qCy6q06z47v0C+ZxoFcdYj +KLYxymaBn+FE9GKEHJZiqMljiKzt41OGpkg3S1vtXl0zqUKfiebo3ZcVMF3xtio8 +NVpHIQSsqg8Q7zZrLBkPTQw0smCdUFxYMjBOVSZ15z7tFCQMYuHThrf2j2wZv++F +cgt9C/6wbGalCNDuOU/dyfyiO95GPQf1nqq2N2vHGIaGMvbqS8oahprEJ3nXEisT +TJ+ofh1f+GX4QCO4mjtR1voqKbg9xkMl9Ap/fEgW3btZ1kuhegpekPDgGhGVwJ9V +N3w1XVOSUdFmKtArHvBrb6cfV6VHiOuYcPWkTwGckJOwNJhgyUPsjGWwrIp6L0+G +4emipfYoIDtFouSjkVF4eXJcr/taguuICj/pn7rsFdYlij5lbcxGVC+aPTcJrdY8 +v7Zyv2wOcTIrU//7PGPLJI1cdT7gQUYlzVnAJGxhq9CLPZlNJRy9pLDTPxvVXQRz +jQxx6RX1pAUPDWJQ2wfmaEHAz0WJAhwEEwECAAYFAlOnjksACgkQDj2OcPh1SrYd +tQ/+LOsCj8V0oOzbiTHREBrjr3S7u/58HRD/8zec61rc4FoCp3Fa+3kmhFDIajLj +VeRtsSSaOr0u6cue30QsGeHE2cbGPNWIqXV3V80I57O3yXRL2DU4GmDLNIF2/ejy +wCSvbHgONEXC4UVPtamHWGqh4sh2ijyJqUx3I0/6afBFn4BVfcsAjNrRe/GwD80/ +ETkfSui4flyZ330sjqM/N2Hp/YwsOTXKXfAThcjb+qZ2BRVnmpldeK593+dFvFG1 +FUK3kC8VFqS49fxgxR/Zo7jNEbrltzjzdRb6BBY86tqwbcnrja8MJHA2MpGtGckV +9/K/LE2jVJN+qeyLN/EoM86Sd+WIQtVY3oxAYwiVGng83t+CI6NPazVMLIQlciwI +lAY+DAGNz+mUTeKwCv7F8sOX91v6PHaB0csvk1I2Is3qwv8zlgnhKdl2R6PzQbsU +Ix1+rvsJ99no75GJeVY/D9YzBJ4a0i0Uu7QF/k8F690qDvSTwx71unxX+0PmJqNu +2sCVQNgLFt7Qtj9+l1pzulzWlZBSDhIBs5mT0jscwjRykDgfngiWDOymfdMG8eSZ +GAK10j+F883uyWlEEFOdA/DBOV3d3Jcm935of4dT1GUmKeoAKixHMkiNT3RvGHlm +fEjMq0vdf6inZva0PTzJSkhooMWYBuROHRMZs9PjrdXRHBeIRgQSEQIABgUCU6iz ++gAKCRAcAAgvMZOT9D2+AJ9aAZIbjN/m2Jjaojkxg9L5aBWBPQCeJIMpW1iiDELi +byKoVnd08EbgxJqIXgQSEQgABgUCU6iz4wAKCRBWtwXK6VQruLL/AQCbgU3t/mfh +bMQjuvE2DsE3qXiEVMEbXnxlCiodiMF4UgEAgPIAQcV+Jo+D+p0nHrVl2ClAhhpz +W/zuJqtJ24C20ZqJAhwEEAECAAYFAlOocMMACgkQyapz7WGq1jsRNg/+NH09e7g1 +CuPVa/1cBRoiprBvWXmy734MpkzW4kyVMZjBCQXBCrJFvZgvhQhYrR8jXmj+ZJEr +kfX3UHimyhWbBnu+XqIWzWwEtg7bggQN3eFyNcIV/KI9rK7IBQO92AptpTusIdgA +DQTFlJO06pF4kE89ZjBALQFbKDY1EJX3hyQEYixOzO4936xbwxoiJKR2J71ZGele +xXauhz2kpOd2jg/oMhhAOzldFaWAUBQJZPwl4vZrqVjNcMUNeINGd7++kkfBLfxL +xHJ8ynnXWHalsHVzdDRaFqp1Bna8RwrHnDd4Hwd/4Qv7iVZqmLLqEJpIgS1IDMx/ +BwkrCOD0gluwmxlm3PbbeUKeR/cj6CICFt9TgUJrYm9Vh7n0y8uHKY6PE5J4NX9l +D75eoPk2SuYTNgAR4iuI5MYQIKWL7aeKh09piPgrIrja8eDQ5AsklBaDYxOYZrot +Xx+sgGXGSLK3eyvZ+hJ8hBX38mydYpswzhvr/vAyKz8TQ6bwnRVlvkMYE+LjevOD +Wm9+EfkvBRChJcgDoycoHIFVaQ47Hgu2eGyCRNoMZ3l6O1O4AN5+RXrAJAi06zFs +RUnBLqxjSMmYqPYUowAxG0ukougc2HVCl1kMD9NxvK5zOfleUA8wWb5O9Z5tllnD +qu7RtIVXAXIJgn2HRDVk+wP8xuY2qJlfo1yJAhwEEAECAAYFAlOpb/EACgkQKPqA +GkO91jd+Dg/+NF4QwqLvxgl2TiORDt5HjWHSGMBlaYFBEwrBAgNvwZEH80mAsua6 +FnfZMSGiFmpVfMUqkjOJVdmA8yERxYFsyGopv/9OmOT2UxV4IZl5YYAJRsPHLjzV +MIUKiGPI1yvrhYW91hKRFGIxwqE7XHwWToufwHe5WB6AdeGyoIHtQcw0eTKSJHz2 +zbpyWKBx0wAK55YqMEQ2rx9qcOjZy3vjxlotwfGnBeR4VT6Oap1DvAkNZ4XcN0Ok +AKZbFBEMbJed9fnciwDV+Y/svPb05l+zSgmqJ6axhwSvu7rct+dksfmb0BnF03kh +SzNVlu0S/85mhEPgx1/BZxIp34RDbcqWymHsgPyhxwBBlFryfVvJrtyAMWs4T8mn +RkqKrNQHMfPOTBioxi2HOyG2eSK8BlQsJS5yccnYaBnSegWaIxkU+2l/yJkYMhl5 +sXdlmqcTtwv+R+acDkEPe9BQstn0+xOWL6hqpA0EM710LJCkQnB4c/JNgW5CL08k +CevBVole5jYJL5rXmUL0U+ZWGZMakFrrrkhuQMEjxecyuOHs4jrnsVVGz/e0hqWv +0NnRY9m5UyKEZIA1si8tFIrtrTSgZ5/sGH9/pksQ2HObrKe4LY6zVSyJLXwX1htQ +/j0st83YkDZ5mEY0r+Hh/1XOzhWgQ0ONR/MOIKNyjVTHldCrb4WPM4mJAZwEEAEC +AAYFAlOo8v0ACgkQrgrV97KweO9sfgv+NKYxgCiWrRjYW80hJE74OEJrjBGQDOJ5 +MPVvPSH7StOfSMpckLoNWedJJ7RuInOzuUY0lAUH6/ql+Krf4ysHlSGjuu+dDy0d +HN3gu994YrjT6hVzEG1OV+sJcTuvgn2qTVYu1ksIV/SZ48l0PRMwPXcu3FSzKvti +G1gHFNx1cyzjxwmdT42afKCpR8RvwmWPfbDmEz500iFXsw78EEBXEWo81bXncWdZ +Eic8QeVyTWKFldIrZLkL7+RQY3hViu0G5C7gSP39ZU4ZTegqMaEhHzuKtCiNO5Y2 ++hkYZgRNnUOSrmWO+wkLUNRtG2Strx5Sy9p94fn/decfuRsEJo4L1aMCFGEDfRSD +bc3pBG3tr9qvNBAegTTMQlZJcxa52Z7EI56rQGYEPw8kvt/uOqMYybUIxwVATgIt +fRy9Jsyz+0DwZfEINkuEFA/S2KCwWys5aZfPDCsqwh0gS/olvT06v97loF8XED0P +0irX4/6BHFHDlM8aNnN11p02p5lrTpLGuQQNBEtohLgQEAClnTC/GlBWVno4QVr1 +IFDl5yVEg6NeMqqRgaS8jH6NSaoJh86B8+LE4ZhLlDYrAc3PhcQ4g4DWTIKUCgAC +A4QZTGPwLGdsGTXQhWj8kE42N2opg9nZg114gispcSZqLiLmErkB9kejKqxXlqrE +aQZ5VSO79yjJEljotryIv5EG7GJG5Q9bKYaO0hIBHp9KI3x/+RGXL/L0uYw7wlw6 +l6J6otQU8roq7OEjgXScWQcmlk8M04ceX4aYBn5KpnGYiumQbKZ3fqFMrFbieWc3 +qSpzWAzB2fUv+78P4L+OExtNOyyqIxl7I/24WacwHeWzU1Xw7G9vFxMEbQzuDgCV +99RAqlSs2EgGgLdHtRthDcJNlfVCn9MHNt9ECAaF1YFANAR3f8uX0bhBoKz0j7hb +ryuQCvt7sjKUfJ8SL2hhCRcUgR5oCGIQ2YkGlwulqz/I0mgtrKrM+xD6VE2DeiYW +e0+1miWQyLqitE2LGuBdXrib/TVg2OYEVOqynnA6raPRyZORs5ap2eWYY+DYSXW5 +95slzphZLWcWbphGk38HdBu0CdqvUJv4geWvSFpM5iFCn5cU36TVuuqz5K59rz+v +Po3m2yb5bkaMcq8evbgVNrTa7cfiUio2U0GTNlkqHMCHERaInPBz9/a6kbm92mWs +z9gJT5dOi1g9vlkRdB7aYP+tcwADBQ//R/UM4kh+cyuHWj/dEqoOryTu2W/YYQS/ +RUSeHy3Lh0xvwOizYzU5zgq/1AsHcNdxLj8vglbm8XRCBIDOrWvmgFPXNoxyoNLo +5SUetZSLxoM23kQ9C4QZ0/b+JMN4Crivx4JisdELt6CV3JFmuZY19xk3r8b0r4lK +OFZ9JZZIFEipv5TFxA0KnqLq29VLEJ8srVHg/iQD9ngKja/LAh9V8+Ed3mchY2XX +KX07evTgYI1OPPCy/92FQYMUhWyCGB6Fm4vQFvuEO7K9nZKEAu6Znm3uZT9InaE6 +TeSU77ZsgkHSCq5SRaf/iDWHZOn1dVasjXHoZQHFFiTALi1ZqPNZ5ULmFwNUB2pg +3QfQdWP8ISCsRaUJW/WEnQlgCyNfwKPVC5kHWLfh+MSSDJsyOjegJTkYJKI2a+1N +5Sl7HJj/uIcB3KhkcVP59BLzhUxgoVPi1Ngf7mNNrrbJ8+GfrdNg+iutHJOobxol +AudzObQ03lHmauJglCOvg+Pw9JLBZyT8a3xHm9v4Lr365cg0Ho4qqEbrFTRuqcIj +G3c6FVLu/RJ8eOfT6KX8k5z96/3CbobkXGYRY6hjCJuZoPMd9z03UcxHONMQ0jt/ +Ik80WP0gOSnCTgTfKWuS5WXYoSZgMn1P2fLhQydDtJvrDn1SHEwgW1FM82lAlYJZ +d+FZQCjhZ8KISQQYEQIACQUCS2iEuAIbDAAKCRDLywgqG7lD29OGAJ4gfMkLP5Az +y7iIJOsZon3D/6PDPgCdGF1dwVW/uy+3ao53fvgS0JKO/bg= +=bSQ3 +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsFNBFb8EKsBEADwGmleOSVThrbCyCVUdCreMTKpmD5p5aPz/0jc66050MAb71Hv +TVcfuMqHYO8O66qXLpEdqZpuk4D+rw1oKyC+d8uPD2PSHRqBXnR0Qf+LVTZvtO92 +3R7pYnC2x6V6iVGpKQYFP8cwh2B1qgIa+9y/N8cQIqfD+0ghyiUjjTYek3YFBnqa +L/2h2V0Mt0DkBrDK80LqEY10PAFDfJjINAW9XNHZzi2KqUx5w1z8rItokXV6fYE5 +ItyGMR6WVajJg5D4VCiZd0ymuQP2bGkrRbl6FH5vofVSkahKMJeHs2lbvMvNyS3c +n8vxoBvbbcwSAV1gvB1uzXXxv0kdkFZjhU1Tss4+Dak8qeEmIrC5qYycLxIdVEhT +Z8N8+P7Dll+QGOZKu9+OzhQ+byzpLFhUHKys53eXo/HrfWtw3DdP21yyb5P3QcgF +scxfZHzZtFNUL6XaVnauZM2lqquUW+lMNdKKGCBJ6co4QxjocsxfISyarcFj6ZR0 +5Hf6VU3Y7AyuFZdL0SQWPv9BSu/swBOimrSiiVHbtE49Nx1x/d1wn1peYl07WRUv +C10eF36ZoqEuSGmDz59mWlwB3daIYAsAAiBwgcmN7aSB8XD4ZPUVSEZvwSm/IwuS +Rkpde+kIhTLjyv5bRGqU2P/Mi56dB4VFmMJaF26CiRXatxhXOAIAF9dXCwARAQAB +zS1NYXJpYURCIFNpZ25pbmcgS2V5IDxzaWduaW5nLWtleUBtYXJpYWRiLm9yZz7C +wXgEEwEIACIFAlb8EKsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPFl +byTHTNHYJZ0P/2Z2RURRkSTHLKZ/GqSvPReReeB7AI+ZrDapkpG/26xp1Yw1isCO +y99pvQ7hjTFhdZQ7xSRUiT/e27wJxR7s4G/ck5VOVjuJzGnByNLmwMjdN1ONIO9P +hQAs2iF3uoIbVTxzXof2F8C0WSbKgEWbtqlCWlaapDpN8jKAWdsQsNMdXcdpJ2os +WiacQRxLREBGjVRkAiqdjYkegQ4BZ0GtPULKjZWCUNkaat51b7O7V19nSy/T7MM7 +n+kqYQLMIHCF8LGd3QQsNppRnolWVRzXMdtR2+9iI21qv6gtHcMiAg6QcKA7halL +kCdIS2nWR8g7nZeZjq5XhckeNGrGX/3w/m/lwczYjMUer+qs2ww5expZJ7qhtSta +lE3EtL/l7zE4RlknqwDZ0IXtxCNPu2UovCzZmdZm8UWfMSKk/3VgL8HgzYRr8fo0 +yj0XkckJ7snXvuhoviW2tjm46PyHPWRKgW4iEzUrB+hiXpy3ikt4rLRg/iMqKjyf +mvcE/VdmFVtsfbfRVvlaWiIWCndRTVBkAaTu8DwrGyugQsbjEcK+4E25/SaKIJIw +qfxpyBVhru21ypgEMAw1Y8KC7KntB7jzpFotE4wpv1jZKUZuy71ofr7g3/2O+7nW +LrR1mncbuT6yXo316r56dfKzOxQJBnYFwTjXfa65yBArjQBUCPNYOKr0wkYEEhEI +AAYFAlb8JFYACgkQy8sIKhu5Q9snYACgh3id41CYTHELOQ/ymj4tiuFt1lcAn3JU +9wH3pihM9ISvoeuGnwwHhcKnwsFcBBIBCAAGBQJW/CSEAAoJEJFxGJmV5Fqe11cP +/A3QhvqleuRaXoS5apIY3lrDL79Wo0bkydM3u2Ft9EqVVG5zZvlmWaXbw5wkPhza +7YUjrD7ylaE754lHI48jJp3KY7RosClY/Kuk56GJI/SoMKx4v518pAboZ4hjY9MY +gmiAuZEYx5Ibv1pj0+hkzRI78+f6+d5QTQ6y/35ZjSSJcBgCMAr/JRsmOkHu6cY6 +qOpq4g8mvRAX5ivRm4UxE2gnxZyd2LjY2/S2kCZvHWVaZuiTD0EU1jYPoOo6fhc8 +zjs5FWS56C1vp7aFOGBvsH3lwYAYi1K2S+/B4nqpitYJz/T0zFzzyYe7ZG77DXKD +/XajD22IzRGKjoeVPFBx+2V0YCCpWZkqkfZ2Dt3QVW//QIpVsOJnmaqolDg1sxoa +BEYBtCtovU0wh1pXWwfn7IgjIkPNl0AU8mW8Ll91WF+Lss/oMrUJMKVDenTJ6/ZO +06c+JFlP7dS3YGMsifwgy5abA4Xy4GWpAsyEM68mqsJUc7ZANZcQAKr6+DryzSfI +Olsn3kJzOtb/c3JhVmblEO6XzdfZJK/axPOp3mF1oEBoJ56fGwO2usgVwQDyLt3J +iluJrCvMSBL9KtBZWrTZH5t3rTMN0NUALy4Etd6Y8V94i8c5NixMDyjRU7aKJAAw +tUvxLd12dqtaXsuvGyzLbR4EDT/Q5DfLC1DZWpgtUtCVwsFcBBIBCAAGBQJW/CS2 +AAoJEEHdwLQNpW8iMUoP/AjFKyZ+inQTI2jJJBBtrLjxaxZSG5ggCovowWn8NWv6 +bQBm2VurYVKhvY1xUyxoLY8KN+MvoeTdpB3u7z+M6x+CdfoTGqWQ2yapOC0eEJBF +O+GFho2WE0msiO0IaVJrzdFTPE0EYR2BHziLu0DDSZADe1WYEqkkrZsCNgi6EMng +mX2h+DK2GlC3W2tY9sc63DsgzjcMBO9uYmpHj6nizsIrETqouVNUCLT0t8iETa25 +Mehq/I92I70Qfebv7R4eMrs+tWXKyPU0OjV+8b8saZsv1xn98UkeXwYx4JI04OTw +nBeJG8yPrGDBO5iucmtaCvwGQ3c76qBivrA8eFz3azRxQYWWiFrkElTg+C/E83JQ +WgqPvPZkI5UHvBwBqcoIXG15AJoXA/ZWIB8nPKWKaV5KDnY3DBuA4rh5Mhy3xwcC +/22E/CmZMXjUUvDnlPgXCYAYU0FBbGk7JpSYawtNfdAN2XBRPq5sDKLLxftx7D8u +ESJXXAlPxoRh7x1ArdGM+EowlJJ0xpINBaT0Z/Hk0jxNIFEak796/WeGqewdOIki +dAs4tppUfzosla5K+qXfWwmhcKmpwA4oynE8wIaoXptoi8+rxaw4N6wAXlSrVxeC +VTnb7+UY/BT2Wx6IQ10C9jrsj6XIffMvngIinCD9Czvadmr7BEIxKt1LP+gGA8Zg +wsFcBBIBCgAGBQJYE6oDAAoJEL7YRJ/O6NqIJ24P+QFNa2O+Q1rLKrQiuPw4Q73o +7/blUpFNudZfeCDpDbUgJ01u1RHnWOyLcyknartAosFDJIpgcXY5I8jsBIO5IZPR +C/UKxZB3RYOhj49bySD9RNapHyq+Y56j9JUoz6tkKFBd+6g85Ej8d924xM1UnRCS +9cfI9W0fSunbCi2CXLbXFF7V+m3Ou1SVYGIAxpMn4RXyYfuqeB5wROR2GA5Ef6T3 +S5byh1dRSEgnrBToENtp5n7Jwsc9pDofjtaUkO854l45IqFarGjCHZwtNRKd2lcK +FMnd1jS0nfGkUbn3qNJam1qaGWx4gXaT845VsYYVTbxtkKi+qPUIoOyYx4NEm6fC +ZywH72oP+fmUT/fbfSHa5j137dRqokkR6RFjnEMBl6WHwgqqUqeIT6t9uV6WWzX9 +lNroZFAFL/de7H31iIRuZcm38DUZOfjVf9glweu4yFvuJ7cQtyQydFQJV4LGDT/C +8e9TWrV1/gWMyMGQlZsRWa+h+FfFUccQtfSdXpvSxtXfop+fVQmJgUUl92jh4K9j +c9a6rIp5v1Q1yEgs2iS50/V/NMSmEcE1XMOxFt9fX9T+XmKAWZ8L25lpILsHT3mB +VWrpHdbawUaiBp9elxhn6tFiTFR7qA7dlUyWrI+MMlINwSZ2AAXvmA2IajH/UIlh +xotxmSNiZYIQ6UbD3fk4wsFzBBABCgAdFiEEmy/52H2krRdju+d2+GQcuhDvLUgF +Ally44wACgkQ+GQcuhDvLUgkjQ//c3mBxfJm6yLAJD4s4OgsPv4pcp/EKmPcdztm +W0/glwopUZmq9oNo3VMMCGtusrQgpACzfUlesu9NWlPCB3olZkeGugygo0zuQBKs +55eG7bPzMLyfSqLKyogYocaGc4lpf4lbvlvxy37YGVrGpwT9i8t2REtM6iPKDcMM +sgVtNlqFdq3Fs2Haqt0m1EksX6/GSIrjK4LZEcPklrGPvUS3S+qkwuaGE/jXxncE +4jFQR9SYH6AHr6Vkt1CG9Dgpr+Ph0I9n0JRknBYoUZ1q51WdF946NplXkCskdzWG +RHgMUCz3ZehF1FzpKgfO9Zd0YZsmivV/g6frUw/TayP9gxKPt7z2Lsxzyh8X7cg6 +TAvdG9JbG0PyPJT1TZ8qpjP/PtqPclHsHQQIbGSDFWzRM5znhS+5sgyw8FWInjw8 +JjxoOWMa50464EfGeb2jZfwtRimJAJLWEf/JnvO779nXf5YbvUZgfXaX7k/cvCVk +U8M7oC7x8o6F0P2Lh6FgonklKEeIRtZBUNZ0Lk9OShVqlU9/v16MHq/Eyu/Mbs0D +en3vYgiYxOBR8czD1Wh4vsKiGfOzQ6oWti/DCURV+iTYhJc7mSWM6STzUFr0nCnF +x6W0j/zH6ZgiFAGOyIXW2DwfjFvYRcBL1RWAEKsiFwYrNV+MDonjKXjpVB1Ra90o +lLrZXAXCwHMEEgEKAB0WIQRMRw//78TT3Fl3hlXOGj3V48lPSQUCXAAgOgAKCRDO +Gj3V48lPSQxAB/43qoWteVZEiN3JW4FnHg+S60TnHSP69FKV+363XYKDa23pNpv4 +tiJumo9Kvb4UoDft766/URHm5RKyPtrxy+wqotamrkGJUTtP2a68h7C31VX+pf6i +iQKmxRQz4zmW0pA5X01+AgpvcDH++Fv5NLBpnjqPdTh5b0gvr89E0zMNldNYOZu1 +0H/mukrnGlFDu/osBuy+XJtP2MeasazVMLvjKs+hr//E+iLI9DZOwFBK6AX5gkkI +UEHkSeb4//AHwvanUMin9un9+F9iR+qDuDEKxuevYzM0owuoVcK5pAsRnRQJlnHW +/0BQ6FtNGpmljhvUk8a/l3xFf3z/uJG5vVKVzsFNBFb8EKsBEADDfCMsu2U1CdJh +r4xp6z4J89/tMnpCQASC8DQhtZ6bWG/ksyKt2DnDQ050XBEng+7epzHWA2UgT0li +Y05zZmFs1X7QeZr16B7JANq6fnHOdZB0ThS7JEYbProkMxcqAFLAZJCpZT534Gpz +W7qHwzjV+d13IziCHdi6+DD5eavYzBqY8QzjlOXbmIlY7dJUCwXTECUfirc6kH86 +CS8fXZTke4QYZ55VnrOomB4QGqP371kwBETnhlhi74+pvi3jW05Z5x1tVMwuugyz +zkseZp1VYmJq5SHNFZ/pnAQLE9gUDTb6UWcPBwQh9Sw+7ahSK74lJKYm3wktyvZh +zAxbNyzs1M56yeFP6uFwJTBfNByyMAa6TGUhNkxlLcYjxKbVmoAnKCVM8t41TlLv +/a0ki8iQxqvphVLufksR9IpN6d3F15j6GeyVtxBEv04iv4vbuKthWytb+gjX4bI8 +CAo9jGHevmtdiw/SbeKx2YBM1MF6eua37rFMooOBj4X7VfQCyS+crNsOQn8nJGah +YbzUDCCgnX+pqN9iZvXisMS79wVyD5DyISFDvT/5jY7IXxPibxr10P/8lfW1d72u +xyI2UiZKZpyHCt4k47yMq4KQGLGuhxJ6q6O3bi2aXRuz8bLqTBLca9dmx9wZFvRh +6jS/SKEg7eFcY0xbb6RVIv1UwGDYfQARAQABwsFfBBgBCAAJBQJW/BCrAhsMAAoJ +EPFlbyTHTNHYEBIQAJhFTh1u34Q+5bnfiM2dAdCr6T6w4Y1v9ePiIYdSImeseJS2 +yRglpLcMjW0uEA9KXiRtC/Nm/ClnqYJzCKeIaweHqH6dIgJKaXZFt1Uaia7X9tDD +wqALGu97irUrrV1Kh9IkM0J29Vid5amakrdS4mwt2uEISSnCi7pfVoEro+S7tYQ9 +iH6APVIwqWvcaty3cANdwKWfUQZ6a9IQ08xqzaMhMp2VzhVrWkq3B0j2aRoZR7BN +LH2I7Z0giIM8ARjZs99aTRL+SfMEQ3sUxNLb3KWP/n1lSFbrk4HGzqUBBfczESlN +c0970C6znK0H0HD11/3BTkMuPqww+Tzex4dpMQllMEKZ3wEyd9v6ba+nj/P1FHSE +y/VN6IXzd82s1lYOonKTdmXAIROcHnb0QUzwsd/mhB3jKhEDOV2ZcBTD3yHv8m7C +9G9y4hV+7yQlnPlSg3DjBp3SS5r+sOObCIy2Ad32upoXkilWa9g7GZSuhY9kyKqe +Eba1lgXXaQykEeqx0pexkWavNnb9JaPrAZHDjUGcXrREmjEyXyElRoD4CrWXySe4 +6jCuNhVVlkLGo7osefynXa/+PNjQjURtx8en7M9A1FkQuRAxE8KIZgZzYxkGl5o5 +POSFCA4JUoRPDcrl/sI3fuq2dIOE/BJ2r8dV+LddiR+iukhXRwJXH8RVVEUS +=mCOI +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file From 209aae50bcd3015ad1ac6035b3606210eaddd60e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:32:01 -0400 Subject: [PATCH 008/125] Add more packages --- salt/common/packages.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index dff2e95c9..1f8819ce1 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -23,6 +23,9 @@ commonpkgs: - python3-lxml - git - vim + - fuse3 + - fuse-overlayfs + - fuse3-libs # since Ubuntu requires and internet connection we can use pip to install modules python3-pip: From 6d2e851a437b9d1b6d3a1e9d17f618c4ef7a1733 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:36:51 -0400 Subject: [PATCH 009/125] Add more packages --- salt/common/packages.sls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 1f8819ce1..fc5190b9d 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -23,9 +23,6 @@ commonpkgs: - python3-lxml - git - vim - - fuse3 - - fuse-overlayfs - - fuse3-libs # since Ubuntu requires and internet connection we can use pip to install modules python3-pip: @@ -67,4 +64,7 @@ commonpkgs: - python3-watchdog - python3-packaging - unzip + - fuse3 + - fuse-overlayfs + - fuse3-libs {% endif %} From d80c88f6138c180352f561cb9a0d1fe26ae1e5a9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:43:56 -0400 Subject: [PATCH 010/125] Add more packages --- salt/common/packages.sls | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index fc5190b9d..bb4af8aa8 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -64,7 +64,33 @@ commonpkgs: - python3-watchdog - python3-packaging - unzip - - fuse3 - - fuse-overlayfs - - fuse3-libs + +{% elif GLOBALS.os == 'CentOS Stream' %} +commonpkgs: + pkg.installed: + - skip_suggestions: True + - pkgs: + - wget + - jq + - tcpdump + - httpd-tools + - net-tools + - curl + - sqlite + - mariadb-devel + - python3-dnf-plugin-versionlock + - nmap-ncat + - yum-utils + - device-mapper-persistent-data + - lvm2 + - openssl + - git + - python3-docker + - python3-m2crypto + - rsync + - python3-rich + - python3-pyyaml + - python3-watchdog + - python3-packaging + - unzip {% endif %} From 933f4fa6c83ed5e26b2543229f4c3b2df0c8960f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:45:32 -0400 Subject: [PATCH 011/125] Add more packages --- salt/common/packages.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index bb4af8aa8..4a7bb0662 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -77,7 +77,7 @@ commonpkgs: - net-tools - curl - sqlite - - mariadb-devel + - MariaDB-devel - python3-dnf-plugin-versionlock - nmap-ncat - yum-utils From 0c320e3501601f8f16dda7c6b1097fe7e9b66aef Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:46:29 -0400 Subject: [PATCH 012/125] Add more packages --- salt/common/packages.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 4a7bb0662..518637844 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -90,7 +90,7 @@ commonpkgs: - rsync - python3-rich - python3-pyyaml - - python3-watchdog + #- python3-watchdog - python3-packaging - unzip {% endif %} From ae4befe377fb48e3a835cc176c9a672ed71db1de Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:57:43 -0400 Subject: [PATCH 013/125] add OS logic --- salt/_modules/needs_restarting.py | 8 ++++++++ salt/common/init.sls | 25 +++++++++++++++++++++++++ salt/desktop/trusted-ca.sls | 26 ++++++++++++++++++++++++++ salt/repo/client/map.jinja | 18 ++++++++++++++++++ salt/salt/map.jinja | 2 +- 5 files changed, 78 insertions(+), 1 deletion(-) diff --git a/salt/_modules/needs_restarting.py b/salt/_modules/needs_restarting.py index 8f5b50242..c2f7e8b12 100644 --- a/salt/_modules/needs_restarting.py +++ b/salt/_modules/needs_restarting.py @@ -10,6 +10,14 @@ def check(): if path.exists('/var/run/reboot-required'): retval = 'True' + elif os == 'CentOS Stream': + cmd = 'needs-restarting -r > /dev/null 2>&1' + + try: + needs_restarting = subprocess.check_call(cmd, shell=True) + except subprocess.CalledProcessError: + retval = 'True' + elif os == 'Rocky': cmd = 'needs-restarting -r > /dev/null 2>&1' diff --git a/salt/common/init.sls b/salt/common/init.sls index c23e82543..4fe150f02 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -242,6 +242,31 @@ soversionfile: {% endif %} +{% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %} + {% if GLOBALS.os == 'CentOS Stream' %} +# Install Raid tools +raidpkgs: + pkg.installed: + - skip_suggestions: True + - pkgs: + - securityonion-raidtools + - securityonion-megactl + {% endif %} + +# Install raid check cron +so-raid-status: + cron.present: + - name: '/usr/sbin/so-raid-status > /dev/null 2>&1' + - identifier: so-raid-status + - user: root + - minute: '*/15' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + +{% endif %} + {% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %} {% if GLOBALS.os == 'Rocky' %} # Install Raid tools diff --git a/salt/desktop/trusted-ca.sls b/salt/desktop/trusted-ca.sls index 352b747b6..18f5b16e0 100644 --- a/salt/desktop/trusted-ca.sls +++ b/salt/desktop/trusted-ca.sls @@ -27,6 +27,32 @@ update_ca_certs: - onchanges: - x509: trusted_ca +{% elif GLOBALS.os == 'CentOS Stream' %} + + {% set global_ca_text = [] %} + {% set global_ca_server = [] %} + {% set manager = GLOBALS.manager %} + {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %} + {% for host in x509dict %} + {% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import', 'eval'] %} + {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %} + {% do global_ca_server.append(host) %} + {% endif %} + {% endfor %} + {% set trusttheca_text = global_ca_text[0] %} + {% set ca_server = global_ca_server[0] %} + +trusted_ca: + x509.pem_managed: + - name: /etc/pki/ca-trust/source/anchors/ca.crt + - text: {{ trusttheca_text }} + +update_ca_certs: + cmd.run: + - name: update-ca-trust + - onchanges: + - x509: trusted_ca + {% else %} desktop_trusted-ca_os_fail: diff --git a/salt/repo/client/map.jinja b/salt/repo/client/map.jinja index 515ec515b..35f1b23d6 100644 --- a/salt/repo/client/map.jinja +++ b/salt/repo/client/map.jinja @@ -1,4 +1,22 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} + +{% if GLOBALS.os == 'CentOS Stream' %} + + {% set REPOPATH = '/etc/yum.repos.d/' %} + {% set ABSENTFILES = [ + 'centos-addons.repo', + 'centos-devel.repo', + 'centos-extras.repo', + 'centos.repo', + 'docker-ce.repo', + 'epel.repo', + 'epel-testing.repo', + 'saltstack.repo', + 'salt-latest.repo', + 'wazuh.repo' + ] + %} + {% if GLOBALS.os == 'Rocky' %} {% set REPOPATH = '/etc/yum.repos.d/' %} diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 14e735b56..b6b109c47 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -20,7 +20,7 @@ {% set INSTALLEDSALTVERSION = grains.saltversion %} {% if grains.saltversion|string != SALTVERSION|string %} - {% if grains.os|lower in ['Rocky', 'redhat'] %} + {% if grains.os|lower in ['Rocky', 'redhat', 'CentOS Stream'] %} {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %} {% elif grains.os|lower == 'ubuntu' %} {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %} From 5ab54fcfc5e1e02df4a9395d65a7be836eaa16b5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 16:02:25 -0400 Subject: [PATCH 014/125] add OS logic --- salt/common/packages.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 518637844..7cb767b19 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -93,4 +93,7 @@ commonpkgs: #- python3-watchdog - python3-packaging - unzip + - fuse3 + - fuse-libs + - fuse-overlayfs {% endif %} From 6545ae588dfcc07e96bd3c8268e44bd145937523 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 16:10:23 -0400 Subject: [PATCH 015/125] add fuse --- salt/common/packages.sls | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 7cb767b19..cb95c9b87 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -90,10 +90,9 @@ commonpkgs: - rsync - python3-rich - python3-pyyaml - #- python3-watchdog - python3-packaging - unzip - - fuse3 + - fuse - fuse-libs - fuse-overlayfs {% endif %} From 8a88b16b9eb86c4234aeea840c0b57f8d24f471f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 16:16:59 -0400 Subject: [PATCH 016/125] add fuse --- salt/common/packages.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index cb95c9b87..c22a980be 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -95,4 +95,5 @@ commonpkgs: - fuse - fuse-libs - fuse-overlayfs + - fuse-common {% endif %} From 884d669ae9850d1c10190e9cc3c7541031ec5891 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jun 2023 08:48:46 -0400 Subject: [PATCH 017/125] add more OS logic --- salt/ntp/init.sls | 2 ++ salt/repo/client/centos.sls | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/ntp/init.sls b/salt/ntp/init.sls index 08f5e28b5..9c0c3dcb2 100644 --- a/salt/ntp/init.sls +++ b/salt/ntp/init.sls @@ -19,6 +19,8 @@ chronyconf: {% if GLOBALS.os == 'Rocky' %} chronyd: +{% elif GLOBALS.os == 'CentOS Stream' %} +chronyd: {% else %} chrony: {% endif %} diff --git a/salt/repo/client/centos.sls b/salt/repo/client/centos.sls index 7e077c1ce..2e1816bb3 100644 --- a/salt/repo/client/centos.sls +++ b/salt/repo/client/centos.sls @@ -7,7 +7,7 @@ {% from 'repo/client/map.jinja' import ABSENTFILES with context %} {% from 'repo/client/map.jinja' import REPOPATH with context %} -{% if GLOBALS.os == 'CentOS' %} +{% if GLOBALS.os == 'CentOS Stream' %} {% if ABSENTFILES|length > 0%} {% for file in ABSENTFILES %} From 17a04a75c9ed8d32b654db591a646306b43b5ee6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jun 2023 08:53:00 -0400 Subject: [PATCH 018/125] fix repo state --- salt/repo/client/init.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index 154867caf..a26342a06 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -1,2 +1,6 @@ include: + {% if GLOBALS.os == 'CentOS Stream' %} + - repo.client.centos + {% else %} - repo.client.{{grains.os | lower}} + {% endif %} \ No newline at end of file From 59191008a06b516919bc9c6f898ce065c3ec8123 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jun 2023 08:55:00 -0400 Subject: [PATCH 019/125] fix repo state --- salt/repo/client/init.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index a26342a06..9ca156a7c 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -1,3 +1,5 @@ +{% from 'vars/globals.map.jinja' import GLOBALS %} + include: {% if GLOBALS.os == 'CentOS Stream' %} - repo.client.centos From 34ab949dfc76f71ed12be2c8c8afc34ec09e488b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jun 2023 08:56:38 -0400 Subject: [PATCH 020/125] fix repo state --- salt/repo/client/map.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/repo/client/map.jinja b/salt/repo/client/map.jinja index 35f1b23d6..a70c8d476 100644 --- a/salt/repo/client/map.jinja +++ b/salt/repo/client/map.jinja @@ -17,7 +17,7 @@ ] %} -{% if GLOBALS.os == 'Rocky' %} +{% elif GLOBALS.os == 'Rocky' %} {% set REPOPATH = '/etc/yum.repos.d/' %} {% set ABSENTFILES = [ From 564ab105ba71ea595bad839eaefd3eb1696469e2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sun, 2 Jul 2023 09:34:14 -0400 Subject: [PATCH 021/125] Add some Ubuntu --- setup/so-functions | 11 ++++++++--- setup/so-whiptail | 32 ++++++++++++++++---------------- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 4310a7ef8..32eb351f9 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -964,6 +964,11 @@ detect_os() { OS=ubuntu if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then OSVER=focal + UBVER=20.04 + is_ubuntu=true + elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then + OSVER=jammy + UBVER=22.04 is_ubuntu=true else info "We do not support your current version of Ubuntu." @@ -2023,8 +2028,8 @@ saltify() { #logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub" logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg" - logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" - echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/minor/$SALTVERSION/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list + logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg" #logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub" @@ -2045,7 +2050,7 @@ saltify() { fi - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rocky || $is_centos || $is_ubuntu ]]; then if [[ $waitforstate ]]; then # install all for a manager logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION" diff --git a/setup/so-whiptail b/setup/so-whiptail index 3ae14bf65..3d760b873 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -523,7 +523,7 @@ whiptail_install_type() { [ -n "$TESTING" ] && return # What kind of install are we doing? - if [[ $is_rocky || $is_centos ]]; then +# if [[ $is_rocky || $is_centos ]]; then install_type=$(whiptail --title "$whiptail_title" --menu \ "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \ "IMPORT" "Import PCAP or log files " \ @@ -533,14 +533,14 @@ whiptail_install_type() { "OTHER" "Other install types" \ 3>&1 1>&2 2>&3 ) - elif [[ $is_ubuntu ]]; then - install_type=$(whiptail --title "$whiptail_title" --menu \ - "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \ - "DISTRIBUTED" "Distributed install submenu " \ - "OTHER" "Other install types" \ - 3>&1 1>&2 2>&3 - ) - fi +# elif [[ $is_ubuntu ]]; then +# install_type=$(whiptail --title "$whiptail_title" --menu \ +# "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \ +# "DISTRIBUTED" "Distributed install submenu " \ +# "OTHER" "Other install types" \ +# 3>&1 1>&2 2>&3 +# ) +# fi local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -563,18 +563,18 @@ whiptail_install_type_dist() { [ -n "$TESTING" ] && return - if [[ $is_rocky || $is_centos ]]; then +# if [[ $is_rocky || $is_centos ]]; then dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \ "New Deployment " "Create a new Security Onion deployment" \ "Existing Deployment " "Join to an existing Security Onion deployment " \ 3>&1 1>&2 2>&3 ) - elif [[ $is_ubuntu ]]; then - dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \ - "Existing Deployment " "Join to an existing Security Onion deployment " \ - 3>&1 1>&2 2>&3 - ) - fi +# elif [[ $is_ubuntu ]]; then +# dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \ +# "Existing Deployment " "Join to an existing Security Onion deployment " \ +# 3>&1 1>&2 2>&3 +# ) +# fi local exitstatus=$? whiptail_check_exitstatus $exitstatus From 8621352701bf90905e3c1cd2c4af94b197745d18 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 09:38:23 -0400 Subject: [PATCH 022/125] Add some Ubuntu --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 32eb351f9..bf7bfe91e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2029,7 +2029,7 @@ saltify() { logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg" logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" - echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ $OSVER main" | sudo tee /etc/apt/sources.list.d/salt.list logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg" #logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub" From 903de330c2ec8a60d373b54202685395a2e7804c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 09:49:24 -0400 Subject: [PATCH 023/125] Add some Ubuntu --- setup/so-functions | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index bf7bfe91e..70e2d08f0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2044,13 +2044,17 @@ saltify() { # Ain't nothing but a GPG retry 150 20 "apt-get update" "" "Err:" || fail_setup - retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup - retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup - #retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 - + if [[ $waitforstate ]]; then + retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION salt-master=$SALTVERSION" || fail_setup + retry 150 20 "apt-mark hold salt-minion salt-common salt-master" || fail_setup + retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 + else + retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup + retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup + fi fi - if [[ $is_rocky || $is_centos || $is_ubuntu ]]; then + if [[ $is_rocky || $is_centos ]]; then if [[ $waitforstate ]]; then # install all for a manager logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION" From ed1d2d0a8b494a2d25d722b8d901467e993f7bf9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 10:06:16 -0400 Subject: [PATCH 024/125] Add some Ubuntu --- salt/docker/init.sls | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/salt/docker/init.sls b/salt/docker/init.sls index 5fa97c452..f3790cc2e 100644 --- a/salt/docker/init.sls +++ b/salt/docker/init.sls @@ -13,6 +13,17 @@ dockergroup: - gid: 920 {% if GLOBALS.os == 'Ubuntu' %} +{% if grains.oscodename == 'jammy' %} +dockerheldpackages: + pkg.installed: + - pkgs: + - containerd.io: 1.6.21-1 + - docker-ce: 5:24.0.2-1~ubuntu.22.04~jammy + - docker-ce-cli: 5:24.0.2-1~ubuntu.22.04~jammy + - docker-ce-rootless-extras: 5:24.0.2-1~ubuntu.22.04~jammy + - hold: True + - update_holds: True +{% else %} dockerheldpackages: pkg.installed: - pkgs: @@ -22,6 +33,7 @@ dockerheldpackages: - docker-ce-rootless-extras: 5:20.10.5~3-0~ubuntu-focal - hold: True - update_holds: True +{% endif %} {% else %} dockerheldpackages: pkg.installed: From c9d650f4c81ff3356aabbb3df3b957c45f2d93e8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 11:59:07 -0400 Subject: [PATCH 025/125] Add some Ubuntu --- salt/common/packages.sls | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index c22a980be..fc9c43fe9 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -23,7 +23,13 @@ commonpkgs: - python3-lxml - git - vim + - tar + - unzip + {% if grains.oscodename == 'jammy' %} + - python3-rich + {% endif %} +{% if grains.oscodename == 'focal' %} # since Ubuntu requires and internet connection we can use pip to install modules python3-pip: pkg.installed @@ -34,7 +40,7 @@ python-rich: - target: /usr/local/lib/python3.8/dist-packages/ - require: - pkg: python3-pip - +{% endif %} {% elif GLOBALS.os == 'Rocky' %} commonpkgs: From a4d484ea47f88e90318815a121d5975afc1664ec Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 12:00:57 -0400 Subject: [PATCH 026/125] Add some Ubuntu --- salt/mysql/config.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/mysql/config.sls b/salt/mysql/config.sls index d8788c7c9..1396adb90 100644 --- a/salt/mysql/config.sls +++ b/salt/mysql/config.sls @@ -16,6 +16,8 @@ mysqlpkgs: {% if grains['oscodename'] == 'bionic' %} - python3-mysqldb {% elif grains['oscodename'] == 'focal' %} + - python3-mysqldb + {% elif grains['oscodename'] == 'jammy' %} - python3-mysqldb {% endif %} {% else %} From 02c9465dfbfb7fcdc8b5d6a5cea2d2b9ef73d1e8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 12:30:53 -0400 Subject: [PATCH 027/125] Add some Ubuntu --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index 70e2d08f0..932c2a50e 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -974,6 +974,7 @@ detect_os() { info "We do not support your current version of Ubuntu." fail_setup fi + installer_prereq_packages else info "We were unable to determine if you are using a supported OS." From 24e05c94918725e215ef93471a8db31daac23172 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 13:45:04 -0400 Subject: [PATCH 028/125] Add some Ubuntu --- salt/elasticfleet/enabled.sls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls index f388cb1c7..bbdf80692 100644 --- a/salt/elasticfleet/enabled.sls +++ b/salt/elasticfleet/enabled.sls @@ -39,6 +39,9 @@ so-elastic-fleet: {% endfor %} - binds: - /etc/pki:/etc/pki:ro + {% if GLOBALS.os == 'Ubuntu' %} + - /etc/ssl:/etc/ssl:ro + {% endif %} #- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw {% if DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %} {% for BIND in DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %} @@ -54,7 +57,11 @@ so-elastic-fleet: - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt - FLEET_SERVER_CERT=/etc/pki/elasticfleet.crt - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet.key + {% if GLOBALS.os == 'Ubuntu' %} + - FLEET_CA=/etc/ssl/certs/intca.crt + {% else %} - FLEET_CA=/etc/pki/tls/certs/intca.crt + {% endif %} {% if DOCKER.containers['so-elastic-fleet'].extra_env %} {% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %} - {{ XTRAENV }} From 40540f47bf476bafb7ffdf96a67d35aa7368fef0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 13:51:01 -0400 Subject: [PATCH 029/125] Add some Ubuntu --- salt/common/packages.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index fc9c43fe9..0ba0c7340 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -18,6 +18,7 @@ commonpkgs: - sqlite3 - libssl-dev - python3-dateutil + - python3-docker - python3-packaging - python3-watchdog - python3-lxml From 0d43f9aaf49e3b3c7c86314b722299fe6f05d90e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 3 Jul 2023 14:23:24 -0400 Subject: [PATCH 030/125] add repo noninteractively --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 932c2a50e..411672910 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2040,7 +2040,7 @@ saltify() { #echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list # Add Docker Repo - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" # Ain't nothing but a GPG From 6787b97c6acf188c3099db5d4d76c735ab355b2d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Jun 2023 19:20:40 -0400 Subject: [PATCH 031/125] Initial Support --- setup/so-functions | 43 +++++++++++++++++++++++++++++++------------ setup/so-setup | 6 ++++-- 2 files changed, 35 insertions(+), 14 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 077800fe3..e727c0efc 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -950,6 +950,11 @@ detect_os() { OSVER=9 is_rocky=true pkgman="dnf" + elif grep -q "CentOS Stream release 9" /etc/redhat-release; then + OS=centos + OSVER=9 + is_centos=true + pkgman=dnf else info "We do not support the operating system you are trying to use." fail_setup @@ -1848,7 +1853,7 @@ reset_proxy() { [[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig - if [[ $is_rocky ]]; then + if [[ $is_rocky || $is_centos ]]; then sed -i "/proxy=/d" /etc/dnf/dnf.conf else [[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf @@ -1894,7 +1899,7 @@ drop_install_options() { remove_package() { local package_name=$1 - if [[ $is_rocky ]]; then + if [[ $is_rocky || $is_centos ]]; then if rpm -qa | grep -q "$package_name"; then logCmd "dnf remove -y $package_name" fi @@ -1915,7 +1920,7 @@ remove_package() { securityonion_repo() { # Remove all the current repos - if [[ $is_rocky ]]; then + if [[ $is_rocky || $is_centos ]]; then logCmd "dnf -v clean all" logCmd "mkdir -vp /root/oldrepos" logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/" @@ -1940,10 +1945,15 @@ securityonion_repo() { # update this package because the repo config files get added back # if the package is updated when the update_packages function is called if [ -f "/etc/yum.repos.d/rocky.repo" ]; then - info "Backing up the .repo files that were added by the centos-release package." + info "Backing up the .repo files that were added by the rocky-release package." logCmd "mv -bvf /etc/yum.repos.d/rocky* /root/oldrepos/" logCmd "dnf repolist all" fi + if [ -f "/etc/yum.repos.d/centos.repo" ]; then + info "Backing up the .repo files that were added by the centos-release package." + logCmd "mv -bvf /etc/yum.repos.d/centos* /root/oldrepos/" + logCmd "dnf repolist all" + fi if [[ $waitforstate ]]; then if [[ ! $is_airgap ]]; then # Build the repo locally so we can use it @@ -1960,8 +1970,13 @@ repo_sync_local() { info "Backing up old repos" mkdir -p /nsm/repo mkdir -p /opt/so/conf/reposync/cache - echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt - echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt + if [[ $is_rocky ]]; then + echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt + echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt + else + echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt + echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt + fi echo "[main]" > /opt/so/conf/reposync/repodownload.conf echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf @@ -1972,7 +1987,6 @@ repo_sync_local() { echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf - echo "#baseurl=https://repo.securityonion.net/file/so-repo/2.4/" >> /opt/so/conf/reposync/repodownload.conf echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf @@ -2032,7 +2046,7 @@ saltify() { fi - if [[ $is_rocky ]]; then + if [[ $is_rocky || $is_centos ]]; then if [[ $waitforstate ]]; then # install all for a manager logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION" @@ -2170,7 +2184,7 @@ set_proxy() { "}" > /root/.docker/config.json # Set proxy for package manager - if [[ $is_rocky ]]; then + if [[ $is_rocky | $is_centos ]]; then echo "proxy=$so_proxy" >> /etc/yum.conf else # Set it up so the updates roll through the manager @@ -2365,11 +2379,16 @@ update_sudoers_for_testing() { } update_packages() { - if [[ $is_rocky ]]; then + if [[ $is_rocky || $is_centos ]]; then logCmd "dnf repolist" logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" - RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo") - info "Removing repo files added by rocky-repos package update" + if [[ $is_rocky ]]; then + RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo") + info "Removing repo files added by rocky-repos package update" + else + RMREPOFILES=("centos-addons.repo" "centos-devel.repo" "centos-extras.repo" "centos.repo") + info "Removing repo files added by centos-repos package update" + fi for FILE in ${RMREPOFILES[@]}; do logCmd "rm -f /etc/yum.repos.d/$FILE" done diff --git a/setup/so-setup b/setup/so-setup index 355c8eea2..8b06ea484 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -91,8 +91,10 @@ if [[ $is_desktop ]]; then title "This is a desktop install" # Make sure it's CentOS or Rocky Linux - if [[ ! $is_rocky ]]; then - info "Security Onion Desktop is only supported on Rocky Linux 9" + if [[ $is_rocky || $is_centos ]]; then + info "Security Onion Desktop is supported on this OS." + else + info "Security Onion Desktop is not supported on this OS." exit 1 fi From 53bd7bcc297fbf3bdf5a118fdc9241fa5ed11896 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 26 Jun 2023 19:22:33 -0400 Subject: [PATCH 032/125] Initial Support --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index e727c0efc..69bf6d0db 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -951,7 +951,7 @@ detect_os() { is_rocky=true pkgman="dnf" elif grep -q "CentOS Stream release 9" /etc/redhat-release; then - OS=centos + OS=centos OSVER=9 is_centos=true pkgman=dnf From b57674a7cc5cfa33f93220fce786b2607ff2f06a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Jun 2023 12:46:13 -0400 Subject: [PATCH 033/125] Fix syntax error --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 69bf6d0db..ae01527e4 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2184,7 +2184,7 @@ set_proxy() { "}" > /root/.docker/config.json # Set proxy for package manager - if [[ $is_rocky | $is_centos ]]; then + if [[ $is_rocky || $is_centos ]]; then echo "proxy=$so_proxy" >> /etc/yum.conf else # Set it up so the updates roll through the manager From 1cbe5580a69ff791d026c911185846badf77373a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Jun 2023 12:52:53 -0400 Subject: [PATCH 034/125] Fix whiptail logic --- setup/so-whiptail | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 270d49cd5..4cb53be53 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -523,7 +523,7 @@ whiptail_install_type() { [ -n "$TESTING" ] && return # What kind of install are we doing? - if [[ $OS = 'rocky' ]]; then + if [[ $is_rocky || $is_centos ]]; then install_type=$(whiptail --title "$whiptail_title" --menu \ "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \ "IMPORT" "Import PCAP or log files " \ @@ -563,7 +563,7 @@ whiptail_install_type_dist() { [ -n "$TESTING" ] && return - if [[ $OS = 'rocky' ]]; then + if [[ $is_rocky || $is_centos ]]; then dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \ "New Deployment " "Create a new Security Onion deployment" \ "Existing Deployment " "Join to an existing Security Onion deployment " \ From bdb5748b4472f3c5aa4f80e93e513b84d6c882a1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Jun 2023 12:53:18 -0400 Subject: [PATCH 035/125] Fix whiptail logic --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index ae01527e4..578bad1b0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -680,7 +680,7 @@ configure_ntp() { 'rtcsync' \ 'logdir /var/log/chrony' >> $chrony_conf - if [ "$OS" == 'rocky' ]; then + if [[ $is_rocky || $is_centos ]]; then systemctl enable chronyd systemctl restart chronyd elif [ "$OS" == 'ubuntu' ]; then From 04fe2ca9960ec2ade4139ac47025e61a144b1329 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 27 Jun 2023 13:57:53 -0400 Subject: [PATCH 036/125] Fix gpg things --- salt/common/tools/sbin/so-common | 29 +++++++------ salt/manager/tools/sbin/soup | 1 - .../files/centos/keys/RPM-GPG-KEY-EPEL-7 | 29 ------------- .../files/centos/keys/RPM-GPG-KEY-EPEL-9 | 29 +++++++++++++ .../keys/SALT-PROJECT-GPG-PUBKEY-2023.pub | 41 +++++++++++++++++++ .../files/centos/keys/SALTSTACK-GPG-KEY.pub | 31 -------------- .../files/centos/securityonionlocal.repo | 8 ---- setup/so-functions | 8 ++-- setup/so-whiptail | 4 +- 9 files changed, 92 insertions(+), 88 deletions(-) delete mode 100644 salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-7 create mode 100644 salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 create mode 100644 salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub delete mode 100644 salt/repo/client/files/centos/keys/SALTSTACK-GPG-KEY.pub delete mode 100644 salt/repo/client/files/centos/securityonionlocal.repo diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index d41c8fc0c..9d15f0f95 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -199,11 +199,11 @@ get_random_value() { } gpg_rpm_import() { - if [[ "$OS" == "rocky" ]]; then + if [[ $is_rocky || $is_centos ]]; then if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then - local RPMKEYSLOC="../salt/repo/client/files/rocky/keys" + local RPMKEYSLOC="../salt/repo/client/files/$OS/keys" else - local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/rocky/keys" + local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys" fi RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub') @@ -384,19 +384,22 @@ salt_minion_count() { } -set_cron_service_name() { - if [[ "$OS" == "rocky" ]]; then - cron_service_name="crond" - else - cron_service_name="cron" - fi -} - set_os() { if [ -f /etc/redhat-release ]; then - OS=rocky + if grep -q "Rocky Linux release 9" /etc/redhat-release; then + OS=rocky + OSVER=9 + is_rocky=true + elif grep -q "CentOS Stream release 9" /etc/redhat-release; then + OS=centos + OSVER=9 + is_centos=true + fi + cron_service_name="crond" else OS=ubuntu + is_ubuntu=true + cron_service_name="cron" fi } @@ -405,7 +408,7 @@ set_minionid() { } set_palette() { - if [ "$OS" == ubuntu ]; then + if [[ $is_ubuntu ]]; then update-alternatives --set newt-palette /etc/newt/palette.original fi } diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 3c565c760..4f113fab7 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -651,7 +651,6 @@ main() { echo "" set_os - set_cron_service_name if ! check_salt_master_status; then echo "Could not talk to salt master" echo "Please run 'systemctl status salt-master' to ensure the salt-master service is running and check the log at /opt/so/log/salt/master." diff --git a/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-7 b/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-7 deleted file mode 100644 index f205ede46..000000000 --- a/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-7 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (GNU/Linux) - -mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB -OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm -jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP -vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM -jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 -S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ -n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB -9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 -T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj -GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf -uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB -tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB -AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk -5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q -ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu -MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re -9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax -CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv -HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB -VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q -thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc -ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 -vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt -RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== -=hdPa ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 b/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 new file mode 100644 index 000000000..0cc05ecb3 --- /dev/null +++ b/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp +CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 +2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW +DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu +n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z +39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy +XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK +44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS +9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH +DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq +uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB +tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI +ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF +3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC +nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n +R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG +4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe +CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL +9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 +w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT +/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd +fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE +r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux +VL469Kj5m13T6w== +=Mjs/ +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub b/salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub new file mode 100644 index 000000000..be55ef561 --- /dev/null +++ b/salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGPazmABDAC6qc2st6/Uh/5AL325OB5+Z1XMFM2HhQNjB/VcYbLvcCx9AXsU +eaEmNPm6OY3p5+j8omjpXPYSU7DUQ0lIutuAtwkDMROH7uH/r9IY7iu88S6w3q89 +bgbnqhu4mrSik2RNH2NqEiJkylz5rwj4F387y+UGH3aXIGryr+Lux9WxfqoRRX7J +WCf6KOaduLSp9lF4qdpAb4/Z5yExXtQRA9HULSJZqNVhfhWInTkVPw+vUo/P9AYv +mJVv6HRNlTb4HCnl6AZGcAYv66J7iWukavmYKxuIbdn4gBJwE0shU9SaP70dh/LT +WqIUuGRZBVH/LCuVGzglGYDh2iiOvR7YRMKf26/9xlR0SpeU/B1g6tRu3p+7OgjA +vJFws+bGSPed07asam3mRZ0Y9QLCXMouWhQZQpx7Or1pUl5Wljhe2W84MfW+Ph6T +yUm/j0yRlZJ750rGfDKA5gKIlTUXr+nTvsK3nnRiHGH2zwrC1BkPG8K6MLRluU/J +ChgZo72AOpVNq9MAEQEAAbQ5U2FsdCBQcm9qZWN0IFBhY2thZ2luZyA8c2FsdHBy +b2plY3QtcGFja2FnaW5nQHZtd2FyZS5jb20+iQHSBBMBCAA8FiEEEIV//dP5Hq5X +eiHWZMu8gXPXaz8FAmPazmACGwMFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheA +AAoJEGTLvIFz12s/yf0L/jyP/LfduA4DwpjKX9Vpk26tgis9Q0I54UerpD5ibpTA +krzZxK1yFOPddcOjo+Xqg+I8aA+0nJkf+vsfnRgcpLs2qHZkikwZbPduZwkNUHX7 +6YPSXTwyFlzhaRycwPtvBPLFjfmjjjTi/aH4V/frfxfjH/wFvH/xiaiFsYbP3aAP +sJNTLh3im480ugQ7P54ukdte2QHKsjJ3z4tkjnu1ogc1+ZLCSZVDxfR4gLfE6GsN +YFNd+LF7+NtAeJRuJceXIisj8mTQYg+esTF9QtWovdg7vHVPz8mmcsrG9shGr+G9 +iwwtCig+hAGtXFAuODRMur9QfPlP6FhJw0FX/36iJ2p6APZB0EGqn7LJ91EyOnWv +iRimLLvlGFiVB9Xxw1TxnQMNj9jmB1CA4oNqlromO/AA0ryh13TpcIo5gbn6Jcdc +fD4Rbj5k+2HhJTkQ78GpZ0q95P08XD2dlaM2QxxKQGqADJOdV2VgjB2NDXURkInq +6pdkcaRgAKme8b+xjCcVjLkBjQRj2s5gAQwAxmgflHInM8oKQnsXezG5etLmaUsS +EkV5jjQFCShNn9zJEF/PWJk5Df/mbODj02wyc749dSJbRlTY3LgGz1AeywOsM1oQ +XkhfRZZqMwqvfx8IkEPjMvGIv/UI9pqqg/TY7OiYLEDahYXHJDKmlnmCBlnU96cL +yh7a/xY3ZC20/JwbFVAFzD4biWOrAm1YPpdKbqCPclpvRP9N6nb6hxvKKmDo7MqS +uANZMaoqhvnGazt9n435GQkYRvtqmqmOvt8I4oCzV0Y39HfbCHhhy64HSIowKYE7 +YWIujJcfoIDQqq2378T631BxLEUPaoSOV4B8gk/Jbf3KVu4LNqJive7chR8F1C2k +eeAKpaf2CSAe7OrbAfWysHRZ060bSJzRk3COEACk/UURY+RlIwh+LQxEKb1YQueS +YGjxIjV1X7ScyOvam5CmqOd4do9psOS7MHcQNeUbhnjm0TyGT9DF8ELoE0NSYa+J +PvDGHo51M33s31RUO4TtJnU5xSRb2sOKzIuBABEBAAGJAbYEGAEIACAWIQQQhX/9 +0/kerld6IdZky7yBc9drPwUCY9rOYAIbDAAKCRBky7yBc9drP8ctC/9wGi01cBAW +BPEKEnfrKdvlsaLeRxotriupDqGSWxqVxBVd+n0Xs0zPB/kuZFTkHOHpbAWkhPr+ +hP+RJemxCKMCo7kT2FXVR1OYej8Vh+aYWZ5lw6dJGtgo3Ebib2VSKdasmIOI2CY/ +03G46jv05qK3fP6phz+RaX+9hHgh1XW9kKbdkX5lM9RQSZOof3/67IN8w+euy61O +UhNcrsDKrp0kZxw3S+b/02oP1qADXHz2BUerkCZa4RVK1pM0UfRUooOHiEdUxKKM +DE501hwQsMH7WuvlIR8Oc2UGkEtzgukhmhpQPSsVPg54y9US+LkpztM+yq+zRu33 +gAfssli0MvSmkbcTDD22PGbgPMseyYxfw7vuwmjdqvi9Z4jdln2gyZ6sSZdgUMYW +PGEjZDoMzsZx9Zx6SO9XCS7XgYHVc8/B2LGSxj+rpZ6lBbywH88lNnrm/SpQB74U +4QVLffuw76FanTH6advqdWIqtlWPoAQcEkKf5CdmfT2ei2wX1QLatTs= +=ZKPF +-----END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/centos/keys/SALTSTACK-GPG-KEY.pub b/salt/repo/client/files/centos/keys/SALTSTACK-GPG-KEY.pub deleted file mode 100644 index 14bd7d98c..000000000 --- a/salt/repo/client/files/centos/keys/SALTSTACK-GPG-KEY.pub +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 - -mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9 -m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW -tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw -WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts -kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA -gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr -YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT -qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q -WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1 -yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o -nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU -4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA -/NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q -9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb -9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx -uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ -zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr -GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E -PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ -AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK -WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4 -vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f -T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N -1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx -fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS -MA== -=dtMN ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/centos/securityonionlocal.repo b/salt/repo/client/files/centos/securityonionlocal.repo deleted file mode 100644 index cd928eb79..000000000 --- a/salt/repo/client/files/centos/securityonionlocal.repo +++ /dev/null @@ -1,8 +0,0 @@ -[solocal] -name=Security Onion Repo -baseurl=file:///nsm/repo/ -enabled=1 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 - - diff --git a/setup/so-functions b/setup/so-functions index 578bad1b0..e1554617d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -683,7 +683,7 @@ configure_ntp() { if [[ $is_rocky || $is_centos ]]; then systemctl enable chronyd systemctl restart chronyd - elif [ "$OS" == 'ubuntu' ]; then + elif [[ $is_ubuntu ]]; then systemctl enable chrony systemctl restart chrony fi @@ -1022,7 +1022,7 @@ installer_prereq_packages() { # logCmd "systemctl start NetworkManager" # el - if [ "$OS" == ubuntu ]; then + if [[ $is_ubuntu ]]; then # Print message to stdout so the user knows setup is doing something info "Running apt-get update" retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup @@ -1832,7 +1832,7 @@ reinstall_init() { # Remove the old launcher package in case the config changes remove_package launcher-final - if [[ $OS == 'ubuntu' ]]; then + if [[ $is_ubuntu ]]; then info "Unholding previously held packages." apt-mark unhold $(apt-mark showhold) fi @@ -2356,7 +2356,7 @@ so_add_user() { } ubuntu_check() { - if [[ $OS == "ubuntu" ]]; then + if [[ $is_ubuntu ]]; then if [[ $waitforstate ]]; then whiptail_ubuntu_notsupported fail_setup diff --git a/setup/so-whiptail b/setup/so-whiptail index 4cb53be53..3ae14bf65 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -533,7 +533,7 @@ whiptail_install_type() { "OTHER" "Other install types" \ 3>&1 1>&2 2>&3 ) - elif [[ $OS = 'ubuntu' ]]; then + elif [[ $is_ubuntu ]]; then install_type=$(whiptail --title "$whiptail_title" --menu \ "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \ "DISTRIBUTED" "Distributed install submenu " \ @@ -569,7 +569,7 @@ whiptail_install_type_dist() { "Existing Deployment " "Join to an existing Security Onion deployment " \ 3>&1 1>&2 2>&3 ) - elif [[ $OS = 'ubuntu' ]]; then + elif [[ $is_ubuntu ]]; then dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \ "Existing Deployment " "Join to an existing Security Onion deployment " \ 3>&1 1>&2 2>&3 From 087099b9b6ed28bc8028572cc23a610f4c625763 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 13:46:25 -0400 Subject: [PATCH 037/125] Fix keys --- salt/common/tools/sbin/so-common | 8 +- .../files/centos/keys/MariaDB-Server-GPG-KEY | 236 ++++++++++++++++++ 2 files changed, 241 insertions(+), 3 deletions(-) create mode 100644 salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 9d15f0f95..32fb513c5 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -205,9 +205,11 @@ gpg_rpm_import() { else local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys" fi - - RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub') - + if [[ $is_rocky ]]; then + RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub') + else + RPMKEYS=('RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY') + fi for RPMKEY in "${RPMKEYS[@]}"; do rpm --import $RPMKEYSLOC/$RPMKEY echo "Imported $RPMKEY" diff --git a/salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY b/salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY new file mode 100644 index 000000000..f76d5f4ac --- /dev/null +++ b/salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY @@ -0,0 +1,236 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.14 (GNU/Linux) + +mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis +497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM +LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8 +p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn +U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb +XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j +zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx +cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H +48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ +YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu +b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK +CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3 +kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I +9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3 +P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb +Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF +iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl +sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0 +u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2 +YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b +GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ +7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD +EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb +LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk +Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3 +d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo +8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr +q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6 +4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI +UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl +J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B +TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF +F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6 ++Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR +tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYKJAhwEEwEIAAYF +AlOoWhYACgkQJhw1C503mSxeqRAApW8UY3vvyKqjoqJu94RIyI7AIkwn4Vw5LxDS +gN623ghE2IIwF2Ytp9fMXID8BRZVjnESTrTvuBFp8GT4T1lUEv6zC8tMzZdO9BeU +pmT9odeen0h92GKgUfRwWTjViJHSDrV8wHcHhA8FX3mEVy17s7Nvvj2Ki3AIG6WW +LzZOSmbQJV+DaHXionQqecsVousCgwwuWWNqKXSJASzcOS1LRoVJDnZyGXmi1thX +thU0FcyLyaKjLfCP6ZoorGaxcEev6nxUUWAfO7MWVUTB6ij2PL/d6oRgbyOUsdne +NRBa6sblLDRivI38KKC5GCw7Eh4yoQJzG2r3QQBgJto/bDoUMJW+EFeM2qgcISCD +6eGrVy9ZHVBOPgBS8awEAvaR5/Gy/kn6YYUg5ReC8O+HCWDIxVrbrwyeCxHg+HUI +mgtVfyZfLnpBzp0p1jSAlC3N7KWviPt+/MQmW0a7+WMnbVxJiJmJQHuFoGcHFFM8 +wOA8i1KUXzWgT+IYOw9/nw2qyHMwV3BO/Py9OfRUKlybGar5rGBos7uFHk7pe+Yp +7pdES5Ie83Zw7CHMDp8u7VeEJHSqxVd+jaeHl6nnuG1Hoo4AVLTm5ATbj1Zdq+td +8sNWVyMue0nRvuAtTlN0iBkH/KVor6GGf2HZYXfDcGu7zojtNHlYXngBuz60YlDL +oPeFaoeJAhwEEQEKAAYFAlOoUqcACgkQgHar3gJLs9HE1hAAxzxXG1jNu1ntjEkv +M3js4j84rS+JI1XhR+7JalndjXAbHjwMlo/KOLhRtKYXdpkXpGmrE87FDdW8mci5 +nSahPMn/+vaEdVYyXqo1w0UvZChHxWnsE9FRgggOxTbCZae1P5LVSTB1XZcHZ7+9 +cG0cO43FCB20AMCOHcFr8j0F4HYi+KllI3kawdV8l6qCy6q06z47v0C+ZxoFcdYj +KLYxymaBn+FE9GKEHJZiqMljiKzt41OGpkg3S1vtXl0zqUKfiebo3ZcVMF3xtio8 +NVpHIQSsqg8Q7zZrLBkPTQw0smCdUFxYMjBOVSZ15z7tFCQMYuHThrf2j2wZv++F +cgt9C/6wbGalCNDuOU/dyfyiO95GPQf1nqq2N2vHGIaGMvbqS8oahprEJ3nXEisT +TJ+ofh1f+GX4QCO4mjtR1voqKbg9xkMl9Ap/fEgW3btZ1kuhegpekPDgGhGVwJ9V +N3w1XVOSUdFmKtArHvBrb6cfV6VHiOuYcPWkTwGckJOwNJhgyUPsjGWwrIp6L0+G +4emipfYoIDtFouSjkVF4eXJcr/taguuICj/pn7rsFdYlij5lbcxGVC+aPTcJrdY8 +v7Zyv2wOcTIrU//7PGPLJI1cdT7gQUYlzVnAJGxhq9CLPZlNJRy9pLDTPxvVXQRz +jQxx6RX1pAUPDWJQ2wfmaEHAz0WJAhwEEwECAAYFAlOnjksACgkQDj2OcPh1SrYd +tQ/+LOsCj8V0oOzbiTHREBrjr3S7u/58HRD/8zec61rc4FoCp3Fa+3kmhFDIajLj +VeRtsSSaOr0u6cue30QsGeHE2cbGPNWIqXV3V80I57O3yXRL2DU4GmDLNIF2/ejy +wCSvbHgONEXC4UVPtamHWGqh4sh2ijyJqUx3I0/6afBFn4BVfcsAjNrRe/GwD80/ +ETkfSui4flyZ330sjqM/N2Hp/YwsOTXKXfAThcjb+qZ2BRVnmpldeK593+dFvFG1 +FUK3kC8VFqS49fxgxR/Zo7jNEbrltzjzdRb6BBY86tqwbcnrja8MJHA2MpGtGckV +9/K/LE2jVJN+qeyLN/EoM86Sd+WIQtVY3oxAYwiVGng83t+CI6NPazVMLIQlciwI +lAY+DAGNz+mUTeKwCv7F8sOX91v6PHaB0csvk1I2Is3qwv8zlgnhKdl2R6PzQbsU +Ix1+rvsJ99no75GJeVY/D9YzBJ4a0i0Uu7QF/k8F690qDvSTwx71unxX+0PmJqNu +2sCVQNgLFt7Qtj9+l1pzulzWlZBSDhIBs5mT0jscwjRykDgfngiWDOymfdMG8eSZ +GAK10j+F883uyWlEEFOdA/DBOV3d3Jcm935of4dT1GUmKeoAKixHMkiNT3RvGHlm +fEjMq0vdf6inZva0PTzJSkhooMWYBuROHRMZs9PjrdXRHBeIRgQSEQIABgUCU6iz ++gAKCRAcAAgvMZOT9D2+AJ9aAZIbjN/m2Jjaojkxg9L5aBWBPQCeJIMpW1iiDELi +byKoVnd08EbgxJqIXgQSEQgABgUCU6iz4wAKCRBWtwXK6VQruLL/AQCbgU3t/mfh +bMQjuvE2DsE3qXiEVMEbXnxlCiodiMF4UgEAgPIAQcV+Jo+D+p0nHrVl2ClAhhpz +W/zuJqtJ24C20ZqJAhwEEAECAAYFAlOocMMACgkQyapz7WGq1jsRNg/+NH09e7g1 +CuPVa/1cBRoiprBvWXmy734MpkzW4kyVMZjBCQXBCrJFvZgvhQhYrR8jXmj+ZJEr +kfX3UHimyhWbBnu+XqIWzWwEtg7bggQN3eFyNcIV/KI9rK7IBQO92AptpTusIdgA +DQTFlJO06pF4kE89ZjBALQFbKDY1EJX3hyQEYixOzO4936xbwxoiJKR2J71ZGele +xXauhz2kpOd2jg/oMhhAOzldFaWAUBQJZPwl4vZrqVjNcMUNeINGd7++kkfBLfxL +xHJ8ynnXWHalsHVzdDRaFqp1Bna8RwrHnDd4Hwd/4Qv7iVZqmLLqEJpIgS1IDMx/ +BwkrCOD0gluwmxlm3PbbeUKeR/cj6CICFt9TgUJrYm9Vh7n0y8uHKY6PE5J4NX9l +D75eoPk2SuYTNgAR4iuI5MYQIKWL7aeKh09piPgrIrja8eDQ5AsklBaDYxOYZrot +Xx+sgGXGSLK3eyvZ+hJ8hBX38mydYpswzhvr/vAyKz8TQ6bwnRVlvkMYE+LjevOD +Wm9+EfkvBRChJcgDoycoHIFVaQ47Hgu2eGyCRNoMZ3l6O1O4AN5+RXrAJAi06zFs +RUnBLqxjSMmYqPYUowAxG0ukougc2HVCl1kMD9NxvK5zOfleUA8wWb5O9Z5tllnD +qu7RtIVXAXIJgn2HRDVk+wP8xuY2qJlfo1yJAhwEEAECAAYFAlOpb/EACgkQKPqA +GkO91jd+Dg/+NF4QwqLvxgl2TiORDt5HjWHSGMBlaYFBEwrBAgNvwZEH80mAsua6 +FnfZMSGiFmpVfMUqkjOJVdmA8yERxYFsyGopv/9OmOT2UxV4IZl5YYAJRsPHLjzV +MIUKiGPI1yvrhYW91hKRFGIxwqE7XHwWToufwHe5WB6AdeGyoIHtQcw0eTKSJHz2 +zbpyWKBx0wAK55YqMEQ2rx9qcOjZy3vjxlotwfGnBeR4VT6Oap1DvAkNZ4XcN0Ok +AKZbFBEMbJed9fnciwDV+Y/svPb05l+zSgmqJ6axhwSvu7rct+dksfmb0BnF03kh +SzNVlu0S/85mhEPgx1/BZxIp34RDbcqWymHsgPyhxwBBlFryfVvJrtyAMWs4T8mn +RkqKrNQHMfPOTBioxi2HOyG2eSK8BlQsJS5yccnYaBnSegWaIxkU+2l/yJkYMhl5 +sXdlmqcTtwv+R+acDkEPe9BQstn0+xOWL6hqpA0EM710LJCkQnB4c/JNgW5CL08k +CevBVole5jYJL5rXmUL0U+ZWGZMakFrrrkhuQMEjxecyuOHs4jrnsVVGz/e0hqWv +0NnRY9m5UyKEZIA1si8tFIrtrTSgZ5/sGH9/pksQ2HObrKe4LY6zVSyJLXwX1htQ +/j0st83YkDZ5mEY0r+Hh/1XOzhWgQ0ONR/MOIKNyjVTHldCrb4WPM4mJAZwEEAEC +AAYFAlOo8v0ACgkQrgrV97KweO9sfgv+NKYxgCiWrRjYW80hJE74OEJrjBGQDOJ5 +MPVvPSH7StOfSMpckLoNWedJJ7RuInOzuUY0lAUH6/ql+Krf4ysHlSGjuu+dDy0d +HN3gu994YrjT6hVzEG1OV+sJcTuvgn2qTVYu1ksIV/SZ48l0PRMwPXcu3FSzKvti +G1gHFNx1cyzjxwmdT42afKCpR8RvwmWPfbDmEz500iFXsw78EEBXEWo81bXncWdZ +Eic8QeVyTWKFldIrZLkL7+RQY3hViu0G5C7gSP39ZU4ZTegqMaEhHzuKtCiNO5Y2 ++hkYZgRNnUOSrmWO+wkLUNRtG2Strx5Sy9p94fn/decfuRsEJo4L1aMCFGEDfRSD +bc3pBG3tr9qvNBAegTTMQlZJcxa52Z7EI56rQGYEPw8kvt/uOqMYybUIxwVATgIt +fRy9Jsyz+0DwZfEINkuEFA/S2KCwWys5aZfPDCsqwh0gS/olvT06v97loF8XED0P +0irX4/6BHFHDlM8aNnN11p02p5lrTpLGuQQNBEtohLgQEAClnTC/GlBWVno4QVr1 +IFDl5yVEg6NeMqqRgaS8jH6NSaoJh86B8+LE4ZhLlDYrAc3PhcQ4g4DWTIKUCgAC +A4QZTGPwLGdsGTXQhWj8kE42N2opg9nZg114gispcSZqLiLmErkB9kejKqxXlqrE +aQZ5VSO79yjJEljotryIv5EG7GJG5Q9bKYaO0hIBHp9KI3x/+RGXL/L0uYw7wlw6 +l6J6otQU8roq7OEjgXScWQcmlk8M04ceX4aYBn5KpnGYiumQbKZ3fqFMrFbieWc3 +qSpzWAzB2fUv+78P4L+OExtNOyyqIxl7I/24WacwHeWzU1Xw7G9vFxMEbQzuDgCV +99RAqlSs2EgGgLdHtRthDcJNlfVCn9MHNt9ECAaF1YFANAR3f8uX0bhBoKz0j7hb +ryuQCvt7sjKUfJ8SL2hhCRcUgR5oCGIQ2YkGlwulqz/I0mgtrKrM+xD6VE2DeiYW +e0+1miWQyLqitE2LGuBdXrib/TVg2OYEVOqynnA6raPRyZORs5ap2eWYY+DYSXW5 +95slzphZLWcWbphGk38HdBu0CdqvUJv4geWvSFpM5iFCn5cU36TVuuqz5K59rz+v +Po3m2yb5bkaMcq8evbgVNrTa7cfiUio2U0GTNlkqHMCHERaInPBz9/a6kbm92mWs +z9gJT5dOi1g9vlkRdB7aYP+tcwADBQ//R/UM4kh+cyuHWj/dEqoOryTu2W/YYQS/ +RUSeHy3Lh0xvwOizYzU5zgq/1AsHcNdxLj8vglbm8XRCBIDOrWvmgFPXNoxyoNLo +5SUetZSLxoM23kQ9C4QZ0/b+JMN4Crivx4JisdELt6CV3JFmuZY19xk3r8b0r4lK +OFZ9JZZIFEipv5TFxA0KnqLq29VLEJ8srVHg/iQD9ngKja/LAh9V8+Ed3mchY2XX +KX07evTgYI1OPPCy/92FQYMUhWyCGB6Fm4vQFvuEO7K9nZKEAu6Znm3uZT9InaE6 +TeSU77ZsgkHSCq5SRaf/iDWHZOn1dVasjXHoZQHFFiTALi1ZqPNZ5ULmFwNUB2pg +3QfQdWP8ISCsRaUJW/WEnQlgCyNfwKPVC5kHWLfh+MSSDJsyOjegJTkYJKI2a+1N +5Sl7HJj/uIcB3KhkcVP59BLzhUxgoVPi1Ngf7mNNrrbJ8+GfrdNg+iutHJOobxol +AudzObQ03lHmauJglCOvg+Pw9JLBZyT8a3xHm9v4Lr365cg0Ho4qqEbrFTRuqcIj +G3c6FVLu/RJ8eOfT6KX8k5z96/3CbobkXGYRY6hjCJuZoPMd9z03UcxHONMQ0jt/ +Ik80WP0gOSnCTgTfKWuS5WXYoSZgMn1P2fLhQydDtJvrDn1SHEwgW1FM82lAlYJZ +d+FZQCjhZ8KISQQYEQIACQUCS2iEuAIbDAAKCRDLywgqG7lD29OGAJ4gfMkLP5Az +y7iIJOsZon3D/6PDPgCdGF1dwVW/uy+3ao53fvgS0JKO/bg= +=bSQ3 +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsFNBFb8EKsBEADwGmleOSVThrbCyCVUdCreMTKpmD5p5aPz/0jc66050MAb71Hv +TVcfuMqHYO8O66qXLpEdqZpuk4D+rw1oKyC+d8uPD2PSHRqBXnR0Qf+LVTZvtO92 +3R7pYnC2x6V6iVGpKQYFP8cwh2B1qgIa+9y/N8cQIqfD+0ghyiUjjTYek3YFBnqa +L/2h2V0Mt0DkBrDK80LqEY10PAFDfJjINAW9XNHZzi2KqUx5w1z8rItokXV6fYE5 +ItyGMR6WVajJg5D4VCiZd0ymuQP2bGkrRbl6FH5vofVSkahKMJeHs2lbvMvNyS3c +n8vxoBvbbcwSAV1gvB1uzXXxv0kdkFZjhU1Tss4+Dak8qeEmIrC5qYycLxIdVEhT +Z8N8+P7Dll+QGOZKu9+OzhQ+byzpLFhUHKys53eXo/HrfWtw3DdP21yyb5P3QcgF +scxfZHzZtFNUL6XaVnauZM2lqquUW+lMNdKKGCBJ6co4QxjocsxfISyarcFj6ZR0 +5Hf6VU3Y7AyuFZdL0SQWPv9BSu/swBOimrSiiVHbtE49Nx1x/d1wn1peYl07WRUv +C10eF36ZoqEuSGmDz59mWlwB3daIYAsAAiBwgcmN7aSB8XD4ZPUVSEZvwSm/IwuS +Rkpde+kIhTLjyv5bRGqU2P/Mi56dB4VFmMJaF26CiRXatxhXOAIAF9dXCwARAQAB +zS1NYXJpYURCIFNpZ25pbmcgS2V5IDxzaWduaW5nLWtleUBtYXJpYWRiLm9yZz7C +wXgEEwEIACIFAlb8EKsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPFl +byTHTNHYJZ0P/2Z2RURRkSTHLKZ/GqSvPReReeB7AI+ZrDapkpG/26xp1Yw1isCO +y99pvQ7hjTFhdZQ7xSRUiT/e27wJxR7s4G/ck5VOVjuJzGnByNLmwMjdN1ONIO9P +hQAs2iF3uoIbVTxzXof2F8C0WSbKgEWbtqlCWlaapDpN8jKAWdsQsNMdXcdpJ2os +WiacQRxLREBGjVRkAiqdjYkegQ4BZ0GtPULKjZWCUNkaat51b7O7V19nSy/T7MM7 +n+kqYQLMIHCF8LGd3QQsNppRnolWVRzXMdtR2+9iI21qv6gtHcMiAg6QcKA7halL +kCdIS2nWR8g7nZeZjq5XhckeNGrGX/3w/m/lwczYjMUer+qs2ww5expZJ7qhtSta +lE3EtL/l7zE4RlknqwDZ0IXtxCNPu2UovCzZmdZm8UWfMSKk/3VgL8HgzYRr8fo0 +yj0XkckJ7snXvuhoviW2tjm46PyHPWRKgW4iEzUrB+hiXpy3ikt4rLRg/iMqKjyf +mvcE/VdmFVtsfbfRVvlaWiIWCndRTVBkAaTu8DwrGyugQsbjEcK+4E25/SaKIJIw +qfxpyBVhru21ypgEMAw1Y8KC7KntB7jzpFotE4wpv1jZKUZuy71ofr7g3/2O+7nW +LrR1mncbuT6yXo316r56dfKzOxQJBnYFwTjXfa65yBArjQBUCPNYOKr0wkYEEhEI +AAYFAlb8JFYACgkQy8sIKhu5Q9snYACgh3id41CYTHELOQ/ymj4tiuFt1lcAn3JU +9wH3pihM9ISvoeuGnwwHhcKnwsFcBBIBCAAGBQJW/CSEAAoJEJFxGJmV5Fqe11cP +/A3QhvqleuRaXoS5apIY3lrDL79Wo0bkydM3u2Ft9EqVVG5zZvlmWaXbw5wkPhza +7YUjrD7ylaE754lHI48jJp3KY7RosClY/Kuk56GJI/SoMKx4v518pAboZ4hjY9MY +gmiAuZEYx5Ibv1pj0+hkzRI78+f6+d5QTQ6y/35ZjSSJcBgCMAr/JRsmOkHu6cY6 +qOpq4g8mvRAX5ivRm4UxE2gnxZyd2LjY2/S2kCZvHWVaZuiTD0EU1jYPoOo6fhc8 +zjs5FWS56C1vp7aFOGBvsH3lwYAYi1K2S+/B4nqpitYJz/T0zFzzyYe7ZG77DXKD +/XajD22IzRGKjoeVPFBx+2V0YCCpWZkqkfZ2Dt3QVW//QIpVsOJnmaqolDg1sxoa +BEYBtCtovU0wh1pXWwfn7IgjIkPNl0AU8mW8Ll91WF+Lss/oMrUJMKVDenTJ6/ZO +06c+JFlP7dS3YGMsifwgy5abA4Xy4GWpAsyEM68mqsJUc7ZANZcQAKr6+DryzSfI +Olsn3kJzOtb/c3JhVmblEO6XzdfZJK/axPOp3mF1oEBoJ56fGwO2usgVwQDyLt3J +iluJrCvMSBL9KtBZWrTZH5t3rTMN0NUALy4Etd6Y8V94i8c5NixMDyjRU7aKJAAw +tUvxLd12dqtaXsuvGyzLbR4EDT/Q5DfLC1DZWpgtUtCVwsFcBBIBCAAGBQJW/CS2 +AAoJEEHdwLQNpW8iMUoP/AjFKyZ+inQTI2jJJBBtrLjxaxZSG5ggCovowWn8NWv6 +bQBm2VurYVKhvY1xUyxoLY8KN+MvoeTdpB3u7z+M6x+CdfoTGqWQ2yapOC0eEJBF +O+GFho2WE0msiO0IaVJrzdFTPE0EYR2BHziLu0DDSZADe1WYEqkkrZsCNgi6EMng +mX2h+DK2GlC3W2tY9sc63DsgzjcMBO9uYmpHj6nizsIrETqouVNUCLT0t8iETa25 +Mehq/I92I70Qfebv7R4eMrs+tWXKyPU0OjV+8b8saZsv1xn98UkeXwYx4JI04OTw +nBeJG8yPrGDBO5iucmtaCvwGQ3c76qBivrA8eFz3azRxQYWWiFrkElTg+C/E83JQ +WgqPvPZkI5UHvBwBqcoIXG15AJoXA/ZWIB8nPKWKaV5KDnY3DBuA4rh5Mhy3xwcC +/22E/CmZMXjUUvDnlPgXCYAYU0FBbGk7JpSYawtNfdAN2XBRPq5sDKLLxftx7D8u +ESJXXAlPxoRh7x1ArdGM+EowlJJ0xpINBaT0Z/Hk0jxNIFEak796/WeGqewdOIki +dAs4tppUfzosla5K+qXfWwmhcKmpwA4oynE8wIaoXptoi8+rxaw4N6wAXlSrVxeC +VTnb7+UY/BT2Wx6IQ10C9jrsj6XIffMvngIinCD9Czvadmr7BEIxKt1LP+gGA8Zg +wsFcBBIBCgAGBQJYE6oDAAoJEL7YRJ/O6NqIJ24P+QFNa2O+Q1rLKrQiuPw4Q73o +7/blUpFNudZfeCDpDbUgJ01u1RHnWOyLcyknartAosFDJIpgcXY5I8jsBIO5IZPR +C/UKxZB3RYOhj49bySD9RNapHyq+Y56j9JUoz6tkKFBd+6g85Ej8d924xM1UnRCS +9cfI9W0fSunbCi2CXLbXFF7V+m3Ou1SVYGIAxpMn4RXyYfuqeB5wROR2GA5Ef6T3 +S5byh1dRSEgnrBToENtp5n7Jwsc9pDofjtaUkO854l45IqFarGjCHZwtNRKd2lcK +FMnd1jS0nfGkUbn3qNJam1qaGWx4gXaT845VsYYVTbxtkKi+qPUIoOyYx4NEm6fC +ZywH72oP+fmUT/fbfSHa5j137dRqokkR6RFjnEMBl6WHwgqqUqeIT6t9uV6WWzX9 +lNroZFAFL/de7H31iIRuZcm38DUZOfjVf9glweu4yFvuJ7cQtyQydFQJV4LGDT/C +8e9TWrV1/gWMyMGQlZsRWa+h+FfFUccQtfSdXpvSxtXfop+fVQmJgUUl92jh4K9j +c9a6rIp5v1Q1yEgs2iS50/V/NMSmEcE1XMOxFt9fX9T+XmKAWZ8L25lpILsHT3mB +VWrpHdbawUaiBp9elxhn6tFiTFR7qA7dlUyWrI+MMlINwSZ2AAXvmA2IajH/UIlh +xotxmSNiZYIQ6UbD3fk4wsFzBBABCgAdFiEEmy/52H2krRdju+d2+GQcuhDvLUgF +Ally44wACgkQ+GQcuhDvLUgkjQ//c3mBxfJm6yLAJD4s4OgsPv4pcp/EKmPcdztm +W0/glwopUZmq9oNo3VMMCGtusrQgpACzfUlesu9NWlPCB3olZkeGugygo0zuQBKs +55eG7bPzMLyfSqLKyogYocaGc4lpf4lbvlvxy37YGVrGpwT9i8t2REtM6iPKDcMM +sgVtNlqFdq3Fs2Haqt0m1EksX6/GSIrjK4LZEcPklrGPvUS3S+qkwuaGE/jXxncE +4jFQR9SYH6AHr6Vkt1CG9Dgpr+Ph0I9n0JRknBYoUZ1q51WdF946NplXkCskdzWG +RHgMUCz3ZehF1FzpKgfO9Zd0YZsmivV/g6frUw/TayP9gxKPt7z2Lsxzyh8X7cg6 +TAvdG9JbG0PyPJT1TZ8qpjP/PtqPclHsHQQIbGSDFWzRM5znhS+5sgyw8FWInjw8 +JjxoOWMa50464EfGeb2jZfwtRimJAJLWEf/JnvO779nXf5YbvUZgfXaX7k/cvCVk +U8M7oC7x8o6F0P2Lh6FgonklKEeIRtZBUNZ0Lk9OShVqlU9/v16MHq/Eyu/Mbs0D +en3vYgiYxOBR8czD1Wh4vsKiGfOzQ6oWti/DCURV+iTYhJc7mSWM6STzUFr0nCnF +x6W0j/zH6ZgiFAGOyIXW2DwfjFvYRcBL1RWAEKsiFwYrNV+MDonjKXjpVB1Ra90o +lLrZXAXCwHMEEgEKAB0WIQRMRw//78TT3Fl3hlXOGj3V48lPSQUCXAAgOgAKCRDO +Gj3V48lPSQxAB/43qoWteVZEiN3JW4FnHg+S60TnHSP69FKV+363XYKDa23pNpv4 +tiJumo9Kvb4UoDft766/URHm5RKyPtrxy+wqotamrkGJUTtP2a68h7C31VX+pf6i +iQKmxRQz4zmW0pA5X01+AgpvcDH++Fv5NLBpnjqPdTh5b0gvr89E0zMNldNYOZu1 +0H/mukrnGlFDu/osBuy+XJtP2MeasazVMLvjKs+hr//E+iLI9DZOwFBK6AX5gkkI +UEHkSeb4//AHwvanUMin9un9+F9iR+qDuDEKxuevYzM0owuoVcK5pAsRnRQJlnHW +/0BQ6FtNGpmljhvUk8a/l3xFf3z/uJG5vVKVzsFNBFb8EKsBEADDfCMsu2U1CdJh +r4xp6z4J89/tMnpCQASC8DQhtZ6bWG/ksyKt2DnDQ050XBEng+7epzHWA2UgT0li +Y05zZmFs1X7QeZr16B7JANq6fnHOdZB0ThS7JEYbProkMxcqAFLAZJCpZT534Gpz +W7qHwzjV+d13IziCHdi6+DD5eavYzBqY8QzjlOXbmIlY7dJUCwXTECUfirc6kH86 +CS8fXZTke4QYZ55VnrOomB4QGqP371kwBETnhlhi74+pvi3jW05Z5x1tVMwuugyz +zkseZp1VYmJq5SHNFZ/pnAQLE9gUDTb6UWcPBwQh9Sw+7ahSK74lJKYm3wktyvZh +zAxbNyzs1M56yeFP6uFwJTBfNByyMAa6TGUhNkxlLcYjxKbVmoAnKCVM8t41TlLv +/a0ki8iQxqvphVLufksR9IpN6d3F15j6GeyVtxBEv04iv4vbuKthWytb+gjX4bI8 +CAo9jGHevmtdiw/SbeKx2YBM1MF6eua37rFMooOBj4X7VfQCyS+crNsOQn8nJGah +YbzUDCCgnX+pqN9iZvXisMS79wVyD5DyISFDvT/5jY7IXxPibxr10P/8lfW1d72u +xyI2UiZKZpyHCt4k47yMq4KQGLGuhxJ6q6O3bi2aXRuz8bLqTBLca9dmx9wZFvRh +6jS/SKEg7eFcY0xbb6RVIv1UwGDYfQARAQABwsFfBBgBCAAJBQJW/BCrAhsMAAoJ +EPFlbyTHTNHYEBIQAJhFTh1u34Q+5bnfiM2dAdCr6T6w4Y1v9ePiIYdSImeseJS2 +yRglpLcMjW0uEA9KXiRtC/Nm/ClnqYJzCKeIaweHqH6dIgJKaXZFt1Uaia7X9tDD +wqALGu97irUrrV1Kh9IkM0J29Vid5amakrdS4mwt2uEISSnCi7pfVoEro+S7tYQ9 +iH6APVIwqWvcaty3cANdwKWfUQZ6a9IQ08xqzaMhMp2VzhVrWkq3B0j2aRoZR7BN +LH2I7Z0giIM8ARjZs99aTRL+SfMEQ3sUxNLb3KWP/n1lSFbrk4HGzqUBBfczESlN +c0970C6znK0H0HD11/3BTkMuPqww+Tzex4dpMQllMEKZ3wEyd9v6ba+nj/P1FHSE +y/VN6IXzd82s1lYOonKTdmXAIROcHnb0QUzwsd/mhB3jKhEDOV2ZcBTD3yHv8m7C +9G9y4hV+7yQlnPlSg3DjBp3SS5r+sOObCIy2Ad32upoXkilWa9g7GZSuhY9kyKqe +Eba1lgXXaQykEeqx0pexkWavNnb9JaPrAZHDjUGcXrREmjEyXyElRoD4CrWXySe4 +6jCuNhVVlkLGo7osefynXa/+PNjQjURtx8en7M9A1FkQuRAxE8KIZgZzYxkGl5o5 +POSFCA4JUoRPDcrl/sI3fuq2dIOE/BJ2r8dV+LddiR+iukhXRwJXH8RVVEUS +=mCOI +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file From b06a35099f5bf9e89f703627ad1df21dd1f43312 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:32:01 -0400 Subject: [PATCH 038/125] Add more packages --- salt/common/packages.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index dff2e95c9..1f8819ce1 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -23,6 +23,9 @@ commonpkgs: - python3-lxml - git - vim + - fuse3 + - fuse-overlayfs + - fuse3-libs # since Ubuntu requires and internet connection we can use pip to install modules python3-pip: From f67ac80c56a7f1ac69e945f7154ccb0e315b3d32 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:36:51 -0400 Subject: [PATCH 039/125] Add more packages --- salt/common/packages.sls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 1f8819ce1..fc5190b9d 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -23,9 +23,6 @@ commonpkgs: - python3-lxml - git - vim - - fuse3 - - fuse-overlayfs - - fuse3-libs # since Ubuntu requires and internet connection we can use pip to install modules python3-pip: @@ -67,4 +64,7 @@ commonpkgs: - python3-watchdog - python3-packaging - unzip + - fuse3 + - fuse-overlayfs + - fuse3-libs {% endif %} From 2f375b89a879882f60fc33db6a609ceaa1708732 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:43:56 -0400 Subject: [PATCH 040/125] Add more packages --- salt/common/packages.sls | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index fc5190b9d..bb4af8aa8 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -64,7 +64,33 @@ commonpkgs: - python3-watchdog - python3-packaging - unzip - - fuse3 - - fuse-overlayfs - - fuse3-libs + +{% elif GLOBALS.os == 'CentOS Stream' %} +commonpkgs: + pkg.installed: + - skip_suggestions: True + - pkgs: + - wget + - jq + - tcpdump + - httpd-tools + - net-tools + - curl + - sqlite + - mariadb-devel + - python3-dnf-plugin-versionlock + - nmap-ncat + - yum-utils + - device-mapper-persistent-data + - lvm2 + - openssl + - git + - python3-docker + - python3-m2crypto + - rsync + - python3-rich + - python3-pyyaml + - python3-watchdog + - python3-packaging + - unzip {% endif %} From 6dbff3b9df364f21f1a65cdb246e198b889ea9d4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:45:32 -0400 Subject: [PATCH 041/125] Add more packages --- salt/common/packages.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index bb4af8aa8..4a7bb0662 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -77,7 +77,7 @@ commonpkgs: - net-tools - curl - sqlite - - mariadb-devel + - MariaDB-devel - python3-dnf-plugin-versionlock - nmap-ncat - yum-utils From 03342fd477dd6ed23a1a03facb51df86eeaa38f8 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:46:29 -0400 Subject: [PATCH 042/125] Add more packages --- salt/common/packages.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 4a7bb0662..518637844 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -90,7 +90,7 @@ commonpkgs: - rsync - python3-rich - python3-pyyaml - - python3-watchdog + #- python3-watchdog - python3-packaging - unzip {% endif %} From fee4c20912eba6c03fcd863d1b67de7c63c2b130 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 15:57:43 -0400 Subject: [PATCH 043/125] add OS logic --- salt/_modules/needs_restarting.py | 8 ++++++++ salt/common/init.sls | 25 +++++++++++++++++++++++++ salt/desktop/trusted-ca.sls | 26 ++++++++++++++++++++++++++ salt/repo/client/map.jinja | 18 ++++++++++++++++++ salt/salt/map.jinja | 2 +- 5 files changed, 78 insertions(+), 1 deletion(-) diff --git a/salt/_modules/needs_restarting.py b/salt/_modules/needs_restarting.py index 8f5b50242..c2f7e8b12 100644 --- a/salt/_modules/needs_restarting.py +++ b/salt/_modules/needs_restarting.py @@ -10,6 +10,14 @@ def check(): if path.exists('/var/run/reboot-required'): retval = 'True' + elif os == 'CentOS Stream': + cmd = 'needs-restarting -r > /dev/null 2>&1' + + try: + needs_restarting = subprocess.check_call(cmd, shell=True) + except subprocess.CalledProcessError: + retval = 'True' + elif os == 'Rocky': cmd = 'needs-restarting -r > /dev/null 2>&1' diff --git a/salt/common/init.sls b/salt/common/init.sls index d2dfef3be..72233f23b 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -194,6 +194,31 @@ soversionfile: {% endif %} +{% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %} + {% if GLOBALS.os == 'CentOS Stream' %} +# Install Raid tools +raidpkgs: + pkg.installed: + - skip_suggestions: True + - pkgs: + - securityonion-raidtools + - securityonion-megactl + {% endif %} + +# Install raid check cron +so-raid-status: + cron.present: + - name: '/usr/sbin/so-raid-status > /dev/null 2>&1' + - identifier: so-raid-status + - user: root + - minute: '*/15' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + +{% endif %} + {% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %} {% if GLOBALS.os == 'Rocky' %} # Install Raid tools diff --git a/salt/desktop/trusted-ca.sls b/salt/desktop/trusted-ca.sls index 352b747b6..18f5b16e0 100644 --- a/salt/desktop/trusted-ca.sls +++ b/salt/desktop/trusted-ca.sls @@ -27,6 +27,32 @@ update_ca_certs: - onchanges: - x509: trusted_ca +{% elif GLOBALS.os == 'CentOS Stream' %} + + {% set global_ca_text = [] %} + {% set global_ca_server = [] %} + {% set manager = GLOBALS.manager %} + {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %} + {% for host in x509dict %} + {% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import', 'eval'] %} + {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %} + {% do global_ca_server.append(host) %} + {% endif %} + {% endfor %} + {% set trusttheca_text = global_ca_text[0] %} + {% set ca_server = global_ca_server[0] %} + +trusted_ca: + x509.pem_managed: + - name: /etc/pki/ca-trust/source/anchors/ca.crt + - text: {{ trusttheca_text }} + +update_ca_certs: + cmd.run: + - name: update-ca-trust + - onchanges: + - x509: trusted_ca + {% else %} desktop_trusted-ca_os_fail: diff --git a/salt/repo/client/map.jinja b/salt/repo/client/map.jinja index 515ec515b..35f1b23d6 100644 --- a/salt/repo/client/map.jinja +++ b/salt/repo/client/map.jinja @@ -1,4 +1,22 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} + +{% if GLOBALS.os == 'CentOS Stream' %} + + {% set REPOPATH = '/etc/yum.repos.d/' %} + {% set ABSENTFILES = [ + 'centos-addons.repo', + 'centos-devel.repo', + 'centos-extras.repo', + 'centos.repo', + 'docker-ce.repo', + 'epel.repo', + 'epel-testing.repo', + 'saltstack.repo', + 'salt-latest.repo', + 'wazuh.repo' + ] + %} + {% if GLOBALS.os == 'Rocky' %} {% set REPOPATH = '/etc/yum.repos.d/' %} diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 14e735b56..b6b109c47 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -20,7 +20,7 @@ {% set INSTALLEDSALTVERSION = grains.saltversion %} {% if grains.saltversion|string != SALTVERSION|string %} - {% if grains.os|lower in ['Rocky', 'redhat'] %} + {% if grains.os|lower in ['Rocky', 'redhat', 'CentOS Stream'] %} {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %} {% elif grains.os|lower == 'ubuntu' %} {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %} From 2f2394dca2c94ae2e7a2d2d31f331f6858cbb84c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 16:02:25 -0400 Subject: [PATCH 044/125] add OS logic --- salt/common/packages.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 518637844..7cb767b19 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -93,4 +93,7 @@ commonpkgs: #- python3-watchdog - python3-packaging - unzip + - fuse3 + - fuse-libs + - fuse-overlayfs {% endif %} From ca71c00f1cd2fd7b6fddf3a5877b459941c23721 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 16:10:23 -0400 Subject: [PATCH 045/125] add fuse --- salt/common/packages.sls | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 7cb767b19..cb95c9b87 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -90,10 +90,9 @@ commonpkgs: - rsync - python3-rich - python3-pyyaml - #- python3-watchdog - python3-packaging - unzip - - fuse3 + - fuse - fuse-libs - fuse-overlayfs {% endif %} From 3d9e7d1e974baa583dd404c1d798c42fe67133f3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 28 Jun 2023 16:16:59 -0400 Subject: [PATCH 046/125] add fuse --- salt/common/packages.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index cb95c9b87..c22a980be 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -95,4 +95,5 @@ commonpkgs: - fuse - fuse-libs - fuse-overlayfs + - fuse-common {% endif %} From 694ea743cc1858352fa31ec98e95a2bc14dda4de Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jun 2023 08:48:46 -0400 Subject: [PATCH 047/125] add more OS logic --- salt/ntp/init.sls | 2 ++ salt/repo/client/centos.sls | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/ntp/init.sls b/salt/ntp/init.sls index 08f5e28b5..9c0c3dcb2 100644 --- a/salt/ntp/init.sls +++ b/salt/ntp/init.sls @@ -19,6 +19,8 @@ chronyconf: {% if GLOBALS.os == 'Rocky' %} chronyd: +{% elif GLOBALS.os == 'CentOS Stream' %} +chronyd: {% else %} chrony: {% endif %} diff --git a/salt/repo/client/centos.sls b/salt/repo/client/centos.sls index 7e077c1ce..2e1816bb3 100644 --- a/salt/repo/client/centos.sls +++ b/salt/repo/client/centos.sls @@ -7,7 +7,7 @@ {% from 'repo/client/map.jinja' import ABSENTFILES with context %} {% from 'repo/client/map.jinja' import REPOPATH with context %} -{% if GLOBALS.os == 'CentOS' %} +{% if GLOBALS.os == 'CentOS Stream' %} {% if ABSENTFILES|length > 0%} {% for file in ABSENTFILES %} From 39c87669147d4562f7ae145a0343b1f17f6f8307 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jun 2023 08:53:00 -0400 Subject: [PATCH 048/125] fix repo state --- salt/repo/client/init.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index 154867caf..a26342a06 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -1,2 +1,6 @@ include: + {% if GLOBALS.os == 'CentOS Stream' %} + - repo.client.centos + {% else %} - repo.client.{{grains.os | lower}} + {% endif %} \ No newline at end of file From 8a90579df7b03e30db0a3172845f6e33e0af3c3e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jun 2023 08:55:00 -0400 Subject: [PATCH 049/125] fix repo state --- salt/repo/client/init.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index a26342a06..9ca156a7c 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -1,3 +1,5 @@ +{% from 'vars/globals.map.jinja' import GLOBALS %} + include: {% if GLOBALS.os == 'CentOS Stream' %} - repo.client.centos From 710b3bac3d09147238a06095469c0b0a95b8849f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 29 Jun 2023 08:56:38 -0400 Subject: [PATCH 050/125] fix repo state --- salt/repo/client/map.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/repo/client/map.jinja b/salt/repo/client/map.jinja index 35f1b23d6..a70c8d476 100644 --- a/salt/repo/client/map.jinja +++ b/salt/repo/client/map.jinja @@ -17,7 +17,7 @@ ] %} -{% if GLOBALS.os == 'Rocky' %} +{% elif GLOBALS.os == 'Rocky' %} {% set REPOPATH = '/etc/yum.repos.d/' %} {% set ABSENTFILES = [ From c54217a8cb5713d3733ce32c29ba6aae7d6880f2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sun, 2 Jul 2023 09:34:14 -0400 Subject: [PATCH 051/125] Add some Ubuntu --- setup/so-functions | 11 ++++++++--- setup/so-whiptail | 32 ++++++++++++++++---------------- 2 files changed, 24 insertions(+), 19 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index e1554617d..8de055f67 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -964,6 +964,11 @@ detect_os() { OS=ubuntu if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then OSVER=focal + UBVER=20.04 + is_ubuntu=true + elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then + OSVER=jammy + UBVER=22.04 is_ubuntu=true else info "We do not support your current version of Ubuntu." @@ -2024,8 +2029,8 @@ saltify() { #logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub" logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg" - logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" - echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/minor/$SALTVERSION/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list + logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg" #logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub" @@ -2046,7 +2051,7 @@ saltify() { fi - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rocky || $is_centos || $is_ubuntu ]]; then if [[ $waitforstate ]]; then # install all for a manager logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION" diff --git a/setup/so-whiptail b/setup/so-whiptail index 3ae14bf65..3d760b873 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -523,7 +523,7 @@ whiptail_install_type() { [ -n "$TESTING" ] && return # What kind of install are we doing? - if [[ $is_rocky || $is_centos ]]; then +# if [[ $is_rocky || $is_centos ]]; then install_type=$(whiptail --title "$whiptail_title" --menu \ "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \ "IMPORT" "Import PCAP or log files " \ @@ -533,14 +533,14 @@ whiptail_install_type() { "OTHER" "Other install types" \ 3>&1 1>&2 2>&3 ) - elif [[ $is_ubuntu ]]; then - install_type=$(whiptail --title "$whiptail_title" --menu \ - "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \ - "DISTRIBUTED" "Distributed install submenu " \ - "OTHER" "Other install types" \ - 3>&1 1>&2 2>&3 - ) - fi +# elif [[ $is_ubuntu ]]; then +# install_type=$(whiptail --title "$whiptail_title" --menu \ +# "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \ +# "DISTRIBUTED" "Distributed install submenu " \ +# "OTHER" "Other install types" \ +# 3>&1 1>&2 2>&3 +# ) +# fi local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -563,18 +563,18 @@ whiptail_install_type_dist() { [ -n "$TESTING" ] && return - if [[ $is_rocky || $is_centos ]]; then +# if [[ $is_rocky || $is_centos ]]; then dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \ "New Deployment " "Create a new Security Onion deployment" \ "Existing Deployment " "Join to an existing Security Onion deployment " \ 3>&1 1>&2 2>&3 ) - elif [[ $is_ubuntu ]]; then - dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \ - "Existing Deployment " "Join to an existing Security Onion deployment " \ - 3>&1 1>&2 2>&3 - ) - fi +# elif [[ $is_ubuntu ]]; then +# dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \ +# "Existing Deployment " "Join to an existing Security Onion deployment " \ +# 3>&1 1>&2 2>&3 +# ) +# fi local exitstatus=$? whiptail_check_exitstatus $exitstatus From e35385585521a2ae2e56d14ef7728e153cc00916 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 09:38:23 -0400 Subject: [PATCH 052/125] Add some Ubuntu --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 8de055f67..3b4261740 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2030,7 +2030,7 @@ saltify() { logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg" logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" - echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ $OSVER main" | sudo tee /etc/apt/sources.list.d/salt.list logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg" #logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub" From 965d0543f41f8b39ff0f3281b360617611e222a0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 09:49:24 -0400 Subject: [PATCH 053/125] Add some Ubuntu --- setup/so-functions | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 3b4261740..3a42fd64d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2045,13 +2045,17 @@ saltify() { # Ain't nothing but a GPG retry 150 20 "apt-get update" "" "Err:" || fail_setup - retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup - retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup - #retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 - + if [[ $waitforstate ]]; then + retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION salt-master=$SALTVERSION" || fail_setup + retry 150 20 "apt-mark hold salt-minion salt-common salt-master" || fail_setup + retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 + else + retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup + retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup + fi fi - if [[ $is_rocky || $is_centos || $is_ubuntu ]]; then + if [[ $is_rocky || $is_centos ]]; then if [[ $waitforstate ]]; then # install all for a manager logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION" From 8e9065885664a7ed0dd7b86efeca3e4b16ada28d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 10:06:16 -0400 Subject: [PATCH 054/125] Add some Ubuntu --- salt/docker/init.sls | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/salt/docker/init.sls b/salt/docker/init.sls index 5fa97c452..f3790cc2e 100644 --- a/salt/docker/init.sls +++ b/salt/docker/init.sls @@ -13,6 +13,17 @@ dockergroup: - gid: 920 {% if GLOBALS.os == 'Ubuntu' %} +{% if grains.oscodename == 'jammy' %} +dockerheldpackages: + pkg.installed: + - pkgs: + - containerd.io: 1.6.21-1 + - docker-ce: 5:24.0.2-1~ubuntu.22.04~jammy + - docker-ce-cli: 5:24.0.2-1~ubuntu.22.04~jammy + - docker-ce-rootless-extras: 5:24.0.2-1~ubuntu.22.04~jammy + - hold: True + - update_holds: True +{% else %} dockerheldpackages: pkg.installed: - pkgs: @@ -22,6 +33,7 @@ dockerheldpackages: - docker-ce-rootless-extras: 5:20.10.5~3-0~ubuntu-focal - hold: True - update_holds: True +{% endif %} {% else %} dockerheldpackages: pkg.installed: From 10aa77977e3178646ec72fc1bdd556d2056ee085 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 11:59:07 -0400 Subject: [PATCH 055/125] Add some Ubuntu --- salt/common/packages.sls | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index c22a980be..fc9c43fe9 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -23,7 +23,13 @@ commonpkgs: - python3-lxml - git - vim + - tar + - unzip + {% if grains.oscodename == 'jammy' %} + - python3-rich + {% endif %} +{% if grains.oscodename == 'focal' %} # since Ubuntu requires and internet connection we can use pip to install modules python3-pip: pkg.installed @@ -34,7 +40,7 @@ python-rich: - target: /usr/local/lib/python3.8/dist-packages/ - require: - pkg: python3-pip - +{% endif %} {% elif GLOBALS.os == 'Rocky' %} commonpkgs: From 44054ba95fa340b27f579a929c37c8de32fb15d1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 12:00:57 -0400 Subject: [PATCH 056/125] Add some Ubuntu --- salt/mysql/config.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/mysql/config.sls b/salt/mysql/config.sls index d8788c7c9..1396adb90 100644 --- a/salt/mysql/config.sls +++ b/salt/mysql/config.sls @@ -16,6 +16,8 @@ mysqlpkgs: {% if grains['oscodename'] == 'bionic' %} - python3-mysqldb {% elif grains['oscodename'] == 'focal' %} + - python3-mysqldb + {% elif grains['oscodename'] == 'jammy' %} - python3-mysqldb {% endif %} {% else %} From 53fcac4a020a9822cf1db040278887d4cb477520 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 12:30:53 -0400 Subject: [PATCH 057/125] Add some Ubuntu --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index 3a42fd64d..e7af38618 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -974,6 +974,7 @@ detect_os() { info "We do not support your current version of Ubuntu." fail_setup fi + installer_prereq_packages else info "We were unable to determine if you are using a supported OS." From edaf695463cd4d417df2f205fc5e4570f3609704 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 13:45:04 -0400 Subject: [PATCH 058/125] Add some Ubuntu --- salt/elasticfleet/enabled.sls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls index f388cb1c7..bbdf80692 100644 --- a/salt/elasticfleet/enabled.sls +++ b/salt/elasticfleet/enabled.sls @@ -39,6 +39,9 @@ so-elastic-fleet: {% endfor %} - binds: - /etc/pki:/etc/pki:ro + {% if GLOBALS.os == 'Ubuntu' %} + - /etc/ssl:/etc/ssl:ro + {% endif %} #- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw {% if DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %} {% for BIND in DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %} @@ -54,7 +57,11 @@ so-elastic-fleet: - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt - FLEET_SERVER_CERT=/etc/pki/elasticfleet.crt - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet.key + {% if GLOBALS.os == 'Ubuntu' %} + - FLEET_CA=/etc/ssl/certs/intca.crt + {% else %} - FLEET_CA=/etc/pki/tls/certs/intca.crt + {% endif %} {% if DOCKER.containers['so-elastic-fleet'].extra_env %} {% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %} - {{ XTRAENV }} From 76a8e315b7ee7f84220a9833d160fd0cd85ff8fb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 13:51:01 -0400 Subject: [PATCH 059/125] Add some Ubuntu --- salt/common/packages.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index fc9c43fe9..0ba0c7340 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -18,6 +18,7 @@ commonpkgs: - sqlite3 - libssl-dev - python3-dateutil + - python3-docker - python3-packaging - python3-watchdog - python3-lxml From 898b352af96cb8f5f6771839592b0da450501c40 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 15:16:12 -0400 Subject: [PATCH 060/125] Add some Ubuntu --- .../tools/sbin_jinja/so-elastic-fleet-setup | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup index b1486e35c..faf2cab90 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup @@ -6,6 +6,12 @@ # this file except in compliance with the Elastic License 2.0. {% from 'vars/globals.map.jinja' import GLOBALS %} +{% if GLOBALS.os == 'Ubuntu' %} +INTCA=/etc/ssl/certs/intca.crt +{% else %} +INTCA=/etc/pki/tls/certs/intca.crt +{% endif %} + . /usr/sbin/so-elastic-fleet-common printf "\n### Create ES Token ###\n" @@ -13,7 +19,7 @@ ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5 ### Create Outputs & Fleet URLs ### printf "\nAdd Manager Elasticsearch Output...\n" -ESCACRT=$(openssl x509 -in /etc/pki/tls/certs/intca.crt) +ESCACRT=$(openssl x509 -in $INTCA) JSON_STRING=$( jq -n \ --arg ESCACRT "$ESCACRT" \ '{"name":"so-manager_elasticsearch","id":"so-manager_elasticsearch","type":"elasticsearch","hosts":["https://{{ GLOBALS.manager_ip }}:9200","https://{{ GLOBALS.manager }}:9200"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate_authorities": [$ESCACRT]}}' ) @@ -24,7 +30,7 @@ printf "\nCreate Logstash Output if node is not an Import or Eval install\n" {% if grains.role not in ['so-import', 'so-eval'] %} LOGSTASHCRT=$(openssl x509 -in /etc/pki/elasticfleet-logstash.crt) LOGSTASHKEY=$(openssl rsa -in /etc/pki/elasticfleet-logstash.key) -LOGSTASHCA=$(openssl x509 -in /etc/pki/tls/certs/intca.crt) +LOGSTASHCA=$(openssl x509 -in $INTCA) JSON_STRING=$( jq -n \ --arg LOGSTASHCRT "$LOGSTASHCRT" \ --arg LOGSTASHKEY "$LOGSTASHKEY" \ From d22d864ba6ec9ea30099649f4d6b090908cdb171 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 15:23:56 -0400 Subject: [PATCH 061/125] Add some Ubuntu --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index e7af38618..11ffae580 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2041,7 +2041,7 @@ saltify() { #echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list # Add Docker Repo - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" # Ain't nothing but a GPG From df0e19ff80b57c31d99773d75723480daed1404e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 3 Jul 2023 15:44:51 -0400 Subject: [PATCH 062/125] update-alternatives for python3.10 --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 411672910..9fae0c97a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2012,7 +2012,7 @@ saltify() { if [[ $is_ubuntu ]]; then DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || fail_setup - update-alternatives --install /usr/bin/python python /usr/bin/python3.8 10 + update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10 local pkg_arr=( 'apache2-utils' 'ca-certificates' From 1c191e426f3220415def089cc89405317ccb72d9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 3 Jul 2023 16:20:44 -0400 Subject: [PATCH 063/125] Add some Ubuntu --- salt/elasticfleet/enabled.sls | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls index bbdf80692..d3210c150 100644 --- a/salt/elasticfleet/enabled.sls +++ b/salt/elasticfleet/enabled.sls @@ -50,17 +50,19 @@ so-elastic-fleet: {% endif %} - environment: - FLEET_SERVER_ENABLE=true - - FLEET_URL=https://{{ GLOBALS.node_ip }}:8220 + - FLEET_URL=https://{{ GLOBALS.hostname }}:8220 - FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager }}:9200 - FLEET_SERVER_SERVICE_TOKEN={{ SERVICETOKEN }} - FLEET_SERVER_POLICY_ID=FleetServer_{{ GLOBALS.hostname }} - - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt - FLEET_SERVER_CERT=/etc/pki/elasticfleet.crt - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet.key {% if GLOBALS.os == 'Ubuntu' %} - FLEET_CA=/etc/ssl/certs/intca.crt + - FLEET_SERVER_ELASTICSEARCH_CA=/etc/ssl/certs/intca.crt {% else %} - FLEET_CA=/etc/pki/tls/certs/intca.crt + - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt + {% endif %} {% if DOCKER.containers['so-elastic-fleet'].extra_env %} {% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %} From 0b209d69e56ff7d977d56c756fbadc04b11f4585 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 11:02:26 -0400 Subject: [PATCH 064/125] Add Debian --- setup/so-functions | 46 +++++++++++++--------------------------------- 1 file changed, 13 insertions(+), 33 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 3611025a9..4557c5606 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -949,17 +949,12 @@ detect_os() { OS=rocky OSVER=9 is_rocky=true - pkgman="dnf" + is_rpm=true elif grep -q "CentOS Stream release 9" /etc/redhat-release; then OS=centos OSVER=9 is_centos=true - pkgman=dnf - else - info "We do not support the operating system you are trying to use." - fail_setup - fi - + is_rpm=true elif [ -f /etc/os-release ]; then OS=ubuntu if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then @@ -970,9 +965,13 @@ detect_os() { OSVER=jammy UBVER=22.04 is_ubuntu=true - else - info "We do not support your current version of Ubuntu." - fail_setup + is_deb=true + elif grep -q "VERSION_CODENAME=bookworm" /etc/os-release; then + OSVER=bookworm + DEBVER=12 + is_debian=true + OS=debian + is_deb=true fi installer_prereq_packages @@ -1859,7 +1858,7 @@ reset_proxy() { [[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rpm ]]; then sed -i "/proxy=/d" /etc/dnf/dnf.conf else [[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf @@ -1905,7 +1904,7 @@ drop_install_options() { remove_package() { local package_name=$1 - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rpm ]]; then if rpm -qa | grep -q "$package_name"; then logCmd "dnf remove -y $package_name" fi @@ -1926,7 +1925,7 @@ remove_package() { securityonion_repo() { # Remove all the current repos - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rocky ]]; then logCmd "dnf -v clean all" logCmd "mkdir -vp /root/oldrepos" logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/" @@ -2365,22 +2364,6 @@ so_add_user() { fi } -ubuntu_check() { - if [[ $is_ubuntu ]]; then - if [[ $waitforstate ]]; then - whiptail_ubuntu_notsupported - fail_setup - else - if [[ $UBUNTUINSTALL == "needtoupgrade" ]]; then - whiptail_ubuntu_warning - else - whiptail_ubuntu_notsupported - fail_setup - fi - fi - fi -} - update_sudoers_for_testing() { if [ -n "$TESTING" ]; then info "Ensuring $INSTALLUSERNAME has password-less sudo access for automated testing purposes." @@ -2389,15 +2372,12 @@ update_sudoers_for_testing() { } update_packages() { - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rocky ]]; then logCmd "dnf repolist" logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" if [[ $is_rocky ]]; then RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo") info "Removing repo files added by rocky-repos package update" - else - RMREPOFILES=("centos-addons.repo" "centos-devel.repo" "centos-extras.repo" "centos.repo") - info "Removing repo files added by centos-repos package update" fi for FILE in ${RMREPOFILES[@]}; do logCmd "rm -f /etc/yum.repos.d/$FILE" From 4b559ec182b0253141d97b8b4fb49cee2222d7ec Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 11:19:36 -0400 Subject: [PATCH 065/125] Add Debian --- setup/so-functions | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 4557c5606..928fa7a0f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -680,10 +680,10 @@ configure_ntp() { 'rtcsync' \ 'logdir /var/log/chrony' >> $chrony_conf - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rpm ]]; then systemctl enable chronyd systemctl restart chronyd - elif [[ $is_ubuntu ]]; then + else systemctl enable chrony systemctl restart chrony fi @@ -1027,7 +1027,7 @@ installer_prereq_packages() { # logCmd "systemctl start NetworkManager" # el - if [[ $is_ubuntu ]]; then + if [[ $is_deb ]]; then # Print message to stdout so the user knows setup is doing something info "Running apt-get update" retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup @@ -1837,7 +1837,7 @@ reinstall_init() { # Remove the old launcher package in case the config changes remove_package launcher-final - if [[ $is_ubuntu ]]; then + if [[ $is_deb ]]; then info "Unholding previously held packages." apt-mark unhold $(apt-mark showhold) fi @@ -2009,7 +2009,7 @@ repo_sync_local() { saltify() { SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //') - if [[ $is_ubuntu ]]; then + if [[ $is_deb ]]; then DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || fail_setup update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10 @@ -2022,6 +2022,7 @@ saltify() { 'openssl' 'netcat' 'jq' + 'gnupg' ) retry 150 20 "apt-get -y install ${pkg_arr[*]}" || fail_setup @@ -2029,8 +2030,26 @@ saltify() { #logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub" logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg" - logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" - echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ $OSVER main" | sudo tee /etc/apt/sources.list.d/salt.list + if [[ $is_ubuntu ]]; then + + # Add Salt Repo + logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ $OSVER main" | sudo tee /etc/apt/sources.list.d/salt.list + + # Add Docker Repo + add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + + else + # Add Salt Repo *NOTE* You have to use debian 11 since it isn't out for + logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/ 11 main" | sudo tee /etc/apt/sources.list.d/salt.list" + + # Add Docker Repo + curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" > /etc/apt/sources.list.d/docker.list + + fi + logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg" #logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub" @@ -2055,7 +2074,7 @@ saltify() { fi fi - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rpm ]]; then if [[ $waitforstate ]]; then # install all for a manager logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION" @@ -2193,7 +2212,7 @@ set_proxy() { "}" > /root/.docker/config.json # Set proxy for package manager - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rpm ]]; then echo "proxy=$so_proxy" >> /etc/yum.conf else # Set it up so the updates roll through the manager From a38d561684f7f3c45a742c16d655e26b4933dfe1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 11:21:47 -0400 Subject: [PATCH 066/125] Add Debian --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index 928fa7a0f..affc0e2f7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -955,6 +955,7 @@ detect_os() { OSVER=9 is_centos=true is_rpm=true + fi elif [ -f /etc/os-release ]; then OS=ubuntu if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then From 5f509eb2d8061de88e821a961c237f735a12effd Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 11:24:59 -0400 Subject: [PATCH 067/125] Add Debian --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index affc0e2f7..367238997 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2013,7 +2013,7 @@ saltify() { if [[ $is_deb ]]; then DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || fail_setup - update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10 + #update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10 local pkg_arr=( 'apache2-utils' 'ca-certificates' @@ -2021,7 +2021,7 @@ saltify() { 'software-properties-common' 'apt-transport-https' 'openssl' - 'netcat' + 'netcat-openbsd' 'jq' 'gnupg' ) From a3b0db79492d6b5101a63c620d13685253441814 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 11:27:42 -0400 Subject: [PATCH 068/125] Add Debian --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 367238997..79ccb0928 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2047,7 +2047,7 @@ saltify() { # Add Docker Repo curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg - echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" > /etc/apt/sources.list.d/docker.list + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $OSVER stable" > /etc/apt/sources.list.d/docker.list fi From d5257468ebe3a835bcf8e5ab0bbc433a95ab0c4f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 11:31:18 -0400 Subject: [PATCH 069/125] Add Debian --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 79ccb0928..6209d230c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2042,8 +2042,8 @@ saltify() { else # Add Salt Repo *NOTE* You have to use debian 11 since it isn't out for - logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg - echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/ 11 main" | sudo tee /etc/apt/sources.list.d/salt.list" + logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/ 11 main" | sudo tee /etc/apt/sources.list.d/salt.list # Add Docker Repo curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg From af56aa4f16b4e2677b4ce10b465166cbbf190e95 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 11:35:11 -0400 Subject: [PATCH 070/125] Add Debian --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 6209d230c..dfe2d2720 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2043,7 +2043,7 @@ saltify() { else # Add Salt Repo *NOTE* You have to use debian 11 since it isn't out for logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" - echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/ 11 main" | sudo tee /etc/apt/sources.list.d/salt.list + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/ bullseye main" | sudo tee /etc/apt/sources.list.d/salt.list # Add Docker Repo curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg From efcef90ead89288884ddeafd63f8580ea7acdaaa Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 11:37:33 -0400 Subject: [PATCH 071/125] Add Debian --- setup/so-functions | 3 --- 1 file changed, 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index dfe2d2720..dd57504a0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2059,9 +2059,6 @@ saltify() { # Add SO Saltstack Repo #echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list - # Add Docker Repo - add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - # Ain't nothing but a GPG retry 150 20 "apt-get update" "" "Err:" || fail_setup From 0aa4ea3e87e9158c784fd7fc08e8f3315281bbba Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 12:49:11 -0400 Subject: [PATCH 072/125] Add Debian --- salt/docker/init.sls | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/salt/docker/init.sls b/salt/docker/init.sls index f3790cc2e..10d5665db 100644 --- a/salt/docker/init.sls +++ b/salt/docker/init.sls @@ -12,8 +12,18 @@ dockergroup: - name: docker - gid: 920 -{% if GLOBALS.os == 'Ubuntu' %} -{% if grains.oscodename == 'jammy' %} +{% if GLOBALS.os_family == 'Debian' %} +{% if grains.oscodename == 'bookworm' %} +dockerheldpackages: + pkg.installed: + - pkgs: + - containerd.io: 1.6.21-1 + - docker-ce: 5:24.0.3-1~debian.12~bookworm + - docker-ce-cli: 5:24.0.3-1~debian.12~bookworm + - docker-ce-rootless-extras: 5:24.0.3-1~debian.12~bookworm + - hold: True + - update_holds: True +{% elif grains.oscodename == 'jammy' %} dockerheldpackages: pkg.installed: - pkgs: From 5a642b151b882ef5d9848945b85d0be3bf541dc5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 12:51:17 -0400 Subject: [PATCH 073/125] Add Debian --- salt/vars/globals.map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/vars/globals.map.jinja b/salt/vars/globals.map.jinja index a56fad571..70a702225 100644 --- a/salt/vars/globals.map.jinja +++ b/salt/vars/globals.map.jinja @@ -28,6 +28,7 @@ 'so_model': INIT.GRAINS.get('sosmodel',''), 'sensoroni_key': INIT.PILLAR.sensoroni.config.sensoronikey, 'os': INIT.GRAINS.os, + 'os_family': INIT.GRAINS.os_family, 'application_urls': {}, 'manager_roles': [ 'so-eval', From d18ebd6e36c5ce56831d9aaa11df931d06e9bf8e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 12:52:45 -0400 Subject: [PATCH 074/125] Add Debian --- salt/common/packages.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 0ba0c7340..562eacf1a 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -1,6 +1,6 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} -{% if GLOBALS.os == 'Ubuntu' %} +{% if GLOBALS.os_family == 'Debian' %} commonpkgs: pkg.installed: - skip_suggestions: True @@ -23,6 +23,7 @@ commonpkgs: - python3-watchdog - python3-lxml - git + - rsync - vim - tar - unzip From 07c0b539d724012bf6daf1cab21c82b8212e19db Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 12:53:23 -0400 Subject: [PATCH 075/125] Add Debian --- salt/common/packages.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 562eacf1a..2fce4f363 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -14,7 +14,7 @@ commonpkgs: - software-properties-common - apt-transport-https - openssl - - netcat + - netcat-openbsd - sqlite3 - libssl-dev - python3-dateutil From d28375b3047a4df2e90501d35622d9db6ac56fce Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 12:54:47 -0400 Subject: [PATCH 076/125] Add Debian --- salt/common/packages.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 2fce4f363..3f8d50b55 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -27,7 +27,7 @@ commonpkgs: - vim - tar - unzip - {% if grains.oscodename == 'jammy' %} + {% if grains.oscodename != 'focal' %} - python3-rich {% endif %} From a41b0dbfea5e6ff37a8aaef350124d694c4edbff Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 12:59:41 -0400 Subject: [PATCH 077/125] Add Debian --- salt/elasticfleet/enabled.sls | 4 ++-- salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup | 2 +- salt/salt/map.jinja | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls index d3210c150..6903d576f 100644 --- a/salt/elasticfleet/enabled.sls +++ b/salt/elasticfleet/enabled.sls @@ -39,7 +39,7 @@ so-elastic-fleet: {% endfor %} - binds: - /etc/pki:/etc/pki:ro - {% if GLOBALS.os == 'Ubuntu' %} + {% if GLOBALS.os_family == 'Debian' %} - /etc/ssl:/etc/ssl:ro {% endif %} #- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw @@ -56,7 +56,7 @@ so-elastic-fleet: - FLEET_SERVER_POLICY_ID=FleetServer_{{ GLOBALS.hostname }} - FLEET_SERVER_CERT=/etc/pki/elasticfleet.crt - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet.key - {% if GLOBALS.os == 'Ubuntu' %} + {% if GLOBALS.os_family == 'Debian' %} - FLEET_CA=/etc/ssl/certs/intca.crt - FLEET_SERVER_ELASTICSEARCH_CA=/etc/ssl/certs/intca.crt {% else %} diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup index faf2cab90..dbcbdc17d 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup @@ -6,7 +6,7 @@ # this file except in compliance with the Elastic License 2.0. {% from 'vars/globals.map.jinja' import GLOBALS %} -{% if GLOBALS.os == 'Ubuntu' %} +{% if GLOBALS.os_family == 'Debian' %} INTCA=/etc/ssl/certs/intca.crt {% else %} INTCA=/etc/pki/tls/certs/intca.crt diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index b6b109c47..1120685fb 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -1,7 +1,7 @@ {% import_yaml 'salt/minion.defaults.yaml' as saltminion %} {% set SALTVERSION = saltminion.salt.minion.version %} -{% if grains.os == 'Ubuntu' %} +{% if grains.os_family == 'Debian' %} {% set SPLITCHAR = '+' %} {% set SALTNOTHELD = salt['cmd.run']('apt-mark showhold | grep -q salt ; echo $?', python_shell=True) %} {% set SALTPACKAGES = ['salt-common', 'salt-master', 'salt-minion'] %} @@ -22,7 +22,7 @@ {% if grains.saltversion|string != SALTVERSION|string %} {% if grains.os|lower in ['Rocky', 'redhat', 'CentOS Stream'] %} {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %} - {% elif grains.os|lower == 'ubuntu' %} + {% elif grains.os_family|lower == 'debian' %} {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %} {% endif %} {% else %} From fa1d53a309271fd45844d71eb8c47697edf1d8f3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 7 Jul 2023 13:00:39 -0400 Subject: [PATCH 078/125] Add Debian --- setup/so-setup | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 8b06ea484..c33950658 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -247,7 +247,7 @@ local_sbin="$(pwd)/../salt/common/tools/sbin" manager_sbin="$(pwd)/../salt/manager/tools/sbin" export PATH=$PATH:$local_sbin:$manager_sbin -# Ubuntu whiptail pallete to make it look the same as CentOS and Rocky. +# Ubuntu/Debian whiptail pallete to make it look the same as CentOS and Rocky. set_palette >> $setup_log 2>&1 # Kernel messages can overwrite whiptail screen #812 @@ -403,7 +403,6 @@ if ! [[ -f $install_opt_file ]]; then info "Setting up as node type manager" check_elastic_license waitforstate=true - #ubuntu_check [[ $is_iso ]] && whiptail_airgap check_requirements "manager" networking_needful From 0c9e230294af6b51f81ee72dad7d8e0af6c4fa62 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 10 Jul 2023 10:14:47 -0400 Subject: [PATCH 079/125] Initial RHEL support --- .../strelka/tools/sbin_jinja/so-yara-download | 21 +++++++++++++++ setup/so-functions | 26 ++++++++++++++++--- 2 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 salt/strelka/tools/sbin_jinja/so-yara-download diff --git a/salt/strelka/tools/sbin_jinja/so-yara-download b/salt/strelka/tools/sbin_jinja/so-yara-download new file mode 100644 index 000000000..9ec6fa41f --- /dev/null +++ b/salt/strelka/tools/sbin_jinja/so-yara-download @@ -0,0 +1,21 @@ +#!/bin/bash +NOROOT=1 +. /usr/sbin/so-common + +{%- set proxy = salt['pillar.get']('manager:proxy') %} + +# Download the rules from the internet +{%- if proxy %} +export http_proxy={{ proxy }} +export https_proxy={{ proxy }} +export no_proxy= salt['pillar.get']('manager:no_proxy') +{%- endif %} + +mkdir -p /tmp/yara +cd /tmp/yara +git clone https://github.com/Security-Onion-Solutions/securityonion-yara.git +mkdir -p /nsm/rules/yara +rsync -shav --progress /tmp/yara/securityonion-yara/yara /nsm/rules/ +cd /tmp +rm -rf /tmp/yara + diff --git a/setup/so-functions b/setup/so-functions index dd57504a0..1f6610067 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -955,6 +955,11 @@ detect_os() { OSVER=9 is_centos=true is_rpm=true + elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then + OS=rhel + OSVER=9 + is_rhel=true + is_rpm=true fi elif [ -f /etc/os-release ]; then OS=ubuntu @@ -1926,7 +1931,7 @@ remove_package() { securityonion_repo() { # Remove all the current repos - if [[ $is_rocky ]]; then + if [[ $is_rpm ]]; then logCmd "dnf -v clean all" logCmd "mkdir -vp /root/oldrepos" logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/" @@ -1960,6 +1965,10 @@ securityonion_repo() { logCmd "mv -bvf /etc/yum.repos.d/centos* /root/oldrepos/" logCmd "dnf repolist all" fi + if [ -f "/etc/yum.repos.d/redhat.repo" ]; then + info "Backing up the .repo files that were added by the redhat-release package." + logCmd "mv -bvf /etc/yum.repos.d/redhat* /root/oldrepos/" + logCmd "dnf repolist all" if [[ $waitforstate ]]; then if [[ ! $is_airgap ]]; then # Build the repo locally so we can use it @@ -1979,9 +1988,12 @@ repo_sync_local() { if [[ $is_rocky ]]; then echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt - else + elif [[ $is_centos ]]; then echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt + elif [[ $is_rhel ]]; then + echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt + echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt fi echo "[main]" > /opt/so/conf/reposync/repodownload.conf echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf @@ -2389,13 +2401,21 @@ update_sudoers_for_testing() { } update_packages() { - if [[ $is_rocky ]]; then + if [[ $is_rpm ]]; then logCmd "dnf repolist" logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" if [[ $is_rocky ]]; then RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo") info "Removing repo files added by rocky-repos package update" fi + if [[ $is_centos ]]; then + RMREPOFILES=("centos-addons.repo" "centos-devel.repo" "centos-extras.repo" "centos.repo") + info "Removing repo files added by centos-repos package update" + fi + if [[ $is_rhel ]]; then + RMREPOFILES=("redhat-addons.repo" "redhat-devel.repo" "redhat-extras.repo" "redhat.repo") + info "Removing repo files added by redhat-repos package update" + fi for FILE in ${RMREPOFILES[@]}; do logCmd "rm -f /etc/yum.repos.d/$FILE" done From 6f7914f3c4e2b79b9af33ccebaa0630952310f71 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 10 Jul 2023 10:18:09 -0400 Subject: [PATCH 080/125] Initial RHEL support --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index 1f6610067..75345b3ac 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1969,6 +1969,7 @@ securityonion_repo() { info "Backing up the .repo files that were added by the redhat-release package." logCmd "mv -bvf /etc/yum.repos.d/redhat* /root/oldrepos/" logCmd "dnf repolist all" + fi if [[ $waitforstate ]]; then if [[ ! $is_airgap ]]; then # Build the repo locally so we can use it From b9204cbe99dfbb599f0beafd10f25753e8b5f5e3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 10 Jul 2023 12:57:59 -0400 Subject: [PATCH 081/125] Initial RHEL support --- salt/docker/init.sls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/docker/init.sls b/salt/docker/init.sls index 10d5665db..b24490d98 100644 --- a/salt/docker/init.sls +++ b/salt/docker/init.sls @@ -49,9 +49,9 @@ dockerheldpackages: pkg.installed: - pkgs: - containerd.io: 1.6.21-3.1.el9 - - docker-ce: 24.0.2-1.el9 - - docker-ce-cli: 24.0.2-1.el9 - - docker-ce-rootless-extras: 24.0.2-1.el9 + - docker-ce: 24.0.3-1.el9 + - docker-ce-cli: 24.0.3-1.el9 + - docker-ce-rootless-extras: 24.0.3-1.el9 - hold: True - update_holds: True {% endif %} From a3f79850fe4e0457de4a5678b4db435fff6fe0c4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 10 Jul 2023 20:31:49 -0400 Subject: [PATCH 082/125] Initial Oracle support --- setup/so-functions | 118 +++++++++++++++++++++++++++------------------ 1 file changed, 72 insertions(+), 46 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 75345b3ac..4cdf1f66c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -950,16 +950,19 @@ detect_os() { OSVER=9 is_rocky=true is_rpm=true + not_supported=true elif grep -q "CentOS Stream release 9" /etc/redhat-release; then OS=centos OSVER=9 is_centos=true is_rpm=true + not_supported=true elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then OS=rhel OSVER=9 is_rhel=true is_rpm=true + not_supported=true fi elif [ -f /etc/os-release ]; then OS=ubuntu @@ -967,17 +970,20 @@ detect_os() { OSVER=focal UBVER=20.04 is_ubuntu=true + is_supported=true elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then OSVER=jammy UBVER=22.04 is_ubuntu=true is_deb=true + not_supported=true elif grep -q "VERSION_CODENAME=bookworm" /etc/os-release; then OSVER=bookworm DEBVER=12 is_debian=true OS=debian is_deb=true + not_supported=true fi installer_prereq_packages @@ -987,6 +993,13 @@ detect_os() { fi info "Found OS: $OS $OSVER" + if [[ $is_override ]]; then + unset $not_supported + fi + if [[ $not_supported ]]; then + info "This is not a supported OS. Exiting Setup" + exit 1 + fi } @@ -1022,17 +1035,7 @@ installer_progress_loop() { done } -installer_prereq_packages() { -# if [ "$OS" == rocky ]; then -# if [[ ! $is_iso ]]; then -# if ! command -v nmcli > /dev/null 2>&1; then -# logCmd "dnf -y install NetworkManager" -# fi -# fi -# logCmd "systemctl enable NetworkManager" -# logCmd "systemctl start NetworkManager" -# el - +installer_prereq_packages() { if [[ $is_deb ]]; then # Print message to stdout so the user knows setup is doing something info "Running apt-get update" @@ -1768,7 +1771,7 @@ reserve_ports() { reinstall_init() { info "Putting system in state to run setup again" - if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then + if [[ $install_type =~ ^(MANAGER|EVAL|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then local salt_services=( "salt-master" "salt-minion" ) else local salt_services=( "salt-minion" ) @@ -1981,44 +1984,67 @@ securityonion_repo() { } repo_sync_local() { - # Sync the repo from the the SO repo locally. - # Check for reposync - info "Backing up old repos" - mkdir -p /nsm/repo - mkdir -p /opt/so/conf/reposync/cache - if [[ $is_rocky ]]; then - echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt - echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt - elif [[ $is_centos ]]; then - echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt - echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt - elif [[ $is_rhel ]]; then - echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt - echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt - fi - echo "[main]" > /opt/so/conf/reposync/repodownload.conf - echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf - echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf - echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf - echo "best=True" >> /opt/so/conf/reposync/repodownload.conf - echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf - echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf - echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf - echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf - echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf - echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf - echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf - echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf + if [[ $is_supported ]]; then + # Sync the repo from the the SO repo locally. + # Check for reposync + info "Backing up old repos" + mkdir -p /nsm/repo + mkdir -p /opt/so/conf/reposync/cache + #if [[ $is_rocky ]]; then + # echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt + # echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt + #elif [[ $is_centos ]]; then + # echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt + # echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt + #elif [[ $is_rhel ]]; then + # echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt + # echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt + #fi + echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /opt/so/conf/reposync/mirror.txt + echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /opt/so/conf/reposync/mirror.txt + echo "[main]" > /opt/so/conf/reposync/repodownload.conf + echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf + echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf + echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf + echo "best=True" >> /opt/so/conf/reposync/repodownload.conf + echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf + echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf + echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf + echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf + echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf + echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf + echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf + echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf - logCmd "dnf repolist" - # Make sure we can get to the sig repo - # TODO Add if for ISO install - curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install - logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" + logCmd "dnf repolist" + # Make sure we can get to the sig repo + # TODO Add if for ISO install + if [[ ! $is_airgap ]]; then + curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install + fi + logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" # After the download is complete run createrepo create_repo - + else + # Add the proper repos + echo "Adding Repos" + if [[ $is_rpm ]]; then + dnf -y install epel-release + dnf install -y yum-utils device-mapper-persistent-data lvm2 + rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub + if [[ $is_rhel ]]; then + dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo + curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo + else + dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo + curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo + fi + else + echo "Not sure how you got here." + exit 1 + fi + fi } saltify() { From 2cf36f1e8fa263b20d6bab2a329595a1e1021d97 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 12 Jul 2023 14:12:24 -0400 Subject: [PATCH 083/125] Initial Oracle support --- setup/so-functions | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 4cdf1f66c..a5584a9d9 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -958,22 +958,31 @@ detect_os() { is_rpm=true not_supported=true elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then - OS=rhel - OSVER=9 - is_rhel=true - is_rpm=true - not_supported=true + if [ -f /etc/oracle-release ]; then + OS=oracle + OSVER=9 + is_oracle=true + is_rpm=true + is_supported=true + else + OS=rhel + OSVER=9 + is_rhel=true + is_rpm=true + not_supported=true + fi fi elif [ -f /etc/os-release ]; then - OS=ubuntu if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then OSVER=focal UBVER=20.04 + OS=ubuntu is_ubuntu=true is_supported=true elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then OSVER=jammy UBVER=22.04 + OS=ubuntu is_ubuntu=true is_deb=true not_supported=true @@ -2080,7 +2089,7 @@ saltify() { add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" else - # Add Salt Repo *NOTE* You have to use debian 11 since it isn't out for + # Add Salt Repo *NOTE* You have to use debian 11 since it isn't out for 12 logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg" echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/ bullseye main" | sudo tee /etc/apt/sources.list.d/salt.list From 7732435b6443bcbce2a2f547e14514b240fe3ef0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 12 Jul 2023 14:49:59 -0400 Subject: [PATCH 084/125] Initial Oracle support --- .../keys/SALT-PROJECT-GPG-PUBKEY-2023.pub | 41 +++++++++++++++++++ salt/repo/client/files/oracle/keys/docker.pub | 28 +++++++++++++ setup/so-functions | 4 ++ 3 files changed, 73 insertions(+) create mode 100644 salt/repo/client/files/oracle/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub create mode 100644 salt/repo/client/files/oracle/keys/docker.pub diff --git a/salt/repo/client/files/oracle/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub b/salt/repo/client/files/oracle/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub new file mode 100644 index 000000000..be55ef561 --- /dev/null +++ b/salt/repo/client/files/oracle/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGPazmABDAC6qc2st6/Uh/5AL325OB5+Z1XMFM2HhQNjB/VcYbLvcCx9AXsU +eaEmNPm6OY3p5+j8omjpXPYSU7DUQ0lIutuAtwkDMROH7uH/r9IY7iu88S6w3q89 +bgbnqhu4mrSik2RNH2NqEiJkylz5rwj4F387y+UGH3aXIGryr+Lux9WxfqoRRX7J +WCf6KOaduLSp9lF4qdpAb4/Z5yExXtQRA9HULSJZqNVhfhWInTkVPw+vUo/P9AYv +mJVv6HRNlTb4HCnl6AZGcAYv66J7iWukavmYKxuIbdn4gBJwE0shU9SaP70dh/LT +WqIUuGRZBVH/LCuVGzglGYDh2iiOvR7YRMKf26/9xlR0SpeU/B1g6tRu3p+7OgjA +vJFws+bGSPed07asam3mRZ0Y9QLCXMouWhQZQpx7Or1pUl5Wljhe2W84MfW+Ph6T +yUm/j0yRlZJ750rGfDKA5gKIlTUXr+nTvsK3nnRiHGH2zwrC1BkPG8K6MLRluU/J +ChgZo72AOpVNq9MAEQEAAbQ5U2FsdCBQcm9qZWN0IFBhY2thZ2luZyA8c2FsdHBy +b2plY3QtcGFja2FnaW5nQHZtd2FyZS5jb20+iQHSBBMBCAA8FiEEEIV//dP5Hq5X +eiHWZMu8gXPXaz8FAmPazmACGwMFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheA +AAoJEGTLvIFz12s/yf0L/jyP/LfduA4DwpjKX9Vpk26tgis9Q0I54UerpD5ibpTA +krzZxK1yFOPddcOjo+Xqg+I8aA+0nJkf+vsfnRgcpLs2qHZkikwZbPduZwkNUHX7 +6YPSXTwyFlzhaRycwPtvBPLFjfmjjjTi/aH4V/frfxfjH/wFvH/xiaiFsYbP3aAP +sJNTLh3im480ugQ7P54ukdte2QHKsjJ3z4tkjnu1ogc1+ZLCSZVDxfR4gLfE6GsN +YFNd+LF7+NtAeJRuJceXIisj8mTQYg+esTF9QtWovdg7vHVPz8mmcsrG9shGr+G9 +iwwtCig+hAGtXFAuODRMur9QfPlP6FhJw0FX/36iJ2p6APZB0EGqn7LJ91EyOnWv +iRimLLvlGFiVB9Xxw1TxnQMNj9jmB1CA4oNqlromO/AA0ryh13TpcIo5gbn6Jcdc +fD4Rbj5k+2HhJTkQ78GpZ0q95P08XD2dlaM2QxxKQGqADJOdV2VgjB2NDXURkInq +6pdkcaRgAKme8b+xjCcVjLkBjQRj2s5gAQwAxmgflHInM8oKQnsXezG5etLmaUsS +EkV5jjQFCShNn9zJEF/PWJk5Df/mbODj02wyc749dSJbRlTY3LgGz1AeywOsM1oQ +XkhfRZZqMwqvfx8IkEPjMvGIv/UI9pqqg/TY7OiYLEDahYXHJDKmlnmCBlnU96cL +yh7a/xY3ZC20/JwbFVAFzD4biWOrAm1YPpdKbqCPclpvRP9N6nb6hxvKKmDo7MqS +uANZMaoqhvnGazt9n435GQkYRvtqmqmOvt8I4oCzV0Y39HfbCHhhy64HSIowKYE7 +YWIujJcfoIDQqq2378T631BxLEUPaoSOV4B8gk/Jbf3KVu4LNqJive7chR8F1C2k +eeAKpaf2CSAe7OrbAfWysHRZ060bSJzRk3COEACk/UURY+RlIwh+LQxEKb1YQueS +YGjxIjV1X7ScyOvam5CmqOd4do9psOS7MHcQNeUbhnjm0TyGT9DF8ELoE0NSYa+J +PvDGHo51M33s31RUO4TtJnU5xSRb2sOKzIuBABEBAAGJAbYEGAEIACAWIQQQhX/9 +0/kerld6IdZky7yBc9drPwUCY9rOYAIbDAAKCRBky7yBc9drP8ctC/9wGi01cBAW +BPEKEnfrKdvlsaLeRxotriupDqGSWxqVxBVd+n0Xs0zPB/kuZFTkHOHpbAWkhPr+ +hP+RJemxCKMCo7kT2FXVR1OYej8Vh+aYWZ5lw6dJGtgo3Ebib2VSKdasmIOI2CY/ +03G46jv05qK3fP6phz+RaX+9hHgh1XW9kKbdkX5lM9RQSZOof3/67IN8w+euy61O +UhNcrsDKrp0kZxw3S+b/02oP1qADXHz2BUerkCZa4RVK1pM0UfRUooOHiEdUxKKM +DE501hwQsMH7WuvlIR8Oc2UGkEtzgukhmhpQPSsVPg54y9US+LkpztM+yq+zRu33 +gAfssli0MvSmkbcTDD22PGbgPMseyYxfw7vuwmjdqvi9Z4jdln2gyZ6sSZdgUMYW +PGEjZDoMzsZx9Zx6SO9XCS7XgYHVc8/B2LGSxj+rpZ6lBbywH88lNnrm/SpQB74U +4QVLffuw76FanTH6advqdWIqtlWPoAQcEkKf5CdmfT2ei2wX1QLatTs= +=ZKPF +-----END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/oracle/keys/docker.pub b/salt/repo/client/files/oracle/keys/docker.pub new file mode 100644 index 000000000..1967cbf01 --- /dev/null +++ b/salt/repo/client/files/oracle/keys/docker.pub @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ +1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP +w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7 +gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh +KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50 +uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ +WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO ++VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN +spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM ++q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0 +rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB +tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 +BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti +Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG +VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l +TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC +/LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3 +ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ +XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao +xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra +IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL +GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi +g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW +5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ +=0Zqq +-----END PGP PUBLIC KEY BLOCK----- diff --git a/setup/so-functions b/setup/so-functions index a5584a9d9..c871075fd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2452,6 +2452,10 @@ update_packages() { RMREPOFILES=("redhat-addons.repo" "redhat-devel.repo" "redhat-extras.repo" "redhat.repo") info "Removing repo files added by redhat-repos package update" fi + if [[ $is_oracle ]]; then + RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo") + info "Removing repo files added by oracle-repos package update" + fi for FILE in ${RMREPOFILES[@]}; do logCmd "rm -f /etc/yum.repos.d/$FILE" done From 6f81e234cd1fb0cc6d73d55109341e3c0aabd410 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 12 Jul 2023 14:52:23 -0400 Subject: [PATCH 085/125] Initial Oracle support --- salt/common/tools/sbin/so-common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 32fb513c5..4d2466de9 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -199,7 +199,7 @@ get_random_value() { } gpg_rpm_import() { - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rpm ]]; then if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then local RPMKEYSLOC="../salt/repo/client/files/$OS/keys" else From 50103aebb33ed9de5b9036adcc5479c0143e4f57 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 12 Jul 2023 14:59:36 -0400 Subject: [PATCH 086/125] Initial Oracle support --- salt/common/packages.sls | 37 +++++++------------------------------ salt/docker/init.sls | 6 +++--- 2 files changed, 10 insertions(+), 33 deletions(-) diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 3f8d50b55..81cb9b91e 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -31,7 +31,7 @@ commonpkgs: - python3-rich {% endif %} -{% if grains.oscodename == 'focal' %} +{% if grains.oscodename == 'focal' %} # since Ubuntu requires and internet connection we can use pip to install modules python3-pip: pkg.installed @@ -42,9 +42,10 @@ python-rich: - target: /usr/local/lib/python3.8/dist-packages/ - require: - pkg: python3-pip +{% endif %} {% endif %} -{% elif GLOBALS.os == 'Rocky' %} +{% if GLOBALS.os_family == 'RedHat' %} commonpkgs: pkg.installed: - skip_suggestions: True @@ -56,7 +57,11 @@ commonpkgs: - net-tools - curl - sqlite + {% if GLOBALS.os == 'CentOS Stream' %} + - MariaDB-devel + {% else %} - mariadb-devel + {% endif %} - python3-dnf-plugin-versionlock - nmap-ncat - yum-utils @@ -72,34 +77,6 @@ commonpkgs: - python3-watchdog - python3-packaging - unzip - -{% elif GLOBALS.os == 'CentOS Stream' %} -commonpkgs: - pkg.installed: - - skip_suggestions: True - - pkgs: - - wget - - jq - - tcpdump - - httpd-tools - - net-tools - - curl - - sqlite - - MariaDB-devel - - python3-dnf-plugin-versionlock - - nmap-ncat - - yum-utils - - device-mapper-persistent-data - - lvm2 - - openssl - - git - - python3-docker - - python3-m2crypto - - rsync - - python3-rich - - python3-pyyaml - - python3-packaging - - unzip - fuse - fuse-libs - fuse-overlayfs diff --git a/salt/docker/init.sls b/salt/docker/init.sls index b24490d98..897af9b93 100644 --- a/salt/docker/init.sls +++ b/salt/docker/init.sls @@ -49,9 +49,9 @@ dockerheldpackages: pkg.installed: - pkgs: - containerd.io: 1.6.21-3.1.el9 - - docker-ce: 24.0.3-1.el9 - - docker-ce-cli: 24.0.3-1.el9 - - docker-ce-rootless-extras: 24.0.3-1.el9 + - docker-ce: 24.0.4-1.el9 + - docker-ce-cli: 24.0.4-1.el9 + - docker-ce-rootless-extras: 24.0.4-1.el9 - hold: True - update_holds: True {% endif %} From 695ec149f19680214450c6a29595a80d54600ee4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 12 Jul 2023 15:07:26 -0400 Subject: [PATCH 087/125] Initial Oracle support --- .../files/oracle/keys/securityonion.pub | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 salt/repo/client/files/oracle/keys/securityonion.pub diff --git a/salt/repo/client/files/oracle/keys/securityonion.pub b/salt/repo/client/files/oracle/keys/securityonion.pub new file mode 100644 index 000000000..15be14ca9 --- /dev/null +++ b/salt/repo/client/files/oracle/keys/securityonion.pub @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBF7rzwEBEADBg87uJhnC3Ls7s60hbHGaywGrPtbz2WuYA/ev3YS3X7WS75p8 +PGlzTWUCujx0pEHbK2vYfExl3zksZ8ZmLyZ9VB3oSLiWBzJgKAeB7YCFEo8te+eE +P2Z+8c+kX4eOV+2waxZyewA2TipSkhWgStSI4Ow8SyVUcUWA3hCw7mo2duNVi7KO +C3vvI3wzirH+8/XIGo+lWTg6yYlSxdf+0xWzYvV2QCMpwzJfARw6GGXtfCZw/zoO +o4+YPsiyztQdyI1y+g3Fbesl65E36DelbyP+lYd2VecX8ELEv0wlKCgHYlk6lc+n +qnOotVjWbsyXuFfo06PHUd6O9n3nmo0drC6kmXGw1e8hu0t8VcGfMTKS/hszwVUY +bHS6kbfsOoAb6LXPWKfqxk/BdreLXmcHHz88DimS3OS0JufkcmkjxEzSFRL0kb2h +QVb1SATrbx+v2RWQXvi9sLCjT2fdOiwi1Tgc84orc7A1C3Jwu353YaX9cV+n5uyG +OZ2AULZ5z2h13sVuiZAwfyyFs/O0CJ783hFA2TNPnyNGAgw/kaIo7nNRnggtndBo +oQzVS+BHiFx98IF4zDqmF2r2+jOCjxSrw8KnZBe4bgXFtl89DmjoejGvWDnu2MVM +pZDEs1DcOxHBQmTCWMIYLyNKG0xW6diyWBxEIaa7YgrP6kA+RaDfZ/xXPwARAQAB +tD9TZWN1cml0eSBPbmlvbiBTb2x1dGlvbnMsIExMQyA8aW5mb0BzZWN1cml0eW9u +aW9uc29sdXRpb25zLmNvbT6JAlQEEwEKAD4WIQTIBKk9Nr4Mcz6hlkR8EGC3/lBw +EwUCXuvPAQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB8EGC3 +/lBwExB1D/42xIDGU2XFNFyTU+ZqzDA8qNC9hEKjLeizbeM8RIm3xO+3p7SdqbuJ +7pA8gk0RiHuILb+Ba1xiSh/w/W2bOxQhsXuWHih2z3W1tI+hu6RQhIm4e6CIHHf7 +Vzj4RSvHOVS0AzITUwkHjv0x0Z8zVBPJfEHKkK2x03BqP1o12rd7n2ZMrSfN6sED +fUwOJLDjthShtyLSPBVG8j7T5cfSCPSLhfVOKPQVcI1sSir7RLeyxt1v1kzjQdaA ++znxO8EgfZJN93wzfBrAGcVT8KmpmgwR6p46m20wJXyZC9DZxJ0o1y3toVWTC+kP +Qj1ROPivySVn10rBoOJk8HteyhW07gTcydq+noKHV7SqJ1899xRAYP7rDCfI9iMW +Nn22ZDLnAkIcbNR7JLJCHwsZH/Umo9KO/dIccIqVQel3UCCYZcWTZW0VkcjqVKRa +eK+JQGaJPrBAoxIG5/sMlbk2sINSubNWlcbH6kM0V8NVwdPiOO9xLmp2hI4ICxE3 +M+O2HCNX4QYzVizzTFxEvW3ieLa4nePQ8J6lvMI2oLkFP7xHoFluvZnuwfNvoEy0 +RnlHExN1UQTUvcbCxIbzjaJ4HJXilWHjgmGaVQO1S7AYskWnNWQ7uJvxnuZBNNwm +pIvwYEZp23fYaWl/xKqnmPMy2ADjROBKlCm7L+Ntq1r7ELGW5ZCTobkCDQRe688B +ARAA22GzdkSAo+mwJ2S1RbJ1G20tFnLsG/NC8iMN3lEh/PSmyPdB7mBtjZ+HPDzF +VSznXZdr3LItBBQOli2hVIj1lZBY7+s2ZufV3TFFwselUwT3b1g1KMkopD95Ckf8 +WhLbSz2yqgrvcEvbB0HFX/ZEsHGqIz2kLacixjwXXLWOMQ2LNbeW1f5zQkBnaNNQ +/4njzTj68OxnvfplNYNJqi2pZGb2UqarYX04FqKNuocN8E7AC9FQdBXylmVctw9T +pQVwfCI76bTe6vPWb+keb6UNN1jyXVnhIQ3Fv5sFBsmgXf/hO8tqCotrKjEiK2/i +RkvFeqsGMXreCgYg9zW4k+DcJtVa+Q8juGOjElrubY3Ua9mCusx3vY4QYSWxQ5Ih +k1lXiUcM5Rt38lfpKHRJ5Pd4Y5xlWSQfZ7nmzbf/GzJQz+rWrA0X6Oc6cDOPLNXK +w1dAygre4f2bsp5kHQt6NMefxeNTDmi+4R62K0tb40f5q0Vxz8qdyD48bBsbULNx +kb6mjOAD+FNkfNXcGeuTq9oRnjx8i93mhYsIP5LFNDXS/zSP1nv0ZUFeIlGQGjV9 +1wOvT454qkI9sKiVFtd4FrNKZJbKszxxDm+DPfB5j+hRC4oeEJ7w+sVyh3EawtfM +V7Mwj8i+7c3YUCravXBhSwG7SCTggFUgA8lMr8oWVgCATYsAEQEAAYkCPAQYAQoA +JhYhBMgEqT02vgxzPqGWRHwQYLf+UHATBQJe688BAhsMBQkSzAMAAAoJEHwQYLf+ +UHATTtwQAJiztPW68ykifpFdwYFp1VC7c+uGLhWBqjDY9NSUKNC9caR7bV0cnNu8 +07UG6j18gCB2GSkukXjOR/oTj6rNcW/WouPYfQOrw7+M2Ya8M8iq+E/HOXaXB3b4 +FeCcB0UuwfcHHd2KbXrRHA+9GNpmuOcfTCdsPpIr41Xg4QltATDEt/FrzuKspXg4 +vUKDXgfnbj7y0JcJM2FfcwWGlnAG5MMRyjJQAleGdiidX/9WxgJ4Mweq4qJM0jr3 +Qsrc9VuzxsLr85no3Hn5UYVgT7bBZ59HUbQoi775m78MxN3mWUSdcyLQKovI+YXr +tshTxWIf/2Ovdzt6Wq1WWXOGGuK1qgdPJTFWrlh3amFdb70zR1p6A/Lthd7Zty+n +QjRZRQo5jBSnYtjhMrZP6rxM3QqnQ0frEKK9HfDYONk1Bw18CUtdwFGb9OMregLR +IjvNLp9coSh5yYAepZyUGEPRET0GsmVw2trQF0uyMSkQfiq2zjPto6WWbsmrrbLr +cfZ/wnBw1FoNEd51U54euo9yvOgOVtJGvqLgHNwB8574FhQhoWAMhyizqdgeEt26 +m3FXecUNKL/AK71/l04vor+/WsXe8uhDg3O84qeYa9wgd8LZZVmGZJDosSwqYjtb +LdNNm+v60Zo6rFWSREegqi/nRTTDdxdW99ybjlh+mpbq3xavyFXF +=bhkm +-----END PGP PUBLIC KEY BLOCK----- From d98a1d5ae593209edca108c4735fc8264035b160 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 13 Jul 2023 08:40:09 -0400 Subject: [PATCH 088/125] Initial Oracle support --- salt/repo/client/init.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index 9ca156a7c..78fcae676 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -3,6 +3,8 @@ include: {% if GLOBALS.os == 'CentOS Stream' %} - repo.client.centos + {% elif GLOBALS.os == 'ol9' %} + - repo.client.oracle {% else %} - repo.client.{{grains.os | lower}} {% endif %} \ No newline at end of file From b915cea52fb36ffd4dfc594740e6ea315f23e05e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 13 Jul 2023 08:44:20 -0400 Subject: [PATCH 089/125] Initial Oracle support --- .../files/oracle/keys/MariaDB-Server-GPG-KEY | 236 ++++++++++++++++++ .../files/oracle/keys/RPM-GPG-KEY-EPEL-9 | 29 +++ 2 files changed, 265 insertions(+) create mode 100644 salt/repo/client/files/oracle/keys/MariaDB-Server-GPG-KEY create mode 100644 salt/repo/client/files/oracle/keys/RPM-GPG-KEY-EPEL-9 diff --git a/salt/repo/client/files/oracle/keys/MariaDB-Server-GPG-KEY b/salt/repo/client/files/oracle/keys/MariaDB-Server-GPG-KEY new file mode 100644 index 000000000..f76d5f4ac --- /dev/null +++ b/salt/repo/client/files/oracle/keys/MariaDB-Server-GPG-KEY @@ -0,0 +1,236 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.14 (GNU/Linux) + +mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis +497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM +LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8 +p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn +U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb +XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j +zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx +cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H +48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ +YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu +b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK +CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3 +kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I +9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3 +P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb +Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF +iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl +sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0 +u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2 +YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b +GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ +7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD +EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb +LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk +Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3 +d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo +8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr +q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6 +4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI +UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl +J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B +TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF +F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6 ++Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR +tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYKJAhwEEwEIAAYF +AlOoWhYACgkQJhw1C503mSxeqRAApW8UY3vvyKqjoqJu94RIyI7AIkwn4Vw5LxDS +gN623ghE2IIwF2Ytp9fMXID8BRZVjnESTrTvuBFp8GT4T1lUEv6zC8tMzZdO9BeU +pmT9odeen0h92GKgUfRwWTjViJHSDrV8wHcHhA8FX3mEVy17s7Nvvj2Ki3AIG6WW +LzZOSmbQJV+DaHXionQqecsVousCgwwuWWNqKXSJASzcOS1LRoVJDnZyGXmi1thX +thU0FcyLyaKjLfCP6ZoorGaxcEev6nxUUWAfO7MWVUTB6ij2PL/d6oRgbyOUsdne +NRBa6sblLDRivI38KKC5GCw7Eh4yoQJzG2r3QQBgJto/bDoUMJW+EFeM2qgcISCD +6eGrVy9ZHVBOPgBS8awEAvaR5/Gy/kn6YYUg5ReC8O+HCWDIxVrbrwyeCxHg+HUI +mgtVfyZfLnpBzp0p1jSAlC3N7KWviPt+/MQmW0a7+WMnbVxJiJmJQHuFoGcHFFM8 +wOA8i1KUXzWgT+IYOw9/nw2qyHMwV3BO/Py9OfRUKlybGar5rGBos7uFHk7pe+Yp +7pdES5Ie83Zw7CHMDp8u7VeEJHSqxVd+jaeHl6nnuG1Hoo4AVLTm5ATbj1Zdq+td +8sNWVyMue0nRvuAtTlN0iBkH/KVor6GGf2HZYXfDcGu7zojtNHlYXngBuz60YlDL +oPeFaoeJAhwEEQEKAAYFAlOoUqcACgkQgHar3gJLs9HE1hAAxzxXG1jNu1ntjEkv +M3js4j84rS+JI1XhR+7JalndjXAbHjwMlo/KOLhRtKYXdpkXpGmrE87FDdW8mci5 +nSahPMn/+vaEdVYyXqo1w0UvZChHxWnsE9FRgggOxTbCZae1P5LVSTB1XZcHZ7+9 +cG0cO43FCB20AMCOHcFr8j0F4HYi+KllI3kawdV8l6qCy6q06z47v0C+ZxoFcdYj +KLYxymaBn+FE9GKEHJZiqMljiKzt41OGpkg3S1vtXl0zqUKfiebo3ZcVMF3xtio8 +NVpHIQSsqg8Q7zZrLBkPTQw0smCdUFxYMjBOVSZ15z7tFCQMYuHThrf2j2wZv++F +cgt9C/6wbGalCNDuOU/dyfyiO95GPQf1nqq2N2vHGIaGMvbqS8oahprEJ3nXEisT +TJ+ofh1f+GX4QCO4mjtR1voqKbg9xkMl9Ap/fEgW3btZ1kuhegpekPDgGhGVwJ9V +N3w1XVOSUdFmKtArHvBrb6cfV6VHiOuYcPWkTwGckJOwNJhgyUPsjGWwrIp6L0+G +4emipfYoIDtFouSjkVF4eXJcr/taguuICj/pn7rsFdYlij5lbcxGVC+aPTcJrdY8 +v7Zyv2wOcTIrU//7PGPLJI1cdT7gQUYlzVnAJGxhq9CLPZlNJRy9pLDTPxvVXQRz +jQxx6RX1pAUPDWJQ2wfmaEHAz0WJAhwEEwECAAYFAlOnjksACgkQDj2OcPh1SrYd +tQ/+LOsCj8V0oOzbiTHREBrjr3S7u/58HRD/8zec61rc4FoCp3Fa+3kmhFDIajLj +VeRtsSSaOr0u6cue30QsGeHE2cbGPNWIqXV3V80I57O3yXRL2DU4GmDLNIF2/ejy +wCSvbHgONEXC4UVPtamHWGqh4sh2ijyJqUx3I0/6afBFn4BVfcsAjNrRe/GwD80/ +ETkfSui4flyZ330sjqM/N2Hp/YwsOTXKXfAThcjb+qZ2BRVnmpldeK593+dFvFG1 +FUK3kC8VFqS49fxgxR/Zo7jNEbrltzjzdRb6BBY86tqwbcnrja8MJHA2MpGtGckV +9/K/LE2jVJN+qeyLN/EoM86Sd+WIQtVY3oxAYwiVGng83t+CI6NPazVMLIQlciwI +lAY+DAGNz+mUTeKwCv7F8sOX91v6PHaB0csvk1I2Is3qwv8zlgnhKdl2R6PzQbsU +Ix1+rvsJ99no75GJeVY/D9YzBJ4a0i0Uu7QF/k8F690qDvSTwx71unxX+0PmJqNu +2sCVQNgLFt7Qtj9+l1pzulzWlZBSDhIBs5mT0jscwjRykDgfngiWDOymfdMG8eSZ +GAK10j+F883uyWlEEFOdA/DBOV3d3Jcm935of4dT1GUmKeoAKixHMkiNT3RvGHlm +fEjMq0vdf6inZva0PTzJSkhooMWYBuROHRMZs9PjrdXRHBeIRgQSEQIABgUCU6iz ++gAKCRAcAAgvMZOT9D2+AJ9aAZIbjN/m2Jjaojkxg9L5aBWBPQCeJIMpW1iiDELi +byKoVnd08EbgxJqIXgQSEQgABgUCU6iz4wAKCRBWtwXK6VQruLL/AQCbgU3t/mfh +bMQjuvE2DsE3qXiEVMEbXnxlCiodiMF4UgEAgPIAQcV+Jo+D+p0nHrVl2ClAhhpz +W/zuJqtJ24C20ZqJAhwEEAECAAYFAlOocMMACgkQyapz7WGq1jsRNg/+NH09e7g1 +CuPVa/1cBRoiprBvWXmy734MpkzW4kyVMZjBCQXBCrJFvZgvhQhYrR8jXmj+ZJEr +kfX3UHimyhWbBnu+XqIWzWwEtg7bggQN3eFyNcIV/KI9rK7IBQO92AptpTusIdgA +DQTFlJO06pF4kE89ZjBALQFbKDY1EJX3hyQEYixOzO4936xbwxoiJKR2J71ZGele +xXauhz2kpOd2jg/oMhhAOzldFaWAUBQJZPwl4vZrqVjNcMUNeINGd7++kkfBLfxL +xHJ8ynnXWHalsHVzdDRaFqp1Bna8RwrHnDd4Hwd/4Qv7iVZqmLLqEJpIgS1IDMx/ +BwkrCOD0gluwmxlm3PbbeUKeR/cj6CICFt9TgUJrYm9Vh7n0y8uHKY6PE5J4NX9l +D75eoPk2SuYTNgAR4iuI5MYQIKWL7aeKh09piPgrIrja8eDQ5AsklBaDYxOYZrot +Xx+sgGXGSLK3eyvZ+hJ8hBX38mydYpswzhvr/vAyKz8TQ6bwnRVlvkMYE+LjevOD +Wm9+EfkvBRChJcgDoycoHIFVaQ47Hgu2eGyCRNoMZ3l6O1O4AN5+RXrAJAi06zFs +RUnBLqxjSMmYqPYUowAxG0ukougc2HVCl1kMD9NxvK5zOfleUA8wWb5O9Z5tllnD +qu7RtIVXAXIJgn2HRDVk+wP8xuY2qJlfo1yJAhwEEAECAAYFAlOpb/EACgkQKPqA +GkO91jd+Dg/+NF4QwqLvxgl2TiORDt5HjWHSGMBlaYFBEwrBAgNvwZEH80mAsua6 +FnfZMSGiFmpVfMUqkjOJVdmA8yERxYFsyGopv/9OmOT2UxV4IZl5YYAJRsPHLjzV +MIUKiGPI1yvrhYW91hKRFGIxwqE7XHwWToufwHe5WB6AdeGyoIHtQcw0eTKSJHz2 +zbpyWKBx0wAK55YqMEQ2rx9qcOjZy3vjxlotwfGnBeR4VT6Oap1DvAkNZ4XcN0Ok +AKZbFBEMbJed9fnciwDV+Y/svPb05l+zSgmqJ6axhwSvu7rct+dksfmb0BnF03kh +SzNVlu0S/85mhEPgx1/BZxIp34RDbcqWymHsgPyhxwBBlFryfVvJrtyAMWs4T8mn +RkqKrNQHMfPOTBioxi2HOyG2eSK8BlQsJS5yccnYaBnSegWaIxkU+2l/yJkYMhl5 +sXdlmqcTtwv+R+acDkEPe9BQstn0+xOWL6hqpA0EM710LJCkQnB4c/JNgW5CL08k +CevBVole5jYJL5rXmUL0U+ZWGZMakFrrrkhuQMEjxecyuOHs4jrnsVVGz/e0hqWv +0NnRY9m5UyKEZIA1si8tFIrtrTSgZ5/sGH9/pksQ2HObrKe4LY6zVSyJLXwX1htQ +/j0st83YkDZ5mEY0r+Hh/1XOzhWgQ0ONR/MOIKNyjVTHldCrb4WPM4mJAZwEEAEC +AAYFAlOo8v0ACgkQrgrV97KweO9sfgv+NKYxgCiWrRjYW80hJE74OEJrjBGQDOJ5 +MPVvPSH7StOfSMpckLoNWedJJ7RuInOzuUY0lAUH6/ql+Krf4ysHlSGjuu+dDy0d +HN3gu994YrjT6hVzEG1OV+sJcTuvgn2qTVYu1ksIV/SZ48l0PRMwPXcu3FSzKvti +G1gHFNx1cyzjxwmdT42afKCpR8RvwmWPfbDmEz500iFXsw78EEBXEWo81bXncWdZ +Eic8QeVyTWKFldIrZLkL7+RQY3hViu0G5C7gSP39ZU4ZTegqMaEhHzuKtCiNO5Y2 ++hkYZgRNnUOSrmWO+wkLUNRtG2Strx5Sy9p94fn/decfuRsEJo4L1aMCFGEDfRSD +bc3pBG3tr9qvNBAegTTMQlZJcxa52Z7EI56rQGYEPw8kvt/uOqMYybUIxwVATgIt +fRy9Jsyz+0DwZfEINkuEFA/S2KCwWys5aZfPDCsqwh0gS/olvT06v97loF8XED0P +0irX4/6BHFHDlM8aNnN11p02p5lrTpLGuQQNBEtohLgQEAClnTC/GlBWVno4QVr1 +IFDl5yVEg6NeMqqRgaS8jH6NSaoJh86B8+LE4ZhLlDYrAc3PhcQ4g4DWTIKUCgAC +A4QZTGPwLGdsGTXQhWj8kE42N2opg9nZg114gispcSZqLiLmErkB9kejKqxXlqrE +aQZ5VSO79yjJEljotryIv5EG7GJG5Q9bKYaO0hIBHp9KI3x/+RGXL/L0uYw7wlw6 +l6J6otQU8roq7OEjgXScWQcmlk8M04ceX4aYBn5KpnGYiumQbKZ3fqFMrFbieWc3 +qSpzWAzB2fUv+78P4L+OExtNOyyqIxl7I/24WacwHeWzU1Xw7G9vFxMEbQzuDgCV +99RAqlSs2EgGgLdHtRthDcJNlfVCn9MHNt9ECAaF1YFANAR3f8uX0bhBoKz0j7hb +ryuQCvt7sjKUfJ8SL2hhCRcUgR5oCGIQ2YkGlwulqz/I0mgtrKrM+xD6VE2DeiYW +e0+1miWQyLqitE2LGuBdXrib/TVg2OYEVOqynnA6raPRyZORs5ap2eWYY+DYSXW5 +95slzphZLWcWbphGk38HdBu0CdqvUJv4geWvSFpM5iFCn5cU36TVuuqz5K59rz+v +Po3m2yb5bkaMcq8evbgVNrTa7cfiUio2U0GTNlkqHMCHERaInPBz9/a6kbm92mWs +z9gJT5dOi1g9vlkRdB7aYP+tcwADBQ//R/UM4kh+cyuHWj/dEqoOryTu2W/YYQS/ +RUSeHy3Lh0xvwOizYzU5zgq/1AsHcNdxLj8vglbm8XRCBIDOrWvmgFPXNoxyoNLo +5SUetZSLxoM23kQ9C4QZ0/b+JMN4Crivx4JisdELt6CV3JFmuZY19xk3r8b0r4lK +OFZ9JZZIFEipv5TFxA0KnqLq29VLEJ8srVHg/iQD9ngKja/LAh9V8+Ed3mchY2XX +KX07evTgYI1OPPCy/92FQYMUhWyCGB6Fm4vQFvuEO7K9nZKEAu6Znm3uZT9InaE6 +TeSU77ZsgkHSCq5SRaf/iDWHZOn1dVasjXHoZQHFFiTALi1ZqPNZ5ULmFwNUB2pg +3QfQdWP8ISCsRaUJW/WEnQlgCyNfwKPVC5kHWLfh+MSSDJsyOjegJTkYJKI2a+1N +5Sl7HJj/uIcB3KhkcVP59BLzhUxgoVPi1Ngf7mNNrrbJ8+GfrdNg+iutHJOobxol +AudzObQ03lHmauJglCOvg+Pw9JLBZyT8a3xHm9v4Lr365cg0Ho4qqEbrFTRuqcIj +G3c6FVLu/RJ8eOfT6KX8k5z96/3CbobkXGYRY6hjCJuZoPMd9z03UcxHONMQ0jt/ +Ik80WP0gOSnCTgTfKWuS5WXYoSZgMn1P2fLhQydDtJvrDn1SHEwgW1FM82lAlYJZ +d+FZQCjhZ8KISQQYEQIACQUCS2iEuAIbDAAKCRDLywgqG7lD29OGAJ4gfMkLP5Az +y7iIJOsZon3D/6PDPgCdGF1dwVW/uy+3ao53fvgS0JKO/bg= +=bSQ3 +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsFNBFb8EKsBEADwGmleOSVThrbCyCVUdCreMTKpmD5p5aPz/0jc66050MAb71Hv +TVcfuMqHYO8O66qXLpEdqZpuk4D+rw1oKyC+d8uPD2PSHRqBXnR0Qf+LVTZvtO92 +3R7pYnC2x6V6iVGpKQYFP8cwh2B1qgIa+9y/N8cQIqfD+0ghyiUjjTYek3YFBnqa +L/2h2V0Mt0DkBrDK80LqEY10PAFDfJjINAW9XNHZzi2KqUx5w1z8rItokXV6fYE5 +ItyGMR6WVajJg5D4VCiZd0ymuQP2bGkrRbl6FH5vofVSkahKMJeHs2lbvMvNyS3c +n8vxoBvbbcwSAV1gvB1uzXXxv0kdkFZjhU1Tss4+Dak8qeEmIrC5qYycLxIdVEhT +Z8N8+P7Dll+QGOZKu9+OzhQ+byzpLFhUHKys53eXo/HrfWtw3DdP21yyb5P3QcgF +scxfZHzZtFNUL6XaVnauZM2lqquUW+lMNdKKGCBJ6co4QxjocsxfISyarcFj6ZR0 +5Hf6VU3Y7AyuFZdL0SQWPv9BSu/swBOimrSiiVHbtE49Nx1x/d1wn1peYl07WRUv +C10eF36ZoqEuSGmDz59mWlwB3daIYAsAAiBwgcmN7aSB8XD4ZPUVSEZvwSm/IwuS +Rkpde+kIhTLjyv5bRGqU2P/Mi56dB4VFmMJaF26CiRXatxhXOAIAF9dXCwARAQAB +zS1NYXJpYURCIFNpZ25pbmcgS2V5IDxzaWduaW5nLWtleUBtYXJpYWRiLm9yZz7C +wXgEEwEIACIFAlb8EKsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPFl +byTHTNHYJZ0P/2Z2RURRkSTHLKZ/GqSvPReReeB7AI+ZrDapkpG/26xp1Yw1isCO +y99pvQ7hjTFhdZQ7xSRUiT/e27wJxR7s4G/ck5VOVjuJzGnByNLmwMjdN1ONIO9P +hQAs2iF3uoIbVTxzXof2F8C0WSbKgEWbtqlCWlaapDpN8jKAWdsQsNMdXcdpJ2os +WiacQRxLREBGjVRkAiqdjYkegQ4BZ0GtPULKjZWCUNkaat51b7O7V19nSy/T7MM7 +n+kqYQLMIHCF8LGd3QQsNppRnolWVRzXMdtR2+9iI21qv6gtHcMiAg6QcKA7halL +kCdIS2nWR8g7nZeZjq5XhckeNGrGX/3w/m/lwczYjMUer+qs2ww5expZJ7qhtSta +lE3EtL/l7zE4RlknqwDZ0IXtxCNPu2UovCzZmdZm8UWfMSKk/3VgL8HgzYRr8fo0 +yj0XkckJ7snXvuhoviW2tjm46PyHPWRKgW4iEzUrB+hiXpy3ikt4rLRg/iMqKjyf +mvcE/VdmFVtsfbfRVvlaWiIWCndRTVBkAaTu8DwrGyugQsbjEcK+4E25/SaKIJIw +qfxpyBVhru21ypgEMAw1Y8KC7KntB7jzpFotE4wpv1jZKUZuy71ofr7g3/2O+7nW +LrR1mncbuT6yXo316r56dfKzOxQJBnYFwTjXfa65yBArjQBUCPNYOKr0wkYEEhEI +AAYFAlb8JFYACgkQy8sIKhu5Q9snYACgh3id41CYTHELOQ/ymj4tiuFt1lcAn3JU +9wH3pihM9ISvoeuGnwwHhcKnwsFcBBIBCAAGBQJW/CSEAAoJEJFxGJmV5Fqe11cP +/A3QhvqleuRaXoS5apIY3lrDL79Wo0bkydM3u2Ft9EqVVG5zZvlmWaXbw5wkPhza +7YUjrD7ylaE754lHI48jJp3KY7RosClY/Kuk56GJI/SoMKx4v518pAboZ4hjY9MY +gmiAuZEYx5Ibv1pj0+hkzRI78+f6+d5QTQ6y/35ZjSSJcBgCMAr/JRsmOkHu6cY6 +qOpq4g8mvRAX5ivRm4UxE2gnxZyd2LjY2/S2kCZvHWVaZuiTD0EU1jYPoOo6fhc8 +zjs5FWS56C1vp7aFOGBvsH3lwYAYi1K2S+/B4nqpitYJz/T0zFzzyYe7ZG77DXKD +/XajD22IzRGKjoeVPFBx+2V0YCCpWZkqkfZ2Dt3QVW//QIpVsOJnmaqolDg1sxoa +BEYBtCtovU0wh1pXWwfn7IgjIkPNl0AU8mW8Ll91WF+Lss/oMrUJMKVDenTJ6/ZO +06c+JFlP7dS3YGMsifwgy5abA4Xy4GWpAsyEM68mqsJUc7ZANZcQAKr6+DryzSfI +Olsn3kJzOtb/c3JhVmblEO6XzdfZJK/axPOp3mF1oEBoJ56fGwO2usgVwQDyLt3J +iluJrCvMSBL9KtBZWrTZH5t3rTMN0NUALy4Etd6Y8V94i8c5NixMDyjRU7aKJAAw +tUvxLd12dqtaXsuvGyzLbR4EDT/Q5DfLC1DZWpgtUtCVwsFcBBIBCAAGBQJW/CS2 +AAoJEEHdwLQNpW8iMUoP/AjFKyZ+inQTI2jJJBBtrLjxaxZSG5ggCovowWn8NWv6 +bQBm2VurYVKhvY1xUyxoLY8KN+MvoeTdpB3u7z+M6x+CdfoTGqWQ2yapOC0eEJBF +O+GFho2WE0msiO0IaVJrzdFTPE0EYR2BHziLu0DDSZADe1WYEqkkrZsCNgi6EMng +mX2h+DK2GlC3W2tY9sc63DsgzjcMBO9uYmpHj6nizsIrETqouVNUCLT0t8iETa25 +Mehq/I92I70Qfebv7R4eMrs+tWXKyPU0OjV+8b8saZsv1xn98UkeXwYx4JI04OTw +nBeJG8yPrGDBO5iucmtaCvwGQ3c76qBivrA8eFz3azRxQYWWiFrkElTg+C/E83JQ +WgqPvPZkI5UHvBwBqcoIXG15AJoXA/ZWIB8nPKWKaV5KDnY3DBuA4rh5Mhy3xwcC +/22E/CmZMXjUUvDnlPgXCYAYU0FBbGk7JpSYawtNfdAN2XBRPq5sDKLLxftx7D8u +ESJXXAlPxoRh7x1ArdGM+EowlJJ0xpINBaT0Z/Hk0jxNIFEak796/WeGqewdOIki +dAs4tppUfzosla5K+qXfWwmhcKmpwA4oynE8wIaoXptoi8+rxaw4N6wAXlSrVxeC +VTnb7+UY/BT2Wx6IQ10C9jrsj6XIffMvngIinCD9Czvadmr7BEIxKt1LP+gGA8Zg +wsFcBBIBCgAGBQJYE6oDAAoJEL7YRJ/O6NqIJ24P+QFNa2O+Q1rLKrQiuPw4Q73o +7/blUpFNudZfeCDpDbUgJ01u1RHnWOyLcyknartAosFDJIpgcXY5I8jsBIO5IZPR +C/UKxZB3RYOhj49bySD9RNapHyq+Y56j9JUoz6tkKFBd+6g85Ej8d924xM1UnRCS +9cfI9W0fSunbCi2CXLbXFF7V+m3Ou1SVYGIAxpMn4RXyYfuqeB5wROR2GA5Ef6T3 +S5byh1dRSEgnrBToENtp5n7Jwsc9pDofjtaUkO854l45IqFarGjCHZwtNRKd2lcK +FMnd1jS0nfGkUbn3qNJam1qaGWx4gXaT845VsYYVTbxtkKi+qPUIoOyYx4NEm6fC +ZywH72oP+fmUT/fbfSHa5j137dRqokkR6RFjnEMBl6WHwgqqUqeIT6t9uV6WWzX9 +lNroZFAFL/de7H31iIRuZcm38DUZOfjVf9glweu4yFvuJ7cQtyQydFQJV4LGDT/C +8e9TWrV1/gWMyMGQlZsRWa+h+FfFUccQtfSdXpvSxtXfop+fVQmJgUUl92jh4K9j +c9a6rIp5v1Q1yEgs2iS50/V/NMSmEcE1XMOxFt9fX9T+XmKAWZ8L25lpILsHT3mB +VWrpHdbawUaiBp9elxhn6tFiTFR7qA7dlUyWrI+MMlINwSZ2AAXvmA2IajH/UIlh +xotxmSNiZYIQ6UbD3fk4wsFzBBABCgAdFiEEmy/52H2krRdju+d2+GQcuhDvLUgF +Ally44wACgkQ+GQcuhDvLUgkjQ//c3mBxfJm6yLAJD4s4OgsPv4pcp/EKmPcdztm +W0/glwopUZmq9oNo3VMMCGtusrQgpACzfUlesu9NWlPCB3olZkeGugygo0zuQBKs +55eG7bPzMLyfSqLKyogYocaGc4lpf4lbvlvxy37YGVrGpwT9i8t2REtM6iPKDcMM +sgVtNlqFdq3Fs2Haqt0m1EksX6/GSIrjK4LZEcPklrGPvUS3S+qkwuaGE/jXxncE +4jFQR9SYH6AHr6Vkt1CG9Dgpr+Ph0I9n0JRknBYoUZ1q51WdF946NplXkCskdzWG +RHgMUCz3ZehF1FzpKgfO9Zd0YZsmivV/g6frUw/TayP9gxKPt7z2Lsxzyh8X7cg6 +TAvdG9JbG0PyPJT1TZ8qpjP/PtqPclHsHQQIbGSDFWzRM5znhS+5sgyw8FWInjw8 +JjxoOWMa50464EfGeb2jZfwtRimJAJLWEf/JnvO779nXf5YbvUZgfXaX7k/cvCVk +U8M7oC7x8o6F0P2Lh6FgonklKEeIRtZBUNZ0Lk9OShVqlU9/v16MHq/Eyu/Mbs0D +en3vYgiYxOBR8czD1Wh4vsKiGfOzQ6oWti/DCURV+iTYhJc7mSWM6STzUFr0nCnF +x6W0j/zH6ZgiFAGOyIXW2DwfjFvYRcBL1RWAEKsiFwYrNV+MDonjKXjpVB1Ra90o +lLrZXAXCwHMEEgEKAB0WIQRMRw//78TT3Fl3hlXOGj3V48lPSQUCXAAgOgAKCRDO +Gj3V48lPSQxAB/43qoWteVZEiN3JW4FnHg+S60TnHSP69FKV+363XYKDa23pNpv4 +tiJumo9Kvb4UoDft766/URHm5RKyPtrxy+wqotamrkGJUTtP2a68h7C31VX+pf6i +iQKmxRQz4zmW0pA5X01+AgpvcDH++Fv5NLBpnjqPdTh5b0gvr89E0zMNldNYOZu1 +0H/mukrnGlFDu/osBuy+XJtP2MeasazVMLvjKs+hr//E+iLI9DZOwFBK6AX5gkkI +UEHkSeb4//AHwvanUMin9un9+F9iR+qDuDEKxuevYzM0owuoVcK5pAsRnRQJlnHW +/0BQ6FtNGpmljhvUk8a/l3xFf3z/uJG5vVKVzsFNBFb8EKsBEADDfCMsu2U1CdJh +r4xp6z4J89/tMnpCQASC8DQhtZ6bWG/ksyKt2DnDQ050XBEng+7epzHWA2UgT0li +Y05zZmFs1X7QeZr16B7JANq6fnHOdZB0ThS7JEYbProkMxcqAFLAZJCpZT534Gpz +W7qHwzjV+d13IziCHdi6+DD5eavYzBqY8QzjlOXbmIlY7dJUCwXTECUfirc6kH86 +CS8fXZTke4QYZ55VnrOomB4QGqP371kwBETnhlhi74+pvi3jW05Z5x1tVMwuugyz +zkseZp1VYmJq5SHNFZ/pnAQLE9gUDTb6UWcPBwQh9Sw+7ahSK74lJKYm3wktyvZh +zAxbNyzs1M56yeFP6uFwJTBfNByyMAa6TGUhNkxlLcYjxKbVmoAnKCVM8t41TlLv +/a0ki8iQxqvphVLufksR9IpN6d3F15j6GeyVtxBEv04iv4vbuKthWytb+gjX4bI8 +CAo9jGHevmtdiw/SbeKx2YBM1MF6eua37rFMooOBj4X7VfQCyS+crNsOQn8nJGah +YbzUDCCgnX+pqN9iZvXisMS79wVyD5DyISFDvT/5jY7IXxPibxr10P/8lfW1d72u +xyI2UiZKZpyHCt4k47yMq4KQGLGuhxJ6q6O3bi2aXRuz8bLqTBLca9dmx9wZFvRh +6jS/SKEg7eFcY0xbb6RVIv1UwGDYfQARAQABwsFfBBgBCAAJBQJW/BCrAhsMAAoJ +EPFlbyTHTNHYEBIQAJhFTh1u34Q+5bnfiM2dAdCr6T6w4Y1v9ePiIYdSImeseJS2 +yRglpLcMjW0uEA9KXiRtC/Nm/ClnqYJzCKeIaweHqH6dIgJKaXZFt1Uaia7X9tDD +wqALGu97irUrrV1Kh9IkM0J29Vid5amakrdS4mwt2uEISSnCi7pfVoEro+S7tYQ9 +iH6APVIwqWvcaty3cANdwKWfUQZ6a9IQ08xqzaMhMp2VzhVrWkq3B0j2aRoZR7BN +LH2I7Z0giIM8ARjZs99aTRL+SfMEQ3sUxNLb3KWP/n1lSFbrk4HGzqUBBfczESlN +c0970C6znK0H0HD11/3BTkMuPqww+Tzex4dpMQllMEKZ3wEyd9v6ba+nj/P1FHSE +y/VN6IXzd82s1lYOonKTdmXAIROcHnb0QUzwsd/mhB3jKhEDOV2ZcBTD3yHv8m7C +9G9y4hV+7yQlnPlSg3DjBp3SS5r+sOObCIy2Ad32upoXkilWa9g7GZSuhY9kyKqe +Eba1lgXXaQykEeqx0pexkWavNnb9JaPrAZHDjUGcXrREmjEyXyElRoD4CrWXySe4 +6jCuNhVVlkLGo7osefynXa/+PNjQjURtx8en7M9A1FkQuRAxE8KIZgZzYxkGl5o5 +POSFCA4JUoRPDcrl/sI3fuq2dIOE/BJ2r8dV+LddiR+iukhXRwJXH8RVVEUS +=mCOI +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/salt/repo/client/files/oracle/keys/RPM-GPG-KEY-EPEL-9 b/salt/repo/client/files/oracle/keys/RPM-GPG-KEY-EPEL-9 new file mode 100644 index 000000000..0cc05ecb3 --- /dev/null +++ b/salt/repo/client/files/oracle/keys/RPM-GPG-KEY-EPEL-9 @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp +CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 +2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW +DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu +n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z +39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy +XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK +44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS +9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH +DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq +uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB +tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI +ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE +FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF +3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC +nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n +R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG +4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe +CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL +9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 +w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT +/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd +fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE +r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux +VL469Kj5m13T6w== +=Mjs/ +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file From 68f5c9965a0180ab20f7d142ce9f40f075a9807b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 13 Jul 2023 09:24:01 -0400 Subject: [PATCH 090/125] Initial Oracle support --- salt/repo/client/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index 78fcae676..3e6dedb6b 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -3,7 +3,7 @@ include: {% if GLOBALS.os == 'CentOS Stream' %} - repo.client.centos - {% elif GLOBALS.os == 'ol9' %} + {% elif GLOBALS.os == 'OEL' %} - repo.client.oracle {% else %} - repo.client.{{grains.os | lower}} From a0b6e1076fffacc44811a56a877e20e20f5874f7 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 13 Jul 2023 10:04:55 -0400 Subject: [PATCH 091/125] Initial Oracle support --- salt/repo/client/files/oracle/yum.conf.jinja | 17 ++++++ salt/repo/client/oracle.sls | 62 ++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 salt/repo/client/files/oracle/yum.conf.jinja create mode 100644 salt/repo/client/oracle.sls diff --git a/salt/repo/client/files/oracle/yum.conf.jinja b/salt/repo/client/files/oracle/yum.conf.jinja new file mode 100644 index 000000000..ecbc124a8 --- /dev/null +++ b/salt/repo/client/files/oracle/yum.conf.jinja @@ -0,0 +1,17 @@ +{% set proxy = salt['pillar.get']('manager:proxy') -%} +[main] +cachedir=/var/cache/yum/$basearch/$releasever +keepcache=0 +debuglevel=2 +logfile=/var/log/yum.log +exactarch=1 +obsoletes=1 +gpgcheck=1 +plugins=1 +installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} +bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum +distroverpkg=oraclelinux-release +clean_requirements_on_remove=1 +{%- if proxy %} +proxy={{ proxy }} +{%- endif %} diff --git a/salt/repo/client/oracle.sls b/salt/repo/client/oracle.sls new file mode 100644 index 000000000..8b55964f4 --- /dev/null +++ b/salt/repo/client/oracle.sls @@ -0,0 +1,62 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use +# this file except in compliance with the Elastic License 2.0. + +{% from 'repo/client/map.jinja' import ABSENTFILES with context %} +{% from 'repo/client/map.jinja' import REPOPATH with context %} +{% from 'vars/globals.map.jinja' import GLOBALS %} + +{% set role = grains.id.split('_') | last %} +{% set MANAGER = salt['grains.get']('master') %} +{% if grains['os'] == 'OEL' %} + +{% if ABSENTFILES|length > 0%} + {% for file in ABSENTFILES %} +{{ file }}: + file.absent: + - name: {{ REPOPATH }}{{ file }} + - onchanges_in: + - cmd: cleandnf + {% endfor %} +{% endif %} + +cleandnf: + cmd.run: + - name: 'dnf clean all' + - onchanges: + - so_repo + +yumconf: + file.managed: + - name: /etc/yum.conf + - source: salt://repo/client/files/oracle/yum.conf.jinja + - mode: 644 + - template: jinja + - show_changes: False + +repair_yumdb: + cmd.run: + - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all' + - onlyif: + - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"' + +crsynckeys: + file.recurse: + - name: /etc/pki/rpm-gpg + - source: salt://repo/client/files/oracle/keys/ + +so_repo: + pkgrepo.managed: + - name: securityonion + - humanname: Security Onion Repo + {% if GLOBALS.role in ['so-eval', 'so-standalone', 'so-import', 'so-manager', 'so-managersearch'] %} + - baseurl: file:///nsm/repo/ + {% else %} + - baseurl: https://{{ GLOBALS.repo_host }}/repo + {% endif %} + - enabled: 1 + - gpgcheck: 1 + +{% endif %} + +# TODO: Add a pillar entry for custom repos From 05b30771c538d581de7839aedf68c2a87c47b9a2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 13 Jul 2023 10:29:06 -0400 Subject: [PATCH 092/125] Initial Oracle support --- salt/repo/client/map.jinja | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/salt/repo/client/map.jinja b/salt/repo/client/map.jinja index a70c8d476..5f3fcc3b7 100644 --- a/salt/repo/client/map.jinja +++ b/salt/repo/client/map.jinja @@ -1,6 +1,6 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} -{% if GLOBALS.os == 'CentOS Stream' %} +{% if GLOBALS.os_family == 'RedHat' %} {% set REPOPATH = '/etc/yum.repos.d/' %} {% set ABSENTFILES = [ @@ -14,13 +14,6 @@ 'saltstack.repo', 'salt-latest.repo', 'wazuh.repo' - ] - %} - -{% elif GLOBALS.os == 'Rocky' %} - - {% set REPOPATH = '/etc/yum.repos.d/' %} - {% set ABSENTFILES = [ 'Rocky-Base.repo', 'Rocky-CR.repo', 'Rocky-Debuginfo.repo', @@ -33,15 +26,11 @@ 'rocky-devel.repo', 'rocky-extras.repo', 'rocky.repo', - 'docker-ce.repo', - 'epel.repo', - 'epel-testing.repo', - 'saltstack.repo', - 'salt-latest.repo', - 'wazuh.repo' + 'oracle-linux-ol9', + 'uek-ol9', + 'virt-oll9' ] %} - {% elif GLOBALS.os == 'Ubuntu' %} {% set REPOPATH = '/etc/apt/sources.list.d/' %} From 2c996fe7ad334e5f00e23da92403e30267a14891 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 13 Jul 2023 10:54:04 -0400 Subject: [PATCH 093/125] Initial Oracle support --- salt/mysql/config.sls | 2 +- salt/ntp/init.sls | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/salt/mysql/config.sls b/salt/mysql/config.sls index 1396adb90..53f0a1318 100644 --- a/salt/mysql/config.sls +++ b/salt/mysql/config.sls @@ -12,7 +12,7 @@ mysqlpkgs: pkg.installed: - skip_suggestions: False - pkgs: - {% if grains['os'] != 'Rocky' %} + {% if grains['os_family'] != 'RedHat' %} {% if grains['oscodename'] == 'bionic' %} - python3-mysqldb {% elif grains['oscodename'] == 'focal' %} diff --git a/salt/ntp/init.sls b/salt/ntp/init.sls index 9c0c3dcb2..1fc523e94 100644 --- a/salt/ntp/init.sls +++ b/salt/ntp/init.sls @@ -17,9 +17,7 @@ chronyconf: - defaults: NTPCONFIG: {{ NTPCONFIG }} -{% if GLOBALS.os == 'Rocky' %} -chronyd: -{% elif GLOBALS.os == 'CentOS Stream' %} +{% if GLOBALS.os_family == 'RedHat' %} chronyd: {% else %} chrony: From 782a3eccfe864a8859ba0806f072fca36af72eb1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 13 Jul 2023 11:29:18 -0400 Subject: [PATCH 094/125] Initial Oracle support --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index c871075fd..53f60a161 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -950,7 +950,7 @@ detect_os() { OSVER=9 is_rocky=true is_rpm=true - not_supported=true + is_supported=true elif grep -q "CentOS Stream release 9" /etc/redhat-release; then OS=centos OSVER=9 From 4158e18675df7c7374ba0f907321486ec4341b03 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 13 Jul 2023 16:38:51 -0400 Subject: [PATCH 095/125] warn of unsupported os --- setup/so-functions | 8 -------- setup/so-setup | 8 ++++++++ setup/so-whiptail | 21 +++++++++++++++++++++ 3 files changed, 29 insertions(+), 8 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 605855d36..2c78cd200 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1002,14 +1002,6 @@ detect_os() { fi info "Found OS: $OS $OSVER" - if [[ $is_override ]]; then - unset $not_supported - fi - if [[ $not_supported ]]; then - info "This is not a supported OS. Exiting Setup" - exit 1 - fi - } download_elastic_agent_artifacts() { diff --git a/setup/so-setup b/setup/so-setup index 7bca61628..8fae8fa77 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -64,6 +64,14 @@ done # Let's see what OS we are dealing with here detect_os +if [[ $not_supported ]]; then + if (whiptail_unsupported_os_warning); then + true + else + info "User cancelled setup." + whiptail_cancel + fi +fi # Check to see if this is the setup type of "desktop". is_desktop= diff --git a/setup/so-whiptail b/setup/so-whiptail index 3d760b873..56414f43d 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1426,6 +1426,27 @@ whiptail_ubuntu_warning() { whiptail --title "$whiptail_title" --msgbox "$message" 14 75 } + +whiptail_unsupported_os_warning() { + + [ -n "$TESTING" ] && return + + read -r -d '' unsupported_os_continue <<- EOM + + WARNING: An unsupported operating system has been detected. + Security Onion may not install or operate as expected. + + Would you like to continue the install? + + EOM + whiptail --title "$whiptail_title" \ + --yesno "$unsupported_os_continue" 14 75 --defaultno + + local exitstatus=$? + return $exitstatus + +} + whiptail_uppercase_warning() { [ -n "$TESTING" ] && return From 20c76abac4eb7d76bf1f212e1a09cbd575796acb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 13 Jul 2023 18:27:21 -0400 Subject: [PATCH 096/125] Multi OS Support --- setup/so-functions | 45 ++++----------------------------------------- 1 file changed, 4 insertions(+), 41 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 605855d36..adcfd15c9 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1931,11 +1931,10 @@ remove_package() { securityonion_repo() { # Remove all the current repos - if [[ $is_rpm ]]; then + if [[ $is_supported ]]; then logCmd "dnf -v clean all" logCmd "mkdir -vp /root/oldrepos" logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/" - logCmd "ls -la /etc/yum.repos.d/" if [[ ! $waitforstate ]]; then echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo @@ -1950,26 +1949,7 @@ securityonion_repo() { echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo fi - - # need to yum clean all before repo conf files are removed or clean,cleans nothing logCmd "dnf repolist all" - # update this package because the repo config files get added back - # if the package is updated when the update_packages function is called - if [ -f "/etc/yum.repos.d/rocky.repo" ]; then - info "Backing up the .repo files that were added by the rocky-release package." - logCmd "mv -bvf /etc/yum.repos.d/rocky* /root/oldrepos/" - logCmd "dnf repolist all" - fi - if [ -f "/etc/yum.repos.d/centos.repo" ]; then - info "Backing up the .repo files that were added by the centos-release package." - logCmd "mv -bvf /etc/yum.repos.d/centos* /root/oldrepos/" - logCmd "dnf repolist all" - fi - if [ -f "/etc/yum.repos.d/redhat.repo" ]; then - info "Backing up the .repo files that were added by the redhat-release package." - logCmd "mv -bvf /etc/yum.repos.d/redhat* /root/oldrepos/" - logCmd "dnf repolist all" - fi if [[ $waitforstate ]]; then if [[ ! $is_airgap ]]; then # Build the repo locally so we can use it @@ -1987,16 +1967,6 @@ repo_sync_local() { info "Backing up old repos" mkdir -p /nsm/repo mkdir -p /opt/so/conf/reposync/cache - #if [[ $is_rocky ]]; then - # echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt - # echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt - #elif [[ $is_centos ]]; then - # echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt - # echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt - #elif [[ $is_rhel ]]; then - # echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt - # echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt - #fi echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /opt/so/conf/reposync/mirror.txt echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /opt/so/conf/reposync/mirror.txt echo "[main]" > /opt/so/conf/reposync/repodownload.conf @@ -2014,17 +1984,16 @@ repo_sync_local() { echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf logCmd "dnf repolist" - # Make sure we can get to the sig repo - # TODO Add if for ISO install + if [[ ! $is_airgap ]]; then curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install + logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" fi - logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/" # After the download is complete run createrepo create_repo else - # Add the proper repos + # Add the proper repos for unsupported stuff echo "Adding Repos" if [[ $is_rpm ]]; then dnf -y install epel-release @@ -2121,12 +2090,6 @@ saltify() { logCmd "mkdir -p /etc/salt/minion.d" logCmd "salt-pip install docker --no-index --only-binary=:all: --find-links files/salt_module_deps/docker/" logCmd "salt-pip install pymysql --no-index --only-binary=:all: --find-links files/salt_module_deps/pymysql/" - - # this can be removed when https://github.com/saltstack/salt/issues/64195 is resolved - if [ $SALTVERSION == "3006.1" ]; then - info "Salt version 3006.1 found. Patching /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/x509_v2.py" - \cp -v ./files/patch/states/x509_v2.py /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/x509_v2.py - fi } From 03b16a558269b6fb60c31e2d5be3efe8688d4245 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 13 Jul 2023 18:29:02 -0400 Subject: [PATCH 097/125] Multi OS Support --- setup/so-functions | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index adcfd15c9..29d626066 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -950,7 +950,7 @@ detect_os() { OSVER=9 is_rocky=true is_rpm=true - is_supported=true + not_supported=true elif grep -q "CentOS Stream release 9" /etc/redhat-release; then OS=centos OSVER=9 @@ -1002,13 +1002,6 @@ detect_os() { fi info "Found OS: $OS $OSVER" - if [[ $is_override ]]; then - unset $not_supported - fi - if [[ $not_supported ]]; then - info "This is not a supported OS. Exiting Setup" - exit 1 - fi } From 333213d1ddbc688af4ec86eca19cc3b87dc0ff04 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 13 Jul 2023 18:40:48 -0400 Subject: [PATCH 098/125] Multi OS Support --- salt/repo/client/centos.sls | 78 ------ .../files/centos/keys/MariaDB-Server-GPG-KEY | 236 ------------------ .../files/centos/keys/RPM-GPG-KEY-EPEL-9 | 29 --- .../keys/SALT-PROJECT-GPG-PUBKEY-2023.pub | 41 --- salt/repo/client/files/centos/keys/docker.pub | 28 --- .../files/centos/keys/securityonion.pub | 52 ---- salt/repo/client/files/centos/yum.conf.jinja | 17 -- .../files/rocky/keys/RPM-GPG-KEY-EPEL-9 | 29 --- .../rocky/keys/RPM-GPG-KEY-rockyofficial | 31 --- .../keys/SALT-PROJECT-GPG-PUBKEY-2023.pub | 41 --- salt/repo/client/files/rocky/keys/docker.pub | 28 --- .../client/files/rocky/keys/securityonion.pub | 52 ---- salt/repo/client/files/rocky/yum.conf.jinja | 17 -- salt/repo/client/init.sls | 9 +- salt/repo/client/map.jinja | 10 +- salt/repo/client/rocky.sls | 62 ----- salt/repo/client/ubuntu.sls | 0 17 files changed, 9 insertions(+), 751 deletions(-) delete mode 100644 salt/repo/client/centos.sls delete mode 100644 salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY delete mode 100644 salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 delete mode 100644 salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub delete mode 100644 salt/repo/client/files/centos/keys/docker.pub delete mode 100644 salt/repo/client/files/centos/keys/securityonion.pub delete mode 100644 salt/repo/client/files/centos/yum.conf.jinja delete mode 100644 salt/repo/client/files/rocky/keys/RPM-GPG-KEY-EPEL-9 delete mode 100644 salt/repo/client/files/rocky/keys/RPM-GPG-KEY-rockyofficial delete mode 100644 salt/repo/client/files/rocky/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub delete mode 100644 salt/repo/client/files/rocky/keys/docker.pub delete mode 100644 salt/repo/client/files/rocky/keys/securityonion.pub delete mode 100644 salt/repo/client/files/rocky/yum.conf.jinja delete mode 100644 salt/repo/client/rocky.sls delete mode 100644 salt/repo/client/ubuntu.sls diff --git a/salt/repo/client/centos.sls b/salt/repo/client/centos.sls deleted file mode 100644 index 2e1816bb3..000000000 --- a/salt/repo/client/centos.sls +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -{% from 'vars/globals.map.jinja' import GLOBALS %} -{% from 'repo/client/map.jinja' import ABSENTFILES with context %} -{% from 'repo/client/map.jinja' import REPOPATH with context %} - -{% if GLOBALS.os == 'CentOS Stream' %} - -{% if ABSENTFILES|length > 0%} - {% for file in ABSENTFILES %} -{{ file }}: - file.absent: - - name: {{ REPOPATH }}{{ file }} - - onchanges_in: - - cmd: cleanyum - {% endfor %} -{% endif %} - -cleanyum: - cmd.run: - - name: 'yum clean all' - - onchanges: - - so_repo - -yumconf: - file.managed: - - name: /etc/yum.conf - - source: salt://repo/client/files/centos/yum.conf.jinja - - mode: 644 - - template: jinja - - show_changes: False - -repair_yumdb: - cmd.run: - - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all' - - onlyif: - - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"' - -crsynckeys: - file.recurse: - - name: /etc/pki/rpm_gpg - - source: salt://repo/client/files/centos/keys/ - - - {% if GLOBALS.role in GLOBALS.manager_roles %} -so_repo: - pkgrepo.managed: - - name: securityonion - - humanname: Security Onion Repo - - baseurl: file:///nsm/repo/ - - enabled: 1 - - gpgcheck: 1 - - {% else %} -so_repo: - pkgrepo.managed: - - name: securityonion - - humanname: Security Onion Repo - - baseurl: https://{{ GLOBALS.manager }}/repo - - enabled: 1 - - gpgcheck: 1 - - {% endif %} - -{% endif %} - -# TODO: Add a pillar entry for custom repos - - - - - - - - diff --git a/salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY b/salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY deleted file mode 100644 index f76d5f4ac..000000000 --- a/salt/repo/client/files/centos/keys/MariaDB-Server-GPG-KEY +++ /dev/null @@ -1,236 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.14 (GNU/Linux) - -mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis -497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM -LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8 -p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn -U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb -XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j -zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx -cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H -48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ -YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu -b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK -CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3 -kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I -9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3 -P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb -Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF -iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl -sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0 -u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2 -YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b -GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ -7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD -EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb -LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk -Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3 -d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo -8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr -q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6 -4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI -UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl -J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B -TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF -F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6 -+Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR -tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYKJAhwEEwEIAAYF -AlOoWhYACgkQJhw1C503mSxeqRAApW8UY3vvyKqjoqJu94RIyI7AIkwn4Vw5LxDS -gN623ghE2IIwF2Ytp9fMXID8BRZVjnESTrTvuBFp8GT4T1lUEv6zC8tMzZdO9BeU -pmT9odeen0h92GKgUfRwWTjViJHSDrV8wHcHhA8FX3mEVy17s7Nvvj2Ki3AIG6WW -LzZOSmbQJV+DaHXionQqecsVousCgwwuWWNqKXSJASzcOS1LRoVJDnZyGXmi1thX -thU0FcyLyaKjLfCP6ZoorGaxcEev6nxUUWAfO7MWVUTB6ij2PL/d6oRgbyOUsdne -NRBa6sblLDRivI38KKC5GCw7Eh4yoQJzG2r3QQBgJto/bDoUMJW+EFeM2qgcISCD -6eGrVy9ZHVBOPgBS8awEAvaR5/Gy/kn6YYUg5ReC8O+HCWDIxVrbrwyeCxHg+HUI -mgtVfyZfLnpBzp0p1jSAlC3N7KWviPt+/MQmW0a7+WMnbVxJiJmJQHuFoGcHFFM8 -wOA8i1KUXzWgT+IYOw9/nw2qyHMwV3BO/Py9OfRUKlybGar5rGBos7uFHk7pe+Yp -7pdES5Ie83Zw7CHMDp8u7VeEJHSqxVd+jaeHl6nnuG1Hoo4AVLTm5ATbj1Zdq+td -8sNWVyMue0nRvuAtTlN0iBkH/KVor6GGf2HZYXfDcGu7zojtNHlYXngBuz60YlDL -oPeFaoeJAhwEEQEKAAYFAlOoUqcACgkQgHar3gJLs9HE1hAAxzxXG1jNu1ntjEkv -M3js4j84rS+JI1XhR+7JalndjXAbHjwMlo/KOLhRtKYXdpkXpGmrE87FDdW8mci5 -nSahPMn/+vaEdVYyXqo1w0UvZChHxWnsE9FRgggOxTbCZae1P5LVSTB1XZcHZ7+9 -cG0cO43FCB20AMCOHcFr8j0F4HYi+KllI3kawdV8l6qCy6q06z47v0C+ZxoFcdYj -KLYxymaBn+FE9GKEHJZiqMljiKzt41OGpkg3S1vtXl0zqUKfiebo3ZcVMF3xtio8 -NVpHIQSsqg8Q7zZrLBkPTQw0smCdUFxYMjBOVSZ15z7tFCQMYuHThrf2j2wZv++F -cgt9C/6wbGalCNDuOU/dyfyiO95GPQf1nqq2N2vHGIaGMvbqS8oahprEJ3nXEisT -TJ+ofh1f+GX4QCO4mjtR1voqKbg9xkMl9Ap/fEgW3btZ1kuhegpekPDgGhGVwJ9V -N3w1XVOSUdFmKtArHvBrb6cfV6VHiOuYcPWkTwGckJOwNJhgyUPsjGWwrIp6L0+G -4emipfYoIDtFouSjkVF4eXJcr/taguuICj/pn7rsFdYlij5lbcxGVC+aPTcJrdY8 -v7Zyv2wOcTIrU//7PGPLJI1cdT7gQUYlzVnAJGxhq9CLPZlNJRy9pLDTPxvVXQRz -jQxx6RX1pAUPDWJQ2wfmaEHAz0WJAhwEEwECAAYFAlOnjksACgkQDj2OcPh1SrYd -tQ/+LOsCj8V0oOzbiTHREBrjr3S7u/58HRD/8zec61rc4FoCp3Fa+3kmhFDIajLj -VeRtsSSaOr0u6cue30QsGeHE2cbGPNWIqXV3V80I57O3yXRL2DU4GmDLNIF2/ejy -wCSvbHgONEXC4UVPtamHWGqh4sh2ijyJqUx3I0/6afBFn4BVfcsAjNrRe/GwD80/ -ETkfSui4flyZ330sjqM/N2Hp/YwsOTXKXfAThcjb+qZ2BRVnmpldeK593+dFvFG1 -FUK3kC8VFqS49fxgxR/Zo7jNEbrltzjzdRb6BBY86tqwbcnrja8MJHA2MpGtGckV -9/K/LE2jVJN+qeyLN/EoM86Sd+WIQtVY3oxAYwiVGng83t+CI6NPazVMLIQlciwI -lAY+DAGNz+mUTeKwCv7F8sOX91v6PHaB0csvk1I2Is3qwv8zlgnhKdl2R6PzQbsU -Ix1+rvsJ99no75GJeVY/D9YzBJ4a0i0Uu7QF/k8F690qDvSTwx71unxX+0PmJqNu -2sCVQNgLFt7Qtj9+l1pzulzWlZBSDhIBs5mT0jscwjRykDgfngiWDOymfdMG8eSZ -GAK10j+F883uyWlEEFOdA/DBOV3d3Jcm935of4dT1GUmKeoAKixHMkiNT3RvGHlm -fEjMq0vdf6inZva0PTzJSkhooMWYBuROHRMZs9PjrdXRHBeIRgQSEQIABgUCU6iz -+gAKCRAcAAgvMZOT9D2+AJ9aAZIbjN/m2Jjaojkxg9L5aBWBPQCeJIMpW1iiDELi -byKoVnd08EbgxJqIXgQSEQgABgUCU6iz4wAKCRBWtwXK6VQruLL/AQCbgU3t/mfh -bMQjuvE2DsE3qXiEVMEbXnxlCiodiMF4UgEAgPIAQcV+Jo+D+p0nHrVl2ClAhhpz -W/zuJqtJ24C20ZqJAhwEEAECAAYFAlOocMMACgkQyapz7WGq1jsRNg/+NH09e7g1 -CuPVa/1cBRoiprBvWXmy734MpkzW4kyVMZjBCQXBCrJFvZgvhQhYrR8jXmj+ZJEr -kfX3UHimyhWbBnu+XqIWzWwEtg7bggQN3eFyNcIV/KI9rK7IBQO92AptpTusIdgA -DQTFlJO06pF4kE89ZjBALQFbKDY1EJX3hyQEYixOzO4936xbwxoiJKR2J71ZGele -xXauhz2kpOd2jg/oMhhAOzldFaWAUBQJZPwl4vZrqVjNcMUNeINGd7++kkfBLfxL -xHJ8ynnXWHalsHVzdDRaFqp1Bna8RwrHnDd4Hwd/4Qv7iVZqmLLqEJpIgS1IDMx/ -BwkrCOD0gluwmxlm3PbbeUKeR/cj6CICFt9TgUJrYm9Vh7n0y8uHKY6PE5J4NX9l -D75eoPk2SuYTNgAR4iuI5MYQIKWL7aeKh09piPgrIrja8eDQ5AsklBaDYxOYZrot -Xx+sgGXGSLK3eyvZ+hJ8hBX38mydYpswzhvr/vAyKz8TQ6bwnRVlvkMYE+LjevOD -Wm9+EfkvBRChJcgDoycoHIFVaQ47Hgu2eGyCRNoMZ3l6O1O4AN5+RXrAJAi06zFs -RUnBLqxjSMmYqPYUowAxG0ukougc2HVCl1kMD9NxvK5zOfleUA8wWb5O9Z5tllnD -qu7RtIVXAXIJgn2HRDVk+wP8xuY2qJlfo1yJAhwEEAECAAYFAlOpb/EACgkQKPqA -GkO91jd+Dg/+NF4QwqLvxgl2TiORDt5HjWHSGMBlaYFBEwrBAgNvwZEH80mAsua6 -FnfZMSGiFmpVfMUqkjOJVdmA8yERxYFsyGopv/9OmOT2UxV4IZl5YYAJRsPHLjzV -MIUKiGPI1yvrhYW91hKRFGIxwqE7XHwWToufwHe5WB6AdeGyoIHtQcw0eTKSJHz2 -zbpyWKBx0wAK55YqMEQ2rx9qcOjZy3vjxlotwfGnBeR4VT6Oap1DvAkNZ4XcN0Ok -AKZbFBEMbJed9fnciwDV+Y/svPb05l+zSgmqJ6axhwSvu7rct+dksfmb0BnF03kh -SzNVlu0S/85mhEPgx1/BZxIp34RDbcqWymHsgPyhxwBBlFryfVvJrtyAMWs4T8mn -RkqKrNQHMfPOTBioxi2HOyG2eSK8BlQsJS5yccnYaBnSegWaIxkU+2l/yJkYMhl5 -sXdlmqcTtwv+R+acDkEPe9BQstn0+xOWL6hqpA0EM710LJCkQnB4c/JNgW5CL08k -CevBVole5jYJL5rXmUL0U+ZWGZMakFrrrkhuQMEjxecyuOHs4jrnsVVGz/e0hqWv -0NnRY9m5UyKEZIA1si8tFIrtrTSgZ5/sGH9/pksQ2HObrKe4LY6zVSyJLXwX1htQ -/j0st83YkDZ5mEY0r+Hh/1XOzhWgQ0ONR/MOIKNyjVTHldCrb4WPM4mJAZwEEAEC -AAYFAlOo8v0ACgkQrgrV97KweO9sfgv+NKYxgCiWrRjYW80hJE74OEJrjBGQDOJ5 -MPVvPSH7StOfSMpckLoNWedJJ7RuInOzuUY0lAUH6/ql+Krf4ysHlSGjuu+dDy0d -HN3gu994YrjT6hVzEG1OV+sJcTuvgn2qTVYu1ksIV/SZ48l0PRMwPXcu3FSzKvti -G1gHFNx1cyzjxwmdT42afKCpR8RvwmWPfbDmEz500iFXsw78EEBXEWo81bXncWdZ -Eic8QeVyTWKFldIrZLkL7+RQY3hViu0G5C7gSP39ZU4ZTegqMaEhHzuKtCiNO5Y2 -+hkYZgRNnUOSrmWO+wkLUNRtG2Strx5Sy9p94fn/decfuRsEJo4L1aMCFGEDfRSD -bc3pBG3tr9qvNBAegTTMQlZJcxa52Z7EI56rQGYEPw8kvt/uOqMYybUIxwVATgIt -fRy9Jsyz+0DwZfEINkuEFA/S2KCwWys5aZfPDCsqwh0gS/olvT06v97loF8XED0P -0irX4/6BHFHDlM8aNnN11p02p5lrTpLGuQQNBEtohLgQEAClnTC/GlBWVno4QVr1 -IFDl5yVEg6NeMqqRgaS8jH6NSaoJh86B8+LE4ZhLlDYrAc3PhcQ4g4DWTIKUCgAC -A4QZTGPwLGdsGTXQhWj8kE42N2opg9nZg114gispcSZqLiLmErkB9kejKqxXlqrE -aQZ5VSO79yjJEljotryIv5EG7GJG5Q9bKYaO0hIBHp9KI3x/+RGXL/L0uYw7wlw6 -l6J6otQU8roq7OEjgXScWQcmlk8M04ceX4aYBn5KpnGYiumQbKZ3fqFMrFbieWc3 -qSpzWAzB2fUv+78P4L+OExtNOyyqIxl7I/24WacwHeWzU1Xw7G9vFxMEbQzuDgCV -99RAqlSs2EgGgLdHtRthDcJNlfVCn9MHNt9ECAaF1YFANAR3f8uX0bhBoKz0j7hb -ryuQCvt7sjKUfJ8SL2hhCRcUgR5oCGIQ2YkGlwulqz/I0mgtrKrM+xD6VE2DeiYW -e0+1miWQyLqitE2LGuBdXrib/TVg2OYEVOqynnA6raPRyZORs5ap2eWYY+DYSXW5 -95slzphZLWcWbphGk38HdBu0CdqvUJv4geWvSFpM5iFCn5cU36TVuuqz5K59rz+v -Po3m2yb5bkaMcq8evbgVNrTa7cfiUio2U0GTNlkqHMCHERaInPBz9/a6kbm92mWs -z9gJT5dOi1g9vlkRdB7aYP+tcwADBQ//R/UM4kh+cyuHWj/dEqoOryTu2W/YYQS/ -RUSeHy3Lh0xvwOizYzU5zgq/1AsHcNdxLj8vglbm8XRCBIDOrWvmgFPXNoxyoNLo -5SUetZSLxoM23kQ9C4QZ0/b+JMN4Crivx4JisdELt6CV3JFmuZY19xk3r8b0r4lK -OFZ9JZZIFEipv5TFxA0KnqLq29VLEJ8srVHg/iQD9ngKja/LAh9V8+Ed3mchY2XX -KX07evTgYI1OPPCy/92FQYMUhWyCGB6Fm4vQFvuEO7K9nZKEAu6Znm3uZT9InaE6 -TeSU77ZsgkHSCq5SRaf/iDWHZOn1dVasjXHoZQHFFiTALi1ZqPNZ5ULmFwNUB2pg -3QfQdWP8ISCsRaUJW/WEnQlgCyNfwKPVC5kHWLfh+MSSDJsyOjegJTkYJKI2a+1N -5Sl7HJj/uIcB3KhkcVP59BLzhUxgoVPi1Ngf7mNNrrbJ8+GfrdNg+iutHJOobxol -AudzObQ03lHmauJglCOvg+Pw9JLBZyT8a3xHm9v4Lr365cg0Ho4qqEbrFTRuqcIj -G3c6FVLu/RJ8eOfT6KX8k5z96/3CbobkXGYRY6hjCJuZoPMd9z03UcxHONMQ0jt/ -Ik80WP0gOSnCTgTfKWuS5WXYoSZgMn1P2fLhQydDtJvrDn1SHEwgW1FM82lAlYJZ -d+FZQCjhZ8KISQQYEQIACQUCS2iEuAIbDAAKCRDLywgqG7lD29OGAJ4gfMkLP5Az -y7iIJOsZon3D/6PDPgCdGF1dwVW/uy+3ao53fvgS0JKO/bg= -=bSQ3 ------END PGP PUBLIC KEY BLOCK----- ------BEGIN PGP PUBLIC KEY BLOCK----- - -xsFNBFb8EKsBEADwGmleOSVThrbCyCVUdCreMTKpmD5p5aPz/0jc66050MAb71Hv -TVcfuMqHYO8O66qXLpEdqZpuk4D+rw1oKyC+d8uPD2PSHRqBXnR0Qf+LVTZvtO92 -3R7pYnC2x6V6iVGpKQYFP8cwh2B1qgIa+9y/N8cQIqfD+0ghyiUjjTYek3YFBnqa -L/2h2V0Mt0DkBrDK80LqEY10PAFDfJjINAW9XNHZzi2KqUx5w1z8rItokXV6fYE5 -ItyGMR6WVajJg5D4VCiZd0ymuQP2bGkrRbl6FH5vofVSkahKMJeHs2lbvMvNyS3c -n8vxoBvbbcwSAV1gvB1uzXXxv0kdkFZjhU1Tss4+Dak8qeEmIrC5qYycLxIdVEhT -Z8N8+P7Dll+QGOZKu9+OzhQ+byzpLFhUHKys53eXo/HrfWtw3DdP21yyb5P3QcgF -scxfZHzZtFNUL6XaVnauZM2lqquUW+lMNdKKGCBJ6co4QxjocsxfISyarcFj6ZR0 -5Hf6VU3Y7AyuFZdL0SQWPv9BSu/swBOimrSiiVHbtE49Nx1x/d1wn1peYl07WRUv -C10eF36ZoqEuSGmDz59mWlwB3daIYAsAAiBwgcmN7aSB8XD4ZPUVSEZvwSm/IwuS -Rkpde+kIhTLjyv5bRGqU2P/Mi56dB4VFmMJaF26CiRXatxhXOAIAF9dXCwARAQAB -zS1NYXJpYURCIFNpZ25pbmcgS2V5IDxzaWduaW5nLWtleUBtYXJpYWRiLm9yZz7C -wXgEEwEIACIFAlb8EKsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPFl -byTHTNHYJZ0P/2Z2RURRkSTHLKZ/GqSvPReReeB7AI+ZrDapkpG/26xp1Yw1isCO -y99pvQ7hjTFhdZQ7xSRUiT/e27wJxR7s4G/ck5VOVjuJzGnByNLmwMjdN1ONIO9P -hQAs2iF3uoIbVTxzXof2F8C0WSbKgEWbtqlCWlaapDpN8jKAWdsQsNMdXcdpJ2os -WiacQRxLREBGjVRkAiqdjYkegQ4BZ0GtPULKjZWCUNkaat51b7O7V19nSy/T7MM7 -n+kqYQLMIHCF8LGd3QQsNppRnolWVRzXMdtR2+9iI21qv6gtHcMiAg6QcKA7halL -kCdIS2nWR8g7nZeZjq5XhckeNGrGX/3w/m/lwczYjMUer+qs2ww5expZJ7qhtSta -lE3EtL/l7zE4RlknqwDZ0IXtxCNPu2UovCzZmdZm8UWfMSKk/3VgL8HgzYRr8fo0 -yj0XkckJ7snXvuhoviW2tjm46PyHPWRKgW4iEzUrB+hiXpy3ikt4rLRg/iMqKjyf -mvcE/VdmFVtsfbfRVvlaWiIWCndRTVBkAaTu8DwrGyugQsbjEcK+4E25/SaKIJIw -qfxpyBVhru21ypgEMAw1Y8KC7KntB7jzpFotE4wpv1jZKUZuy71ofr7g3/2O+7nW -LrR1mncbuT6yXo316r56dfKzOxQJBnYFwTjXfa65yBArjQBUCPNYOKr0wkYEEhEI -AAYFAlb8JFYACgkQy8sIKhu5Q9snYACgh3id41CYTHELOQ/ymj4tiuFt1lcAn3JU -9wH3pihM9ISvoeuGnwwHhcKnwsFcBBIBCAAGBQJW/CSEAAoJEJFxGJmV5Fqe11cP -/A3QhvqleuRaXoS5apIY3lrDL79Wo0bkydM3u2Ft9EqVVG5zZvlmWaXbw5wkPhza -7YUjrD7ylaE754lHI48jJp3KY7RosClY/Kuk56GJI/SoMKx4v518pAboZ4hjY9MY -gmiAuZEYx5Ibv1pj0+hkzRI78+f6+d5QTQ6y/35ZjSSJcBgCMAr/JRsmOkHu6cY6 -qOpq4g8mvRAX5ivRm4UxE2gnxZyd2LjY2/S2kCZvHWVaZuiTD0EU1jYPoOo6fhc8 -zjs5FWS56C1vp7aFOGBvsH3lwYAYi1K2S+/B4nqpitYJz/T0zFzzyYe7ZG77DXKD -/XajD22IzRGKjoeVPFBx+2V0YCCpWZkqkfZ2Dt3QVW//QIpVsOJnmaqolDg1sxoa -BEYBtCtovU0wh1pXWwfn7IgjIkPNl0AU8mW8Ll91WF+Lss/oMrUJMKVDenTJ6/ZO -06c+JFlP7dS3YGMsifwgy5abA4Xy4GWpAsyEM68mqsJUc7ZANZcQAKr6+DryzSfI -Olsn3kJzOtb/c3JhVmblEO6XzdfZJK/axPOp3mF1oEBoJ56fGwO2usgVwQDyLt3J -iluJrCvMSBL9KtBZWrTZH5t3rTMN0NUALy4Etd6Y8V94i8c5NixMDyjRU7aKJAAw -tUvxLd12dqtaXsuvGyzLbR4EDT/Q5DfLC1DZWpgtUtCVwsFcBBIBCAAGBQJW/CS2 -AAoJEEHdwLQNpW8iMUoP/AjFKyZ+inQTI2jJJBBtrLjxaxZSG5ggCovowWn8NWv6 -bQBm2VurYVKhvY1xUyxoLY8KN+MvoeTdpB3u7z+M6x+CdfoTGqWQ2yapOC0eEJBF -O+GFho2WE0msiO0IaVJrzdFTPE0EYR2BHziLu0DDSZADe1WYEqkkrZsCNgi6EMng -mX2h+DK2GlC3W2tY9sc63DsgzjcMBO9uYmpHj6nizsIrETqouVNUCLT0t8iETa25 -Mehq/I92I70Qfebv7R4eMrs+tWXKyPU0OjV+8b8saZsv1xn98UkeXwYx4JI04OTw -nBeJG8yPrGDBO5iucmtaCvwGQ3c76qBivrA8eFz3azRxQYWWiFrkElTg+C/E83JQ -WgqPvPZkI5UHvBwBqcoIXG15AJoXA/ZWIB8nPKWKaV5KDnY3DBuA4rh5Mhy3xwcC -/22E/CmZMXjUUvDnlPgXCYAYU0FBbGk7JpSYawtNfdAN2XBRPq5sDKLLxftx7D8u -ESJXXAlPxoRh7x1ArdGM+EowlJJ0xpINBaT0Z/Hk0jxNIFEak796/WeGqewdOIki -dAs4tppUfzosla5K+qXfWwmhcKmpwA4oynE8wIaoXptoi8+rxaw4N6wAXlSrVxeC -VTnb7+UY/BT2Wx6IQ10C9jrsj6XIffMvngIinCD9Czvadmr7BEIxKt1LP+gGA8Zg -wsFcBBIBCgAGBQJYE6oDAAoJEL7YRJ/O6NqIJ24P+QFNa2O+Q1rLKrQiuPw4Q73o -7/blUpFNudZfeCDpDbUgJ01u1RHnWOyLcyknartAosFDJIpgcXY5I8jsBIO5IZPR -C/UKxZB3RYOhj49bySD9RNapHyq+Y56j9JUoz6tkKFBd+6g85Ej8d924xM1UnRCS -9cfI9W0fSunbCi2CXLbXFF7V+m3Ou1SVYGIAxpMn4RXyYfuqeB5wROR2GA5Ef6T3 -S5byh1dRSEgnrBToENtp5n7Jwsc9pDofjtaUkO854l45IqFarGjCHZwtNRKd2lcK -FMnd1jS0nfGkUbn3qNJam1qaGWx4gXaT845VsYYVTbxtkKi+qPUIoOyYx4NEm6fC -ZywH72oP+fmUT/fbfSHa5j137dRqokkR6RFjnEMBl6WHwgqqUqeIT6t9uV6WWzX9 -lNroZFAFL/de7H31iIRuZcm38DUZOfjVf9glweu4yFvuJ7cQtyQydFQJV4LGDT/C -8e9TWrV1/gWMyMGQlZsRWa+h+FfFUccQtfSdXpvSxtXfop+fVQmJgUUl92jh4K9j -c9a6rIp5v1Q1yEgs2iS50/V/NMSmEcE1XMOxFt9fX9T+XmKAWZ8L25lpILsHT3mB -VWrpHdbawUaiBp9elxhn6tFiTFR7qA7dlUyWrI+MMlINwSZ2AAXvmA2IajH/UIlh -xotxmSNiZYIQ6UbD3fk4wsFzBBABCgAdFiEEmy/52H2krRdju+d2+GQcuhDvLUgF -Ally44wACgkQ+GQcuhDvLUgkjQ//c3mBxfJm6yLAJD4s4OgsPv4pcp/EKmPcdztm -W0/glwopUZmq9oNo3VMMCGtusrQgpACzfUlesu9NWlPCB3olZkeGugygo0zuQBKs -55eG7bPzMLyfSqLKyogYocaGc4lpf4lbvlvxy37YGVrGpwT9i8t2REtM6iPKDcMM -sgVtNlqFdq3Fs2Haqt0m1EksX6/GSIrjK4LZEcPklrGPvUS3S+qkwuaGE/jXxncE -4jFQR9SYH6AHr6Vkt1CG9Dgpr+Ph0I9n0JRknBYoUZ1q51WdF946NplXkCskdzWG -RHgMUCz3ZehF1FzpKgfO9Zd0YZsmivV/g6frUw/TayP9gxKPt7z2Lsxzyh8X7cg6 -TAvdG9JbG0PyPJT1TZ8qpjP/PtqPclHsHQQIbGSDFWzRM5znhS+5sgyw8FWInjw8 -JjxoOWMa50464EfGeb2jZfwtRimJAJLWEf/JnvO779nXf5YbvUZgfXaX7k/cvCVk -U8M7oC7x8o6F0P2Lh6FgonklKEeIRtZBUNZ0Lk9OShVqlU9/v16MHq/Eyu/Mbs0D -en3vYgiYxOBR8czD1Wh4vsKiGfOzQ6oWti/DCURV+iTYhJc7mSWM6STzUFr0nCnF -x6W0j/zH6ZgiFAGOyIXW2DwfjFvYRcBL1RWAEKsiFwYrNV+MDonjKXjpVB1Ra90o -lLrZXAXCwHMEEgEKAB0WIQRMRw//78TT3Fl3hlXOGj3V48lPSQUCXAAgOgAKCRDO -Gj3V48lPSQxAB/43qoWteVZEiN3JW4FnHg+S60TnHSP69FKV+363XYKDa23pNpv4 -tiJumo9Kvb4UoDft766/URHm5RKyPtrxy+wqotamrkGJUTtP2a68h7C31VX+pf6i -iQKmxRQz4zmW0pA5X01+AgpvcDH++Fv5NLBpnjqPdTh5b0gvr89E0zMNldNYOZu1 -0H/mukrnGlFDu/osBuy+XJtP2MeasazVMLvjKs+hr//E+iLI9DZOwFBK6AX5gkkI -UEHkSeb4//AHwvanUMin9un9+F9iR+qDuDEKxuevYzM0owuoVcK5pAsRnRQJlnHW -/0BQ6FtNGpmljhvUk8a/l3xFf3z/uJG5vVKVzsFNBFb8EKsBEADDfCMsu2U1CdJh -r4xp6z4J89/tMnpCQASC8DQhtZ6bWG/ksyKt2DnDQ050XBEng+7epzHWA2UgT0li -Y05zZmFs1X7QeZr16B7JANq6fnHOdZB0ThS7JEYbProkMxcqAFLAZJCpZT534Gpz -W7qHwzjV+d13IziCHdi6+DD5eavYzBqY8QzjlOXbmIlY7dJUCwXTECUfirc6kH86 -CS8fXZTke4QYZ55VnrOomB4QGqP371kwBETnhlhi74+pvi3jW05Z5x1tVMwuugyz -zkseZp1VYmJq5SHNFZ/pnAQLE9gUDTb6UWcPBwQh9Sw+7ahSK74lJKYm3wktyvZh -zAxbNyzs1M56yeFP6uFwJTBfNByyMAa6TGUhNkxlLcYjxKbVmoAnKCVM8t41TlLv -/a0ki8iQxqvphVLufksR9IpN6d3F15j6GeyVtxBEv04iv4vbuKthWytb+gjX4bI8 -CAo9jGHevmtdiw/SbeKx2YBM1MF6eua37rFMooOBj4X7VfQCyS+crNsOQn8nJGah -YbzUDCCgnX+pqN9iZvXisMS79wVyD5DyISFDvT/5jY7IXxPibxr10P/8lfW1d72u -xyI2UiZKZpyHCt4k47yMq4KQGLGuhxJ6q6O3bi2aXRuz8bLqTBLca9dmx9wZFvRh -6jS/SKEg7eFcY0xbb6RVIv1UwGDYfQARAQABwsFfBBgBCAAJBQJW/BCrAhsMAAoJ -EPFlbyTHTNHYEBIQAJhFTh1u34Q+5bnfiM2dAdCr6T6w4Y1v9ePiIYdSImeseJS2 -yRglpLcMjW0uEA9KXiRtC/Nm/ClnqYJzCKeIaweHqH6dIgJKaXZFt1Uaia7X9tDD -wqALGu97irUrrV1Kh9IkM0J29Vid5amakrdS4mwt2uEISSnCi7pfVoEro+S7tYQ9 -iH6APVIwqWvcaty3cANdwKWfUQZ6a9IQ08xqzaMhMp2VzhVrWkq3B0j2aRoZR7BN -LH2I7Z0giIM8ARjZs99aTRL+SfMEQ3sUxNLb3KWP/n1lSFbrk4HGzqUBBfczESlN -c0970C6znK0H0HD11/3BTkMuPqww+Tzex4dpMQllMEKZ3wEyd9v6ba+nj/P1FHSE -y/VN6IXzd82s1lYOonKTdmXAIROcHnb0QUzwsd/mhB3jKhEDOV2ZcBTD3yHv8m7C -9G9y4hV+7yQlnPlSg3DjBp3SS5r+sOObCIy2Ad32upoXkilWa9g7GZSuhY9kyKqe -Eba1lgXXaQykEeqx0pexkWavNnb9JaPrAZHDjUGcXrREmjEyXyElRoD4CrWXySe4 -6jCuNhVVlkLGo7osefynXa/+PNjQjURtx8en7M9A1FkQuRAxE8KIZgZzYxkGl5o5 -POSFCA4JUoRPDcrl/sI3fuq2dIOE/BJ2r8dV+LddiR+iukhXRwJXH8RVVEUS -=mCOI ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 b/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 deleted file mode 100644 index 0cc05ecb3..000000000 --- a/salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-9 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp -CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 -2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW -DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu -n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z -39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy -XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK -44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS -9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH -DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq -uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB -tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI -ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE -FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF -3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC -nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n -R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG -4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe -CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL -9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 -w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT -/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd -fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE -r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux -VL469Kj5m13T6w== -=Mjs/ ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub b/salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub deleted file mode 100644 index be55ef561..000000000 --- a/salt/repo/client/files/centos/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub +++ /dev/null @@ -1,41 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBGPazmABDAC6qc2st6/Uh/5AL325OB5+Z1XMFM2HhQNjB/VcYbLvcCx9AXsU -eaEmNPm6OY3p5+j8omjpXPYSU7DUQ0lIutuAtwkDMROH7uH/r9IY7iu88S6w3q89 -bgbnqhu4mrSik2RNH2NqEiJkylz5rwj4F387y+UGH3aXIGryr+Lux9WxfqoRRX7J -WCf6KOaduLSp9lF4qdpAb4/Z5yExXtQRA9HULSJZqNVhfhWInTkVPw+vUo/P9AYv -mJVv6HRNlTb4HCnl6AZGcAYv66J7iWukavmYKxuIbdn4gBJwE0shU9SaP70dh/LT -WqIUuGRZBVH/LCuVGzglGYDh2iiOvR7YRMKf26/9xlR0SpeU/B1g6tRu3p+7OgjA -vJFws+bGSPed07asam3mRZ0Y9QLCXMouWhQZQpx7Or1pUl5Wljhe2W84MfW+Ph6T -yUm/j0yRlZJ750rGfDKA5gKIlTUXr+nTvsK3nnRiHGH2zwrC1BkPG8K6MLRluU/J -ChgZo72AOpVNq9MAEQEAAbQ5U2FsdCBQcm9qZWN0IFBhY2thZ2luZyA8c2FsdHBy -b2plY3QtcGFja2FnaW5nQHZtd2FyZS5jb20+iQHSBBMBCAA8FiEEEIV//dP5Hq5X -eiHWZMu8gXPXaz8FAmPazmACGwMFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheA -AAoJEGTLvIFz12s/yf0L/jyP/LfduA4DwpjKX9Vpk26tgis9Q0I54UerpD5ibpTA -krzZxK1yFOPddcOjo+Xqg+I8aA+0nJkf+vsfnRgcpLs2qHZkikwZbPduZwkNUHX7 -6YPSXTwyFlzhaRycwPtvBPLFjfmjjjTi/aH4V/frfxfjH/wFvH/xiaiFsYbP3aAP -sJNTLh3im480ugQ7P54ukdte2QHKsjJ3z4tkjnu1ogc1+ZLCSZVDxfR4gLfE6GsN -YFNd+LF7+NtAeJRuJceXIisj8mTQYg+esTF9QtWovdg7vHVPz8mmcsrG9shGr+G9 -iwwtCig+hAGtXFAuODRMur9QfPlP6FhJw0FX/36iJ2p6APZB0EGqn7LJ91EyOnWv -iRimLLvlGFiVB9Xxw1TxnQMNj9jmB1CA4oNqlromO/AA0ryh13TpcIo5gbn6Jcdc -fD4Rbj5k+2HhJTkQ78GpZ0q95P08XD2dlaM2QxxKQGqADJOdV2VgjB2NDXURkInq -6pdkcaRgAKme8b+xjCcVjLkBjQRj2s5gAQwAxmgflHInM8oKQnsXezG5etLmaUsS -EkV5jjQFCShNn9zJEF/PWJk5Df/mbODj02wyc749dSJbRlTY3LgGz1AeywOsM1oQ -XkhfRZZqMwqvfx8IkEPjMvGIv/UI9pqqg/TY7OiYLEDahYXHJDKmlnmCBlnU96cL -yh7a/xY3ZC20/JwbFVAFzD4biWOrAm1YPpdKbqCPclpvRP9N6nb6hxvKKmDo7MqS -uANZMaoqhvnGazt9n435GQkYRvtqmqmOvt8I4oCzV0Y39HfbCHhhy64HSIowKYE7 -YWIujJcfoIDQqq2378T631BxLEUPaoSOV4B8gk/Jbf3KVu4LNqJive7chR8F1C2k -eeAKpaf2CSAe7OrbAfWysHRZ060bSJzRk3COEACk/UURY+RlIwh+LQxEKb1YQueS -YGjxIjV1X7ScyOvam5CmqOd4do9psOS7MHcQNeUbhnjm0TyGT9DF8ELoE0NSYa+J -PvDGHo51M33s31RUO4TtJnU5xSRb2sOKzIuBABEBAAGJAbYEGAEIACAWIQQQhX/9 -0/kerld6IdZky7yBc9drPwUCY9rOYAIbDAAKCRBky7yBc9drP8ctC/9wGi01cBAW -BPEKEnfrKdvlsaLeRxotriupDqGSWxqVxBVd+n0Xs0zPB/kuZFTkHOHpbAWkhPr+ -hP+RJemxCKMCo7kT2FXVR1OYej8Vh+aYWZ5lw6dJGtgo3Ebib2VSKdasmIOI2CY/ -03G46jv05qK3fP6phz+RaX+9hHgh1XW9kKbdkX5lM9RQSZOof3/67IN8w+euy61O -UhNcrsDKrp0kZxw3S+b/02oP1qADXHz2BUerkCZa4RVK1pM0UfRUooOHiEdUxKKM -DE501hwQsMH7WuvlIR8Oc2UGkEtzgukhmhpQPSsVPg54y9US+LkpztM+yq+zRu33 -gAfssli0MvSmkbcTDD22PGbgPMseyYxfw7vuwmjdqvi9Z4jdln2gyZ6sSZdgUMYW -PGEjZDoMzsZx9Zx6SO9XCS7XgYHVc8/B2LGSxj+rpZ6lBbywH88lNnrm/SpQB74U -4QVLffuw76FanTH6advqdWIqtlWPoAQcEkKf5CdmfT2ei2wX1QLatTs= -=ZKPF ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/centos/keys/docker.pub b/salt/repo/client/files/centos/keys/docker.pub deleted file mode 100644 index 1967cbf01..000000000 --- a/salt/repo/client/files/centos/keys/docker.pub +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ -1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP -w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7 -gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh -KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50 -uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ -WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO -+VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN -spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM -+q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0 -rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB -tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 -BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti -Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG -VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l -TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC -/LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3 -ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ -XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao -xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra -IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL -GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi -g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW -5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ -=0Zqq ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/centos/keys/securityonion.pub b/salt/repo/client/files/centos/keys/securityonion.pub deleted file mode 100644 index 15be14ca9..000000000 --- a/salt/repo/client/files/centos/keys/securityonion.pub +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBF7rzwEBEADBg87uJhnC3Ls7s60hbHGaywGrPtbz2WuYA/ev3YS3X7WS75p8 -PGlzTWUCujx0pEHbK2vYfExl3zksZ8ZmLyZ9VB3oSLiWBzJgKAeB7YCFEo8te+eE -P2Z+8c+kX4eOV+2waxZyewA2TipSkhWgStSI4Ow8SyVUcUWA3hCw7mo2duNVi7KO -C3vvI3wzirH+8/XIGo+lWTg6yYlSxdf+0xWzYvV2QCMpwzJfARw6GGXtfCZw/zoO -o4+YPsiyztQdyI1y+g3Fbesl65E36DelbyP+lYd2VecX8ELEv0wlKCgHYlk6lc+n -qnOotVjWbsyXuFfo06PHUd6O9n3nmo0drC6kmXGw1e8hu0t8VcGfMTKS/hszwVUY -bHS6kbfsOoAb6LXPWKfqxk/BdreLXmcHHz88DimS3OS0JufkcmkjxEzSFRL0kb2h -QVb1SATrbx+v2RWQXvi9sLCjT2fdOiwi1Tgc84orc7A1C3Jwu353YaX9cV+n5uyG -OZ2AULZ5z2h13sVuiZAwfyyFs/O0CJ783hFA2TNPnyNGAgw/kaIo7nNRnggtndBo -oQzVS+BHiFx98IF4zDqmF2r2+jOCjxSrw8KnZBe4bgXFtl89DmjoejGvWDnu2MVM -pZDEs1DcOxHBQmTCWMIYLyNKG0xW6diyWBxEIaa7YgrP6kA+RaDfZ/xXPwARAQAB -tD9TZWN1cml0eSBPbmlvbiBTb2x1dGlvbnMsIExMQyA8aW5mb0BzZWN1cml0eW9u -aW9uc29sdXRpb25zLmNvbT6JAlQEEwEKAD4WIQTIBKk9Nr4Mcz6hlkR8EGC3/lBw -EwUCXuvPAQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB8EGC3 -/lBwExB1D/42xIDGU2XFNFyTU+ZqzDA8qNC9hEKjLeizbeM8RIm3xO+3p7SdqbuJ -7pA8gk0RiHuILb+Ba1xiSh/w/W2bOxQhsXuWHih2z3W1tI+hu6RQhIm4e6CIHHf7 -Vzj4RSvHOVS0AzITUwkHjv0x0Z8zVBPJfEHKkK2x03BqP1o12rd7n2ZMrSfN6sED -fUwOJLDjthShtyLSPBVG8j7T5cfSCPSLhfVOKPQVcI1sSir7RLeyxt1v1kzjQdaA -+znxO8EgfZJN93wzfBrAGcVT8KmpmgwR6p46m20wJXyZC9DZxJ0o1y3toVWTC+kP -Qj1ROPivySVn10rBoOJk8HteyhW07gTcydq+noKHV7SqJ1899xRAYP7rDCfI9iMW -Nn22ZDLnAkIcbNR7JLJCHwsZH/Umo9KO/dIccIqVQel3UCCYZcWTZW0VkcjqVKRa -eK+JQGaJPrBAoxIG5/sMlbk2sINSubNWlcbH6kM0V8NVwdPiOO9xLmp2hI4ICxE3 -M+O2HCNX4QYzVizzTFxEvW3ieLa4nePQ8J6lvMI2oLkFP7xHoFluvZnuwfNvoEy0 -RnlHExN1UQTUvcbCxIbzjaJ4HJXilWHjgmGaVQO1S7AYskWnNWQ7uJvxnuZBNNwm -pIvwYEZp23fYaWl/xKqnmPMy2ADjROBKlCm7L+Ntq1r7ELGW5ZCTobkCDQRe688B -ARAA22GzdkSAo+mwJ2S1RbJ1G20tFnLsG/NC8iMN3lEh/PSmyPdB7mBtjZ+HPDzF -VSznXZdr3LItBBQOli2hVIj1lZBY7+s2ZufV3TFFwselUwT3b1g1KMkopD95Ckf8 -WhLbSz2yqgrvcEvbB0HFX/ZEsHGqIz2kLacixjwXXLWOMQ2LNbeW1f5zQkBnaNNQ -/4njzTj68OxnvfplNYNJqi2pZGb2UqarYX04FqKNuocN8E7AC9FQdBXylmVctw9T -pQVwfCI76bTe6vPWb+keb6UNN1jyXVnhIQ3Fv5sFBsmgXf/hO8tqCotrKjEiK2/i -RkvFeqsGMXreCgYg9zW4k+DcJtVa+Q8juGOjElrubY3Ua9mCusx3vY4QYSWxQ5Ih -k1lXiUcM5Rt38lfpKHRJ5Pd4Y5xlWSQfZ7nmzbf/GzJQz+rWrA0X6Oc6cDOPLNXK -w1dAygre4f2bsp5kHQt6NMefxeNTDmi+4R62K0tb40f5q0Vxz8qdyD48bBsbULNx -kb6mjOAD+FNkfNXcGeuTq9oRnjx8i93mhYsIP5LFNDXS/zSP1nv0ZUFeIlGQGjV9 -1wOvT454qkI9sKiVFtd4FrNKZJbKszxxDm+DPfB5j+hRC4oeEJ7w+sVyh3EawtfM -V7Mwj8i+7c3YUCravXBhSwG7SCTggFUgA8lMr8oWVgCATYsAEQEAAYkCPAQYAQoA -JhYhBMgEqT02vgxzPqGWRHwQYLf+UHATBQJe688BAhsMBQkSzAMAAAoJEHwQYLf+ -UHATTtwQAJiztPW68ykifpFdwYFp1VC7c+uGLhWBqjDY9NSUKNC9caR7bV0cnNu8 -07UG6j18gCB2GSkukXjOR/oTj6rNcW/WouPYfQOrw7+M2Ya8M8iq+E/HOXaXB3b4 -FeCcB0UuwfcHHd2KbXrRHA+9GNpmuOcfTCdsPpIr41Xg4QltATDEt/FrzuKspXg4 -vUKDXgfnbj7y0JcJM2FfcwWGlnAG5MMRyjJQAleGdiidX/9WxgJ4Mweq4qJM0jr3 -Qsrc9VuzxsLr85no3Hn5UYVgT7bBZ59HUbQoi775m78MxN3mWUSdcyLQKovI+YXr -tshTxWIf/2Ovdzt6Wq1WWXOGGuK1qgdPJTFWrlh3amFdb70zR1p6A/Lthd7Zty+n -QjRZRQo5jBSnYtjhMrZP6rxM3QqnQ0frEKK9HfDYONk1Bw18CUtdwFGb9OMregLR -IjvNLp9coSh5yYAepZyUGEPRET0GsmVw2trQF0uyMSkQfiq2zjPto6WWbsmrrbLr -cfZ/wnBw1FoNEd51U54euo9yvOgOVtJGvqLgHNwB8574FhQhoWAMhyizqdgeEt26 -m3FXecUNKL/AK71/l04vor+/WsXe8uhDg3O84qeYa9wgd8LZZVmGZJDosSwqYjtb -LdNNm+v60Zo6rFWSREegqi/nRTTDdxdW99ybjlh+mpbq3xavyFXF -=bhkm ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/centos/yum.conf.jinja b/salt/repo/client/files/centos/yum.conf.jinja deleted file mode 100644 index bd31ac007..000000000 --- a/salt/repo/client/files/centos/yum.conf.jinja +++ /dev/null @@ -1,17 +0,0 @@ -{% set proxy = salt['pillar.get']('manager:proxy') -%} -[main] -cachedir=/var/cache/yum/$basearch/$releasever -keepcache=0 -debuglevel=2 -logfile=/var/log/yum.log -exactarch=1 -obsoletes=1 -gpgcheck=1 -plugins=1 -installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} -bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum -distroverpkg=centos-release -clean_requirements_on_remove=1 -{% if proxy -%} -proxy={{ proxy }} -{% endif %} diff --git a/salt/repo/client/files/rocky/keys/RPM-GPG-KEY-EPEL-9 b/salt/repo/client/files/rocky/keys/RPM-GPG-KEY-EPEL-9 deleted file mode 100644 index 0cc05ecb3..000000000 --- a/salt/repo/client/files/rocky/keys/RPM-GPG-KEY-EPEL-9 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp -CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6 -2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW -DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu -n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z -39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy -XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK -44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS -9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH -DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq -uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB -tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI -ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE -FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF -3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC -nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n -R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG -4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe -CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL -9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7 -w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT -/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd -fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE -r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux -VL469Kj5m13T6w== -=Mjs/ ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/salt/repo/client/files/rocky/keys/RPM-GPG-KEY-rockyofficial b/salt/repo/client/files/rocky/keys/RPM-GPG-KEY-rockyofficial deleted file mode 100644 index 6fb617c6b..000000000 --- a/salt/repo/client/files/rocky/keys/RPM-GPG-KEY-rockyofficial +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: resf.keykeeper.v1 -Comment: Keykeeper - -xsFNBGJ5RksBEADF/Lzssm7uryV6+VHAgL36klyCVcHwvx9Bk853LBOuHVEZWsme -kbJF3fQG7i7gfCKGuV5XW15xINToe4fBThZteGJziboSZRpkEQ2z3lYcbg34X7+d -co833lkBNgz1v6QO7PmAdY/x76Q6Hx0J9yiJWd+4j+vRi4hbWuh64vUtTd7rPwk8 -0y3g4oK1YT0NR0Xm/QUO9vWmkSTVflQ6y82HhHIUrG+1vQnSOrWaC0O1lqUI3Nuo -b6jTARCmbaPsi+XVQnBbsnPPq6Tblwc+NYJSqj5d9nT0uEXT7Zovj4Je5oWVFXp9 -P1OWkbo2z5XkKjoeobM/zKDESJR78h+YQAN9IOKFjL/u/Gzrk1oEgByCABXOX+H5 -hfucrq5U3bbcKy4e5tYgnnZxqpELv3fN/2l8iZknHEh5aYNT5WXVHpD/8u2rMmwm -I9YTEMueEtmVy0ZV3opUzOlC+3ZUwjmvAJtdfJyeVW/VMy3Hw3Ih0Fij91rO613V -7n72ggVlJiX25jYyT4AXlaGfAOMndJNVgBps0RArOBYsJRPnvfHlLi5cfjVd7vYx -QhGX9ODYuvyJ/rW70dMVikeSjlBDKS08tvdqOgtiYy4yhtY4ijQC9BmCE9H9gOxU -FN297iLimAxr0EVsED96fP96TbDGILWsfJuxAvoqmpkElv8J+P1/F7to2QARAQAB -zU9Sb2NreSBFbnRlcnByaXNlIFNvZnR3YXJlIEZvdW5kYXRpb24gLSBSZWxlYXNl -IGtleSAyMDIyIDxyZWxlbmdAcm9ja3lsaW51eC5vcmc+wsGKBBMBCAA0BQJieUZL -FiEEIcslauFvxUxuZSlJcC1CbTUNJ10CGwMCHgECGQEDCwkHAhUIAxYAAgIiAQAK -CRBwLUJtNQ0nXWQ5D/9472seOyRO6//bQ2ns3w9lE+aTLlJ5CY0GSTb4xNuyv+AD -IXpgvLSMtTR0fp9GV3vMw6QIWsehDqt7O5xKWi+3tYdaXRpb1cvnh8r/oCcvI4uL -k8kImNgsx+Cj+drKeQo03vFxBTDi1BTQFkfEt32fA2Aw5gYcGElM717sNMAMQFEH -P+OW5hYDH4kcLbtUypPXFbcXUbaf6jUjfiEp5lLjqquzAyDPLlkzMr5RVa9n3/rI -R6OQp5loPVzCRZMgDLALBU2TcFXLVP+6hAW8qM77c+q/rOysP+Yd+N7GAd0fvEvA -mfeA4Y6dP0mMRu96EEAJ1qSKFWUul6K6nuqy+JTxktpw8F/IBAz44na17Tf02MJH -GCUWyM0n5vuO5kK+Ykkkwd+v43ZlqDnwG7akDkLwgj6O0QNx2TGkdgt3+C6aHN5S -MiF0pi0qYbiN9LO0e05Ai2r3zTFC/pCaBWlG1ph2jx1pDy4yUVPfswWFNfe5I+4i -CMHPRFsZNYxQnIA2Prtgt2YMwz3VIGI6DT/Z56Joqw4eOfaJTTQSXCANts/gD7qW -D3SZXPc7wQD63TpDEjJdqhmepaTECbxN7x/p+GwIZYWJN+AYhvrfGXfjud3eDu8/ -i+YIbPKH1TAOMwiyxC106mIL705p+ORf5zATZMyB8Y0OvRIz5aKkBDFZM2QN6A== -=PzIf ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/rocky/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub b/salt/repo/client/files/rocky/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub deleted file mode 100644 index be55ef561..000000000 --- a/salt/repo/client/files/rocky/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub +++ /dev/null @@ -1,41 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBGPazmABDAC6qc2st6/Uh/5AL325OB5+Z1XMFM2HhQNjB/VcYbLvcCx9AXsU -eaEmNPm6OY3p5+j8omjpXPYSU7DUQ0lIutuAtwkDMROH7uH/r9IY7iu88S6w3q89 -bgbnqhu4mrSik2RNH2NqEiJkylz5rwj4F387y+UGH3aXIGryr+Lux9WxfqoRRX7J -WCf6KOaduLSp9lF4qdpAb4/Z5yExXtQRA9HULSJZqNVhfhWInTkVPw+vUo/P9AYv -mJVv6HRNlTb4HCnl6AZGcAYv66J7iWukavmYKxuIbdn4gBJwE0shU9SaP70dh/LT -WqIUuGRZBVH/LCuVGzglGYDh2iiOvR7YRMKf26/9xlR0SpeU/B1g6tRu3p+7OgjA -vJFws+bGSPed07asam3mRZ0Y9QLCXMouWhQZQpx7Or1pUl5Wljhe2W84MfW+Ph6T -yUm/j0yRlZJ750rGfDKA5gKIlTUXr+nTvsK3nnRiHGH2zwrC1BkPG8K6MLRluU/J -ChgZo72AOpVNq9MAEQEAAbQ5U2FsdCBQcm9qZWN0IFBhY2thZ2luZyA8c2FsdHBy -b2plY3QtcGFja2FnaW5nQHZtd2FyZS5jb20+iQHSBBMBCAA8FiEEEIV//dP5Hq5X -eiHWZMu8gXPXaz8FAmPazmACGwMFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheA -AAoJEGTLvIFz12s/yf0L/jyP/LfduA4DwpjKX9Vpk26tgis9Q0I54UerpD5ibpTA -krzZxK1yFOPddcOjo+Xqg+I8aA+0nJkf+vsfnRgcpLs2qHZkikwZbPduZwkNUHX7 -6YPSXTwyFlzhaRycwPtvBPLFjfmjjjTi/aH4V/frfxfjH/wFvH/xiaiFsYbP3aAP -sJNTLh3im480ugQ7P54ukdte2QHKsjJ3z4tkjnu1ogc1+ZLCSZVDxfR4gLfE6GsN -YFNd+LF7+NtAeJRuJceXIisj8mTQYg+esTF9QtWovdg7vHVPz8mmcsrG9shGr+G9 -iwwtCig+hAGtXFAuODRMur9QfPlP6FhJw0FX/36iJ2p6APZB0EGqn7LJ91EyOnWv -iRimLLvlGFiVB9Xxw1TxnQMNj9jmB1CA4oNqlromO/AA0ryh13TpcIo5gbn6Jcdc -fD4Rbj5k+2HhJTkQ78GpZ0q95P08XD2dlaM2QxxKQGqADJOdV2VgjB2NDXURkInq -6pdkcaRgAKme8b+xjCcVjLkBjQRj2s5gAQwAxmgflHInM8oKQnsXezG5etLmaUsS -EkV5jjQFCShNn9zJEF/PWJk5Df/mbODj02wyc749dSJbRlTY3LgGz1AeywOsM1oQ -XkhfRZZqMwqvfx8IkEPjMvGIv/UI9pqqg/TY7OiYLEDahYXHJDKmlnmCBlnU96cL -yh7a/xY3ZC20/JwbFVAFzD4biWOrAm1YPpdKbqCPclpvRP9N6nb6hxvKKmDo7MqS -uANZMaoqhvnGazt9n435GQkYRvtqmqmOvt8I4oCzV0Y39HfbCHhhy64HSIowKYE7 -YWIujJcfoIDQqq2378T631BxLEUPaoSOV4B8gk/Jbf3KVu4LNqJive7chR8F1C2k -eeAKpaf2CSAe7OrbAfWysHRZ060bSJzRk3COEACk/UURY+RlIwh+LQxEKb1YQueS -YGjxIjV1X7ScyOvam5CmqOd4do9psOS7MHcQNeUbhnjm0TyGT9DF8ELoE0NSYa+J -PvDGHo51M33s31RUO4TtJnU5xSRb2sOKzIuBABEBAAGJAbYEGAEIACAWIQQQhX/9 -0/kerld6IdZky7yBc9drPwUCY9rOYAIbDAAKCRBky7yBc9drP8ctC/9wGi01cBAW -BPEKEnfrKdvlsaLeRxotriupDqGSWxqVxBVd+n0Xs0zPB/kuZFTkHOHpbAWkhPr+ -hP+RJemxCKMCo7kT2FXVR1OYej8Vh+aYWZ5lw6dJGtgo3Ebib2VSKdasmIOI2CY/ -03G46jv05qK3fP6phz+RaX+9hHgh1XW9kKbdkX5lM9RQSZOof3/67IN8w+euy61O -UhNcrsDKrp0kZxw3S+b/02oP1qADXHz2BUerkCZa4RVK1pM0UfRUooOHiEdUxKKM -DE501hwQsMH7WuvlIR8Oc2UGkEtzgukhmhpQPSsVPg54y9US+LkpztM+yq+zRu33 -gAfssli0MvSmkbcTDD22PGbgPMseyYxfw7vuwmjdqvi9Z4jdln2gyZ6sSZdgUMYW -PGEjZDoMzsZx9Zx6SO9XCS7XgYHVc8/B2LGSxj+rpZ6lBbywH88lNnrm/SpQB74U -4QVLffuw76FanTH6advqdWIqtlWPoAQcEkKf5CdmfT2ei2wX1QLatTs= -=ZKPF ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/rocky/keys/docker.pub b/salt/repo/client/files/rocky/keys/docker.pub deleted file mode 100644 index 1967cbf01..000000000 --- a/salt/repo/client/files/rocky/keys/docker.pub +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ -1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP -w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7 -gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh -KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50 -uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ -WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO -+VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN -spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM -+q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0 -rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB -tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3 -BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti -Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG -VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l -TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC -/LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3 -ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ -XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao -xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra -IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL -GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi -g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW -5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ -=0Zqq ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/rocky/keys/securityonion.pub b/salt/repo/client/files/rocky/keys/securityonion.pub deleted file mode 100644 index 15be14ca9..000000000 --- a/salt/repo/client/files/rocky/keys/securityonion.pub +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBF7rzwEBEADBg87uJhnC3Ls7s60hbHGaywGrPtbz2WuYA/ev3YS3X7WS75p8 -PGlzTWUCujx0pEHbK2vYfExl3zksZ8ZmLyZ9VB3oSLiWBzJgKAeB7YCFEo8te+eE -P2Z+8c+kX4eOV+2waxZyewA2TipSkhWgStSI4Ow8SyVUcUWA3hCw7mo2duNVi7KO -C3vvI3wzirH+8/XIGo+lWTg6yYlSxdf+0xWzYvV2QCMpwzJfARw6GGXtfCZw/zoO -o4+YPsiyztQdyI1y+g3Fbesl65E36DelbyP+lYd2VecX8ELEv0wlKCgHYlk6lc+n -qnOotVjWbsyXuFfo06PHUd6O9n3nmo0drC6kmXGw1e8hu0t8VcGfMTKS/hszwVUY -bHS6kbfsOoAb6LXPWKfqxk/BdreLXmcHHz88DimS3OS0JufkcmkjxEzSFRL0kb2h -QVb1SATrbx+v2RWQXvi9sLCjT2fdOiwi1Tgc84orc7A1C3Jwu353YaX9cV+n5uyG -OZ2AULZ5z2h13sVuiZAwfyyFs/O0CJ783hFA2TNPnyNGAgw/kaIo7nNRnggtndBo -oQzVS+BHiFx98IF4zDqmF2r2+jOCjxSrw8KnZBe4bgXFtl89DmjoejGvWDnu2MVM -pZDEs1DcOxHBQmTCWMIYLyNKG0xW6diyWBxEIaa7YgrP6kA+RaDfZ/xXPwARAQAB -tD9TZWN1cml0eSBPbmlvbiBTb2x1dGlvbnMsIExMQyA8aW5mb0BzZWN1cml0eW9u -aW9uc29sdXRpb25zLmNvbT6JAlQEEwEKAD4WIQTIBKk9Nr4Mcz6hlkR8EGC3/lBw -EwUCXuvPAQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB8EGC3 -/lBwExB1D/42xIDGU2XFNFyTU+ZqzDA8qNC9hEKjLeizbeM8RIm3xO+3p7SdqbuJ -7pA8gk0RiHuILb+Ba1xiSh/w/W2bOxQhsXuWHih2z3W1tI+hu6RQhIm4e6CIHHf7 -Vzj4RSvHOVS0AzITUwkHjv0x0Z8zVBPJfEHKkK2x03BqP1o12rd7n2ZMrSfN6sED -fUwOJLDjthShtyLSPBVG8j7T5cfSCPSLhfVOKPQVcI1sSir7RLeyxt1v1kzjQdaA -+znxO8EgfZJN93wzfBrAGcVT8KmpmgwR6p46m20wJXyZC9DZxJ0o1y3toVWTC+kP -Qj1ROPivySVn10rBoOJk8HteyhW07gTcydq+noKHV7SqJ1899xRAYP7rDCfI9iMW -Nn22ZDLnAkIcbNR7JLJCHwsZH/Umo9KO/dIccIqVQel3UCCYZcWTZW0VkcjqVKRa -eK+JQGaJPrBAoxIG5/sMlbk2sINSubNWlcbH6kM0V8NVwdPiOO9xLmp2hI4ICxE3 -M+O2HCNX4QYzVizzTFxEvW3ieLa4nePQ8J6lvMI2oLkFP7xHoFluvZnuwfNvoEy0 -RnlHExN1UQTUvcbCxIbzjaJ4HJXilWHjgmGaVQO1S7AYskWnNWQ7uJvxnuZBNNwm -pIvwYEZp23fYaWl/xKqnmPMy2ADjROBKlCm7L+Ntq1r7ELGW5ZCTobkCDQRe688B -ARAA22GzdkSAo+mwJ2S1RbJ1G20tFnLsG/NC8iMN3lEh/PSmyPdB7mBtjZ+HPDzF -VSznXZdr3LItBBQOli2hVIj1lZBY7+s2ZufV3TFFwselUwT3b1g1KMkopD95Ckf8 -WhLbSz2yqgrvcEvbB0HFX/ZEsHGqIz2kLacixjwXXLWOMQ2LNbeW1f5zQkBnaNNQ -/4njzTj68OxnvfplNYNJqi2pZGb2UqarYX04FqKNuocN8E7AC9FQdBXylmVctw9T -pQVwfCI76bTe6vPWb+keb6UNN1jyXVnhIQ3Fv5sFBsmgXf/hO8tqCotrKjEiK2/i -RkvFeqsGMXreCgYg9zW4k+DcJtVa+Q8juGOjElrubY3Ua9mCusx3vY4QYSWxQ5Ih -k1lXiUcM5Rt38lfpKHRJ5Pd4Y5xlWSQfZ7nmzbf/GzJQz+rWrA0X6Oc6cDOPLNXK -w1dAygre4f2bsp5kHQt6NMefxeNTDmi+4R62K0tb40f5q0Vxz8qdyD48bBsbULNx -kb6mjOAD+FNkfNXcGeuTq9oRnjx8i93mhYsIP5LFNDXS/zSP1nv0ZUFeIlGQGjV9 -1wOvT454qkI9sKiVFtd4FrNKZJbKszxxDm+DPfB5j+hRC4oeEJ7w+sVyh3EawtfM -V7Mwj8i+7c3YUCravXBhSwG7SCTggFUgA8lMr8oWVgCATYsAEQEAAYkCPAQYAQoA -JhYhBMgEqT02vgxzPqGWRHwQYLf+UHATBQJe688BAhsMBQkSzAMAAAoJEHwQYLf+ -UHATTtwQAJiztPW68ykifpFdwYFp1VC7c+uGLhWBqjDY9NSUKNC9caR7bV0cnNu8 -07UG6j18gCB2GSkukXjOR/oTj6rNcW/WouPYfQOrw7+M2Ya8M8iq+E/HOXaXB3b4 -FeCcB0UuwfcHHd2KbXrRHA+9GNpmuOcfTCdsPpIr41Xg4QltATDEt/FrzuKspXg4 -vUKDXgfnbj7y0JcJM2FfcwWGlnAG5MMRyjJQAleGdiidX/9WxgJ4Mweq4qJM0jr3 -Qsrc9VuzxsLr85no3Hn5UYVgT7bBZ59HUbQoi775m78MxN3mWUSdcyLQKovI+YXr -tshTxWIf/2Ovdzt6Wq1WWXOGGuK1qgdPJTFWrlh3amFdb70zR1p6A/Lthd7Zty+n -QjRZRQo5jBSnYtjhMrZP6rxM3QqnQ0frEKK9HfDYONk1Bw18CUtdwFGb9OMregLR -IjvNLp9coSh5yYAepZyUGEPRET0GsmVw2trQF0uyMSkQfiq2zjPto6WWbsmrrbLr -cfZ/wnBw1FoNEd51U54euo9yvOgOVtJGvqLgHNwB8574FhQhoWAMhyizqdgeEt26 -m3FXecUNKL/AK71/l04vor+/WsXe8uhDg3O84qeYa9wgd8LZZVmGZJDosSwqYjtb -LdNNm+v60Zo6rFWSREegqi/nRTTDdxdW99ybjlh+mpbq3xavyFXF -=bhkm ------END PGP PUBLIC KEY BLOCK----- diff --git a/salt/repo/client/files/rocky/yum.conf.jinja b/salt/repo/client/files/rocky/yum.conf.jinja deleted file mode 100644 index 118bffeef..000000000 --- a/salt/repo/client/files/rocky/yum.conf.jinja +++ /dev/null @@ -1,17 +0,0 @@ -{% set proxy = salt['pillar.get']('manager:proxy') -%} -[main] -cachedir=/var/cache/yum/$basearch/$releasever -keepcache=0 -debuglevel=2 -logfile=/var/log/yum.log -exactarch=1 -obsoletes=1 -gpgcheck=1 -plugins=1 -installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }} -bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum -distroverpkg=centos-release -clean_requirements_on_remove=1 -{%- if proxy %} -proxy={{ proxy }} -{%- endif %} diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index 3e6dedb6b..5cb9bd94d 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -1,10 +1,5 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} - +{% if GLOBALS.os == 'OEL' %} include: - {% if GLOBALS.os == 'CentOS Stream' %} - - repo.client.centos - {% elif GLOBALS.os == 'OEL' %} - repo.client.oracle - {% else %} - - repo.client.{{grains.os | lower}} - {% endif %} \ No newline at end of file +{% endif %} \ No newline at end of file diff --git a/salt/repo/client/map.jinja b/salt/repo/client/map.jinja index 5f3fcc3b7..655a6379e 100644 --- a/salt/repo/client/map.jinja +++ b/salt/repo/client/map.jinja @@ -1,8 +1,8 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} -{% if GLOBALS.os_family == 'RedHat' %} - +{% if GLOBALS.os_family = 'Redhat' %} {% set REPOPATH = '/etc/yum.repos.d/' %} +{% if GLOBALS.os == 'OEL' %} {% set ABSENTFILES = [ 'centos-addons.repo', 'centos-devel.repo', @@ -31,7 +31,11 @@ 'virt-oll9' ] %} -{% elif GLOBALS.os == 'Ubuntu' %} +{% else %} + {% set ABSENTFILES = [] %} +{% endif %} + +{% else %} {% set REPOPATH = '/etc/apt/sources.list.d/' %} {% set ABSENTFILES = [] %} diff --git a/salt/repo/client/rocky.sls b/salt/repo/client/rocky.sls deleted file mode 100644 index 405bba7f6..000000000 --- a/salt/repo/client/rocky.sls +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0; you may not use -# this file except in compliance with the Elastic License 2.0. - -{% from 'repo/client/map.jinja' import ABSENTFILES with context %} -{% from 'repo/client/map.jinja' import REPOPATH with context %} -{% from 'vars/globals.map.jinja' import GLOBALS %} - -{% set role = grains.id.split('_') | last %} -{% set MANAGER = salt['grains.get']('master') %} -{% if grains['os'] == 'Rocky' %} - -{% if ABSENTFILES|length > 0%} - {% for file in ABSENTFILES %} -{{ file }}: - file.absent: - - name: {{ REPOPATH }}{{ file }} - - onchanges_in: - - cmd: cleandnf - {% endfor %} -{% endif %} - -cleandnf: - cmd.run: - - name: 'dnf clean all' - - onchanges: - - so_repo - -yumconf: - file.managed: - - name: /etc/yum.conf - - source: salt://repo/client/files/rocky/yum.conf.jinja - - mode: 644 - - template: jinja - - show_changes: False - -repair_yumdb: - cmd.run: - - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all' - - onlyif: - - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"' - -crsynckeys: - file.recurse: - - name: /etc/pki/rpm-gpg - - source: salt://repo/client/files/rocky/keys/ - -so_repo: - pkgrepo.managed: - - name: securityonion - - humanname: Security Onion Repo - {% if GLOBALS.role in ['so-eval', 'so-standalone', 'so-import', 'so-manager', 'so-managersearch'] %} - - baseurl: file:///nsm/repo/ - {% else %} - - baseurl: https://{{ GLOBALS.repo_host }}/repo - {% endif %} - - enabled: 1 - - gpgcheck: 1 - -{% endif %} - -# TODO: Add a pillar entry for custom repos diff --git a/salt/repo/client/ubuntu.sls b/salt/repo/client/ubuntu.sls deleted file mode 100644 index e69de29bb..000000000 From 5a5b643155114847f699d087664fe16f5477a826 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 14 Jul 2023 12:04:30 -0400 Subject: [PATCH 099/125] Fix ISO install --- setup/so-setup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 8fae8fa77..6476e32d3 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -86,7 +86,7 @@ fi # Make sure if ISO is specified that we are dealing with CentOS or Rocky title "Detecting if this is an ISO install" if [[ "$setup_type" == 'iso' ]]; then - if [[ $is_centos || $is_rocky ]]; then + if [[ $is_rpm ]]; then is_iso=true else echo "Only use 'so-setup iso' for an ISO install on Security Onion ISO images. Please run 'so-setup network' instead." @@ -99,7 +99,7 @@ if [[ $is_desktop ]]; then title "This is a desktop install" # Make sure it's CentOS or Rocky Linux - if [[ $is_rocky || $is_centos ]]; then + if [[ $is_rpm ]]; then info "Security Onion Desktop is supported on this OS." else info "Security Onion Desktop is not supported on this OS." From 1028fb1346a1b59e84b1640de6ad93f56ae20634 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 14 Jul 2023 13:17:20 -0400 Subject: [PATCH 100/125] Fix ISO install --- salt/common/init.sls | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index 72233f23b..f50f0c61b 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -195,7 +195,7 @@ soversionfile: {% endif %} {% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %} - {% if GLOBALS.os == 'CentOS Stream' %} + {% if GLOBALS.os == 'OEL' %} # Install Raid tools raidpkgs: pkg.installed: @@ -217,33 +217,7 @@ so-raid-status: - month: '*' - dayweek: '*' -{% endif %} - -{% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %} - {% if GLOBALS.os == 'Rocky' %} -# Install Raid tools -raidpkgs: - pkg.installed: - - skip_suggestions: True - - pkgs: - - securityonion-raidtools - - securityonion-megactl {% endif %} - -# Install raid check cron -so-raid-status: - cron.present: - - name: '/usr/sbin/so-raid-status > /dev/null 2>&1' - - identifier: so-raid-status - - user: root - - minute: '*/15' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' - -{% endif %} - {% else %} {{sls}}_state_not_allowed: From ba2782c5e7b887f71ccfd77fb2d0e896a7eba595 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 14 Jul 2023 13:22:40 -0400 Subject: [PATCH 101/125] patch x509_v2.py --- setup/so-functions | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index c48a5cf60..ef62ca5a5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2083,6 +2083,12 @@ saltify() { logCmd "salt-pip install docker --no-index --only-binary=:all: --find-links files/salt_module_deps/docker/" logCmd "salt-pip install pymysql --no-index --only-binary=:all: --find-links files/salt_module_deps/pymysql/" + # this can be removed when https://github.com/saltstack/salt/issues/64195 is resolved + if [ $SALTVERSION == "3006.1" ]; then + info "Salt version 3006.1 found. Patching /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/x509_v2.py" + \cp -v ./files/patch/states/x509_v2.py /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/x509_v2.py + fi + } From 87d72e852c285528b27f5ab538874948495dfe13 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 14 Jul 2023 13:45:31 -0400 Subject: [PATCH 102/125] Fix logic --- salt/repo/client/map.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/repo/client/map.jinja b/salt/repo/client/map.jinja index 655a6379e..b31fca2d2 100644 --- a/salt/repo/client/map.jinja +++ b/salt/repo/client/map.jinja @@ -1,6 +1,6 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} -{% if GLOBALS.os_family = 'Redhat' %} +{% if GLOBALS.os_family == 'Redhat' %} {% set REPOPATH = '/etc/yum.repos.d/' %} {% if GLOBALS.os == 'OEL' %} {% set ABSENTFILES = [ From 9e42fb927d2913d44243e1f5a949713899f5a923 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 14 Jul 2023 14:04:36 -0400 Subject: [PATCH 103/125] Add RPM-GPG-KEY-oracle --- .../files/oracle/keys/RPM-GPG-KEY-oracle | 104 ++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 salt/repo/client/files/oracle/keys/RPM-GPG-KEY-oracle diff --git a/salt/repo/client/files/oracle/keys/RPM-GPG-KEY-oracle b/salt/repo/client/files/oracle/keys/RPM-GPG-KEY-oracle new file mode 100644 index 000000000..d141de859 --- /dev/null +++ b/salt/repo/client/files/oracle/keys/RPM-GPG-KEY-oracle @@ -0,0 +1,104 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGHncu8BEAC2dhocMZkdapnP9o/MvAnKOczaSpF4Cj9yqt49bxLPJCY57jz9 +2ZkJ5iGk6kpBt4rPTh18aAl30T+nPP8VMQjMhvHJKfZmBtaJJ5RpvvpK5mj1UgRJ +4DQX7gqAbT0s/uZZcouZsJzXo3c7GNMrim1C+ScfGG6BoB6GVBK74jFeJNMsxZ2Y +BwQhpE+KG+1zD94RZCySykJjNoKj+U4W5H2XdB/mNEc8icFqxjJGZ5BN0DA2Wqxn +mwELTO3Q2ne1y9+sPn2YKhRqyihuZYaUPR/Jpdki93mk61MdaoTTxFPZ8FWAYrAW +9KVdreT8K33SaTFFpmhbpndPEYesgCqDqiZG7Ywjgbf2nqSOzBr2ZX23PX7QUCvQ +ar58bNbWENLhC3B950TK+r23kkPa3GICE9WP5TftWJdbJMWRBX3YhdNooNGGCbeB +xM7B/UV9hSRx1S/US8HvDhJezZDuKrpPXrNWJTuW9Kty2WGwUkEDT2GBbcjx9ocJ +fqyNJKhaLoYKCVlsmhJUi4xCY0CDDapekWLZOzHB2zgT49uIjawV5ex6pA7oLaPI +hQGvTcCl7GFWOP/6feazzIpnsJ4V3B2DoLnAevpZlINo/bi3Hv/YmbvE6NyYzD6c +1y90pc0+Om1trLPCAZpaO1I369ZhLl6T/mCd92hrCG1y8K3PFiRIKpEMVwARAQAB +tDVPcmFjbGUgTGludXggKHJlbGVhc2Uga2V5IDEpIDxzZWNhbGVydF91c0BvcmFj +bGUuY29tPokCVAQTAQoAPhYhBD5tgm0/urOJwvOONLxNBqCNi3VvBQJinlnsAhsD +BQklmAYABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJELxNBqCNi3Vv3LEP/2au +kXzbdA/T/7i+4AbGFfYnTWqmZy58wfteDNy1sk6cPmfOUqZQXUrJcSGqqeIDjPvl +KNExpee/Ja4NGg2YfzkwH5IK5sXmEDKObXRCXGZh9/WyYpr4TBoDU2rSYBP4sbKm +PsnVoRalt2Zb0qbQF8GilytoRabjI0gLzwhmoHBZMMc3MIO14KQ5yFbekaJZKcxE +BxaDQ1NDZV1rOVbkg0yDLS9Nw89dDYWVn1wx0foRJcD277ExvmaB4vmC5yayo4ss +cFldYLu7W9FHmh46flXQGfduORCbDFfjn92eB0jdrkuoEhVRpljAtMO15GMpuVbv +HzbImI2f1MfydOa6dHbRAlzeV37fPz+1nO9IWdXqFeRG0nrH2gB02AfeoObMkK/a +XYT9sq1mC5DaK6fbOPWlY+c2hIq0BhUpe+OBdDfmm7L+si9Ffj2sUdn4sHLN6Tj7 +BrJuWmJEz42+rblDNBkrdBC6XXDaRYILKSuGD65PVV+/pVl1c2EOqcktW00iiehb +eLhj2sz6NaoO5Rhx0J3pMsaCaEBAm8P6UxQSx4iGhZ8Kh5O1SVVlqu3xOhSGOKRE +sS8gIjeV/Jl3frR4eZG/BpzdTjKZmQV7dvJ4gDuDE+X7rZBzUm7nggyE2pV6UbTD +5Qwy+ASQfYHfHK4lsHD4kbO/We6H1fEFPlzlr14UuQINBGHncu8BEADBG52gWRob +VEsQIzAfq2obFnwMroxMupXrDBka7i6cUJw8HsqyHs9maGxAuRDlAma2MBPUYcbm +DH3bmctaUR7CA1RouPkb6qbZXwSwpvgN4eh4naPX20/VEp/cd5DhKWjP9yC70weh +r4LmGWV41jBAMK0G1l6+FDw2ITgsamZP+tw0swCKqzpIY2waiygCtPHCCCFMuZ6S +7hzQpsKVFh8zqzRxMs6Mni9olk4+xwng0ahYfoe2esByR2M1kGX62Y6BOcIRX1cE +zYFCUww5GrjZdJoObBtffUSz+q2LNOBcqg5huRd8BoC+k5yrXUq8ypspfV1kNEI3 +/ebFew6A8sdf2c+sOdTxTu4MI5iXM1fhCC6X4lAN8w1Ga3ML+k/kgL75mH62Yyzr +OHXNkylTDfxz9qvq6qszVfWdzVaGXRfulW5nAbAXhuX1gmgZW+M7IQ22xyWC+I60 +UcaE2l9QtHFKuekdYnekTkSUA0ghVwuw+JCQZGQbq5LqbA5TkEYuibBOJD3MZYQ5 +C3DK4KHs/3wxf2aq+Pkf3mpSscC4B0Ba5tlpJawUWqnUmGd208sfUwD20MFfHM+1 +N+M6JYCv0tC0cyAV9Jq74bAUDXLMfkGKZyAWmlPaZBMMt4WaN0r2PAKp00T6PX6x +jTM6/aNDvNTpsaaUpMXRzH13AiJ/1SjfZwARAQABiQI8BBgBCgAmAhsMFiEEPm2C +bT+6s4nC8440vE0GoI2LdW8FAmKeWsgFCSRtulkACgkQvE0GoI2LdW/pig//Zi0a +bmFJKTxku0/LMI31ZaLn9gzXjv2ugmJumfXAce+nlaheCNBa+IMLQdAmrbislzLs +qXX2+6Eqh4Q/vqGLCkElIzT9ulkgwwEp0cVF6jnXqlWHa0a/T6oAq10jRneaQFCE +t6hweJ9KTUQufp5aAiZr/GVpBJLJ8kfOx+5eHvDj+VFlFUhpzzns/NfN5N+bthJ/ +Wbt49tzmWaWoEFA0tlwMBPO3zEh/mo5lys0GqENPs4Yb4tL82qg+SG7jHSuH2lZk +XLLyLQ6p63VZysL9+UTBtafs5jxnTopQFIXtzAOwdtQ8o7/6hhsUchRoUy23EIHT +J25yA2Qtb8Z/1m/G0e3lz46xHBPIs8FKSOPToCT6E1+9lomnzJPRBCCDTZO5imfX +4N4l7BodW9nb7zEMHCi2BUM+InpSsEkQkQFs0HIRI2KHSyY30uN0pVXJLOoVQIBr +WdUzLTTkN9w43fLpkcFXGbpU+pZvK2uksC3O+eBhIpZA9E7iZDwfEaZlUKO5kFvS +V5f8ZM1jbEb0sOZNNNEaEhTFTl8pQPc2GqgZ3rYt9mqH5OwhzKftV9PDYulIbY+Y +AN6eJhHj8Eu/IlxG6iYCDmF2hOVPs9aLo9zqdxbu8B6rUyVPOwfNbOR1U7WMRCYm +4QrtLe//99hXPcFVanIxgkdslnyYf4fjdbdlmNY= +=xpaH +-----END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGHndDkBEACieeO8U0kcUTDMLGXGKrJ3nScZ4LN5hHSzWC1zuLPpkB0YQdik +CrfSwodyp9LeEhaRsCSoGDc3cS5f5uGvsSUHMCZwEKjdT8LmZkF/dtvVDWawgaLS +KjoT+AJpss+ws0d/qmwkIHeYExdvZFNdKxvvxycCNy9fNwarT4aNySW6Ax7ERDl8 +k0QSK7uvL1AaWQKSz9rX//KcLv5OXVUX3ITcwprJPD3H2yTOy4pE9gxs/qKfnP+U +Pbb3pNaHP4PnCIQrjXhJxnH9cEJ7ef0kqBdliGPN7EObrP2uPg70WnVsXovYw/TF +PrA4H2lvJ58RVhh3ocrSnR+SIne7Lgf1FRSrsE2mmNZAWD6rOxOzO4kUrcfv/pqZ +f+sDs7KTFMO0noJ1Kt7JSV6xCQzeKGdOh9JxYI0/YIsquiHTF2xva3WHrpOG1sns +xXcnrLKONisg4gEK36fjsliG4jJhcNyJaAf4sfDiTKDOE5om+BZ7kMNSrMn20wg4 +AdZJm6x8Z0OfjxGOzMQ8re4Cf73H5odrpUel7HFGXiLWtk/f4P5EjxUTznlMbNED +gYi0H898Dz5Qfmtr97WQ8132fnKKtsPlXWNUNgJpYe+GvzmYOBAr4p5EZEWjB+q6 +EnfLDLpkaS+PbrpLCls5AnWnHjimBmlIMoO5GEsJdYLIQvVVvfKtEDJIBQARAQAB +tDRPcmFjbGUgTGludXggKGJhY2t1cCBrZXkgMSkgPHNlY2FsZXJ0X3VzQG9yYWNs +ZS5jb20+iQJUBBMBCgA+FiEEmCIxdZx0ZwZdDOmyp90HCItO++YFAmKewpICGwMF +CSWYBgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQp90HCItO++bU+w//SFOe +RBqWoA5kP4BN9z716LpgkCllMRQsRZ0kZm8Enbe5S9ENn2T5/f6zZca3TNU6Wbit +ryToXuOlTsWy4BqAvQhQFeschg10Xgy6/VG3p5kCY4DIPOUjlb7/1r8k0xX6m/mH +BXBf2MCVRx/zkyeRDtD3lYHyz4cwoHEZ2NuB+CCe5WA2owVhgsRuVmjidDeOa7Q6 +61eLhAJ53OVqsUt5JpQS0KrVeYVJxCiiZnKgJMqHp26Jq0WIKtgBV3sakxhUpRUf +6ap7mnSAdh6Ae4r1+pTKd7trkxjIqLXH9RI0d7Xm+blRQVZJL9GLaLUaSvw4sfd/ +jfqENCBwAH7D488L1yvTqPfHC2+kRuUI3GU98RULCHveCISRGLVGwh1p88+9aok3 +DoV7/BUEIGbHzg3gcx8zFO2ZKKoJ7xS+vvNLAslPvHNDFH0XOwKBqlVztJprwWtA +H33e6fti7BMRw1vgljC8yVATBTiKXj5aw+25zi70o1fIFxpwsx5mwMmqHc634ai2 +hPWNZid0Lu3MYBd8pDCvMMMGimfecoyEZKJR2KbO+pNBn7suol5XS3pCmbF3ldMa +Atra+HvnxNBMxFVdxsqZhr/+ovQszYNIlWSYUDLbqk33HBmvbi3IuogAyxhLdw3T +uIjjf0acjOsSgy79ju2NpKPVtJw4BmvJRFX0Rh25Ag0EYed0OQEQAJRhf7/ZIWhZ +LpCX2vg8B4hjsEYeRvEAPUrUMHkqCuElmDaT7g76aPG0jvbMFVU/ykEt2mIi7EhW +s0SZknT5G8HoHJM2MirkyGB26yp4IlkPyNlc5H9nmMhY7iz/utxQps8jDS8dvxeG +1YAJGleGywGAet9vFfrLX9Xq9efTXozJfWOsRm+y2WklS+LblftaTUurStzLXRGT +AsBYOyVaRX/6AMu+fZt7mvoM+bOFNGxMSDIZi93wBiCKp0P2Se1YJoFHTOcQ0M6V +Fbl91ZcImPxAOX4DHfw4iuokiHCs//wV0DLZ3qtuqN2m/kV4JE9ak//BPVn4acH1 +Z6DQIzQpY66dIyLumGuCdPhl7MFHyAeKhBtLc7gp4+sli+zNUfYwwp55rTdZ9JDR +G2LD/P2eNnrUXEsvOzqqQy48BmzOmTdgc2vef85Z23GczwX1PyTaGnrQKkReajN0 +IxIuFpTgRQFBoPHTB1VVjSsOu7McWx4Gy2zccSrXKIskj4sOBIYBjxBAR0U4Gi5h +OAqplVGH3x3RoRb2swkc/LLb6WV6J7REmZ0+0dAE1ShBR8GmEb4wYc5BUgYXrhEn +hK3nmNx65jZXSAwJOZU8ETLaMoa/I/+QkgPvAJ8gyTLbMQ/xB2kMNRdisphz0jiy +PIXWlOf6I750VtbBNPHqfe0RHbBQJAl9ABEBAAGJAjwEGAEKACYCGwwWIQSYIjF1 +nHRnBl0M6bKn3QcIi0775gUCYp7C3AUJJG4hIwAKCRCn3QcIi0775nmYD/sEI0T4 ++MHIt5EzL+vBAzAbd23U2oF9KrJP49xmrLlm7qC6ghfuUVqoKwWyE24g8T4N3cxE +xQWTZ8drqvE2E2tyKqVMjJ5PfiZjK/3WOOIq9YZHpNKljv9KaAAf5alpvMxn6IBj +ZUhs775JcGWWngilBN9i3OEVFcQG9tFtfKqcYf8oRLPQlqhrH0pKOymFdqdL+NFX +G/M2LquGrvyDwnT2Cyy4p4sw639BUyA4k1hESgK9KVZTrmJPYU8hCD7kcSOY25UT +zDERLlXUsnGU9WHm/4aZ4TCs2h2qm29jHeWjfw0U/O8f4K5MV7WcJ0ZywdOk7SSf +jOKUetPH01l22I6JXiH0jLlBU5uA/zAxd8aPpvcYcWm2Ti+mkpIB6/XWbjnPoYHh +JmH8r9Pih1Z4dVR7qri/mdcsTZsKzLPuD6AITafJYuRCItCbMerhvGCwBaaR0oHS +AdpSzwKk8mrLd4BQUSM5a3E010dDeKGL4TA5ttfZJuSe7RXbi4RdDd98XHKEiU3n +N1ethSQNvEyrh0uA1U3FZvPMcbfYZa8zO85Nz9h/TGUNfmp5CyrZUHZLmvvGTOch +lUjaIhAGBVJQR/y7+4aC3zzkyzbKyLOL3hCk0xie4LLbfTQ5BtT4+GqEAtzwRQqZ +RgwnCPfIai7lLNx95bdwB8U2NpY11OXsoTLZAA== +=UWTf +-----END PGP PUBLIC KEY BLOCK----- From 921fc9566814bc21256e4655ab33a75501b0448e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 14 Jul 2023 14:35:51 -0400 Subject: [PATCH 104/125] Fix logic --- salt/elasticfleet/enabled.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/elasticfleet/enabled.sls b/salt/elasticfleet/enabled.sls index e01f192d0..82de4cdef 100644 --- a/salt/elasticfleet/enabled.sls +++ b/salt/elasticfleet/enabled.sls @@ -77,8 +77,8 @@ so-elastic-fleet: - FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager }}:9200 - FLEET_SERVER_SERVICE_TOKEN={{ SERVICETOKEN }} - FLEET_SERVER_POLICY_ID=FleetServer_{{ GLOBALS.hostname }} - - FLEET_SERVER_CERT=/etc/pki/elasticfleet.crt - - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet.key + - FLEET_SERVER_CERT=/etc/pki/elasticfleet-server.crt + - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet-server.key {% if GLOBALS.os_family == 'Debian' %} - FLEET_CA=/etc/ssl/certs/intca.crt - FLEET_SERVER_ELASTICSEARCH_CA=/etc/ssl/certs/intca.crt From 894e009b951e8a9f6b8d26b8f09b0c1cfca5a045 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 10:34:14 -0400 Subject: [PATCH 105/125] fix other OS installs --- salt/common/tools/sbin/so-common | 2 +- setup/so-functions | 21 ++++----------------- 2 files changed, 5 insertions(+), 18 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 70bd94320..708becb2a 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -199,7 +199,7 @@ get_random_value() { } gpg_rpm_import() { - if [[ $is_rpm ]]; then + if [[ $is_supported ]]; then if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then local RPMKEYSLOC="../salt/repo/client/files/$OS/keys" else diff --git a/setup/so-functions b/setup/so-functions index ef62ca5a5..425e84455 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1953,6 +1953,7 @@ securityonion_repo() { } repo_sync_local() { + info "Repo Sync" if [[ $is_supported ]]; then # Sync the repo from the the SO repo locally. # Check for reposync @@ -2392,25 +2393,11 @@ update_sudoers_for_testing() { } update_packages() { - if [[ $is_rpm ]]; then + if [[ $is_oracle ]]; then logCmd "dnf repolist" logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" - if [[ $is_rocky ]]; then - RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo") - info "Removing repo files added by rocky-repos package update" - fi - if [[ $is_centos ]]; then - RMREPOFILES=("centos-addons.repo" "centos-devel.repo" "centos-extras.repo" "centos.repo") - info "Removing repo files added by centos-repos package update" - fi - if [[ $is_rhel ]]; then - RMREPOFILES=("redhat-addons.repo" "redhat-devel.repo" "redhat-extras.repo" "redhat.repo") - info "Removing repo files added by redhat-repos package update" - fi - if [[ $is_oracle ]]; then - RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo") - info "Removing repo files added by oracle-repos package update" - fi + RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo") + info "Removing repo files added by oracle-repos package update" for FILE in ${RMREPOFILES[@]}; do logCmd "rm -f /etc/yum.repos.d/$FILE" done From 71cbab8fcc63e80cd41bfdd93ac508a2ac728bbf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 10:47:24 -0400 Subject: [PATCH 106/125] fix other OS installs --- setup/so-functions | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 425e84455..bb28dec88 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -951,6 +951,7 @@ detect_os() { is_rocky=true is_rpm=true not_supported=true + unset is_supported elif grep -q "CentOS Stream release 9" /etc/redhat-release; then OS=centos OSVER=9 @@ -978,7 +979,7 @@ detect_os() { UBVER=20.04 OS=ubuntu is_ubuntu=true - is_supported=true + not_supported=true elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then OSVER=jammy UBVER=22.04 @@ -2401,7 +2402,7 @@ update_packages() { for FILE in ${RMREPOFILES[@]}; do logCmd "rm -f /etc/yum.repos.d/$FILE" done - else + elif [[ $is_deb ]]; then info "Running apt-get update" retry 150 10 "apt-get -y update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup info "Running apt-get upgrade" From bffd24e0d598410f69eab2d7c75e7b0159cd13ba Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 10:55:04 -0400 Subject: [PATCH 107/125] fix other OS installs --- salt/common/tools/sbin/so-common | 10 +++------- setup/so-functions | 12 +++++++----- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 708becb2a..c98f3e1fc 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -199,18 +199,14 @@ get_random_value() { } gpg_rpm_import() { - if [[ $is_supported ]]; then + if [[ $is_oracle ]]; then if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then local RPMKEYSLOC="../salt/repo/client/files/$OS/keys" else local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys" fi - if [[ $is_rocky ]]; then - RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub') - else - RPMKEYS=('RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY') - fi - for RPMKEY in "${RPMKEYS[@]}"; do + RPMKEYS=('RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY') + for RPMKEY in "${RPMKEYS[@]}"; do rpm --import $RPMKEYSLOC/$RPMKEY echo "Imported $RPMKEY" done diff --git a/setup/so-functions b/setup/so-functions index bb28dec88..329ece466 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1924,7 +1924,7 @@ remove_package() { securityonion_repo() { # Remove all the current repos - if [[ $is_supported ]]; then + if [[ $is_oracle ]]; then logCmd "dnf -v clean all" logCmd "mkdir -vp /root/oldrepos" logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/" @@ -1942,11 +1942,13 @@ securityonion_repo() { echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo fi - logCmd "dnf repolist all" - if [[ $waitforstate ]]; then - if [[ ! $is_airgap ]]; then + fi + logCmd "dnf repolist all" + if [[ $waitforstate ]]; then + if [[ ! $is_airgap ]]; then + if [[ $is_rpm ]]; then # Build the repo locally so we can use it - echo "Syncing Repo" + echo "Syncing Repos" repo_sync_local fi fi From f0f8513370fd0d45cbba9a3912bfd03f46bda9fb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 11:02:34 -0400 Subject: [PATCH 108/125] fix other OS installs --- setup/so-functions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 329ece466..d8dd181b1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2002,6 +2002,8 @@ repo_sync_local() { dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo fi + dnf config-manager --set-enabled crb + dnf repolist else echo "Not sure how you got here." exit 1 From abe0a9ec27fa4f442d39d54edf4eea7b8b118877 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 11:03:28 -0400 Subject: [PATCH 109/125] fix other OS installs --- setup/so-functions | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index d8dd181b1..491d9e631 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2002,8 +2002,10 @@ repo_sync_local() { dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo fi - dnf config-manager --set-enabled crb - dnf repolist + if [[ $is_rocky ]]; then + dnf config-manager --set-enabled crb + dnf repolist + fi else echo "Not sure how you got here." exit 1 From 38c7ea08014fb1beb38cdaa8bba898f8dab0e874 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 13:44:02 -0400 Subject: [PATCH 110/125] fix other OS installs --- setup/so-functions | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 491d9e631..c62322cc1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -958,6 +958,7 @@ detect_os() { is_centos=true is_rpm=true not_supported=true + unset is_supported elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then if [ -f /etc/oracle-release ]; then OS=oracle @@ -971,6 +972,7 @@ detect_os() { is_rhel=true is_rpm=true not_supported=true + unset is_supported fi fi elif [ -f /etc/os-release ]; then @@ -980,6 +982,7 @@ detect_os() { OS=ubuntu is_ubuntu=true not_supported=true + unset is_supported elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then OSVER=jammy UBVER=22.04 @@ -987,6 +990,7 @@ detect_os() { is_ubuntu=true is_deb=true not_supported=true + unset is_supported elif grep -q "VERSION_CODENAME=bookworm" /etc/os-release; then OSVER=bookworm DEBVER=12 @@ -994,6 +998,7 @@ detect_os() { OS=debian is_deb=true not_supported=true + unset is_supported fi installer_prereq_packages From 8d6c2600c97e66f20cdb42d1da40929875d3daca Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 13:49:08 -0400 Subject: [PATCH 111/125] fix other OS installs --- setup/so-functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index c62322cc1..d8c86eda5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1948,7 +1948,7 @@ securityonion_repo() { echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo fi fi - logCmd "dnf repolist all" + if [[ $is_rpm ]]; then logCmd "dnf repolist all"; fi if [[ $waitforstate ]]; then if [[ ! $is_airgap ]]; then if [[ $is_rpm ]]; then @@ -2019,6 +2019,7 @@ repo_sync_local() { } saltify() { + info "Installing Salt" SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //') if [[ $is_deb ]]; then From 7fad710ca1d377d0f3ccbae0d016b8901d0151ea Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 13:51:01 -0400 Subject: [PATCH 112/125] fix other OS installs --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index d8c86eda5..c80df2347 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -981,6 +981,7 @@ detect_os() { UBVER=20.04 OS=ubuntu is_ubuntu=true + is_deb=true not_supported=true unset is_supported elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then From fe5ca3a0c8defeca2aa87682881c16d0ed1e3cef Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 17 Jul 2023 13:51:14 -0400 Subject: [PATCH 113/125] set palette after detecting os and before whiptail --- setup/so-setup | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 6476e32d3..60d9505df 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -64,6 +64,10 @@ done # Let's see what OS we are dealing with here detect_os + +# Ubuntu/Debian whiptail pallete to make it look the same as CentOS and Rocky. +set_palette >> $setup_log 2>&1 + if [[ $not_supported ]]; then if (whiptail_unsupported_os_warning); then true @@ -255,9 +259,6 @@ local_sbin="$(pwd)/../salt/common/tools/sbin" manager_sbin="$(pwd)/../salt/manager/tools/sbin" export PATH=$PATH:$local_sbin:$manager_sbin -# Ubuntu/Debian whiptail pallete to make it look the same as CentOS and Rocky. -set_palette >> $setup_log 2>&1 - # Kernel messages can overwrite whiptail screen #812 # https://github.com/Security-Onion-Solutions/securityonion/issues/812 dmesg -D From 5d4186ac0737c95a9f956f2edb073dd945f6080c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 17 Jul 2023 15:56:29 -0400 Subject: [PATCH 114/125] different whiptail warning if ubuntu 20.04 --- salt/common/tools/sbin/so-common | 2 +- setup/so-setup | 17 +++++++++++++---- setup/so-whiptail | 22 ++++++++++++++++++++++ 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index c98f3e1fc..f5283c356 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -417,7 +417,7 @@ set_minionid() { } set_palette() { - if [[ $is_ubuntu ]]; then + if [[ $is_deb ]]; then update-alternatives --set newt-palette /etc/newt/palette.original fi } diff --git a/setup/so-setup b/setup/so-setup index 60d9505df..b696b6f7b 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -69,11 +69,20 @@ detect_os set_palette >> $setup_log 2>&1 if [[ $not_supported ]]; then - if (whiptail_unsupported_os_warning); then - true + if [[ "$OSVER" == "focal" ]]; then + if (whiptail_focal_warning); then + true + else + info "User cancelled setup." + whiptail_cancel + fi else - info "User cancelled setup." - whiptail_cancel + if (whiptail_unsupported_os_warning); then + true + else + info "User cancelled setup." + whiptail_cancel + fi fi fi diff --git a/setup/so-whiptail b/setup/so-whiptail index 56414f43d..6e35b6c90 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -455,6 +455,28 @@ __append_end_msg() { EOM } +whiptail_focal_warning() { + + [ -n "$TESTING" ] && return + + read -r -d '' focal_warning_continue <<- EOM + + WARNING: Ubuntu 20.04 is only supported as a minion role. + + This node may not install or operate as expected if installed + as a manager, managersearch, standalone, eval, or import. + + Would you like to continue the install? + + EOM + whiptail --title "$whiptail_title" \ + --yesno "$focal_warning_continue" 14 75 --defaultno + + local exitstatus=$? + return $exitstatus + +} + whiptail_gauge_post_setup() { if [ -n "$TESTING" ]; then From 01234f87f9c91bceb1d910121ca11c2213594693 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 16:20:32 -0400 Subject: [PATCH 115/125] fix other OS installs --- setup/so-functions | 1 - 1 file changed, 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index c80df2347..5cb0085a4 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2040,7 +2040,6 @@ saltify() { retry 150 20 "apt-get -y install ${pkg_arr[*]}" || fail_setup logCmd "mkdir -vp /etc/apt/keyrings" - #logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub" logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg" if [[ $is_ubuntu ]]; then From f4c3103f84ce2c3927c22c4aaac5e5044ee5bffb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 16:24:51 -0400 Subject: [PATCH 116/125] fix other OS installs --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 5cb0085a4..a5d165a03 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2025,7 +2025,7 @@ saltify() { if [[ $is_deb ]]; then DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || fail_setup - #update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10 + if [ $OSVER == "focal" ]; then update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10; fi local pkg_arr=( 'apache2-utils' 'ca-certificates' From 49c4edbcbee0d9c26a95d38038b2d072b9485b2c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 16:33:47 -0400 Subject: [PATCH 117/125] fix other OS installs --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index a5d165a03..a766fa013 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2355,6 +2355,7 @@ set_management_interface() { if [ "$address_type" = 'DHCP' ]; then logCmd "nmcli con mod $MNIC connection.autoconnect yes" logCmd "nmcli con up $MNIC" + logCmd "nmcli -p connection show $MNIC" else # Set Static IP nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\ From b1daa22dfc0220903c4f2861bb9a072455239737 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 16:40:35 -0400 Subject: [PATCH 118/125] fix other OS installs --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index a766fa013..176bb30b8 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1051,7 +1051,7 @@ installer_prereq_packages() { # Install network manager so we can do interface stuff if ! command -v nmcli > /dev/null 2>&1; then info "Installing network-manager" - retry 150 10 "apt-get -y install network-manager" >> "$setup_log" 2>&1 || fail_setup + retry 150 10 "apt-get -y install network-manager ethtool" >> "$setup_log" 2>&1 || fail_setup { systemctl enable NetworkManager systemctl start NetworkManager From 9ad7303cf2478d232c2f24efce199f169b234ad6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 17 Jul 2023 16:44:55 -0400 Subject: [PATCH 119/125] fix other OS installs --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 176bb30b8..3a8f267a2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1602,7 +1602,7 @@ network_init() { title "Initializing Network" disable_ipv6 set_hostname - if [[ ( $is_iso || $is_desktop_iso ) ]]; then + if [[ ( $is_iso || $is_desktop_iso || $is_debian ) ]]; then set_management_interface fi } From dc8aa4d9236750210e30dee6fd0ed0807144d88f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 18 Jul 2023 11:53:55 -0400 Subject: [PATCH 120/125] fix other OS installs --- setup/so-functions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/setup/so-functions b/setup/so-functions index 3a8f267a2..c1b02e37c 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1052,6 +1052,8 @@ installer_prereq_packages() { if ! command -v nmcli > /dev/null 2>&1; then info "Installing network-manager" retry 150 10 "apt-get -y install network-manager ethtool" >> "$setup_log" 2>&1 || fail_setup + if [[ $is_debian ]]; then + logcmd "sed -i 's/managed=false/managed=true/g' /etc/NetworkManager/NetworkManager.conf" { systemctl enable NetworkManager systemctl start NetworkManager From 5e4613896154500f2c64405ffcd05ad5c410bf7a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 18 Jul 2023 11:55:51 -0400 Subject: [PATCH 121/125] fix other OS installs --- setup/so-functions | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index c1b02e37c..fb8fad2ee 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1053,11 +1053,11 @@ installer_prereq_packages() { info "Installing network-manager" retry 150 10 "apt-get -y install network-manager ethtool" >> "$setup_log" 2>&1 || fail_setup if [[ $is_debian ]]; then + info "Enabling network manager for the main interface" logcmd "sed -i 's/managed=false/managed=true/g' /etc/NetworkManager/NetworkManager.conf" - { - systemctl enable NetworkManager - systemctl start NetworkManager - } >> "$setup_log" 2<&1 + fi + logcmd systemctl enable NetworkManager + logcmd systemctl start NetworkManager fi if ! command -v curl > /dev/null 2>&1; then retry 150 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || fail_setup From f95757c5516289c740f8b96888630a40f836c435 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 18 Jul 2023 11:58:49 -0400 Subject: [PATCH 122/125] fix other OS installs --- setup/so-functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index fb8fad2ee..fd3e59dff 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1054,10 +1054,10 @@ installer_prereq_packages() { retry 150 10 "apt-get -y install network-manager ethtool" >> "$setup_log" 2>&1 || fail_setup if [[ $is_debian ]]; then info "Enabling network manager for the main interface" - logcmd "sed -i 's/managed=false/managed=true/g' /etc/NetworkManager/NetworkManager.conf" + logCmd "sed -i 's/managed=false/managed=true/g' /etc/NetworkManager/NetworkManager.conf" fi - logcmd systemctl enable NetworkManager - logcmd systemctl start NetworkManager + logCmd systemctl enable NetworkManager + logCmd systemctl start NetworkManager fi if ! command -v curl > /dev/null 2>&1; then retry 150 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || fail_setup From 737da45e7f5ce95c8bd17c314cbc0f2c0a69bbe1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 18 Jul 2023 14:02:13 -0400 Subject: [PATCH 123/125] fix other OS installs --- salt/mysql/config.sls | 6 ------ 1 file changed, 6 deletions(-) diff --git a/salt/mysql/config.sls b/salt/mysql/config.sls index 53f0a1318..5f9010011 100644 --- a/salt/mysql/config.sls +++ b/salt/mysql/config.sls @@ -13,13 +13,7 @@ mysqlpkgs: - skip_suggestions: False - pkgs: {% if grains['os_family'] != 'RedHat' %} - {% if grains['oscodename'] == 'bionic' %} - python3-mysqldb - {% elif grains['oscodename'] == 'focal' %} - - python3-mysqldb - {% elif grains['oscodename'] == 'jammy' %} - - python3-mysqldb - {% endif %} {% else %} - python3-mysqlclient {% endif %} From c94436fcbd779f2f7716b873b5a90d94889a34fd Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 18 Jul 2023 15:19:10 -0400 Subject: [PATCH 124/125] fix other OS installs --- salt/common/tools/sbin/so-common | 3 +++ setup/so-functions | 1 + 2 files changed, 4 insertions(+) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index f5283c356..dde95f366 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -210,6 +210,9 @@ gpg_rpm_import() { rpm --import $RPMKEYSLOC/$RPMKEY echo "Imported $RPMKEY" done + else + info "Importing the security onion GPG key" + rpm --import ../salt/repo/client/files/oracle/keys/securityonion.pub fi } diff --git a/setup/so-functions b/setup/so-functions index fd3e59dff..5808026ac 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2002,6 +2002,7 @@ repo_sync_local() { if [[ $is_rpm ]]; then dnf -y install epel-release dnf install -y yum-utils device-mapper-persistent-data lvm2 + curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub if [[ $is_rhel ]]; then dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo From 23cc75c68dd897d37ba2a6d25b6110275394b4de Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 18 Jul 2023 10:48:42 -0400 Subject: [PATCH 125/125] upgrade registry version --- salt/registry/enabled.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/registry/enabled.sls b/salt/registry/enabled.sls index 4d9867676..9ea3ad1df 100644 --- a/salt/registry/enabled.sls +++ b/salt/registry/enabled.sls @@ -14,7 +14,7 @@ include: # Install the registry container so-dockerregistry: docker_container.running: - - image: ghcr.io/security-onion-solutions/registry:latest + - image: ghcr.io/security-onion-solutions/registry:2.8.2 - hostname: so-registry - networks: - sobridge: