Merge remote-tracking branch 'origin/2.4/dev' into 2.4/mysql

salt/_modules/needs_restarting.py

@@ -10,6 +10,14 @@ def check():
     if path.exists('/var/run/reboot-required'):
       retval = 'True'
 
+  elif os == 'CentOS Stream':
+    cmd = 'needs-restarting -r > /dev/null 2>&1'
+    
+    try:
+      needs_restarting = subprocess.check_call(cmd, shell=True)
+    except subprocess.CalledProcessError:
+      retval = 'True'
+
   elif os == 'Rocky':
     cmd = 'needs-restarting -r > /dev/null 2>&1'
     

salt/common/init.sls

@@ -195,7 +195,7 @@ soversionfile:
 {% endif %}
 
 {% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
-  {% if GLOBALS.os == 'Rocky' %}     
+  {% if GLOBALS.os == 'OEL' %}     
 # Install Raid tools
 raidpkgs:
   pkg.installed:
@@ -218,7 +218,6 @@ so-raid-status:
     - dayweek: '*'
 
   {% endif %}
-
 {% else %}
 
 {{sls}}_state_not_allowed:

salt/common/packages.sls

@@ -1,6 +1,6 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 
-{% if GLOBALS.os == 'Ubuntu' %}
+{% if GLOBALS.os_family == 'Debian' %}
 commonpkgs:
   pkg.installed:
     - skip_suggestions: True
@@ -14,16 +14,24 @@ commonpkgs:
       - software-properties-common
       - apt-transport-https
       - openssl
-      - netcat
+      - netcat-openbsd
       - sqlite3
       - libssl-dev
       - python3-dateutil
+      - python3-docker
       - python3-packaging
       - python3-watchdog
       - python3-lxml
       - git
+      - rsync
       - vim
+      - tar
+      - unzip
+      {% if grains.oscodename != 'focal' %}
+      - python3-rich
+      {% endif %}
 
+{%     if grains.oscodename == 'focal' %}
 # since Ubuntu requires and internet connection we can use pip to install modules
 python3-pip:
   pkg.installed
@@ -34,9 +42,10 @@ python-rich:
     - target: /usr/local/lib/python3.8/dist-packages/
     - require:
       - pkg: python3-pip
+{%     endif %}
+{% endif %}
 
-
+{% if GLOBALS.os_family == 'RedHat' %}
-{% elif GLOBALS.os == 'Rocky' %}     
 commonpkgs:
   pkg.installed:
     - skip_suggestions: True
@@ -48,7 +57,11 @@ commonpkgs:
       - net-tools
       - curl
       - sqlite
+      {% if GLOBALS.os == 'CentOS Stream' %}
+      - MariaDB-devel
+      {% else %}
       - mariadb-devel
+      {% endif %}
       - python3-dnf-plugin-versionlock
       - nmap-ncat
       - yum-utils
@@ -64,4 +77,8 @@ commonpkgs:
       - python3-watchdog
       - python3-packaging
       - unzip
+      - fuse
+      - fuse-libs
+      - fuse-overlayfs
+      - fuse-common
 {% endif %}

salt/common/tools/sbin/so-common

@@ -199,19 +199,20 @@ get_random_value() {
 }
 
 gpg_rpm_import() {
-	if [[ "$OS" == "rocky" ]]; then
+	if [[ $is_oracle ]]; then
 	    if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then
-	        local RPMKEYSLOC="../salt/repo/client/files/rocky/keys"
+	        local RPMKEYSLOC="../salt/repo/client/files/$OS/keys"
 	    else
-	        local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/rocky/keys"
+	        local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys"
 	    fi
-	
+		RPMKEYS=('RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY')
-	    RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub')
-
 		for RPMKEY in "${RPMKEYS[@]}"; do
     	        rpm --import $RPMKEYSLOC/$RPMKEY
 	        echo "Imported $RPMKEY"
 	    done
+	else
+		info "Importing the security onion GPG key"
+		rpm --import ../salt/repo/client/files/oracle/keys/securityonion.pub
 	fi
 }
 
@@ -395,19 +396,22 @@ salt_minion_count() {
 
 }
 
-set_cron_service_name() {
-	if [[ "$OS" == "rocky" ]]; then
-		cron_service_name="crond"
-	else
-		cron_service_name="cron"
-	fi
-}
-
 set_os() {
 	if [ -f /etc/redhat-release ]; then
+		if grep -q "Rocky Linux release 9" /etc/redhat-release; then
 			OS=rocky
+			OSVER=9
+			is_rocky=true
+		elif grep -q "CentOS Stream release 9" /etc/redhat-release; then
+			OS=centos
+			OSVER=9
+			is_centos=true
+		fi
+		cron_service_name="crond"
 	else
 		OS=ubuntu
+		is_ubuntu=true
+		cron_service_name="cron"
 	fi
 }
 
@@ -416,7 +420,7 @@ set_minionid() {
 }
 
 set_palette() {
-	if [ "$OS" == ubuntu ]; then
+	if [[ $is_deb ]]; then
 	    update-alternatives --set newt-palette /etc/newt/palette.original
     fi
 }

salt/desktop/trusted-ca.sls

@@ -27,6 +27,32 @@ update_ca_certs:
     - onchanges:
       - x509: trusted_ca
 
+{% elif GLOBALS.os == 'CentOS Stream' %}
+
+  {% set global_ca_text = [] %}
+  {% set global_ca_server = [] %}
+  {% set manager = GLOBALS.manager %}
+  {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
+    {% for host in x509dict %}
+      {% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import', 'eval'] %}
+        {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
+        {% do global_ca_server.append(host) %}
+      {% endif %}
+    {% endfor %}
+  {% set trusttheca_text = global_ca_text[0] %}
+  {% set ca_server = global_ca_server[0] %}
+
+trusted_ca:
+  x509.pem_managed:
+    - name: /etc/pki/ca-trust/source/anchors/ca.crt
+    - text:  {{ trusttheca_text }}
+
+update_ca_certs:
+  cmd.run:
+    - name: update-ca-trust
+    - onchanges:
+      - x509: trusted_ca
+
 {% else %}
 
 desktop_trusted-ca_os_fail:

salt/docker/init.sls

@@ -12,7 +12,28 @@ dockergroup:
     - name: docker
     - gid: 920
 
-{% if GLOBALS.os == 'Ubuntu' %}
+{% if GLOBALS.os_family == 'Debian' %}
+{%    if grains.oscodename == 'bookworm' %}
+dockerheldpackages:
+  pkg.installed:
+    - pkgs:
+      - containerd.io: 1.6.21-1
+      - docker-ce: 5:24.0.3-1~debian.12~bookworm
+      - docker-ce-cli: 5:24.0.3-1~debian.12~bookworm
+      - docker-ce-rootless-extras: 5:24.0.3-1~debian.12~bookworm
+    - hold: True
+    - update_holds: True
+{%    elif grains.oscodename == 'jammy' %}
+dockerheldpackages:
+  pkg.installed:
+    - pkgs:
+      - containerd.io: 1.6.21-1
+      - docker-ce: 5:24.0.2-1~ubuntu.22.04~jammy
+      - docker-ce-cli: 5:24.0.2-1~ubuntu.22.04~jammy
+      - docker-ce-rootless-extras: 5:24.0.2-1~ubuntu.22.04~jammy
+    - hold: True
+    - update_holds: True
+{%    else %}
 dockerheldpackages:
   pkg.installed:
     - pkgs:
@@ -22,14 +43,15 @@ dockerheldpackages:
       - docker-ce-rootless-extras: 5:20.10.5~3-0~ubuntu-focal
     - hold: True
     - update_holds: True
+{% endif %}
 {% else %}
 dockerheldpackages:
   pkg.installed:
     - pkgs:
       - containerd.io: 1.6.21-3.1.el9
-      - docker-ce: 24.0.2-1.el9
+      - docker-ce: 24.0.4-1.el9
-      - docker-ce-cli: 24.0.2-1.el9
+      - docker-ce-cli: 24.0.4-1.el9
-      - docker-ce-rootless-extras: 24.0.2-1.el9
+      - docker-ce-rootless-extras: 24.0.4-1.el9
     - hold: True
     - update_holds: True
 {% endif %}

salt/elasticfleet/enabled.sls

@@ -62,6 +62,9 @@ so-elastic-fleet:
       {% endfor %}
     - binds:
       - /etc/pki:/etc/pki:ro
+      {% if GLOBALS.os_family == 'Debian' %}
+      - /etc/ssl:/etc/ssl:ro
+      {% endif %}
       #- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw
      {% if DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
         {% for BIND in DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
@@ -70,14 +73,20 @@ so-elastic-fleet:
       {% endif %}      
     - environment:
       - FLEET_SERVER_ENABLE=true
-      - FLEET_URL=https://{{ GLOBALS.node_ip }}:8220
+      - FLEET_URL=https://{{ GLOBALS.hostname }}:8220
       - FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager }}:9200
       - FLEET_SERVER_SERVICE_TOKEN={{ SERVICETOKEN }}
       - FLEET_SERVER_POLICY_ID=FleetServer_{{ GLOBALS.hostname }}
-      - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt
       - FLEET_SERVER_CERT=/etc/pki/elasticfleet-server.crt
       - FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet-server.key
+      {% if GLOBALS.os_family == 'Debian' %}
+      - FLEET_CA=/etc/ssl/certs/intca.crt     
+      - FLEET_SERVER_ELASTICSEARCH_CA=/etc/ssl/certs/intca.crt
+      {% else %}
       - FLEET_CA=/etc/pki/tls/certs/intca.crt
+      - FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt
+
+      {% endif %}
       {% if DOCKER.containers['so-elastic-fleet'].extra_env %}
         {% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %}
       - {{ XTRAENV }}

salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup

@@ -6,6 +6,12 @@
 # this file except in compliance with the Elastic License 2.0.
 {% from 'vars/globals.map.jinja' import GLOBALS %}
 
+{% if GLOBALS.os_family == 'Debian' %}
+INTCA=/etc/ssl/certs/intca.crt
+{% else %}
+INTCA=/etc/pki/tls/certs/intca.crt
+{% endif %}
+
 . /usr/sbin/so-elastic-fleet-common
 
 printf "\n### Create ES Token ###\n"
@@ -13,7 +19,7 @@ ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5
 
 ### Create Outputs & Fleet URLs ###
 printf "\nAdd Manager Elasticsearch Output...\n"
-ESCACRT=$(openssl x509 -in  /etc/pki/tls/certs/intca.crt)
+ESCACRT=$(openssl x509 -in  $INTCA)
 JSON_STRING=$( jq -n \
                   --arg ESCACRT "$ESCACRT" \
                   '{"name":"so-manager_elasticsearch","id":"so-manager_elasticsearch","type":"elasticsearch","hosts":["https://{{ GLOBALS.manager_ip }}:9200","https://{{ GLOBALS.manager }}:9200"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate_authorities": [$ESCACRT]}}' )
@@ -22,9 +28,9 @@ printf "\n\n"
 
 printf "\nCreate Logstash Output Config if node is not an Import or Eval install\n"
 {% if grains.role not in ['so-import', 'so-eval'] %}
-LOGSTASHCRT=$(openssl x509 -in /etc/pki/elasticfleet-agent.crt)
+LOGSTASHCRT=$(openssl x509 -in /etc/pki/elasticfleet-logstash.crt)
-LOGSTASHKEY=$(openssl rsa -in  /etc/pki/elasticfleet-agent.key)
+LOGSTASHKEY=$(openssl rsa -in  /etc/pki/elasticfleet-logstash.key)
-LOGSTASHCA=$(openssl x509 -in  /etc/pki/tls/certs/intca.crt)
+LOGSTASHCA=$(openssl x509 -in  $INTCA)
 JSON_STRING=$( jq -n \
                   --arg LOGSTASHCRT "$LOGSTASHCRT" \
                   --arg LOGSTASHKEY "$LOGSTASHKEY" \

salt/manager/tools/sbin/soup

@@ -651,7 +651,6 @@ main() {
   echo ""
 
   set_os
-  set_cron_service_name
   if ! check_salt_master_status; then
   	echo "Could not talk to salt master"
     echo "Please run 'systemctl status salt-master' to ensure the salt-master service is running and check the log at /opt/so/log/salt/master."

salt/mysql/config.sls

@@ -12,12 +12,8 @@ mysqlpkgs:
   pkg.installed:
     - skip_suggestions: False
     - pkgs:
-      {% if grains['os'] != 'Rocky' %}
+      {% if grains['os_family'] != 'RedHat' %}
-        {% if grains['oscodename'] == 'bionic' %}
       - python3-mysqldb
-        {% elif grains['oscodename'] == 'focal' %}
-      - python3-mysqldb
-        {% endif %}
       {% else %}
       - python3-mysqlclient
       {% endif %}

salt/ntp/init.sls

@@ -17,7 +17,7 @@ chronyconf:
     - defaults:
         NTPCONFIG: {{ NTPCONFIG }}
 
-{% if GLOBALS.os == 'Rocky' %}
+{% if GLOBALS.os_family == 'RedHat' %}
 chronyd:
 {% else %}
 chrony:

salt/registry/enabled.sls

@@ -14,7 +14,7 @@ include:
 # Install the registry container
 so-dockerregistry:
   docker_container.running:
-    - image: ghcr.io/security-onion-solutions/registry:latest
+    - image: ghcr.io/security-onion-solutions/registry:2.8.2
     - hostname: so-registry
     - networks:
       - sobridge:

salt/repo/client/centos.sls

@@ -1,78 +0,0 @@
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-{% from 'vars/globals.map.jinja' import GLOBALS %}
-{% from 'repo/client/map.jinja' import ABSENTFILES with context %}
-{% from 'repo/client/map.jinja' import REPOPATH with context %}
-
-{% if GLOBALS.os == 'CentOS' %}
-
-{% if ABSENTFILES|length > 0%}
-  {% for file in ABSENTFILES  %}
-{{ file }}:
-  file.absent:
-    - name: {{ REPOPATH }}{{ file }}
-    - onchanges_in:
-      - cmd: cleanyum
-  {% endfor %}
-{% endif %}
-
-cleanyum:
-  cmd.run:
-    - name: 'yum clean all'
-    - onchanges:
-      - so_repo
-      
-yumconf:
-  file.managed:
-    - name: /etc/yum.conf
-    - source: salt://repo/client/files/centos/yum.conf.jinja
-    - mode: 644
-    - template: jinja
-    - show_changes: False
-
-repair_yumdb:
-  cmd.run:
-    - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all'
-    - onlyif:
-      - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"'
-
-crsynckeys:
-  file.recurse:
-    - name: /etc/pki/rpm_gpg
-    - source: salt://repo/client/files/centos/keys/
-
-
-  {% if GLOBALS.role in GLOBALS.manager_roles %}
-so_repo:
-  pkgrepo.managed:
-    - name: securityonion
-    - humanname: Security Onion Repo
-    - baseurl: file:///nsm/repo/
-    - enabled: 1
-    - gpgcheck: 1
-
-  {% else %}
-so_repo:
-  pkgrepo.managed:
-    - name: securityonion
-    - humanname: Security Onion Repo
-    - baseurl: https://{{ GLOBALS.manager }}/repo
-    - enabled: 1
-    - gpgcheck: 1 
-
-  {% endif %}
-
-{% endif %}
-  
-# TODO: Add a pillar entry for custom repos
-
-
-
-
-
-
-
-

salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-7

@@ -1,29 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB
-OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm
-jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP
-vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM
-jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5
-S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ
-n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB
-9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95
-T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj
-GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf
-uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB
-tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB
-AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk
-5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q
-ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu
-MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re
-9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax
-CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv
-HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB
-VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q
-thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc
-ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4
-vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt
-RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw==
-=hdPa
------END PGP PUBLIC KEY BLOCK-----

salt/repo/client/files/centos/keys/SALTSTACK-GPG-KEY.pub

@@ -1,31 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2
-
-mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9
-m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW
-tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw
-WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts
-kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA
-gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr
-YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT
-qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q
-WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1
-yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o
-nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU
-4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA
-/NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q
-9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb
-9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx
-uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ
-zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr
-GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E
-PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ
-AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK
-WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4
-vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f
-T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N
-1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx
-fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS
-MA==
-=dtMN
------END PGP PUBLIC KEY BLOCK-----

salt/repo/client/files/centos/securityonionlocal.repo

@@ -1,8 +0,0 @@
-[solocal]
-name=Security Onion Repo
-baseurl=file:///nsm/repo/
-enabled=1
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-

salt/repo/client/files/centos/yum.conf.jinja

@@ -1,17 +0,0 @@
-{% set proxy = salt['pillar.get']('manager:proxy') -%}
-[main]
-cachedir=/var/cache/yum/$basearch/$releasever
-keepcache=0
-debuglevel=2
-logfile=/var/log/yum.log
-exactarch=1
-obsoletes=1
-gpgcheck=1
-plugins=1
-installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
-bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
-distroverpkg=centos-release
-clean_requirements_on_remove=1
-{% if proxy -%}
-proxy={{ proxy }}
-{% endif %}

salt/repo/client/files/oracle/keys/MariaDB-Server-GPG-KEY

@@ -0,0 +1,236 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.14 (GNU/Linux)
+
+mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis
+497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM
+LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8
+p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn
+U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb
+XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j
+zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx
+cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H
+48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ
+YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu
+b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
+CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3
+kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I
+9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3
+P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb
+Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF
+iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl
+sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0
+u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2
+YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b
+GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ
+7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD
+EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb
+LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk
+Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3
+d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo
+8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr
+q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6
+4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI
+UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl
+J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B
+TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF
+F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6
++Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR
+tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYKJAhwEEwEIAAYF
+AlOoWhYACgkQJhw1C503mSxeqRAApW8UY3vvyKqjoqJu94RIyI7AIkwn4Vw5LxDS
+gN623ghE2IIwF2Ytp9fMXID8BRZVjnESTrTvuBFp8GT4T1lUEv6zC8tMzZdO9BeU
+pmT9odeen0h92GKgUfRwWTjViJHSDrV8wHcHhA8FX3mEVy17s7Nvvj2Ki3AIG6WW
+LzZOSmbQJV+DaHXionQqecsVousCgwwuWWNqKXSJASzcOS1LRoVJDnZyGXmi1thX
+thU0FcyLyaKjLfCP6ZoorGaxcEev6nxUUWAfO7MWVUTB6ij2PL/d6oRgbyOUsdne
+NRBa6sblLDRivI38KKC5GCw7Eh4yoQJzG2r3QQBgJto/bDoUMJW+EFeM2qgcISCD
+6eGrVy9ZHVBOPgBS8awEAvaR5/Gy/kn6YYUg5ReC8O+HCWDIxVrbrwyeCxHg+HUI
+mgtVfyZfLnpBzp0p1jSAlC3N7KWviPt+/MQmW0a7+WMnbVxJiJmJQHuFoGcHFFM8
+wOA8i1KUXzWgT+IYOw9/nw2qyHMwV3BO/Py9OfRUKlybGar5rGBos7uFHk7pe+Yp
+7pdES5Ie83Zw7CHMDp8u7VeEJHSqxVd+jaeHl6nnuG1Hoo4AVLTm5ATbj1Zdq+td
+8sNWVyMue0nRvuAtTlN0iBkH/KVor6GGf2HZYXfDcGu7zojtNHlYXngBuz60YlDL
+oPeFaoeJAhwEEQEKAAYFAlOoUqcACgkQgHar3gJLs9HE1hAAxzxXG1jNu1ntjEkv
+M3js4j84rS+JI1XhR+7JalndjXAbHjwMlo/KOLhRtKYXdpkXpGmrE87FDdW8mci5
+nSahPMn/+vaEdVYyXqo1w0UvZChHxWnsE9FRgggOxTbCZae1P5LVSTB1XZcHZ7+9
+cG0cO43FCB20AMCOHcFr8j0F4HYi+KllI3kawdV8l6qCy6q06z47v0C+ZxoFcdYj
+KLYxymaBn+FE9GKEHJZiqMljiKzt41OGpkg3S1vtXl0zqUKfiebo3ZcVMF3xtio8
+NVpHIQSsqg8Q7zZrLBkPTQw0smCdUFxYMjBOVSZ15z7tFCQMYuHThrf2j2wZv++F
+cgt9C/6wbGalCNDuOU/dyfyiO95GPQf1nqq2N2vHGIaGMvbqS8oahprEJ3nXEisT
+TJ+ofh1f+GX4QCO4mjtR1voqKbg9xkMl9Ap/fEgW3btZ1kuhegpekPDgGhGVwJ9V
+N3w1XVOSUdFmKtArHvBrb6cfV6VHiOuYcPWkTwGckJOwNJhgyUPsjGWwrIp6L0+G
+4emipfYoIDtFouSjkVF4eXJcr/taguuICj/pn7rsFdYlij5lbcxGVC+aPTcJrdY8
+v7Zyv2wOcTIrU//7PGPLJI1cdT7gQUYlzVnAJGxhq9CLPZlNJRy9pLDTPxvVXQRz
+jQxx6RX1pAUPDWJQ2wfmaEHAz0WJAhwEEwECAAYFAlOnjksACgkQDj2OcPh1SrYd
+tQ/+LOsCj8V0oOzbiTHREBrjr3S7u/58HRD/8zec61rc4FoCp3Fa+3kmhFDIajLj
+VeRtsSSaOr0u6cue30QsGeHE2cbGPNWIqXV3V80I57O3yXRL2DU4GmDLNIF2/ejy
+wCSvbHgONEXC4UVPtamHWGqh4sh2ijyJqUx3I0/6afBFn4BVfcsAjNrRe/GwD80/
+ETkfSui4flyZ330sjqM/N2Hp/YwsOTXKXfAThcjb+qZ2BRVnmpldeK593+dFvFG1
+FUK3kC8VFqS49fxgxR/Zo7jNEbrltzjzdRb6BBY86tqwbcnrja8MJHA2MpGtGckV
+9/K/LE2jVJN+qeyLN/EoM86Sd+WIQtVY3oxAYwiVGng83t+CI6NPazVMLIQlciwI
+lAY+DAGNz+mUTeKwCv7F8sOX91v6PHaB0csvk1I2Is3qwv8zlgnhKdl2R6PzQbsU
+Ix1+rvsJ99no75GJeVY/D9YzBJ4a0i0Uu7QF/k8F690qDvSTwx71unxX+0PmJqNu
+2sCVQNgLFt7Qtj9+l1pzulzWlZBSDhIBs5mT0jscwjRykDgfngiWDOymfdMG8eSZ
+GAK10j+F883uyWlEEFOdA/DBOV3d3Jcm935of4dT1GUmKeoAKixHMkiNT3RvGHlm
+fEjMq0vdf6inZva0PTzJSkhooMWYBuROHRMZs9PjrdXRHBeIRgQSEQIABgUCU6iz
++gAKCRAcAAgvMZOT9D2+AJ9aAZIbjN/m2Jjaojkxg9L5aBWBPQCeJIMpW1iiDELi
+byKoVnd08EbgxJqIXgQSEQgABgUCU6iz4wAKCRBWtwXK6VQruLL/AQCbgU3t/mfh
+bMQjuvE2DsE3qXiEVMEbXnxlCiodiMF4UgEAgPIAQcV+Jo+D+p0nHrVl2ClAhhpz
+W/zuJqtJ24C20ZqJAhwEEAECAAYFAlOocMMACgkQyapz7WGq1jsRNg/+NH09e7g1
+CuPVa/1cBRoiprBvWXmy734MpkzW4kyVMZjBCQXBCrJFvZgvhQhYrR8jXmj+ZJEr
+kfX3UHimyhWbBnu+XqIWzWwEtg7bggQN3eFyNcIV/KI9rK7IBQO92AptpTusIdgA
+DQTFlJO06pF4kE89ZjBALQFbKDY1EJX3hyQEYixOzO4936xbwxoiJKR2J71ZGele
+xXauhz2kpOd2jg/oMhhAOzldFaWAUBQJZPwl4vZrqVjNcMUNeINGd7++kkfBLfxL
+xHJ8ynnXWHalsHVzdDRaFqp1Bna8RwrHnDd4Hwd/4Qv7iVZqmLLqEJpIgS1IDMx/
+BwkrCOD0gluwmxlm3PbbeUKeR/cj6CICFt9TgUJrYm9Vh7n0y8uHKY6PE5J4NX9l
+D75eoPk2SuYTNgAR4iuI5MYQIKWL7aeKh09piPgrIrja8eDQ5AsklBaDYxOYZrot
+Xx+sgGXGSLK3eyvZ+hJ8hBX38mydYpswzhvr/vAyKz8TQ6bwnRVlvkMYE+LjevOD
+Wm9+EfkvBRChJcgDoycoHIFVaQ47Hgu2eGyCRNoMZ3l6O1O4AN5+RXrAJAi06zFs
+RUnBLqxjSMmYqPYUowAxG0ukougc2HVCl1kMD9NxvK5zOfleUA8wWb5O9Z5tllnD
+qu7RtIVXAXIJgn2HRDVk+wP8xuY2qJlfo1yJAhwEEAECAAYFAlOpb/EACgkQKPqA
+GkO91jd+Dg/+NF4QwqLvxgl2TiORDt5HjWHSGMBlaYFBEwrBAgNvwZEH80mAsua6
+FnfZMSGiFmpVfMUqkjOJVdmA8yERxYFsyGopv/9OmOT2UxV4IZl5YYAJRsPHLjzV
+MIUKiGPI1yvrhYW91hKRFGIxwqE7XHwWToufwHe5WB6AdeGyoIHtQcw0eTKSJHz2
+zbpyWKBx0wAK55YqMEQ2rx9qcOjZy3vjxlotwfGnBeR4VT6Oap1DvAkNZ4XcN0Ok
+AKZbFBEMbJed9fnciwDV+Y/svPb05l+zSgmqJ6axhwSvu7rct+dksfmb0BnF03kh
+SzNVlu0S/85mhEPgx1/BZxIp34RDbcqWymHsgPyhxwBBlFryfVvJrtyAMWs4T8mn
+RkqKrNQHMfPOTBioxi2HOyG2eSK8BlQsJS5yccnYaBnSegWaIxkU+2l/yJkYMhl5
+sXdlmqcTtwv+R+acDkEPe9BQstn0+xOWL6hqpA0EM710LJCkQnB4c/JNgW5CL08k
+CevBVole5jYJL5rXmUL0U+ZWGZMakFrrrkhuQMEjxecyuOHs4jrnsVVGz/e0hqWv
+0NnRY9m5UyKEZIA1si8tFIrtrTSgZ5/sGH9/pksQ2HObrKe4LY6zVSyJLXwX1htQ
+/j0st83YkDZ5mEY0r+Hh/1XOzhWgQ0ONR/MOIKNyjVTHldCrb4WPM4mJAZwEEAEC
+AAYFAlOo8v0ACgkQrgrV97KweO9sfgv+NKYxgCiWrRjYW80hJE74OEJrjBGQDOJ5
+MPVvPSH7StOfSMpckLoNWedJJ7RuInOzuUY0lAUH6/ql+Krf4ysHlSGjuu+dDy0d
+HN3gu994YrjT6hVzEG1OV+sJcTuvgn2qTVYu1ksIV/SZ48l0PRMwPXcu3FSzKvti
+G1gHFNx1cyzjxwmdT42afKCpR8RvwmWPfbDmEz500iFXsw78EEBXEWo81bXncWdZ
+Eic8QeVyTWKFldIrZLkL7+RQY3hViu0G5C7gSP39ZU4ZTegqMaEhHzuKtCiNO5Y2
++hkYZgRNnUOSrmWO+wkLUNRtG2Strx5Sy9p94fn/decfuRsEJo4L1aMCFGEDfRSD
+bc3pBG3tr9qvNBAegTTMQlZJcxa52Z7EI56rQGYEPw8kvt/uOqMYybUIxwVATgIt
+fRy9Jsyz+0DwZfEINkuEFA/S2KCwWys5aZfPDCsqwh0gS/olvT06v97loF8XED0P
+0irX4/6BHFHDlM8aNnN11p02p5lrTpLGuQQNBEtohLgQEAClnTC/GlBWVno4QVr1
+IFDl5yVEg6NeMqqRgaS8jH6NSaoJh86B8+LE4ZhLlDYrAc3PhcQ4g4DWTIKUCgAC
+A4QZTGPwLGdsGTXQhWj8kE42N2opg9nZg114gispcSZqLiLmErkB9kejKqxXlqrE
+aQZ5VSO79yjJEljotryIv5EG7GJG5Q9bKYaO0hIBHp9KI3x/+RGXL/L0uYw7wlw6
+l6J6otQU8roq7OEjgXScWQcmlk8M04ceX4aYBn5KpnGYiumQbKZ3fqFMrFbieWc3
+qSpzWAzB2fUv+78P4L+OExtNOyyqIxl7I/24WacwHeWzU1Xw7G9vFxMEbQzuDgCV
+99RAqlSs2EgGgLdHtRthDcJNlfVCn9MHNt9ECAaF1YFANAR3f8uX0bhBoKz0j7hb
+ryuQCvt7sjKUfJ8SL2hhCRcUgR5oCGIQ2YkGlwulqz/I0mgtrKrM+xD6VE2DeiYW
+e0+1miWQyLqitE2LGuBdXrib/TVg2OYEVOqynnA6raPRyZORs5ap2eWYY+DYSXW5
+95slzphZLWcWbphGk38HdBu0CdqvUJv4geWvSFpM5iFCn5cU36TVuuqz5K59rz+v
+Po3m2yb5bkaMcq8evbgVNrTa7cfiUio2U0GTNlkqHMCHERaInPBz9/a6kbm92mWs
+z9gJT5dOi1g9vlkRdB7aYP+tcwADBQ//R/UM4kh+cyuHWj/dEqoOryTu2W/YYQS/
+RUSeHy3Lh0xvwOizYzU5zgq/1AsHcNdxLj8vglbm8XRCBIDOrWvmgFPXNoxyoNLo
+5SUetZSLxoM23kQ9C4QZ0/b+JMN4Crivx4JisdELt6CV3JFmuZY19xk3r8b0r4lK
+OFZ9JZZIFEipv5TFxA0KnqLq29VLEJ8srVHg/iQD9ngKja/LAh9V8+Ed3mchY2XX
+KX07evTgYI1OPPCy/92FQYMUhWyCGB6Fm4vQFvuEO7K9nZKEAu6Znm3uZT9InaE6
+TeSU77ZsgkHSCq5SRaf/iDWHZOn1dVasjXHoZQHFFiTALi1ZqPNZ5ULmFwNUB2pg
+3QfQdWP8ISCsRaUJW/WEnQlgCyNfwKPVC5kHWLfh+MSSDJsyOjegJTkYJKI2a+1N
+5Sl7HJj/uIcB3KhkcVP59BLzhUxgoVPi1Ngf7mNNrrbJ8+GfrdNg+iutHJOobxol
+AudzObQ03lHmauJglCOvg+Pw9JLBZyT8a3xHm9v4Lr365cg0Ho4qqEbrFTRuqcIj
+G3c6FVLu/RJ8eOfT6KX8k5z96/3CbobkXGYRY6hjCJuZoPMd9z03UcxHONMQ0jt/
+Ik80WP0gOSnCTgTfKWuS5WXYoSZgMn1P2fLhQydDtJvrDn1SHEwgW1FM82lAlYJZ
+d+FZQCjhZ8KISQQYEQIACQUCS2iEuAIbDAAKCRDLywgqG7lD29OGAJ4gfMkLP5Az
+y7iIJOsZon3D/6PDPgCdGF1dwVW/uy+3ao53fvgS0JKO/bg=
+=bSQ3
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBFb8EKsBEADwGmleOSVThrbCyCVUdCreMTKpmD5p5aPz/0jc66050MAb71Hv
+TVcfuMqHYO8O66qXLpEdqZpuk4D+rw1oKyC+d8uPD2PSHRqBXnR0Qf+LVTZvtO92
+3R7pYnC2x6V6iVGpKQYFP8cwh2B1qgIa+9y/N8cQIqfD+0ghyiUjjTYek3YFBnqa
+L/2h2V0Mt0DkBrDK80LqEY10PAFDfJjINAW9XNHZzi2KqUx5w1z8rItokXV6fYE5
+ItyGMR6WVajJg5D4VCiZd0ymuQP2bGkrRbl6FH5vofVSkahKMJeHs2lbvMvNyS3c
+n8vxoBvbbcwSAV1gvB1uzXXxv0kdkFZjhU1Tss4+Dak8qeEmIrC5qYycLxIdVEhT
+Z8N8+P7Dll+QGOZKu9+OzhQ+byzpLFhUHKys53eXo/HrfWtw3DdP21yyb5P3QcgF
+scxfZHzZtFNUL6XaVnauZM2lqquUW+lMNdKKGCBJ6co4QxjocsxfISyarcFj6ZR0
+5Hf6VU3Y7AyuFZdL0SQWPv9BSu/swBOimrSiiVHbtE49Nx1x/d1wn1peYl07WRUv
+C10eF36ZoqEuSGmDz59mWlwB3daIYAsAAiBwgcmN7aSB8XD4ZPUVSEZvwSm/IwuS
+Rkpde+kIhTLjyv5bRGqU2P/Mi56dB4VFmMJaF26CiRXatxhXOAIAF9dXCwARAQAB
+zS1NYXJpYURCIFNpZ25pbmcgS2V5IDxzaWduaW5nLWtleUBtYXJpYWRiLm9yZz7C
+wXgEEwEIACIFAlb8EKsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPFl
+byTHTNHYJZ0P/2Z2RURRkSTHLKZ/GqSvPReReeB7AI+ZrDapkpG/26xp1Yw1isCO
+y99pvQ7hjTFhdZQ7xSRUiT/e27wJxR7s4G/ck5VOVjuJzGnByNLmwMjdN1ONIO9P
+hQAs2iF3uoIbVTxzXof2F8C0WSbKgEWbtqlCWlaapDpN8jKAWdsQsNMdXcdpJ2os
+WiacQRxLREBGjVRkAiqdjYkegQ4BZ0GtPULKjZWCUNkaat51b7O7V19nSy/T7MM7
+n+kqYQLMIHCF8LGd3QQsNppRnolWVRzXMdtR2+9iI21qv6gtHcMiAg6QcKA7halL
+kCdIS2nWR8g7nZeZjq5XhckeNGrGX/3w/m/lwczYjMUer+qs2ww5expZJ7qhtSta
+lE3EtL/l7zE4RlknqwDZ0IXtxCNPu2UovCzZmdZm8UWfMSKk/3VgL8HgzYRr8fo0
+yj0XkckJ7snXvuhoviW2tjm46PyHPWRKgW4iEzUrB+hiXpy3ikt4rLRg/iMqKjyf
+mvcE/VdmFVtsfbfRVvlaWiIWCndRTVBkAaTu8DwrGyugQsbjEcK+4E25/SaKIJIw
+qfxpyBVhru21ypgEMAw1Y8KC7KntB7jzpFotE4wpv1jZKUZuy71ofr7g3/2O+7nW
+LrR1mncbuT6yXo316r56dfKzOxQJBnYFwTjXfa65yBArjQBUCPNYOKr0wkYEEhEI
+AAYFAlb8JFYACgkQy8sIKhu5Q9snYACgh3id41CYTHELOQ/ymj4tiuFt1lcAn3JU
+9wH3pihM9ISvoeuGnwwHhcKnwsFcBBIBCAAGBQJW/CSEAAoJEJFxGJmV5Fqe11cP
+/A3QhvqleuRaXoS5apIY3lrDL79Wo0bkydM3u2Ft9EqVVG5zZvlmWaXbw5wkPhza
+7YUjrD7ylaE754lHI48jJp3KY7RosClY/Kuk56GJI/SoMKx4v518pAboZ4hjY9MY
+gmiAuZEYx5Ibv1pj0+hkzRI78+f6+d5QTQ6y/35ZjSSJcBgCMAr/JRsmOkHu6cY6
+qOpq4g8mvRAX5ivRm4UxE2gnxZyd2LjY2/S2kCZvHWVaZuiTD0EU1jYPoOo6fhc8
+zjs5FWS56C1vp7aFOGBvsH3lwYAYi1K2S+/B4nqpitYJz/T0zFzzyYe7ZG77DXKD
+/XajD22IzRGKjoeVPFBx+2V0YCCpWZkqkfZ2Dt3QVW//QIpVsOJnmaqolDg1sxoa
+BEYBtCtovU0wh1pXWwfn7IgjIkPNl0AU8mW8Ll91WF+Lss/oMrUJMKVDenTJ6/ZO
+06c+JFlP7dS3YGMsifwgy5abA4Xy4GWpAsyEM68mqsJUc7ZANZcQAKr6+DryzSfI
+Olsn3kJzOtb/c3JhVmblEO6XzdfZJK/axPOp3mF1oEBoJ56fGwO2usgVwQDyLt3J
+iluJrCvMSBL9KtBZWrTZH5t3rTMN0NUALy4Etd6Y8V94i8c5NixMDyjRU7aKJAAw
+tUvxLd12dqtaXsuvGyzLbR4EDT/Q5DfLC1DZWpgtUtCVwsFcBBIBCAAGBQJW/CS2
+AAoJEEHdwLQNpW8iMUoP/AjFKyZ+inQTI2jJJBBtrLjxaxZSG5ggCovowWn8NWv6
+bQBm2VurYVKhvY1xUyxoLY8KN+MvoeTdpB3u7z+M6x+CdfoTGqWQ2yapOC0eEJBF
+O+GFho2WE0msiO0IaVJrzdFTPE0EYR2BHziLu0DDSZADe1WYEqkkrZsCNgi6EMng
+mX2h+DK2GlC3W2tY9sc63DsgzjcMBO9uYmpHj6nizsIrETqouVNUCLT0t8iETa25
+Mehq/I92I70Qfebv7R4eMrs+tWXKyPU0OjV+8b8saZsv1xn98UkeXwYx4JI04OTw
+nBeJG8yPrGDBO5iucmtaCvwGQ3c76qBivrA8eFz3azRxQYWWiFrkElTg+C/E83JQ
+WgqPvPZkI5UHvBwBqcoIXG15AJoXA/ZWIB8nPKWKaV5KDnY3DBuA4rh5Mhy3xwcC
+/22E/CmZMXjUUvDnlPgXCYAYU0FBbGk7JpSYawtNfdAN2XBRPq5sDKLLxftx7D8u
+ESJXXAlPxoRh7x1ArdGM+EowlJJ0xpINBaT0Z/Hk0jxNIFEak796/WeGqewdOIki
+dAs4tppUfzosla5K+qXfWwmhcKmpwA4oynE8wIaoXptoi8+rxaw4N6wAXlSrVxeC
+VTnb7+UY/BT2Wx6IQ10C9jrsj6XIffMvngIinCD9Czvadmr7BEIxKt1LP+gGA8Zg
+wsFcBBIBCgAGBQJYE6oDAAoJEL7YRJ/O6NqIJ24P+QFNa2O+Q1rLKrQiuPw4Q73o
+7/blUpFNudZfeCDpDbUgJ01u1RHnWOyLcyknartAosFDJIpgcXY5I8jsBIO5IZPR
+C/UKxZB3RYOhj49bySD9RNapHyq+Y56j9JUoz6tkKFBd+6g85Ej8d924xM1UnRCS
+9cfI9W0fSunbCi2CXLbXFF7V+m3Ou1SVYGIAxpMn4RXyYfuqeB5wROR2GA5Ef6T3
+S5byh1dRSEgnrBToENtp5n7Jwsc9pDofjtaUkO854l45IqFarGjCHZwtNRKd2lcK
+FMnd1jS0nfGkUbn3qNJam1qaGWx4gXaT845VsYYVTbxtkKi+qPUIoOyYx4NEm6fC
+ZywH72oP+fmUT/fbfSHa5j137dRqokkR6RFjnEMBl6WHwgqqUqeIT6t9uV6WWzX9
+lNroZFAFL/de7H31iIRuZcm38DUZOfjVf9glweu4yFvuJ7cQtyQydFQJV4LGDT/C
+8e9TWrV1/gWMyMGQlZsRWa+h+FfFUccQtfSdXpvSxtXfop+fVQmJgUUl92jh4K9j
+c9a6rIp5v1Q1yEgs2iS50/V/NMSmEcE1XMOxFt9fX9T+XmKAWZ8L25lpILsHT3mB
+VWrpHdbawUaiBp9elxhn6tFiTFR7qA7dlUyWrI+MMlINwSZ2AAXvmA2IajH/UIlh
+xotxmSNiZYIQ6UbD3fk4wsFzBBABCgAdFiEEmy/52H2krRdju+d2+GQcuhDvLUgF
+Ally44wACgkQ+GQcuhDvLUgkjQ//c3mBxfJm6yLAJD4s4OgsPv4pcp/EKmPcdztm
+W0/glwopUZmq9oNo3VMMCGtusrQgpACzfUlesu9NWlPCB3olZkeGugygo0zuQBKs
+55eG7bPzMLyfSqLKyogYocaGc4lpf4lbvlvxy37YGVrGpwT9i8t2REtM6iPKDcMM
+sgVtNlqFdq3Fs2Haqt0m1EksX6/GSIrjK4LZEcPklrGPvUS3S+qkwuaGE/jXxncE
+4jFQR9SYH6AHr6Vkt1CG9Dgpr+Ph0I9n0JRknBYoUZ1q51WdF946NplXkCskdzWG
+RHgMUCz3ZehF1FzpKgfO9Zd0YZsmivV/g6frUw/TayP9gxKPt7z2Lsxzyh8X7cg6
+TAvdG9JbG0PyPJT1TZ8qpjP/PtqPclHsHQQIbGSDFWzRM5znhS+5sgyw8FWInjw8
+JjxoOWMa50464EfGeb2jZfwtRimJAJLWEf/JnvO779nXf5YbvUZgfXaX7k/cvCVk
+U8M7oC7x8o6F0P2Lh6FgonklKEeIRtZBUNZ0Lk9OShVqlU9/v16MHq/Eyu/Mbs0D
+en3vYgiYxOBR8czD1Wh4vsKiGfOzQ6oWti/DCURV+iTYhJc7mSWM6STzUFr0nCnF
+x6W0j/zH6ZgiFAGOyIXW2DwfjFvYRcBL1RWAEKsiFwYrNV+MDonjKXjpVB1Ra90o
+lLrZXAXCwHMEEgEKAB0WIQRMRw//78TT3Fl3hlXOGj3V48lPSQUCXAAgOgAKCRDO
+Gj3V48lPSQxAB/43qoWteVZEiN3JW4FnHg+S60TnHSP69FKV+363XYKDa23pNpv4
+tiJumo9Kvb4UoDft766/URHm5RKyPtrxy+wqotamrkGJUTtP2a68h7C31VX+pf6i
+iQKmxRQz4zmW0pA5X01+AgpvcDH++Fv5NLBpnjqPdTh5b0gvr89E0zMNldNYOZu1
+0H/mukrnGlFDu/osBuy+XJtP2MeasazVMLvjKs+hr//E+iLI9DZOwFBK6AX5gkkI
+UEHkSeb4//AHwvanUMin9un9+F9iR+qDuDEKxuevYzM0owuoVcK5pAsRnRQJlnHW
+/0BQ6FtNGpmljhvUk8a/l3xFf3z/uJG5vVKVzsFNBFb8EKsBEADDfCMsu2U1CdJh
+r4xp6z4J89/tMnpCQASC8DQhtZ6bWG/ksyKt2DnDQ050XBEng+7epzHWA2UgT0li
+Y05zZmFs1X7QeZr16B7JANq6fnHOdZB0ThS7JEYbProkMxcqAFLAZJCpZT534Gpz
+W7qHwzjV+d13IziCHdi6+DD5eavYzBqY8QzjlOXbmIlY7dJUCwXTECUfirc6kH86
+CS8fXZTke4QYZ55VnrOomB4QGqP371kwBETnhlhi74+pvi3jW05Z5x1tVMwuugyz
+zkseZp1VYmJq5SHNFZ/pnAQLE9gUDTb6UWcPBwQh9Sw+7ahSK74lJKYm3wktyvZh
+zAxbNyzs1M56yeFP6uFwJTBfNByyMAa6TGUhNkxlLcYjxKbVmoAnKCVM8t41TlLv
+/a0ki8iQxqvphVLufksR9IpN6d3F15j6GeyVtxBEv04iv4vbuKthWytb+gjX4bI8
+CAo9jGHevmtdiw/SbeKx2YBM1MF6eua37rFMooOBj4X7VfQCyS+crNsOQn8nJGah
+YbzUDCCgnX+pqN9iZvXisMS79wVyD5DyISFDvT/5jY7IXxPibxr10P/8lfW1d72u
+xyI2UiZKZpyHCt4k47yMq4KQGLGuhxJ6q6O3bi2aXRuz8bLqTBLca9dmx9wZFvRh
+6jS/SKEg7eFcY0xbb6RVIv1UwGDYfQARAQABwsFfBBgBCAAJBQJW/BCrAhsMAAoJ
+EPFlbyTHTNHYEBIQAJhFTh1u34Q+5bnfiM2dAdCr6T6w4Y1v9ePiIYdSImeseJS2
+yRglpLcMjW0uEA9KXiRtC/Nm/ClnqYJzCKeIaweHqH6dIgJKaXZFt1Uaia7X9tDD
+wqALGu97irUrrV1Kh9IkM0J29Vid5amakrdS4mwt2uEISSnCi7pfVoEro+S7tYQ9
+iH6APVIwqWvcaty3cANdwKWfUQZ6a9IQ08xqzaMhMp2VzhVrWkq3B0j2aRoZR7BN
+LH2I7Z0giIM8ARjZs99aTRL+SfMEQ3sUxNLb3KWP/n1lSFbrk4HGzqUBBfczESlN
+c0970C6znK0H0HD11/3BTkMuPqww+Tzex4dpMQllMEKZ3wEyd9v6ba+nj/P1FHSE
+y/VN6IXzd82s1lYOonKTdmXAIROcHnb0QUzwsd/mhB3jKhEDOV2ZcBTD3yHv8m7C
+9G9y4hV+7yQlnPlSg3DjBp3SS5r+sOObCIy2Ad32upoXkilWa9g7GZSuhY9kyKqe
+Eba1lgXXaQykEeqx0pexkWavNnb9JaPrAZHDjUGcXrREmjEyXyElRoD4CrWXySe4
+6jCuNhVVlkLGo7osefynXa/+PNjQjURtx8en7M9A1FkQuRAxE8KIZgZzYxkGl5o5
+POSFCA4JUoRPDcrl/sI3fuq2dIOE/BJ2r8dV+LddiR+iukhXRwJXH8RVVEUS
+=mCOI
+-----END PGP PUBLIC KEY BLOCK-----

salt/repo/client/files/oracle/keys/RPM-GPG-KEY-oracle

@@ -0,0 +1,104 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGHncu8BEAC2dhocMZkdapnP9o/MvAnKOczaSpF4Cj9yqt49bxLPJCY57jz9
+2ZkJ5iGk6kpBt4rPTh18aAl30T+nPP8VMQjMhvHJKfZmBtaJJ5RpvvpK5mj1UgRJ
+4DQX7gqAbT0s/uZZcouZsJzXo3c7GNMrim1C+ScfGG6BoB6GVBK74jFeJNMsxZ2Y
+BwQhpE+KG+1zD94RZCySykJjNoKj+U4W5H2XdB/mNEc8icFqxjJGZ5BN0DA2Wqxn
+mwELTO3Q2ne1y9+sPn2YKhRqyihuZYaUPR/Jpdki93mk61MdaoTTxFPZ8FWAYrAW
+9KVdreT8K33SaTFFpmhbpndPEYesgCqDqiZG7Ywjgbf2nqSOzBr2ZX23PX7QUCvQ
+ar58bNbWENLhC3B950TK+r23kkPa3GICE9WP5TftWJdbJMWRBX3YhdNooNGGCbeB
+xM7B/UV9hSRx1S/US8HvDhJezZDuKrpPXrNWJTuW9Kty2WGwUkEDT2GBbcjx9ocJ
+fqyNJKhaLoYKCVlsmhJUi4xCY0CDDapekWLZOzHB2zgT49uIjawV5ex6pA7oLaPI
+hQGvTcCl7GFWOP/6feazzIpnsJ4V3B2DoLnAevpZlINo/bi3Hv/YmbvE6NyYzD6c
+1y90pc0+Om1trLPCAZpaO1I369ZhLl6T/mCd92hrCG1y8K3PFiRIKpEMVwARAQAB
+tDVPcmFjbGUgTGludXggKHJlbGVhc2Uga2V5IDEpIDxzZWNhbGVydF91c0BvcmFj
+bGUuY29tPokCVAQTAQoAPhYhBD5tgm0/urOJwvOONLxNBqCNi3VvBQJinlnsAhsD
+BQklmAYABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJELxNBqCNi3Vv3LEP/2au
+kXzbdA/T/7i+4AbGFfYnTWqmZy58wfteDNy1sk6cPmfOUqZQXUrJcSGqqeIDjPvl
+KNExpee/Ja4NGg2YfzkwH5IK5sXmEDKObXRCXGZh9/WyYpr4TBoDU2rSYBP4sbKm
+PsnVoRalt2Zb0qbQF8GilytoRabjI0gLzwhmoHBZMMc3MIO14KQ5yFbekaJZKcxE
+BxaDQ1NDZV1rOVbkg0yDLS9Nw89dDYWVn1wx0foRJcD277ExvmaB4vmC5yayo4ss
+cFldYLu7W9FHmh46flXQGfduORCbDFfjn92eB0jdrkuoEhVRpljAtMO15GMpuVbv
+HzbImI2f1MfydOa6dHbRAlzeV37fPz+1nO9IWdXqFeRG0nrH2gB02AfeoObMkK/a
+XYT9sq1mC5DaK6fbOPWlY+c2hIq0BhUpe+OBdDfmm7L+si9Ffj2sUdn4sHLN6Tj7
+BrJuWmJEz42+rblDNBkrdBC6XXDaRYILKSuGD65PVV+/pVl1c2EOqcktW00iiehb
+eLhj2sz6NaoO5Rhx0J3pMsaCaEBAm8P6UxQSx4iGhZ8Kh5O1SVVlqu3xOhSGOKRE
+sS8gIjeV/Jl3frR4eZG/BpzdTjKZmQV7dvJ4gDuDE+X7rZBzUm7nggyE2pV6UbTD
+5Qwy+ASQfYHfHK4lsHD4kbO/We6H1fEFPlzlr14UuQINBGHncu8BEADBG52gWRob
+VEsQIzAfq2obFnwMroxMupXrDBka7i6cUJw8HsqyHs9maGxAuRDlAma2MBPUYcbm
+DH3bmctaUR7CA1RouPkb6qbZXwSwpvgN4eh4naPX20/VEp/cd5DhKWjP9yC70weh
+r4LmGWV41jBAMK0G1l6+FDw2ITgsamZP+tw0swCKqzpIY2waiygCtPHCCCFMuZ6S
+7hzQpsKVFh8zqzRxMs6Mni9olk4+xwng0ahYfoe2esByR2M1kGX62Y6BOcIRX1cE
+zYFCUww5GrjZdJoObBtffUSz+q2LNOBcqg5huRd8BoC+k5yrXUq8ypspfV1kNEI3
+/ebFew6A8sdf2c+sOdTxTu4MI5iXM1fhCC6X4lAN8w1Ga3ML+k/kgL75mH62Yyzr
+OHXNkylTDfxz9qvq6qszVfWdzVaGXRfulW5nAbAXhuX1gmgZW+M7IQ22xyWC+I60
+UcaE2l9QtHFKuekdYnekTkSUA0ghVwuw+JCQZGQbq5LqbA5TkEYuibBOJD3MZYQ5
+C3DK4KHs/3wxf2aq+Pkf3mpSscC4B0Ba5tlpJawUWqnUmGd208sfUwD20MFfHM+1
+N+M6JYCv0tC0cyAV9Jq74bAUDXLMfkGKZyAWmlPaZBMMt4WaN0r2PAKp00T6PX6x
+jTM6/aNDvNTpsaaUpMXRzH13AiJ/1SjfZwARAQABiQI8BBgBCgAmAhsMFiEEPm2C
+bT+6s4nC8440vE0GoI2LdW8FAmKeWsgFCSRtulkACgkQvE0GoI2LdW/pig//Zi0a
+bmFJKTxku0/LMI31ZaLn9gzXjv2ugmJumfXAce+nlaheCNBa+IMLQdAmrbislzLs
+qXX2+6Eqh4Q/vqGLCkElIzT9ulkgwwEp0cVF6jnXqlWHa0a/T6oAq10jRneaQFCE
+t6hweJ9KTUQufp5aAiZr/GVpBJLJ8kfOx+5eHvDj+VFlFUhpzzns/NfN5N+bthJ/
+Wbt49tzmWaWoEFA0tlwMBPO3zEh/mo5lys0GqENPs4Yb4tL82qg+SG7jHSuH2lZk
+XLLyLQ6p63VZysL9+UTBtafs5jxnTopQFIXtzAOwdtQ8o7/6hhsUchRoUy23EIHT
+J25yA2Qtb8Z/1m/G0e3lz46xHBPIs8FKSOPToCT6E1+9lomnzJPRBCCDTZO5imfX
+4N4l7BodW9nb7zEMHCi2BUM+InpSsEkQkQFs0HIRI2KHSyY30uN0pVXJLOoVQIBr
+WdUzLTTkN9w43fLpkcFXGbpU+pZvK2uksC3O+eBhIpZA9E7iZDwfEaZlUKO5kFvS
+V5f8ZM1jbEb0sOZNNNEaEhTFTl8pQPc2GqgZ3rYt9mqH5OwhzKftV9PDYulIbY+Y
+AN6eJhHj8Eu/IlxG6iYCDmF2hOVPs9aLo9zqdxbu8B6rUyVPOwfNbOR1U7WMRCYm
+4QrtLe//99hXPcFVanIxgkdslnyYf4fjdbdlmNY=
+=xpaH
+-----END PGP PUBLIC KEY BLOCK-----
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGHndDkBEACieeO8U0kcUTDMLGXGKrJ3nScZ4LN5hHSzWC1zuLPpkB0YQdik
+CrfSwodyp9LeEhaRsCSoGDc3cS5f5uGvsSUHMCZwEKjdT8LmZkF/dtvVDWawgaLS
+KjoT+AJpss+ws0d/qmwkIHeYExdvZFNdKxvvxycCNy9fNwarT4aNySW6Ax7ERDl8
+k0QSK7uvL1AaWQKSz9rX//KcLv5OXVUX3ITcwprJPD3H2yTOy4pE9gxs/qKfnP+U
+Pbb3pNaHP4PnCIQrjXhJxnH9cEJ7ef0kqBdliGPN7EObrP2uPg70WnVsXovYw/TF
+PrA4H2lvJ58RVhh3ocrSnR+SIne7Lgf1FRSrsE2mmNZAWD6rOxOzO4kUrcfv/pqZ
+f+sDs7KTFMO0noJ1Kt7JSV6xCQzeKGdOh9JxYI0/YIsquiHTF2xva3WHrpOG1sns
+xXcnrLKONisg4gEK36fjsliG4jJhcNyJaAf4sfDiTKDOE5om+BZ7kMNSrMn20wg4
+AdZJm6x8Z0OfjxGOzMQ8re4Cf73H5odrpUel7HFGXiLWtk/f4P5EjxUTznlMbNED
+gYi0H898Dz5Qfmtr97WQ8132fnKKtsPlXWNUNgJpYe+GvzmYOBAr4p5EZEWjB+q6
+EnfLDLpkaS+PbrpLCls5AnWnHjimBmlIMoO5GEsJdYLIQvVVvfKtEDJIBQARAQAB
+tDRPcmFjbGUgTGludXggKGJhY2t1cCBrZXkgMSkgPHNlY2FsZXJ0X3VzQG9yYWNs
+ZS5jb20+iQJUBBMBCgA+FiEEmCIxdZx0ZwZdDOmyp90HCItO++YFAmKewpICGwMF
+CSWYBgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQp90HCItO++bU+w//SFOe
+RBqWoA5kP4BN9z716LpgkCllMRQsRZ0kZm8Enbe5S9ENn2T5/f6zZca3TNU6Wbit
+ryToXuOlTsWy4BqAvQhQFeschg10Xgy6/VG3p5kCY4DIPOUjlb7/1r8k0xX6m/mH
+BXBf2MCVRx/zkyeRDtD3lYHyz4cwoHEZ2NuB+CCe5WA2owVhgsRuVmjidDeOa7Q6
+61eLhAJ53OVqsUt5JpQS0KrVeYVJxCiiZnKgJMqHp26Jq0WIKtgBV3sakxhUpRUf
+6ap7mnSAdh6Ae4r1+pTKd7trkxjIqLXH9RI0d7Xm+blRQVZJL9GLaLUaSvw4sfd/
+jfqENCBwAH7D488L1yvTqPfHC2+kRuUI3GU98RULCHveCISRGLVGwh1p88+9aok3
+DoV7/BUEIGbHzg3gcx8zFO2ZKKoJ7xS+vvNLAslPvHNDFH0XOwKBqlVztJprwWtA
+H33e6fti7BMRw1vgljC8yVATBTiKXj5aw+25zi70o1fIFxpwsx5mwMmqHc634ai2
+hPWNZid0Lu3MYBd8pDCvMMMGimfecoyEZKJR2KbO+pNBn7suol5XS3pCmbF3ldMa
+Atra+HvnxNBMxFVdxsqZhr/+ovQszYNIlWSYUDLbqk33HBmvbi3IuogAyxhLdw3T
+uIjjf0acjOsSgy79ju2NpKPVtJw4BmvJRFX0Rh25Ag0EYed0OQEQAJRhf7/ZIWhZ
+LpCX2vg8B4hjsEYeRvEAPUrUMHkqCuElmDaT7g76aPG0jvbMFVU/ykEt2mIi7EhW
+s0SZknT5G8HoHJM2MirkyGB26yp4IlkPyNlc5H9nmMhY7iz/utxQps8jDS8dvxeG
+1YAJGleGywGAet9vFfrLX9Xq9efTXozJfWOsRm+y2WklS+LblftaTUurStzLXRGT
+AsBYOyVaRX/6AMu+fZt7mvoM+bOFNGxMSDIZi93wBiCKp0P2Se1YJoFHTOcQ0M6V
+Fbl91ZcImPxAOX4DHfw4iuokiHCs//wV0DLZ3qtuqN2m/kV4JE9ak//BPVn4acH1
+Z6DQIzQpY66dIyLumGuCdPhl7MFHyAeKhBtLc7gp4+sli+zNUfYwwp55rTdZ9JDR
+G2LD/P2eNnrUXEsvOzqqQy48BmzOmTdgc2vef85Z23GczwX1PyTaGnrQKkReajN0
+IxIuFpTgRQFBoPHTB1VVjSsOu7McWx4Gy2zccSrXKIskj4sOBIYBjxBAR0U4Gi5h
+OAqplVGH3x3RoRb2swkc/LLb6WV6J7REmZ0+0dAE1ShBR8GmEb4wYc5BUgYXrhEn
+hK3nmNx65jZXSAwJOZU8ETLaMoa/I/+QkgPvAJ8gyTLbMQ/xB2kMNRdisphz0jiy
+PIXWlOf6I750VtbBNPHqfe0RHbBQJAl9ABEBAAGJAjwEGAEKACYCGwwWIQSYIjF1
+nHRnBl0M6bKn3QcIi0775gUCYp7C3AUJJG4hIwAKCRCn3QcIi0775nmYD/sEI0T4
++MHIt5EzL+vBAzAbd23U2oF9KrJP49xmrLlm7qC6ghfuUVqoKwWyE24g8T4N3cxE
+xQWTZ8drqvE2E2tyKqVMjJ5PfiZjK/3WOOIq9YZHpNKljv9KaAAf5alpvMxn6IBj
+ZUhs775JcGWWngilBN9i3OEVFcQG9tFtfKqcYf8oRLPQlqhrH0pKOymFdqdL+NFX
+G/M2LquGrvyDwnT2Cyy4p4sw639BUyA4k1hESgK9KVZTrmJPYU8hCD7kcSOY25UT
+zDERLlXUsnGU9WHm/4aZ4TCs2h2qm29jHeWjfw0U/O8f4K5MV7WcJ0ZywdOk7SSf
+jOKUetPH01l22I6JXiH0jLlBU5uA/zAxd8aPpvcYcWm2Ti+mkpIB6/XWbjnPoYHh
+JmH8r9Pih1Z4dVR7qri/mdcsTZsKzLPuD6AITafJYuRCItCbMerhvGCwBaaR0oHS
+AdpSzwKk8mrLd4BQUSM5a3E010dDeKGL4TA5ttfZJuSe7RXbi4RdDd98XHKEiU3n
+N1ethSQNvEyrh0uA1U3FZvPMcbfYZa8zO85Nz9h/TGUNfmp5CyrZUHZLmvvGTOch
+lUjaIhAGBVJQR/y7+4aC3zzkyzbKyLOL3hCk0xie4LLbfTQ5BtT4+GqEAtzwRQqZ
+RgwnCPfIai7lLNx95bdwB8U2NpY11OXsoTLZAA==
+=UWTf
+-----END PGP PUBLIC KEY BLOCK-----

salt/repo/client/files/oracle/yum.conf.jinja

@@ -10,7 +10,7 @@ gpgcheck=1
 plugins=1
 installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
 bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
-distroverpkg=centos-release
+distroverpkg=oraclelinux-release
 clean_requirements_on_remove=1
 {%- if proxy %}
 proxy={{ proxy }}

salt/repo/client/files/rocky/keys/RPM-GPG-KEY-rockyofficial

@@ -1,31 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: resf.keykeeper.v1
-Comment: Keykeeper
-
-xsFNBGJ5RksBEADF/Lzssm7uryV6+VHAgL36klyCVcHwvx9Bk853LBOuHVEZWsme
-kbJF3fQG7i7gfCKGuV5XW15xINToe4fBThZteGJziboSZRpkEQ2z3lYcbg34X7+d
-co833lkBNgz1v6QO7PmAdY/x76Q6Hx0J9yiJWd+4j+vRi4hbWuh64vUtTd7rPwk8
-0y3g4oK1YT0NR0Xm/QUO9vWmkSTVflQ6y82HhHIUrG+1vQnSOrWaC0O1lqUI3Nuo
-b6jTARCmbaPsi+XVQnBbsnPPq6Tblwc+NYJSqj5d9nT0uEXT7Zovj4Je5oWVFXp9
-P1OWkbo2z5XkKjoeobM/zKDESJR78h+YQAN9IOKFjL/u/Gzrk1oEgByCABXOX+H5
-hfucrq5U3bbcKy4e5tYgnnZxqpELv3fN/2l8iZknHEh5aYNT5WXVHpD/8u2rMmwm
-I9YTEMueEtmVy0ZV3opUzOlC+3ZUwjmvAJtdfJyeVW/VMy3Hw3Ih0Fij91rO613V
-7n72ggVlJiX25jYyT4AXlaGfAOMndJNVgBps0RArOBYsJRPnvfHlLi5cfjVd7vYx
-QhGX9ODYuvyJ/rW70dMVikeSjlBDKS08tvdqOgtiYy4yhtY4ijQC9BmCE9H9gOxU
-FN297iLimAxr0EVsED96fP96TbDGILWsfJuxAvoqmpkElv8J+P1/F7to2QARAQAB
-zU9Sb2NreSBFbnRlcnByaXNlIFNvZnR3YXJlIEZvdW5kYXRpb24gLSBSZWxlYXNl
-IGtleSAyMDIyIDxyZWxlbmdAcm9ja3lsaW51eC5vcmc+wsGKBBMBCAA0BQJieUZL
-FiEEIcslauFvxUxuZSlJcC1CbTUNJ10CGwMCHgECGQEDCwkHAhUIAxYAAgIiAQAK
-CRBwLUJtNQ0nXWQ5D/9472seOyRO6//bQ2ns3w9lE+aTLlJ5CY0GSTb4xNuyv+AD
-IXpgvLSMtTR0fp9GV3vMw6QIWsehDqt7O5xKWi+3tYdaXRpb1cvnh8r/oCcvI4uL
-k8kImNgsx+Cj+drKeQo03vFxBTDi1BTQFkfEt32fA2Aw5gYcGElM717sNMAMQFEH
-P+OW5hYDH4kcLbtUypPXFbcXUbaf6jUjfiEp5lLjqquzAyDPLlkzMr5RVa9n3/rI
-R6OQp5loPVzCRZMgDLALBU2TcFXLVP+6hAW8qM77c+q/rOysP+Yd+N7GAd0fvEvA
-mfeA4Y6dP0mMRu96EEAJ1qSKFWUul6K6nuqy+JTxktpw8F/IBAz44na17Tf02MJH
-GCUWyM0n5vuO5kK+Ykkkwd+v43ZlqDnwG7akDkLwgj6O0QNx2TGkdgt3+C6aHN5S
-MiF0pi0qYbiN9LO0e05Ai2r3zTFC/pCaBWlG1ph2jx1pDy4yUVPfswWFNfe5I+4i
-CMHPRFsZNYxQnIA2Prtgt2YMwz3VIGI6DT/Z56Joqw4eOfaJTTQSXCANts/gD7qW
-D3SZXPc7wQD63TpDEjJdqhmepaTECbxN7x/p+GwIZYWJN+AYhvrfGXfjud3eDu8/
-i+YIbPKH1TAOMwiyxC106mIL705p+ORf5zATZMyB8Y0OvRIz5aKkBDFZM2QN6A==
-=PzIf
------END PGP PUBLIC KEY BLOCK-----

salt/repo/client/files/rocky/keys/docker.pub

@@ -1,28 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ
-1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP
-w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7
-gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh
-KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50
-uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ
-WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO
-+VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN
-spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM
-+q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0
-rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB
-tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
-BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti
-Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG
-VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l
-TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC
-/LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3
-ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ
-XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao
-xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra
-IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL
-GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi
-g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW
-5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ
-=0Zqq
------END PGP PUBLIC KEY BLOCK-----

salt/repo/client/files/rocky/keys/securityonion.pub

@@ -1,52 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBF7rzwEBEADBg87uJhnC3Ls7s60hbHGaywGrPtbz2WuYA/ev3YS3X7WS75p8
-PGlzTWUCujx0pEHbK2vYfExl3zksZ8ZmLyZ9VB3oSLiWBzJgKAeB7YCFEo8te+eE
-P2Z+8c+kX4eOV+2waxZyewA2TipSkhWgStSI4Ow8SyVUcUWA3hCw7mo2duNVi7KO
-C3vvI3wzirH+8/XIGo+lWTg6yYlSxdf+0xWzYvV2QCMpwzJfARw6GGXtfCZw/zoO
-o4+YPsiyztQdyI1y+g3Fbesl65E36DelbyP+lYd2VecX8ELEv0wlKCgHYlk6lc+n
-qnOotVjWbsyXuFfo06PHUd6O9n3nmo0drC6kmXGw1e8hu0t8VcGfMTKS/hszwVUY
-bHS6kbfsOoAb6LXPWKfqxk/BdreLXmcHHz88DimS3OS0JufkcmkjxEzSFRL0kb2h
-QVb1SATrbx+v2RWQXvi9sLCjT2fdOiwi1Tgc84orc7A1C3Jwu353YaX9cV+n5uyG
-OZ2AULZ5z2h13sVuiZAwfyyFs/O0CJ783hFA2TNPnyNGAgw/kaIo7nNRnggtndBo
-oQzVS+BHiFx98IF4zDqmF2r2+jOCjxSrw8KnZBe4bgXFtl89DmjoejGvWDnu2MVM
-pZDEs1DcOxHBQmTCWMIYLyNKG0xW6diyWBxEIaa7YgrP6kA+RaDfZ/xXPwARAQAB
-tD9TZWN1cml0eSBPbmlvbiBTb2x1dGlvbnMsIExMQyA8aW5mb0BzZWN1cml0eW9u
-aW9uc29sdXRpb25zLmNvbT6JAlQEEwEKAD4WIQTIBKk9Nr4Mcz6hlkR8EGC3/lBw
-EwUCXuvPAQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB8EGC3
-/lBwExB1D/42xIDGU2XFNFyTU+ZqzDA8qNC9hEKjLeizbeM8RIm3xO+3p7SdqbuJ
-7pA8gk0RiHuILb+Ba1xiSh/w/W2bOxQhsXuWHih2z3W1tI+hu6RQhIm4e6CIHHf7
-Vzj4RSvHOVS0AzITUwkHjv0x0Z8zVBPJfEHKkK2x03BqP1o12rd7n2ZMrSfN6sED
-fUwOJLDjthShtyLSPBVG8j7T5cfSCPSLhfVOKPQVcI1sSir7RLeyxt1v1kzjQdaA
-+znxO8EgfZJN93wzfBrAGcVT8KmpmgwR6p46m20wJXyZC9DZxJ0o1y3toVWTC+kP
-Qj1ROPivySVn10rBoOJk8HteyhW07gTcydq+noKHV7SqJ1899xRAYP7rDCfI9iMW
-Nn22ZDLnAkIcbNR7JLJCHwsZH/Umo9KO/dIccIqVQel3UCCYZcWTZW0VkcjqVKRa
-eK+JQGaJPrBAoxIG5/sMlbk2sINSubNWlcbH6kM0V8NVwdPiOO9xLmp2hI4ICxE3
-M+O2HCNX4QYzVizzTFxEvW3ieLa4nePQ8J6lvMI2oLkFP7xHoFluvZnuwfNvoEy0
-RnlHExN1UQTUvcbCxIbzjaJ4HJXilWHjgmGaVQO1S7AYskWnNWQ7uJvxnuZBNNwm
-pIvwYEZp23fYaWl/xKqnmPMy2ADjROBKlCm7L+Ntq1r7ELGW5ZCTobkCDQRe688B
-ARAA22GzdkSAo+mwJ2S1RbJ1G20tFnLsG/NC8iMN3lEh/PSmyPdB7mBtjZ+HPDzF
-VSznXZdr3LItBBQOli2hVIj1lZBY7+s2ZufV3TFFwselUwT3b1g1KMkopD95Ckf8
-WhLbSz2yqgrvcEvbB0HFX/ZEsHGqIz2kLacixjwXXLWOMQ2LNbeW1f5zQkBnaNNQ
-/4njzTj68OxnvfplNYNJqi2pZGb2UqarYX04FqKNuocN8E7AC9FQdBXylmVctw9T
-pQVwfCI76bTe6vPWb+keb6UNN1jyXVnhIQ3Fv5sFBsmgXf/hO8tqCotrKjEiK2/i
-RkvFeqsGMXreCgYg9zW4k+DcJtVa+Q8juGOjElrubY3Ua9mCusx3vY4QYSWxQ5Ih
-k1lXiUcM5Rt38lfpKHRJ5Pd4Y5xlWSQfZ7nmzbf/GzJQz+rWrA0X6Oc6cDOPLNXK
-w1dAygre4f2bsp5kHQt6NMefxeNTDmi+4R62K0tb40f5q0Vxz8qdyD48bBsbULNx
-kb6mjOAD+FNkfNXcGeuTq9oRnjx8i93mhYsIP5LFNDXS/zSP1nv0ZUFeIlGQGjV9
-1wOvT454qkI9sKiVFtd4FrNKZJbKszxxDm+DPfB5j+hRC4oeEJ7w+sVyh3EawtfM
-V7Mwj8i+7c3YUCravXBhSwG7SCTggFUgA8lMr8oWVgCATYsAEQEAAYkCPAQYAQoA
-JhYhBMgEqT02vgxzPqGWRHwQYLf+UHATBQJe688BAhsMBQkSzAMAAAoJEHwQYLf+
-UHATTtwQAJiztPW68ykifpFdwYFp1VC7c+uGLhWBqjDY9NSUKNC9caR7bV0cnNu8
-07UG6j18gCB2GSkukXjOR/oTj6rNcW/WouPYfQOrw7+M2Ya8M8iq+E/HOXaXB3b4
-FeCcB0UuwfcHHd2KbXrRHA+9GNpmuOcfTCdsPpIr41Xg4QltATDEt/FrzuKspXg4
-vUKDXgfnbj7y0JcJM2FfcwWGlnAG5MMRyjJQAleGdiidX/9WxgJ4Mweq4qJM0jr3
-Qsrc9VuzxsLr85no3Hn5UYVgT7bBZ59HUbQoi775m78MxN3mWUSdcyLQKovI+YXr
-tshTxWIf/2Ovdzt6Wq1WWXOGGuK1qgdPJTFWrlh3amFdb70zR1p6A/Lthd7Zty+n
-QjRZRQo5jBSnYtjhMrZP6rxM3QqnQ0frEKK9HfDYONk1Bw18CUtdwFGb9OMregLR
-IjvNLp9coSh5yYAepZyUGEPRET0GsmVw2trQF0uyMSkQfiq2zjPto6WWbsmrrbLr
-cfZ/wnBw1FoNEd51U54euo9yvOgOVtJGvqLgHNwB8574FhQhoWAMhyizqdgeEt26
-m3FXecUNKL/AK71/l04vor+/WsXe8uhDg3O84qeYa9wgd8LZZVmGZJDosSwqYjtb
-LdNNm+v60Zo6rFWSREegqi/nRTTDdxdW99ybjlh+mpbq3xavyFXF
-=bhkm
------END PGP PUBLIC KEY BLOCK-----

salt/repo/client/init.sls

@@ -1,2 +1,5 @@
+{% from 'vars/globals.map.jinja' import GLOBALS %}
+{% if GLOBALS.os == 'OEL' %}
 include:
-  - repo.client.{{grains.os | lower}}
+  - repo.client.oracle
+{% endif %}

salt/repo/client/map.jinja

@@ -1,8 +1,19 @@
 {% from 'vars/globals.map.jinja' import GLOBALS %}
-{% if GLOBALS.os == 'Rocky' %}
 
+{% if GLOBALS.os_family == 'Redhat' %}
   {% set REPOPATH = '/etc/yum.repos.d/' %}
+{%     if GLOBALS.os == 'OEL' %}
   {% set ABSENTFILES = [
+         'centos-addons.repo',
+         'centos-devel.repo',
+         'centos-extras.repo',
+         'centos.repo',
+         'docker-ce.repo',
+         'epel.repo',
+         'epel-testing.repo',
+         'saltstack.repo',
+         'salt-latest.repo',
+         'wazuh.repo'
          'Rocky-Base.repo',
          'Rocky-CR.repo',
          'Rocky-Debuginfo.repo',
@@ -15,16 +26,16 @@
          'rocky-devel.repo',
          'rocky-extras.repo',
          'rocky.repo',
-         'docker-ce.repo',
+         'oracle-linux-ol9',
-         'epel.repo',
+         'uek-ol9',
-         'epel-testing.repo',
+         'virt-oll9'
-         'saltstack.repo',
-         'salt-latest.repo',
-         'wazuh.repo'
        ]
   %}
+{%     else %}
+  {% set ABSENTFILES = [] %}
+{%    endif %}
 
-{% elif GLOBALS.os == 'Ubuntu' %}
+{% else %}
 
   {% set REPOPATH = '/etc/apt/sources.list.d/' %}
   {% set ABSENTFILES = [] %}

salt/repo/client/oracle.sls

@@ -8,7 +8,7 @@
 
 {% set role = grains.id.split('_') | last %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% if grains['os'] == 'Rocky' %}
+{% if grains['os'] == 'OEL' %}
 
 {% if ABSENTFILES|length > 0%}
   {% for file in ABSENTFILES  %}
@@ -29,7 +29,7 @@ cleandnf:
 yumconf:
   file.managed:
     - name: /etc/yum.conf
-    - source: salt://repo/client/files/rocky/yum.conf.jinja
+    - source: salt://repo/client/files/oracle/yum.conf.jinja
     - mode: 644
     - template: jinja
     - show_changes: False
@@ -43,7 +43,7 @@ repair_yumdb:
 crsynckeys:
   file.recurse:
     - name: /etc/pki/rpm-gpg
-    - source: salt://repo/client/files/rocky/keys/
+    - source: salt://repo/client/files/oracle/keys/
 
 so_repo:
   pkgrepo.managed:

salt/salt/map.jinja

@@ -1,7 +1,7 @@
 {% import_yaml 'salt/minion.defaults.yaml' as saltminion %}
 {% set SALTVERSION = saltminion.salt.minion.version %}
 
-{% if grains.os == 'Ubuntu' %}
+{% if grains.os_family == 'Debian' %}
   {% set SPLITCHAR = '+' %}
   {% set SALTNOTHELD = salt['cmd.run']('apt-mark showhold | grep -q salt ; echo $?', python_shell=True) %}
   {% set SALTPACKAGES = ['salt-common', 'salt-master', 'salt-minion'] %}
@@ -20,9 +20,9 @@
 {% set INSTALLEDSALTVERSION = grains.saltversion %}
 
 {% if grains.saltversion|string != SALTVERSION|string %}
-  {% if grains.os|lower in ['Rocky', 'redhat'] %}
+  {% if grains.os|lower in ['Rocky', 'redhat', 'CentOS Stream'] %}
       {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
-  {% elif grains.os|lower == 'ubuntu' %}
+  {% elif grains.os_family|lower == 'debian' %}
     {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
   {% endif %}
 {% else %}

salt/strelka/tools/sbin_jinja/so-yara-download

@@ -0,0 +1,21 @@
+#!/bin/bash
+NOROOT=1
+. /usr/sbin/so-common
+
+{%- set proxy = salt['pillar.get']('manager:proxy') %}
+
+# Download the rules from the internet
+{%- if proxy %}
+export http_proxy={{ proxy }} 
+export https_proxy={{ proxy }} 
+export no_proxy= salt['pillar.get']('manager:no_proxy') 
+{%- endif %}
+
+mkdir -p /tmp/yara
+cd /tmp/yara
+git clone https://github.com/Security-Onion-Solutions/securityonion-yara.git
+mkdir -p /nsm/rules/yara
+rsync -shav --progress /tmp/yara/securityonion-yara/yara /nsm/rules/
+cd /tmp
+rm -rf /tmp/yara
+

salt/vars/globals.map.jinja

@@ -28,6 +28,7 @@
     'so_model': INIT.GRAINS.get('sosmodel',''),
     'sensoroni_key': INIT.PILLAR.sensoroni.config.sensoronikey,
     'os': INIT.GRAINS.os,
+    'os_family': INIT.GRAINS.os_family,
     'application_urls': {},
     'manager_roles': [
       'so-eval',

setup/so-functions

@@ -680,10 +680,10 @@ configure_ntp() {
 		'rtcsync' \
 		'logdir /var/log/chrony' >> $chrony_conf
 
-	if [ "$OS" == 'rocky' ]; then
+	if [[ $is_rpm ]]; then
 		systemctl enable chronyd
 		systemctl restart chronyd
-	elif [ "$OS" == 'ubuntu' ]; then
+	else 
 		systemctl enable chrony
 		systemctl restart chrony
 	fi
@@ -949,21 +949,59 @@ detect_os() {
 			OS=rocky
 			OSVER=9
 			is_rocky=true
-			pkgman="dnf"
+			is_rpm=true
+			not_supported=true
+			unset is_supported
+		elif grep -q "CentOS Stream release 9" /etc/redhat-release; then
+			OS=centos
+			OSVER=9
+			is_centos=true
+			is_rpm=true
+			not_supported=true
+			unset is_supported
+		elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then
+			if [ -f /etc/oracle-release ]; then
+				OS=oracle
+				OSVER=9
+				is_oracle=true
+				is_rpm=true
+				is_supported=true
 			else
-			info "We do not support the operating system you are trying to use."
+				OS=rhel
-			fail_setup
+				OSVER=9
+				is_rhel=true
+				is_rpm=true
+				not_supported=true
+				unset is_supported
+			fi
 		fi
-
 	elif [ -f /etc/os-release ]; then
-		OS=ubuntu
 		if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then
 			OSVER=focal
+			UBVER=20.04
+			OS=ubuntu
 			is_ubuntu=true
-		else
+			is_deb=true
-			info "We do not support your current version of Ubuntu."
+			not_supported=true
-			fail_setup
+			unset is_supported
+		elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then
+			OSVER=jammy
+			UBVER=22.04
+			OS=ubuntu
+			is_ubuntu=true
+			is_deb=true
+			not_supported=true
+			unset is_supported
+		elif grep -q "VERSION_CODENAME=bookworm" /etc/os-release; then
+			OSVER=bookworm
+			DEBVER=12
+			is_debian=true
+			OS=debian
+			is_deb=true
+			not_supported=true
+			unset is_supported
 		fi
+		installer_prereq_packages
 
 	else
 		info "We were unable to determine if you are using a supported OS."
@@ -971,7 +1009,6 @@ detect_os() {
 	fi
 
 	info "Found OS: $OS $OSVER"
-
 }
 
 download_elastic_agent_artifacts() {
@@ -1007,28 +1044,20 @@ installer_progress_loop() {
 }
 
 installer_prereq_packages() {	
-#	if [ "$OS" == rocky ]; then
+	if [[ $is_deb ]]; then
-#		if [[ ! $is_iso ]]; then
-#			if ! command -v nmcli > /dev/null 2>&1; then
-#				logCmd "dnf -y install NetworkManager"
-#			fi
-#		fi
-#		logCmd "systemctl enable NetworkManager"
-#		logCmd "systemctl start NetworkManager"
-#	el
-	
-	if [ "$OS" == ubuntu ]; then
 		# Print message to stdout so the user knows setup is doing something
 		info "Running apt-get update"
 		retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup
 		# Install network manager so we can do interface stuff
 		if ! command -v nmcli > /dev/null 2>&1; then
 			info "Installing network-manager"
-			retry 150 10 "apt-get -y install network-manager" >> "$setup_log" 2>&1 || fail_setup
+			retry 150 10 "apt-get -y install network-manager ethtool" >> "$setup_log" 2>&1 || fail_setup
-			{
+			if [[ $is_debian ]]; then
-				systemctl enable NetworkManager
+				info "Enabling network manager for the main interface"
-				systemctl start NetworkManager
+				logCmd "sed -i 's/managed=false/managed=true/g' /etc/NetworkManager/NetworkManager.conf" 
-			} >> "$setup_log" 2<&1
+			fi
+			logCmd systemctl enable NetworkManager
+			logCmd systemctl start NetworkManager			
 		fi
 		if ! command -v curl > /dev/null 2>&1; then
 			retry 150 10 "apt-get -y install curl"  >> "$setup_log" 2>&1 || fail_setup
@@ -1575,7 +1604,7 @@ network_init() {
 	title "Initializing Network"
 	disable_ipv6
 	set_hostname
-	if [[ ( $is_iso || $is_desktop_iso ) ]]; then
+	if [[ ( $is_iso || $is_desktop_iso || $is_debian ) ]]; then
 		set_management_interface
 	fi
 }
@@ -1740,7 +1769,7 @@ reserve_ports() {
 reinstall_init() {
 	info "Putting system in state to run setup again"
 
-	if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
+	if [[ $install_type =~ ^(MANAGER|EVAL|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
 		local salt_services=( "salt-master" "salt-minion" )
 	else
 		local salt_services=( "salt-minion" )
@@ -1815,7 +1844,7 @@ reinstall_init() {
 		# Remove the old launcher package in case the config changes
 		remove_package launcher-final
 
-		if [[ $OS == 'ubuntu' ]]; then
+		if [[ $is_deb ]]; then
 			info "Unholding previously held packages."
 			apt-mark unhold $(apt-mark showhold)
 		fi
@@ -1836,7 +1865,7 @@ reset_proxy() {
 
 	[[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig
 	
-	if [[ $is_rocky ]]; then
+	if [[ $is_rpm ]]; then
 		sed -i "/proxy=/d" /etc/dnf/dnf.conf
 	else
 		[[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf
@@ -1882,7 +1911,7 @@ drop_install_options() {
 
 remove_package() {
 	local package_name=$1
-	if [[ $is_rocky ]]; then
+	if [[ $is_rpm ]]; then
 		if rpm -qa | grep -q "$package_name"; then
 			logCmd "dnf remove -y $package_name"
 		fi
@@ -1903,11 +1932,10 @@ remove_package() {
 
 securityonion_repo() {
 	# Remove all the current repos
-	if [[ $is_rocky ]]; then
+	if [[ $is_oracle ]]; then
 		logCmd "dnf -v clean all"
 		logCmd "mkdir -vp /root/oldrepos"
 		logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
-		logCmd "ls -la /etc/yum.repos.d/"
 		if [[ ! $waitforstate ]]; then
 			echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo
 			echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo
@@ -1922,20 +1950,13 @@ securityonion_repo() {
 			echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
 			echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
 		fi
-
-		# need to yum clean all before repo conf files are removed or clean,cleans nothing
-		logCmd "dnf repolist all"
-		# update this package because the repo config files get added back
-		# if the package is updated when the update_packages function is called
-		if [ -f "/etc/yum.repos.d/rocky.repo" ]; then
-			info "Backing up the .repo files that were added by the centos-release package."
-			logCmd "mv -bvf /etc/yum.repos.d/rocky* /root/oldrepos/"
-			logCmd "dnf repolist all"
 	fi
+	if [[ $is_rpm ]]; then logCmd "dnf repolist all"; fi
 	if [[ $waitforstate ]]; then
 		if [[ ! $is_airgap ]]; then
+			if [[ $is_rpm ]]; then
 				# Build the repo locally so we can use it
-				echo "Syncing Repo"
+				echo "Syncing Repos"
 				repo_sync_local
 			fi
 		fi
@@ -1943,13 +1964,15 @@ securityonion_repo() {
 }
 
 repo_sync_local() {
+	info "Repo Sync"
+	if [[ $is_supported ]]; then
 		# Sync the repo from the the SO repo locally.
 		# Check for reposync
 		info "Backing up old repos"
 		mkdir -p /nsm/repo
 		mkdir -p /opt/so/conf/reposync/cache
-	echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt
+		echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /opt/so/conf/reposync/mirror.txt
-	echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt
+		echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /opt/so/conf/reposync/mirror.txt
 		echo "[main]" > /opt/so/conf/reposync/repodownload.conf
 		echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
 		echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
@@ -1960,28 +1983,52 @@ repo_sync_local() {
 		echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
 		echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
 		echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
-	echo "#baseurl=https://repo.securityonion.net/file/so-repo/2.4/" >> /opt/so/conf/reposync/repodownload.conf
 		echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf
 		echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
 		echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
 	
 		logCmd "dnf repolist"
-	# Make sure we can get to the sig repo
+		
-	# TODO Add if for ISO install
+		if [[ ! $is_airgap ]]; then
         	curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
 			logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
+		fi
 
 	# After the download is complete run createrepo
 	create_repo
-
+	else
+		# Add the proper repos for unsupported stuff
+		echo "Adding Repos"
+		if [[ $is_rpm ]]; then
+			dnf -y install epel-release
+			dnf install -y yum-utils device-mapper-persistent-data lvm2
+			curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo
+			rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
+			if [[ $is_rhel ]]; then
+				dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
+				curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
+			else
+				dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+				curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
+			fi
+			if [[ $is_rocky ]]; then
+				dnf config-manager --set-enabled crb
+				dnf repolist
+			fi
+		else
+			echo "Not sure how you got here."
+			exit 1
+		fi
+	fi
 }
 
 saltify() {
+	info "Installing Salt"
 	SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //')
-	if [[ $is_ubuntu ]]; then
+	if [[ $is_deb ]]; then
 
 		DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || fail_setup
-		update-alternatives --install /usr/bin/python python /usr/bin/python3.8 10 
+		if [ $OSVER == "focal" ]; then update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10; fi
 		local pkg_arr=(
 			'apache2-utils'
 			'ca-certificates'
@@ -1989,17 +2036,35 @@ saltify() {
 			'software-properties-common'
 			'apt-transport-https'
 			'openssl'
-			'netcat'
+			'netcat-openbsd'
 			'jq'
+			'gnupg'
 		)
 		retry 150 20 "apt-get -y install ${pkg_arr[*]}" || fail_setup
 
 		logCmd "mkdir -vp /etc/apt/keyrings"
-		#logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub"
 		logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg"
 
-		logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
+		if [[ $is_ubuntu ]]; then
-		echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/minor/$SALTVERSION/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list
+
+			# Add Salt Repo
+			logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
+			echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ $OSVER main" | sudo tee /etc/apt/sources.list.d/salt.list
+
+			# Add Docker Repo
+			add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 
+		
+		else
+			# Add Salt Repo *NOTE* You have to use debian 11 since it isn't out for 12
+			logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
+			echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/ bullseye main" | sudo tee /etc/apt/sources.list.d/salt.list
+
+			# Add Docker Repo
+			curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+			echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $OSVER stable" > /etc/apt/sources.list.d/docker.list 
+		
+		fi
+
 		logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg"
 
 		#logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub"
@@ -2008,19 +2073,20 @@ saltify() {
 		# Add SO Saltstack Repo
 		#echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list
 
-		# Add Docker Repo
-		add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 
-		
 		# Ain't nothing but a GPG 
 
 		retry 150 20 "apt-get update" "" "Err:" || fail_setup
+		if [[ $waitforstate ]]; then
+			retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION salt-master=$SALTVERSION" || fail_setup
+			retry 150 20 "apt-mark hold salt-minion salt-common salt-master" || fail_setup
+			retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1
+		else
 			retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup
 			retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup
-		#retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1
+		fi
-
 	fi
 		
-	if [[ $is_rocky ]]; then
+	if [[ $is_rpm ]]; then
 		if [[ $waitforstate ]]; then 
 			# install all for a manager
 			logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION"
@@ -2164,7 +2230,7 @@ set_proxy() {
 		"}" > /root/.docker/config.json
 
 	# Set proxy for package manager
-	if [[ $is_rocky ]]; then
+	if [[ $is_rpm ]]; then
 		echo "proxy=$so_proxy" >> /etc/yum.conf
 	else
 		# Set it up so the updates roll through the manager
@@ -2292,6 +2358,7 @@ set_management_interface() {
 	if [ "$address_type" = 'DHCP' ]; then
 		logCmd "nmcli con mod $MNIC connection.autoconnect yes"
 		logCmd "nmcli con up $MNIC"
+		logCmd "nmcli -p connection show $MNIC"
 	else
 		# Set Static IP
 		nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\
@@ -2335,22 +2402,6 @@ so_add_user() {
 	fi
 }
 
-ubuntu_check() {
-	if [[ $OS == "ubuntu" ]]; then
-		if [[ $waitforstate ]]; then
-			whiptail_ubuntu_notsupported
-			fail_setup
-		else
-		    if [[ $UBUNTUINSTALL == "needtoupgrade" ]]; then
-				whiptail_ubuntu_warning
-			else
-				whiptail_ubuntu_notsupported
-				fail_setup
-			fi
-		fi
-	fi
-}
-
 update_sudoers_for_testing() {
 	if [ -n "$TESTING" ]; then
 		info "Ensuring $INSTALLUSERNAME has password-less sudo access for automated testing purposes."
@@ -2359,15 +2410,15 @@ update_sudoers_for_testing() {
 }
 
 update_packages() {
-	if [[ $is_rocky ]]; then
+	if [[ $is_oracle ]]; then
 		logCmd "dnf repolist"
 		logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*"
-		RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo")
+		RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo")
-		info "Removing repo files added by rocky-repos package update"
+		info "Removing repo files added by oracle-repos package update"
 		for FILE in ${RMREPOFILES[@]}; do
 			logCmd "rm -f /etc/yum.repos.d/$FILE"
 		done
-	else
+	elif [[ $is_deb ]]; then
 		info "Running apt-get update"
 		retry 150 10 "apt-get -y update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup
 		info "Running apt-get upgrade"

setup/so-setup

@@ -65,6 +65,27 @@ done
 # Let's see what OS we are dealing with here
 detect_os
 
+# Ubuntu/Debian whiptail pallete to make it look the same as CentOS and Rocky.
+set_palette >> $setup_log 2>&1
+
+if [[ $not_supported ]]; then
+	if [[ "$OSVER" == "focal" ]]; then
+		if (whiptail_focal_warning); then
+			true
+		else
+			info "User cancelled setup."
+			whiptail_cancel
+		fi
+	else
+		if (whiptail_unsupported_os_warning); then
+			true
+		else
+			info "User cancelled setup."
+			whiptail_cancel
+		fi
+	fi
+fi
+
 # Check to see if this is the setup type of "desktop".
 is_desktop=
 if [ "$setup_type" = 'desktop' ]; then
@@ -78,7 +99,7 @@ fi
 # Make sure if ISO is specified that we are dealing with CentOS or Rocky
 title "Detecting if this is an ISO install"
 if [[ "$setup_type" == 'iso' ]]; then
-	if [[ $is_centos || $is_rocky ]]; then
+	if [[ $is_rpm ]]; then
 		is_iso=true
 	else
 		echo "Only use 'so-setup iso' for an ISO install on Security Onion ISO images. Please run 'so-setup network' instead."
@@ -91,8 +112,10 @@ if [[ $is_desktop ]]; then
 	title "This is a desktop install"
 
 	# Make sure it's CentOS or Rocky Linux
-	if [[ ! $is_rocky ]]; then
+	if [[ $is_rpm ]]; then
-		info "Security Onion Desktop is only supported on Rocky Linux 9"
+		info "Security Onion Desktop is supported on this OS."
+	else
+		info "Security Onion Desktop is not supported on this OS."
 		exit 1
 	fi
 
@@ -245,9 +268,6 @@ local_sbin="$(pwd)/../salt/common/tools/sbin"
 manager_sbin="$(pwd)/../salt/manager/tools/sbin"
 export PATH=$PATH:$local_sbin:$manager_sbin
 
-# Ubuntu whiptail pallete to make it look the same as CentOS and Rocky.
-set_palette >> $setup_log 2>&1
-
 # Kernel messages can overwrite whiptail screen #812
 # https://github.com/Security-Onion-Solutions/securityonion/issues/812
 dmesg -D
@@ -401,7 +421,6 @@ if ! [[ -f $install_opt_file ]]; then
 		info "Setting up as node type manager"
 		check_elastic_license
 		waitforstate=true
-		#ubuntu_check
 		[[ $is_iso ]] && whiptail_airgap
 		check_requirements "manager"
 		networking_needful

setup/so-whiptail

@@ -455,6 +455,28 @@ __append_end_msg() {
 	EOM
 }
 
+whiptail_focal_warning() {
+
+	[ -n "$TESTING" ] && return
+
+	read -r -d '' focal_warning_continue <<- EOM
+
+	WARNING: Ubuntu 20.04 is only supported as a minion role.
+
+	This node may not install or operate as expected if installed
+	as a manager, managersearch, standalone, eval, or import.
+
+	Would you like to continue the install?
+
+	EOM
+	whiptail --title "$whiptail_title" \
+		--yesno "$focal_warning_continue" 14 75 --defaultno
+
+	local exitstatus=$?
+	return $exitstatus
+
+}
+
 whiptail_gauge_post_setup() {
 
 	if [ -n "$TESTING" ]; then
@@ -523,7 +545,7 @@ whiptail_install_type() {
 	[ -n "$TESTING" ] && return
 
 	# What kind of install are we doing?
-	if [[ $OS = 'rocky' ]]; then
+#	if [[ $is_rocky || $is_centos ]]; then
 		install_type=$(whiptail --title "$whiptail_title" --menu \
 		"What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \
 			"IMPORT" "Import PCAP or log files " \
@@ -533,14 +555,14 @@ whiptail_install_type() {
 			"OTHER" "Other install types" \
 			3>&1 1>&2 2>&3
 		)
-	elif [[ $OS = 'ubuntu' ]]; then
+#	elif [[ $is_ubuntu ]]; then
-		install_type=$(whiptail --title "$whiptail_title" --menu \
+#		install_type=$(whiptail --title "$whiptail_title" --menu \
-		"What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \
+#		"What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \
-			"DISTRIBUTED" "Distributed install submenu " \
+#			"DISTRIBUTED" "Distributed install submenu " \
-			"OTHER" "Other install types" \
+#			"OTHER" "Other install types" \
-			3>&1 1>&2 2>&3
+#			3>&1 1>&2 2>&3
-		)
+#		)
-	fi
+#	fi
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -563,18 +585,18 @@ whiptail_install_type_dist() {
 
 	[ -n "$TESTING" ] && return
 
-	if [[ $OS = 'rocky' ]]; then
+#	if [[ $is_rocky || $is_centos ]]; then
 	dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \
 		"New Deployment         " "Create a new Security Onion deployment" \
 		"Existing Deployment    " "Join to an existing Security Onion deployment " \
 		 3>&1 1>&2 2>&3
 	)
-	elif [[ $OS = 'ubuntu' ]]; then
+#	elif [[ $is_ubuntu ]]; then
-	dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \
+#	dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \
-		"Existing Deployment    " "Join to an existing Security Onion deployment " \
+#		"Existing Deployment    " "Join to an existing Security Onion deployment " \
-		 3>&1 1>&2 2>&3
+#		 3>&1 1>&2 2>&3
-	)
+#	)
-	fi
+#	fi
 
 	local exitstatus=$?
 	whiptail_check_exitstatus $exitstatus
@@ -1426,6 +1448,27 @@ whiptail_ubuntu_warning() {
 	whiptail --title "$whiptail_title"  --msgbox "$message" 14 75
 
 }
+
+whiptail_unsupported_os_warning() {
+
+	[ -n "$TESTING" ] && return
+
+	read -r -d '' unsupported_os_continue <<- EOM
+	
+	WARNING: An unsupported operating system has been detected. 
+	Security Onion may not install or operate as expected. 
+
+	Would you like to continue the install?
+
+	EOM
+	whiptail --title "$whiptail_title" \
+		--yesno "$unsupported_os_continue" 14 75 --defaultno
+
+	local exitstatus=$?
+	return $exitstatus
+
+}
+
 whiptail_uppercase_warning() {
 
 	[ -n "$TESTING" ] && return