mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
Merge remote-tracking branch 'origin/2.4/dev' into 2.4/mysql
This commit is contained in:
m0duspwnens
@@ -10,6 +10,14 @@ def check():
|
|||||||
if path.exists('/var/run/reboot-required'):
|
if path.exists('/var/run/reboot-required'):
|
||||||
retval = 'True'
|
retval = 'True'
|
||||||
|
|
||||||
|
elif os == 'CentOS Stream':
|
||||||
|
cmd = 'needs-restarting -r > /dev/null 2>&1'
|
||||||
|
|
||||||
|
try:
|
||||||
|
needs_restarting = subprocess.check_call(cmd, shell=True)
|
||||||
|
except subprocess.CalledProcessError:
|
||||||
|
retval = 'True'
|
||||||
|
|
||||||
elif os == 'Rocky':
|
elif os == 'Rocky':
|
||||||
cmd = 'needs-restarting -r > /dev/null 2>&1'
|
cmd = 'needs-restarting -r > /dev/null 2>&1'
|
||||||
|
|
||||||
|
|||||||
@@ -195,7 +195,7 @@ soversionfile:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
|
{% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
|
||||||
{% if GLOBALS.os == 'Rocky' %}
|
{% if GLOBALS.os == 'OEL' %}
|
||||||
# Install Raid tools
|
# Install Raid tools
|
||||||
raidpkgs:
|
raidpkgs:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
@@ -217,8 +217,7 @@ so-raid-status:
|
|||||||
- month: '*'
|
- month: '*'
|
||||||
- dayweek: '*'
|
- dayweek: '*'
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
||||||
{{sls}}_state_not_allowed:
|
{{sls}}_state_not_allowed:
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||||
|
|
||||||
{% if GLOBALS.os == 'Ubuntu' %}
|
{% if GLOBALS.os_family == 'Debian' %}
|
||||||
commonpkgs:
|
commonpkgs:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
- skip_suggestions: True
|
- skip_suggestions: True
|
||||||
@@ -14,16 +14,24 @@ commonpkgs:
|
|||||||
- software-properties-common
|
- software-properties-common
|
||||||
- apt-transport-https
|
- apt-transport-https
|
||||||
- openssl
|
- openssl
|
||||||
- netcat
|
- netcat-openbsd
|
||||||
- sqlite3
|
- sqlite3
|
||||||
- libssl-dev
|
- libssl-dev
|
||||||
- python3-dateutil
|
- python3-dateutil
|
||||||
|
- python3-docker
|
||||||
- python3-packaging
|
- python3-packaging
|
||||||
- python3-watchdog
|
- python3-watchdog
|
||||||
- python3-lxml
|
- python3-lxml
|
||||||
- git
|
- git
|
||||||
|
- rsync
|
||||||
- vim
|
- vim
|
||||||
|
- tar
|
||||||
|
- unzip
|
||||||
|
{% if grains.oscodename != 'focal' %}
|
||||||
|
- python3-rich
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if grains.oscodename == 'focal' %}
|
||||||
# since Ubuntu requires and internet connection we can use pip to install modules
|
# since Ubuntu requires and internet connection we can use pip to install modules
|
||||||
python3-pip:
|
python3-pip:
|
||||||
pkg.installed
|
pkg.installed
|
||||||
@@ -34,9 +42,10 @@ python-rich:
|
|||||||
- target: /usr/local/lib/python3.8/dist-packages/
|
- target: /usr/local/lib/python3.8/dist-packages/
|
||||||
- require:
|
- require:
|
||||||
- pkg: python3-pip
|
- pkg: python3-pip
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if GLOBALS.os_family == 'RedHat' %}
|
||||||
{% elif GLOBALS.os == 'Rocky' %}
|
|
||||||
commonpkgs:
|
commonpkgs:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
- skip_suggestions: True
|
- skip_suggestions: True
|
||||||
@@ -48,7 +57,11 @@ commonpkgs:
|
|||||||
- net-tools
|
- net-tools
|
||||||
- curl
|
- curl
|
||||||
- sqlite
|
- sqlite
|
||||||
|
{% if GLOBALS.os == 'CentOS Stream' %}
|
||||||
|
- MariaDB-devel
|
||||||
|
{% else %}
|
||||||
- mariadb-devel
|
- mariadb-devel
|
||||||
|
{% endif %}
|
||||||
- python3-dnf-plugin-versionlock
|
- python3-dnf-plugin-versionlock
|
||||||
- nmap-ncat
|
- nmap-ncat
|
||||||
- yum-utils
|
- yum-utils
|
||||||
@@ -64,4 +77,8 @@ commonpkgs:
|
|||||||
- python3-watchdog
|
- python3-watchdog
|
||||||
- python3-packaging
|
- python3-packaging
|
||||||
- unzip
|
- unzip
|
||||||
|
- fuse
|
||||||
|
- fuse-libs
|
||||||
|
- fuse-overlayfs
|
||||||
|
- fuse-common
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
@@ -199,19 +199,20 @@ get_random_value() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
gpg_rpm_import() {
|
gpg_rpm_import() {
|
||||||
if [[ "$OS" == "rocky" ]]; then
|
if [[ $is_oracle ]]; then
|
||||||
if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then
|
if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then
|
||||||
local RPMKEYSLOC="../salt/repo/client/files/rocky/keys"
|
local RPMKEYSLOC="../salt/repo/client/files/$OS/keys"
|
||||||
else
|
else
|
||||||
local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/rocky/keys"
|
local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys"
|
||||||
fi
|
fi
|
||||||
|
RPMKEYS=('RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY')
|
||||||
RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub')
|
for RPMKEY in "${RPMKEYS[@]}"; do
|
||||||
|
|
||||||
for RPMKEY in "${RPMKEYS[@]}"; do
|
|
||||||
rpm --import $RPMKEYSLOC/$RPMKEY
|
rpm --import $RPMKEYSLOC/$RPMKEY
|
||||||
echo "Imported $RPMKEY"
|
echo "Imported $RPMKEY"
|
||||||
done
|
done
|
||||||
|
else
|
||||||
|
info "Importing the security onion GPG key"
|
||||||
|
rpm --import ../salt/repo/client/files/oracle/keys/securityonion.pub
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -395,19 +396,22 @@ salt_minion_count() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
set_cron_service_name() {
|
|
||||||
if [[ "$OS" == "rocky" ]]; then
|
|
||||||
cron_service_name="crond"
|
|
||||||
else
|
|
||||||
cron_service_name="cron"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
set_os() {
|
set_os() {
|
||||||
if [ -f /etc/redhat-release ]; then
|
if [ -f /etc/redhat-release ]; then
|
||||||
OS=rocky
|
if grep -q "Rocky Linux release 9" /etc/redhat-release; then
|
||||||
|
OS=rocky
|
||||||
|
OSVER=9
|
||||||
|
is_rocky=true
|
||||||
|
elif grep -q "CentOS Stream release 9" /etc/redhat-release; then
|
||||||
|
OS=centos
|
||||||
|
OSVER=9
|
||||||
|
is_centos=true
|
||||||
|
fi
|
||||||
|
cron_service_name="crond"
|
||||||
else
|
else
|
||||||
OS=ubuntu
|
OS=ubuntu
|
||||||
|
is_ubuntu=true
|
||||||
|
cron_service_name="cron"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -416,7 +420,7 @@ set_minionid() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
set_palette() {
|
set_palette() {
|
||||||
if [ "$OS" == ubuntu ]; then
|
if [[ $is_deb ]]; then
|
||||||
update-alternatives --set newt-palette /etc/newt/palette.original
|
update-alternatives --set newt-palette /etc/newt/palette.original
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -27,6 +27,32 @@ update_ca_certs:
|
|||||||
- onchanges:
|
- onchanges:
|
||||||
- x509: trusted_ca
|
- x509: trusted_ca
|
||||||
|
|
||||||
|
{% elif GLOBALS.os == 'CentOS Stream' %}
|
||||||
|
|
||||||
|
{% set global_ca_text = [] %}
|
||||||
|
{% set global_ca_server = [] %}
|
||||||
|
{% set manager = GLOBALS.manager %}
|
||||||
|
{% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
|
||||||
|
{% for host in x509dict %}
|
||||||
|
{% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import', 'eval'] %}
|
||||||
|
{% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
|
||||||
|
{% do global_ca_server.append(host) %}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% set trusttheca_text = global_ca_text[0] %}
|
||||||
|
{% set ca_server = global_ca_server[0] %}
|
||||||
|
|
||||||
|
trusted_ca:
|
||||||
|
x509.pem_managed:
|
||||||
|
- name: /etc/pki/ca-trust/source/anchors/ca.crt
|
||||||
|
- text: {{ trusttheca_text }}
|
||||||
|
|
||||||
|
update_ca_certs:
|
||||||
|
cmd.run:
|
||||||
|
- name: update-ca-trust
|
||||||
|
- onchanges:
|
||||||
|
- x509: trusted_ca
|
||||||
|
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
||||||
desktop_trusted-ca_os_fail:
|
desktop_trusted-ca_os_fail:
|
||||||
|
|||||||
@@ -12,7 +12,28 @@ dockergroup:
|
|||||||
- name: docker
|
- name: docker
|
||||||
- gid: 920
|
- gid: 920
|
||||||
|
|
||||||
{% if GLOBALS.os == 'Ubuntu' %}
|
{% if GLOBALS.os_family == 'Debian' %}
|
||||||
|
{% if grains.oscodename == 'bookworm' %}
|
||||||
|
dockerheldpackages:
|
||||||
|
pkg.installed:
|
||||||
|
- pkgs:
|
||||||
|
- containerd.io: 1.6.21-1
|
||||||
|
- docker-ce: 5:24.0.3-1~debian.12~bookworm
|
||||||
|
- docker-ce-cli: 5:24.0.3-1~debian.12~bookworm
|
||||||
|
- docker-ce-rootless-extras: 5:24.0.3-1~debian.12~bookworm
|
||||||
|
- hold: True
|
||||||
|
- update_holds: True
|
||||||
|
{% elif grains.oscodename == 'jammy' %}
|
||||||
|
dockerheldpackages:
|
||||||
|
pkg.installed:
|
||||||
|
- pkgs:
|
||||||
|
- containerd.io: 1.6.21-1
|
||||||
|
- docker-ce: 5:24.0.2-1~ubuntu.22.04~jammy
|
||||||
|
- docker-ce-cli: 5:24.0.2-1~ubuntu.22.04~jammy
|
||||||
|
- docker-ce-rootless-extras: 5:24.0.2-1~ubuntu.22.04~jammy
|
||||||
|
- hold: True
|
||||||
|
- update_holds: True
|
||||||
|
{% else %}
|
||||||
dockerheldpackages:
|
dockerheldpackages:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
- pkgs:
|
- pkgs:
|
||||||
@@ -22,14 +43,15 @@ dockerheldpackages:
|
|||||||
- docker-ce-rootless-extras: 5:20.10.5~3-0~ubuntu-focal
|
- docker-ce-rootless-extras: 5:20.10.5~3-0~ubuntu-focal
|
||||||
- hold: True
|
- hold: True
|
||||||
- update_holds: True
|
- update_holds: True
|
||||||
|
{% endif %}
|
||||||
{% else %}
|
{% else %}
|
||||||
dockerheldpackages:
|
dockerheldpackages:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
- pkgs:
|
- pkgs:
|
||||||
- containerd.io: 1.6.21-3.1.el9
|
- containerd.io: 1.6.21-3.1.el9
|
||||||
- docker-ce: 24.0.2-1.el9
|
- docker-ce: 24.0.4-1.el9
|
||||||
- docker-ce-cli: 24.0.2-1.el9
|
- docker-ce-cli: 24.0.4-1.el9
|
||||||
- docker-ce-rootless-extras: 24.0.2-1.el9
|
- docker-ce-rootless-extras: 24.0.4-1.el9
|
||||||
- hold: True
|
- hold: True
|
||||||
- update_holds: True
|
- update_holds: True
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
@@ -62,6 +62,9 @@ so-elastic-fleet:
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
- binds:
|
- binds:
|
||||||
- /etc/pki:/etc/pki:ro
|
- /etc/pki:/etc/pki:ro
|
||||||
|
{% if GLOBALS.os_family == 'Debian' %}
|
||||||
|
- /etc/ssl:/etc/ssl:ro
|
||||||
|
{% endif %}
|
||||||
#- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw
|
#- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw
|
||||||
{% if DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
|
{% if DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
|
||||||
{% for BIND in DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
|
{% for BIND in DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
|
||||||
@@ -70,14 +73,20 @@ so-elastic-fleet:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
- environment:
|
- environment:
|
||||||
- FLEET_SERVER_ENABLE=true
|
- FLEET_SERVER_ENABLE=true
|
||||||
- FLEET_URL=https://{{ GLOBALS.node_ip }}:8220
|
- FLEET_URL=https://{{ GLOBALS.hostname }}:8220
|
||||||
- FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager }}:9200
|
- FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager }}:9200
|
||||||
- FLEET_SERVER_SERVICE_TOKEN={{ SERVICETOKEN }}
|
- FLEET_SERVER_SERVICE_TOKEN={{ SERVICETOKEN }}
|
||||||
- FLEET_SERVER_POLICY_ID=FleetServer_{{ GLOBALS.hostname }}
|
- FLEET_SERVER_POLICY_ID=FleetServer_{{ GLOBALS.hostname }}
|
||||||
- FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt
|
|
||||||
- FLEET_SERVER_CERT=/etc/pki/elasticfleet-server.crt
|
- FLEET_SERVER_CERT=/etc/pki/elasticfleet-server.crt
|
||||||
- FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet-server.key
|
- FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet-server.key
|
||||||
|
{% if GLOBALS.os_family == 'Debian' %}
|
||||||
|
- FLEET_CA=/etc/ssl/certs/intca.crt
|
||||||
|
- FLEET_SERVER_ELASTICSEARCH_CA=/etc/ssl/certs/intca.crt
|
||||||
|
{% else %}
|
||||||
- FLEET_CA=/etc/pki/tls/certs/intca.crt
|
- FLEET_CA=/etc/pki/tls/certs/intca.crt
|
||||||
|
- FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
{% if DOCKER.containers['so-elastic-fleet'].extra_env %}
|
{% if DOCKER.containers['so-elastic-fleet'].extra_env %}
|
||||||
{% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %}
|
{% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %}
|
||||||
- {{ XTRAENV }}
|
- {{ XTRAENV }}
|
||||||
|
|||||||
@@ -6,6 +6,12 @@
|
|||||||
# this file except in compliance with the Elastic License 2.0.
|
# this file except in compliance with the Elastic License 2.0.
|
||||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||||
|
|
||||||
|
{% if GLOBALS.os_family == 'Debian' %}
|
||||||
|
INTCA=/etc/ssl/certs/intca.crt
|
||||||
|
{% else %}
|
||||||
|
INTCA=/etc/pki/tls/certs/intca.crt
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
. /usr/sbin/so-elastic-fleet-common
|
. /usr/sbin/so-elastic-fleet-common
|
||||||
|
|
||||||
printf "\n### Create ES Token ###\n"
|
printf "\n### Create ES Token ###\n"
|
||||||
@@ -13,7 +19,7 @@ ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5
|
|||||||
|
|
||||||
### Create Outputs & Fleet URLs ###
|
### Create Outputs & Fleet URLs ###
|
||||||
printf "\nAdd Manager Elasticsearch Output...\n"
|
printf "\nAdd Manager Elasticsearch Output...\n"
|
||||||
ESCACRT=$(openssl x509 -in /etc/pki/tls/certs/intca.crt)
|
ESCACRT=$(openssl x509 -in $INTCA)
|
||||||
JSON_STRING=$( jq -n \
|
JSON_STRING=$( jq -n \
|
||||||
--arg ESCACRT "$ESCACRT" \
|
--arg ESCACRT "$ESCACRT" \
|
||||||
'{"name":"so-manager_elasticsearch","id":"so-manager_elasticsearch","type":"elasticsearch","hosts":["https://{{ GLOBALS.manager_ip }}:9200","https://{{ GLOBALS.manager }}:9200"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate_authorities": [$ESCACRT]}}' )
|
'{"name":"so-manager_elasticsearch","id":"so-manager_elasticsearch","type":"elasticsearch","hosts":["https://{{ GLOBALS.manager_ip }}:9200","https://{{ GLOBALS.manager }}:9200"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate_authorities": [$ESCACRT]}}' )
|
||||||
@@ -22,9 +28,9 @@ printf "\n\n"
|
|||||||
|
|
||||||
printf "\nCreate Logstash Output Config if node is not an Import or Eval install\n"
|
printf "\nCreate Logstash Output Config if node is not an Import or Eval install\n"
|
||||||
{% if grains.role not in ['so-import', 'so-eval'] %}
|
{% if grains.role not in ['so-import', 'so-eval'] %}
|
||||||
LOGSTASHCRT=$(openssl x509 -in /etc/pki/elasticfleet-agent.crt)
|
LOGSTASHCRT=$(openssl x509 -in /etc/pki/elasticfleet-logstash.crt)
|
||||||
LOGSTASHKEY=$(openssl rsa -in /etc/pki/elasticfleet-agent.key)
|
LOGSTASHKEY=$(openssl rsa -in /etc/pki/elasticfleet-logstash.key)
|
||||||
LOGSTASHCA=$(openssl x509 -in /etc/pki/tls/certs/intca.crt)
|
LOGSTASHCA=$(openssl x509 -in $INTCA)
|
||||||
JSON_STRING=$( jq -n \
|
JSON_STRING=$( jq -n \
|
||||||
--arg LOGSTASHCRT "$LOGSTASHCRT" \
|
--arg LOGSTASHCRT "$LOGSTASHCRT" \
|
||||||
--arg LOGSTASHKEY "$LOGSTASHKEY" \
|
--arg LOGSTASHKEY "$LOGSTASHKEY" \
|
||||||
|
|||||||
@@ -651,7 +651,6 @@ main() {
|
|||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
set_os
|
set_os
|
||||||
set_cron_service_name
|
|
||||||
if ! check_salt_master_status; then
|
if ! check_salt_master_status; then
|
||||||
echo "Could not talk to salt master"
|
echo "Could not talk to salt master"
|
||||||
echo "Please run 'systemctl status salt-master' to ensure the salt-master service is running and check the log at /opt/so/log/salt/master."
|
echo "Please run 'systemctl status salt-master' to ensure the salt-master service is running and check the log at /opt/so/log/salt/master."
|
||||||
|
|||||||
@@ -12,12 +12,8 @@ mysqlpkgs:
|
|||||||
pkg.installed:
|
pkg.installed:
|
||||||
- skip_suggestions: False
|
- skip_suggestions: False
|
||||||
- pkgs:
|
- pkgs:
|
||||||
{% if grains['os'] != 'Rocky' %}
|
{% if grains['os_family'] != 'RedHat' %}
|
||||||
{% if grains['oscodename'] == 'bionic' %}
|
|
||||||
- python3-mysqldb
|
- python3-mysqldb
|
||||||
{% elif grains['oscodename'] == 'focal' %}
|
|
||||||
- python3-mysqldb
|
|
||||||
{% endif %}
|
|
||||||
{% else %}
|
{% else %}
|
||||||
- python3-mysqlclient
|
- python3-mysqlclient
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|||||||
@@ -17,7 +17,7 @@ chronyconf:
|
|||||||
- defaults:
|
- defaults:
|
||||||
NTPCONFIG: {{ NTPCONFIG }}
|
NTPCONFIG: {{ NTPCONFIG }}
|
||||||
|
|
||||||
{% if GLOBALS.os == 'Rocky' %}
|
{% if GLOBALS.os_family == 'RedHat' %}
|
||||||
chronyd:
|
chronyd:
|
||||||
{% else %}
|
{% else %}
|
||||||
chrony:
|
chrony:
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ include:
|
|||||||
# Install the registry container
|
# Install the registry container
|
||||||
so-dockerregistry:
|
so-dockerregistry:
|
||||||
docker_container.running:
|
docker_container.running:
|
||||||
- image: ghcr.io/security-onion-solutions/registry:latest
|
- image: ghcr.io/security-onion-solutions/registry:2.8.2
|
||||||
- hostname: so-registry
|
- hostname: so-registry
|
||||||
- networks:
|
- networks:
|
||||||
- sobridge:
|
- sobridge:
|
||||||
|
|||||||
@@ -1,78 +0,0 @@
|
|||||||
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
|
||||||
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
|
||||||
# https://securityonion.net/license; you may not use this file except in compliance with the
|
|
||||||
# Elastic License 2.0.
|
|
||||||
|
|
||||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
|
||||||
{% from 'repo/client/map.jinja' import ABSENTFILES with context %}
|
|
||||||
{% from 'repo/client/map.jinja' import REPOPATH with context %}
|
|
||||||
|
|
||||||
{% if GLOBALS.os == 'CentOS' %}
|
|
||||||
|
|
||||||
{% if ABSENTFILES|length > 0%}
|
|
||||||
{% for file in ABSENTFILES %}
|
|
||||||
{{ file }}:
|
|
||||||
file.absent:
|
|
||||||
- name: {{ REPOPATH }}{{ file }}
|
|
||||||
- onchanges_in:
|
|
||||||
- cmd: cleanyum
|
|
||||||
{% endfor %}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
cleanyum:
|
|
||||||
cmd.run:
|
|
||||||
- name: 'yum clean all'
|
|
||||||
- onchanges:
|
|
||||||
- so_repo
|
|
||||||
|
|
||||||
yumconf:
|
|
||||||
file.managed:
|
|
||||||
- name: /etc/yum.conf
|
|
||||||
- source: salt://repo/client/files/centos/yum.conf.jinja
|
|
||||||
- mode: 644
|
|
||||||
- template: jinja
|
|
||||||
- show_changes: False
|
|
||||||
|
|
||||||
repair_yumdb:
|
|
||||||
cmd.run:
|
|
||||||
- name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all'
|
|
||||||
- onlyif:
|
|
||||||
- 'yum check-update 2>&1 | grep "Error: rpmdb open failed"'
|
|
||||||
|
|
||||||
crsynckeys:
|
|
||||||
file.recurse:
|
|
||||||
- name: /etc/pki/rpm_gpg
|
|
||||||
- source: salt://repo/client/files/centos/keys/
|
|
||||||
|
|
||||||
|
|
||||||
{% if GLOBALS.role in GLOBALS.manager_roles %}
|
|
||||||
so_repo:
|
|
||||||
pkgrepo.managed:
|
|
||||||
- name: securityonion
|
|
||||||
- humanname: Security Onion Repo
|
|
||||||
- baseurl: file:///nsm/repo/
|
|
||||||
- enabled: 1
|
|
||||||
- gpgcheck: 1
|
|
||||||
|
|
||||||
{% else %}
|
|
||||||
so_repo:
|
|
||||||
pkgrepo.managed:
|
|
||||||
- name: securityonion
|
|
||||||
- humanname: Security Onion Repo
|
|
||||||
- baseurl: https://{{ GLOBALS.manager }}/repo
|
|
||||||
- enabled: 1
|
|
||||||
- gpgcheck: 1
|
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
# TODO: Add a pillar entry for custom repos
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1,29 +0,0 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
Version: GnuPG v1.4.11 (GNU/Linux)
|
|
||||||
|
|
||||||
mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB
|
|
||||||
OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm
|
|
||||||
jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP
|
|
||||||
vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM
|
|
||||||
jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5
|
|
||||||
S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ
|
|
||||||
n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB
|
|
||||||
9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95
|
|
||||||
T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj
|
|
||||||
GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf
|
|
||||||
uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB
|
|
||||||
tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB
|
|
||||||
AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk
|
|
||||||
5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q
|
|
||||||
ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu
|
|
||||||
MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re
|
|
||||||
9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax
|
|
||||||
CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv
|
|
||||||
HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB
|
|
||||||
VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q
|
|
||||||
thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc
|
|
||||||
ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4
|
|
||||||
vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt
|
|
||||||
RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw==
|
|
||||||
=hdPa
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
Version: GnuPG v2
|
|
||||||
|
|
||||||
mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9
|
|
||||||
m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW
|
|
||||||
tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw
|
|
||||||
WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts
|
|
||||||
kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA
|
|
||||||
gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr
|
|
||||||
YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT
|
|
||||||
qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q
|
|
||||||
WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1
|
|
||||||
yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o
|
|
||||||
nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU
|
|
||||||
4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA
|
|
||||||
/NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q
|
|
||||||
9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb
|
|
||||||
9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx
|
|
||||||
uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ
|
|
||||||
zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr
|
|
||||||
GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E
|
|
||||||
PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ
|
|
||||||
AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK
|
|
||||||
WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4
|
|
||||||
vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f
|
|
||||||
T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N
|
|
||||||
1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx
|
|
||||||
fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS
|
|
||||||
MA==
|
|
||||||
=dtMN
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
||||||
@@ -1,8 +0,0 @@
|
|||||||
[solocal]
|
|
||||||
name=Security Onion Repo
|
|
||||||
baseurl=file:///nsm/repo/
|
|
||||||
enabled=1
|
|
||||||
gpgcheck=1
|
|
||||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1,17 +0,0 @@
|
|||||||
{% set proxy = salt['pillar.get']('manager:proxy') -%}
|
|
||||||
[main]
|
|
||||||
cachedir=/var/cache/yum/$basearch/$releasever
|
|
||||||
keepcache=0
|
|
||||||
debuglevel=2
|
|
||||||
logfile=/var/log/yum.log
|
|
||||||
exactarch=1
|
|
||||||
obsoletes=1
|
|
||||||
gpgcheck=1
|
|
||||||
plugins=1
|
|
||||||
installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
|
|
||||||
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
|
|
||||||
distroverpkg=centos-release
|
|
||||||
clean_requirements_on_remove=1
|
|
||||||
{% if proxy -%}
|
|
||||||
proxy={{ proxy }}
|
|
||||||
{% endif %}
|
|
||||||
236
salt/repo/client/files/oracle/keys/MariaDB-Server-GPG-KEY
Normal file
236
salt/repo/client/files/oracle/keys/MariaDB-Server-GPG-KEY
Normal file
@@ -0,0 +1,236 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v1.4.14 (GNU/Linux)
|
||||||
|
|
||||||
|
mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis
|
||||||
|
497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM
|
||||||
|
LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8
|
||||||
|
p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn
|
||||||
|
U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb
|
||||||
|
XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j
|
||||||
|
zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx
|
||||||
|
cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H
|
||||||
|
48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ
|
||||||
|
YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu
|
||||||
|
b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
|
||||||
|
CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3
|
||||||
|
kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I
|
||||||
|
9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3
|
||||||
|
P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb
|
||||||
|
Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF
|
||||||
|
iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl
|
||||||
|
sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0
|
||||||
|
u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2
|
||||||
|
YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b
|
||||||
|
GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ
|
||||||
|
7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD
|
||||||
|
EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb
|
||||||
|
LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk
|
||||||
|
Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3
|
||||||
|
d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo
|
||||||
|
8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr
|
||||||
|
q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6
|
||||||
|
4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI
|
||||||
|
UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl
|
||||||
|
J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B
|
||||||
|
TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF
|
||||||
|
F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6
|
||||||
|
+Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR
|
||||||
|
tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYKJAhwEEwEIAAYF
|
||||||
|
AlOoWhYACgkQJhw1C503mSxeqRAApW8UY3vvyKqjoqJu94RIyI7AIkwn4Vw5LxDS
|
||||||
|
gN623ghE2IIwF2Ytp9fMXID8BRZVjnESTrTvuBFp8GT4T1lUEv6zC8tMzZdO9BeU
|
||||||
|
pmT9odeen0h92GKgUfRwWTjViJHSDrV8wHcHhA8FX3mEVy17s7Nvvj2Ki3AIG6WW
|
||||||
|
LzZOSmbQJV+DaHXionQqecsVousCgwwuWWNqKXSJASzcOS1LRoVJDnZyGXmi1thX
|
||||||
|
thU0FcyLyaKjLfCP6ZoorGaxcEev6nxUUWAfO7MWVUTB6ij2PL/d6oRgbyOUsdne
|
||||||
|
NRBa6sblLDRivI38KKC5GCw7Eh4yoQJzG2r3QQBgJto/bDoUMJW+EFeM2qgcISCD
|
||||||
|
6eGrVy9ZHVBOPgBS8awEAvaR5/Gy/kn6YYUg5ReC8O+HCWDIxVrbrwyeCxHg+HUI
|
||||||
|
mgtVfyZfLnpBzp0p1jSAlC3N7KWviPt+/MQmW0a7+WMnbVxJiJmJQHuFoGcHFFM8
|
||||||
|
wOA8i1KUXzWgT+IYOw9/nw2qyHMwV3BO/Py9OfRUKlybGar5rGBos7uFHk7pe+Yp
|
||||||
|
7pdES5Ie83Zw7CHMDp8u7VeEJHSqxVd+jaeHl6nnuG1Hoo4AVLTm5ATbj1Zdq+td
|
||||||
|
8sNWVyMue0nRvuAtTlN0iBkH/KVor6GGf2HZYXfDcGu7zojtNHlYXngBuz60YlDL
|
||||||
|
oPeFaoeJAhwEEQEKAAYFAlOoUqcACgkQgHar3gJLs9HE1hAAxzxXG1jNu1ntjEkv
|
||||||
|
M3js4j84rS+JI1XhR+7JalndjXAbHjwMlo/KOLhRtKYXdpkXpGmrE87FDdW8mci5
|
||||||
|
nSahPMn/+vaEdVYyXqo1w0UvZChHxWnsE9FRgggOxTbCZae1P5LVSTB1XZcHZ7+9
|
||||||
|
cG0cO43FCB20AMCOHcFr8j0F4HYi+KllI3kawdV8l6qCy6q06z47v0C+ZxoFcdYj
|
||||||
|
KLYxymaBn+FE9GKEHJZiqMljiKzt41OGpkg3S1vtXl0zqUKfiebo3ZcVMF3xtio8
|
||||||
|
NVpHIQSsqg8Q7zZrLBkPTQw0smCdUFxYMjBOVSZ15z7tFCQMYuHThrf2j2wZv++F
|
||||||
|
cgt9C/6wbGalCNDuOU/dyfyiO95GPQf1nqq2N2vHGIaGMvbqS8oahprEJ3nXEisT
|
||||||
|
TJ+ofh1f+GX4QCO4mjtR1voqKbg9xkMl9Ap/fEgW3btZ1kuhegpekPDgGhGVwJ9V
|
||||||
|
N3w1XVOSUdFmKtArHvBrb6cfV6VHiOuYcPWkTwGckJOwNJhgyUPsjGWwrIp6L0+G
|
||||||
|
4emipfYoIDtFouSjkVF4eXJcr/taguuICj/pn7rsFdYlij5lbcxGVC+aPTcJrdY8
|
||||||
|
v7Zyv2wOcTIrU//7PGPLJI1cdT7gQUYlzVnAJGxhq9CLPZlNJRy9pLDTPxvVXQRz
|
||||||
|
jQxx6RX1pAUPDWJQ2wfmaEHAz0WJAhwEEwECAAYFAlOnjksACgkQDj2OcPh1SrYd
|
||||||
|
tQ/+LOsCj8V0oOzbiTHREBrjr3S7u/58HRD/8zec61rc4FoCp3Fa+3kmhFDIajLj
|
||||||
|
VeRtsSSaOr0u6cue30QsGeHE2cbGPNWIqXV3V80I57O3yXRL2DU4GmDLNIF2/ejy
|
||||||
|
wCSvbHgONEXC4UVPtamHWGqh4sh2ijyJqUx3I0/6afBFn4BVfcsAjNrRe/GwD80/
|
||||||
|
ETkfSui4flyZ330sjqM/N2Hp/YwsOTXKXfAThcjb+qZ2BRVnmpldeK593+dFvFG1
|
||||||
|
FUK3kC8VFqS49fxgxR/Zo7jNEbrltzjzdRb6BBY86tqwbcnrja8MJHA2MpGtGckV
|
||||||
|
9/K/LE2jVJN+qeyLN/EoM86Sd+WIQtVY3oxAYwiVGng83t+CI6NPazVMLIQlciwI
|
||||||
|
lAY+DAGNz+mUTeKwCv7F8sOX91v6PHaB0csvk1I2Is3qwv8zlgnhKdl2R6PzQbsU
|
||||||
|
Ix1+rvsJ99no75GJeVY/D9YzBJ4a0i0Uu7QF/k8F690qDvSTwx71unxX+0PmJqNu
|
||||||
|
2sCVQNgLFt7Qtj9+l1pzulzWlZBSDhIBs5mT0jscwjRykDgfngiWDOymfdMG8eSZ
|
||||||
|
GAK10j+F883uyWlEEFOdA/DBOV3d3Jcm935of4dT1GUmKeoAKixHMkiNT3RvGHlm
|
||||||
|
fEjMq0vdf6inZva0PTzJSkhooMWYBuROHRMZs9PjrdXRHBeIRgQSEQIABgUCU6iz
|
||||||
|
+gAKCRAcAAgvMZOT9D2+AJ9aAZIbjN/m2Jjaojkxg9L5aBWBPQCeJIMpW1iiDELi
|
||||||
|
byKoVnd08EbgxJqIXgQSEQgABgUCU6iz4wAKCRBWtwXK6VQruLL/AQCbgU3t/mfh
|
||||||
|
bMQjuvE2DsE3qXiEVMEbXnxlCiodiMF4UgEAgPIAQcV+Jo+D+p0nHrVl2ClAhhpz
|
||||||
|
W/zuJqtJ24C20ZqJAhwEEAECAAYFAlOocMMACgkQyapz7WGq1jsRNg/+NH09e7g1
|
||||||
|
CuPVa/1cBRoiprBvWXmy734MpkzW4kyVMZjBCQXBCrJFvZgvhQhYrR8jXmj+ZJEr
|
||||||
|
kfX3UHimyhWbBnu+XqIWzWwEtg7bggQN3eFyNcIV/KI9rK7IBQO92AptpTusIdgA
|
||||||
|
DQTFlJO06pF4kE89ZjBALQFbKDY1EJX3hyQEYixOzO4936xbwxoiJKR2J71ZGele
|
||||||
|
xXauhz2kpOd2jg/oMhhAOzldFaWAUBQJZPwl4vZrqVjNcMUNeINGd7++kkfBLfxL
|
||||||
|
xHJ8ynnXWHalsHVzdDRaFqp1Bna8RwrHnDd4Hwd/4Qv7iVZqmLLqEJpIgS1IDMx/
|
||||||
|
BwkrCOD0gluwmxlm3PbbeUKeR/cj6CICFt9TgUJrYm9Vh7n0y8uHKY6PE5J4NX9l
|
||||||
|
D75eoPk2SuYTNgAR4iuI5MYQIKWL7aeKh09piPgrIrja8eDQ5AsklBaDYxOYZrot
|
||||||
|
Xx+sgGXGSLK3eyvZ+hJ8hBX38mydYpswzhvr/vAyKz8TQ6bwnRVlvkMYE+LjevOD
|
||||||
|
Wm9+EfkvBRChJcgDoycoHIFVaQ47Hgu2eGyCRNoMZ3l6O1O4AN5+RXrAJAi06zFs
|
||||||
|
RUnBLqxjSMmYqPYUowAxG0ukougc2HVCl1kMD9NxvK5zOfleUA8wWb5O9Z5tllnD
|
||||||
|
qu7RtIVXAXIJgn2HRDVk+wP8xuY2qJlfo1yJAhwEEAECAAYFAlOpb/EACgkQKPqA
|
||||||
|
GkO91jd+Dg/+NF4QwqLvxgl2TiORDt5HjWHSGMBlaYFBEwrBAgNvwZEH80mAsua6
|
||||||
|
FnfZMSGiFmpVfMUqkjOJVdmA8yERxYFsyGopv/9OmOT2UxV4IZl5YYAJRsPHLjzV
|
||||||
|
MIUKiGPI1yvrhYW91hKRFGIxwqE7XHwWToufwHe5WB6AdeGyoIHtQcw0eTKSJHz2
|
||||||
|
zbpyWKBx0wAK55YqMEQ2rx9qcOjZy3vjxlotwfGnBeR4VT6Oap1DvAkNZ4XcN0Ok
|
||||||
|
AKZbFBEMbJed9fnciwDV+Y/svPb05l+zSgmqJ6axhwSvu7rct+dksfmb0BnF03kh
|
||||||
|
SzNVlu0S/85mhEPgx1/BZxIp34RDbcqWymHsgPyhxwBBlFryfVvJrtyAMWs4T8mn
|
||||||
|
RkqKrNQHMfPOTBioxi2HOyG2eSK8BlQsJS5yccnYaBnSegWaIxkU+2l/yJkYMhl5
|
||||||
|
sXdlmqcTtwv+R+acDkEPe9BQstn0+xOWL6hqpA0EM710LJCkQnB4c/JNgW5CL08k
|
||||||
|
CevBVole5jYJL5rXmUL0U+ZWGZMakFrrrkhuQMEjxecyuOHs4jrnsVVGz/e0hqWv
|
||||||
|
0NnRY9m5UyKEZIA1si8tFIrtrTSgZ5/sGH9/pksQ2HObrKe4LY6zVSyJLXwX1htQ
|
||||||
|
/j0st83YkDZ5mEY0r+Hh/1XOzhWgQ0ONR/MOIKNyjVTHldCrb4WPM4mJAZwEEAEC
|
||||||
|
AAYFAlOo8v0ACgkQrgrV97KweO9sfgv+NKYxgCiWrRjYW80hJE74OEJrjBGQDOJ5
|
||||||
|
MPVvPSH7StOfSMpckLoNWedJJ7RuInOzuUY0lAUH6/ql+Krf4ysHlSGjuu+dDy0d
|
||||||
|
HN3gu994YrjT6hVzEG1OV+sJcTuvgn2qTVYu1ksIV/SZ48l0PRMwPXcu3FSzKvti
|
||||||
|
G1gHFNx1cyzjxwmdT42afKCpR8RvwmWPfbDmEz500iFXsw78EEBXEWo81bXncWdZ
|
||||||
|
Eic8QeVyTWKFldIrZLkL7+RQY3hViu0G5C7gSP39ZU4ZTegqMaEhHzuKtCiNO5Y2
|
||||||
|
+hkYZgRNnUOSrmWO+wkLUNRtG2Strx5Sy9p94fn/decfuRsEJo4L1aMCFGEDfRSD
|
||||||
|
bc3pBG3tr9qvNBAegTTMQlZJcxa52Z7EI56rQGYEPw8kvt/uOqMYybUIxwVATgIt
|
||||||
|
fRy9Jsyz+0DwZfEINkuEFA/S2KCwWys5aZfPDCsqwh0gS/olvT06v97loF8XED0P
|
||||||
|
0irX4/6BHFHDlM8aNnN11p02p5lrTpLGuQQNBEtohLgQEAClnTC/GlBWVno4QVr1
|
||||||
|
IFDl5yVEg6NeMqqRgaS8jH6NSaoJh86B8+LE4ZhLlDYrAc3PhcQ4g4DWTIKUCgAC
|
||||||
|
A4QZTGPwLGdsGTXQhWj8kE42N2opg9nZg114gispcSZqLiLmErkB9kejKqxXlqrE
|
||||||
|
aQZ5VSO79yjJEljotryIv5EG7GJG5Q9bKYaO0hIBHp9KI3x/+RGXL/L0uYw7wlw6
|
||||||
|
l6J6otQU8roq7OEjgXScWQcmlk8M04ceX4aYBn5KpnGYiumQbKZ3fqFMrFbieWc3
|
||||||
|
qSpzWAzB2fUv+78P4L+OExtNOyyqIxl7I/24WacwHeWzU1Xw7G9vFxMEbQzuDgCV
|
||||||
|
99RAqlSs2EgGgLdHtRthDcJNlfVCn9MHNt9ECAaF1YFANAR3f8uX0bhBoKz0j7hb
|
||||||
|
ryuQCvt7sjKUfJ8SL2hhCRcUgR5oCGIQ2YkGlwulqz/I0mgtrKrM+xD6VE2DeiYW
|
||||||
|
e0+1miWQyLqitE2LGuBdXrib/TVg2OYEVOqynnA6raPRyZORs5ap2eWYY+DYSXW5
|
||||||
|
95slzphZLWcWbphGk38HdBu0CdqvUJv4geWvSFpM5iFCn5cU36TVuuqz5K59rz+v
|
||||||
|
Po3m2yb5bkaMcq8evbgVNrTa7cfiUio2U0GTNlkqHMCHERaInPBz9/a6kbm92mWs
|
||||||
|
z9gJT5dOi1g9vlkRdB7aYP+tcwADBQ//R/UM4kh+cyuHWj/dEqoOryTu2W/YYQS/
|
||||||
|
RUSeHy3Lh0xvwOizYzU5zgq/1AsHcNdxLj8vglbm8XRCBIDOrWvmgFPXNoxyoNLo
|
||||||
|
5SUetZSLxoM23kQ9C4QZ0/b+JMN4Crivx4JisdELt6CV3JFmuZY19xk3r8b0r4lK
|
||||||
|
OFZ9JZZIFEipv5TFxA0KnqLq29VLEJ8srVHg/iQD9ngKja/LAh9V8+Ed3mchY2XX
|
||||||
|
KX07evTgYI1OPPCy/92FQYMUhWyCGB6Fm4vQFvuEO7K9nZKEAu6Znm3uZT9InaE6
|
||||||
|
TeSU77ZsgkHSCq5SRaf/iDWHZOn1dVasjXHoZQHFFiTALi1ZqPNZ5ULmFwNUB2pg
|
||||||
|
3QfQdWP8ISCsRaUJW/WEnQlgCyNfwKPVC5kHWLfh+MSSDJsyOjegJTkYJKI2a+1N
|
||||||
|
5Sl7HJj/uIcB3KhkcVP59BLzhUxgoVPi1Ngf7mNNrrbJ8+GfrdNg+iutHJOobxol
|
||||||
|
AudzObQ03lHmauJglCOvg+Pw9JLBZyT8a3xHm9v4Lr365cg0Ho4qqEbrFTRuqcIj
|
||||||
|
G3c6FVLu/RJ8eOfT6KX8k5z96/3CbobkXGYRY6hjCJuZoPMd9z03UcxHONMQ0jt/
|
||||||
|
Ik80WP0gOSnCTgTfKWuS5WXYoSZgMn1P2fLhQydDtJvrDn1SHEwgW1FM82lAlYJZ
|
||||||
|
d+FZQCjhZ8KISQQYEQIACQUCS2iEuAIbDAAKCRDLywgqG7lD29OGAJ4gfMkLP5Az
|
||||||
|
y7iIJOsZon3D/6PDPgCdGF1dwVW/uy+3ao53fvgS0JKO/bg=
|
||||||
|
=bSQ3
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
xsFNBFb8EKsBEADwGmleOSVThrbCyCVUdCreMTKpmD5p5aPz/0jc66050MAb71Hv
|
||||||
|
TVcfuMqHYO8O66qXLpEdqZpuk4D+rw1oKyC+d8uPD2PSHRqBXnR0Qf+LVTZvtO92
|
||||||
|
3R7pYnC2x6V6iVGpKQYFP8cwh2B1qgIa+9y/N8cQIqfD+0ghyiUjjTYek3YFBnqa
|
||||||
|
L/2h2V0Mt0DkBrDK80LqEY10PAFDfJjINAW9XNHZzi2KqUx5w1z8rItokXV6fYE5
|
||||||
|
ItyGMR6WVajJg5D4VCiZd0ymuQP2bGkrRbl6FH5vofVSkahKMJeHs2lbvMvNyS3c
|
||||||
|
n8vxoBvbbcwSAV1gvB1uzXXxv0kdkFZjhU1Tss4+Dak8qeEmIrC5qYycLxIdVEhT
|
||||||
|
Z8N8+P7Dll+QGOZKu9+OzhQ+byzpLFhUHKys53eXo/HrfWtw3DdP21yyb5P3QcgF
|
||||||
|
scxfZHzZtFNUL6XaVnauZM2lqquUW+lMNdKKGCBJ6co4QxjocsxfISyarcFj6ZR0
|
||||||
|
5Hf6VU3Y7AyuFZdL0SQWPv9BSu/swBOimrSiiVHbtE49Nx1x/d1wn1peYl07WRUv
|
||||||
|
C10eF36ZoqEuSGmDz59mWlwB3daIYAsAAiBwgcmN7aSB8XD4ZPUVSEZvwSm/IwuS
|
||||||
|
Rkpde+kIhTLjyv5bRGqU2P/Mi56dB4VFmMJaF26CiRXatxhXOAIAF9dXCwARAQAB
|
||||||
|
zS1NYXJpYURCIFNpZ25pbmcgS2V5IDxzaWduaW5nLWtleUBtYXJpYWRiLm9yZz7C
|
||||||
|
wXgEEwEIACIFAlb8EKsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPFl
|
||||||
|
byTHTNHYJZ0P/2Z2RURRkSTHLKZ/GqSvPReReeB7AI+ZrDapkpG/26xp1Yw1isCO
|
||||||
|
y99pvQ7hjTFhdZQ7xSRUiT/e27wJxR7s4G/ck5VOVjuJzGnByNLmwMjdN1ONIO9P
|
||||||
|
hQAs2iF3uoIbVTxzXof2F8C0WSbKgEWbtqlCWlaapDpN8jKAWdsQsNMdXcdpJ2os
|
||||||
|
WiacQRxLREBGjVRkAiqdjYkegQ4BZ0GtPULKjZWCUNkaat51b7O7V19nSy/T7MM7
|
||||||
|
n+kqYQLMIHCF8LGd3QQsNppRnolWVRzXMdtR2+9iI21qv6gtHcMiAg6QcKA7halL
|
||||||
|
kCdIS2nWR8g7nZeZjq5XhckeNGrGX/3w/m/lwczYjMUer+qs2ww5expZJ7qhtSta
|
||||||
|
lE3EtL/l7zE4RlknqwDZ0IXtxCNPu2UovCzZmdZm8UWfMSKk/3VgL8HgzYRr8fo0
|
||||||
|
yj0XkckJ7snXvuhoviW2tjm46PyHPWRKgW4iEzUrB+hiXpy3ikt4rLRg/iMqKjyf
|
||||||
|
mvcE/VdmFVtsfbfRVvlaWiIWCndRTVBkAaTu8DwrGyugQsbjEcK+4E25/SaKIJIw
|
||||||
|
qfxpyBVhru21ypgEMAw1Y8KC7KntB7jzpFotE4wpv1jZKUZuy71ofr7g3/2O+7nW
|
||||||
|
LrR1mncbuT6yXo316r56dfKzOxQJBnYFwTjXfa65yBArjQBUCPNYOKr0wkYEEhEI
|
||||||
|
AAYFAlb8JFYACgkQy8sIKhu5Q9snYACgh3id41CYTHELOQ/ymj4tiuFt1lcAn3JU
|
||||||
|
9wH3pihM9ISvoeuGnwwHhcKnwsFcBBIBCAAGBQJW/CSEAAoJEJFxGJmV5Fqe11cP
|
||||||
|
/A3QhvqleuRaXoS5apIY3lrDL79Wo0bkydM3u2Ft9EqVVG5zZvlmWaXbw5wkPhza
|
||||||
|
7YUjrD7ylaE754lHI48jJp3KY7RosClY/Kuk56GJI/SoMKx4v518pAboZ4hjY9MY
|
||||||
|
gmiAuZEYx5Ibv1pj0+hkzRI78+f6+d5QTQ6y/35ZjSSJcBgCMAr/JRsmOkHu6cY6
|
||||||
|
qOpq4g8mvRAX5ivRm4UxE2gnxZyd2LjY2/S2kCZvHWVaZuiTD0EU1jYPoOo6fhc8
|
||||||
|
zjs5FWS56C1vp7aFOGBvsH3lwYAYi1K2S+/B4nqpitYJz/T0zFzzyYe7ZG77DXKD
|
||||||
|
/XajD22IzRGKjoeVPFBx+2V0YCCpWZkqkfZ2Dt3QVW//QIpVsOJnmaqolDg1sxoa
|
||||||
|
BEYBtCtovU0wh1pXWwfn7IgjIkPNl0AU8mW8Ll91WF+Lss/oMrUJMKVDenTJ6/ZO
|
||||||
|
06c+JFlP7dS3YGMsifwgy5abA4Xy4GWpAsyEM68mqsJUc7ZANZcQAKr6+DryzSfI
|
||||||
|
Olsn3kJzOtb/c3JhVmblEO6XzdfZJK/axPOp3mF1oEBoJ56fGwO2usgVwQDyLt3J
|
||||||
|
iluJrCvMSBL9KtBZWrTZH5t3rTMN0NUALy4Etd6Y8V94i8c5NixMDyjRU7aKJAAw
|
||||||
|
tUvxLd12dqtaXsuvGyzLbR4EDT/Q5DfLC1DZWpgtUtCVwsFcBBIBCAAGBQJW/CS2
|
||||||
|
AAoJEEHdwLQNpW8iMUoP/AjFKyZ+inQTI2jJJBBtrLjxaxZSG5ggCovowWn8NWv6
|
||||||
|
bQBm2VurYVKhvY1xUyxoLY8KN+MvoeTdpB3u7z+M6x+CdfoTGqWQ2yapOC0eEJBF
|
||||||
|
O+GFho2WE0msiO0IaVJrzdFTPE0EYR2BHziLu0DDSZADe1WYEqkkrZsCNgi6EMng
|
||||||
|
mX2h+DK2GlC3W2tY9sc63DsgzjcMBO9uYmpHj6nizsIrETqouVNUCLT0t8iETa25
|
||||||
|
Mehq/I92I70Qfebv7R4eMrs+tWXKyPU0OjV+8b8saZsv1xn98UkeXwYx4JI04OTw
|
||||||
|
nBeJG8yPrGDBO5iucmtaCvwGQ3c76qBivrA8eFz3azRxQYWWiFrkElTg+C/E83JQ
|
||||||
|
WgqPvPZkI5UHvBwBqcoIXG15AJoXA/ZWIB8nPKWKaV5KDnY3DBuA4rh5Mhy3xwcC
|
||||||
|
/22E/CmZMXjUUvDnlPgXCYAYU0FBbGk7JpSYawtNfdAN2XBRPq5sDKLLxftx7D8u
|
||||||
|
ESJXXAlPxoRh7x1ArdGM+EowlJJ0xpINBaT0Z/Hk0jxNIFEak796/WeGqewdOIki
|
||||||
|
dAs4tppUfzosla5K+qXfWwmhcKmpwA4oynE8wIaoXptoi8+rxaw4N6wAXlSrVxeC
|
||||||
|
VTnb7+UY/BT2Wx6IQ10C9jrsj6XIffMvngIinCD9Czvadmr7BEIxKt1LP+gGA8Zg
|
||||||
|
wsFcBBIBCgAGBQJYE6oDAAoJEL7YRJ/O6NqIJ24P+QFNa2O+Q1rLKrQiuPw4Q73o
|
||||||
|
7/blUpFNudZfeCDpDbUgJ01u1RHnWOyLcyknartAosFDJIpgcXY5I8jsBIO5IZPR
|
||||||
|
C/UKxZB3RYOhj49bySD9RNapHyq+Y56j9JUoz6tkKFBd+6g85Ej8d924xM1UnRCS
|
||||||
|
9cfI9W0fSunbCi2CXLbXFF7V+m3Ou1SVYGIAxpMn4RXyYfuqeB5wROR2GA5Ef6T3
|
||||||
|
S5byh1dRSEgnrBToENtp5n7Jwsc9pDofjtaUkO854l45IqFarGjCHZwtNRKd2lcK
|
||||||
|
FMnd1jS0nfGkUbn3qNJam1qaGWx4gXaT845VsYYVTbxtkKi+qPUIoOyYx4NEm6fC
|
||||||
|
ZywH72oP+fmUT/fbfSHa5j137dRqokkR6RFjnEMBl6WHwgqqUqeIT6t9uV6WWzX9
|
||||||
|
lNroZFAFL/de7H31iIRuZcm38DUZOfjVf9glweu4yFvuJ7cQtyQydFQJV4LGDT/C
|
||||||
|
8e9TWrV1/gWMyMGQlZsRWa+h+FfFUccQtfSdXpvSxtXfop+fVQmJgUUl92jh4K9j
|
||||||
|
c9a6rIp5v1Q1yEgs2iS50/V/NMSmEcE1XMOxFt9fX9T+XmKAWZ8L25lpILsHT3mB
|
||||||
|
VWrpHdbawUaiBp9elxhn6tFiTFR7qA7dlUyWrI+MMlINwSZ2AAXvmA2IajH/UIlh
|
||||||
|
xotxmSNiZYIQ6UbD3fk4wsFzBBABCgAdFiEEmy/52H2krRdju+d2+GQcuhDvLUgF
|
||||||
|
Ally44wACgkQ+GQcuhDvLUgkjQ//c3mBxfJm6yLAJD4s4OgsPv4pcp/EKmPcdztm
|
||||||
|
W0/glwopUZmq9oNo3VMMCGtusrQgpACzfUlesu9NWlPCB3olZkeGugygo0zuQBKs
|
||||||
|
55eG7bPzMLyfSqLKyogYocaGc4lpf4lbvlvxy37YGVrGpwT9i8t2REtM6iPKDcMM
|
||||||
|
sgVtNlqFdq3Fs2Haqt0m1EksX6/GSIrjK4LZEcPklrGPvUS3S+qkwuaGE/jXxncE
|
||||||
|
4jFQR9SYH6AHr6Vkt1CG9Dgpr+Ph0I9n0JRknBYoUZ1q51WdF946NplXkCskdzWG
|
||||||
|
RHgMUCz3ZehF1FzpKgfO9Zd0YZsmivV/g6frUw/TayP9gxKPt7z2Lsxzyh8X7cg6
|
||||||
|
TAvdG9JbG0PyPJT1TZ8qpjP/PtqPclHsHQQIbGSDFWzRM5znhS+5sgyw8FWInjw8
|
||||||
|
JjxoOWMa50464EfGeb2jZfwtRimJAJLWEf/JnvO779nXf5YbvUZgfXaX7k/cvCVk
|
||||||
|
U8M7oC7x8o6F0P2Lh6FgonklKEeIRtZBUNZ0Lk9OShVqlU9/v16MHq/Eyu/Mbs0D
|
||||||
|
en3vYgiYxOBR8czD1Wh4vsKiGfOzQ6oWti/DCURV+iTYhJc7mSWM6STzUFr0nCnF
|
||||||
|
x6W0j/zH6ZgiFAGOyIXW2DwfjFvYRcBL1RWAEKsiFwYrNV+MDonjKXjpVB1Ra90o
|
||||||
|
lLrZXAXCwHMEEgEKAB0WIQRMRw//78TT3Fl3hlXOGj3V48lPSQUCXAAgOgAKCRDO
|
||||||
|
Gj3V48lPSQxAB/43qoWteVZEiN3JW4FnHg+S60TnHSP69FKV+363XYKDa23pNpv4
|
||||||
|
tiJumo9Kvb4UoDft766/URHm5RKyPtrxy+wqotamrkGJUTtP2a68h7C31VX+pf6i
|
||||||
|
iQKmxRQz4zmW0pA5X01+AgpvcDH++Fv5NLBpnjqPdTh5b0gvr89E0zMNldNYOZu1
|
||||||
|
0H/mukrnGlFDu/osBuy+XJtP2MeasazVMLvjKs+hr//E+iLI9DZOwFBK6AX5gkkI
|
||||||
|
UEHkSeb4//AHwvanUMin9un9+F9iR+qDuDEKxuevYzM0owuoVcK5pAsRnRQJlnHW
|
||||||
|
/0BQ6FtNGpmljhvUk8a/l3xFf3z/uJG5vVKVzsFNBFb8EKsBEADDfCMsu2U1CdJh
|
||||||
|
r4xp6z4J89/tMnpCQASC8DQhtZ6bWG/ksyKt2DnDQ050XBEng+7epzHWA2UgT0li
|
||||||
|
Y05zZmFs1X7QeZr16B7JANq6fnHOdZB0ThS7JEYbProkMxcqAFLAZJCpZT534Gpz
|
||||||
|
W7qHwzjV+d13IziCHdi6+DD5eavYzBqY8QzjlOXbmIlY7dJUCwXTECUfirc6kH86
|
||||||
|
CS8fXZTke4QYZ55VnrOomB4QGqP371kwBETnhlhi74+pvi3jW05Z5x1tVMwuugyz
|
||||||
|
zkseZp1VYmJq5SHNFZ/pnAQLE9gUDTb6UWcPBwQh9Sw+7ahSK74lJKYm3wktyvZh
|
||||||
|
zAxbNyzs1M56yeFP6uFwJTBfNByyMAa6TGUhNkxlLcYjxKbVmoAnKCVM8t41TlLv
|
||||||
|
/a0ki8iQxqvphVLufksR9IpN6d3F15j6GeyVtxBEv04iv4vbuKthWytb+gjX4bI8
|
||||||
|
CAo9jGHevmtdiw/SbeKx2YBM1MF6eua37rFMooOBj4X7VfQCyS+crNsOQn8nJGah
|
||||||
|
YbzUDCCgnX+pqN9iZvXisMS79wVyD5DyISFDvT/5jY7IXxPibxr10P/8lfW1d72u
|
||||||
|
xyI2UiZKZpyHCt4k47yMq4KQGLGuhxJ6q6O3bi2aXRuz8bLqTBLca9dmx9wZFvRh
|
||||||
|
6jS/SKEg7eFcY0xbb6RVIv1UwGDYfQARAQABwsFfBBgBCAAJBQJW/BCrAhsMAAoJ
|
||||||
|
EPFlbyTHTNHYEBIQAJhFTh1u34Q+5bnfiM2dAdCr6T6w4Y1v9ePiIYdSImeseJS2
|
||||||
|
yRglpLcMjW0uEA9KXiRtC/Nm/ClnqYJzCKeIaweHqH6dIgJKaXZFt1Uaia7X9tDD
|
||||||
|
wqALGu97irUrrV1Kh9IkM0J29Vid5amakrdS4mwt2uEISSnCi7pfVoEro+S7tYQ9
|
||||||
|
iH6APVIwqWvcaty3cANdwKWfUQZ6a9IQ08xqzaMhMp2VzhVrWkq3B0j2aRoZR7BN
|
||||||
|
LH2I7Z0giIM8ARjZs99aTRL+SfMEQ3sUxNLb3KWP/n1lSFbrk4HGzqUBBfczESlN
|
||||||
|
c0970C6znK0H0HD11/3BTkMuPqww+Tzex4dpMQllMEKZ3wEyd9v6ba+nj/P1FHSE
|
||||||
|
y/VN6IXzd82s1lYOonKTdmXAIROcHnb0QUzwsd/mhB3jKhEDOV2ZcBTD3yHv8m7C
|
||||||
|
9G9y4hV+7yQlnPlSg3DjBp3SS5r+sOObCIy2Ad32upoXkilWa9g7GZSuhY9kyKqe
|
||||||
|
Eba1lgXXaQykEeqx0pexkWavNnb9JaPrAZHDjUGcXrREmjEyXyElRoD4CrWXySe4
|
||||||
|
6jCuNhVVlkLGo7osefynXa/+PNjQjURtx8en7M9A1FkQuRAxE8KIZgZzYxkGl5o5
|
||||||
|
POSFCA4JUoRPDcrl/sI3fuq2dIOE/BJ2r8dV+LddiR+iukhXRwJXH8RVVEUS
|
||||||
|
=mCOI
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
104
salt/repo/client/files/oracle/keys/RPM-GPG-KEY-oracle
Normal file
104
salt/repo/client/files/oracle/keys/RPM-GPG-KEY-oracle
Normal file
@@ -0,0 +1,104 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBGHncu8BEAC2dhocMZkdapnP9o/MvAnKOczaSpF4Cj9yqt49bxLPJCY57jz9
|
||||||
|
2ZkJ5iGk6kpBt4rPTh18aAl30T+nPP8VMQjMhvHJKfZmBtaJJ5RpvvpK5mj1UgRJ
|
||||||
|
4DQX7gqAbT0s/uZZcouZsJzXo3c7GNMrim1C+ScfGG6BoB6GVBK74jFeJNMsxZ2Y
|
||||||
|
BwQhpE+KG+1zD94RZCySykJjNoKj+U4W5H2XdB/mNEc8icFqxjJGZ5BN0DA2Wqxn
|
||||||
|
mwELTO3Q2ne1y9+sPn2YKhRqyihuZYaUPR/Jpdki93mk61MdaoTTxFPZ8FWAYrAW
|
||||||
|
9KVdreT8K33SaTFFpmhbpndPEYesgCqDqiZG7Ywjgbf2nqSOzBr2ZX23PX7QUCvQ
|
||||||
|
ar58bNbWENLhC3B950TK+r23kkPa3GICE9WP5TftWJdbJMWRBX3YhdNooNGGCbeB
|
||||||
|
xM7B/UV9hSRx1S/US8HvDhJezZDuKrpPXrNWJTuW9Kty2WGwUkEDT2GBbcjx9ocJ
|
||||||
|
fqyNJKhaLoYKCVlsmhJUi4xCY0CDDapekWLZOzHB2zgT49uIjawV5ex6pA7oLaPI
|
||||||
|
hQGvTcCl7GFWOP/6feazzIpnsJ4V3B2DoLnAevpZlINo/bi3Hv/YmbvE6NyYzD6c
|
||||||
|
1y90pc0+Om1trLPCAZpaO1I369ZhLl6T/mCd92hrCG1y8K3PFiRIKpEMVwARAQAB
|
||||||
|
tDVPcmFjbGUgTGludXggKHJlbGVhc2Uga2V5IDEpIDxzZWNhbGVydF91c0BvcmFj
|
||||||
|
bGUuY29tPokCVAQTAQoAPhYhBD5tgm0/urOJwvOONLxNBqCNi3VvBQJinlnsAhsD
|
||||||
|
BQklmAYABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJELxNBqCNi3Vv3LEP/2au
|
||||||
|
kXzbdA/T/7i+4AbGFfYnTWqmZy58wfteDNy1sk6cPmfOUqZQXUrJcSGqqeIDjPvl
|
||||||
|
KNExpee/Ja4NGg2YfzkwH5IK5sXmEDKObXRCXGZh9/WyYpr4TBoDU2rSYBP4sbKm
|
||||||
|
PsnVoRalt2Zb0qbQF8GilytoRabjI0gLzwhmoHBZMMc3MIO14KQ5yFbekaJZKcxE
|
||||||
|
BxaDQ1NDZV1rOVbkg0yDLS9Nw89dDYWVn1wx0foRJcD277ExvmaB4vmC5yayo4ss
|
||||||
|
cFldYLu7W9FHmh46flXQGfduORCbDFfjn92eB0jdrkuoEhVRpljAtMO15GMpuVbv
|
||||||
|
HzbImI2f1MfydOa6dHbRAlzeV37fPz+1nO9IWdXqFeRG0nrH2gB02AfeoObMkK/a
|
||||||
|
XYT9sq1mC5DaK6fbOPWlY+c2hIq0BhUpe+OBdDfmm7L+si9Ffj2sUdn4sHLN6Tj7
|
||||||
|
BrJuWmJEz42+rblDNBkrdBC6XXDaRYILKSuGD65PVV+/pVl1c2EOqcktW00iiehb
|
||||||
|
eLhj2sz6NaoO5Rhx0J3pMsaCaEBAm8P6UxQSx4iGhZ8Kh5O1SVVlqu3xOhSGOKRE
|
||||||
|
sS8gIjeV/Jl3frR4eZG/BpzdTjKZmQV7dvJ4gDuDE+X7rZBzUm7nggyE2pV6UbTD
|
||||||
|
5Qwy+ASQfYHfHK4lsHD4kbO/We6H1fEFPlzlr14UuQINBGHncu8BEADBG52gWRob
|
||||||
|
VEsQIzAfq2obFnwMroxMupXrDBka7i6cUJw8HsqyHs9maGxAuRDlAma2MBPUYcbm
|
||||||
|
DH3bmctaUR7CA1RouPkb6qbZXwSwpvgN4eh4naPX20/VEp/cd5DhKWjP9yC70weh
|
||||||
|
r4LmGWV41jBAMK0G1l6+FDw2ITgsamZP+tw0swCKqzpIY2waiygCtPHCCCFMuZ6S
|
||||||
|
7hzQpsKVFh8zqzRxMs6Mni9olk4+xwng0ahYfoe2esByR2M1kGX62Y6BOcIRX1cE
|
||||||
|
zYFCUww5GrjZdJoObBtffUSz+q2LNOBcqg5huRd8BoC+k5yrXUq8ypspfV1kNEI3
|
||||||
|
/ebFew6A8sdf2c+sOdTxTu4MI5iXM1fhCC6X4lAN8w1Ga3ML+k/kgL75mH62Yyzr
|
||||||
|
OHXNkylTDfxz9qvq6qszVfWdzVaGXRfulW5nAbAXhuX1gmgZW+M7IQ22xyWC+I60
|
||||||
|
UcaE2l9QtHFKuekdYnekTkSUA0ghVwuw+JCQZGQbq5LqbA5TkEYuibBOJD3MZYQ5
|
||||||
|
C3DK4KHs/3wxf2aq+Pkf3mpSscC4B0Ba5tlpJawUWqnUmGd208sfUwD20MFfHM+1
|
||||||
|
N+M6JYCv0tC0cyAV9Jq74bAUDXLMfkGKZyAWmlPaZBMMt4WaN0r2PAKp00T6PX6x
|
||||||
|
jTM6/aNDvNTpsaaUpMXRzH13AiJ/1SjfZwARAQABiQI8BBgBCgAmAhsMFiEEPm2C
|
||||||
|
bT+6s4nC8440vE0GoI2LdW8FAmKeWsgFCSRtulkACgkQvE0GoI2LdW/pig//Zi0a
|
||||||
|
bmFJKTxku0/LMI31ZaLn9gzXjv2ugmJumfXAce+nlaheCNBa+IMLQdAmrbislzLs
|
||||||
|
qXX2+6Eqh4Q/vqGLCkElIzT9ulkgwwEp0cVF6jnXqlWHa0a/T6oAq10jRneaQFCE
|
||||||
|
t6hweJ9KTUQufp5aAiZr/GVpBJLJ8kfOx+5eHvDj+VFlFUhpzzns/NfN5N+bthJ/
|
||||||
|
Wbt49tzmWaWoEFA0tlwMBPO3zEh/mo5lys0GqENPs4Yb4tL82qg+SG7jHSuH2lZk
|
||||||
|
XLLyLQ6p63VZysL9+UTBtafs5jxnTopQFIXtzAOwdtQ8o7/6hhsUchRoUy23EIHT
|
||||||
|
J25yA2Qtb8Z/1m/G0e3lz46xHBPIs8FKSOPToCT6E1+9lomnzJPRBCCDTZO5imfX
|
||||||
|
4N4l7BodW9nb7zEMHCi2BUM+InpSsEkQkQFs0HIRI2KHSyY30uN0pVXJLOoVQIBr
|
||||||
|
WdUzLTTkN9w43fLpkcFXGbpU+pZvK2uksC3O+eBhIpZA9E7iZDwfEaZlUKO5kFvS
|
||||||
|
V5f8ZM1jbEb0sOZNNNEaEhTFTl8pQPc2GqgZ3rYt9mqH5OwhzKftV9PDYulIbY+Y
|
||||||
|
AN6eJhHj8Eu/IlxG6iYCDmF2hOVPs9aLo9zqdxbu8B6rUyVPOwfNbOR1U7WMRCYm
|
||||||
|
4QrtLe//99hXPcFVanIxgkdslnyYf4fjdbdlmNY=
|
||||||
|
=xpaH
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQINBGHndDkBEACieeO8U0kcUTDMLGXGKrJ3nScZ4LN5hHSzWC1zuLPpkB0YQdik
|
||||||
|
CrfSwodyp9LeEhaRsCSoGDc3cS5f5uGvsSUHMCZwEKjdT8LmZkF/dtvVDWawgaLS
|
||||||
|
KjoT+AJpss+ws0d/qmwkIHeYExdvZFNdKxvvxycCNy9fNwarT4aNySW6Ax7ERDl8
|
||||||
|
k0QSK7uvL1AaWQKSz9rX//KcLv5OXVUX3ITcwprJPD3H2yTOy4pE9gxs/qKfnP+U
|
||||||
|
Pbb3pNaHP4PnCIQrjXhJxnH9cEJ7ef0kqBdliGPN7EObrP2uPg70WnVsXovYw/TF
|
||||||
|
PrA4H2lvJ58RVhh3ocrSnR+SIne7Lgf1FRSrsE2mmNZAWD6rOxOzO4kUrcfv/pqZ
|
||||||
|
f+sDs7KTFMO0noJ1Kt7JSV6xCQzeKGdOh9JxYI0/YIsquiHTF2xva3WHrpOG1sns
|
||||||
|
xXcnrLKONisg4gEK36fjsliG4jJhcNyJaAf4sfDiTKDOE5om+BZ7kMNSrMn20wg4
|
||||||
|
AdZJm6x8Z0OfjxGOzMQ8re4Cf73H5odrpUel7HFGXiLWtk/f4P5EjxUTznlMbNED
|
||||||
|
gYi0H898Dz5Qfmtr97WQ8132fnKKtsPlXWNUNgJpYe+GvzmYOBAr4p5EZEWjB+q6
|
||||||
|
EnfLDLpkaS+PbrpLCls5AnWnHjimBmlIMoO5GEsJdYLIQvVVvfKtEDJIBQARAQAB
|
||||||
|
tDRPcmFjbGUgTGludXggKGJhY2t1cCBrZXkgMSkgPHNlY2FsZXJ0X3VzQG9yYWNs
|
||||||
|
ZS5jb20+iQJUBBMBCgA+FiEEmCIxdZx0ZwZdDOmyp90HCItO++YFAmKewpICGwMF
|
||||||
|
CSWYBgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQp90HCItO++bU+w//SFOe
|
||||||
|
RBqWoA5kP4BN9z716LpgkCllMRQsRZ0kZm8Enbe5S9ENn2T5/f6zZca3TNU6Wbit
|
||||||
|
ryToXuOlTsWy4BqAvQhQFeschg10Xgy6/VG3p5kCY4DIPOUjlb7/1r8k0xX6m/mH
|
||||||
|
BXBf2MCVRx/zkyeRDtD3lYHyz4cwoHEZ2NuB+CCe5WA2owVhgsRuVmjidDeOa7Q6
|
||||||
|
61eLhAJ53OVqsUt5JpQS0KrVeYVJxCiiZnKgJMqHp26Jq0WIKtgBV3sakxhUpRUf
|
||||||
|
6ap7mnSAdh6Ae4r1+pTKd7trkxjIqLXH9RI0d7Xm+blRQVZJL9GLaLUaSvw4sfd/
|
||||||
|
jfqENCBwAH7D488L1yvTqPfHC2+kRuUI3GU98RULCHveCISRGLVGwh1p88+9aok3
|
||||||
|
DoV7/BUEIGbHzg3gcx8zFO2ZKKoJ7xS+vvNLAslPvHNDFH0XOwKBqlVztJprwWtA
|
||||||
|
H33e6fti7BMRw1vgljC8yVATBTiKXj5aw+25zi70o1fIFxpwsx5mwMmqHc634ai2
|
||||||
|
hPWNZid0Lu3MYBd8pDCvMMMGimfecoyEZKJR2KbO+pNBn7suol5XS3pCmbF3ldMa
|
||||||
|
Atra+HvnxNBMxFVdxsqZhr/+ovQszYNIlWSYUDLbqk33HBmvbi3IuogAyxhLdw3T
|
||||||
|
uIjjf0acjOsSgy79ju2NpKPVtJw4BmvJRFX0Rh25Ag0EYed0OQEQAJRhf7/ZIWhZ
|
||||||
|
LpCX2vg8B4hjsEYeRvEAPUrUMHkqCuElmDaT7g76aPG0jvbMFVU/ykEt2mIi7EhW
|
||||||
|
s0SZknT5G8HoHJM2MirkyGB26yp4IlkPyNlc5H9nmMhY7iz/utxQps8jDS8dvxeG
|
||||||
|
1YAJGleGywGAet9vFfrLX9Xq9efTXozJfWOsRm+y2WklS+LblftaTUurStzLXRGT
|
||||||
|
AsBYOyVaRX/6AMu+fZt7mvoM+bOFNGxMSDIZi93wBiCKp0P2Se1YJoFHTOcQ0M6V
|
||||||
|
Fbl91ZcImPxAOX4DHfw4iuokiHCs//wV0DLZ3qtuqN2m/kV4JE9ak//BPVn4acH1
|
||||||
|
Z6DQIzQpY66dIyLumGuCdPhl7MFHyAeKhBtLc7gp4+sli+zNUfYwwp55rTdZ9JDR
|
||||||
|
G2LD/P2eNnrUXEsvOzqqQy48BmzOmTdgc2vef85Z23GczwX1PyTaGnrQKkReajN0
|
||||||
|
IxIuFpTgRQFBoPHTB1VVjSsOu7McWx4Gy2zccSrXKIskj4sOBIYBjxBAR0U4Gi5h
|
||||||
|
OAqplVGH3x3RoRb2swkc/LLb6WV6J7REmZ0+0dAE1ShBR8GmEb4wYc5BUgYXrhEn
|
||||||
|
hK3nmNx65jZXSAwJOZU8ETLaMoa/I/+QkgPvAJ8gyTLbMQ/xB2kMNRdisphz0jiy
|
||||||
|
PIXWlOf6I750VtbBNPHqfe0RHbBQJAl9ABEBAAGJAjwEGAEKACYCGwwWIQSYIjF1
|
||||||
|
nHRnBl0M6bKn3QcIi0775gUCYp7C3AUJJG4hIwAKCRCn3QcIi0775nmYD/sEI0T4
|
||||||
|
+MHIt5EzL+vBAzAbd23U2oF9KrJP49xmrLlm7qC6ghfuUVqoKwWyE24g8T4N3cxE
|
||||||
|
xQWTZ8drqvE2E2tyKqVMjJ5PfiZjK/3WOOIq9YZHpNKljv9KaAAf5alpvMxn6IBj
|
||||||
|
ZUhs775JcGWWngilBN9i3OEVFcQG9tFtfKqcYf8oRLPQlqhrH0pKOymFdqdL+NFX
|
||||||
|
G/M2LquGrvyDwnT2Cyy4p4sw639BUyA4k1hESgK9KVZTrmJPYU8hCD7kcSOY25UT
|
||||||
|
zDERLlXUsnGU9WHm/4aZ4TCs2h2qm29jHeWjfw0U/O8f4K5MV7WcJ0ZywdOk7SSf
|
||||||
|
jOKUetPH01l22I6JXiH0jLlBU5uA/zAxd8aPpvcYcWm2Ti+mkpIB6/XWbjnPoYHh
|
||||||
|
JmH8r9Pih1Z4dVR7qri/mdcsTZsKzLPuD6AITafJYuRCItCbMerhvGCwBaaR0oHS
|
||||||
|
AdpSzwKk8mrLd4BQUSM5a3E010dDeKGL4TA5ttfZJuSe7RXbi4RdDd98XHKEiU3n
|
||||||
|
N1ethSQNvEyrh0uA1U3FZvPMcbfYZa8zO85Nz9h/TGUNfmp5CyrZUHZLmvvGTOch
|
||||||
|
lUjaIhAGBVJQR/y7+4aC3zzkyzbKyLOL3hCk0xie4LLbfTQ5BtT4+GqEAtzwRQqZ
|
||||||
|
RgwnCPfIai7lLNx95bdwB8U2NpY11OXsoTLZAA==
|
||||||
|
=UWTf
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
@@ -10,7 +10,7 @@ gpgcheck=1
|
|||||||
plugins=1
|
plugins=1
|
||||||
installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
|
installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
|
||||||
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
|
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
|
||||||
distroverpkg=centos-release
|
distroverpkg=oraclelinux-release
|
||||||
clean_requirements_on_remove=1
|
clean_requirements_on_remove=1
|
||||||
{%- if proxy %}
|
{%- if proxy %}
|
||||||
proxy={{ proxy }}
|
proxy={{ proxy }}
|
||||||
@@ -1,31 +0,0 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
Version: resf.keykeeper.v1
|
|
||||||
Comment: Keykeeper
|
|
||||||
|
|
||||||
xsFNBGJ5RksBEADF/Lzssm7uryV6+VHAgL36klyCVcHwvx9Bk853LBOuHVEZWsme
|
|
||||||
kbJF3fQG7i7gfCKGuV5XW15xINToe4fBThZteGJziboSZRpkEQ2z3lYcbg34X7+d
|
|
||||||
co833lkBNgz1v6QO7PmAdY/x76Q6Hx0J9yiJWd+4j+vRi4hbWuh64vUtTd7rPwk8
|
|
||||||
0y3g4oK1YT0NR0Xm/QUO9vWmkSTVflQ6y82HhHIUrG+1vQnSOrWaC0O1lqUI3Nuo
|
|
||||||
b6jTARCmbaPsi+XVQnBbsnPPq6Tblwc+NYJSqj5d9nT0uEXT7Zovj4Je5oWVFXp9
|
|
||||||
P1OWkbo2z5XkKjoeobM/zKDESJR78h+YQAN9IOKFjL/u/Gzrk1oEgByCABXOX+H5
|
|
||||||
hfucrq5U3bbcKy4e5tYgnnZxqpELv3fN/2l8iZknHEh5aYNT5WXVHpD/8u2rMmwm
|
|
||||||
I9YTEMueEtmVy0ZV3opUzOlC+3ZUwjmvAJtdfJyeVW/VMy3Hw3Ih0Fij91rO613V
|
|
||||||
7n72ggVlJiX25jYyT4AXlaGfAOMndJNVgBps0RArOBYsJRPnvfHlLi5cfjVd7vYx
|
|
||||||
QhGX9ODYuvyJ/rW70dMVikeSjlBDKS08tvdqOgtiYy4yhtY4ijQC9BmCE9H9gOxU
|
|
||||||
FN297iLimAxr0EVsED96fP96TbDGILWsfJuxAvoqmpkElv8J+P1/F7to2QARAQAB
|
|
||||||
zU9Sb2NreSBFbnRlcnByaXNlIFNvZnR3YXJlIEZvdW5kYXRpb24gLSBSZWxlYXNl
|
|
||||||
IGtleSAyMDIyIDxyZWxlbmdAcm9ja3lsaW51eC5vcmc+wsGKBBMBCAA0BQJieUZL
|
|
||||||
FiEEIcslauFvxUxuZSlJcC1CbTUNJ10CGwMCHgECGQEDCwkHAhUIAxYAAgIiAQAK
|
|
||||||
CRBwLUJtNQ0nXWQ5D/9472seOyRO6//bQ2ns3w9lE+aTLlJ5CY0GSTb4xNuyv+AD
|
|
||||||
IXpgvLSMtTR0fp9GV3vMw6QIWsehDqt7O5xKWi+3tYdaXRpb1cvnh8r/oCcvI4uL
|
|
||||||
k8kImNgsx+Cj+drKeQo03vFxBTDi1BTQFkfEt32fA2Aw5gYcGElM717sNMAMQFEH
|
|
||||||
P+OW5hYDH4kcLbtUypPXFbcXUbaf6jUjfiEp5lLjqquzAyDPLlkzMr5RVa9n3/rI
|
|
||||||
R6OQp5loPVzCRZMgDLALBU2TcFXLVP+6hAW8qM77c+q/rOysP+Yd+N7GAd0fvEvA
|
|
||||||
mfeA4Y6dP0mMRu96EEAJ1qSKFWUul6K6nuqy+JTxktpw8F/IBAz44na17Tf02MJH
|
|
||||||
GCUWyM0n5vuO5kK+Ykkkwd+v43ZlqDnwG7akDkLwgj6O0QNx2TGkdgt3+C6aHN5S
|
|
||||||
MiF0pi0qYbiN9LO0e05Ai2r3zTFC/pCaBWlG1ph2jx1pDy4yUVPfswWFNfe5I+4i
|
|
||||||
CMHPRFsZNYxQnIA2Prtgt2YMwz3VIGI6DT/Z56Joqw4eOfaJTTQSXCANts/gD7qW
|
|
||||||
D3SZXPc7wQD63TpDEjJdqhmepaTECbxN7x/p+GwIZYWJN+AYhvrfGXfjud3eDu8/
|
|
||||||
i+YIbPKH1TAOMwiyxC106mIL705p+ORf5zATZMyB8Y0OvRIz5aKkBDFZM2QN6A==
|
|
||||||
=PzIf
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
||||||
@@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
|
|
||||||
mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ
|
|
||||||
1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP
|
|
||||||
w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7
|
|
||||||
gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh
|
|
||||||
KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50
|
|
||||||
uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ
|
|
||||||
WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO
|
|
||||||
+VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN
|
|
||||||
spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM
|
|
||||||
+q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0
|
|
||||||
rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB
|
|
||||||
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
|
|
||||||
BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti
|
|
||||||
Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG
|
|
||||||
VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l
|
|
||||||
TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC
|
|
||||||
/LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3
|
|
||||||
ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ
|
|
||||||
XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao
|
|
||||||
xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra
|
|
||||||
IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL
|
|
||||||
GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi
|
|
||||||
g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW
|
|
||||||
5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ
|
|
||||||
=0Zqq
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
||||||
@@ -1,52 +0,0 @@
|
|||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
|
|
||||||
mQINBF7rzwEBEADBg87uJhnC3Ls7s60hbHGaywGrPtbz2WuYA/ev3YS3X7WS75p8
|
|
||||||
PGlzTWUCujx0pEHbK2vYfExl3zksZ8ZmLyZ9VB3oSLiWBzJgKAeB7YCFEo8te+eE
|
|
||||||
P2Z+8c+kX4eOV+2waxZyewA2TipSkhWgStSI4Ow8SyVUcUWA3hCw7mo2duNVi7KO
|
|
||||||
C3vvI3wzirH+8/XIGo+lWTg6yYlSxdf+0xWzYvV2QCMpwzJfARw6GGXtfCZw/zoO
|
|
||||||
o4+YPsiyztQdyI1y+g3Fbesl65E36DelbyP+lYd2VecX8ELEv0wlKCgHYlk6lc+n
|
|
||||||
qnOotVjWbsyXuFfo06PHUd6O9n3nmo0drC6kmXGw1e8hu0t8VcGfMTKS/hszwVUY
|
|
||||||
bHS6kbfsOoAb6LXPWKfqxk/BdreLXmcHHz88DimS3OS0JufkcmkjxEzSFRL0kb2h
|
|
||||||
QVb1SATrbx+v2RWQXvi9sLCjT2fdOiwi1Tgc84orc7A1C3Jwu353YaX9cV+n5uyG
|
|
||||||
OZ2AULZ5z2h13sVuiZAwfyyFs/O0CJ783hFA2TNPnyNGAgw/kaIo7nNRnggtndBo
|
|
||||||
oQzVS+BHiFx98IF4zDqmF2r2+jOCjxSrw8KnZBe4bgXFtl89DmjoejGvWDnu2MVM
|
|
||||||
pZDEs1DcOxHBQmTCWMIYLyNKG0xW6diyWBxEIaa7YgrP6kA+RaDfZ/xXPwARAQAB
|
|
||||||
tD9TZWN1cml0eSBPbmlvbiBTb2x1dGlvbnMsIExMQyA8aW5mb0BzZWN1cml0eW9u
|
|
||||||
aW9uc29sdXRpb25zLmNvbT6JAlQEEwEKAD4WIQTIBKk9Nr4Mcz6hlkR8EGC3/lBw
|
|
||||||
EwUCXuvPAQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB8EGC3
|
|
||||||
/lBwExB1D/42xIDGU2XFNFyTU+ZqzDA8qNC9hEKjLeizbeM8RIm3xO+3p7SdqbuJ
|
|
||||||
7pA8gk0RiHuILb+Ba1xiSh/w/W2bOxQhsXuWHih2z3W1tI+hu6RQhIm4e6CIHHf7
|
|
||||||
Vzj4RSvHOVS0AzITUwkHjv0x0Z8zVBPJfEHKkK2x03BqP1o12rd7n2ZMrSfN6sED
|
|
||||||
fUwOJLDjthShtyLSPBVG8j7T5cfSCPSLhfVOKPQVcI1sSir7RLeyxt1v1kzjQdaA
|
|
||||||
+znxO8EgfZJN93wzfBrAGcVT8KmpmgwR6p46m20wJXyZC9DZxJ0o1y3toVWTC+kP
|
|
||||||
Qj1ROPivySVn10rBoOJk8HteyhW07gTcydq+noKHV7SqJ1899xRAYP7rDCfI9iMW
|
|
||||||
Nn22ZDLnAkIcbNR7JLJCHwsZH/Umo9KO/dIccIqVQel3UCCYZcWTZW0VkcjqVKRa
|
|
||||||
eK+JQGaJPrBAoxIG5/sMlbk2sINSubNWlcbH6kM0V8NVwdPiOO9xLmp2hI4ICxE3
|
|
||||||
M+O2HCNX4QYzVizzTFxEvW3ieLa4nePQ8J6lvMI2oLkFP7xHoFluvZnuwfNvoEy0
|
|
||||||
RnlHExN1UQTUvcbCxIbzjaJ4HJXilWHjgmGaVQO1S7AYskWnNWQ7uJvxnuZBNNwm
|
|
||||||
pIvwYEZp23fYaWl/xKqnmPMy2ADjROBKlCm7L+Ntq1r7ELGW5ZCTobkCDQRe688B
|
|
||||||
ARAA22GzdkSAo+mwJ2S1RbJ1G20tFnLsG/NC8iMN3lEh/PSmyPdB7mBtjZ+HPDzF
|
|
||||||
VSznXZdr3LItBBQOli2hVIj1lZBY7+s2ZufV3TFFwselUwT3b1g1KMkopD95Ckf8
|
|
||||||
WhLbSz2yqgrvcEvbB0HFX/ZEsHGqIz2kLacixjwXXLWOMQ2LNbeW1f5zQkBnaNNQ
|
|
||||||
/4njzTj68OxnvfplNYNJqi2pZGb2UqarYX04FqKNuocN8E7AC9FQdBXylmVctw9T
|
|
||||||
pQVwfCI76bTe6vPWb+keb6UNN1jyXVnhIQ3Fv5sFBsmgXf/hO8tqCotrKjEiK2/i
|
|
||||||
RkvFeqsGMXreCgYg9zW4k+DcJtVa+Q8juGOjElrubY3Ua9mCusx3vY4QYSWxQ5Ih
|
|
||||||
k1lXiUcM5Rt38lfpKHRJ5Pd4Y5xlWSQfZ7nmzbf/GzJQz+rWrA0X6Oc6cDOPLNXK
|
|
||||||
w1dAygre4f2bsp5kHQt6NMefxeNTDmi+4R62K0tb40f5q0Vxz8qdyD48bBsbULNx
|
|
||||||
kb6mjOAD+FNkfNXcGeuTq9oRnjx8i93mhYsIP5LFNDXS/zSP1nv0ZUFeIlGQGjV9
|
|
||||||
1wOvT454qkI9sKiVFtd4FrNKZJbKszxxDm+DPfB5j+hRC4oeEJ7w+sVyh3EawtfM
|
|
||||||
V7Mwj8i+7c3YUCravXBhSwG7SCTggFUgA8lMr8oWVgCATYsAEQEAAYkCPAQYAQoA
|
|
||||||
JhYhBMgEqT02vgxzPqGWRHwQYLf+UHATBQJe688BAhsMBQkSzAMAAAoJEHwQYLf+
|
|
||||||
UHATTtwQAJiztPW68ykifpFdwYFp1VC7c+uGLhWBqjDY9NSUKNC9caR7bV0cnNu8
|
|
||||||
07UG6j18gCB2GSkukXjOR/oTj6rNcW/WouPYfQOrw7+M2Ya8M8iq+E/HOXaXB3b4
|
|
||||||
FeCcB0UuwfcHHd2KbXrRHA+9GNpmuOcfTCdsPpIr41Xg4QltATDEt/FrzuKspXg4
|
|
||||||
vUKDXgfnbj7y0JcJM2FfcwWGlnAG5MMRyjJQAleGdiidX/9WxgJ4Mweq4qJM0jr3
|
|
||||||
Qsrc9VuzxsLr85no3Hn5UYVgT7bBZ59HUbQoi775m78MxN3mWUSdcyLQKovI+YXr
|
|
||||||
tshTxWIf/2Ovdzt6Wq1WWXOGGuK1qgdPJTFWrlh3amFdb70zR1p6A/Lthd7Zty+n
|
|
||||||
QjRZRQo5jBSnYtjhMrZP6rxM3QqnQ0frEKK9HfDYONk1Bw18CUtdwFGb9OMregLR
|
|
||||||
IjvNLp9coSh5yYAepZyUGEPRET0GsmVw2trQF0uyMSkQfiq2zjPto6WWbsmrrbLr
|
|
||||||
cfZ/wnBw1FoNEd51U54euo9yvOgOVtJGvqLgHNwB8574FhQhoWAMhyizqdgeEt26
|
|
||||||
m3FXecUNKL/AK71/l04vor+/WsXe8uhDg3O84qeYa9wgd8LZZVmGZJDosSwqYjtb
|
|
||||||
LdNNm+v60Zo6rFWSREegqi/nRTTDdxdW99ybjlh+mpbq3xavyFXF
|
|
||||||
=bhkm
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
||||||
@@ -1,2 +1,5 @@
|
|||||||
|
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||||
|
{% if GLOBALS.os == 'OEL' %}
|
||||||
include:
|
include:
|
||||||
- repo.client.{{grains.os | lower}}
|
- repo.client.oracle
|
||||||
|
{% endif %}
|
||||||
@@ -1,8 +1,19 @@
|
|||||||
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
{% from 'vars/globals.map.jinja' import GLOBALS %}
|
||||||
{% if GLOBALS.os == 'Rocky' %}
|
|
||||||
|
|
||||||
|
{% if GLOBALS.os_family == 'Redhat' %}
|
||||||
{% set REPOPATH = '/etc/yum.repos.d/' %}
|
{% set REPOPATH = '/etc/yum.repos.d/' %}
|
||||||
|
{% if GLOBALS.os == 'OEL' %}
|
||||||
{% set ABSENTFILES = [
|
{% set ABSENTFILES = [
|
||||||
|
'centos-addons.repo',
|
||||||
|
'centos-devel.repo',
|
||||||
|
'centos-extras.repo',
|
||||||
|
'centos.repo',
|
||||||
|
'docker-ce.repo',
|
||||||
|
'epel.repo',
|
||||||
|
'epel-testing.repo',
|
||||||
|
'saltstack.repo',
|
||||||
|
'salt-latest.repo',
|
||||||
|
'wazuh.repo'
|
||||||
'Rocky-Base.repo',
|
'Rocky-Base.repo',
|
||||||
'Rocky-CR.repo',
|
'Rocky-CR.repo',
|
||||||
'Rocky-Debuginfo.repo',
|
'Rocky-Debuginfo.repo',
|
||||||
@@ -15,16 +26,16 @@
|
|||||||
'rocky-devel.repo',
|
'rocky-devel.repo',
|
||||||
'rocky-extras.repo',
|
'rocky-extras.repo',
|
||||||
'rocky.repo',
|
'rocky.repo',
|
||||||
'docker-ce.repo',
|
'oracle-linux-ol9',
|
||||||
'epel.repo',
|
'uek-ol9',
|
||||||
'epel-testing.repo',
|
'virt-oll9'
|
||||||
'saltstack.repo',
|
|
||||||
'salt-latest.repo',
|
|
||||||
'wazuh.repo'
|
|
||||||
]
|
]
|
||||||
%}
|
%}
|
||||||
|
{% else %}
|
||||||
|
{% set ABSENTFILES = [] %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% elif GLOBALS.os == 'Ubuntu' %}
|
{% else %}
|
||||||
|
|
||||||
{% set REPOPATH = '/etc/apt/sources.list.d/' %}
|
{% set REPOPATH = '/etc/apt/sources.list.d/' %}
|
||||||
{% set ABSENTFILES = [] %}
|
{% set ABSENTFILES = [] %}
|
||||||
|
|||||||
@@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
{% set role = grains.id.split('_') | last %}
|
{% set role = grains.id.split('_') | last %}
|
||||||
{% set MANAGER = salt['grains.get']('master') %}
|
{% set MANAGER = salt['grains.get']('master') %}
|
||||||
{% if grains['os'] == 'Rocky' %}
|
{% if grains['os'] == 'OEL' %}
|
||||||
|
|
||||||
{% if ABSENTFILES|length > 0%}
|
{% if ABSENTFILES|length > 0%}
|
||||||
{% for file in ABSENTFILES %}
|
{% for file in ABSENTFILES %}
|
||||||
@@ -29,7 +29,7 @@ cleandnf:
|
|||||||
yumconf:
|
yumconf:
|
||||||
file.managed:
|
file.managed:
|
||||||
- name: /etc/yum.conf
|
- name: /etc/yum.conf
|
||||||
- source: salt://repo/client/files/rocky/yum.conf.jinja
|
- source: salt://repo/client/files/oracle/yum.conf.jinja
|
||||||
- mode: 644
|
- mode: 644
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- show_changes: False
|
- show_changes: False
|
||||||
@@ -43,7 +43,7 @@ repair_yumdb:
|
|||||||
crsynckeys:
|
crsynckeys:
|
||||||
file.recurse:
|
file.recurse:
|
||||||
- name: /etc/pki/rpm-gpg
|
- name: /etc/pki/rpm-gpg
|
||||||
- source: salt://repo/client/files/rocky/keys/
|
- source: salt://repo/client/files/oracle/keys/
|
||||||
|
|
||||||
so_repo:
|
so_repo:
|
||||||
pkgrepo.managed:
|
pkgrepo.managed:
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
{% import_yaml 'salt/minion.defaults.yaml' as saltminion %}
|
{% import_yaml 'salt/minion.defaults.yaml' as saltminion %}
|
||||||
{% set SALTVERSION = saltminion.salt.minion.version %}
|
{% set SALTVERSION = saltminion.salt.minion.version %}
|
||||||
|
|
||||||
{% if grains.os == 'Ubuntu' %}
|
{% if grains.os_family == 'Debian' %}
|
||||||
{% set SPLITCHAR = '+' %}
|
{% set SPLITCHAR = '+' %}
|
||||||
{% set SALTNOTHELD = salt['cmd.run']('apt-mark showhold | grep -q salt ; echo $?', python_shell=True) %}
|
{% set SALTNOTHELD = salt['cmd.run']('apt-mark showhold | grep -q salt ; echo $?', python_shell=True) %}
|
||||||
{% set SALTPACKAGES = ['salt-common', 'salt-master', 'salt-minion'] %}
|
{% set SALTPACKAGES = ['salt-common', 'salt-master', 'salt-minion'] %}
|
||||||
@@ -20,9 +20,9 @@
|
|||||||
{% set INSTALLEDSALTVERSION = grains.saltversion %}
|
{% set INSTALLEDSALTVERSION = grains.saltversion %}
|
||||||
|
|
||||||
{% if grains.saltversion|string != SALTVERSION|string %}
|
{% if grains.saltversion|string != SALTVERSION|string %}
|
||||||
{% if grains.os|lower in ['Rocky', 'redhat'] %}
|
{% if grains.os|lower in ['Rocky', 'redhat', 'CentOS Stream'] %}
|
||||||
{% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
|
{% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
|
||||||
{% elif grains.os|lower == 'ubuntu' %}
|
{% elif grains.os_family|lower == 'debian' %}
|
||||||
{% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
|
{% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|||||||
21
salt/strelka/tools/sbin_jinja/so-yara-download
Normal file
21
salt/strelka/tools/sbin_jinja/so-yara-download
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
NOROOT=1
|
||||||
|
. /usr/sbin/so-common
|
||||||
|
|
||||||
|
{%- set proxy = salt['pillar.get']('manager:proxy') %}
|
||||||
|
|
||||||
|
# Download the rules from the internet
|
||||||
|
{%- if proxy %}
|
||||||
|
export http_proxy={{ proxy }}
|
||||||
|
export https_proxy={{ proxy }}
|
||||||
|
export no_proxy= salt['pillar.get']('manager:no_proxy')
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
|
mkdir -p /tmp/yara
|
||||||
|
cd /tmp/yara
|
||||||
|
git clone https://github.com/Security-Onion-Solutions/securityonion-yara.git
|
||||||
|
mkdir -p /nsm/rules/yara
|
||||||
|
rsync -shav --progress /tmp/yara/securityonion-yara/yara /nsm/rules/
|
||||||
|
cd /tmp
|
||||||
|
rm -rf /tmp/yara
|
||||||
|
|
||||||
@@ -28,6 +28,7 @@
|
|||||||
'so_model': INIT.GRAINS.get('sosmodel',''),
|
'so_model': INIT.GRAINS.get('sosmodel',''),
|
||||||
'sensoroni_key': INIT.PILLAR.sensoroni.config.sensoronikey,
|
'sensoroni_key': INIT.PILLAR.sensoroni.config.sensoronikey,
|
||||||
'os': INIT.GRAINS.os,
|
'os': INIT.GRAINS.os,
|
||||||
|
'os_family': INIT.GRAINS.os_family,
|
||||||
'application_urls': {},
|
'application_urls': {},
|
||||||
'manager_roles': [
|
'manager_roles': [
|
||||||
'so-eval',
|
'so-eval',
|
||||||
|
|||||||
@@ -680,10 +680,10 @@ configure_ntp() {
|
|||||||
'rtcsync' \
|
'rtcsync' \
|
||||||
'logdir /var/log/chrony' >> $chrony_conf
|
'logdir /var/log/chrony' >> $chrony_conf
|
||||||
|
|
||||||
if [ "$OS" == 'rocky' ]; then
|
if [[ $is_rpm ]]; then
|
||||||
systemctl enable chronyd
|
systemctl enable chronyd
|
||||||
systemctl restart chronyd
|
systemctl restart chronyd
|
||||||
elif [ "$OS" == 'ubuntu' ]; then
|
else
|
||||||
systemctl enable chrony
|
systemctl enable chrony
|
||||||
systemctl restart chrony
|
systemctl restart chrony
|
||||||
fi
|
fi
|
||||||
@@ -949,21 +949,59 @@ detect_os() {
|
|||||||
OS=rocky
|
OS=rocky
|
||||||
OSVER=9
|
OSVER=9
|
||||||
is_rocky=true
|
is_rocky=true
|
||||||
pkgman="dnf"
|
is_rpm=true
|
||||||
else
|
not_supported=true
|
||||||
info "We do not support the operating system you are trying to use."
|
unset is_supported
|
||||||
fail_setup
|
elif grep -q "CentOS Stream release 9" /etc/redhat-release; then
|
||||||
|
OS=centos
|
||||||
|
OSVER=9
|
||||||
|
is_centos=true
|
||||||
|
is_rpm=true
|
||||||
|
not_supported=true
|
||||||
|
unset is_supported
|
||||||
|
elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then
|
||||||
|
if [ -f /etc/oracle-release ]; then
|
||||||
|
OS=oracle
|
||||||
|
OSVER=9
|
||||||
|
is_oracle=true
|
||||||
|
is_rpm=true
|
||||||
|
is_supported=true
|
||||||
|
else
|
||||||
|
OS=rhel
|
||||||
|
OSVER=9
|
||||||
|
is_rhel=true
|
||||||
|
is_rpm=true
|
||||||
|
not_supported=true
|
||||||
|
unset is_supported
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
elif [ -f /etc/os-release ]; then
|
elif [ -f /etc/os-release ]; then
|
||||||
OS=ubuntu
|
|
||||||
if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then
|
if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then
|
||||||
OSVER=focal
|
OSVER=focal
|
||||||
|
UBVER=20.04
|
||||||
|
OS=ubuntu
|
||||||
is_ubuntu=true
|
is_ubuntu=true
|
||||||
else
|
is_deb=true
|
||||||
info "We do not support your current version of Ubuntu."
|
not_supported=true
|
||||||
fail_setup
|
unset is_supported
|
||||||
|
elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then
|
||||||
|
OSVER=jammy
|
||||||
|
UBVER=22.04
|
||||||
|
OS=ubuntu
|
||||||
|
is_ubuntu=true
|
||||||
|
is_deb=true
|
||||||
|
not_supported=true
|
||||||
|
unset is_supported
|
||||||
|
elif grep -q "VERSION_CODENAME=bookworm" /etc/os-release; then
|
||||||
|
OSVER=bookworm
|
||||||
|
DEBVER=12
|
||||||
|
is_debian=true
|
||||||
|
OS=debian
|
||||||
|
is_deb=true
|
||||||
|
not_supported=true
|
||||||
|
unset is_supported
|
||||||
fi
|
fi
|
||||||
|
installer_prereq_packages
|
||||||
|
|
||||||
else
|
else
|
||||||
info "We were unable to determine if you are using a supported OS."
|
info "We were unable to determine if you are using a supported OS."
|
||||||
@@ -971,7 +1009,6 @@ detect_os() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
info "Found OS: $OS $OSVER"
|
info "Found OS: $OS $OSVER"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
download_elastic_agent_artifacts() {
|
download_elastic_agent_artifacts() {
|
||||||
@@ -1007,28 +1044,20 @@ installer_progress_loop() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
installer_prereq_packages() {
|
installer_prereq_packages() {
|
||||||
# if [ "$OS" == rocky ]; then
|
if [[ $is_deb ]]; then
|
||||||
# if [[ ! $is_iso ]]; then
|
|
||||||
# if ! command -v nmcli > /dev/null 2>&1; then
|
|
||||||
# logCmd "dnf -y install NetworkManager"
|
|
||||||
# fi
|
|
||||||
# fi
|
|
||||||
# logCmd "systemctl enable NetworkManager"
|
|
||||||
# logCmd "systemctl start NetworkManager"
|
|
||||||
# el
|
|
||||||
|
|
||||||
if [ "$OS" == ubuntu ]; then
|
|
||||||
# Print message to stdout so the user knows setup is doing something
|
# Print message to stdout so the user knows setup is doing something
|
||||||
info "Running apt-get update"
|
info "Running apt-get update"
|
||||||
retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup
|
retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup
|
||||||
# Install network manager so we can do interface stuff
|
# Install network manager so we can do interface stuff
|
||||||
if ! command -v nmcli > /dev/null 2>&1; then
|
if ! command -v nmcli > /dev/null 2>&1; then
|
||||||
info "Installing network-manager"
|
info "Installing network-manager"
|
||||||
retry 150 10 "apt-get -y install network-manager" >> "$setup_log" 2>&1 || fail_setup
|
retry 150 10 "apt-get -y install network-manager ethtool" >> "$setup_log" 2>&1 || fail_setup
|
||||||
{
|
if [[ $is_debian ]]; then
|
||||||
systemctl enable NetworkManager
|
info "Enabling network manager for the main interface"
|
||||||
systemctl start NetworkManager
|
logCmd "sed -i 's/managed=false/managed=true/g' /etc/NetworkManager/NetworkManager.conf"
|
||||||
} >> "$setup_log" 2<&1
|
fi
|
||||||
|
logCmd systemctl enable NetworkManager
|
||||||
|
logCmd systemctl start NetworkManager
|
||||||
fi
|
fi
|
||||||
if ! command -v curl > /dev/null 2>&1; then
|
if ! command -v curl > /dev/null 2>&1; then
|
||||||
retry 150 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || fail_setup
|
retry 150 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || fail_setup
|
||||||
@@ -1575,7 +1604,7 @@ network_init() {
|
|||||||
title "Initializing Network"
|
title "Initializing Network"
|
||||||
disable_ipv6
|
disable_ipv6
|
||||||
set_hostname
|
set_hostname
|
||||||
if [[ ( $is_iso || $is_desktop_iso ) ]]; then
|
if [[ ( $is_iso || $is_desktop_iso || $is_debian ) ]]; then
|
||||||
set_management_interface
|
set_management_interface
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@@ -1740,7 +1769,7 @@ reserve_ports() {
|
|||||||
reinstall_init() {
|
reinstall_init() {
|
||||||
info "Putting system in state to run setup again"
|
info "Putting system in state to run setup again"
|
||||||
|
|
||||||
if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
|
if [[ $install_type =~ ^(MANAGER|EVAL|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
|
||||||
local salt_services=( "salt-master" "salt-minion" )
|
local salt_services=( "salt-master" "salt-minion" )
|
||||||
else
|
else
|
||||||
local salt_services=( "salt-minion" )
|
local salt_services=( "salt-minion" )
|
||||||
@@ -1815,7 +1844,7 @@ reinstall_init() {
|
|||||||
# Remove the old launcher package in case the config changes
|
# Remove the old launcher package in case the config changes
|
||||||
remove_package launcher-final
|
remove_package launcher-final
|
||||||
|
|
||||||
if [[ $OS == 'ubuntu' ]]; then
|
if [[ $is_deb ]]; then
|
||||||
info "Unholding previously held packages."
|
info "Unholding previously held packages."
|
||||||
apt-mark unhold $(apt-mark showhold)
|
apt-mark unhold $(apt-mark showhold)
|
||||||
fi
|
fi
|
||||||
@@ -1836,7 +1865,7 @@ reset_proxy() {
|
|||||||
|
|
||||||
[[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig
|
[[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig
|
||||||
|
|
||||||
if [[ $is_rocky ]]; then
|
if [[ $is_rpm ]]; then
|
||||||
sed -i "/proxy=/d" /etc/dnf/dnf.conf
|
sed -i "/proxy=/d" /etc/dnf/dnf.conf
|
||||||
else
|
else
|
||||||
[[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf
|
[[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf
|
||||||
@@ -1882,7 +1911,7 @@ drop_install_options() {
|
|||||||
|
|
||||||
remove_package() {
|
remove_package() {
|
||||||
local package_name=$1
|
local package_name=$1
|
||||||
if [[ $is_rocky ]]; then
|
if [[ $is_rpm ]]; then
|
||||||
if rpm -qa | grep -q "$package_name"; then
|
if rpm -qa | grep -q "$package_name"; then
|
||||||
logCmd "dnf remove -y $package_name"
|
logCmd "dnf remove -y $package_name"
|
||||||
fi
|
fi
|
||||||
@@ -1903,11 +1932,10 @@ remove_package() {
|
|||||||
|
|
||||||
securityonion_repo() {
|
securityonion_repo() {
|
||||||
# Remove all the current repos
|
# Remove all the current repos
|
||||||
if [[ $is_rocky ]]; then
|
if [[ $is_oracle ]]; then
|
||||||
logCmd "dnf -v clean all"
|
logCmd "dnf -v clean all"
|
||||||
logCmd "mkdir -vp /root/oldrepos"
|
logCmd "mkdir -vp /root/oldrepos"
|
||||||
logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
|
logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
|
||||||
logCmd "ls -la /etc/yum.repos.d/"
|
|
||||||
if [[ ! $waitforstate ]]; then
|
if [[ ! $waitforstate ]]; then
|
||||||
echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo
|
echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo
|
||||||
echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo
|
echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo
|
||||||
@@ -1922,20 +1950,13 @@ securityonion_repo() {
|
|||||||
echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
|
echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
|
||||||
echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
|
echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
# need to yum clean all before repo conf files are removed or clean,cleans nothing
|
if [[ $is_rpm ]]; then logCmd "dnf repolist all"; fi
|
||||||
logCmd "dnf repolist all"
|
if [[ $waitforstate ]]; then
|
||||||
# update this package because the repo config files get added back
|
if [[ ! $is_airgap ]]; then
|
||||||
# if the package is updated when the update_packages function is called
|
if [[ $is_rpm ]]; then
|
||||||
if [ -f "/etc/yum.repos.d/rocky.repo" ]; then
|
|
||||||
info "Backing up the .repo files that were added by the centos-release package."
|
|
||||||
logCmd "mv -bvf /etc/yum.repos.d/rocky* /root/oldrepos/"
|
|
||||||
logCmd "dnf repolist all"
|
|
||||||
fi
|
|
||||||
if [[ $waitforstate ]]; then
|
|
||||||
if [[ ! $is_airgap ]]; then
|
|
||||||
# Build the repo locally so we can use it
|
# Build the repo locally so we can use it
|
||||||
echo "Syncing Repo"
|
echo "Syncing Repos"
|
||||||
repo_sync_local
|
repo_sync_local
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@@ -1943,45 +1964,71 @@ securityonion_repo() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
repo_sync_local() {
|
repo_sync_local() {
|
||||||
# Sync the repo from the the SO repo locally.
|
info "Repo Sync"
|
||||||
# Check for reposync
|
if [[ $is_supported ]]; then
|
||||||
info "Backing up old repos"
|
# Sync the repo from the the SO repo locally.
|
||||||
mkdir -p /nsm/repo
|
# Check for reposync
|
||||||
mkdir -p /opt/so/conf/reposync/cache
|
info "Backing up old repos"
|
||||||
echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt
|
mkdir -p /nsm/repo
|
||||||
echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt
|
mkdir -p /opt/so/conf/reposync/cache
|
||||||
echo "[main]" > /opt/so/conf/reposync/repodownload.conf
|
echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /opt/so/conf/reposync/mirror.txt
|
||||||
echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
|
echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /opt/so/conf/reposync/mirror.txt
|
||||||
echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
|
echo "[main]" > /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf
|
echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "best=True" >> /opt/so/conf/reposync/repodownload.conf
|
echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf
|
echo "clean_requirements_on_remove=True" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf
|
echo "best=True" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
|
echo "skip_if_unavailable=False" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
|
echo "cachedir=/opt/so/conf/reposync/cache" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
|
echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "#baseurl=https://repo.securityonion.net/file/so-repo/2.4/" >> /opt/so/conf/reposync/repodownload.conf
|
echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf
|
echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
|
echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
|
echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
|
echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
|
||||||
|
|
||||||
logCmd "dnf repolist"
|
logCmd "dnf repolist"
|
||||||
# Make sure we can get to the sig repo
|
|
||||||
# TODO Add if for ISO install
|
if [[ ! $is_airgap ]]; then
|
||||||
curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
|
curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
|
||||||
logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
|
logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
|
||||||
|
fi
|
||||||
|
|
||||||
# After the download is complete run createrepo
|
# After the download is complete run createrepo
|
||||||
create_repo
|
create_repo
|
||||||
|
else
|
||||||
|
# Add the proper repos for unsupported stuff
|
||||||
|
echo "Adding Repos"
|
||||||
|
if [[ $is_rpm ]]; then
|
||||||
|
dnf -y install epel-release
|
||||||
|
dnf install -y yum-utils device-mapper-persistent-data lvm2
|
||||||
|
curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo
|
||||||
|
rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
|
||||||
|
if [[ $is_rhel ]]; then
|
||||||
|
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
|
||||||
|
curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
|
||||||
|
else
|
||||||
|
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
|
||||||
|
curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
|
||||||
|
fi
|
||||||
|
if [[ $is_rocky ]]; then
|
||||||
|
dnf config-manager --set-enabled crb
|
||||||
|
dnf repolist
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Not sure how you got here."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
saltify() {
|
saltify() {
|
||||||
|
info "Installing Salt"
|
||||||
SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //')
|
SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //')
|
||||||
if [[ $is_ubuntu ]]; then
|
if [[ $is_deb ]]; then
|
||||||
|
|
||||||
DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || fail_setup
|
DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || fail_setup
|
||||||
update-alternatives --install /usr/bin/python python /usr/bin/python3.8 10
|
if [ $OSVER == "focal" ]; then update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10; fi
|
||||||
local pkg_arr=(
|
local pkg_arr=(
|
||||||
'apache2-utils'
|
'apache2-utils'
|
||||||
'ca-certificates'
|
'ca-certificates'
|
||||||
@@ -1989,17 +2036,35 @@ saltify() {
|
|||||||
'software-properties-common'
|
'software-properties-common'
|
||||||
'apt-transport-https'
|
'apt-transport-https'
|
||||||
'openssl'
|
'openssl'
|
||||||
'netcat'
|
'netcat-openbsd'
|
||||||
'jq'
|
'jq'
|
||||||
|
'gnupg'
|
||||||
)
|
)
|
||||||
retry 150 20 "apt-get -y install ${pkg_arr[*]}" || fail_setup
|
retry 150 20 "apt-get -y install ${pkg_arr[*]}" || fail_setup
|
||||||
|
|
||||||
logCmd "mkdir -vp /etc/apt/keyrings"
|
logCmd "mkdir -vp /etc/apt/keyrings"
|
||||||
#logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub"
|
|
||||||
logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg"
|
logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg"
|
||||||
|
|
||||||
logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
|
if [[ $is_ubuntu ]]; then
|
||||||
echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/minor/$SALTVERSION/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list
|
|
||||||
|
# Add Salt Repo
|
||||||
|
logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
|
||||||
|
echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ $OSVER main" | sudo tee /etc/apt/sources.list.d/salt.list
|
||||||
|
|
||||||
|
# Add Docker Repo
|
||||||
|
add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
||||||
|
|
||||||
|
else
|
||||||
|
# Add Salt Repo *NOTE* You have to use debian 11 since it isn't out for 12
|
||||||
|
logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
|
||||||
|
echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/ bullseye main" | sudo tee /etc/apt/sources.list.d/salt.list
|
||||||
|
|
||||||
|
# Add Docker Repo
|
||||||
|
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
|
||||||
|
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $OSVER stable" > /etc/apt/sources.list.d/docker.list
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg"
|
logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg"
|
||||||
|
|
||||||
#logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub"
|
#logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub"
|
||||||
@@ -2008,19 +2073,20 @@ saltify() {
|
|||||||
# Add SO Saltstack Repo
|
# Add SO Saltstack Repo
|
||||||
#echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list
|
#echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list
|
||||||
|
|
||||||
# Add Docker Repo
|
|
||||||
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
|
||||||
|
|
||||||
# Ain't nothing but a GPG
|
# Ain't nothing but a GPG
|
||||||
|
|
||||||
retry 150 20 "apt-get update" "" "Err:" || fail_setup
|
retry 150 20 "apt-get update" "" "Err:" || fail_setup
|
||||||
retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup
|
if [[ $waitforstate ]]; then
|
||||||
retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup
|
retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION salt-master=$SALTVERSION" || fail_setup
|
||||||
#retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1
|
retry 150 20 "apt-mark hold salt-minion salt-common salt-master" || fail_setup
|
||||||
|
retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1
|
||||||
|
else
|
||||||
|
retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup
|
||||||
|
retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ $is_rocky ]]; then
|
if [[ $is_rpm ]]; then
|
||||||
if [[ $waitforstate ]]; then
|
if [[ $waitforstate ]]; then
|
||||||
# install all for a manager
|
# install all for a manager
|
||||||
logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION"
|
logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION"
|
||||||
@@ -2164,7 +2230,7 @@ set_proxy() {
|
|||||||
"}" > /root/.docker/config.json
|
"}" > /root/.docker/config.json
|
||||||
|
|
||||||
# Set proxy for package manager
|
# Set proxy for package manager
|
||||||
if [[ $is_rocky ]]; then
|
if [[ $is_rpm ]]; then
|
||||||
echo "proxy=$so_proxy" >> /etc/yum.conf
|
echo "proxy=$so_proxy" >> /etc/yum.conf
|
||||||
else
|
else
|
||||||
# Set it up so the updates roll through the manager
|
# Set it up so the updates roll through the manager
|
||||||
@@ -2292,6 +2358,7 @@ set_management_interface() {
|
|||||||
if [ "$address_type" = 'DHCP' ]; then
|
if [ "$address_type" = 'DHCP' ]; then
|
||||||
logCmd "nmcli con mod $MNIC connection.autoconnect yes"
|
logCmd "nmcli con mod $MNIC connection.autoconnect yes"
|
||||||
logCmd "nmcli con up $MNIC"
|
logCmd "nmcli con up $MNIC"
|
||||||
|
logCmd "nmcli -p connection show $MNIC"
|
||||||
else
|
else
|
||||||
# Set Static IP
|
# Set Static IP
|
||||||
nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\
|
nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\
|
||||||
@@ -2335,22 +2402,6 @@ so_add_user() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
ubuntu_check() {
|
|
||||||
if [[ $OS == "ubuntu" ]]; then
|
|
||||||
if [[ $waitforstate ]]; then
|
|
||||||
whiptail_ubuntu_notsupported
|
|
||||||
fail_setup
|
|
||||||
else
|
|
||||||
if [[ $UBUNTUINSTALL == "needtoupgrade" ]]; then
|
|
||||||
whiptail_ubuntu_warning
|
|
||||||
else
|
|
||||||
whiptail_ubuntu_notsupported
|
|
||||||
fail_setup
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
update_sudoers_for_testing() {
|
update_sudoers_for_testing() {
|
||||||
if [ -n "$TESTING" ]; then
|
if [ -n "$TESTING" ]; then
|
||||||
info "Ensuring $INSTALLUSERNAME has password-less sudo access for automated testing purposes."
|
info "Ensuring $INSTALLUSERNAME has password-less sudo access for automated testing purposes."
|
||||||
@@ -2359,15 +2410,15 @@ update_sudoers_for_testing() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
update_packages() {
|
update_packages() {
|
||||||
if [[ $is_rocky ]]; then
|
if [[ $is_oracle ]]; then
|
||||||
logCmd "dnf repolist"
|
logCmd "dnf repolist"
|
||||||
logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*"
|
logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*"
|
||||||
RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo")
|
RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo")
|
||||||
info "Removing repo files added by rocky-repos package update"
|
info "Removing repo files added by oracle-repos package update"
|
||||||
for FILE in ${RMREPOFILES[@]}; do
|
for FILE in ${RMREPOFILES[@]}; do
|
||||||
logCmd "rm -f /etc/yum.repos.d/$FILE"
|
logCmd "rm -f /etc/yum.repos.d/$FILE"
|
||||||
done
|
done
|
||||||
else
|
elif [[ $is_deb ]]; then
|
||||||
info "Running apt-get update"
|
info "Running apt-get update"
|
||||||
retry 150 10 "apt-get -y update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup
|
retry 150 10 "apt-get -y update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup
|
||||||
info "Running apt-get upgrade"
|
info "Running apt-get upgrade"
|
||||||
|
|||||||
@@ -65,6 +65,27 @@ done
|
|||||||
# Let's see what OS we are dealing with here
|
# Let's see what OS we are dealing with here
|
||||||
detect_os
|
detect_os
|
||||||
|
|
||||||
|
# Ubuntu/Debian whiptail pallete to make it look the same as CentOS and Rocky.
|
||||||
|
set_palette >> $setup_log 2>&1
|
||||||
|
|
||||||
|
if [[ $not_supported ]]; then
|
||||||
|
if [[ "$OSVER" == "focal" ]]; then
|
||||||
|
if (whiptail_focal_warning); then
|
||||||
|
true
|
||||||
|
else
|
||||||
|
info "User cancelled setup."
|
||||||
|
whiptail_cancel
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if (whiptail_unsupported_os_warning); then
|
||||||
|
true
|
||||||
|
else
|
||||||
|
info "User cancelled setup."
|
||||||
|
whiptail_cancel
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# Check to see if this is the setup type of "desktop".
|
# Check to see if this is the setup type of "desktop".
|
||||||
is_desktop=
|
is_desktop=
|
||||||
if [ "$setup_type" = 'desktop' ]; then
|
if [ "$setup_type" = 'desktop' ]; then
|
||||||
@@ -78,7 +99,7 @@ fi
|
|||||||
# Make sure if ISO is specified that we are dealing with CentOS or Rocky
|
# Make sure if ISO is specified that we are dealing with CentOS or Rocky
|
||||||
title "Detecting if this is an ISO install"
|
title "Detecting if this is an ISO install"
|
||||||
if [[ "$setup_type" == 'iso' ]]; then
|
if [[ "$setup_type" == 'iso' ]]; then
|
||||||
if [[ $is_centos || $is_rocky ]]; then
|
if [[ $is_rpm ]]; then
|
||||||
is_iso=true
|
is_iso=true
|
||||||
else
|
else
|
||||||
echo "Only use 'so-setup iso' for an ISO install on Security Onion ISO images. Please run 'so-setup network' instead."
|
echo "Only use 'so-setup iso' for an ISO install on Security Onion ISO images. Please run 'so-setup network' instead."
|
||||||
@@ -91,8 +112,10 @@ if [[ $is_desktop ]]; then
|
|||||||
title "This is a desktop install"
|
title "This is a desktop install"
|
||||||
|
|
||||||
# Make sure it's CentOS or Rocky Linux
|
# Make sure it's CentOS or Rocky Linux
|
||||||
if [[ ! $is_rocky ]]; then
|
if [[ $is_rpm ]]; then
|
||||||
info "Security Onion Desktop is only supported on Rocky Linux 9"
|
info "Security Onion Desktop is supported on this OS."
|
||||||
|
else
|
||||||
|
info "Security Onion Desktop is not supported on this OS."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -245,9 +268,6 @@ local_sbin="$(pwd)/../salt/common/tools/sbin"
|
|||||||
manager_sbin="$(pwd)/../salt/manager/tools/sbin"
|
manager_sbin="$(pwd)/../salt/manager/tools/sbin"
|
||||||
export PATH=$PATH:$local_sbin:$manager_sbin
|
export PATH=$PATH:$local_sbin:$manager_sbin
|
||||||
|
|
||||||
# Ubuntu whiptail pallete to make it look the same as CentOS and Rocky.
|
|
||||||
set_palette >> $setup_log 2>&1
|
|
||||||
|
|
||||||
# Kernel messages can overwrite whiptail screen #812
|
# Kernel messages can overwrite whiptail screen #812
|
||||||
# https://github.com/Security-Onion-Solutions/securityonion/issues/812
|
# https://github.com/Security-Onion-Solutions/securityonion/issues/812
|
||||||
dmesg -D
|
dmesg -D
|
||||||
@@ -401,7 +421,6 @@ if ! [[ -f $install_opt_file ]]; then
|
|||||||
info "Setting up as node type manager"
|
info "Setting up as node type manager"
|
||||||
check_elastic_license
|
check_elastic_license
|
||||||
waitforstate=true
|
waitforstate=true
|
||||||
#ubuntu_check
|
|
||||||
[[ $is_iso ]] && whiptail_airgap
|
[[ $is_iso ]] && whiptail_airgap
|
||||||
check_requirements "manager"
|
check_requirements "manager"
|
||||||
networking_needful
|
networking_needful
|
||||||
|
|||||||
@@ -455,6 +455,28 @@ __append_end_msg() {
|
|||||||
EOM
|
EOM
|
||||||
}
|
}
|
||||||
|
|
||||||
|
whiptail_focal_warning() {
|
||||||
|
|
||||||
|
[ -n "$TESTING" ] && return
|
||||||
|
|
||||||
|
read -r -d '' focal_warning_continue <<- EOM
|
||||||
|
|
||||||
|
WARNING: Ubuntu 20.04 is only supported as a minion role.
|
||||||
|
|
||||||
|
This node may not install or operate as expected if installed
|
||||||
|
as a manager, managersearch, standalone, eval, or import.
|
||||||
|
|
||||||
|
Would you like to continue the install?
|
||||||
|
|
||||||
|
EOM
|
||||||
|
whiptail --title "$whiptail_title" \
|
||||||
|
--yesno "$focal_warning_continue" 14 75 --defaultno
|
||||||
|
|
||||||
|
local exitstatus=$?
|
||||||
|
return $exitstatus
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
whiptail_gauge_post_setup() {
|
whiptail_gauge_post_setup() {
|
||||||
|
|
||||||
if [ -n "$TESTING" ]; then
|
if [ -n "$TESTING" ]; then
|
||||||
@@ -523,7 +545,7 @@ whiptail_install_type() {
|
|||||||
[ -n "$TESTING" ] && return
|
[ -n "$TESTING" ] && return
|
||||||
|
|
||||||
# What kind of install are we doing?
|
# What kind of install are we doing?
|
||||||
if [[ $OS = 'rocky' ]]; then
|
# if [[ $is_rocky || $is_centos ]]; then
|
||||||
install_type=$(whiptail --title "$whiptail_title" --menu \
|
install_type=$(whiptail --title "$whiptail_title" --menu \
|
||||||
"What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \
|
"What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \
|
||||||
"IMPORT" "Import PCAP or log files " \
|
"IMPORT" "Import PCAP or log files " \
|
||||||
@@ -533,14 +555,14 @@ whiptail_install_type() {
|
|||||||
"OTHER" "Other install types" \
|
"OTHER" "Other install types" \
|
||||||
3>&1 1>&2 2>&3
|
3>&1 1>&2 2>&3
|
||||||
)
|
)
|
||||||
elif [[ $OS = 'ubuntu' ]]; then
|
# elif [[ $is_ubuntu ]]; then
|
||||||
install_type=$(whiptail --title "$whiptail_title" --menu \
|
# install_type=$(whiptail --title "$whiptail_title" --menu \
|
||||||
"What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \
|
# "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \
|
||||||
"DISTRIBUTED" "Distributed install submenu " \
|
# "DISTRIBUTED" "Distributed install submenu " \
|
||||||
"OTHER" "Other install types" \
|
# "OTHER" "Other install types" \
|
||||||
3>&1 1>&2 2>&3
|
# 3>&1 1>&2 2>&3
|
||||||
)
|
# )
|
||||||
fi
|
# fi
|
||||||
|
|
||||||
local exitstatus=$?
|
local exitstatus=$?
|
||||||
whiptail_check_exitstatus $exitstatus
|
whiptail_check_exitstatus $exitstatus
|
||||||
@@ -563,18 +585,18 @@ whiptail_install_type_dist() {
|
|||||||
|
|
||||||
[ -n "$TESTING" ] && return
|
[ -n "$TESTING" ] && return
|
||||||
|
|
||||||
if [[ $OS = 'rocky' ]]; then
|
# if [[ $is_rocky || $is_centos ]]; then
|
||||||
dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \
|
dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \
|
||||||
"New Deployment " "Create a new Security Onion deployment" \
|
"New Deployment " "Create a new Security Onion deployment" \
|
||||||
"Existing Deployment " "Join to an existing Security Onion deployment " \
|
"Existing Deployment " "Join to an existing Security Onion deployment " \
|
||||||
3>&1 1>&2 2>&3
|
3>&1 1>&2 2>&3
|
||||||
)
|
)
|
||||||
elif [[ $OS = 'ubuntu' ]]; then
|
# elif [[ $is_ubuntu ]]; then
|
||||||
dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \
|
# dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \
|
||||||
"Existing Deployment " "Join to an existing Security Onion deployment " \
|
# "Existing Deployment " "Join to an existing Security Onion deployment " \
|
||||||
3>&1 1>&2 2>&3
|
# 3>&1 1>&2 2>&3
|
||||||
)
|
# )
|
||||||
fi
|
# fi
|
||||||
|
|
||||||
local exitstatus=$?
|
local exitstatus=$?
|
||||||
whiptail_check_exitstatus $exitstatus
|
whiptail_check_exitstatus $exitstatus
|
||||||
@@ -1426,6 +1448,27 @@ whiptail_ubuntu_warning() {
|
|||||||
whiptail --title "$whiptail_title" --msgbox "$message" 14 75
|
whiptail --title "$whiptail_title" --msgbox "$message" 14 75
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
whiptail_unsupported_os_warning() {
|
||||||
|
|
||||||
|
[ -n "$TESTING" ] && return
|
||||||
|
|
||||||
|
read -r -d '' unsupported_os_continue <<- EOM
|
||||||
|
|
||||||
|
WARNING: An unsupported operating system has been detected.
|
||||||
|
Security Onion may not install or operate as expected.
|
||||||
|
|
||||||
|
Would you like to continue the install?
|
||||||
|
|
||||||
|
EOM
|
||||||
|
whiptail --title "$whiptail_title" \
|
||||||
|
--yesno "$unsupported_os_continue" 14 75 --defaultno
|
||||||
|
|
||||||
|
local exitstatus=$?
|
||||||
|
return $exitstatus
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
whiptail_uppercase_warning() {
|
whiptail_uppercase_warning() {
|
||||||
|
|
||||||
[ -n "$TESTING" ] && return
|
[ -n "$TESTING" ] && return
|
||||||
|
|||||||
Reference in New Issue
Block a user