CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/2.4/dev' into 2.4/mysql

Browse Source
This commit is contained in:
m0duspwnens
2023-07-19 14:41:03 -04:00
parent 3c0554a42c a892adb66f
commit 0ac9a1f9cc
37 changed files with 768 additions and 467 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/_modules/needs_restarting.py
View File

@@ -10,6 +10,14 @@ def check():
if path.exists('/var/run/reboot-required'):
retval = 'True'
elif os == 'CentOS Stream':
cmd = 'needs-restarting -r > /dev/null 2>&1'
try:
needs_restarting = subprocess.check_call(cmd, shell=True)
except subprocess.CalledProcessError:
retval = 'True'
elif os == 'Rocky':
cmd = 'needs-restarting -r > /dev/null 2>&1'

3
salt/common/init.sls
View File

@@ -195,7 +195,7 @@ soversionfile:
{% endif %}
{% if GLOBALS.so_model and GLOBALS.so_model not in ['SO2AMI01', 'SO2AZI01', 'SO2GCI01'] %}
{% if GLOBALS.os == 'Rocky' %}
{% if GLOBALS.os == 'OEL' %}
# Install Raid tools
raidpkgs:
pkg.installed:
@@ -218,7 +218,6 @@ so-raid-status:
- dayweek: '*'
{% endif %}
{% else %}
{{sls}}_state_not_allowed:

25
salt/common/packages.sls
View File

@@ -1,6 +1,6 @@
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% if GLOBALS.os == 'Ubuntu' %}
{% if GLOBALS.os_family == 'Debian' %}
commonpkgs:
pkg.installed:
- skip_suggestions: True
@@ -14,16 +14,24 @@ commonpkgs:
- software-properties-common
- apt-transport-https
- openssl
- netcat
- netcat-openbsd
- sqlite3
- libssl-dev
- python3-dateutil
- python3-docker
- python3-packaging
- python3-watchdog
- python3-lxml
- git
- rsync
- vim
- tar
- unzip
{% if grains.oscodename != 'focal' %}
- python3-rich
{% endif %}
{% if grains.oscodename == 'focal' %}
# since Ubuntu requires and internet connection we can use pip to install modules
python3-pip:
pkg.installed
@@ -34,9 +42,10 @@ python-rich:
- target: /usr/local/lib/python3.8/dist-packages/
- require:
- pkg: python3-pip
{% endif %}
{% endif %}
{% elif GLOBALS.os == 'Rocky' %}
{% if GLOBALS.os_family == 'RedHat' %}
commonpkgs:
pkg.installed:
- skip_suggestions: True
@@ -48,7 +57,11 @@ commonpkgs:
- net-tools
- curl
- sqlite
{% if GLOBALS.os == 'CentOS Stream' %}
- MariaDB-devel
{% else %}
- mariadb-devel
{% endif %}
- python3-dnf-plugin-versionlock
- nmap-ncat
- yum-utils
@@ -64,4 +77,8 @@ commonpkgs:
- python3-watchdog
- python3-packaging
- unzip
- fuse
- fuse-libs
- fuse-overlayfs
- fuse-common
{% endif %}

34
salt/common/tools/sbin/so-common
View File

@@ -199,19 +199,20 @@ get_random_value() {
}
gpg_rpm_import() {
if [[ "$OS" == "rocky" ]]; then
if [[ $is_oracle ]]; then
if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then
local RPMKEYSLOC="../salt/repo/client/files/rocky/keys"
local RPMKEYSLOC="../salt/repo/client/files/$OS/keys"
else
local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/rocky/keys"
local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys"
fi
RPMKEYS=('RPM-GPG-KEY-rockyofficial' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub')
RPMKEYS=('RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY')
for RPMKEY in "${RPMKEYS[@]}"; do
rpm --import $RPMKEYSLOC/$RPMKEY
echo "Imported $RPMKEY"
done
else
info "Importing the security onion GPG key"
rpm --import ../salt/repo/client/files/oracle/keys/securityonion.pub
fi
}
@@ -395,19 +396,22 @@ salt_minion_count() {
}
set_cron_service_name() {
if [[ "$OS" == "rocky" ]]; then
cron_service_name="crond"
else
cron_service_name="cron"
fi
}
set_os() {
if [ -f /etc/redhat-release ]; then
if grep -q "Rocky Linux release 9" /etc/redhat-release; then
OS=rocky
OSVER=9
is_rocky=true
elif grep -q "CentOS Stream release 9" /etc/redhat-release; then
OS=centos
OSVER=9
is_centos=true
fi
cron_service_name="crond"
else
OS=ubuntu
is_ubuntu=true
cron_service_name="cron"
fi
}
@@ -416,7 +420,7 @@ set_minionid() {
}
set_palette() {
if [ "$OS" == ubuntu ]; then
if [[ $is_deb ]]; then
update-alternatives --set newt-palette /etc/newt/palette.original
fi
}

26
salt/desktop/trusted-ca.sls
View File

@@ -27,6 +27,32 @@ update_ca_certs:
- onchanges:
- x509: trusted_ca
{% elif GLOBALS.os == 'CentOS Stream' %}
{% set global_ca_text = [] %}
{% set global_ca_server = [] %}
{% set manager = GLOBALS.manager %}
{% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
{% for host in x509dict %}
{% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import', 'eval'] %}
{% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
{% do global_ca_server.append(host) %}
{% endif %}
{% endfor %}
{% set trusttheca_text = global_ca_text[0] %}
{% set ca_server = global_ca_server[0] %}
trusted_ca:
x509.pem_managed:
- name: /etc/pki/ca-trust/source/anchors/ca.crt
- text: {{ trusttheca_text }}
update_ca_certs:
cmd.run:
- name: update-ca-trust
- onchanges:
- x509: trusted_ca
{% else %}
desktop_trusted-ca_os_fail:

30
salt/docker/init.sls
View File

@@ -12,7 +12,28 @@ dockergroup:
- name: docker
- gid: 920
{% if GLOBALS.os == 'Ubuntu' %}
{% if GLOBALS.os_family == 'Debian' %}
{% if grains.oscodename == 'bookworm' %}
dockerheldpackages:
pkg.installed:
- pkgs:
- containerd.io: 1.6.21-1
- docker-ce: 5:24.0.3-1~debian.12~bookworm
- docker-ce-cli: 5:24.0.3-1~debian.12~bookworm
- docker-ce-rootless-extras: 5:24.0.3-1~debian.12~bookworm
- hold: True
- update_holds: True
{% elif grains.oscodename == 'jammy' %}
dockerheldpackages:
pkg.installed:
- pkgs:
- containerd.io: 1.6.21-1
- docker-ce: 5:24.0.2-1~ubuntu.22.04~jammy
- docker-ce-cli: 5:24.0.2-1~ubuntu.22.04~jammy
- docker-ce-rootless-extras: 5:24.0.2-1~ubuntu.22.04~jammy
- hold: True
- update_holds: True
{% else %}
dockerheldpackages:
pkg.installed:
- pkgs:
@@ -22,14 +43,15 @@ dockerheldpackages:
- docker-ce-rootless-extras: 5:20.10.5~3-0~ubuntu-focal
- hold: True
- update_holds: True
{% endif %}
{% else %}
dockerheldpackages:
pkg.installed:
- pkgs:
- containerd.io: 1.6.21-3.1.el9
- docker-ce: 24.0.2-1.el9
- docker-ce-cli: 24.0.2-1.el9
- docker-ce-rootless-extras: 24.0.2-1.el9
- docker-ce: 24.0.4-1.el9
- docker-ce-cli: 24.0.4-1.el9
- docker-ce-rootless-extras: 24.0.4-1.el9
- hold: True
- update_holds: True
{% endif %}

13
salt/elasticfleet/enabled.sls
View File

@@ -62,6 +62,9 @@ so-elastic-fleet:
{% endfor %}
- binds:
- /etc/pki:/etc/pki:ro
{% if GLOBALS.os_family == 'Debian' %}
- /etc/ssl:/etc/ssl:ro
{% endif %}
#- /opt/so/conf/elastic-fleet/state:/usr/share/elastic-agent/state:rw
{% if DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-elastic-fleet'].custom_bind_mounts %}
@@ -70,14 +73,20 @@ so-elastic-fleet:
{% endif %}
- environment:
- FLEET_SERVER_ENABLE=true
- FLEET_URL=https://{{ GLOBALS.node_ip }}:8220
- FLEET_URL=https://{{ GLOBALS.hostname }}:8220
- FLEET_SERVER_ELASTICSEARCH_HOST=https://{{ GLOBALS.manager }}:9200
- FLEET_SERVER_SERVICE_TOKEN={{ SERVICETOKEN }}
- FLEET_SERVER_POLICY_ID=FleetServer_{{ GLOBALS.hostname }}
- FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt
- FLEET_SERVER_CERT=/etc/pki/elasticfleet-server.crt
- FLEET_SERVER_CERT_KEY=/etc/pki/elasticfleet-server.key
{% if GLOBALS.os_family == 'Debian' %}
- FLEET_CA=/etc/ssl/certs/intca.crt
- FLEET_SERVER_ELASTICSEARCH_CA=/etc/ssl/certs/intca.crt
{% else %}
- FLEET_CA=/etc/pki/tls/certs/intca.crt
- FLEET_SERVER_ELASTICSEARCH_CA=/etc/pki/tls/certs/intca.crt
{% endif %}
{% if DOCKER.containers['so-elastic-fleet'].extra_env %}
{% for XTRAENV in DOCKER.containers['so-elastic-fleet'].extra_env %}
- {{ XTRAENV }}

14
salt/elasticfleet/tools/sbin_jinja/so-elastic-fleet-setup
View File

@@ -6,6 +6,12 @@
# this file except in compliance with the Elastic License 2.0.
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% if GLOBALS.os_family == 'Debian' %}
INTCA=/etc/ssl/certs/intca.crt
{% else %}
INTCA=/etc/pki/tls/certs/intca.crt
{% endif %}
. /usr/sbin/so-elastic-fleet-common
printf "\n### Create ES Token ###\n"
@@ -13,7 +19,7 @@ ESTOKEN=$(curl -K /opt/so/conf/elasticsearch/curl.config -L -X POST "localhost:5
### Create Outputs & Fleet URLs ###
printf "\nAdd Manager Elasticsearch Output...\n"
ESCACRT=$(openssl x509 -in /etc/pki/tls/certs/intca.crt)
ESCACRT=$(openssl x509 -in $INTCA)
JSON_STRING=$( jq -n \
--arg ESCACRT "$ESCACRT" \
'{"name":"so-manager_elasticsearch","id":"so-manager_elasticsearch","type":"elasticsearch","hosts":["https://{{ GLOBALS.manager_ip }}:9200","https://{{ GLOBALS.manager }}:9200"],"is_default":true,"is_default_monitoring":true,"config_yaml":"","ssl":{"certificate_authorities": [$ESCACRT]}}' )
@@ -22,9 +28,9 @@ printf "\n\n"
printf "\nCreate Logstash Output Config if node is not an Import or Eval install\n"
{% if grains.role not in ['so-import', 'so-eval'] %}
LOGSTASHCRT=$(openssl x509 -in /etc/pki/elasticfleet-agent.crt)
LOGSTASHKEY=$(openssl rsa -in /etc/pki/elasticfleet-agent.key)
LOGSTASHCA=$(openssl x509 -in /etc/pki/tls/certs/intca.crt)
LOGSTASHCRT=$(openssl x509 -in /etc/pki/elasticfleet-logstash.crt)
LOGSTASHKEY=$(openssl rsa -in /etc/pki/elasticfleet-logstash.key)
LOGSTASHCA=$(openssl x509 -in $INTCA)
JSON_STRING=$( jq -n \
--arg LOGSTASHCRT "$LOGSTASHCRT" \
--arg LOGSTASHKEY "$LOGSTASHKEY" \

1
salt/manager/tools/sbin/soup
View File

@@ -651,7 +651,6 @@ main() {
echo ""
set_os
set_cron_service_name
if ! check_salt_master_status; then
echo "Could not talk to salt master"
echo "Please run 'systemctl status salt-master' to ensure the salt-master service is running and check the log at /opt/so/log/salt/master."

6
salt/mysql/config.sls
View File

@@ -12,12 +12,8 @@ mysqlpkgs:
pkg.installed:
- skip_suggestions: False
- pkgs:
{% if grains['os'] != 'Rocky' %}
{% if grains['oscodename'] == 'bionic' %}
{% if grains['os_family'] != 'RedHat' %}
- python3-mysqldb
{% elif grains['oscodename'] == 'focal' %}
- python3-mysqldb
{% endif %}
{% else %}
- python3-mysqlclient
{% endif %}

2
salt/ntp/init.sls
View File

@@ -17,7 +17,7 @@ chronyconf:
- defaults:
NTPCONFIG: {{ NTPCONFIG }}
{% if GLOBALS.os == 'Rocky' %}
{% if GLOBALS.os_family == 'RedHat' %}
chronyd:
{% else %}
chrony:

2
salt/registry/enabled.sls
View File

@@ -14,7 +14,7 @@ include:
# Install the registry container
so-dockerregistry:
docker_container.running:
- image: ghcr.io/security-onion-solutions/registry:latest
- image: ghcr.io/security-onion-solutions/registry:2.8.2
- hostname: so-registry
- networks:
- sobridge:

78
salt/repo/client/centos.sls
View File

@@ -1,78 +0,0 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'repo/client/map.jinja' import ABSENTFILES with context %}
{% from 'repo/client/map.jinja' import REPOPATH with context %}
{% if GLOBALS.os == 'CentOS' %}
{% if ABSENTFILES|length > 0%}
{% for file in ABSENTFILES %}
{{ file }}:
file.absent:
- name: {{ REPOPATH }}{{ file }}
- onchanges_in:
- cmd: cleanyum
{% endfor %}
{% endif %}
cleanyum:
cmd.run:
- name: 'yum clean all'
- onchanges:
- so_repo
yumconf:
file.managed:
- name: /etc/yum.conf
- source: salt://repo/client/files/centos/yum.conf.jinja
- mode: 644
- template: jinja
- show_changes: False
repair_yumdb:
cmd.run:
- name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all'
- onlyif:
- 'yum check-update 2>&1 | grep "Error: rpmdb open failed"'
crsynckeys:
file.recurse:
- name: /etc/pki/rpm_gpg
- source: salt://repo/client/files/centos/keys/
{% if GLOBALS.role in GLOBALS.manager_roles %}
so_repo:
pkgrepo.managed:
- name: securityonion
- humanname: Security Onion Repo
- baseurl: file:///nsm/repo/
- enabled: 1
- gpgcheck: 1
{% else %}
so_repo:
pkgrepo.managed:
- name: securityonion
- humanname: Security Onion Repo
- baseurl: https://{{ GLOBALS.manager }}/repo
- enabled: 1
- gpgcheck: 1
{% endif %}
{% endif %}
# TODO: Add a pillar entry for custom repos

29
salt/repo/client/files/centos/keys/RPM-GPG-KEY-EPEL-7
View File

@@ -1,29 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB
OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm
jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP
vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM
jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5
S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ
n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB
9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95
T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj
GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf
uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB
tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB
AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk
5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q
ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu
MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re
9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax
CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv
HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB
VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q
thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc
ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4
vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt
RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw==
=hdPa
-----END PGP PUBLIC KEY BLOCK-----

31
salt/repo/client/files/centos/keys/SALTSTACK-GPG-KEY.pub
View File

@@ -1,31 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9
m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW
tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw
WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts
kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA
gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr
YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT
qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q
WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1
yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o
nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU
4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA
/NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q
9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb
9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx
uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ
zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr
GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E
PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ
AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK
WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4
vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f
T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N
1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx
fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS
MA==
=dtMN
-----END PGP PUBLIC KEY BLOCK-----

8
salt/repo/client/files/centos/securityonionlocal.repo
View File

@@ -1,8 +0,0 @@
[solocal]
name=Security Onion Repo
baseurl=file:///nsm/repo/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

17
salt/repo/client/files/centos/yum.conf.jinja
View File

@@ -1,17 +0,0 @@
{% set proxy = salt['pillar.get']('manager:proxy') -%}
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
clean_requirements_on_remove=1
{% if proxy -%}
proxy={{ proxy }}
{% endif %}

236
salt/repo/client/files/oracle/keys/MariaDB-Server-GPG-KEY Normal file
View File

@@ -0,0 +1,236 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.14 (GNU/Linux)
mQGiBEtohJARBACxvZpWSIMTp/e7BUzSW+WDL7Pl0JDg6v7ZJFGJk9qo+5JXIiis
497Ul0FmVJ6EoyVzfpqe5FyUvqtLCkM6UP5adyvXTHi1KMiYacu2q5yRhDpMKbpM
LkAg23Yyz1yK/d0TsAkerLJ6K1Bh8NIm44Op+qFrDxeYZDIR5Q8WaCdK8wCg/jc8
p/4XaKq74ghUHEX+35qk63UD/0YEsgHrsRQZ42wKNeO8ZUJKqCVHXYJrCq7DhRhn
U5aYnuK3op0JusPN5fdIGkKwJy24dWRoRfNIIg0WvM8qUNrC2NvhomnZNudsI0Jb
XapRemrIwbvrZToD6ei1awdVqa5fT6XIxV4MSQEwn47qmUNSz/0TkUmB3VZ2EL/j
zfHUA/91ZfAdWCmRemTLWRrzIYYJKyEInZ0qwZVrkyMY8+T7b2/6RGR0f2oV1dOx
cjbd0+N3vKrUkjuzkcVu/oB8wq9UBfuSHwsxYqub4gvIh0/LW+CsWa955sQ/Hj9H
48j3nUHaXqM9uJyMMgMlCdo3rLpnYCJH8w2kFfLHIDksMs1YtLQ9TWFyaWFEQiBQ
YWNrYWdlIFNpZ25pbmcgS2V5IDxwYWNrYWdlLXNpZ25pbmcta2V5QG1hcmlhZGIu
b3JnPohiBBMRAgAiBQJREUepAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
CRDLywgqG7lD28y4AJ0aByfYvJWqBm5PZjusZiG0vo9SRwCeM0izj/oryMu0fJi3
kRbTlojzCd2JAhwEEAECAAYFAlERSAgACgkQQd3AtA2lbyLlsQ/+KbSkMhjnZ73I
9XhndOX7USxIIumuVI2nU829+EiLhxYYcVJHUO5tO9rvRGgmSg0IhPSwEMK3GLC3
P5v6gipyCKOAnx2T0qF2k8gq9YRVFd7LZqJsM06HuGsFG5SWieVjjjE0s7A/urLb
Uxa067pleZeKFCTTxTnar2eBKQAhwZkRSEBvvcAHkqQQAMwiAHvq2A0IjC3txqUF
iQbMouPCOJYA3Wn3NXKZwCxcyl2WwGSt7EwAs6C6d266QyWVQT+kZ6JFgRibcnfl
sNdniknGue5EKAj0nlhHGf6cyqJZ3AN4h+W40kKfIqnaeWkT0K+MnKp3Tah9y+h0
u5buKfR5D/tK5ZYLUS0ujQJ0tlO1KpZuvTn13n7OMn7fOb3yqUcthnSTcuB/wpH2
YDeON8sITqhHC1wDvxh5Iu8gYhBGoDmXzAiwpeZpQEHWzGVoG4SGNExwdOUFzX2b
GhC3Eol6z7fR32mUhisy/78wbu7mF9w32H1mgrjEW7sjLa3jebHbca3YIA8wUnAJ
7+KQXun/9X0joyyBy3U+8oW9i4E3UtKrsKOwd20NmfnOQCZg15pi7Yp2/ChgWkKD
EDpQcR2ZuyqRSzPRExnEcKKAq9hKS7l/bNhZJqoj3CMgJt9Co+Y89ObKwRCdwnJb
LWIajqBftzdZeRFkcsu4sKhfhnudCmWJAhwEEAECAAYFAlERSDUACgkQkXEYmZXk
Wp4Q4RAAj230KH+LtFGGlLhBARk+kBUV3mfoJKTye52ELQxbqudU9JrUceUXDGq3
d/2n0mBt2mkmHYyqIMFShE5fnFrW4KXLVCKDCDy6mZ7/PBarB9y6lL8sVFXFpfVo
8hQInSR7fIEkREQQkpNtUddUHlCepyHj8QMKENjaxq6yrF3KvW+kWhAxvDutUzlr
q1N7AkedZ6owP0ChELdQYPtsGOcuipkqQgfpVB3PVBAsYe8wm5HbjqZCbV+VgLl6
4WDyqmhJlOsT3KthLdNkmFyzL7BbkkyC5RX/X1xfyGhtYRpRNUF+5ewXItmpMnfI
UmEKIVF1jTwpj7554dQSCVJNlNOFiyYgRmcNs1XFQfa0bmv2raWZf3Zb0yfYR+tl
J2BuU3yBzhbFGmry7GdquqtbgRX+zFJsnkH7kGyP177QxDREwrhGZXcJgeO7Op8B
TJfTGhhDclIei1EZvvlVetiQ8PKtRA4D/zsCloHrSTu8uOXQlj+GPivM6sfVjhZF
F1I4FVeqUXze5vBz5O8IPfPuPcK+i5P2L0OZODpZ5CP30zY/L7wrgX2/fzJpGTz6
+Lh77SGczGwQRfB/+D2kJkwaYeXd764pPVy0bdKGw4QPGtvyUQ4+fWQa5hyZSoTR
tj7fFYtYQvmPsMAIknR/lQxuZI7fX1M5j+FgijwUkv9fQzhorYKJAhwEEwEIAAYF
AlOoWhYACgkQJhw1C503mSxeqRAApW8UY3vvyKqjoqJu94RIyI7AIkwn4Vw5LxDS
gN623ghE2IIwF2Ytp9fMXID8BRZVjnESTrTvuBFp8GT4T1lUEv6zC8tMzZdO9BeU
pmT9odeen0h92GKgUfRwWTjViJHSDrV8wHcHhA8FX3mEVy17s7Nvvj2Ki3AIG6WW
LzZOSmbQJV+DaHXionQqecsVousCgwwuWWNqKXSJASzcOS1LRoVJDnZyGXmi1thX
thU0FcyLyaKjLfCP6ZoorGaxcEev6nxUUWAfO7MWVUTB6ij2PL/d6oRgbyOUsdne
NRBa6sblLDRivI38KKC5GCw7Eh4yoQJzG2r3QQBgJto/bDoUMJW+EFeM2qgcISCD
6eGrVy9ZHVBOPgBS8awEAvaR5/Gy/kn6YYUg5ReC8O+HCWDIxVrbrwyeCxHg+HUI
mgtVfyZfLnpBzp0p1jSAlC3N7KWviPt+/MQmW0a7+WMnbVxJiJmJQHuFoGcHFFM8
wOA8i1KUXzWgT+IYOw9/nw2qyHMwV3BO/Py9OfRUKlybGar5rGBos7uFHk7pe+Yp
7pdES5Ie83Zw7CHMDp8u7VeEJHSqxVd+jaeHl6nnuG1Hoo4AVLTm5ATbj1Zdq+td
8sNWVyMue0nRvuAtTlN0iBkH/KVor6GGf2HZYXfDcGu7zojtNHlYXngBuz60YlDL
oPeFaoeJAhwEEQEKAAYFAlOoUqcACgkQgHar3gJLs9HE1hAAxzxXG1jNu1ntjEkv
M3js4j84rS+JI1XhR+7JalndjXAbHjwMlo/KOLhRtKYXdpkXpGmrE87FDdW8mci5
nSahPMn/+vaEdVYyXqo1w0UvZChHxWnsE9FRgggOxTbCZae1P5LVSTB1XZcHZ7+9
cG0cO43FCB20AMCOHcFr8j0F4HYi+KllI3kawdV8l6qCy6q06z47v0C+ZxoFcdYj
KLYxymaBn+FE9GKEHJZiqMljiKzt41OGpkg3S1vtXl0zqUKfiebo3ZcVMF3xtio8
NVpHIQSsqg8Q7zZrLBkPTQw0smCdUFxYMjBOVSZ15z7tFCQMYuHThrf2j2wZv++F
cgt9C/6wbGalCNDuOU/dyfyiO95GPQf1nqq2N2vHGIaGMvbqS8oahprEJ3nXEisT
TJ+ofh1f+GX4QCO4mjtR1voqKbg9xkMl9Ap/fEgW3btZ1kuhegpekPDgGhGVwJ9V
N3w1XVOSUdFmKtArHvBrb6cfV6VHiOuYcPWkTwGckJOwNJhgyUPsjGWwrIp6L0+G
4emipfYoIDtFouSjkVF4eXJcr/taguuICj/pn7rsFdYlij5lbcxGVC+aPTcJrdY8
v7Zyv2wOcTIrU//7PGPLJI1cdT7gQUYlzVnAJGxhq9CLPZlNJRy9pLDTPxvVXQRz
jQxx6RX1pAUPDWJQ2wfmaEHAz0WJAhwEEwECAAYFAlOnjksACgkQDj2OcPh1SrYd
tQ/+LOsCj8V0oOzbiTHREBrjr3S7u/58HRD/8zec61rc4FoCp3Fa+3kmhFDIajLj
VeRtsSSaOr0u6cue30QsGeHE2cbGPNWIqXV3V80I57O3yXRL2DU4GmDLNIF2/ejy
wCSvbHgONEXC4UVPtamHWGqh4sh2ijyJqUx3I0/6afBFn4BVfcsAjNrRe/GwD80/
ETkfSui4flyZ330sjqM/N2Hp/YwsOTXKXfAThcjb+qZ2BRVnmpldeK593+dFvFG1
FUK3kC8VFqS49fxgxR/Zo7jNEbrltzjzdRb6BBY86tqwbcnrja8MJHA2MpGtGckV
9/K/LE2jVJN+qeyLN/EoM86Sd+WIQtVY3oxAYwiVGng83t+CI6NPazVMLIQlciwI
lAY+DAGNz+mUTeKwCv7F8sOX91v6PHaB0csvk1I2Is3qwv8zlgnhKdl2R6PzQbsU
Ix1+rvsJ99no75GJeVY/D9YzBJ4a0i0Uu7QF/k8F690qDvSTwx71unxX+0PmJqNu
2sCVQNgLFt7Qtj9+l1pzulzWlZBSDhIBs5mT0jscwjRykDgfngiWDOymfdMG8eSZ
GAK10j+F883uyWlEEFOdA/DBOV3d3Jcm935of4dT1GUmKeoAKixHMkiNT3RvGHlm
fEjMq0vdf6inZva0PTzJSkhooMWYBuROHRMZs9PjrdXRHBeIRgQSEQIABgUCU6iz
+gAKCRAcAAgvMZOT9D2+AJ9aAZIbjN/m2Jjaojkxg9L5aBWBPQCeJIMpW1iiDELi
byKoVnd08EbgxJqIXgQSEQgABgUCU6iz4wAKCRBWtwXK6VQruLL/AQCbgU3t/mfh
bMQjuvE2DsE3qXiEVMEbXnxlCiodiMF4UgEAgPIAQcV+Jo+D+p0nHrVl2ClAhhpz
W/zuJqtJ24C20ZqJAhwEEAECAAYFAlOocMMACgkQyapz7WGq1jsRNg/+NH09e7g1
CuPVa/1cBRoiprBvWXmy734MpkzW4kyVMZjBCQXBCrJFvZgvhQhYrR8jXmj+ZJEr
kfX3UHimyhWbBnu+XqIWzWwEtg7bggQN3eFyNcIV/KI9rK7IBQO92AptpTusIdgA
DQTFlJO06pF4kE89ZjBALQFbKDY1EJX3hyQEYixOzO4936xbwxoiJKR2J71ZGele
xXauhz2kpOd2jg/oMhhAOzldFaWAUBQJZPwl4vZrqVjNcMUNeINGd7++kkfBLfxL
xHJ8ynnXWHalsHVzdDRaFqp1Bna8RwrHnDd4Hwd/4Qv7iVZqmLLqEJpIgS1IDMx/
BwkrCOD0gluwmxlm3PbbeUKeR/cj6CICFt9TgUJrYm9Vh7n0y8uHKY6PE5J4NX9l
D75eoPk2SuYTNgAR4iuI5MYQIKWL7aeKh09piPgrIrja8eDQ5AsklBaDYxOYZrot
Xx+sgGXGSLK3eyvZ+hJ8hBX38mydYpswzhvr/vAyKz8TQ6bwnRVlvkMYE+LjevOD
Wm9+EfkvBRChJcgDoycoHIFVaQ47Hgu2eGyCRNoMZ3l6O1O4AN5+RXrAJAi06zFs
RUnBLqxjSMmYqPYUowAxG0ukougc2HVCl1kMD9NxvK5zOfleUA8wWb5O9Z5tllnD
qu7RtIVXAXIJgn2HRDVk+wP8xuY2qJlfo1yJAhwEEAECAAYFAlOpb/EACgkQKPqA
GkO91jd+Dg/+NF4QwqLvxgl2TiORDt5HjWHSGMBlaYFBEwrBAgNvwZEH80mAsua6
FnfZMSGiFmpVfMUqkjOJVdmA8yERxYFsyGopv/9OmOT2UxV4IZl5YYAJRsPHLjzV
MIUKiGPI1yvrhYW91hKRFGIxwqE7XHwWToufwHe5WB6AdeGyoIHtQcw0eTKSJHz2
zbpyWKBx0wAK55YqMEQ2rx9qcOjZy3vjxlotwfGnBeR4VT6Oap1DvAkNZ4XcN0Ok
AKZbFBEMbJed9fnciwDV+Y/svPb05l+zSgmqJ6axhwSvu7rct+dksfmb0BnF03kh
SzNVlu0S/85mhEPgx1/BZxIp34RDbcqWymHsgPyhxwBBlFryfVvJrtyAMWs4T8mn
RkqKrNQHMfPOTBioxi2HOyG2eSK8BlQsJS5yccnYaBnSegWaIxkU+2l/yJkYMhl5
sXdlmqcTtwv+R+acDkEPe9BQstn0+xOWL6hqpA0EM710LJCkQnB4c/JNgW5CL08k
CevBVole5jYJL5rXmUL0U+ZWGZMakFrrrkhuQMEjxecyuOHs4jrnsVVGz/e0hqWv
0NnRY9m5UyKEZIA1si8tFIrtrTSgZ5/sGH9/pksQ2HObrKe4LY6zVSyJLXwX1htQ
/j0st83YkDZ5mEY0r+Hh/1XOzhWgQ0ONR/MOIKNyjVTHldCrb4WPM4mJAZwEEAEC
AAYFAlOo8v0ACgkQrgrV97KweO9sfgv+NKYxgCiWrRjYW80hJE74OEJrjBGQDOJ5
MPVvPSH7StOfSMpckLoNWedJJ7RuInOzuUY0lAUH6/ql+Krf4ysHlSGjuu+dDy0d
HN3gu994YrjT6hVzEG1OV+sJcTuvgn2qTVYu1ksIV/SZ48l0PRMwPXcu3FSzKvti
G1gHFNx1cyzjxwmdT42afKCpR8RvwmWPfbDmEz500iFXsw78EEBXEWo81bXncWdZ
Eic8QeVyTWKFldIrZLkL7+RQY3hViu0G5C7gSP39ZU4ZTegqMaEhHzuKtCiNO5Y2
+hkYZgRNnUOSrmWO+wkLUNRtG2Strx5Sy9p94fn/decfuRsEJo4L1aMCFGEDfRSD
bc3pBG3tr9qvNBAegTTMQlZJcxa52Z7EI56rQGYEPw8kvt/uOqMYybUIxwVATgIt
fRy9Jsyz+0DwZfEINkuEFA/S2KCwWys5aZfPDCsqwh0gS/olvT06v97loF8XED0P
0irX4/6BHFHDlM8aNnN11p02p5lrTpLGuQQNBEtohLgQEAClnTC/GlBWVno4QVr1
IFDl5yVEg6NeMqqRgaS8jH6NSaoJh86B8+LE4ZhLlDYrAc3PhcQ4g4DWTIKUCgAC
A4QZTGPwLGdsGTXQhWj8kE42N2opg9nZg114gispcSZqLiLmErkB9kejKqxXlqrE
aQZ5VSO79yjJEljotryIv5EG7GJG5Q9bKYaO0hIBHp9KI3x/+RGXL/L0uYw7wlw6
l6J6otQU8roq7OEjgXScWQcmlk8M04ceX4aYBn5KpnGYiumQbKZ3fqFMrFbieWc3
qSpzWAzB2fUv+78P4L+OExtNOyyqIxl7I/24WacwHeWzU1Xw7G9vFxMEbQzuDgCV
99RAqlSs2EgGgLdHtRthDcJNlfVCn9MHNt9ECAaF1YFANAR3f8uX0bhBoKz0j7hb
ryuQCvt7sjKUfJ8SL2hhCRcUgR5oCGIQ2YkGlwulqz/I0mgtrKrM+xD6VE2DeiYW
e0+1miWQyLqitE2LGuBdXrib/TVg2OYEVOqynnA6raPRyZORs5ap2eWYY+DYSXW5
95slzphZLWcWbphGk38HdBu0CdqvUJv4geWvSFpM5iFCn5cU36TVuuqz5K59rz+v
Po3m2yb5bkaMcq8evbgVNrTa7cfiUio2U0GTNlkqHMCHERaInPBz9/a6kbm92mWs
z9gJT5dOi1g9vlkRdB7aYP+tcwADBQ//R/UM4kh+cyuHWj/dEqoOryTu2W/YYQS/
RUSeHy3Lh0xvwOizYzU5zgq/1AsHcNdxLj8vglbm8XRCBIDOrWvmgFPXNoxyoNLo
5SUetZSLxoM23kQ9C4QZ0/b+JMN4Crivx4JisdELt6CV3JFmuZY19xk3r8b0r4lK
OFZ9JZZIFEipv5TFxA0KnqLq29VLEJ8srVHg/iQD9ngKja/LAh9V8+Ed3mchY2XX
KX07evTgYI1OPPCy/92FQYMUhWyCGB6Fm4vQFvuEO7K9nZKEAu6Znm3uZT9InaE6
TeSU77ZsgkHSCq5SRaf/iDWHZOn1dVasjXHoZQHFFiTALi1ZqPNZ5ULmFwNUB2pg
3QfQdWP8ISCsRaUJW/WEnQlgCyNfwKPVC5kHWLfh+MSSDJsyOjegJTkYJKI2a+1N
5Sl7HJj/uIcB3KhkcVP59BLzhUxgoVPi1Ngf7mNNrrbJ8+GfrdNg+iutHJOobxol
AudzObQ03lHmauJglCOvg+Pw9JLBZyT8a3xHm9v4Lr365cg0Ho4qqEbrFTRuqcIj
G3c6FVLu/RJ8eOfT6KX8k5z96/3CbobkXGYRY6hjCJuZoPMd9z03UcxHONMQ0jt/
Ik80WP0gOSnCTgTfKWuS5WXYoSZgMn1P2fLhQydDtJvrDn1SHEwgW1FM82lAlYJZ
d+FZQCjhZ8KISQQYEQIACQUCS2iEuAIbDAAKCRDLywgqG7lD29OGAJ4gfMkLP5Az
y7iIJOsZon3D/6PDPgCdGF1dwVW/uy+3ao53fvgS0JKO/bg=
=bSQ3
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBFb8EKsBEADwGmleOSVThrbCyCVUdCreMTKpmD5p5aPz/0jc66050MAb71Hv
TVcfuMqHYO8O66qXLpEdqZpuk4D+rw1oKyC+d8uPD2PSHRqBXnR0Qf+LVTZvtO92
3R7pYnC2x6V6iVGpKQYFP8cwh2B1qgIa+9y/N8cQIqfD+0ghyiUjjTYek3YFBnqa
L/2h2V0Mt0DkBrDK80LqEY10PAFDfJjINAW9XNHZzi2KqUx5w1z8rItokXV6fYE5
ItyGMR6WVajJg5D4VCiZd0ymuQP2bGkrRbl6FH5vofVSkahKMJeHs2lbvMvNyS3c
n8vxoBvbbcwSAV1gvB1uzXXxv0kdkFZjhU1Tss4+Dak8qeEmIrC5qYycLxIdVEhT
Z8N8+P7Dll+QGOZKu9+OzhQ+byzpLFhUHKys53eXo/HrfWtw3DdP21yyb5P3QcgF
scxfZHzZtFNUL6XaVnauZM2lqquUW+lMNdKKGCBJ6co4QxjocsxfISyarcFj6ZR0
5Hf6VU3Y7AyuFZdL0SQWPv9BSu/swBOimrSiiVHbtE49Nx1x/d1wn1peYl07WRUv
C10eF36ZoqEuSGmDz59mWlwB3daIYAsAAiBwgcmN7aSB8XD4ZPUVSEZvwSm/IwuS
Rkpde+kIhTLjyv5bRGqU2P/Mi56dB4VFmMJaF26CiRXatxhXOAIAF9dXCwARAQAB
zS1NYXJpYURCIFNpZ25pbmcgS2V5IDxzaWduaW5nLWtleUBtYXJpYWRiLm9yZz7C
wXgEEwEIACIFAlb8EKsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPFl
byTHTNHYJZ0P/2Z2RURRkSTHLKZ/GqSvPReReeB7AI+ZrDapkpG/26xp1Yw1isCO
y99pvQ7hjTFhdZQ7xSRUiT/e27wJxR7s4G/ck5VOVjuJzGnByNLmwMjdN1ONIO9P
hQAs2iF3uoIbVTxzXof2F8C0WSbKgEWbtqlCWlaapDpN8jKAWdsQsNMdXcdpJ2os
WiacQRxLREBGjVRkAiqdjYkegQ4BZ0GtPULKjZWCUNkaat51b7O7V19nSy/T7MM7
n+kqYQLMIHCF8LGd3QQsNppRnolWVRzXMdtR2+9iI21qv6gtHcMiAg6QcKA7halL
kCdIS2nWR8g7nZeZjq5XhckeNGrGX/3w/m/lwczYjMUer+qs2ww5expZJ7qhtSta
lE3EtL/l7zE4RlknqwDZ0IXtxCNPu2UovCzZmdZm8UWfMSKk/3VgL8HgzYRr8fo0
yj0XkckJ7snXvuhoviW2tjm46PyHPWRKgW4iEzUrB+hiXpy3ikt4rLRg/iMqKjyf
mvcE/VdmFVtsfbfRVvlaWiIWCndRTVBkAaTu8DwrGyugQsbjEcK+4E25/SaKIJIw
qfxpyBVhru21ypgEMAw1Y8KC7KntB7jzpFotE4wpv1jZKUZuy71ofr7g3/2O+7nW
LrR1mncbuT6yXo316r56dfKzOxQJBnYFwTjXfa65yBArjQBUCPNYOKr0wkYEEhEI
AAYFAlb8JFYACgkQy8sIKhu5Q9snYACgh3id41CYTHELOQ/ymj4tiuFt1lcAn3JU
9wH3pihM9ISvoeuGnwwHhcKnwsFcBBIBCAAGBQJW/CSEAAoJEJFxGJmV5Fqe11cP
/A3QhvqleuRaXoS5apIY3lrDL79Wo0bkydM3u2Ft9EqVVG5zZvlmWaXbw5wkPhza
7YUjrD7ylaE754lHI48jJp3KY7RosClY/Kuk56GJI/SoMKx4v518pAboZ4hjY9MY
gmiAuZEYx5Ibv1pj0+hkzRI78+f6+d5QTQ6y/35ZjSSJcBgCMAr/JRsmOkHu6cY6
qOpq4g8mvRAX5ivRm4UxE2gnxZyd2LjY2/S2kCZvHWVaZuiTD0EU1jYPoOo6fhc8
zjs5FWS56C1vp7aFOGBvsH3lwYAYi1K2S+/B4nqpitYJz/T0zFzzyYe7ZG77DXKD
/XajD22IzRGKjoeVPFBx+2V0YCCpWZkqkfZ2Dt3QVW//QIpVsOJnmaqolDg1sxoa
BEYBtCtovU0wh1pXWwfn7IgjIkPNl0AU8mW8Ll91WF+Lss/oMrUJMKVDenTJ6/ZO
06c+JFlP7dS3YGMsifwgy5abA4Xy4GWpAsyEM68mqsJUc7ZANZcQAKr6+DryzSfI
Olsn3kJzOtb/c3JhVmblEO6XzdfZJK/axPOp3mF1oEBoJ56fGwO2usgVwQDyLt3J
iluJrCvMSBL9KtBZWrTZH5t3rTMN0NUALy4Etd6Y8V94i8c5NixMDyjRU7aKJAAw
tUvxLd12dqtaXsuvGyzLbR4EDT/Q5DfLC1DZWpgtUtCVwsFcBBIBCAAGBQJW/CS2
AAoJEEHdwLQNpW8iMUoP/AjFKyZ+inQTI2jJJBBtrLjxaxZSG5ggCovowWn8NWv6
bQBm2VurYVKhvY1xUyxoLY8KN+MvoeTdpB3u7z+M6x+CdfoTGqWQ2yapOC0eEJBF
O+GFho2WE0msiO0IaVJrzdFTPE0EYR2BHziLu0DDSZADe1WYEqkkrZsCNgi6EMng
mX2h+DK2GlC3W2tY9sc63DsgzjcMBO9uYmpHj6nizsIrETqouVNUCLT0t8iETa25
Mehq/I92I70Qfebv7R4eMrs+tWXKyPU0OjV+8b8saZsv1xn98UkeXwYx4JI04OTw
nBeJG8yPrGDBO5iucmtaCvwGQ3c76qBivrA8eFz3azRxQYWWiFrkElTg+C/E83JQ
WgqPvPZkI5UHvBwBqcoIXG15AJoXA/ZWIB8nPKWKaV5KDnY3DBuA4rh5Mhy3xwcC
/22E/CmZMXjUUvDnlPgXCYAYU0FBbGk7JpSYawtNfdAN2XBRPq5sDKLLxftx7D8u
ESJXXAlPxoRh7x1ArdGM+EowlJJ0xpINBaT0Z/Hk0jxNIFEak796/WeGqewdOIki
dAs4tppUfzosla5K+qXfWwmhcKmpwA4oynE8wIaoXptoi8+rxaw4N6wAXlSrVxeC
VTnb7+UY/BT2Wx6IQ10C9jrsj6XIffMvngIinCD9Czvadmr7BEIxKt1LP+gGA8Zg
wsFcBBIBCgAGBQJYE6oDAAoJEL7YRJ/O6NqIJ24P+QFNa2O+Q1rLKrQiuPw4Q73o
7/blUpFNudZfeCDpDbUgJ01u1RHnWOyLcyknartAosFDJIpgcXY5I8jsBIO5IZPR
C/UKxZB3RYOhj49bySD9RNapHyq+Y56j9JUoz6tkKFBd+6g85Ej8d924xM1UnRCS
9cfI9W0fSunbCi2CXLbXFF7V+m3Ou1SVYGIAxpMn4RXyYfuqeB5wROR2GA5Ef6T3
S5byh1dRSEgnrBToENtp5n7Jwsc9pDofjtaUkO854l45IqFarGjCHZwtNRKd2lcK
FMnd1jS0nfGkUbn3qNJam1qaGWx4gXaT845VsYYVTbxtkKi+qPUIoOyYx4NEm6fC
ZywH72oP+fmUT/fbfSHa5j137dRqokkR6RFjnEMBl6WHwgqqUqeIT6t9uV6WWzX9
lNroZFAFL/de7H31iIRuZcm38DUZOfjVf9glweu4yFvuJ7cQtyQydFQJV4LGDT/C
8e9TWrV1/gWMyMGQlZsRWa+h+FfFUccQtfSdXpvSxtXfop+fVQmJgUUl92jh4K9j
c9a6rIp5v1Q1yEgs2iS50/V/NMSmEcE1XMOxFt9fX9T+XmKAWZ8L25lpILsHT3mB
VWrpHdbawUaiBp9elxhn6tFiTFR7qA7dlUyWrI+MMlINwSZ2AAXvmA2IajH/UIlh
xotxmSNiZYIQ6UbD3fk4wsFzBBABCgAdFiEEmy/52H2krRdju+d2+GQcuhDvLUgF
Ally44wACgkQ+GQcuhDvLUgkjQ//c3mBxfJm6yLAJD4s4OgsPv4pcp/EKmPcdztm
W0/glwopUZmq9oNo3VMMCGtusrQgpACzfUlesu9NWlPCB3olZkeGugygo0zuQBKs
55eG7bPzMLyfSqLKyogYocaGc4lpf4lbvlvxy37YGVrGpwT9i8t2REtM6iPKDcMM
sgVtNlqFdq3Fs2Haqt0m1EksX6/GSIrjK4LZEcPklrGPvUS3S+qkwuaGE/jXxncE
4jFQR9SYH6AHr6Vkt1CG9Dgpr+Ph0I9n0JRknBYoUZ1q51WdF946NplXkCskdzWG
RHgMUCz3ZehF1FzpKgfO9Zd0YZsmivV/g6frUw/TayP9gxKPt7z2Lsxzyh8X7cg6
TAvdG9JbG0PyPJT1TZ8qpjP/PtqPclHsHQQIbGSDFWzRM5znhS+5sgyw8FWInjw8
JjxoOWMa50464EfGeb2jZfwtRimJAJLWEf/JnvO779nXf5YbvUZgfXaX7k/cvCVk
U8M7oC7x8o6F0P2Lh6FgonklKEeIRtZBUNZ0Lk9OShVqlU9/v16MHq/Eyu/Mbs0D
en3vYgiYxOBR8czD1Wh4vsKiGfOzQ6oWti/DCURV+iTYhJc7mSWM6STzUFr0nCnF
x6W0j/zH6ZgiFAGOyIXW2DwfjFvYRcBL1RWAEKsiFwYrNV+MDonjKXjpVB1Ra90o
lLrZXAXCwHMEEgEKAB0WIQRMRw//78TT3Fl3hlXOGj3V48lPSQUCXAAgOgAKCRDO
Gj3V48lPSQxAB/43qoWteVZEiN3JW4FnHg+S60TnHSP69FKV+363XYKDa23pNpv4
tiJumo9Kvb4UoDft766/URHm5RKyPtrxy+wqotamrkGJUTtP2a68h7C31VX+pf6i
iQKmxRQz4zmW0pA5X01+AgpvcDH++Fv5NLBpnjqPdTh5b0gvr89E0zMNldNYOZu1
0H/mukrnGlFDu/osBuy+XJtP2MeasazVMLvjKs+hr//E+iLI9DZOwFBK6AX5gkkI
UEHkSeb4//AHwvanUMin9un9+F9iR+qDuDEKxuevYzM0owuoVcK5pAsRnRQJlnHW
/0BQ6FtNGpmljhvUk8a/l3xFf3z/uJG5vVKVzsFNBFb8EKsBEADDfCMsu2U1CdJh
r4xp6z4J89/tMnpCQASC8DQhtZ6bWG/ksyKt2DnDQ050XBEng+7epzHWA2UgT0li
Y05zZmFs1X7QeZr16B7JANq6fnHOdZB0ThS7JEYbProkMxcqAFLAZJCpZT534Gpz
W7qHwzjV+d13IziCHdi6+DD5eavYzBqY8QzjlOXbmIlY7dJUCwXTECUfirc6kH86
CS8fXZTke4QYZ55VnrOomB4QGqP371kwBETnhlhi74+pvi3jW05Z5x1tVMwuugyz
zkseZp1VYmJq5SHNFZ/pnAQLE9gUDTb6UWcPBwQh9Sw+7ahSK74lJKYm3wktyvZh
zAxbNyzs1M56yeFP6uFwJTBfNByyMAa6TGUhNkxlLcYjxKbVmoAnKCVM8t41TlLv
/a0ki8iQxqvphVLufksR9IpN6d3F15j6GeyVtxBEv04iv4vbuKthWytb+gjX4bI8
CAo9jGHevmtdiw/SbeKx2YBM1MF6eua37rFMooOBj4X7VfQCyS+crNsOQn8nJGah
YbzUDCCgnX+pqN9iZvXisMS79wVyD5DyISFDvT/5jY7IXxPibxr10P/8lfW1d72u
xyI2UiZKZpyHCt4k47yMq4KQGLGuhxJ6q6O3bi2aXRuz8bLqTBLca9dmx9wZFvRh
6jS/SKEg7eFcY0xbb6RVIv1UwGDYfQARAQABwsFfBBgBCAAJBQJW/BCrAhsMAAoJ
EPFlbyTHTNHYEBIQAJhFTh1u34Q+5bnfiM2dAdCr6T6w4Y1v9ePiIYdSImeseJS2
yRglpLcMjW0uEA9KXiRtC/Nm/ClnqYJzCKeIaweHqH6dIgJKaXZFt1Uaia7X9tDD
wqALGu97irUrrV1Kh9IkM0J29Vid5amakrdS4mwt2uEISSnCi7pfVoEro+S7tYQ9
iH6APVIwqWvcaty3cANdwKWfUQZ6a9IQ08xqzaMhMp2VzhVrWkq3B0j2aRoZR7BN
LH2I7Z0giIM8ARjZs99aTRL+SfMEQ3sUxNLb3KWP/n1lSFbrk4HGzqUBBfczESlN
c0970C6znK0H0HD11/3BTkMuPqww+Tzex4dpMQllMEKZ3wEyd9v6ba+nj/P1FHSE
y/VN6IXzd82s1lYOonKTdmXAIROcHnb0QUzwsd/mhB3jKhEDOV2ZcBTD3yHv8m7C
9G9y4hV+7yQlnPlSg3DjBp3SS5r+sOObCIy2Ad32upoXkilWa9g7GZSuhY9kyKqe
Eba1lgXXaQykEeqx0pexkWavNnb9JaPrAZHDjUGcXrREmjEyXyElRoD4CrWXySe4
6jCuNhVVlkLGo7osefynXa/+PNjQjURtx8en7M9A1FkQuRAxE8KIZgZzYxkGl5o5
POSFCA4JUoRPDcrl/sI3fuq2dIOE/BJ2r8dV+LddiR+iukhXRwJXH8RVVEUS
=mCOI
-----END PGP PUBLIC KEY BLOCK-----

0
salt/repo/client/files/rocky/keys/RPM-GPG-KEY-EPEL-9 → salt/repo/client/files/oracle/keys/RPM-GPG-KEY-EPEL-9
View File

104
salt/repo/client/files/oracle/keys/RPM-GPG-KEY-oracle Normal file
View File

@@ -0,0 +1,104 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGHncu8BEAC2dhocMZkdapnP9o/MvAnKOczaSpF4Cj9yqt49bxLPJCY57jz9
2ZkJ5iGk6kpBt4rPTh18aAl30T+nPP8VMQjMhvHJKfZmBtaJJ5RpvvpK5mj1UgRJ
4DQX7gqAbT0s/uZZcouZsJzXo3c7GNMrim1C+ScfGG6BoB6GVBK74jFeJNMsxZ2Y
BwQhpE+KG+1zD94RZCySykJjNoKj+U4W5H2XdB/mNEc8icFqxjJGZ5BN0DA2Wqxn
mwELTO3Q2ne1y9+sPn2YKhRqyihuZYaUPR/Jpdki93mk61MdaoTTxFPZ8FWAYrAW
9KVdreT8K33SaTFFpmhbpndPEYesgCqDqiZG7Ywjgbf2nqSOzBr2ZX23PX7QUCvQ
ar58bNbWENLhC3B950TK+r23kkPa3GICE9WP5TftWJdbJMWRBX3YhdNooNGGCbeB
xM7B/UV9hSRx1S/US8HvDhJezZDuKrpPXrNWJTuW9Kty2WGwUkEDT2GBbcjx9ocJ
fqyNJKhaLoYKCVlsmhJUi4xCY0CDDapekWLZOzHB2zgT49uIjawV5ex6pA7oLaPI
hQGvTcCl7GFWOP/6feazzIpnsJ4V3B2DoLnAevpZlINo/bi3Hv/YmbvE6NyYzD6c
1y90pc0+Om1trLPCAZpaO1I369ZhLl6T/mCd92hrCG1y8K3PFiRIKpEMVwARAQAB
tDVPcmFjbGUgTGludXggKHJlbGVhc2Uga2V5IDEpIDxzZWNhbGVydF91c0BvcmFj
bGUuY29tPokCVAQTAQoAPhYhBD5tgm0/urOJwvOONLxNBqCNi3VvBQJinlnsAhsD
BQklmAYABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJELxNBqCNi3Vv3LEP/2au
kXzbdA/T/7i+4AbGFfYnTWqmZy58wfteDNy1sk6cPmfOUqZQXUrJcSGqqeIDjPvl
KNExpee/Ja4NGg2YfzkwH5IK5sXmEDKObXRCXGZh9/WyYpr4TBoDU2rSYBP4sbKm
PsnVoRalt2Zb0qbQF8GilytoRabjI0gLzwhmoHBZMMc3MIO14KQ5yFbekaJZKcxE
BxaDQ1NDZV1rOVbkg0yDLS9Nw89dDYWVn1wx0foRJcD277ExvmaB4vmC5yayo4ss
cFldYLu7W9FHmh46flXQGfduORCbDFfjn92eB0jdrkuoEhVRpljAtMO15GMpuVbv
HzbImI2f1MfydOa6dHbRAlzeV37fPz+1nO9IWdXqFeRG0nrH2gB02AfeoObMkK/a
XYT9sq1mC5DaK6fbOPWlY+c2hIq0BhUpe+OBdDfmm7L+si9Ffj2sUdn4sHLN6Tj7
BrJuWmJEz42+rblDNBkrdBC6XXDaRYILKSuGD65PVV+/pVl1c2EOqcktW00iiehb
eLhj2sz6NaoO5Rhx0J3pMsaCaEBAm8P6UxQSx4iGhZ8Kh5O1SVVlqu3xOhSGOKRE
sS8gIjeV/Jl3frR4eZG/BpzdTjKZmQV7dvJ4gDuDE+X7rZBzUm7nggyE2pV6UbTD
5Qwy+ASQfYHfHK4lsHD4kbO/We6H1fEFPlzlr14UuQINBGHncu8BEADBG52gWRob
VEsQIzAfq2obFnwMroxMupXrDBka7i6cUJw8HsqyHs9maGxAuRDlAma2MBPUYcbm
DH3bmctaUR7CA1RouPkb6qbZXwSwpvgN4eh4naPX20/VEp/cd5DhKWjP9yC70weh
r4LmGWV41jBAMK0G1l6+FDw2ITgsamZP+tw0swCKqzpIY2waiygCtPHCCCFMuZ6S
7hzQpsKVFh8zqzRxMs6Mni9olk4+xwng0ahYfoe2esByR2M1kGX62Y6BOcIRX1cE
zYFCUww5GrjZdJoObBtffUSz+q2LNOBcqg5huRd8BoC+k5yrXUq8ypspfV1kNEI3
/ebFew6A8sdf2c+sOdTxTu4MI5iXM1fhCC6X4lAN8w1Ga3ML+k/kgL75mH62Yyzr
OHXNkylTDfxz9qvq6qszVfWdzVaGXRfulW5nAbAXhuX1gmgZW+M7IQ22xyWC+I60
UcaE2l9QtHFKuekdYnekTkSUA0ghVwuw+JCQZGQbq5LqbA5TkEYuibBOJD3MZYQ5
C3DK4KHs/3wxf2aq+Pkf3mpSscC4B0Ba5tlpJawUWqnUmGd208sfUwD20MFfHM+1
N+M6JYCv0tC0cyAV9Jq74bAUDXLMfkGKZyAWmlPaZBMMt4WaN0r2PAKp00T6PX6x
jTM6/aNDvNTpsaaUpMXRzH13AiJ/1SjfZwARAQABiQI8BBgBCgAmAhsMFiEEPm2C
bT+6s4nC8440vE0GoI2LdW8FAmKeWsgFCSRtulkACgkQvE0GoI2LdW/pig//Zi0a
bmFJKTxku0/LMI31ZaLn9gzXjv2ugmJumfXAce+nlaheCNBa+IMLQdAmrbislzLs
qXX2+6Eqh4Q/vqGLCkElIzT9ulkgwwEp0cVF6jnXqlWHa0a/T6oAq10jRneaQFCE
t6hweJ9KTUQufp5aAiZr/GVpBJLJ8kfOx+5eHvDj+VFlFUhpzzns/NfN5N+bthJ/
Wbt49tzmWaWoEFA0tlwMBPO3zEh/mo5lys0GqENPs4Yb4tL82qg+SG7jHSuH2lZk
XLLyLQ6p63VZysL9+UTBtafs5jxnTopQFIXtzAOwdtQ8o7/6hhsUchRoUy23EIHT
J25yA2Qtb8Z/1m/G0e3lz46xHBPIs8FKSOPToCT6E1+9lomnzJPRBCCDTZO5imfX
4N4l7BodW9nb7zEMHCi2BUM+InpSsEkQkQFs0HIRI2KHSyY30uN0pVXJLOoVQIBr
WdUzLTTkN9w43fLpkcFXGbpU+pZvK2uksC3O+eBhIpZA9E7iZDwfEaZlUKO5kFvS
V5f8ZM1jbEb0sOZNNNEaEhTFTl8pQPc2GqgZ3rYt9mqH5OwhzKftV9PDYulIbY+Y
AN6eJhHj8Eu/IlxG6iYCDmF2hOVPs9aLo9zqdxbu8B6rUyVPOwfNbOR1U7WMRCYm
4QrtLe//99hXPcFVanIxgkdslnyYf4fjdbdlmNY=
=xpaH
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGHndDkBEACieeO8U0kcUTDMLGXGKrJ3nScZ4LN5hHSzWC1zuLPpkB0YQdik
CrfSwodyp9LeEhaRsCSoGDc3cS5f5uGvsSUHMCZwEKjdT8LmZkF/dtvVDWawgaLS
KjoT+AJpss+ws0d/qmwkIHeYExdvZFNdKxvvxycCNy9fNwarT4aNySW6Ax7ERDl8
k0QSK7uvL1AaWQKSz9rX//KcLv5OXVUX3ITcwprJPD3H2yTOy4pE9gxs/qKfnP+U
Pbb3pNaHP4PnCIQrjXhJxnH9cEJ7ef0kqBdliGPN7EObrP2uPg70WnVsXovYw/TF
PrA4H2lvJ58RVhh3ocrSnR+SIne7Lgf1FRSrsE2mmNZAWD6rOxOzO4kUrcfv/pqZ
f+sDs7KTFMO0noJ1Kt7JSV6xCQzeKGdOh9JxYI0/YIsquiHTF2xva3WHrpOG1sns
xXcnrLKONisg4gEK36fjsliG4jJhcNyJaAf4sfDiTKDOE5om+BZ7kMNSrMn20wg4
AdZJm6x8Z0OfjxGOzMQ8re4Cf73H5odrpUel7HFGXiLWtk/f4P5EjxUTznlMbNED
gYi0H898Dz5Qfmtr97WQ8132fnKKtsPlXWNUNgJpYe+GvzmYOBAr4p5EZEWjB+q6
EnfLDLpkaS+PbrpLCls5AnWnHjimBmlIMoO5GEsJdYLIQvVVvfKtEDJIBQARAQAB
tDRPcmFjbGUgTGludXggKGJhY2t1cCBrZXkgMSkgPHNlY2FsZXJ0X3VzQG9yYWNs
ZS5jb20+iQJUBBMBCgA+FiEEmCIxdZx0ZwZdDOmyp90HCItO++YFAmKewpICGwMF
CSWYBgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQp90HCItO++bU+w//SFOe
RBqWoA5kP4BN9z716LpgkCllMRQsRZ0kZm8Enbe5S9ENn2T5/f6zZca3TNU6Wbit
ryToXuOlTsWy4BqAvQhQFeschg10Xgy6/VG3p5kCY4DIPOUjlb7/1r8k0xX6m/mH
BXBf2MCVRx/zkyeRDtD3lYHyz4cwoHEZ2NuB+CCe5WA2owVhgsRuVmjidDeOa7Q6
61eLhAJ53OVqsUt5JpQS0KrVeYVJxCiiZnKgJMqHp26Jq0WIKtgBV3sakxhUpRUf
6ap7mnSAdh6Ae4r1+pTKd7trkxjIqLXH9RI0d7Xm+blRQVZJL9GLaLUaSvw4sfd/
jfqENCBwAH7D488L1yvTqPfHC2+kRuUI3GU98RULCHveCISRGLVGwh1p88+9aok3
DoV7/BUEIGbHzg3gcx8zFO2ZKKoJ7xS+vvNLAslPvHNDFH0XOwKBqlVztJprwWtA
H33e6fti7BMRw1vgljC8yVATBTiKXj5aw+25zi70o1fIFxpwsx5mwMmqHc634ai2
hPWNZid0Lu3MYBd8pDCvMMMGimfecoyEZKJR2KbO+pNBn7suol5XS3pCmbF3ldMa
Atra+HvnxNBMxFVdxsqZhr/+ovQszYNIlWSYUDLbqk33HBmvbi3IuogAyxhLdw3T
uIjjf0acjOsSgy79ju2NpKPVtJw4BmvJRFX0Rh25Ag0EYed0OQEQAJRhf7/ZIWhZ
LpCX2vg8B4hjsEYeRvEAPUrUMHkqCuElmDaT7g76aPG0jvbMFVU/ykEt2mIi7EhW
s0SZknT5G8HoHJM2MirkyGB26yp4IlkPyNlc5H9nmMhY7iz/utxQps8jDS8dvxeG
1YAJGleGywGAet9vFfrLX9Xq9efTXozJfWOsRm+y2WklS+LblftaTUurStzLXRGT
AsBYOyVaRX/6AMu+fZt7mvoM+bOFNGxMSDIZi93wBiCKp0P2Se1YJoFHTOcQ0M6V
Fbl91ZcImPxAOX4DHfw4iuokiHCs//wV0DLZ3qtuqN2m/kV4JE9ak//BPVn4acH1
Z6DQIzQpY66dIyLumGuCdPhl7MFHyAeKhBtLc7gp4+sli+zNUfYwwp55rTdZ9JDR
G2LD/P2eNnrUXEsvOzqqQy48BmzOmTdgc2vef85Z23GczwX1PyTaGnrQKkReajN0
IxIuFpTgRQFBoPHTB1VVjSsOu7McWx4Gy2zccSrXKIskj4sOBIYBjxBAR0U4Gi5h
OAqplVGH3x3RoRb2swkc/LLb6WV6J7REmZ0+0dAE1ShBR8GmEb4wYc5BUgYXrhEn
hK3nmNx65jZXSAwJOZU8ETLaMoa/I/+QkgPvAJ8gyTLbMQ/xB2kMNRdisphz0jiy
PIXWlOf6I750VtbBNPHqfe0RHbBQJAl9ABEBAAGJAjwEGAEKACYCGwwWIQSYIjF1
nHRnBl0M6bKn3QcIi0775gUCYp7C3AUJJG4hIwAKCRCn3QcIi0775nmYD/sEI0T4
+MHIt5EzL+vBAzAbd23U2oF9KrJP49xmrLlm7qC6ghfuUVqoKwWyE24g8T4N3cxE
xQWTZ8drqvE2E2tyKqVMjJ5PfiZjK/3WOOIq9YZHpNKljv9KaAAf5alpvMxn6IBj
ZUhs775JcGWWngilBN9i3OEVFcQG9tFtfKqcYf8oRLPQlqhrH0pKOymFdqdL+NFX
G/M2LquGrvyDwnT2Cyy4p4sw639BUyA4k1hESgK9KVZTrmJPYU8hCD7kcSOY25UT
zDERLlXUsnGU9WHm/4aZ4TCs2h2qm29jHeWjfw0U/O8f4K5MV7WcJ0ZywdOk7SSf
jOKUetPH01l22I6JXiH0jLlBU5uA/zAxd8aPpvcYcWm2Ti+mkpIB6/XWbjnPoYHh
JmH8r9Pih1Z4dVR7qri/mdcsTZsKzLPuD6AITafJYuRCItCbMerhvGCwBaaR0oHS
AdpSzwKk8mrLd4BQUSM5a3E010dDeKGL4TA5ttfZJuSe7RXbi4RdDd98XHKEiU3n
N1ethSQNvEyrh0uA1U3FZvPMcbfYZa8zO85Nz9h/TGUNfmp5CyrZUHZLmvvGTOch
lUjaIhAGBVJQR/y7+4aC3zzkyzbKyLOL3hCk0xie4LLbfTQ5BtT4+GqEAtzwRQqZ
RgwnCPfIai7lLNx95bdwB8U2NpY11OXsoTLZAA==
=UWTf
-----END PGP PUBLIC KEY BLOCK-----

0
salt/repo/client/files/rocky/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub → salt/repo/client/files/oracle/keys/SALT-PROJECT-GPG-PUBKEY-2023.pub
View File

0
salt/repo/client/files/centos/keys/docker.pub → salt/repo/client/files/oracle/keys/docker.pub
View File

0
salt/repo/client/files/centos/keys/securityonion.pub → salt/repo/client/files/oracle/keys/securityonion.pub
View File

2
salt/repo/client/files/rocky/yum.conf.jinja → salt/repo/client/files/oracle/yum.conf.jinja
View File

@@ -10,7 +10,7 @@ gpgcheck=1
plugins=1
installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
distroverpkg=oraclelinux-release
clean_requirements_on_remove=1
{%- if proxy %}
proxy={{ proxy }}

31
salt/repo/client/files/rocky/keys/RPM-GPG-KEY-rockyofficial
View File

@@ -1,31 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: resf.keykeeper.v1
Comment: Keykeeper
xsFNBGJ5RksBEADF/Lzssm7uryV6+VHAgL36klyCVcHwvx9Bk853LBOuHVEZWsme
kbJF3fQG7i7gfCKGuV5XW15xINToe4fBThZteGJziboSZRpkEQ2z3lYcbg34X7+d
co833lkBNgz1v6QO7PmAdY/x76Q6Hx0J9yiJWd+4j+vRi4hbWuh64vUtTd7rPwk8
0y3g4oK1YT0NR0Xm/QUO9vWmkSTVflQ6y82HhHIUrG+1vQnSOrWaC0O1lqUI3Nuo
b6jTARCmbaPsi+XVQnBbsnPPq6Tblwc+NYJSqj5d9nT0uEXT7Zovj4Je5oWVFXp9
P1OWkbo2z5XkKjoeobM/zKDESJR78h+YQAN9IOKFjL/u/Gzrk1oEgByCABXOX+H5
hfucrq5U3bbcKy4e5tYgnnZxqpELv3fN/2l8iZknHEh5aYNT5WXVHpD/8u2rMmwm
I9YTEMueEtmVy0ZV3opUzOlC+3ZUwjmvAJtdfJyeVW/VMy3Hw3Ih0Fij91rO613V
7n72ggVlJiX25jYyT4AXlaGfAOMndJNVgBps0RArOBYsJRPnvfHlLi5cfjVd7vYx
QhGX9ODYuvyJ/rW70dMVikeSjlBDKS08tvdqOgtiYy4yhtY4ijQC9BmCE9H9gOxU
FN297iLimAxr0EVsED96fP96TbDGILWsfJuxAvoqmpkElv8J+P1/F7to2QARAQAB
zU9Sb2NreSBFbnRlcnByaXNlIFNvZnR3YXJlIEZvdW5kYXRpb24gLSBSZWxlYXNl
IGtleSAyMDIyIDxyZWxlbmdAcm9ja3lsaW51eC5vcmc+wsGKBBMBCAA0BQJieUZL
FiEEIcslauFvxUxuZSlJcC1CbTUNJ10CGwMCHgECGQEDCwkHAhUIAxYAAgIiAQAK
CRBwLUJtNQ0nXWQ5D/9472seOyRO6//bQ2ns3w9lE+aTLlJ5CY0GSTb4xNuyv+AD
IXpgvLSMtTR0fp9GV3vMw6QIWsehDqt7O5xKWi+3tYdaXRpb1cvnh8r/oCcvI4uL
k8kImNgsx+Cj+drKeQo03vFxBTDi1BTQFkfEt32fA2Aw5gYcGElM717sNMAMQFEH
P+OW5hYDH4kcLbtUypPXFbcXUbaf6jUjfiEp5lLjqquzAyDPLlkzMr5RVa9n3/rI
R6OQp5loPVzCRZMgDLALBU2TcFXLVP+6hAW8qM77c+q/rOysP+Yd+N7GAd0fvEvA
mfeA4Y6dP0mMRu96EEAJ1qSKFWUul6K6nuqy+JTxktpw8F/IBAz44na17Tf02MJH
GCUWyM0n5vuO5kK+Ykkkwd+v43ZlqDnwG7akDkLwgj6O0QNx2TGkdgt3+C6aHN5S
MiF0pi0qYbiN9LO0e05Ai2r3zTFC/pCaBWlG1ph2jx1pDy4yUVPfswWFNfe5I+4i
CMHPRFsZNYxQnIA2Prtgt2YMwz3VIGI6DT/Z56Joqw4eOfaJTTQSXCANts/gD7qW
D3SZXPc7wQD63TpDEjJdqhmepaTECbxN7x/p+GwIZYWJN+AYhvrfGXfjud3eDu8/
i+YIbPKH1TAOMwiyxC106mIL705p+ORf5zATZMyB8Y0OvRIz5aKkBDFZM2QN6A==
=PzIf
-----END PGP PUBLIC KEY BLOCK-----

28
salt/repo/client/files/rocky/keys/docker.pub
View File

@@ -1,28 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFit5IEBEADDt86QpYKz5flnCsOyZ/fk3WwBKxfDjwHf/GIflo+4GWAXS7wJ
1PSzPsvSDATV10J44i5WQzh99q+lZvFCVRFiNhRmlmcXG+rk1QmDh3fsCCj9Q/yP
w8jn3Hx0zDtz8PIB/18ReftYJzUo34COLiHn8WiY20uGCF2pjdPgfxE+K454c4G7
gKFqVUFYgPug2CS0quaBB5b0rpFUdzTeI5RCStd27nHCpuSDCvRYAfdv+4Y1yiVh
KKdoe3Smj+RnXeVMgDxtH9FJibZ3DK7WnMN2yeob6VqXox+FvKYJCCLkbQgQmE50
uVK0uN71A1mQDcTRKQ2q3fFGlMTqJbbzr3LwnCBE6hV0a36t+DABtZTmz5O69xdJ
WGdBeePCnWVqtDb/BdEYz7hPKskcZBarygCCe2Xi7sZieoFZuq6ltPoCsdfEdfbO
+VBVKJnExqNZCcFUTEnbH4CldWROOzMS8BGUlkGpa59Sl1t0QcmWlw1EbkeMQNrN
spdR8lobcdNS9bpAJQqSHRZh3cAM9mA3Yq/bssUS/P2quRXLjJ9mIv3dky9C3udM
+q2unvnbNpPtIUly76FJ3s8g8sHeOnmYcKqNGqHq2Q3kMdA2eIbI0MqfOIo2+Xk0
rNt3ctq3g+cQiorcN3rdHPsTRSAcp+NCz1QF9TwXYtH1XV24A6QMO0+CZwARAQAB
tCtEb2NrZXIgUmVsZWFzZSAoQ0UgcnBtKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
BBMBCgAhBQJYrep4AhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEMUv62ti
Hp816C0P/iP+1uhSa6Qq3TIc5sIFE5JHxOO6y0R97cUdAmCbEqBiJHUPNQDQaaRG
VYBm0K013Q1gcJeUJvS32gthmIvhkstw7KTodwOM8Kl11CCqZ07NPFef1b2SaJ7l
TYpyUsT9+e343ph+O4C1oUQw6flaAJe+8ATCmI/4KxfhIjD2a/Q1voR5tUIxfexC
/LZTx05gyf2mAgEWlRm/cGTStNfqDN1uoKMlV+WFuB1j2oTUuO1/dr8mL+FgZAM3
ntWFo9gQCllNV9ahYOON2gkoZoNuPUnHsf4Bj6BQJnIXbAhMk9H2sZzwUi9bgObZ
XO8+OrP4D4B9kCAKqqaQqA+O46LzO2vhN74lm/Fy6PumHuviqDBdN+HgtRPMUuao
xnuVJSvBu9sPdgT/pR1N9u/KnfAnnLtR6g+fx4mWz+ts/riB/KRHzXd+44jGKZra
IhTMfniguMJNsyEOO0AN8Tqcl0eRBxcOArcri7xu8HFvvl+e+ILymu4buusbYEVL
GBkYP5YMmScfKn+jnDVN4mWoN1Bq2yMhMGx6PA3hOvzPNsUoYy2BwDxNZyflzuAi
g59mgJm2NXtzNbSRJbMamKpQ69mzLWGdFNsRd4aH7PT7uPAURaf7B5BVp3UyjERW
5alSGnBqsZmvlRnVH5BDUhYsWZMPRQS9rRr4iGW0l+TH+O2VJ8aQ
=0Zqq
-----END PGP PUBLIC KEY BLOCK-----

52
salt/repo/client/files/rocky/keys/securityonion.pub
View File

@@ -1,52 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF7rzwEBEADBg87uJhnC3Ls7s60hbHGaywGrPtbz2WuYA/ev3YS3X7WS75p8
PGlzTWUCujx0pEHbK2vYfExl3zksZ8ZmLyZ9VB3oSLiWBzJgKAeB7YCFEo8te+eE
P2Z+8c+kX4eOV+2waxZyewA2TipSkhWgStSI4Ow8SyVUcUWA3hCw7mo2duNVi7KO
C3vvI3wzirH+8/XIGo+lWTg6yYlSxdf+0xWzYvV2QCMpwzJfARw6GGXtfCZw/zoO
o4+YPsiyztQdyI1y+g3Fbesl65E36DelbyP+lYd2VecX8ELEv0wlKCgHYlk6lc+n
qnOotVjWbsyXuFfo06PHUd6O9n3nmo0drC6kmXGw1e8hu0t8VcGfMTKS/hszwVUY
bHS6kbfsOoAb6LXPWKfqxk/BdreLXmcHHz88DimS3OS0JufkcmkjxEzSFRL0kb2h
QVb1SATrbx+v2RWQXvi9sLCjT2fdOiwi1Tgc84orc7A1C3Jwu353YaX9cV+n5uyG
OZ2AULZ5z2h13sVuiZAwfyyFs/O0CJ783hFA2TNPnyNGAgw/kaIo7nNRnggtndBo
oQzVS+BHiFx98IF4zDqmF2r2+jOCjxSrw8KnZBe4bgXFtl89DmjoejGvWDnu2MVM
pZDEs1DcOxHBQmTCWMIYLyNKG0xW6diyWBxEIaa7YgrP6kA+RaDfZ/xXPwARAQAB
tD9TZWN1cml0eSBPbmlvbiBTb2x1dGlvbnMsIExMQyA8aW5mb0BzZWN1cml0eW9u
aW9uc29sdXRpb25zLmNvbT6JAlQEEwEKAD4WIQTIBKk9Nr4Mcz6hlkR8EGC3/lBw
EwUCXuvPAQIbAwUJEswDAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB8EGC3
/lBwExB1D/42xIDGU2XFNFyTU+ZqzDA8qNC9hEKjLeizbeM8RIm3xO+3p7SdqbuJ
7pA8gk0RiHuILb+Ba1xiSh/w/W2bOxQhsXuWHih2z3W1tI+hu6RQhIm4e6CIHHf7
Vzj4RSvHOVS0AzITUwkHjv0x0Z8zVBPJfEHKkK2x03BqP1o12rd7n2ZMrSfN6sED
fUwOJLDjthShtyLSPBVG8j7T5cfSCPSLhfVOKPQVcI1sSir7RLeyxt1v1kzjQdaA
+znxO8EgfZJN93wzfBrAGcVT8KmpmgwR6p46m20wJXyZC9DZxJ0o1y3toVWTC+kP
Qj1ROPivySVn10rBoOJk8HteyhW07gTcydq+noKHV7SqJ1899xRAYP7rDCfI9iMW
Nn22ZDLnAkIcbNR7JLJCHwsZH/Umo9KO/dIccIqVQel3UCCYZcWTZW0VkcjqVKRa
eK+JQGaJPrBAoxIG5/sMlbk2sINSubNWlcbH6kM0V8NVwdPiOO9xLmp2hI4ICxE3
M+O2HCNX4QYzVizzTFxEvW3ieLa4nePQ8J6lvMI2oLkFP7xHoFluvZnuwfNvoEy0
RnlHExN1UQTUvcbCxIbzjaJ4HJXilWHjgmGaVQO1S7AYskWnNWQ7uJvxnuZBNNwm
pIvwYEZp23fYaWl/xKqnmPMy2ADjROBKlCm7L+Ntq1r7ELGW5ZCTobkCDQRe688B
ARAA22GzdkSAo+mwJ2S1RbJ1G20tFnLsG/NC8iMN3lEh/PSmyPdB7mBtjZ+HPDzF
VSznXZdr3LItBBQOli2hVIj1lZBY7+s2ZufV3TFFwselUwT3b1g1KMkopD95Ckf8
WhLbSz2yqgrvcEvbB0HFX/ZEsHGqIz2kLacixjwXXLWOMQ2LNbeW1f5zQkBnaNNQ
/4njzTj68OxnvfplNYNJqi2pZGb2UqarYX04FqKNuocN8E7AC9FQdBXylmVctw9T
pQVwfCI76bTe6vPWb+keb6UNN1jyXVnhIQ3Fv5sFBsmgXf/hO8tqCotrKjEiK2/i
RkvFeqsGMXreCgYg9zW4k+DcJtVa+Q8juGOjElrubY3Ua9mCusx3vY4QYSWxQ5Ih
k1lXiUcM5Rt38lfpKHRJ5Pd4Y5xlWSQfZ7nmzbf/GzJQz+rWrA0X6Oc6cDOPLNXK
w1dAygre4f2bsp5kHQt6NMefxeNTDmi+4R62K0tb40f5q0Vxz8qdyD48bBsbULNx
kb6mjOAD+FNkfNXcGeuTq9oRnjx8i93mhYsIP5LFNDXS/zSP1nv0ZUFeIlGQGjV9
1wOvT454qkI9sKiVFtd4FrNKZJbKszxxDm+DPfB5j+hRC4oeEJ7w+sVyh3EawtfM
V7Mwj8i+7c3YUCravXBhSwG7SCTggFUgA8lMr8oWVgCATYsAEQEAAYkCPAQYAQoA
JhYhBMgEqT02vgxzPqGWRHwQYLf+UHATBQJe688BAhsMBQkSzAMAAAoJEHwQYLf+
UHATTtwQAJiztPW68ykifpFdwYFp1VC7c+uGLhWBqjDY9NSUKNC9caR7bV0cnNu8
07UG6j18gCB2GSkukXjOR/oTj6rNcW/WouPYfQOrw7+M2Ya8M8iq+E/HOXaXB3b4
FeCcB0UuwfcHHd2KbXrRHA+9GNpmuOcfTCdsPpIr41Xg4QltATDEt/FrzuKspXg4
vUKDXgfnbj7y0JcJM2FfcwWGlnAG5MMRyjJQAleGdiidX/9WxgJ4Mweq4qJM0jr3
Qsrc9VuzxsLr85no3Hn5UYVgT7bBZ59HUbQoi775m78MxN3mWUSdcyLQKovI+YXr
tshTxWIf/2Ovdzt6Wq1WWXOGGuK1qgdPJTFWrlh3amFdb70zR1p6A/Lthd7Zty+n
QjRZRQo5jBSnYtjhMrZP6rxM3QqnQ0frEKK9HfDYONk1Bw18CUtdwFGb9OMregLR
IjvNLp9coSh5yYAepZyUGEPRET0GsmVw2trQF0uyMSkQfiq2zjPto6WWbsmrrbLr
cfZ/wnBw1FoNEd51U54euo9yvOgOVtJGvqLgHNwB8574FhQhoWAMhyizqdgeEt26
m3FXecUNKL/AK71/l04vor+/WsXe8uhDg3O84qeYa9wgd8LZZVmGZJDosSwqYjtb
LdNNm+v60Zo6rFWSREegqi/nRTTDdxdW99ybjlh+mpbq3xavyFXF
=bhkm
-----END PGP PUBLIC KEY BLOCK-----

5
salt/repo/client/init.sls
View File

@@ -1,2 +1,5 @@
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% if GLOBALS.os == 'OEL' %}
include:
- repo.client.{{grains.os | lower}}
- repo.client.oracle
{% endif %}

27
salt/repo/client/map.jinja
View File

@@ -1,8 +1,19 @@
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% if GLOBALS.os == 'Rocky' %}
{% if GLOBALS.os_family == 'Redhat' %}
{% set REPOPATH = '/etc/yum.repos.d/' %}
{% if GLOBALS.os == 'OEL' %}
{% set ABSENTFILES = [
'centos-addons.repo',
'centos-devel.repo',
'centos-extras.repo',
'centos.repo',
'docker-ce.repo',
'epel.repo',
'epel-testing.repo',
'saltstack.repo',
'salt-latest.repo',
'wazuh.repo'
'Rocky-Base.repo',
'Rocky-CR.repo',
'Rocky-Debuginfo.repo',
@@ -15,16 +26,16 @@
'rocky-devel.repo',
'rocky-extras.repo',
'rocky.repo',
'docker-ce.repo',
'epel.repo',
'epel-testing.repo',
'saltstack.repo',
'salt-latest.repo',
'wazuh.repo'
'oracle-linux-ol9',
'uek-ol9',
'virt-oll9'
]
%}
{% else %}
{% set ABSENTFILES = [] %}
{% endif %}
{% elif GLOBALS.os == 'Ubuntu' %}
{% else %}
{% set REPOPATH = '/etc/apt/sources.list.d/' %}
{% set ABSENTFILES = [] %}

6
salt/repo/client/rocky.sls → salt/repo/client/oracle.sls
View File

@@ -8,7 +8,7 @@
{% set role = grains.id.split('_') | last %}
{% set MANAGER = salt['grains.get']('master') %}
{% if grains['os'] == 'Rocky' %}
{% if grains['os'] == 'OEL' %}
{% if ABSENTFILES|length > 0%}
{% for file in ABSENTFILES %}
@@ -29,7 +29,7 @@ cleandnf:
yumconf:
file.managed:
- name: /etc/yum.conf
- source: salt://repo/client/files/rocky/yum.conf.jinja
- source: salt://repo/client/files/oracle/yum.conf.jinja
- mode: 644
- template: jinja
- show_changes: False
@@ -43,7 +43,7 @@ repair_yumdb:
crsynckeys:
file.recurse:
- name: /etc/pki/rpm-gpg
- source: salt://repo/client/files/rocky/keys/
- source: salt://repo/client/files/oracle/keys/
so_repo:
pkgrepo.managed:

0
salt/repo/client/ubuntu.sls
View File

6
salt/salt/map.jinja
View File

@@ -1,7 +1,7 @@
{% import_yaml 'salt/minion.defaults.yaml' as saltminion %}
{% set SALTVERSION = saltminion.salt.minion.version %}
{% if grains.os == 'Ubuntu' %}
{% if grains.os_family == 'Debian' %}
{% set SPLITCHAR = '+' %}
{% set SALTNOTHELD = salt['cmd.run']('apt-mark showhold | grep -q salt ; echo $?', python_shell=True) %}
{% set SALTPACKAGES = ['salt-common', 'salt-master', 'salt-minion'] %}
@@ -20,9 +20,9 @@
{% set INSTALLEDSALTVERSION = grains.saltversion %}
{% if grains.saltversion|string != SALTVERSION|string %}
{% if grains.os|lower in ['Rocky', 'redhat'] %}
{% if grains.os|lower in ['Rocky', 'redhat', 'CentOS Stream'] %}
{% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
{% elif grains.os|lower == 'ubuntu' %}
{% elif grains.os_family|lower == 'debian' %}
{% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
{% endif %}
{% else %}

21
salt/strelka/tools/sbin_jinja/so-yara-download Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/bash
NOROOT=1
. /usr/sbin/so-common
{%- set proxy = salt['pillar.get']('manager:proxy') %}
# Download the rules from the internet
{%- if proxy %}
export http_proxy={{ proxy }}
export https_proxy={{ proxy }}
export no_proxy= salt['pillar.get']('manager:no_proxy')
{%- endif %}
mkdir -p /tmp/yara
cd /tmp/yara
git clone https://github.com/Security-Onion-Solutions/securityonion-yara.git
mkdir -p /nsm/rules/yara
rsync -shav --progress /tmp/yara/securityonion-yara/yara /nsm/rules/
cd /tmp
rm -rf /tmp/yara

1
salt/vars/globals.map.jinja
View File

@@ -28,6 +28,7 @@
'so_model': INIT.GRAINS.get('sosmodel',''),
'sensoroni_key': INIT.PILLAR.sensoroni.config.sensoronikey,
'os': INIT.GRAINS.os,
'os_family': INIT.GRAINS.os_family,
'application_urls': {},
'manager_roles': [
'so-eval',

217
setup/so-functions
View File

@@ -680,10 +680,10 @@ configure_ntp() {
'rtcsync' \
'logdir /var/log/chrony' >> $chrony_conf
if [ "$OS" == 'rocky' ]; then
if [[ $is_rpm ]]; then
systemctl enable chronyd
systemctl restart chronyd
elif [ "$OS" == 'ubuntu' ]; then
else
systemctl enable chrony
systemctl restart chrony
fi
@@ -949,21 +949,59 @@ detect_os() {
OS=rocky
OSVER=9
is_rocky=true
pkgman="dnf"
is_rpm=true
not_supported=true
unset is_supported
elif grep -q "CentOS Stream release 9" /etc/redhat-release; then
OS=centos
OSVER=9
is_centos=true
is_rpm=true
not_supported=true
unset is_supported
elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then
if [ -f /etc/oracle-release ]; then
OS=oracle
OSVER=9
is_oracle=true
is_rpm=true
is_supported=true
else
info "We do not support the operating system you are trying to use."
fail_setup
OS=rhel
OSVER=9
is_rhel=true
is_rpm=true
not_supported=true
unset is_supported
fi
fi
elif [ -f /etc/os-release ]; then
OS=ubuntu
if grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then
OSVER=focal
UBVER=20.04
OS=ubuntu
is_ubuntu=true
else
info "We do not support your current version of Ubuntu."
fail_setup
is_deb=true
not_supported=true
unset is_supported
elif grep -q "UBUNTU_CODENAME=jammy" /etc/os-release; then
OSVER=jammy
UBVER=22.04
OS=ubuntu
is_ubuntu=true
is_deb=true
not_supported=true
unset is_supported
elif grep -q "VERSION_CODENAME=bookworm" /etc/os-release; then
OSVER=bookworm
DEBVER=12
is_debian=true
OS=debian
is_deb=true
not_supported=true
unset is_supported
fi
installer_prereq_packages
else
info "We were unable to determine if you are using a supported OS."
@@ -971,7 +1009,6 @@ detect_os() {
fi
info "Found OS: $OS $OSVER"
}
download_elastic_agent_artifacts() {
@@ -1007,28 +1044,20 @@ installer_progress_loop() {
}
installer_prereq_packages() {
# if [ "$OS" == rocky ]; then
# if [[ ! $is_iso ]]; then
# if ! command -v nmcli > /dev/null 2>&1; then
# logCmd "dnf -y install NetworkManager"
# fi
# fi
# logCmd "systemctl enable NetworkManager"
# logCmd "systemctl start NetworkManager"
# el
if [ "$OS" == ubuntu ]; then
if [[ $is_deb ]]; then
# Print message to stdout so the user knows setup is doing something
info "Running apt-get update"
retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup
# Install network manager so we can do interface stuff
if ! command -v nmcli > /dev/null 2>&1; then
info "Installing network-manager"
retry 150 10 "apt-get -y install network-manager" >> "$setup_log" 2>&1 || fail_setup
{
systemctl enable NetworkManager
systemctl start NetworkManager
} >> "$setup_log" 2<&1
retry 150 10 "apt-get -y install network-manager ethtool" >> "$setup_log" 2>&1 || fail_setup
if [[ $is_debian ]]; then
info "Enabling network manager for the main interface"
logCmd "sed -i 's/managed=false/managed=true/g' /etc/NetworkManager/NetworkManager.conf"
fi
logCmd systemctl enable NetworkManager
logCmd systemctl start NetworkManager
fi
if ! command -v curl > /dev/null 2>&1; then
retry 150 10 "apt-get -y install curl" >> "$setup_log" 2>&1 || fail_setup
@@ -1575,7 +1604,7 @@ network_init() {
title "Initializing Network"
disable_ipv6
set_hostname
if [[ ( $is_iso || $is_desktop_iso ) ]]; then
if [[ ( $is_iso || $is_desktop_iso || $is_debian ) ]]; then
set_management_interface
fi
}
@@ -1740,7 +1769,7 @@ reserve_ports() {
reinstall_init() {
info "Putting system in state to run setup again"
if [[ $install_type =~ ^(MANAGER|EVAL|HELIXSENSOR|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
if [[ $install_type =~ ^(MANAGER|EVAL|MANAGERSEARCH|STANDALONE|FLEET|IMPORT)$ ]]; then
local salt_services=( "salt-master" "salt-minion" )
else
local salt_services=( "salt-minion" )
@@ -1815,7 +1844,7 @@ reinstall_init() {
# Remove the old launcher package in case the config changes
remove_package launcher-final
if [[ $OS == 'ubuntu' ]]; then
if [[ $is_deb ]]; then
info "Unholding previously held packages."
apt-mark unhold $(apt-mark showhold)
fi
@@ -1836,7 +1865,7 @@ reset_proxy() {
[[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig
if [[ $is_rocky ]]; then
if [[ $is_rpm ]]; then
sed -i "/proxy=/d" /etc/dnf/dnf.conf
else
[[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf
@@ -1882,7 +1911,7 @@ drop_install_options() {
remove_package() {
local package_name=$1
if [[ $is_rocky ]]; then
if [[ $is_rpm ]]; then
if rpm -qa | grep -q "$package_name"; then
logCmd "dnf remove -y $package_name"
fi
@@ -1903,11 +1932,10 @@ remove_package() {
securityonion_repo() {
# Remove all the current repos
if [[ $is_rocky ]]; then
if [[ $is_oracle ]]; then
logCmd "dnf -v clean all"
logCmd "mkdir -vp /root/oldrepos"
logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
logCmd "ls -la /etc/yum.repos.d/"
if [[ ! $waitforstate ]]; then
echo "[securityonion]" > /etc/yum.repos.d/securityonion.repo
echo "name=Security Onion Repo" >> /etc/yum.repos.d/securityonion.repo
@@ -1922,20 +1950,13 @@ securityonion_repo() {
echo "enabled=1" >> /etc/yum.repos.d/securityonion.repo
echo "gpgcheck=1" >> /etc/yum.repos.d/securityonion.repo
fi
# need to yum clean all before repo conf files are removed or clean,cleans nothing
logCmd "dnf repolist all"
# update this package because the repo config files get added back
# if the package is updated when the update_packages function is called
if [ -f "/etc/yum.repos.d/rocky.repo" ]; then
info "Backing up the .repo files that were added by the centos-release package."
logCmd "mv -bvf /etc/yum.repos.d/rocky* /root/oldrepos/"
logCmd "dnf repolist all"
fi
if [[ $is_rpm ]]; then logCmd "dnf repolist all"; fi
if [[ $waitforstate ]]; then
if [[ ! $is_airgap ]]; then
if [[ $is_rpm ]]; then
# Build the repo locally so we can use it
echo "Syncing Repo"
echo "Syncing Repos"
repo_sync_local
fi
fi
@@ -1943,13 +1964,15 @@ securityonion_repo() {
}
repo_sync_local() {
info "Repo Sync"
if [[ $is_supported ]]; then
# Sync the repo from the the SO repo locally.
# Check for reposync
info "Backing up old repos"
mkdir -p /nsm/repo
mkdir -p /opt/so/conf/reposync/cache
echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt
echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt
echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /opt/so/conf/reposync/mirror.txt
echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/oracle/9" >> /opt/so/conf/reposync/mirror.txt
echo "[main]" > /opt/so/conf/reposync/repodownload.conf
echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
echo "installonly_limit=3" >> /opt/so/conf/reposync/repodownload.conf
@@ -1960,28 +1983,52 @@ repo_sync_local() {
echo "keepcache=0" >> /opt/so/conf/reposync/repodownload.conf
echo "[securityonionsync]" >> /opt/so/conf/reposync/repodownload.conf
echo "name=Security Onion Repo repo" >> /opt/so/conf/reposync/repodownload.conf
echo "#baseurl=https://repo.securityonion.net/file/so-repo/2.4/" >> /opt/so/conf/reposync/repodownload.conf
echo "mirrorlist=file:///opt/so/conf/reposync/mirror.txt" >> /opt/so/conf/reposync/repodownload.conf
echo "enabled=1" >> /opt/so/conf/reposync/repodownload.conf
echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf
logCmd "dnf repolist"
# Make sure we can get to the sig repo
# TODO Add if for ISO install
if [[ ! $is_airgap ]]; then
curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
fi
# After the download is complete run createrepo
create_repo
else
# Add the proper repos for unsupported stuff
echo "Adding Repos"
if [[ $is_rpm ]]; then
dnf -y install epel-release
dnf install -y yum-utils device-mapper-persistent-data lvm2
curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo
rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
if [[ $is_rhel ]]; then
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
else
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
fi
if [[ $is_rocky ]]; then
dnf config-manager --set-enabled crb
dnf repolist
fi
else
echo "Not sure how you got here."
exit 1
fi
fi
}
saltify() {
info "Installing Salt"
SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //')
if [[ $is_ubuntu ]]; then
if [[ $is_deb ]]; then
DEBIAN_FRONTEND=noninteractive retry 150 20 "apt-get -y -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade" >> "$setup_log" 2>&1 || fail_setup
update-alternatives --install /usr/bin/python python /usr/bin/python3.8 10
if [ $OSVER == "focal" ]; then update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10; fi
local pkg_arr=(
'apache2-utils'
'ca-certificates'
@@ -1989,17 +2036,35 @@ saltify() {
'software-properties-common'
'apt-transport-https'
'openssl'
'netcat'
'netcat-openbsd'
'jq'
'gnupg'
)
retry 150 20 "apt-get -y install ${pkg_arr[*]}" || fail_setup
logCmd "mkdir -vp /etc/apt/keyrings"
#logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub"
logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg"
logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/20.04/amd64/minor/$SALTVERSION/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list
if [[ $is_ubuntu ]]; then
# Add Salt Repo
logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/ubuntu/$UBVER/amd64/minor/$SALTVERSION/ $OSVER main" | sudo tee /etc/apt/sources.list.d/salt.list
# Add Docker Repo
add-apt-repository -y "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
else
# Add Salt Repo *NOTE* You have to use debian 11 since it isn't out for 12
logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt/py3/debian/11/amd64/minor/$SALTVERSION/ bullseye main" | sudo tee /etc/apt/sources.list.d/salt.list
# Add Docker Repo
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $OSVER stable" > /etc/apt/sources.list.d/docker.list
fi
logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg"
#logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub"
@@ -2008,19 +2073,20 @@ saltify() {
# Add SO Saltstack Repo
#echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list
# Add Docker Repo
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
# Ain't nothing but a GPG
retry 150 20 "apt-get update" "" "Err:" || fail_setup
if [[ $waitforstate ]]; then
retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION salt-master=$SALTVERSION" || fail_setup
retry 150 20 "apt-mark hold salt-minion salt-common salt-master" || fail_setup
retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1
else
retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup
retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup
#retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1
fi
fi
if [[ $is_rocky ]]; then
if [[ $is_rpm ]]; then
if [[ $waitforstate ]]; then
# install all for a manager
logCmd "dnf -y install salt-$SALTVERSION salt-master-$SALTVERSION salt-minion-$SALTVERSION"
@@ -2164,7 +2230,7 @@ set_proxy() {
"}" > /root/.docker/config.json
# Set proxy for package manager
if [[ $is_rocky ]]; then
if [[ $is_rpm ]]; then
echo "proxy=$so_proxy" >> /etc/yum.conf
else
# Set it up so the updates roll through the manager
@@ -2292,6 +2358,7 @@ set_management_interface() {
if [ "$address_type" = 'DHCP' ]; then
logCmd "nmcli con mod $MNIC connection.autoconnect yes"
logCmd "nmcli con up $MNIC"
logCmd "nmcli -p connection show $MNIC"
else
# Set Static IP
nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\
@@ -2335,22 +2402,6 @@ so_add_user() {
fi
}
ubuntu_check() {
if [[ $OS == "ubuntu" ]]; then
if [[ $waitforstate ]]; then
whiptail_ubuntu_notsupported
fail_setup
else
if [[ $UBUNTUINSTALL == "needtoupgrade" ]]; then
whiptail_ubuntu_warning
else
whiptail_ubuntu_notsupported
fail_setup
fi
fi
fi
}
update_sudoers_for_testing() {
if [ -n "$TESTING" ]; then
info "Ensuring $INSTALLUSERNAME has password-less sudo access for automated testing purposes."
@@ -2359,15 +2410,15 @@ update_sudoers_for_testing() {
}
update_packages() {
if [[ $is_rocky ]]; then
if [[ $is_oracle ]]; then
logCmd "dnf repolist"
logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*"
RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo")
info "Removing repo files added by rocky-repos package update"
RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo")
info "Removing repo files added by oracle-repos package update"
for FILE in ${RMREPOFILES[@]}; do
logCmd "rm -f /etc/yum.repos.d/$FILE"
done
else
elif [[ $is_deb ]]; then
info "Running apt-get update"
retry 150 10 "apt-get -y update" "" "Err:" >> "$setup_log" 2>&1 || fail_setup
info "Running apt-get upgrade"

33
setup/so-setup
View File

@@ -65,6 +65,27 @@ done
# Let's see what OS we are dealing with here
detect_os
# Ubuntu/Debian whiptail pallete to make it look the same as CentOS and Rocky.
set_palette >> $setup_log 2>&1
if [[ $not_supported ]]; then
if [[ "$OSVER" == "focal" ]]; then
if (whiptail_focal_warning); then
true
else
info "User cancelled setup."
whiptail_cancel
fi
else
if (whiptail_unsupported_os_warning); then
true
else
info "User cancelled setup."
whiptail_cancel
fi
fi
fi
# Check to see if this is the setup type of "desktop".
is_desktop=
if [ "$setup_type" = 'desktop' ]; then
@@ -78,7 +99,7 @@ fi
# Make sure if ISO is specified that we are dealing with CentOS or Rocky
title "Detecting if this is an ISO install"
if [[ "$setup_type" == 'iso' ]]; then
if [[ $is_centos || $is_rocky ]]; then
if [[ $is_rpm ]]; then
is_iso=true
else
echo "Only use 'so-setup iso' for an ISO install on Security Onion ISO images. Please run 'so-setup network' instead."
@@ -91,8 +112,10 @@ if [[ $is_desktop ]]; then
title "This is a desktop install"
# Make sure it's CentOS or Rocky Linux
if [[ ! $is_rocky ]]; then
info "Security Onion Desktop is only supported on Rocky Linux 9"
if [[ $is_rpm ]]; then
info "Security Onion Desktop is supported on this OS."
else
info "Security Onion Desktop is not supported on this OS."
exit 1
fi
@@ -245,9 +268,6 @@ local_sbin="$(pwd)/../salt/common/tools/sbin"
manager_sbin="$(pwd)/../salt/manager/tools/sbin"
export PATH=$PATH:$local_sbin:$manager_sbin
# Ubuntu whiptail pallete to make it look the same as CentOS and Rocky.
set_palette >> $setup_log 2>&1
# Kernel messages can overwrite whiptail screen #812
# https://github.com/Security-Onion-Solutions/securityonion/issues/812
dmesg -D
@@ -401,7 +421,6 @@ if ! [[ -f $install_opt_file ]]; then
info "Setting up as node type manager"
check_elastic_license
waitforstate=true
#ubuntu_check
[[ $is_iso ]] && whiptail_airgap
check_requirements "manager"
networking_needful

75
setup/so-whiptail
View File

@@ -455,6 +455,28 @@ __append_end_msg() {
EOM
}
whiptail_focal_warning() {
[ -n "$TESTING" ] && return
read -r -d '' focal_warning_continue <<- EOM
WARNING: Ubuntu 20.04 is only supported as a minion role.
This node may not install or operate as expected if installed
as a manager, managersearch, standalone, eval, or import.
Would you like to continue the install?
EOM
whiptail --title "$whiptail_title" \
--yesno "$focal_warning_continue" 14 75 --defaultno
local exitstatus=$?
return $exitstatus
}
whiptail_gauge_post_setup() {
if [ -n "$TESTING" ]; then
@@ -523,7 +545,7 @@ whiptail_install_type() {
[ -n "$TESTING" ] && return
# What kind of install are we doing?
if [[ $OS = 'rocky' ]]; then
# if [[ $is_rocky || $is_centos ]]; then
install_type=$(whiptail --title "$whiptail_title" --menu \
"What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \
"IMPORT" "Import PCAP or log files " \
@@ -533,14 +555,14 @@ whiptail_install_type() {
"OTHER" "Other install types" \
3>&1 1>&2 2>&3
)
elif [[ $OS = 'ubuntu' ]]; then
install_type=$(whiptail --title "$whiptail_title" --menu \
"What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \
"DISTRIBUTED" "Distributed install submenu " \
"OTHER" "Other install types" \
3>&1 1>&2 2>&3
)
fi
# elif [[ $is_ubuntu ]]; then
# install_type=$(whiptail --title "$whiptail_title" --menu \
# "What kind of installation would you like to do?\n\nFor more information, please see:\n$DOC_BASE_URL/architecture.html" 18 65 5 \
# "DISTRIBUTED" "Distributed install submenu " \
# "OTHER" "Other install types" \
# 3>&1 1>&2 2>&3
# )
# fi
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -563,18 +585,18 @@ whiptail_install_type_dist() {
[ -n "$TESTING" ] && return
if [[ $OS = 'rocky' ]]; then
# if [[ $is_rocky || $is_centos ]]; then
dist_option=$(whiptail --title "$whiptail_title" --menu "Do you want to start a new deployment or join this box to \nan existing deployment?" 11 75 2 \
"New Deployment " "Create a new Security Onion deployment" \
"Existing Deployment " "Join to an existing Security Onion deployment " \
3>&1 1>&2 2>&3
)
elif [[ $OS = 'ubuntu' ]]; then
dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \
"Existing Deployment " "Join to an existing Security Onion deployment " \
3>&1 1>&2 2>&3
)
fi
# elif [[ $is_ubuntu ]]; then
# dist_option=$(whiptail --title "$whiptail_title" --menu "Since this is Ubuntu, this box can only be connected to \nan existing deployment." 11 75 2 \
# "Existing Deployment " "Join to an existing Security Onion deployment " \
# 3>&1 1>&2 2>&3
# )
# fi
local exitstatus=$?
whiptail_check_exitstatus $exitstatus
@@ -1426,6 +1448,27 @@ whiptail_ubuntu_warning() {
whiptail --title "$whiptail_title" --msgbox "$message" 14 75
}
whiptail_unsupported_os_warning() {
[ -n "$TESTING" ] && return
read -r -d '' unsupported_os_continue <<- EOM
WARNING: An unsupported operating system has been detected.
Security Onion may not install or operate as expected.
Would you like to continue the install?
EOM
whiptail --title "$whiptail_title" \
--yesno "$unsupported_os_continue" 14 75 --defaultno
local exitstatus=$?
return $exitstatus
}
whiptail_uppercase_warning() {
[ -n "$TESTING" ] && return