From 0c9e230294af6b51f81ee72dad7d8e0af6c4fa62 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 10 Jul 2023 10:14:47 -0400 Subject: [PATCH] Initial RHEL support --- .../strelka/tools/sbin_jinja/so-yara-download | 21 +++++++++++++++ setup/so-functions | 26 ++++++++++++++++--- 2 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 salt/strelka/tools/sbin_jinja/so-yara-download diff --git a/salt/strelka/tools/sbin_jinja/so-yara-download b/salt/strelka/tools/sbin_jinja/so-yara-download new file mode 100644 index 000000000..9ec6fa41f --- /dev/null +++ b/salt/strelka/tools/sbin_jinja/so-yara-download @@ -0,0 +1,21 @@ +#!/bin/bash +NOROOT=1 +. /usr/sbin/so-common + +{%- set proxy = salt['pillar.get']('manager:proxy') %} + +# Download the rules from the internet +{%- if proxy %} +export http_proxy={{ proxy }} +export https_proxy={{ proxy }} +export no_proxy= salt['pillar.get']('manager:no_proxy') +{%- endif %} + +mkdir -p /tmp/yara +cd /tmp/yara +git clone https://github.com/Security-Onion-Solutions/securityonion-yara.git +mkdir -p /nsm/rules/yara +rsync -shav --progress /tmp/yara/securityonion-yara/yara /nsm/rules/ +cd /tmp +rm -rf /tmp/yara + diff --git a/setup/so-functions b/setup/so-functions index dd57504a0..1f6610067 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -955,6 +955,11 @@ detect_os() { OSVER=9 is_centos=true is_rpm=true + elif grep -q "Red Hat Enterprise Linux release 9" /etc/redhat-release; then + OS=rhel + OSVER=9 + is_rhel=true + is_rpm=true fi elif [ -f /etc/os-release ]; then OS=ubuntu @@ -1926,7 +1931,7 @@ remove_package() { securityonion_repo() { # Remove all the current repos - if [[ $is_rocky ]]; then + if [[ $is_rpm ]]; then logCmd "dnf -v clean all" logCmd "mkdir -vp /root/oldrepos" logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/" @@ -1960,6 +1965,10 @@ securityonion_repo() { logCmd "mv -bvf /etc/yum.repos.d/centos* /root/oldrepos/" logCmd "dnf repolist all" fi + if [ -f "/etc/yum.repos.d/redhat.repo" ]; then + info "Backing up the .repo files that were added by the redhat-release package." + logCmd "mv -bvf /etc/yum.repos.d/redhat* /root/oldrepos/" + logCmd "dnf repolist all" if [[ $waitforstate ]]; then if [[ ! $is_airgap ]]; then # Build the repo locally so we can use it @@ -1979,9 +1988,12 @@ repo_sync_local() { if [[ $is_rocky ]]; then echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rocky/9" > /opt/so/conf/reposync/mirror.txt echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rocky/9" >> /opt/so/conf/reposync/mirror.txt - else + elif [[ $is_centos ]]; then echo "https://repo.securityonion.net/file/so-repo/prod/2.4/centos/9" > /opt/so/conf/reposync/mirror.txt echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/centos/9" >> /opt/so/conf/reposync/mirror.txt + elif [[ $is_rhel ]]; then + echo "https://repo.securityonion.net/file/so-repo/prod/2.4/rhel/9" > /opt/so/conf/reposync/mirror.txt + echo "https://so-repo-east.s3.us-east-005.backblazeb2.com/prod/2.4/rhel/9" >> /opt/so/conf/reposync/mirror.txt fi echo "[main]" > /opt/so/conf/reposync/repodownload.conf echo "gpgcheck=1" >> /opt/so/conf/reposync/repodownload.conf @@ -2389,13 +2401,21 @@ update_sudoers_for_testing() { } update_packages() { - if [[ $is_rocky ]]; then + if [[ $is_rpm ]]; then logCmd "dnf repolist" logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" if [[ $is_rocky ]]; then RMREPOFILES=("rocky-addons.repo" "rocky-devel.repo" "rocky-extras.repo" "rocky.repo") info "Removing repo files added by rocky-repos package update" fi + if [[ $is_centos ]]; then + RMREPOFILES=("centos-addons.repo" "centos-devel.repo" "centos-extras.repo" "centos.repo") + info "Removing repo files added by centos-repos package update" + fi + if [[ $is_rhel ]]; then + RMREPOFILES=("redhat-addons.repo" "redhat-devel.repo" "redhat-extras.repo" "redhat.repo") + info "Removing repo files added by redhat-repos package update" + fi for FILE in ${RMREPOFILES[@]}; do logCmd "rm -f /etc/yum.repos.d/$FILE" done