CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

changes for workstation

Browse Source
This commit is contained in:
m0duspwnens
2022-03-28 15:34:15 -04:00
parent 293de159db
commit 0ddfaf8d74
8 changed files with 41 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pillar/top.sls
View File

@@ -131,3 +131,6 @@ base:
{% endif %} {% endif %}
- global - global
- minions.{{ grains.id }} - minions.{{ grains.id }}
'*_workstation':
- minions.{{ grains.id }}

2
salt/allowed_states.map.jinja
View File

@@ -217,6 +217,8 @@
'schedule', 'schedule',
'docker_clean' 'docker_clean'
], ],
'so-workstation': [
],
}, grain='role') %} }, grain='role') %}
{% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import', 'so-receiver'] %} {% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import', 'so-receiver'] %}

2
salt/common/tools/sbin/so-common
View File

@@ -367,7 +367,7 @@ run_check_net_err() {
exit $exit_code exit $exit_code
fi fi
} }
set_cron_service_name() { set_cron_service_name() {
if [[ "$OS" == "centos" ]]; then if [[ "$OS" == "centos" ]]; then
cron_service_name="crond" cron_service_name="crond"
else else

2
salt/repo/client/init.sls
View File

@@ -43,7 +43,7 @@ repair_yumdb:
crsynckeys: crsynckeys:
file.recurse: file.recurse:
- name: /etc/pki/rpm_gpg - name: /etc/pki/rpm-gpg
- source: salt://repo/client/files/centos/keys/ - source: salt://repo/client/files/centos/keys/
{% if not ISAIRGAP %} {% if not ISAIRGAP %}

2
salt/salt/minion.sls
View File

@@ -66,7 +66,7 @@ set_log_levels:
salt_minion_service_unit_file: salt_minion_service_unit_file:
file.managed: file.managed:
- name: /etc/systemd/system/multi-user.target.wants/salt-minion.service - name: /usr/lib/systemd/system/salt-minion.service
- source: salt://salt/service/salt-minion.service.jinja - source: salt://salt/service/salt-minion.service.jinja
- template: jinja - template: jinja
- defaults: - defaults:

9
salt/top.sls
View File

@@ -35,11 +35,14 @@ base:
'* and G@saltversion:{{saltversion}}': '* and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- salt.minion - salt.minion
- common
- patch.os.schedule - patch.os.schedule
- motd - motd
- salt.minion-check - salt.minion-check
- salt.lasthighstate - salt.lasthighstate
'not *_workstation and G@saltversion:{{saltversion}}':
- match: compound
- common
'*_helixsensor and G@saltversion:{{saltversion}}': '*_helixsensor and G@saltversion:{{saltversion}}':
- match: compound - match: compound
@@ -507,3 +510,7 @@ base:
- docker_clean - docker_clean
- filebeat - filebeat
- idh - idh
'*_workstation and G@saltversion:{{saltversion}}':
- match: compound
- workstation

1
salt/workstation/init.sls
View File

@@ -1,2 +1,3 @@
include: include:
- workstation.xwindows - workstation.xwindows
- workstation.trusted-ca

24
salt/workstation/trusted-ca.sls Normal file
View File

@@ -0,0 +1,24 @@
{% set global_ca_text = [] %}
{% set global_ca_server = [] %}
{% set manager = salt['grains.get']('master') %}
{% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %}
{% for host in x509dict %}
{% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import'] %}
{% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %}
{% do global_ca_server.append(host) %}
{% endif %}
{% endfor %}
{% set trusttheca_text = global_ca_text[0] %}
{% set ca_server = global_ca_server[0] %}
trusted_ca:
x509.pem_managed:
- name: /etc/pki/ca-trust/source/anchors/ca.crt
- text: {{ trusttheca_text }}
update_ca_certs:
cmd.run:
- name: update-ca-trust
- onchanges:
- x509: trusted_ca