From 0047246cf279292368546b85f85a949c041d0e96 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 4 Mar 2025 10:55:12 -0500
Subject: [PATCH] reduce stdout verbosity

---
 salt/common/init.sls                               |  2 ++
 salt/common/tools/sbin/so-common                   |  2 +-
 salt/elasticfleet/config.sls                       |  4 ++++
 salt/elasticsearch/config.sls                      |  8 ++++++++
 salt/elasticsearch/enabled.sls                     |  3 +++
 salt/influxdb/config.sls                           |  1 +
 salt/kibana/tools/sbin_jinja/so-kibana-config-load |  4 ++--
 salt/manager/init.sls                              |  4 ++++
 salt/manager/tools/sbin/soup                       | 14 +++++++-------
 salt/nginx/enabled.sls                             |  1 +
 salt/sensoroni/config.sls                          |  1 +
 salt/soc/config.sls                                |  2 ++
 12 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/salt/common/init.sls b/salt/common/init.sls
index f385bd96d..d4d90cbed 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -128,6 +128,7 @@ common_sbin:
     - user: 939
     - group: 939
     - file_mode: 755
+    - show_changes: False
 
 common_sbin_jinja:
   file.recurse:
@@ -137,6 +138,7 @@ common_sbin_jinja:
     - group: 939 
     - file_mode: 755
     - template: jinja
+    - show_changes: False
 
 {% if not GLOBALS.is_manager%}
 # prior to 2.4.50 these scripts were in common/tools/sbin on the manager because of soup and distributed to non managers
diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index 6ae35324f..e46eaac69 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -226,7 +226,7 @@ create_local_directories() {
 		for d in $(find $PILLARSALTDIR/$i -type d); do
 			suffixdir=${d//$PILLARSALTDIR/}
 			if [ ! -d "$local_salt_dir/$suffixdir" ]; then
-				mkdir -pv $local_salt_dir$suffixdir
+				mkdir -p $local_salt_dir$suffixdir
 			fi
 		done
 		chown -R socore:socore $local_salt_dir/$i
diff --git a/salt/elasticfleet/config.sls b/salt/elasticfleet/config.sls
index 208fa2306..ef921b404 100644
--- a/salt/elasticfleet/config.sls
+++ b/salt/elasticfleet/config.sls
@@ -30,6 +30,7 @@ elasticfleet_sbin:
     - user: 947
     - group: 939
     - file_mode: 755
+    - show_changes: False
 
 elasticfleet_sbin_jinja:
   file.recurse:
@@ -41,6 +42,7 @@ elasticfleet_sbin_jinja:
     - template: jinja
     - exclude_pat:
       - so-elastic-fleet-package-upgrade # exclude this because we need to watch it for changes
+    - show_changes: False
 
 eaconfdir:
   file.directory:
@@ -145,6 +147,7 @@ eadynamicintegration:
     - user: 947
     - group: 939
     - template: jinja
+    - show_changes: False
 
 eaintegration:
   file.recurse:
@@ -152,6 +155,7 @@ eaintegration:
     - source: salt://elasticfleet/files/integrations
     - user: 947
     - group: 939
+    - show_changes: False
 
 eaoptionalintegrationsdir:
   file.directory:
diff --git a/salt/elasticsearch/config.sls b/salt/elasticsearch/config.sls
index a3dd189ad..147975bb1 100644
--- a/salt/elasticsearch/config.sls
+++ b/salt/elasticsearch/config.sls
@@ -47,6 +47,7 @@ elasticsearch_sbin:
     - file_mode: 755
     - exclude_pat:
       - so-elasticsearch-pipelines # exclude this because we need to watch it for changes, we sync it in another state
+    - show_changes: False
 
 elasticsearch_sbin_jinja:
   file.recurse:
@@ -60,6 +61,7 @@ elasticsearch_sbin_jinja:
       - so-elasticsearch-ilm-policy-load # exclude this because we need to watch it for changes, we sync it in another state
     - defaults:
         GLOBALS: {{ GLOBALS }}
+    - show_changes: False
 
 so-elasticsearch-ilm-policy-load-script:
   file.managed:
@@ -69,6 +71,7 @@ so-elasticsearch-ilm-policy-load-script:
     - group: 939
     - mode: 754
     - template: jinja
+    - show_changes: False
 
 so-elasticsearch-pipelines-script:
   file.managed:
@@ -77,6 +80,7 @@ so-elasticsearch-pipelines-script:
     - user: 930
     - group: 939
     - mode: 754
+    - show_changes: False
 
 esingestdir:
   file.directory:
@@ -110,6 +114,7 @@ esingestdynamicconf:
     - user: 930
     - group: 939
     - template: jinja
+    - show_changes: False
 
 esingestconf:
   file.recurse:
@@ -117,6 +122,7 @@ esingestconf:
     - source: salt://elasticsearch/files/ingest
     - user: 930
     - group: 939
+    - show_changes: False
 
 # Remove .fleet_final_pipeline-1 because we are using global@custom now
 so-fleet-final-pipeline-remove:
@@ -153,6 +159,7 @@ esyml:
     - defaults:
         ESCONFIG: {{ ELASTICSEARCHMERGED.config }}
     - template: jinja
+    - show_changes: False
 
 esroles:
   file.recurse:
@@ -162,6 +169,7 @@ esroles:
     - template: jinja
     - user: 930
     - group: 939
+    - show_changes: False
 
 nsmesdir:
   file.directory:
diff --git a/salt/elasticsearch/enabled.sls b/salt/elasticsearch/enabled.sls
index e1629fade..af162d9e9 100644
--- a/salt/elasticsearch/enabled.sls
+++ b/salt/elasticsearch/enabled.sls
@@ -116,6 +116,7 @@ escomponenttemplates:
     - clean: True
     - onchanges_in:
       - file: so-elasticsearch-templates-reload
+    - show_changes: False
       
 # Auto-generate templates from defaults file
 {%     for index, settings in ES_INDEX_SETTINGS.items() %}
@@ -127,6 +128,7 @@ es_index_template_{{index}}:
     - defaults:
       TEMPLATE_CONFIG: {{ settings.index_template }}
     - template: jinja
+    - show_changes: False
     - onchanges_in:
       - file: so-elasticsearch-templates-reload
 {%       endif %}
@@ -146,6 +148,7 @@ es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}:
 {%         endif %}
     - user: 930
     - group: 939
+    - show_changes: False
     - onchanges_in:
       - file: so-elasticsearch-templates-reload
 {%       endfor %}
diff --git a/salt/influxdb/config.sls b/salt/influxdb/config.sls
index 66c681a0d..0f315666a 100644
--- a/salt/influxdb/config.sls
+++ b/salt/influxdb/config.sls
@@ -85,6 +85,7 @@ influxdb-templates:
     - clean: True
     - defaults:
         INFLUXMERGED: {{ INFLUXMERGED }}
+    - show_changes: False
 
 influxdb_curl_config:
   file.managed:
diff --git a/salt/kibana/tools/sbin_jinja/so-kibana-config-load b/salt/kibana/tools/sbin_jinja/so-kibana-config-load
index 921416790..47830c103 100644
--- a/salt/kibana/tools/sbin_jinja/so-kibana-config-load
+++ b/salt/kibana/tools/sbin_jinja/so-kibana-config-load
@@ -47,7 +47,7 @@ import() {
 
     # Load saved objects
     RESPONSE=$(curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -L -X POST "localhost:5601/api/saved_objects/_import?overwrite=true" -H "kbn-xsrf: true" --form file=@"$ndjson_file")
-    echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
+    if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
 
     if [[ "$RETURN_CODE" != "1" ]]; then
       touch /opt/so/state/kibana_$BASENAME.txt
@@ -66,7 +66,7 @@ update() {
     IFS=$'\r\n' GLOBIGNORE='*' command eval  'LINES=($(cat $1))'
     for i in "${LINES[@]}"; do
       RESPONSE=$(curl -K /opt/so/conf/elasticsearch/curl.config -X PUT "localhost:5601/api/saved_objects/config/{{ELASTICSEARCHDEFAULTS.elasticsearch.version}}" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ")
-      echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
+      if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi
     done
  
     if [[ "$RETURN_CODE" != "1" ]]; then
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index 8de5d097a..5eadead92 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -66,6 +66,7 @@ repo_dir:
     - recurse:
       - user
       - group
+    - show_changes: False
 
 manager_sbin:
   file.recurse:
@@ -76,6 +77,7 @@ manager_sbin:
     - file_mode: 755
     - exclude_pat:
       - "*_test.py"
+    - show_changes: False
 
 manager_sbin_jinja:
   file.recurse:
@@ -85,6 +87,7 @@ manager_sbin_jinja:
     - group: socore
     - file_mode: 755
     - template: jinja
+    - show_changes: False
 
 so-repo-file:
   file.managed:
@@ -92,6 +95,7 @@ so-repo-file:
     - source: salt://manager/files/repodownload.conf
     - user: socore
     - group: socore
+    - show_changes: False
 
 so-repo-mirrorlist:
   file.managed:
diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 5da116e05..d44ca5fa7 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -166,7 +166,7 @@ airgap_update_dockers() {
       docker stop so-dockerregistry
       docker rm so-dockerregistry
       echo "Copying the new dockers over"
-      tar xvf "$AGDOCKER/registry.tar" -C /nsm/docker-registry/docker
+      tar xf "$AGDOCKER/registry.tar" -C /nsm/docker-registry/docker
       echo "Add Registry back"
       docker load -i "$AGDOCKER/registry_image.tar"
     fi
@@ -998,21 +998,21 @@ unmount_update() {
 
 update_airgap_rules() {
   # Copy the rules over to update them for airgap.
-  rsync -av $UPDATE_DIR/agrules/suricata/* /nsm/rules/suricata/
-  rsync -av $UPDATE_DIR/agrules/detect-sigma/* /nsm/rules/detect-sigma/
-  rsync -av $UPDATE_DIR/agrules/detect-yara/* /nsm/rules/detect-yara/
+  rsync -a $UPDATE_DIR/agrules/suricata/* /nsm/rules/suricata/
+  rsync -a $UPDATE_DIR/agrules/detect-sigma/* /nsm/rules/detect-sigma/
+  rsync -a $UPDATE_DIR/agrules/detect-yara/* /nsm/rules/detect-yara/
   # Copy the securityonion-resorces repo over for SOC Detection Summaries and checkout the published summaries branch
-  rsync -av --delete --chown=socore:socore $UPDATE_DIR/agrules/securityonion-resources /opt/so/conf/soc/ai_summary_repos
+  rsync -a --delete --chown=socore:socore $UPDATE_DIR/agrules/securityonion-resources /opt/so/conf/soc/ai_summary_repos
   git config --global --add safe.directory /opt/so/conf/soc/ai_summary_repos/securityonion-resources
   git -C /opt/so/conf/soc/ai_summary_repos/securityonion-resources checkout generated-summaries-published
   # Copy the securityonion-resorces repo over to nsm
-  rsync -av $UPDATE_DIR/agrules/securityonion-resources/* /nsm/securityonion-resources/
+  rsync -a $UPDATE_DIR/agrules/securityonion-resources/* /nsm/securityonion-resources/
 }
 
 update_airgap_repo() {
   # Update the files in the repo
   echo "Syncing new updates to /nsm/repo"
-  rsync -av $AGREPO/* /nsm/repo/
+  rsync -a $AGREPO/* /nsm/repo/
   echo "Creating repo"
   dnf -y install yum-utils createrepo_c
   createrepo /nsm/repo
diff --git a/salt/nginx/enabled.sls b/salt/nginx/enabled.sls
index 8140aaa9f..e2bcef863 100644
--- a/salt/nginx/enabled.sls
+++ b/salt/nginx/enabled.sls
@@ -91,6 +91,7 @@ make-rule-dir-nginx:
     - recurse:
       - user
       - group
+    - show_changes: False
       
 {%   endif %}
 
diff --git a/salt/sensoroni/config.sls b/salt/sensoroni/config.sls
index 0024ca962..f983fce38 100644
--- a/salt/sensoroni/config.sls
+++ b/salt/sensoroni/config.sls
@@ -41,6 +41,7 @@ analyzerscripts:
     - file_mode: 755
     - template: jinja
     - source: salt://sensoroni/files/analyzers
+    - show_changes: False
 
 sensoroni_sbin:
   file.recurse:
diff --git a/salt/soc/config.sls b/salt/soc/config.sls
index 4134d8b77..e19e3eb14 100644
--- a/salt/soc/config.sls
+++ b/salt/soc/config.sls
@@ -79,6 +79,7 @@ socmotd:
     - group: 939
     - mode: 600
     - template: jinja
+    - show_changes: False
 
 filedetectionsbackup:
   file.managed:
@@ -249,6 +250,7 @@ socore_own_custom_repos:
     - recurse:
       - user
       - group
+    - show_changes: False
   
 {% else %}