CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-20 07:53:06 +01:00
Code Issues Packages Projects Releases Wiki Activity

add identifiers for all cron.present

Browse Source
This commit is contained in:
m0duspwnens
2023-04-13 16:25:47 -04:00
parent 76ba89c356
commit 1047462898
13 changed files with 43 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/backup/config_backup.sls
View File

@@ -25,6 +25,7 @@ config_backup_script:
so_config_backup: so_config_backup:
cron.present: cron.present:
- name: /usr/sbin/so-config-backup > /dev/null 2>&1 - name: /usr/sbin/so-config-backup > /dev/null 2>&1
- identifier: so_config_backup
- user: root - user: root
- minute: '1' - minute: '1'
- hour: '0' - hour: '0'

21
salt/common/init.sls
View File

@@ -133,8 +133,10 @@ so-status_script:
{% if GLOBALS.role in GLOBALS.sensor_roles %} {% if GLOBALS.role in GLOBALS.sensor_roles %}
# Add sensor cleanup # Add sensor cleanup
/usr/sbin/so-sensor-clean: so-sensor-clean:
cron.present: cron.present:
- name: /usr/sbin/so-sensor-clean
- identifier: so-sensor-clean
- user: root - user: root
- minute: '*' - minute: '*'
- hour: '*' - hour: '*'
@@ -154,8 +156,10 @@ sensorrotateconf:
- source: salt://common/files/sensor-rotate.conf - source: salt://common/files/sensor-rotate.conf
- mode: 644 - mode: 644
/usr/local/bin/sensor-rotate: sensor-rotate:
cron.present: cron.present:
- name: /usr/local/bin/sensor-rotate
- identifier: sensor-rotate
- user: root - user: root
- minute: '1' - minute: '1'
- hour: '0' - hour: '0'
@@ -178,8 +182,10 @@ commonlogrotateconf:
- template: jinja - template: jinja
- mode: 644 - mode: 644
/usr/local/bin/common-rotate: common-rotate:
cron.present: cron.present:
- name: /usr/local/bin/common-rotate
- identifier: common-rotate
- user: root - user: root
- minute: '1' - minute: '1'
- hour: '0' - hour: '0'
@@ -201,10 +207,10 @@ sostatus_log:
- mode: 644 - mode: 644
# Install sostatus check cron. This is used to populate Grid. # Install sostatus check cron. This is used to populate Grid.
sostatus_check_cron: so-status_check_cron:
cron.present: cron.present:
- name: 'USER=root /usr/sbin/so-status -j > /opt/so/log/sostatus/status.log 2>&1' - name: 'USER=root /usr/sbin/so-status -j > /opt/so/log/sostatus/status.log 2>&1'
- identifier: sostatus_check_cron - identifier: so-status_check_cron
- user: root - user: root
- minute: '*/1' - minute: '*/1'
- hour: '*' - hour: '*'
@@ -214,7 +220,7 @@ sostatus_check_cron:
remove_post_setup_cron: remove_post_setup_cron:
cron.absent: cron.absent:
- name: 'salt-call state.highstate' - name: 'PATH=$PATH:/usr/sbin salt-call state.highstate'
- identifier: post_setup_cron - identifier: post_setup_cron
{% if GLOBALS.role not in ['eval', 'manager', 'managersearch', 'standalone'] %} {% if GLOBALS.role not in ['eval', 'manager', 'managersearch', 'standalone'] %}
@@ -240,9 +246,10 @@ raidpkgs:
{% endif %} {% endif %}
# Install raid check cron # Install raid check cron
so_raid_status: so-raid-status:
cron.present: cron.present:
- name: '/usr/sbin/so-raid-status > /dev/null 2>&1' - name: '/usr/sbin/so-raid-status > /dev/null 2>&1'
- identifier: so-raid-status
- user: root - user: root
- minute: '*/15' - minute: '*/15'
- hour: '*' - hour: '*'

6
salt/curator/init.sls
View File

@@ -126,9 +126,10 @@ delete_so-curator_so-status.disabled:
- regex: ^so-curator$ - regex: ^so-curator$
{% endif %} {% endif %}
so-curatorclusterclose: so-curator-cluster-close:
cron.present: cron.present:
- name: /usr/sbin/so-curator-cluster-close > /opt/so/log/curator/cron-close.log 2>&1 - name: /usr/sbin/so-curator-cluster-close > /opt/so/log/curator/cron-close.log 2>&1
- identifier: so-curator-cluster-close
- user: root - user: root
- minute: '2' - minute: '2'
- hour: '*/1' - hour: '*/1'
@@ -136,9 +137,10 @@ so-curatorclusterclose:
- month: '*' - month: '*'
- dayweek: '*' - dayweek: '*'
so-curatorclusterdeletecron: so-curator-cluster-delete:
cron.present: cron.present:
- name: /usr/sbin/so-curator-cluster-delete > /opt/so/log/curator/cron-cluster-delete.log 2>&1 - name: /usr/sbin/so-curator-cluster-delete > /opt/so/log/curator/cron-cluster-delete.log 2>&1
- identifier: so-curator-cluster-delete
- user: root - user: root
- minute: '*/5' - minute: '*/5'
- hour: '*' - hour: '*'

3
salt/idstools/init.sls
View File

@@ -20,9 +20,10 @@ idstoolslogdir:
- group: 939 - group: 939
- makedirs: True - makedirs: True
so-ruleupdatecron: so-rule-update:
cron.present: cron.present:
- name: /usr/sbin/so-rule-update > /opt/so/log/idstools/download.log 2>&1 - name: /usr/sbin/so-rule-update > /opt/so/log/idstools/download.log 2>&1
- identifier: so-rule-update
- user: root - user: root
- minute: '1' - minute: '1'
- hour: '7' - hour: '7'

1
salt/influxdb/init.sls
View File

@@ -127,6 +127,7 @@ metrics_link_file:
get_influxdb_size: get_influxdb_size:
cron.present: cron.present:
- name: 'du -s -k /nsm/influxdb | cut -f1 > /opt/so/log/telegraf/influxdb_size.log 2>&1' - name: 'du -s -k /nsm/influxdb | cut -f1 > /opt/so/log/telegraf/influxdb_size.log 2>&1'
- identifier: get_influxdb_size
- user: root - user: root
- minute: '*/1' - minute: '*/1'
- hour: '*' - hour: '*'

6
salt/manager/init.sls
View File

@@ -51,7 +51,7 @@ repo_sync_script:
- group: root - group: root
- mode: 755 - mode: 755
reposync_cron: so-repo-sync:
{% if MANAGERMERGED.reposync.enabled %} {% if MANAGERMERGED.reposync.enabled %}
cron.present: cron.present:
{% else %} {% else %}
@@ -59,6 +59,7 @@ reposync_cron:
{% endif %} {% endif %}
- user: socore - user: socore
- name: '/usr/sbin/so-repo-sync >> /opt/so/log/reposync/reposync.log 2>&1' - name: '/usr/sbin/so-repo-sync >> /opt/so/log/reposync/reposync.log 2>&1'
- identifier: so-repo-sync
- hour: '{{ MANAGERMERGED.reposync.hour }}' - hour: '{{ MANAGERMERGED.reposync.hour }}'
- minute: '{{ MANAGERMERGED.reposync.minute }}' - minute: '{{ MANAGERMERGED.reposync.minute }}'
@@ -83,10 +84,11 @@ yara_update_script:
ISAIRGAP: {{ GLOBALS.airgap }} ISAIRGAP: {{ GLOBALS.airgap }}
EXCLUDEDRULES: {{ STRELKAMERGED.rules.excluded }} EXCLUDEDRULES: {{ STRELKAMERGED.rules.excluded }}
strelka_yara_update: strelka-yara-update:
cron.present: cron.present:
- user: root - user: root
- name: '/usr/sbin/so-yara-update >> /nsm/strelka/log/yara-update.log 2>&1' - name: '/usr/sbin/so-yara-update >> /nsm/strelka/log/yara-update.log 2>&1'
- identifier: strelka-yara-update
- hour: '7' - hour: '7'
- minute: '1' - minute: '1'

3
salt/manager/sync_es_users.sls
View File

@@ -24,8 +24,9 @@ sync_es_users:
# we dont want this added too early in setup, so we add the onlyif to verify 'startup_states: highstate' # we dont want this added too early in setup, so we add the onlyif to verify 'startup_states: highstate'
# is in the minion config. That line is added before the final highstate during setup # is in the minion config. That line is added before the final highstate during setup
sosyncusers: so-user_sync:
cron.present: cron.present:
- user: root - user: root
- name: 'PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin /usr/sbin/so-user sync &>> /opt/so/log/soc/sync.log' - name: 'PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin /usr/sbin/so-user sync &>> /opt/so/log/soc/sync.log'
- identifier: so-user_sync
- onlyif: "grep 'startup_states: highstate' /etc/salt/minion" - onlyif: "grep 'startup_states: highstate' /etc/salt/minion"

6
salt/playbook/init.sls
View File

@@ -113,15 +113,17 @@ append_so-playbook_so-status.conf:
{% endif %} {% endif %}
so-playbooksynccron: so-playbook-sync_cron:
cron.present: cron.present:
- name: /usr/sbin/so-playbook-sync > /opt/so/log/playbook/sync.log 2>&1 - name: /usr/sbin/so-playbook-sync > /opt/so/log/playbook/sync.log 2>&1
- identifier: so-playbook-sync_cron
- user: root - user: root
- minute: '*/5' - minute: '*/5'
so-playbookruleupdatecron: so-playbook-ruleupdate_cron:
cron.present: cron.present:
- name: /usr/sbin/so-playbook-ruleupdate > /opt/so/log/playbook/update.log 2>&1 - name: /usr/sbin/so-playbook-ruleupdate > /opt/so/log/playbook/update.log 2>&1
- identifier: so-playbook-ruleupdate_cron
- user: root - user: root
- minute: '1' - minute: '1'
- hour: '6' - hour: '6'

5
salt/salt/minion-check.sls
View File

@@ -12,8 +12,9 @@ state-apply-test:
start: 0 start: 0
end: 180 end: 180
/usr/sbin/so-salt-minion-check -q: so-salt-minion-check_cron:
cron.present: cron.present:
- identifier: so-salt-minion-check - name: /usr/sbin/so-salt-minion-check -q
- identifier: so-salt-minion-check_cron
- user: root - user: root
- minute: '*/5' - minute: '*/5'

1
salt/setup/highstate_cron.sls
View File

@@ -1,6 +1,7 @@
post_setup_cron: post_setup_cron:
cron.present: cron.present:
- name: 'PATH=$PATH:/usr/sbin salt-call state.highstate' - name: 'PATH=$PATH:/usr/sbin salt-call state.highstate'
- identifier: post_setup_cron
- user: root - user: root
- minute: '*/1' - minute: '*/1'
- identifier: post_setup_cron - identifier: post_setup_cron

1
salt/soc/init.sls
View File

@@ -91,6 +91,7 @@ socusersroles:
salt-relay: salt-relay:
cron.present: cron.present:
- name: 'ps -ef | grep salt-relay.sh | grep -v grep > /dev/null 2>&1 || /opt/so/saltstack/default/salt/soc/files/bin/salt-relay.sh >> /opt/so/log/soc/salt-relay.log 2>&1 &' - name: 'ps -ef | grep salt-relay.sh | grep -v grep > /dev/null 2>&1 || /opt/so/saltstack/default/salt/soc/files/bin/salt-relay.sh >> /opt/so/log/soc/salt-relay.log 2>&1 &'
- identifier: salt-relay
so-soc: so-soc:
docker_container.running: docker_container.running:

2
salt/strelka/init.sls
View File

@@ -205,11 +205,13 @@ filecheck_restart:
filecheck_run: filecheck_run:
cron.present: cron.present:
- name: 'ps -ef | grep filecheck | grep -v grep > /dev/null 2>&1 || python3 /opt/so/conf/strelka/filecheck >> /opt/so/log/strelka/filecheck_stdout.log 2>&1 &' - name: 'ps -ef | grep filecheck | grep -v grep > /dev/null 2>&1 || python3 /opt/so/conf/strelka/filecheck >> /opt/so/log/strelka/filecheck_stdout.log 2>&1 &'
- identifier: filecheck_run
- user: {{ filecheck_runas }} - user: {{ filecheck_runas }}
filcheck_history_clean: filcheck_history_clean:
cron.present: cron.present:
- name: '/usr/bin/find /nsm/strelka/history/ -type f -mtime +2 -exec rm {} + > /dev/null 2>&1' - name: '/usr/bin/find /nsm/strelka/history/ -type f -mtime +2 -exec rm {} + > /dev/null 2>&1'
- identifier: filecheck_history_clean
- minute: '33' - minute: '33'
# End Filecheck Section # End Filecheck Section

15
salt/suricata/init.sls
View File

@@ -79,8 +79,10 @@ surilogscript:
- source: salt://suricata/cron/surilogcompress - source: salt://suricata/cron/surilogcompress
- mode: 755 - mode: 755
/usr/local/bin/surilogcompress: surilogcompress:
cron.present: cron.present:
- name: /usr/local/bin/surilogcompress
- identifier: surilogcompress
- user: suricata - user: suricata
- minute: '17' - minute: '17'
- hour: '*' - hour: '*'
@@ -181,16 +183,6 @@ delete_so-suricata_so-status.disabled:
- regex: ^so-suricata$ - regex: ^so-suricata$
{% endif %} {% endif %}
surirotate:
cron.absent:
- name: /usr/local/bin/surirotate
- user: root
- minute: '11'
- hour: '*'
- daymonth: '*'
- month: '*'
- dayweek: '*'
so-suricata-eve-clean: so-suricata-eve-clean:
file.managed: file.managed:
- name: /usr/sbin/so-suricata-eve-clean - name: /usr/sbin/so-suricata-eve-clean
@@ -204,6 +196,7 @@ so-suricata-eve-clean:
clean_suricata_eve_files: clean_suricata_eve_files:
cron.present: cron.present:
- name: /usr/sbin/so-suricata-eve-clean > /dev/null 2>&1 - name: /usr/sbin/so-suricata-eve-clean > /dev/null 2>&1
- identifier: clean_suricata_eve_files
- user: root - user: root
- minute: '*/5' - minute: '*/5'
- hour: '*' - hour: '*'