From 172ca9aa8ded0391048e716de80a173ce7804b6f Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 22 Oct 2020 10:52:34 -0400
Subject: [PATCH 1/5] add option to enable or disable to steno docker container
 - https://github.com/Security-Onion-Solutions/securityonion/issues/1601

---
 salt/pcap/init.sls  |  6 +++---
 salt/pcap/map.jinja | 17 +++++++++++++----
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index a82e0fb8d..ade70d718 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -23,7 +23,7 @@
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
 {% set BPF_COMPILED = "" %}
-{% from "pcap/map.jinja" import START with context %}
+{% from "pcap/map.jinja" import STENOOPTIONS with context %}
 
 # PCAP Section
 
@@ -135,9 +135,9 @@ sensoronilog:
     - makedirs: True
 
 so-steno:
-  docker_container.running:
+  docker_container.{{ STENOOPTIONS.status }}:
     - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }}
-    - start: {{ START }}
+    - start: {{ STENOOPTIONS.start }}
     - network_mode: host
     - privileged: True
     - port_bindings:
diff --git a/salt/pcap/map.jinja b/salt/pcap/map.jinja
index ad4d70e80..e37dfb126 100644
--- a/salt/pcap/map.jinja
+++ b/salt/pcap/map.jinja
@@ -1,6 +1,15 @@
-# don't start the docker container if it is an import node
-{% if grains.id.split('_')|last == 'import' %}
-  {% set START = False %}
+{% set PCAPOPTIONS = {} %}
+{% set ENABLED = salt['pillar.get']('steno:enabled', 'True') %}
+
+# don't start the docker container if it is an import node or disabled via pillar
+{% if grains.id.split('_')|last == 'import' || ENABLED is sameas false %}
+  {% set PCAPOPTIONS['start'] = False %}
 {% else %}
-  {% set START = True %}
+  {% set PCAPOPTIONS['start'] = True %}
+{% endif %}
+
+{% if ENABLED is sameas false %}
+  {% set PCAPOPTIONS['status'] = 'stopped' %}
+{% else %}
+  {% set PCAPOPTIONS['status'] = 'running' %}
 {% endif %}
\ No newline at end of file

From aa59eff1ac1d128834dbe2723d9138853a3db9e0 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 22 Oct 2020 10:59:03 -0400
Subject: [PATCH 2/5] fix if statement

---
 salt/pcap/map.jinja | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/pcap/map.jinja b/salt/pcap/map.jinja
index e37dfb126..8f8608ce5 100644
--- a/salt/pcap/map.jinja
+++ b/salt/pcap/map.jinja
@@ -2,7 +2,7 @@
 {% set ENABLED = salt['pillar.get']('steno:enabled', 'True') %}
 
 # don't start the docker container if it is an import node or disabled via pillar
-{% if grains.id.split('_')|last == 'import' || ENABLED is sameas false %}
+{% if grains.id.split('_')|last == 'import' or ENABLED is sameas false %}
   {% set PCAPOPTIONS['start'] = False %}
 {% else %}
   {% set PCAPOPTIONS['start'] = True %}

From 0b6b6e38fc7d6be68a7ff8ef62ebe77d630d8c89 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 22 Oct 2020 11:24:18 -0400
Subject: [PATCH 3/5] fix map for steno

---
 salt/pcap/map.jinja | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/salt/pcap/map.jinja b/salt/pcap/map.jinja
index 8f8608ce5..b3c746bcc 100644
--- a/salt/pcap/map.jinja
+++ b/salt/pcap/map.jinja
@@ -1,15 +1,15 @@
-{% set PCAPOPTIONS = {} %}
+{% set STENOOPTIONS = {} %}
 {% set ENABLED = salt['pillar.get']('steno:enabled', 'True') %}
 
 # don't start the docker container if it is an import node or disabled via pillar
 {% if grains.id.split('_')|last == 'import' or ENABLED is sameas false %}
-  {% set PCAPOPTIONS['start'] = False %}
+  {% do STENOOPTIONS.update({'start': False}) %}
 {% else %}
-  {% set PCAPOPTIONS['start'] = True %}
+  {% do STENOOPTIONS.update({'start': True}) %}
 {% endif %}
 
 {% if ENABLED is sameas false %}
-  {% set PCAPOPTIONS['status'] = 'stopped' %}
+  {% do STENOOPTIONS.update({'status': 'stopped'}) %}
 {% else %}
-  {% set PCAPOPTIONS['status'] = 'running' %}
+  {% do STENOOPTIONS.update({'status': 'running'}) %}
 {% endif %}
\ No newline at end of file

From 0bfdef274b96202dd4e3e89f9eee13feb98a4598 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 22 Oct 2020 12:09:19 -0400
Subject: [PATCH 4/5] update so-status to work with disabled containers -
 https://github.com/Security-Onion-Solutions/securityonion/issues/1601

---
 salt/common/tools/sbin/so-status | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status
index 276720b8b..519d9f39d 100755
--- a/salt/common/tools/sbin/so-status
+++ b/salt/common/tools/sbin/so-status
@@ -27,10 +27,15 @@ ERROR_STRING="ERROR"
 SUCCESS_STRING="OK"
 PENDING_STRING="PENDING"
 MISSING_STRING='MISSING'
+DISABLED_STRING='DISABLED'
 CALLER=$(ps -o comm= $PPID)
 declare -a BAD_STATUSES=("removing" "paused" "exited" "dead")
 declare -a PENDING_STATUSES=("paused" "created" "restarting")
 declare -a GOOD_STATUSES=("running")
+declare -a DISABLED_CONTAINERS=()
+{%- if salt['pillar.get']('steno:enabled', 'True') is sameas false %}
+DISABLED_CONTAINERS+=("so-steno")
+{%- endif %}
 
 declare -a temp_container_name_list=()
 declare -a temp_container_state_list=()
@@ -104,6 +109,7 @@ populate_container_lists() {
 
 parse_status() {
     local container_state=${1}
+    local service_name=${2}
 
     [[ $container_state = "missing" ]] && printf $MISSING_STRING && return 1
 
@@ -117,7 +123,13 @@ parse_status() {
 
     # This is technically not needed since the default is error state
     for state in "${BAD_STATUSES[@]}"; do
-        [[ $container_state = "$state" ]] && printf $ERROR_STRING && return 1
+        if [[ " ${DISABLED_CONTAINERS[@]} " =~ " ${service_name} " ]]; then
+            printf $DISABLED_STRING
+            return 0
+        elif [[ $container_state = "$state" ]]; then
+            printf $ERROR_STRING
+            return 1
+        fi
     done
 
     printf $ERROR_STRING && return 1
@@ -127,7 +139,7 @@ parse_status() {
 
 print_line() {
     local service_name=${1}
-    local service_state="$( parse_status ${2} )"
+    local service_state="$( parse_status ${2} ${1} )"
     local columns=$(tput cols)
     local state_color="\e[0m"
 
@@ -137,7 +149,7 @@ print_line() {
         state_color="\e[1;31m"
     elif [[ $service_state = "$SUCCESS_STRING" ]]; then
         state_color="\e[1;32m"
-    elif [[ $service_state = "$PENDING_STRING" ]]; then
+    elif [[ $service_state = "$PENDING_STRING" ]] || [[ $service_state = "$DISABLED_STRING" ]]; then
         state_color="\e[1;33m"
     fi
 

From 50a767ca6cbb9204a02ff9bda273c31baccf9d59 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 22 Oct 2020 14:52:07 -0400
Subject: [PATCH 5/5] dont list aptcacherng in so-status if user chose open
 updates during setup -
 https://github.com/Security-Onion-Solutions/securityonion/issues/1573

---
 salt/common/maps/manager.map.jinja       | 7 +++++--
 salt/common/maps/managersearch.map.jinja | 7 +++++--
 salt/common/maps/standalone.map.jinja    | 7 +++++--
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/salt/common/maps/manager.map.jinja b/salt/common/maps/manager.map.jinja
index 7eb2b7b6c..45358d017 100644
--- a/salt/common/maps/manager.map.jinja
+++ b/salt/common/maps/manager.map.jinja
@@ -5,7 +5,6 @@
     'so-telegraf',
     'so-soc',
     'so-kratos',
-    'so-aptcacherng',
     'so-idstools',
     'so-redis',
     'so-elasticsearch',
@@ -15,4 +14,8 @@
     'so-filebeat',
     'so-soctopus'
   ]
-} %}
\ No newline at end of file
+} %}
+
+{% if salt['pillar.get']('global:managerupdate') == 1 %}
+   {% do docker.containers.append('so-aptcacherng') %}
+{% endif %}
\ No newline at end of file
diff --git a/salt/common/maps/managersearch.map.jinja b/salt/common/maps/managersearch.map.jinja
index f8e34a7c3..66c5afd43 100644
--- a/salt/common/maps/managersearch.map.jinja
+++ b/salt/common/maps/managersearch.map.jinja
@@ -4,7 +4,6 @@
     'so-telegraf',
     'so-soc',
     'so-kratos',
-    'so-aptcacherng',
     'so-idstools',
     'so-redis',
     'so-logstash',
@@ -15,4 +14,8 @@
     'so-filebeat',
     'so-soctopus'
   ]
-} %}
\ No newline at end of file
+} %}
+
+{% if salt['pillar.get']('global:managerupdate') == 1 %}
+   {% do docker.containers.append('so-aptcacherng') %}
+{% endif %}
\ No newline at end of file
diff --git a/salt/common/maps/standalone.map.jinja b/salt/common/maps/standalone.map.jinja
index d66cad1f9..ae3177f4b 100644
--- a/salt/common/maps/standalone.map.jinja
+++ b/salt/common/maps/standalone.map.jinja
@@ -4,7 +4,6 @@
     'so-telegraf',
     'so-soc',
     'so-kratos',
-    'so-aptcacherng',
     'so-idstools',
     'so-redis',
     'so-logstash',
@@ -19,4 +18,8 @@
     'so-soctopus',
     'so-sensoroni'
   ]
-} %}
\ No newline at end of file
+} %}
+
+{% if salt['pillar.get']('global:managerupdate') == 1 %}
+   {% do docker.containers.append('so-aptcacherng') %}
+{% endif %}
\ No newline at end of file