Merge pull request #1614 from Security-Onion-Solutions/issue/1573

Issue/1573 and Issue/1601
2025-12-06 17:22:49 +01:00 · 2020-10-22 15:57:40 -04:00
parent 51ca661219 50a767ca6c
commit 1185e43064
6 changed files with 46 additions and 16 deletions
--- a/salt/common/maps/manager.map.jinja
+++ b/salt/common/maps/manager.map.jinja
@@ -5,7 +5,6 @@
    'so-telegraf',
    'so-soc',
    'so-kratos',
-    'so-aptcacherng',
    'so-idstools',
    'so-redis',
    'so-elasticsearch',
@@ -15,4 +14,8 @@
    'so-filebeat',
    'so-soctopus'
  ]
-} %}
+} %}
+
+{% if salt['pillar.get']('global:managerupdate') == 1 %}
+   {% do docker.containers.append('so-aptcacherng') %}
+{% endif %}
--- a/salt/common/maps/managersearch.map.jinja
+++ b/salt/common/maps/managersearch.map.jinja
@@ -4,7 +4,6 @@
    'so-telegraf',
    'so-soc',
    'so-kratos',
-    'so-aptcacherng',
    'so-idstools',
    'so-redis',
    'so-logstash',
@@ -15,4 +14,8 @@
    'so-filebeat',
    'so-soctopus'
  ]
-} %}
+} %}
+
+{% if salt['pillar.get']('global:managerupdate') == 1 %}
+   {% do docker.containers.append('so-aptcacherng') %}
+{% endif %}
--- a/salt/common/maps/standalone.map.jinja
+++ b/salt/common/maps/standalone.map.jinja
@@ -4,7 +4,6 @@
    'so-telegraf',
    'so-soc',
    'so-kratos',
-    'so-aptcacherng',
    'so-idstools',
    'so-redis',
    'so-logstash',
@@ -19,4 +18,8 @@
    'so-soctopus',
    'so-sensoroni'
  ]
-} %}
+} %}
+
+{% if salt['pillar.get']('global:managerupdate') == 1 %}
+   {% do docker.containers.append('so-aptcacherng') %}
+{% endif %}
--- a/salt/common/tools/sbin/so-status
+++ b/salt/common/tools/sbin/so-status
@@ -27,10 +27,15 @@ ERROR_STRING="ERROR"
 SUCCESS_STRING="OK"
 PENDING_STRING="PENDING"
 MISSING_STRING='MISSING'
+DISABLED_STRING='DISABLED'
 CALLER=$(ps -o comm= $PPID)
 declare -a BAD_STATUSES=("removing" "paused" "exited" "dead")
 declare -a PENDING_STATUSES=("paused" "created" "restarting")
 declare -a GOOD_STATUSES=("running")
+declare -a DISABLED_CONTAINERS=()
+{%- if salt['pillar.get']('steno:enabled', 'True') is sameas false %}
+DISABLED_CONTAINERS+=("so-steno")
+{%- endif %}

 declare -a temp_container_name_list=()
 declare -a temp_container_state_list=()
@@ -104,6 +109,7 @@ populate_container_lists() {

 parse_status() {
    local container_state=${1}
+    local service_name=${2}

    [[ $container_state = "missing" ]] && printf $MISSING_STRING && return 1

@@ -117,7 +123,13 @@ parse_status() {

    # This is technically not needed since the default is error state
    for state in "${BAD_STATUSES[@]}"; do
-        [[ $container_state = "$state" ]] && printf $ERROR_STRING && return 1
+        if [[ " ${DISABLED_CONTAINERS[@]} " =~ " ${service_name} " ]]; then
+            printf $DISABLED_STRING
+            return 0
+        elif [[ $container_state = "$state" ]]; then
+            printf $ERROR_STRING
+            return 1
+        fi
    done

    printf $ERROR_STRING && return 1
@@ -127,7 +139,7 @@ parse_status() {

 print_line() {
    local service_name=${1}
-    local service_state="$( parse_status ${2} )"
+    local service_state="$( parse_status ${2} ${1} )"
    local columns=$(tput cols)
    local state_color="\e[0m"

@@ -137,7 +149,7 @@ print_line() {
        state_color="\e[1;31m"
    elif [[ $service_state = "$SUCCESS_STRING" ]]; then
        state_color="\e[1;32m"
-    elif [[ $service_state = "$PENDING_STRING" ]]; then
+    elif [[ $service_state = "$PENDING_STRING" ]] || [[ $service_state = "$DISABLED_STRING" ]]; then
        state_color="\e[1;33m"
    fi

--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -23,7 +23,7 @@
 {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %}
 {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %}
 {% set BPF_COMPILED = "" %}
-{% from "pcap/map.jinja" import START with context %}
+{% from "pcap/map.jinja" import STENOOPTIONS with context %}

 # PCAP Section

@@ -135,9 +135,9 @@ sensoronilog:
    - makedirs: True

 so-steno:
-  docker_container.running:
+  docker_container.{{ STENOOPTIONS.status }}:
    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }}
-    - start: {{ START }}
+    - start: {{ STENOOPTIONS.start }}
    - network_mode: host
    - privileged: True
    - port_bindings:
--- a/salt/pcap/map.jinja
+++ b/salt/pcap/map.jinja
@@ -1,6 +1,15 @@
-# don't start the docker container if it is an import node
-{% if grains.id.split('_')|last == 'import' %}
-  {% set START = False %}
+{% set STENOOPTIONS = {} %}
+{% set ENABLED = salt['pillar.get']('steno:enabled', 'True') %}
+
+# don't start the docker container if it is an import node or disabled via pillar
+{% if grains.id.split('_')|last == 'import' or ENABLED is sameas false %}
+  {% do STENOOPTIONS.update({'start': False}) %}
 {% else %}
-  {% set START = True %}
+  {% do STENOOPTIONS.update({'start': True}) %}
+{% endif %}
+
+{% if ENABLED is sameas false %}
+  {% do STENOOPTIONS.update({'status': 'stopped'}) %}
+{% else %}
+  {% do STENOOPTIONS.update({'status': 'running'}) %}
 {% endif %}