From 16249cc80d7e4c53b7ec28b5f260ea4dfbcb1d2f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 10 Apr 2023 09:06:55 -0400 Subject: [PATCH] salt install for ubuntu --- setup/so-functions | 29 ++++++++++++++++++----------- setup/so-setup | 20 ++++++++++---------- 2 files changed, 28 insertions(+), 21 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 9dbc95173..b2ecc7130 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2008,14 +2008,19 @@ saltify() { ) retry 150 20 "apt-get -y install ${pkg_arr[*]}" || exit 1 - logCmd "mkdir -vp /opt/so/gpg" - logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub" - logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg" - logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub" - logCmd "apt-key add /opt/so/gpg/docker.pub" + logCmd "mkdir -vp /etc/apt/keyrings" + #logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub" + logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg" + + logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt_rc/salt/py3/ubuntu/20.04/amd64/minor/3006.0rc3/SALT-PROJECT-GPG-PUBKEY-2023.gpg" + echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt_rc/salt/py3/ubuntu/20.04/amd64/minor/3006.0rc3/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list + logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg" + + #logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub" + logCmd "apt-key add /etc/apt/keyrings/docker.pub" # Add SO Saltstack Repo - echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list + #echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list # Add Docker Repo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" @@ -2023,9 +2028,9 @@ saltify() { # Ain't nothing but a GPG retry 150 20 "apt-get update" "" "Err:" || exit 1 - retry 150 20 "apt-get -y install salt-minion=3004.2+ds-1 salt-common=3004.2+ds-1" || exit 1 + retry 150 20 "apt-get -y install salt-common salt-minion" || exit 1 retry 150 20 "apt-mark hold salt-minion salt-common" || exit 1 - retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 + #retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 fi @@ -2033,9 +2038,7 @@ saltify() { # THIS IS A TEMP HACK #logCmd "dnf -y install securityonion-salt python3-audit python3-libsemanage python3-policycoreutils python3-setools python3-setuptools python3-chardet python3-idna python3-pysocks python3-requests python3-urllib3 python3-websocket-client python3-docker" logCmd "dnf -y install salt salt-master salt-minion" - logCmd "mkdir -p /etc/salt/minion.d" - logCmd "salt-pip install docker --no-index --only-binary=:all: --find-links files/salt_module_deps/docker/" - logCmd "salt-pip install pymysql --no-index --only-binary=:all: --find-links files/salt_module_deps/pymysql/" + #if [[ $waitforstate ]]; then # # Since this is a salt master so let's install it # logCmd "" @@ -2045,6 +2048,10 @@ saltify() { #fi fi + logCmd "mkdir -p /etc/salt/minion.d" + logCmd "salt-pip install docker --no-index --only-binary=:all: --find-links files/salt_module_deps/docker/" + logCmd "salt-pip install pymysql --no-index --only-binary=:all: --find-links files/salt_module_deps/pymysql/" + } diff --git a/setup/so-setup b/setup/so-setup index f10ff8c48..96e39b546 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -337,7 +337,7 @@ if ! [[ -f $install_opt_file ]]; then # If you are a manager ask ALL the manager things here. I know there is code re-use but this makes it easier to add new roles. if [[ $is_eval ]]; then waitforstate=true - ubuntu_check + #ubuntu_check monints=true check_elastic_license check_requirements "manager" @@ -361,7 +361,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_standalone ]]; then waitforstate=true - ubuntu_check + #ubuntu_check monints=true check_elastic_license check_requirements "manager" @@ -386,7 +386,7 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_manager ]]; then check_elastic_license waitforstate=true - ubuntu_check + #ubuntu_check check_requirements "manager" networking_needful collect_net_method @@ -408,7 +408,7 @@ if ! [[ -f $install_opt_file ]]; then elif [[ $is_managersearch ]]; then check_elastic_license waitforstate=true - ubuntu_check + #ubuntu_check check_requirements "manager" networking_needful collect_net_method @@ -428,7 +428,7 @@ if ! [[ -f $install_opt_file ]]; then collect_so_allow whiptail_end_settings elif [[ $is_sensor ]]; then - ubuntu_check + #ubuntu_check monints=true check_requirements "sensor" calculate_useable_cores @@ -444,7 +444,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_searchnode ]]; then - ubuntu_check + #ubuntu_check check_requirements "elasticsearch" networking_needful check_network_manager_conf @@ -457,7 +457,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_heavynode ]]; then - ubuntu_check + #ubuntu_check monints=true check_requirements "heavynode" calculate_useable_cores @@ -469,7 +469,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_idh ]]; then - ubuntu_check + #ubuntu_check check_requirements "idh" networking_needful collect_mngr_hostname @@ -481,7 +481,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_import ]]; then - ubuntu_check + #ubuntu_check waitforstate=true monints=true check_elastic_license @@ -503,7 +503,7 @@ if ! [[ -f $install_opt_file ]]; then whiptail_end_settings elif [[ $is_receiver ]]; then - ubuntu_check + #ubuntu_check check_requirements "receiver" networking_needful collect_mngr_hostname