CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

salt install for ubuntu

Browse Source
This commit is contained in:
m0duspwnens
2023-04-10 09:06:55 -04:00
parent 6aba7b6bcf
commit 16249cc80d
2 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
setup/so-functions
View File

@@ -2008,14 +2008,19 @@ saltify() {
) )
retry 150 20 "apt-get -y install ${pkg_arr[*]}" || exit 1 retry 150 20 "apt-get -y install ${pkg_arr[*]}" || exit 1
logCmd "mkdir -vp /opt/so/gpg" logCmd "mkdir -vp /etc/apt/keyrings"
logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub" #logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt/SALTSTACK-GPG-KEY.pub"
logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg" logCmd "wget -q --inet4-only -O /etc/apt/keyrings/docker.pub https://download.docker.com/linux/ubuntu/gpg"
logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub"
logCmd "apt-key add /opt/so/gpg/docker.pub" logCmd "curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring-2023.gpg https://repo.saltproject.io/salt_rc/salt/py3/ubuntu/20.04/amd64/minor/3006.0rc3/SALT-PROJECT-GPG-PUBKEY-2023.gpg"
echo "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg] https://repo.saltproject.io/salt_rc/salt/py3/ubuntu/20.04/amd64/minor/3006.0rc3/ focal main" | sudo tee /etc/apt/sources.list.d/salt.list
logCmd "apt-key add /etc/apt/keyrings/salt-archive-keyring-2023.gpg"
#logCmd "apt-key add /opt/so/gpg/SALTSTACK-GPG-KEY.pub"
logCmd "apt-key add /etc/apt/keyrings/docker.pub"
# Add SO Saltstack Repo # Add SO Saltstack Repo
echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list #echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/20.04/amd64/salt3004.2/ focal main" > /etc/apt/sources.list.d/saltstack.list
# Add Docker Repo # Add Docker Repo
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
@@ -2023,9 +2028,9 @@ saltify() {
# Ain't nothing but a GPG # Ain't nothing but a GPG
retry 150 20 "apt-get update" "" "Err:" || exit 1 retry 150 20 "apt-get update" "" "Err:" || exit 1
retry 150 20 "apt-get -y install salt-minion=3004.2+ds-1 salt-common=3004.2+ds-1" || exit 1 retry 150 20 "apt-get -y install salt-common salt-minion" || exit 1
retry 150 20 "apt-mark hold salt-minion salt-common" || exit 1 retry 150 20 "apt-mark hold salt-minion salt-common" || exit 1
retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 #retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1
fi fi
@@ -2033,9 +2038,7 @@ saltify() {
# THIS IS A TEMP HACK # THIS IS A TEMP HACK
#logCmd "dnf -y install securityonion-salt python3-audit python3-libsemanage python3-policycoreutils python3-setools python3-setuptools python3-chardet python3-idna python3-pysocks python3-requests python3-urllib3 python3-websocket-client python3-docker" #logCmd "dnf -y install securityonion-salt python3-audit python3-libsemanage python3-policycoreutils python3-setools python3-setuptools python3-chardet python3-idna python3-pysocks python3-requests python3-urllib3 python3-websocket-client python3-docker"
logCmd "dnf -y install salt salt-master salt-minion" logCmd "dnf -y install salt salt-master salt-minion"
logCmd "mkdir -p /etc/salt/minion.d"
logCmd "salt-pip install docker --no-index --only-binary=:all: --find-links files/salt_module_deps/docker/"
logCmd "salt-pip install pymysql --no-index --only-binary=:all: --find-links files/salt_module_deps/pymysql/"
#if [[ $waitforstate ]]; then #if [[ $waitforstate ]]; then
# # Since this is a salt master so let's install it # # Since this is a salt master so let's install it
# logCmd "" # logCmd ""
@@ -2045,6 +2048,10 @@ saltify() {
#fi #fi
fi fi
logCmd "mkdir -p /etc/salt/minion.d"
logCmd "salt-pip install docker --no-index --only-binary=:all: --find-links files/salt_module_deps/docker/"
logCmd "salt-pip install pymysql --no-index --only-binary=:all: --find-links files/salt_module_deps/pymysql/"
} }

20
setup/so-setup
View File

@@ -337,7 +337,7 @@ if ! [[ -f $install_opt_file ]]; then
# If you are a manager ask ALL the manager things here. I know there is code re-use but this makes it easier to add new roles. # If you are a manager ask ALL the manager things here. I know there is code re-use but this makes it easier to add new roles.
if [[ $is_eval ]]; then if [[ $is_eval ]]; then
waitforstate=true waitforstate=true
ubuntu_check #ubuntu_check
monints=true monints=true
check_elastic_license check_elastic_license
check_requirements "manager" check_requirements "manager"
@@ -361,7 +361,7 @@ if ! [[ -f $install_opt_file ]]; then
whiptail_end_settings whiptail_end_settings
elif [[ $is_standalone ]]; then elif [[ $is_standalone ]]; then
waitforstate=true waitforstate=true
ubuntu_check #ubuntu_check
monints=true monints=true
check_elastic_license check_elastic_license
check_requirements "manager" check_requirements "manager"
@@ -386,7 +386,7 @@ if ! [[ -f $install_opt_file ]]; then
elif [[ $is_manager ]]; then elif [[ $is_manager ]]; then
check_elastic_license check_elastic_license
waitforstate=true waitforstate=true
ubuntu_check #ubuntu_check
check_requirements "manager" check_requirements "manager"
networking_needful networking_needful
collect_net_method collect_net_method
@@ -408,7 +408,7 @@ if ! [[ -f $install_opt_file ]]; then
elif [[ $is_managersearch ]]; then elif [[ $is_managersearch ]]; then
check_elastic_license check_elastic_license
waitforstate=true waitforstate=true
ubuntu_check #ubuntu_check
check_requirements "manager" check_requirements "manager"
networking_needful networking_needful
collect_net_method collect_net_method
@@ -428,7 +428,7 @@ if ! [[ -f $install_opt_file ]]; then
collect_so_allow collect_so_allow
whiptail_end_settings whiptail_end_settings
elif [[ $is_sensor ]]; then elif [[ $is_sensor ]]; then
ubuntu_check #ubuntu_check
monints=true monints=true
check_requirements "sensor" check_requirements "sensor"
calculate_useable_cores calculate_useable_cores
@@ -444,7 +444,7 @@ if ! [[ -f $install_opt_file ]]; then
whiptail_end_settings whiptail_end_settings
elif [[ $is_searchnode ]]; then elif [[ $is_searchnode ]]; then
ubuntu_check #ubuntu_check
check_requirements "elasticsearch" check_requirements "elasticsearch"
networking_needful networking_needful
check_network_manager_conf check_network_manager_conf
@@ -457,7 +457,7 @@ if ! [[ -f $install_opt_file ]]; then
whiptail_end_settings whiptail_end_settings
elif [[ $is_heavynode ]]; then elif [[ $is_heavynode ]]; then
ubuntu_check #ubuntu_check
monints=true monints=true
check_requirements "heavynode" check_requirements "heavynode"
calculate_useable_cores calculate_useable_cores
@@ -469,7 +469,7 @@ if ! [[ -f $install_opt_file ]]; then
whiptail_end_settings whiptail_end_settings
elif [[ $is_idh ]]; then elif [[ $is_idh ]]; then
ubuntu_check #ubuntu_check
check_requirements "idh" check_requirements "idh"
networking_needful networking_needful
collect_mngr_hostname collect_mngr_hostname
@@ -481,7 +481,7 @@ if ! [[ -f $install_opt_file ]]; then
whiptail_end_settings whiptail_end_settings
elif [[ $is_import ]]; then elif [[ $is_import ]]; then
ubuntu_check #ubuntu_check
waitforstate=true waitforstate=true
monints=true monints=true
check_elastic_license check_elastic_license
@@ -503,7 +503,7 @@ if ! [[ -f $install_opt_file ]]; then
whiptail_end_settings whiptail_end_settings
elif [[ $is_receiver ]]; then elif [[ $is_receiver ]]; then
ubuntu_check #ubuntu_check
check_requirements "receiver" check_requirements "receiver"
networking_needful networking_needful
collect_mngr_hostname collect_mngr_hostname