Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into dev

2025-12-07 17:52:46 +01:00 · 2021-01-25 15:20:46 -05:00
parent fe09479dde 6e9bdde9e2
commit 17a1189e42
8 changed files with 10 additions and 39 deletions
--- a/salt/common/cron/common-rotate
+++ b/salt/common/cron/common-rotate
@@ -1,2 +1,2 @@
 #!/bin/bash
-logrotate -f /opt/so/conf/log-rotate.conf >/dev/null 2>&1
+/usr/sbin/logrotate -f /opt/so/conf/log-rotate.conf > /dev/null 2>&1
--- a/salt/common/files/log-rotate.conf
+++ b/salt/common/files/log-rotate.conf
@@ -14,10 +14,9 @@
 /opt/so/log/suricata/*.log
 /opt/so/log/mysql/*.log
 /opt/so/log/playbook/*.log
 /opt/so/log/logstash/*.log
 /opt/so/log/filebeat/*.log
 /opt/so/log/telegraf/*.log
 /opt/so/log/redis/*.log
 /opt/so/log/sensoroni/*.log
 /opt/so/log/stenographer/*.log
 /opt/so/log/salt/so-salt-minion-check
 /opt/so/log/salt/minion
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -17,7 +17,7 @@ influxconfdir:
 influxlogdir:
  file.directory:
    - name: /opt/so/log/influxdb
-    - dir_mode: 775
+    - dir_mode: 755
    - user: 939
    - group: 939
    - makedirs: True
@@ -65,4 +65,4 @@ append_so-influxdb_so-status.conf:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
-{% endif %}
+{% endif %}
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -60,7 +60,7 @@ query_updatepluginurls:
 playbooklogdir:
  file.directory:
    - name: /opt/so/log/playbook
-    - dir_mode: 775
+    - dir_mode: 755
    - user: 939
    - group: 939
    - makedirs: True
@@ -116,4 +116,4 @@ so-playbookruleupdatecron:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
-{% endif %}
+{% endif %}
--- a/salt/suricata/cron/surirotate
+++ b/salt/suricata/cron/surirotate
@@ -1,4 +0,0 @@
 #!/bin/bash
 # Gzip the eve logs
 /usr/sbin/logrotate -f /opt/so/conf/suricata/suri-rotate.conf > /dev/null 2>&1
--- a/salt/suricata/files/suri-rotate.conf
+++ b/salt/suricata/files/suri-rotate.conf
@@ -1,12 +0,0 @@
 /opt/so/log/suricata/stats.log
 {
    daily
    rotate 2
    missingok
    nocompress
    create
    sharedscripts
    postrotate
            docker exec -d so-suricata bash -c 'kill -HUP $(cat /var/run/suricata.pid)'
    endscript
 }
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -81,12 +81,6 @@ surilogscript:
    - source: salt://suricata/cron/surilogcompress
    - mode: 755
 surirotatescript:
  file.managed:
    - name: /usr/local/bin/surirotate
    - source: salt://suricata/cron/surirotate
    - mode: 755
 /usr/local/bin/surilogcompress:
  cron.present:
    - user: suricata
@@ -139,7 +133,7 @@ suribpf:
    - contents:
      - ""
   {% endif %}
-    
+
 so-suricata:
  docker_container.running:
    - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-suricata:{{ VERSION }}
@@ -174,14 +168,8 @@ disable_so-suricata_so-status.conf:
    - regex: ^so-suricata$
 {% endif %}
 surilogrotate:
  file.managed:
    - name: /opt/so/conf/suricata/suri-rotate.conf
    - source: salt://suricata/files/suri-rotate.conf
    - mode: 644
 /usr/local/bin/surirotate:
-  cron.present:
+  cron.absent:
    - user: root
    - minute: '11'
    - hour: '*'
@@ -195,4 +183,4 @@ surilogrotate:
  test.fail_without_changes:
    - name: {{sls}}_state_not_allowed
-{% endif %}
+{% endif %}
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -736,7 +736,7 @@ check_requirements() {
 check_sos_appliance() {
 	# Lets see if this is a SOS Appliance
-	if [ -f "/etc/SOSMODEL"]; then
+	if [ -f "/etc/SOSMODEL" ]; then
 	  local MODEL=$(cat /etc/SOSMODEL)
 	  echo "Found SOS Model $MODEL"
 	  echo "sosmodel: $MODEL" >> /etc/salt/grains
`@@ -1,2 +1,2 @@`
	`#!/bin/bash`	`#!/bin/bash`
	`logrotate -f /opt/so/conf/log-rotate.conf >/dev/null 2>&1`	`/usr/sbin/logrotate -f /opt/so/conf/log-rotate.conf > /dev/null 2>&1`