CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Define packages in the common state

Browse Source
This commit is contained in:
Mike Reeves
2020-05-23 12:00:24 -04:00
parent 35f3498ffa
commit 1c207afb31
2 changed files with 85 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
salt/common/init.sls
View File

@@ -28,20 +28,91 @@ salttmp:
- group: 939
- makedirs: True
# Install packages needed for the sensor
sensorpkgs:
# Install epel
{% if grains['os'] == 'CentOS' %}
epel:
pkg.installed:
- skip_suggestions: False
- skip_suggestions: True
- pkgs:
- epel-release
{% endif %}
# Install common packages
commonpkgs:
pkg.installed:
- skip_suggestions: True
- pkgs:
- wget
- jq
{% if grains['os'] != 'CentOS' %}
- apache2-utils
- wget
- jq
- python3-docker
- docker-ce
- curl
- ca-certificates
- software-properties-common
- apt-transport-https
- openssl
- netcat
- python3-mysqldb
- sqlite3
- argon2
- libssl-dev
- python3-dateutil
- python3-m2crypto
- python3-mysqldb
- salt-minion: 2019.2.5+ds-1
- hold: True
- update_holds: True
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' or grains['role'] == 'so-standalone' %}
- salt-master: 2019.2.5+ds-1
- hold: True
- update_holds: True
- containerd.io: 1.2.13-2
- hold: True
- update_holds: True
- docker-ce: 5:19.03.9~3-0~ubuntu-bionic
- hold: True
- update_holds: True
{% endif %}
- containerd.io
- docker-ce
{% else %}
- net-tools
- wget
- bind-utils
- jq
- tcpdump
- httpd-tools
- net-tools
- curl
- sqlite
- argon2
- maridb-devel
- nmap-ncat
- python3
- python36-docker
- python36-dateutil
- python36-m2crypto
- python36-mysql
- yum-utils
- device-mapper-persistent-data
- lvm2
- openssl
- salt-minion: 2019.2.5
- hold: True
- update_holds: True
{% if grains['role'] == 'so-master' or grains['role'] == 'so-eval' or grains['role'] == 'so-helix' or grains['role'] == 'so-mastersearch' or grains['role'] == 'so-standalone' %}
- salt-master: 2019.2.5
- hold: True
- update_holds: True
{% endif %}
- containerd.io: 1.2.6-3
- hold: True
- update_holds: True
- docker-ce: 19.03.9-3
- hold: True
- update_holds: True
{% endif %}%}
# Always keep these packages up to date

12
setup/so-functions
View File

@@ -19,7 +19,7 @@ source ./so-whiptail
source ./so-variables
source ./so-common-functions
SOVERSION=1.3.0
SOVERSION=1.4.0
accept_salt_key_remote() {
systemctl restart salt-minion
@@ -514,7 +514,7 @@ detect_os() {
# Install bind-utils so the host command exists
if ! command -v host > /dev/null 2>&1; then
echo "Installing required packages to run installer"
yum -y install bind-utils >> "$setup_log" 2>&1
yum -y install bind-utils yum-plugin-versionlock >> "$setup_log" 2>&1
fi
@@ -583,7 +583,9 @@ docker_install() {
{
yum clean expire-cache;
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
yum -y install docker-ce;
yum -y install docker-ce-19.03.9-3 containerd.io-1.2.6-3;
yum versionlock docker-ce;
yum versionlock containerd.io
} >> "$setup_log" 2>&1
else
@@ -687,7 +689,7 @@ docker_seed_registry() {
# Tag it with the new registry destination
docker tag soshybridhunter/"$i" "$HOSTNAME":5000/soshybridhunter/"$i"
docker push "$HOSTNAME":5000/soshybridhunter/"$i"
docker rmi soshybridhunter/"$i"
#docker rmi soshybridhunter/"$i"
} >> "$setup_log" 2>&1
done
else
@@ -1107,7 +1109,7 @@ saltify() {
yum -y update exclude=salt*;
systemctl enable salt-minion;
} >> "$setup_log" 2>&1
echo "exclude=salt*" >> /etc/yum.conf
yum versionlock salt*
else
DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade >> "$setup_log" 2>&1