From 1f030160b00f2c9643a2701a44662a60399163b1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 30 Apr 2020 08:49:16 -0400 Subject: [PATCH] [feat] Update salt ver to 2019.2.4 --- setup/public_keys/salt.pem | 2 +- setup/public_keys/wazuh.pem | 52 -------------------------------- setup/so-functions | 34 ++++++++++----------- setup/yum_repos/salt-2019-2.repo | 9 +++--- setup/yum_repos/salt-latest.repo | 2 +- setup/yum_repos/wazuh.repo | 2 +- 6 files changed, 23 insertions(+), 78 deletions(-) delete mode 100644 setup/public_keys/wazuh.pem diff --git a/setup/public_keys/salt.pem b/setup/public_keys/salt.pem index 1bbd14e4f..919f2724c 100644 --- a/setup/public_keys/salt.pem +++ b/setup/public_keys/salt.pem @@ -28,4 +28,4 @@ T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS MA== =dtMN ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file +-----END PGP PUBLIC KEY BLOCK----- diff --git a/setup/public_keys/wazuh.pem b/setup/public_keys/wazuh.pem deleted file mode 100644 index 03cb19f14..000000000 --- a/setup/public_keys/wazuh.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 - -mQINBFeeyYwBEACyf4VwV8c2++J5BmCl6ofLCtSIW3UoVrF4F+P19k/0ngnSfjWb -8pSWB11HjZ3Mr4YQeiD7yY06UZkrCXk+KXDlUjMK3VOY7oNPkqzNaP6+8bDwj4UA -hADMkaXBvWooGizhCoBtDb1bSbHKcAnQ3PTdiuaqF5bcyKk8hv939CHulL2xH+BP -mmTBi+PM83pwvR+VRTOT7QSzf29lW1jD79v4rtXHJs4KCz/amT/nUm/tBpv3q0sT -9M9rH7MTQPdqvzMl122JcZST75GzFJFl0XdSHd5PAh2mV8qYak5NYNnwA41UQVIa -+xqhSu44liSeZWUfRdhrQ/Nb01KV8lLAs11Sz787xkdF4ad25V/Rtg/s4UXt35K3 -klGOBwDnzPgHK/OK2PescI5Ve1z4x1C2bkGze+gk/3IcfGJwKZDfKzTtqkZ0MgpN -7RGghjkH4wpFmuswFFZRyV+s7jXYpxAesElDSmPJ0O07O4lQXQMROE+a2OCcm0eF -3+Cr6qxGtOp1oYMOVH0vOLYTpwOkAM12/qm7/fYuVPBQtVpTojjV5GDl2uGq7p0o -h9hyWnLeNRbAha0px6rXcF9wLwU5n7mH75mq5clps3sP1q1/VtP/Fr84Lm7OGke4 -9eD+tPNCdRx78RNWzhkdQxHk/b22LCn1v6p1Q0qBco9vw6eawEkz1qwAjQARAQAB -tDFXYXp1aC5jb20gKFdhenVoIFNpZ25pbmcgS2V5KSA8c3VwcG9ydEB3YXp1aC5j -b20+iQI9BBMBCAAnBQJXnsmMAhsDBQkFo5qABQsJCAcDBRUKCQgLBRYCAwEAAh4B -AheAAAoJEJaz7l8pERFFHEsQAIaslejcW2NgjgOZuvn1Bht4JFMbCIPOekg4Z5yF -binRz0wmA7JNaawDHTBYa6L+A2Xneu/LmuRjFRMesqopUukVeGQgHBXbGMzY46eI -rqq/xgvgWzHSbWweiOX0nn+exbEAM5IyW+efkWNz0e8xM1LcxdYZxkVOqFqkp3Wv -J9QUKw6z9ifUOx++G8UO307O3hT2f+x4MUoGZeOF4q1fNy/VyBS2lMg2HF7GWy2y -kjbSe0p2VOFGEZLuu2f5tpPNth9UJiTliZKmgSk/zbKYmSjiVY2eDqNJ4qjuqes0 -vhpUaBjA+DgkEWUrUVXG5yfQDzTiYIF84LknjSJBYSLZ4ABsMjNO+GApiFPcih+B -Xc9Kx7E9RNsNTDqvx40y+xmxDOzVIssXeKqwO8r5IdG3K7dkt2Vkc/7oHOpcKwE5 -8uASMPiqqMo+t1RVa6Spckp3Zz8REILbotnnVwDIwo2HmgASirMGUcttEJzubaIa -Mv43GKs8RUH9s5NenC02lfZG7D8WQCz5ZH7yEWrt5bCaQRNDXjhsYE17SZ/ToHi3 -OpWu050ECWOHdxlXNG3dOWIdFDdBJM7UfUNSSOe2Y5RLsWfwvMFGbfpdlgJcMSDV -X+ienkrtXhBteTu0dwPu6HZTFOjSftvtAo0VIqGQrKMvKelkkdNGdDFLQw2mUDcw -EQj6uQINBFeeyYwBEADD1Y3zW5OrnYZ6ghTd5PXDAMB8Z1ienmnb2IUzLM+i0yE2 -TpKSP/XYCTBhFa390rYgFO2lbLDVsiz7Txd94nHrdWXGEQfwrbxsvdlLLWk7iN8l -Fb4B60OfRi3yoR96a/kIPNa0x26+n79LtDuWZ/DTq5JSHztdd9F1sr3h8i5zYmtv -luj99ZorpwYejbBVUm0+gP0ioaXM37uO56UFVQk3po9GaS+GtLnlgoE5volgNYyO -rkeIua4uZVsifREkHCKoLJip6P7S3kTyfrpiSLhouEZ7kV1lbMbFgvHXyjm+/AIx -HIBy+H+e+HNt5gZzTKUJsuBjx44+4jYsOR67EjOdtPOpgiuJXhedzShEO6rbu/O4 -wM1rX45ZXDYa2FGblHCQ/VaS0ttFtztk91xwlWvjTR8vGvp5tIfCi+1GixPRQpbN -Y/oq8Kv4A7vB3JlJscJCljvRgaX0gTBzlaF6Gq0FdcWEl5F1zvsWCSc/Fv5WrUPY -5mG0m69YUTeVO6cZS1aiu9Qh3QAT/7NbUuGXIaAxKnu+kkjLSz+nTTlOyvbG7BVF -a6sDmv48Wqicebkc/rCtO4g8lO7KoA2xC/K/6PAxDrLkVyw8WPsAendmezNfHU+V -32pvWoQoQqu8ysoaEYc/j9fN4H3mEBCN3QUJYCugmHP0pu7VtpWwwMUqcGeUVwAR -AQABiQIlBBgBCAAPBQJXnsmMAhsMBQkFo5qAAAoJEJaz7l8pERFFz8IP/jfBxJSB -iOw+uML+C4aeYxuHSdxmSsrJclYjkw7Asha/fm4Kkve00YAW8TGxwH2kgS72ooNJ -1Q7hUxNbVyrJjQDSMkRKwghmrPnUM3UyHmE0dq+G2NhaPdFo8rKifLOPgwaWAfSV -wgMTK86o0kqRbGpXgVIG5eRwv2FcxM3xGfy7sub07J2VEz7Ba6rYQ3NTbPK42AtV -+wRJDXcgS7y6ios4XQtSbIB5f6GI56zVlwfRd3hovV9ZAIJQ6DKM31wD6Kt/pRun -DjwMZu0/82JMoqmxX/00sNdDT1S13guCfl1WhBu7y1ja9MUX5OpUzyEKg5sxme+L -iY2Rhs6CjmbTm8ER4Uj8ydKyVTy8zbumbB6T8IwCAbEMtPxm6pKh/tgLpoJ+Bj0y -AsGjmhV7R6PKZSDXg7/qQI98iC6DtWc9ibC/QuHLcvm3hz40mBgXAemPJygpxGst -mVtU7O3oHw9cIUpkbMuVqSxgPFmSSq5vEYkka1CYeg8bOz6aCTuO5J0GDlLrpjtx -6lyImbZAF/8zKnW19aq5lshT2qJlTQlZRwwDZX5rONhA6T8IEUnUyD4rAIQFwfJ+ -gsXa4ojD/tA9NLdiNeyEcNfyX3FZwXWCtVLXflzdRN293FKamcdnMjVRjkCnp7iu -7eO7nMgcRoWddeU+2aJFqCoQtKCp/5EKhFey -=UIVm ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/setup/so-functions b/setup/so-functions index 4ad53c32f..3c1f8b6ac 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -127,7 +127,7 @@ secrets_pillar(){ bro_logs_enabled() { echo "Enabling Bro Logs" >> "$setup_log" 2>&1 - local brologs_pillar="./pillar/brologs.sls" + local brologs_pillar=./pillar/brologs.sls printf '%s\n'\ "brologs:"\ @@ -361,7 +361,7 @@ copy_master_config() { if [ "$setup_type" = 'iso' ]; then cp /root/SecurityOnion/files/master /etc/salt/master >> "$setup_log" 2>&1 else - cp "../files/master" /etc/salt/master >> "$setup_log" 2>&1 + cp ../files/master /etc/salt/master >> "$setup_log" 2>&1 fi # Restart the service so it picks up the changes @@ -967,12 +967,13 @@ saltify() { # Install updates and Salt if [ $OS = 'centos' ]; then - set_progress_str 6 'Installing various dependencies' + set_progress_str 5 'Installing Salt repo' { - yum -y install wget nmap https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm; - cp /etc/yum.repos.d/salt-py3-latest.repo /etc/yum.repos.d/salt-2019-2.repo; - sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-2019-2.repo; + sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/2019.2/SALTSTACK-GPG-KEY.pub; + cp ./yum_repos/salt-2019-2.repo /etc/yum.repos.d/salt-2019-2.repo; } >> "$setup_log" 2>&1 + set_progress_str 6 'Installing various dependencies' + yum -y install wget nmap >> "$setup_log" 2>&1 case "$install_type" in 'MASTER' | 'EVAL' | 'MASTERSEARCH' | 'FLEET' | 'HELIXSENSOR') reserve_group_ids >> "$setup_log" 2>&1 @@ -982,9 +983,9 @@ saltify() { wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 - cp "./yum_repos/wazuh.repo" /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1 + cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1 set_progress_str 7 'Installing salt-master' - yum -y install salt-master-2019.2.3 >> "$setup_log" 2>&1 + yum -y install salt-master-2019.2.4 >> "$setup_log" 2>&1 systemctl enable salt-master >> "$setup_log" 2>&1 ;; *) @@ -992,23 +993,20 @@ saltify() { { # Create the GPG Public Key for the Salt Repo cp ./public_keys/salt.pem /etc/pki/rpm-gpg/saltstack-signing-key; - - # Add the Wazuh Key - cp ./public_keys/wazuh.pem /etc/pki/rpm-gpg/GPG-KEY-WAZUH; # Copy repo files over - cp "./yum_repos/salt-latest.repo" /etc/yum.repos.d/salt-latest.repo; - cp "./yum_repos/salt-2019-2.repo" /etc/yum.repos.d/salt-2019-2.repo; + cp ./yum_repos/salt-latest.repo /etc/yum.repos.d/salt-latest.repo; + cp ./yum_repos/salt-2019-2.repo /etc/yum.repos.d/salt-2019-2.repo; } >> "$setup_log" 2>&1 fi ;; esac - cp "./yum_repos/wazuh.repo" /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1 + cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1 yum clean expire-cache >> "$setup_log" 2>&1 set_progress_str 8 'Installing salt-minion & python modules' { yum -y install epel-release\ - salt-minion-2019.2.3\ + salt-minion-2019.2.4\ python3\ python36-docker\ python36-dateutil\ @@ -1074,7 +1072,7 @@ saltify() { set_progress_str 6 'Installing various dependencies' apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1 set_progress_str 7 'Installing salt-master' - apt-get -y salt-master=2019.2.3+ds-1 >> "$setup_log" 2>&1 + apt-get -y salt-master=2019.2.4+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-master >> "$setup_log" 2>&1 ;; *) @@ -1091,8 +1089,8 @@ saltify() { esac apt-get update >> "$setup_log" 2>&1 set_progress_str 8 'Installing salt-minion & python modules' - apt-get -y install salt-minion=2019.2.3+ds-1\ - salt-common=2019.2.3+ds-1 >> "$setup_log" 2>&1 + apt-get -y install salt-minion=2019.2.4+ds-1\ + salt-common=2019.2.4+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1 if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 diff --git a/setup/yum_repos/salt-2019-2.repo b/setup/yum_repos/salt-2019-2.repo index 558036c1f..1826e0101 100644 --- a/setup/yum_repos/salt-2019-2.repo +++ b/setup/yum_repos/salt-2019-2.repo @@ -1,7 +1,6 @@ -[salt-2019.2] -name=SaltStack Latest Release Channel for RHEL/Centos $releasever -baseurl=https://repo.saltstack.com/py3/redhat/7/$basearch/2019.2 -failovermethod=priority +[saltstack-repo] +name=SaltStack repo for RHEL/CentOS $releasever PY3 +baseurl=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/2019.2 enabled=1 gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key \ No newline at end of file +gpgkey=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/2019.2/SALTSTACK-GPG-KEY.pub diff --git a/setup/yum_repos/salt-latest.repo b/setup/yum_repos/salt-latest.repo index cb06a44ff..709053a9b 100644 --- a/setup/yum_repos/salt-latest.repo +++ b/setup/yum_repos/salt-latest.repo @@ -4,4 +4,4 @@ baseurl=https://repo.saltstack.com/py3/redhat/7/$basearch/latest failovermethod=priority enabled=1 gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key \ No newline at end of file +gpgkey=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub \ No newline at end of file diff --git a/setup/yum_repos/wazuh.repo b/setup/yum_repos/wazuh.repo index 70d23ccdd..ae462c62f 100644 --- a/setup/yum_repos/wazuh.repo +++ b/setup/yum_repos/wazuh.repo @@ -4,4 +4,4 @@ gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=Wazuh repository baseurl=https://packages.wazuh.com/3.x/yum/ -protect=1 \ No newline at end of file +protect=1