diff --git a/salt/manager/tools/sbin/so-minion b/salt/manager/tools/sbin/so-minion index 8b23dcd44..601a23682 100755 --- a/salt/manager/tools/sbin/so-minion +++ b/salt/manager/tools/sbin/so-minion @@ -324,6 +324,13 @@ function add_soc_to_minion() { " " >> $PILLARFILE } +function add_registry_to_minion() { + printf '%s\n'\ + "registry:"\ + " enabled: True"\ + " " >> $PILLARFILE +} + function create_fleet_policy() { JSON_STRING=$( jq -n \ @@ -379,6 +386,7 @@ function createEVAL() { add_nginx_to_minion add_soctopus_to_minion add_soc_to_minion + add_registry_to_minion } function createSTANDALONE() { @@ -396,6 +404,7 @@ function createSTANDALONE() { add_nginx_to_minion add_soctopus_to_minion add_soc_to_minion + add_registry_to_minion } function createMANAGER() { @@ -411,6 +420,7 @@ function createMANAGER() { add_nginx_to_minion add_soctopus_to_minion add_soc_to_minion + add_registry_to_minion } function createMANAGERSEARCH() { @@ -426,6 +436,7 @@ function createMANAGERSEARCH() { add_nginx_to_minion add_soctopus_to_minion add_soc_to_minion + add_registry_to_minion } function createIMPORT() { @@ -436,6 +447,7 @@ function createIMPORT() { add_influxdb_to_minion add_nginx_to_minion add_soc_to_minion + add_registry_to_minion } function createFLEET() { diff --git a/salt/registry/config.sls b/salt/registry/config.sls new file mode 100644 index 000000000..e69de29bb diff --git a/salt/registry/defaults.yaml b/salt/registry/defaults.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/salt/registry/disabled.sls b/salt/registry/disabled.sls new file mode 100644 index 000000000..3029b6e37 --- /dev/null +++ b/salt/registry/disabled.sls @@ -0,0 +1,27 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} + +include: + - registry.sostatus + +so-registry: + docker_container.absent: + - force: True + +so-registry_so-status.disabled: + file.comment: + - name: /opt/so/conf/so-status/so-status.conf + - regex: ^so-registry$ + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %} diff --git a/salt/registry/enabled.sls b/salt/registry/enabled.sls new file mode 100644 index 000000000..e69de29bb diff --git a/salt/registry/map.jinja b/salt/registry/map.jinja new file mode 100644 index 000000000..e69de29bb diff --git a/salt/registry/soc_registry.yaml b/salt/registry/soc_registry.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/salt/registry/sostatus.sls b/salt/registry/sostatus.sls new file mode 100644 index 000000000..f4e5e5e24 --- /dev/null +++ b/salt/registry/sostatus.sls @@ -0,0 +1,21 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +{% from 'allowed_states.map.jinja' import allowed_states %} +{% if sls.split('.')[0] in allowed_states %} + +append_so-registry_so-status.conf: + file.append: + - name: /opt/so/conf/so-status/so-status.conf + - text: so-registry + - unless: grep -q so-registry /opt/so/conf/so-status/so-status.conf + +{% else %} + +{{sls}}_state_not_allowed: + test.fail_without_changes: + - name: {{sls}}_state_not_allowed + +{% endif %}