From f8058a4a3a15f0c1d8aaa9d20d5ad62026682d57 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Wed, 20 Aug 2025 12:06:54 -0500 Subject: [PATCH 1/6] disable showing large stig profile update in salt log --- salt/stig/enabled.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/stig/enabled.sls b/salt/stig/enabled.sls index 0e5448f7d..91aae7069 100644 --- a/salt/stig/enabled.sls +++ b/salt/stig/enabled.sls @@ -47,6 +47,7 @@ update_stig_profile: - name: /opt/so/conf/stig/sos-oscap.xml - source: salt://stig/files/sos-oscap.xml - user: socore + - show_changes: False - group: socore - mode: 0644 From 24be2f869bdb64276ada1ed83572c3c94285f8a6 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Wed, 20 Aug 2025 12:08:50 -0500 Subject: [PATCH 2/6] enable stig on fleet nodes --- salt/allowed_states.map.jinja | 1 + salt/top.sls | 1 + 2 files changed, 2 insertions(+) diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 068722ca2..2cd7f2f87 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -143,6 +143,7 @@ ), 'so-fleet': ( ssl_states + + stig_states + ['logstash', 'nginx', 'healthcheck', 'elasticfleet'] ), 'so-receiver': ( diff --git a/salt/top.sls b/salt/top.sls index a75346462..6c3135b45 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -299,6 +299,7 @@ base: - elasticfleet - elasticfleet.install_agent_grid - schedule + - stig '*_hypervisor and I@features:vrt and G@saltversion:{{saltversion}}': - match: compound From 7968de06b4f4c2e41d13b3d719cf8896828ef2a8 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Thu, 21 Aug 2025 11:06:29 -0500 Subject: [PATCH 3/6] enable access to global stig pillar --- pillar/top.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pillar/top.sls b/pillar/top.sls index 1fdb59deb..b15038e5e 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -262,6 +262,7 @@ base: - minions.adv_{{ grains.id }} - kafka.nodes - kafka.soc_kafka + - stig.soc_stig '*_import': - node_data.ips @@ -319,10 +320,12 @@ base: - elasticfleet.adv_elasticfleet - minions.{{ grains.id }} - minions.adv_{{ grains.id }} + - stig.soc_stig '*_hypervisor': - minions.{{ grains.id }} - minions.adv_{{ grains.id }} + - stig.soc_stig '*_desktop': - minions.{{ grains.id }} From f51cd008f27c69bcc34de92cf8f1626f2fe3fbb8 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Fri, 29 Aug 2025 10:04:56 -0400 Subject: [PATCH 4/6] only manage bond script if bond0 exists --- salt/sensor/init.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/sensor/init.sls b/salt/sensor/init.sls index 1d7899b62..ee615bf9b 100644 --- a/salt/sensor/init.sls +++ b/salt/sensor/init.sls @@ -39,6 +39,8 @@ combine_bond_script: - template: jinja - defaults: CHANNELS: {{ SENSORMERGED.channels }} + - onlyif: + - ip link show bond0 execute_combine_bond: cmd.run: From a7a81e98253258257e0d14e269b7beef3498624f Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Fri, 29 Aug 2025 11:05:42 -0400 Subject: [PATCH 5/6] always manage script, only run it if bond0 exists --- salt/sensor/init.sls | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/salt/sensor/init.sls b/salt/sensor/init.sls index ee615bf9b..7d1714c2c 100644 --- a/salt/sensor/init.sls +++ b/salt/sensor/init.sls @@ -39,11 +39,9 @@ combine_bond_script: - template: jinja - defaults: CHANNELS: {{ SENSORMERGED.channels }} - - onlyif: - - ip link show bond0 execute_combine_bond: cmd.run: - name: /usr/sbin/so-combine-bond - - onchanges: - - file: combine_bond_script + - onlyif: + - ip link show bond0 From 19362fe5e57f338e19389e21f027ac09e71d8ca1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 29 Aug 2025 11:06:25 -0400 Subject: [PATCH 6/6] Update so-combine-bond --- salt/sensor/tools/sbin_jinja/so-combine-bond | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/sensor/tools/sbin_jinja/so-combine-bond b/salt/sensor/tools/sbin_jinja/so-combine-bond index 0a8a2e66a..ded429470 100644 --- a/salt/sensor/tools/sbin_jinja/so-combine-bond +++ b/salt/sensor/tools/sbin_jinja/so-combine-bond @@ -18,7 +18,7 @@ fi # Check if bond0 exists if ! ip link show bond0 &>/dev/null; then - exit 1 + exit 0 fi # Function to get slave interfaces - works across distributions @@ -48,7 +48,7 @@ get_bond_slaves() { SLAVES=$(get_bond_slaves bond0) if [ -z "$SLAVES" ]; then - exit 1 + exit 0 fi # Process each slave interface