Merge remote-tracking branch 'origin/2.4/dev' into vlb2

pillar/top.sls

@@ -262,6 +262,7 @@ base:
     - minions.adv_{{ grains.id }}
     - kafka.nodes
     - kafka.soc_kafka
+    - stig.soc_stig
 
   '*_import':
     - node_data.ips
@@ -319,10 +320,12 @@ base:
     - elasticfleet.adv_elasticfleet
     - minions.{{ grains.id }}
     - minions.adv_{{ grains.id }}
+    - stig.soc_stig
 
   '*_hypervisor':
     - minions.{{ grains.id }}
     - minions.adv_{{ grains.id }}
+    - stig.soc_stig
 
   '*_desktop':
     - minions.{{ grains.id }}

salt/allowed_states.map.jinja

@@ -143,6 +143,7 @@
         ),
         'so-fleet': (
             ssl_states +
+            stig_states +
             ['logstash', 'nginx', 'healthcheck', 'elasticfleet']
         ),
         'so-receiver': (

salt/sensor/init.sls

@@ -43,5 +43,5 @@ combine_bond_script:
 execute_combine_bond:
   cmd.run:
     - name: /usr/sbin/so-combine-bond
-    - onchanges:
+    - onlyif:
-      - file: combine_bond_script
+      - ip link show bond0

salt/sensor/tools/sbin_jinja/so-combine-bond

@@ -18,7 +18,7 @@ fi
 
 # Check if bond0 exists
 if ! ip link show bond0 &>/dev/null; then
-    exit 1
+    exit 0
 fi
 
 # Function to get slave interfaces - works across distributions
@@ -48,7 +48,7 @@ get_bond_slaves() {
 SLAVES=$(get_bond_slaves bond0)
 
 if [ -z "$SLAVES" ]; then
-    exit 1
+    exit 0
 fi
 
 # Process each slave interface

salt/stig/enabled.sls

@@ -47,6 +47,7 @@ update_stig_profile:
     - name: /opt/so/conf/stig/sos-oscap.xml
     - source: salt://stig/files/sos-oscap.xml
     - user: socore
+    - show_changes: False
     - group: socore
     - mode: 0644
 

salt/top.sls

@@ -299,6 +299,7 @@ base:
     - elasticfleet
     - elasticfleet.install_agent_grid
     - schedule
+    - stig
 
   '*_hypervisor and I@features:vrt and G@saltversion:{{saltversion}}':
     - match: compound