Move In Day

2025-12-19 07:23:06 +01:00 · 2022-09-07 09:06:25 -04:00
parent dcb7b49dbe
commit 2bd9dd80e2
611 changed files with 8015 additions and 16211 deletions
--- a/salt/repo/client/centos.sls
+++ b/salt/repo/client/centos.sls
@@ -1,27 +1,15 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+
 {% from 'repo/client/map.jinja' import ABSENTFILES with context %}
 {% from 'repo/client/map.jinja' import REPOPATH with context %}
-{% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
-{% set managerupdates = salt['pillar.get']('global:managerupdate', 0) %}
 {% set role = grains.id.split('_') | last %}
-
-# from airgap state
-{% if ISAIRGAP and grains.os == 'CentOS' %}
 {% set MANAGER = salt['grains.get']('master') %}
-airgapyum:
-  file.managed:
-    - name: /etc/yum/yum.conf
-    - source: salt://repo/client/files/centos/airgap/yum.conf
+{% if grains['os'] == 'CentOS' %}

-airgap_repo:
-  pkgrepo.managed:
-    - humanname: Airgap Repo
-    - baseurl: https://{{ MANAGER }}/repo
-    - gpgcheck: 0
-    - sslverify: 0
-
-{% endif %}
-
-# from airgap and common
 {% if ABSENTFILES|length > 0%}
  {% for file in ABSENTFILES  %}
 {{ file }}:
@@ -32,9 +20,20 @@ airgap_repo:
  {% endfor %}
 {% endif %}

-# from common state
-# Remove default Repos
-{% if grains['os'] == 'CentOS' %}
+cleanyum:
+  cmd.run:
+    - name: 'yum clean all'
+    - onchanges:
+      - so_repo
+      
+yumconf:
+  file.managed:
+    - name: /etc/yum.conf
+    - source: salt://repo/client/files/centos/yum.conf.jinja
+    - mode: 644
+    - template: jinja
+    - show_changes: False
+
 repair_yumdb:
  cmd.run:
    - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all'
@@ -46,53 +45,35 @@ crsynckeys:
    - name: /etc/pki/rpm_gpg
    - source: salt://repo/client/files/centos/keys/

-{% if not ISAIRGAP %}
-    {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] or managerupdates == 0 %}
-remove_securityonionrepocache:
-  file.absent:
-    - name: /etc/yum.repos.d/securityonioncache.repo
-    {% endif %}

-    {% if role not in ['eval', 'standalone', 'import', 'manager', 'managersearch'] and managerupdates == 1 %}
-remove_securityonionrepo:
-  file.absent:
-    - name: /etc/yum.repos.d/securityonion.repo
-    {% endif %}
+  {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] %}
+so_repo:
+  pkgrepo.managed:
+    - name: securityonion
+    - humanname: Security Onion Repo
+    - baseurl: file:///nsm/repo/
+    - enabled: 1
+    - gpgcheck: 1

-crsecurityonionrepo:
-  file.managed:
-    {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] or managerupdates == 0 %}
-    - name: /etc/yum.repos.d/securityonion.repo
-    - source: salt://repo/client/files/centos/securityonion.repo
-    {% else %}
-    - name: /etc/yum.repos.d/securityonioncache.repo
-    - source: salt://repo/client/files/centos/securityonioncache.repo
-    {% endif %}
-    - mode: 644
+  {% else %}
+so_repo:
+  pkgrepo.managed:
+    - name: securityonion
+    - humanname: Security Onion Repo
+    - baseurl: https://{{ MANAGER }}/repo
+    - enabled: 1
+    - gpgcheck: 1 

-yumconf:
-  file.managed:
-    - name: /etc/yum.conf
-    - source: salt://repo/client/files/centos/yum.conf.jinja
-    - mode: 644
-    - template: jinja
-    - show_changes: False
-
-cleanairgap:
-  file.absent:
-    - name: /etc/yum.repos.d/airgap_repo.repo
-{% endif %}
-
-cleanyum:
-  cmd.run:
-    - name: 'yum clean metadata'
-    - onchanges:
-{% if ISAIRGAP %}
-      - file: airgapyum
-      - pkgrepo: airgap_repo
-{% else %}
-      - file: crsecurityonionrepo
-      - file: yumconf
-{% endif %}
+  {% endif %}

 {% endif %}
+  
+# TODO: Add a pillar entry for custom repos
+
+
+
+
+
+
+
+
--- a/salt/repo/client/files/centos/airgap/yum.conf
+++ b/salt/repo/client/files/centos/airgap/yum.conf
@@ -1,12 +0,0 @@
-[main]
-cachedir=/var/cache/yum/$basearch/$releasever
-keepcache=0
-debuglevel=2
-logfile=/var/log/yum.log
-exactarch=1
-obsoletes=1
-gpgcheck=1
-plugins=1
-installonly_limit=2
-bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
-distroverpkg=centos-release
--- a/salt/repo/client/files/centos/keys/GPG-KEY-WAZUH
+++ b/salt/repo/client/files/centos/keys/GPG-KEY-WAZUH
@@ -1,52 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v2.0.22 (GNU/Linux)
-
-mQINBFeeyYwBEACyf4VwV8c2++J5BmCl6ofLCtSIW3UoVrF4F+P19k/0ngnSfjWb
-8pSWB11HjZ3Mr4YQeiD7yY06UZkrCXk+KXDlUjMK3VOY7oNPkqzNaP6+8bDwj4UA
-hADMkaXBvWooGizhCoBtDb1bSbHKcAnQ3PTdiuaqF5bcyKk8hv939CHulL2xH+BP
-mmTBi+PM83pwvR+VRTOT7QSzf29lW1jD79v4rtXHJs4KCz/amT/nUm/tBpv3q0sT
-9M9rH7MTQPdqvzMl122JcZST75GzFJFl0XdSHd5PAh2mV8qYak5NYNnwA41UQVIa
-+xqhSu44liSeZWUfRdhrQ/Nb01KV8lLAs11Sz787xkdF4ad25V/Rtg/s4UXt35K3
-klGOBwDnzPgHK/OK2PescI5Ve1z4x1C2bkGze+gk/3IcfGJwKZDfKzTtqkZ0MgpN
-7RGghjkH4wpFmuswFFZRyV+s7jXYpxAesElDSmPJ0O07O4lQXQMROE+a2OCcm0eF
-3+Cr6qxGtOp1oYMOVH0vOLYTpwOkAM12/qm7/fYuVPBQtVpTojjV5GDl2uGq7p0o
-h9hyWnLeNRbAha0px6rXcF9wLwU5n7mH75mq5clps3sP1q1/VtP/Fr84Lm7OGke4
-9eD+tPNCdRx78RNWzhkdQxHk/b22LCn1v6p1Q0qBco9vw6eawEkz1qwAjQARAQAB
-tDFXYXp1aC5jb20gKFdhenVoIFNpZ25pbmcgS2V5KSA8c3VwcG9ydEB3YXp1aC5j
-b20+iQI9BBMBCAAnAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJZHNOBBQkU
-SgzvAAoJEJaz7l8pERFF6xUP/3SbcmrI/u7a2EqZ0GxwQ/LRkPzWkJRnozCtNYHD
-ZjiZgSB/+77hkPS0tsBK/GXFLKfJAuf13XFrCvEuI4Q/pLOCCKIGumKXItUIwJBD
-HiEmVt/XxIijmlF7O1jcWqE/5CQXofjr03WMx+qzNabIwU/6dTKZN4FrR1jDk7yS
-6FYBsbhVcSoqSpGYx7EcuK3c3sKKtnbacK2Sw3K9n8Wdj+EK83cbpMg8D/efVRqv
-xypeCeojtY10y4bmugEwMYPgFkrSbicuiZc8NA8qhvFp6JFRq/uL0PGACyg05wB3
-S9U4wvSkmlo2/G74awna22UlaoYmSSz3UZdpWd2zBxflx17948QfTqyhO6bM8qLz
-dSyR6/6olAcR1N+PBup8PoMdBte4ul/hJp8WIviW0AxJUTZSbVj5v/t43QAKEpCE
-IMHvkK8PRHz/9kMd/2xN7LgMtihCrGZOnzErkjhlZvmiJ6kcJoD7ywzFnfJrntOU
-DjNb3eqUFSEwmhD60Hd2OCkfmiV7NEE/YTd9B72NSwzj4Za/JUdlF64LMeIiHbYp
-Lh7P+mR+lMJf/SWsQmlyuiQ2u8SY2aDFvzBS9WtpwiznuUdrbRN87+TYLSVqDifj
-Ea3zOnzLaLYbOr6LHz1xbhAvInv7KLobgiw1E4WnBNWN8xVwVJLKNE7wV88k43XV
-3L/RuQINBFeeyYwBEADD1Y3zW5OrnYZ6ghTd5PXDAMB8Z1ienmnb2IUzLM+i0yE2
-TpKSP/XYCTBhFa390rYgFO2lbLDVsiz7Txd94nHrdWXGEQfwrbxsvdlLLWk7iN8l
-Fb4B60OfRi3yoR96a/kIPNa0x26+n79LtDuWZ/DTq5JSHztdd9F1sr3h8i5zYmtv
-luj99ZorpwYejbBVUm0+gP0ioaXM37uO56UFVQk3po9GaS+GtLnlgoE5volgNYyO
-rkeIua4uZVsifREkHCKoLJip6P7S3kTyfrpiSLhouEZ7kV1lbMbFgvHXyjm+/AIx
-HIBy+H+e+HNt5gZzTKUJsuBjx44+4jYsOR67EjOdtPOpgiuJXhedzShEO6rbu/O4
-wM1rX45ZXDYa2FGblHCQ/VaS0ttFtztk91xwlWvjTR8vGvp5tIfCi+1GixPRQpbN
-Y/oq8Kv4A7vB3JlJscJCljvRgaX0gTBzlaF6Gq0FdcWEl5F1zvsWCSc/Fv5WrUPY
-5mG0m69YUTeVO6cZS1aiu9Qh3QAT/7NbUuGXIaAxKnu+kkjLSz+nTTlOyvbG7BVF
-a6sDmv48Wqicebkc/rCtO4g8lO7KoA2xC/K/6PAxDrLkVyw8WPsAendmezNfHU+V
-32pvWoQoQqu8ysoaEYc/j9fN4H3mEBCN3QUJYCugmHP0pu7VtpWwwMUqcGeUVwAR
-AQABiQIlBBgBCAAPAhsMBQJZHNOaBQkUSg0HAAoJEJaz7l8pERFFhpkQAJ09mjjp
-n9f18JGSMzP41fVucPuLBZ5XJL/hy2boII1FvgfmOETzNxLPblHdkJVjZS5iMrhL
-EJ1jv+GQDtf68/0jO+HXuQIBmUJ53YwbuuQlLWH7CI2AxlSAKAn2kOApWMKsjnAv
-JwS3eNGukOKWRfEKTqz2Vwi1H7M7ppypZ9keoyAoSIWb61gm7rXbfT+tVBetHfrU
-EM5vz3AS3pJk6Yfqn10IZfiexXmsBD+SpJBNzMBsznCcWO2y4qZNLjFferBoizvV
-34UnZyd1bkSN0T/MKp8sgJwqDJBS72tH6ZIM8NNoy29aPDkeaa8XlhkWiBdRizqL
-BcxrV/1n3xdzfY9FX6s4KGudo+gYsVpY0mrpZU8jG8YUNLDXQTXnRo4CQOtRJJbA
-RFDoZfsDqToZftuEhIsk+MaKlyXoA0eIYqGe6lXa/jEwvViqLYubCNLu0+kgNQ3v
-hKF8Pf7eXFDAePw7guuvDvBOMQqBCaKCxsz1HoKRNYBEdUYrEQBJnX235Q4IsdI/
-GcQ/dvERJXaDCG8EPhnwc517EMUJDiJ1CxT4+VMHphmFbiVqmctz0upIj+D037Xk
-CcgxNte6LZorGRZ/l1MYINliGJKtCCFK7XGVPKiJ8zyGSyPj1FfwtBy5hUX3aQtm
-bvP0H2BRCKoelsbRENu58BkU6YhiUry7pVul
-=SJij
-----END PGP PUBLIC KEY BLOCK-----
--- a/salt/repo/client/files/centos/securityonion.repo
+++ b/salt/repo/client/files/centos/securityonion.repo
@@ -1,71 +0,0 @@
-[base]
-name=CentOS-$releasever - Base
-baseurl=https://repo.securityonion.net/file/securityonion-repo/base/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#released updates 
-[updates]
-name=CentOS-$releasever - Updates
-baseurl=https://repo.securityonion.net/file/securityonion-repo/updates/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#additional packages that may be useful
-[extras]
-name=CentOS-$releasever - Extras
-baseurl=https://repo.securityonion.net/file/securityonion-repo/extras/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#additional packages that extend functionality of existing packages
-[centosplus]
-name=CentOS-$releasever - Plus
-baseurl=https://repo.securityonion.net/file/securityonion-repo/centosplus/
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-[epel]
-name=Extra Packages for Enterprise Linux 7 - $basearch
-baseurl=https://repo.securityonion.net/file/securityonion-repo/epel/
-enabled=1
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
-
-[docker-ce-stable]
-name=Docker CE Stable - $basearch
-baseurl=https://repo.securityonion.net/file/securityonion-repo/docker-ce-stable
-enabled=1
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/docker.pub
-
-[saltstack]
-name=SaltStack repo for RHEL/CentOS $releasever PY3
-baseurl=https://repo.securityonion.net/file/securityonion-repo/salt/
-enabled=1
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/SALTSTACK-GPG-KEY.pub
-
-[wazuh_repo]
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-WAZUH
-enabled=1
-name=Wazuh repository
-baseurl=https://repo.securityonion.net/file/securityonion-repo/wazuh_repo/
-protect=1
-
-[wazuh4_repo]
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-WAZUH
-enabled=1
-name=Wazuh repository
-baseurl=https://repo.securityonion.net/file/securityonion-repo/wazuh4_repo/
-protect=1
-
-[securityonion]
-name=Security Onion Repo repo
-baseurl=https://repo.securityonion.net/file/securityonion-repo/securityonion/
-enabled=1
-gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub
--- a/salt/repo/client/files/centos/securityonioncache.repo
+++ b/salt/repo/client/files/centos/securityonioncache.repo
@@ -1,71 +0,0 @@
-[base]
-name=CentOS-$releasever - Base
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/base/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#released updates 
-[updates]
-name=CentOS-$releasever - Updates
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/updates/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#additional packages that may be useful
-[extras]
-name=CentOS-$releasever - Extras
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/extras/
-gpgcheck=1
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-#additional packages that extend functionality of existing packages
-[centosplus]
-name=CentOS-$releasever - Plus
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/centosplus/
-gpgcheck=1
-enabled=0
-gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-
-[epel]
-name=Extra Packages for Enterprise Linux 7 - $basearch
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/epel/
-enabled=1
-gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/RPM-GPG-KEY-EPEL-7
-
-[docker-ce-stable]
-name=Docker CE Stable - $basearch
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/docker-ce-stable
-enabled=1
-gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/docker.pub
-
-[saltstack]
-name=SaltStack repo for RHEL/CentOS $releasever PY3
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/salt/
-enabled=1
-gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub
-
-[wazuh_repo]
-gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/GPG-KEY-WAZUH
-enabled=1
-name=Wazuh repository
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/wazuh_repo/
-protect=1
-
-[wazuh4_repo]
-gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/GPG-KEY-WAZUH
-enabled=1
-name=Wazuh repository
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/wazuh4_repo/
-protect=1
-
-[securityonion]
-name=Security Onion Repo
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/securityonion/
-enabled=1
-gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub
--- a/salt/repo/client/files/centos/securityonionlocal.repo
+++ b/salt/repo/client/files/centos/securityonionlocal.repo
@@ -0,0 +1,8 @@
+[solocal]
+name=Security Onion Repo
+baseurl=file:///nsm/repo/
+enabled=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
+
+
--- a/salt/repo/client/files/centos/yum.conf.jinja
+++ b/salt/repo/client/files/centos/yum.conf.jinja
@@ -12,8 +12,6 @@ installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
 bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
 distroverpkg=centos-release
 clean_requirements_on_remove=1
-{% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import']) and ( salt['pillar.get']('global:managerupdate', '0') or salt['pillar.get']('patch:os:source', 'direct') == 'manager' ) -%}
-proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142
-{% elif proxy -%}
+{% if proxy -%}
 proxy={{ proxy }}
 {% endif %}
--- a/salt/repo/client/ubuntu.sls
+++ b/salt/repo/client/ubuntu.sls
@@ -1,20 +0,0 @@
-# this removes the repo file left by bootstrap-salt.sh without -r
-remove_salt.list:
-  file.absent:
-    - name: /etc/apt/sources.list.d/salt.list
-
-saltstack.list:
-  file.managed:
-    - name: /etc/apt/sources.list.d/saltstack.list
-    - contents:
-      - deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/{{grains.osrelease}}/amd64/salt3004.2/ {{grains.oscodename}} main
-
-apt_update:
-  cmd.run:
-    - name: apt-get update
-    - onchanges:
-      - file: saltstack.list
-    - timeout: 30
-    - retry:
-        attempts: 5
-        interval: 30