From 10e82c5f1c9bd30759782f32d031d224c1a7318e Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 6 Jan 2023 14:23:54 -0500 Subject: [PATCH 1/6] Remove line numbers from vi --- salt/common/files/vimrc | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/common/files/vimrc b/salt/common/files/vimrc index 4234cf772..8d15debb8 100644 --- a/salt/common/files/vimrc +++ b/salt/common/files/vimrc @@ -3,4 +3,3 @@ filetype plugin indent on " Sets .sls files to use YAML syntax highlighting autocmd BufNewFile,BufRead *.sls set syntax=yaml -set number \ No newline at end of file From c1dfb9f9352816ed9fb86d70c2c11e5f8af8e8b6 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 6 Jan 2023 14:27:40 -0500 Subject: [PATCH 2/6] Add missing Zeek log to filebeat defaults.yaml --- salt/filebeat/defaults.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/filebeat/defaults.yaml b/salt/filebeat/defaults.yaml index 31ed8e0b0..83bb9b22e 100644 --- a/salt/filebeat/defaults.yaml +++ b/salt/filebeat/defaults.yaml @@ -27,6 +27,7 @@ filebeat: - smtp - snmp - socks + - software - ssh - ssl - tunnel From 0e1e9ff343bdfb5165b5f6ebe827202ac889a658 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 9 Jan 2023 11:15:29 -0500 Subject: [PATCH 3/6] Changes to accept minion --- salt/common/tools/sbin/so-minion | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/salt/common/tools/sbin/so-minion b/salt/common/tools/sbin/so-minion index 609ce184a..4d2d20b9a 100755 --- a/salt/common/tools/sbin/so-minion +++ b/salt/common/tools/sbin/so-minion @@ -201,7 +201,7 @@ function createIDHNODE() { } function testConnection() { - retry 5 10 "salt '$MINION_ID' test.ping" 0 + retry 15 3 "salt '$MINION_ID' test.ping" 0 local ret=$? if [[ $ret != 0 ]]; then echo "The Minion has been accepted but is not online. Try again later" @@ -225,9 +225,7 @@ if [[ "$OPERATION" = 'add' || "$OPERATION" = 'setup' ]]; then if [ $OPERATION != 'setup' ]; then # Accept the salt key acceptminion - # Let the keys echange - sleep 3 - # Need logic here to try and salt ping.. If it doesn't work need to do something + # Test to see if the minion was accepted testConnection # Pull the info from the file to build what is needed getinstallinfo From dbbcea0009df7d75f9d59f7cb449a893ab8ee119 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 9 Jan 2023 11:53:32 -0500 Subject: [PATCH 4/6] look for True --- salt/common/tools/sbin/so-minion | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-minion b/salt/common/tools/sbin/so-minion index a3df38064..bde47991f 100755 --- a/salt/common/tools/sbin/so-minion +++ b/salt/common/tools/sbin/so-minion @@ -206,7 +206,7 @@ function createSTANDALONE() { } function testConnection() { - retry 15 3 "salt '$MINION_ID' test.ping" 0 + retry 15 3 "salt '$MINION_ID' test.ping" True local ret=$? if [[ $ret != 0 ]]; then echo "The Minion has been accepted but is not online. Try again later" From ec5c565cec2c1cc52d9e765c026dcdaf904cfd0e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 9 Jan 2023 14:49:33 -0500 Subject: [PATCH 5/6] put elastalert on sosbridge --- salt/elastalert/init.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index f62c1fed7..16ba95293 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -86,6 +86,9 @@ so-elastalert: - hostname: elastalert - name: so-elastalert - user: so-elastalert + - networks: + - sosbridge: + - ipv4_address: {{ DOCKER.containers['so-elastalert'].ip }} - detach: True - binds: - /opt/so/rules/elastalert:/opt/elastalert/rules/:ro From ac157432de3ea2657693f65b36ca92bf9df80d42 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 9 Jan 2023 14:58:36 -0500 Subject: [PATCH 6/6] include docker --- salt/elastalert/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index 16ba95293..1db789935 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -5,6 +5,7 @@ {% if sls in allowed_states %} {% from 'vars/globals.map.jinja' import GLOBALS %} +{% from 'docker/docker.map.jinja' import DOCKER %} {% from 'elastalert/elastalert_config.map.jinja' import ELASTALERT as elastalert_config with context %} # Create the group