From 316035910f02e361d0c679b42bca98896c443cff Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Thu, 3 Jun 2021 15:15:35 -0400
Subject: [PATCH] Remove inotify beacon due to it not functioning as
 documented; Add back so-user changes to sync upon so-user changes

---
 salt/common/tools/sbin/so-user  | 5 +++++
 salt/manager/files/beacons.conf | 7 -------
 salt/manager/init.sls           | 7 -------
 3 files changed, 5 insertions(+), 14 deletions(-)
 delete mode 100644 salt/manager/files/beacons.conf

diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index 15a71edfa..f1bfdc213 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -314,6 +314,7 @@ case "${operation}" in
     validateEmail "$email"
     updatePassword
     createUser "$email"
+    syncAll
     echo "Successfully added new user to SOC"
     check_container thehive && echo $password | so-thehive-user-add "$email"
     check_container fleet && echo $password | so-fleet-user-add "$email"
@@ -329,6 +330,7 @@ case "${operation}" in
     [[ "$email" == "" ]] && fail "Email address must be provided"
 
     updateUser "$email"
+    syncAll
     echo "Successfully updated user"
     ;;
 
@@ -337,6 +339,7 @@ case "${operation}" in
     [[ "$email" == "" ]] && fail "Email address must be provided"
 
     updateStatus "$email" 'active'
+    syncAll
     echo "Successfully enabled user"
     check_container thehive && so-thehive-user-enable "$email" true
     check_container fleet && so-fleet-user-enable "$email" true   
@@ -347,6 +350,7 @@ case "${operation}" in
     [[ "$email" == "" ]] && fail "Email address must be provided"
 
     updateStatus "$email" 'locked'
+    syncAll
     echo "Successfully disabled user"
     check_container thehive && so-thehive-user-enable "$email" false
     check_container fleet && so-fleet-user-enable "$email" false   
@@ -357,6 +361,7 @@ case "${operation}" in
     [[ "$email" == "" ]] && fail "Email address must be provided"
 
     deleteUser "$email"
+    syncAll
     echo "Successfully deleted user"
     check_container thehive && so-thehive-user-enable "$email" false
     check_container fleet && so-fleet-user-enable "$email" false
diff --git a/salt/manager/files/beacons.conf b/salt/manager/files/beacons.conf
deleted file mode 100644
index fe40170ad..000000000
--- a/salt/manager/files/beacons.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-beacons:
-  watch_sqlite_db:
-    - files:
-        /opt/so/conf/kratos/db/db.sqlite:
-          mask:
-            - modify
-    - beacon_module: inotify
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index ca47af34f..e6e9c433b 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -123,13 +123,6 @@ syncesusers:
       - /opt/so/saltstack/local/salt/elasticsearch/files/users
       - /opt/so/saltstack/local/salt/elasticsearch/files/users_roles
 
-beacons_config:
-  file.managed:
-    - name: /etc/salt/minion.d/beacons.conf
-    - source: salt://manager/files/beacons.conf
-    - onchanges_in:
-        - service: salt_minion_service
-
 {% else %}
 
 {{sls}}_state_not_allowed: