From ae7f170df3bb430cdd190b9a8ea599d7f73de9d4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 8 Mar 2019 11:26:00 -0500 Subject: [PATCH 01/10] Suricata Module - Fix Worker designation for performance --- salt/common/tools/brostatus.sh | 0 salt/suricata/files/suricata.yaml | 2 +- salt/suricata/files/suricataMETA.yaml | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 salt/common/tools/brostatus.sh diff --git a/salt/common/tools/brostatus.sh b/salt/common/tools/brostatus.sh deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/suricata/files/suricata.yaml b/salt/suricata/files/suricata.yaml index eb1888571..1acce5b96 100644 --- a/salt/suricata/files/suricata.yaml +++ b/salt/suricata/files/suricata.yaml @@ -919,7 +919,7 @@ host-mode: auto # Runmode the engine should use. Please check --list-runmodes to get the available # runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned # load balancing). -#runmode: autofp +runmode: workers # Specifies the kind of flow load balancer used by the flow pinned autofp mode. # diff --git a/salt/suricata/files/suricataMETA.yaml b/salt/suricata/files/suricataMETA.yaml index 2f58ad2f2..99a59c719 100644 --- a/salt/suricata/files/suricataMETA.yaml +++ b/salt/suricata/files/suricataMETA.yaml @@ -1074,7 +1074,7 @@ host-mode: auto # Runmode the engine should use. Please check --list-runmodes to get the available # runmodes for each packet acquisition method. Defaults to "autofp" (auto flow pinned # load balancing). -#runmode: autofp +runmode: workers # Specifies the kind of flow load balancer used by the flow pinned autofp mode. # From fa2331d9b6c7ff47a6f35708e31ba22a4b20da87 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 8 Mar 2019 12:00:44 -0500 Subject: [PATCH 02/10] The Hive Module - Initial Skeleton --- salt/hive/init.sls | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 salt/hive/init.sls diff --git a/salt/hive/init.sls b/salt/hive/init.sls new file mode 100644 index 000000000..fd3e6b861 --- /dev/null +++ b/salt/hive/init.sls @@ -0,0 +1,46 @@ +# Install Elasticsearch + +# Made directory for ES data to live in +hiveesdata: + file.directory: + - name: /nsm/hive/esdata + - makedirs: True + +so-thehive-es: + docker_container.running: + - image: docker.elastic.co/elasticsearch/elasticsearch:5.6.0 + - hostname: so-thehive-es + - name: so-thehive-es + - interactive: True + - tty: True + - binds: + - /nsm/hive/esdata:/usr/share/elasticsearch/data:rw + - environment: + - http.host=0.0.0.0 + - transport.host=0.0.0.0 + - xpack.security.enabled=false + - cluster.name=hive + - script.inline=true + - thread_pool.index.queue_size=100000 + - thread_pool.search.queue_size=100000 + - thread_pool.bulk.queue_size=100000 + +# Install Cortex + +so-cortex: + docker_container_running: + - image: thehiveproject/cortex:latest + - hostname: so-cortex + - name: so-cortex + +# Install Hive +hiveconfdir: + file.directory: + - name: /opt/so/conf/hive/etc + - makedirs: True + +so-thehive: + docker_container_running: + - image: thehiveproject/thehive:latest + - hostname: so-thehive + - name: so-thehive From 01ac51f2e45872afdf274a329c5c1c0679753b4b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 8 Mar 2019 12:44:17 -0500 Subject: [PATCH 03/10] The Hive Module - Config Update --- salt/hive/init.sls | 8 + salt/hive/thehive/etc/application.conf | 210 +++++++++++++++++++++++++ 2 files changed, 218 insertions(+) create mode 100644 salt/hive/thehive/etc/application.conf diff --git a/salt/hive/init.sls b/salt/hive/init.sls index fd3e6b861..dcefe2e50 100644 --- a/salt/hive/init.sls +++ b/salt/hive/init.sls @@ -17,6 +17,8 @@ so-thehive-es: - /nsm/hive/esdata:/usr/share/elasticsearch/data:rw - environment: - http.host=0.0.0.0 + - http.port=9400 + - transport.tcp.port=9500 - transport.host=0.0.0.0 - xpack.security.enabled=false - cluster.name=hive @@ -39,6 +41,12 @@ hiveconfdir: - name: /opt/so/conf/hive/etc - makedirs: True +hiveconf: + file.manage: + - name: /opt/so/conf/hive/etc/application.conf + - source: salt://hive/thehive/etc/application.conf + - template: jinja + so-thehive: docker_container_running: - image: thehiveproject/thehive:latest diff --git a/salt/hive/thehive/etc/application.conf b/salt/hive/thehive/etc/application.conf new file mode 100644 index 000000000..5a0a96b9b --- /dev/null +++ b/salt/hive/thehive/etc/application.conf @@ -0,0 +1,210 @@ +{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %} + +# Secret Key +# The secret key is used to secure cryptographic functions. +# WARNING: If you deploy your application on several servers, make sure to use the same key. +play.http.secret.key="letsdewdis" + +# Elasticsearch +search { + ## Basic configuration + # Index name. + index = the_hive + # ElasticSearch cluster name. + cluster = hive + # ElasticSearch instance address. + host = ["{{ MASTERIP }}:9500"] + + ## Advanced configuration + # Scroll keepalive. + #keepalive = 1m + # Scroll page size. + #pagesize = 50 + # Number of shards + #nbshards = 5 + # Number of replicas + #nbreplicas = 1 + # Arbitrary settings + #settings { + # # Maximum number of nested fields + # mapping.nested_fields.limit = 100 + #} + + ### XPack SSL configuration + # Username for XPack authentication + #search.username = "" + # Password for XPack authentication + #search.password = "" + # Enable SSL to connect to ElasticSearch + search.ssl.enabled = false + # Path to certificate authority file + #search.ssl.ca = "" + # Path to certificate file + #search.ssl.certificate = "" + # Path to key file + #search.ssl.key = "" + + ### SearchGuard configuration + # Path to JKS file containing client certificate + #search.guard.keyStore.path = "" + # Password of the keystore + #search.guard.keyStore.password = "" + # Path to JKS file containing certificate authorities + #search.guard.trustStore.path = "" + ## Password of the truststore + #search.guard.trustStore.password = "" + # Enforce hostname verification + #search.guard.hostVerification = false + # If hostname verification is enabled specify if hostname should be resolved + #search.guard.hostVerificationResolveHostname = false +} + +# Authentication +auth { + # "provider" parameter contains authentication provider. It can be multi-valued (useful for migration) + # available auth types are: + # services.LocalAuthSrv : passwords are stored in user entity (in Elasticsearch). No configuration is required. + # ad : use ActiveDirectory to authenticate users. Configuration is under "auth.ad" key + # ldap : use LDAP to authenticate users. Configuration is under "auth.ldap" key + provider = [local] + + # By default, basic authentication is disabled. You can enable it by setting "method.basic" to true. + #method.basic = true + + + ad { + # The Windows domain name in DNS format. This parameter is required if you do not use + # 'serverNames' below. + #domainFQDN = "mydomain.local" + + # Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN + # above. If this parameter is not set, TheHive uses 'domainFQDN'. + #serverNames = [ad1.mydomain.local, ad2.mydomain.local] + + # The Windows domain name using short format. This parameter is required. + #domainName = "MYDOMAIN" + + # If 'true', use SSL to connect to the domain controller. + #useSSL = true + } + + ldap { + # The LDAP server name or address. The port can be specified using the 'host:port' + # syntax. This parameter is required if you don't use 'serverNames' below. + #serverName = "ldap.mydomain.local:389" + + # If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead. + #serverNames = [ldap1.mydomain.local, ldap2.mydomain.local] + + # Account to use to bind to the LDAP server. This parameter is required. + #bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local" + + # Password of the binding account. This parameter is required. + #bindPW = "***secret*password***" + + # Base DN to search users. This parameter is required. + #baseDN = "ou=users,dc=mydomain,dc=local" + + # Filter to search user in the directory server. Please note that {0} is replaced + # by the actual user name. This parameter is required. + #filter = "(cn={0})" + + # If 'true', use SSL to connect to the LDAP directory server. + #useSSL = true + } +} + +# Maximum time between two requests without requesting authentication +session { + warning = 5m + inactivity = 1h +} + +# Max textual content length +play.http.parser.maxMemoryBuffer= 1M +# Max file size +play.http.parser.maxDiskBuffer = 1G + +# Cortex +# TheHive can connect to one or multiple Cortex instances. Give each +# Cortex instance a name and specify the associated URL. +# +# In order to use Cortex, first you need to enable the Cortex module by uncommenting the next line + +#play.modules.enabled += connectors.cortex.CortexConnector + +cortex { + #"CORTEX-SERVER-ID" { + # url = "" + # key = "" + # # HTTP client configuration (SSL and proxy) + # ws {} + #} +} + +# MISP +# TheHive can connect to one or multiple MISP instances. Give each MISP +# instance a name and specify the associated Authkey that must be used +# to poll events, the case template that should be used by default when +# importing events as well as the tags that must be added to cases upon +# import. + +# Prior to configuring the integration with a MISP instance, you must +# enable the MISP connector. This will allow you to import events to +# and/or export cases to the MISP instance(s). + +#play.modules.enabled += connectors.misp.MispConnector + +misp { + # Interval between consecutive MISP event imports in hours (h) or + # minutes (m). + interval = 1h + + #"MISP-SERVER-ID" { + # # MISP connection configuration requires at least an url and a key. The key must + # # be linked with a sync account on MISP. + # url = "" + # key = "" + # + # # Name of the case template in TheHive that shall be used to import + # # MISP events as cases by default. + # caseTemplate = "" + # + # # Optional tags to add to each observable imported from an event + # # available on this instance. + # tags = ["misp-server-id"] + # + # ## MISP event filters + # # MISP filters is used to exclude events from the import. + # # Filter criteria are: + # # The number of attribute + # max-attributes = 1000 + # # The size of its JSON representation + # max-size = 1 MiB + # # The age of the last publish date + # max-age = 7 days + # # Organization and tags + # exclusion { + # organisation = ["bad organisation", "other organisations"] + # tags = ["tag1", "tag2"] + # } + # + # ## HTTP client configuration (SSL and proxy) + # # Truststore to use to validate the X.509 certificate of the MISP + # # instance if the default truststore is not sufficient. + # # Proxy can also be used + # ws { + # ssl.trustManager.stores = [ { + # path = /path/to/truststore.jks + # } ] + # proxy { + # host = proxy.mydomain.org + # port = 3128 + # } + # } + # + # # MISP purpose defines if this instance can be used to import events (ImportOnly), export cases (ExportOnly) or both (ImportAndExport) + # # Default is ImportAndExport + # purpose = ImportAndExport + #} ## <-- Uncomment to complete the configuration +} From 39ea1ad1ee5643b00f40d13d847badf0d3f16dd1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 8 Mar 2019 13:07:11 -0500 Subject: [PATCH 04/10] Firewall Module - Add rules for hive --- salt/firewall/init.sls | 44 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls index c2fb74e77..0d5fd174d 100644 --- a/salt/firewall/init.sls +++ b/salt/firewall/init.sls @@ -173,6 +173,28 @@ enable_masternode_ES_9300_{{ip}}: - position: 1 - save: True +enable_masternode_ES_9400_{{ip}}: + iptables.insert: + - table: filter + - chain: DOCKER-USER + - jump: ACCEPT + - proto: tcp + - source: {{ ip }} + - dport: 9400 + - position: 1 + - save: True + +enable_masternode_ES_9500_{{ip}}: + iptables.insert: + - table: filter + - chain: DOCKER-USER + - jump: ACCEPT + - proto: tcp + - source: {{ ip }} + - dport: 9500 + - position: 1 + - save: True + enable_masternode_influxdb_8086_{{ip}}: iptables.insert: - table: filter @@ -367,6 +389,28 @@ enable_standard_analyst_3000_{{ip}}: - position: 1 - save: True +enable_standard_analyst_9000_{{ip}}: + iptables.insert: + - table: filter + - chain: DOCKER-USER + - jump: ACCEPT + - proto: tcp + - source: {{ ip }} + - dport: 9000 + - position: 1 + - save: True + +enable_standard_analyst_9001_{{ip}}: + iptables.insert: + - table: filter + - chain: DOCKER-USER + - jump: ACCEPT + - proto: tcp + - source: {{ ip }} + - dport: 9001 + - position: 1 + - save: True + {% endfor %} # Rules for storage nodes connecting to master From 7f43cf7357c8b209bf84330e135bb75fe16b158e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 8 Mar 2019 13:33:29 -0500 Subject: [PATCH 05/10] The Hive Module - Fix Salt Code --- salt/hive/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/hive/init.sls b/salt/hive/init.sls index dcefe2e50..8d391435c 100644 --- a/salt/hive/init.sls +++ b/salt/hive/init.sls @@ -30,7 +30,7 @@ so-thehive-es: # Install Cortex so-cortex: - docker_container_running: + docker_container.running: - image: thehiveproject/cortex:latest - hostname: so-cortex - name: so-cortex @@ -48,7 +48,7 @@ hiveconf: - template: jinja so-thehive: - docker_container_running: + docker_container.running: - image: thehiveproject/thehive:latest - hostname: so-thehive - name: so-thehive From 1422163cdc4873f7be4779638734bdb603c6e02b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 8 Mar 2019 14:33:44 -0500 Subject: [PATCH 06/10] Setup Script - Ubuntu rollback of salt package version 2018.3 --- salt/hive/init.sls | 2 +- so-setup-network.sh | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/salt/hive/init.sls b/salt/hive/init.sls index 8d391435c..958ecf540 100644 --- a/salt/hive/init.sls +++ b/salt/hive/init.sls @@ -42,7 +42,7 @@ hiveconfdir: - makedirs: True hiveconf: - file.manage: + file.managed: - name: /opt/so/conf/hive/etc/application.conf - source: salt://hive/thehive/etc/application.conf - template: jinja diff --git a/so-setup-network.sh b/so-setup-network.sh index ea37b89c5..73b8b4421 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -482,7 +482,7 @@ install_master() { # Install the salt master package if [ $OS == 'centos' ]; then - yum -y install salt-master wget + yum -y install wget salt-common=2018.3.4+ds-1 salt-master=2018.3.4+ds-1 # Create a place for the keys for Ubuntu minions mkdir -p /opt/so/gpg @@ -491,7 +491,7 @@ install_master() { wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH else - apt-get install -y salt-master + apt-get install -y salt-common=2018.3.4+ds-1 salt-master=2018.3.4+ds-1 fi copy_master_config @@ -768,7 +768,9 @@ EOF # Install the repo for salt wget --inet4-only -O - https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add - + wget --inet4-only -O - https://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2018.3/SALTSTACK-GPG-KEY.pub | apt-key add - echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list + echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/2018.3 xenial main" > /etc/apt/sources.list.d/saltstack2018.list # Lets get the docker repo added curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - From c3983a82c9c3524b7bfd237307cdb79e34e43618 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 8 Mar 2019 14:39:53 -0500 Subject: [PATCH 07/10] Setup Script - Ubuntu fix minion version --- so-setup-network.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/so-setup-network.sh b/so-setup-network.sh index 73b8b4421..696f8dc20 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -789,7 +789,7 @@ EOF # Initialize the new repos apt-get update >>~/sosetup.log 2>&1 - apt-get -y install salt-minion python-m2crypto >>~/sosetup.log 2>&1 + apt-get -y install salt-minion=2018.3.4+ds-1 python-m2crypto >>~/sosetup.log 2>&1 else @@ -802,7 +802,7 @@ EOF echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list # Initialize the new repos apt-get update >>~/sosetup.log 2>&1 - apt-get -y install salt-minion python-m2crypto >>~/sosetup.log 2>&1 + apt-get -y install salt-minion=2018.3.4+ds-1 python-m2crypto >>~/sosetup.log 2>&1 fi From d93a062f914b7b7c35c44db72fc460873550d877 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 8 Mar 2019 14:45:32 -0500 Subject: [PATCH 08/10] Setup Script - Ubuntu fix minion version --- so-setup-network.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/so-setup-network.sh b/so-setup-network.sh index 696f8dc20..266ad369f 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -482,7 +482,7 @@ install_master() { # Install the salt master package if [ $OS == 'centos' ]; then - yum -y install wget salt-common=2018.3.4+ds-1 salt-master=2018.3.4+ds-1 + yum -y install wget salt-common salt-master # Create a place for the keys for Ubuntu minions mkdir -p /opt/so/gpg @@ -491,7 +491,7 @@ install_master() { wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH else - apt-get install -y salt-common=2018.3.4+ds-1 salt-master=2018.3.4+ds-1 + apt-get install -y salt-common=2018.3.4+ds-1 salt-master=2018.3.4+ds-1 salt-minion=2018.3.4+ds-1 fi copy_master_config From ec862c75adb0c4fd8a093d21317d25b26f606009 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 8 Mar 2019 15:13:27 -0500 Subject: [PATCH 09/10] Setup Script - Ubuntu Fix m2crypto --- so-setup-network.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/so-setup-network.sh b/so-setup-network.sh index 266ad369f..dd5ed3b1b 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -491,7 +491,9 @@ install_master() { wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH else - apt-get install -y salt-common=2018.3.4+ds-1 salt-master=2018.3.4+ds-1 salt-minion=2018.3.4+ds-1 + apt-get install -y salt-common=2018.3.4+ds-1 salt-master=2018.3.4+ds-1 salt-minion=2018.3.4+ds-1 python-m2crypto + apt-mark hold salt-common salt-master salt-minion + apt-get install -y python-m2crypto fi copy_master_config @@ -789,7 +791,8 @@ EOF # Initialize the new repos apt-get update >>~/sosetup.log 2>&1 - apt-get -y install salt-minion=2018.3.4+ds-1 python-m2crypto >>~/sosetup.log 2>&1 + apt-get -y install salt-minion=2018.3.4+ds-1 salt-common=2018.3.4+ds-1 python-m2crypto >>~/sosetup.log 2>&1 + apt-mark hold salt-minion salt-common else @@ -802,7 +805,8 @@ EOF echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list # Initialize the new repos apt-get update >>~/sosetup.log 2>&1 - apt-get -y install salt-minion=2018.3.4+ds-1 python-m2crypto >>~/sosetup.log 2>&1 + apt-get -y install salt-minion=2018.3.4+ds-1 salt-common=2018.3.4+ds-1 python-m2crypto >>~/sosetup.log 2>&1 + apt-mark hold salt-minion salt-common fi From 422d1c52a3696e0dc6f502c9c8bbf10e8c19f6ef Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 8 Mar 2019 15:59:03 -0500 Subject: [PATCH 10/10] Setup Script - Centos Fix Salt Agent version --- so-setup-network.sh | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/so-setup-network.sh b/so-setup-network.sh index dd5ed3b1b..e0a2899de 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -606,6 +606,8 @@ saltify() { if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm + cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2018-3.repo + sed -i 's/latest/2018.3/g' /etc/yum.repos.d/salt-2018-3.repo cat > /etc/yum.repos.d/wazuh.repo <<\EOF [wazuh_repo] gpgcheck=1 @@ -718,6 +720,15 @@ EOF echo "gpgcheck=1" >> /etc/yum.repos.d/salt-latest.repo echo "gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key" >> /etc/yum.repos.d/salt-latest.repo + # Proxy is hating on me.. Lets just set it manually + echo "[salt-2018.3]" > /etc/yum.repos.d/salt-2018-3.repo + echo "name=SaltStack Latest Release Channel for RHEL/Centos \$releasever" >> /etc/yum.repos.d/salt-2018-3.repo + echo "baseurl=https://repo.saltstack.com/yum/redhat/7/\$basearch/2018.3" >> /etc/yum.repos.d/salt-2018-3.repo + echo "failovermethod=priority" >> /etc/yum.repos.d/salt-2018-3.repo + echo "enabled=1" >> /etc/yum.repos.d/salt-2018-3.repo + echo "gpgcheck=1" >> /etc/yum.repos.d/salt-2018-3.repo + echo "gpgkey=file:///etc/pki/rpm-gpg/saltstack-signing-key" >> /etc/yum.repos.d/salt-2018-3.repo + cat > /etc/yum.repos.d/wazuh.repo <<\EOF [wazuh_repo] gpgcheck=1 @@ -729,6 +740,8 @@ protect=1 EOF else yum -y install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm + cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2018-3.repo + sed -i 's/latest/2018.3/g' /etc/yum.repos.d/salt-2018-3.repo cat > /etc/yum.repos.d/wazuh.repo <<\EOF [wazuh_repo] gpgcheck=1 @@ -742,18 +755,18 @@ EOF fi yum clean expire-cache - yum -y install salt-minion yum-utils device-mapper-persistent-data lvm2 openssl - yum -y update + yum -y install salt-minion-2018.3.4 yum-utils device-mapper-persistent-data lvm2 openssl + yum -y update exclude=salt* systemctl enable salt-minion # Nasty hack but required for now if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then - yum -y install salt-master python-m2crypto salt-minion m2crypto + yum -y install salt-master-2018.3.4 python-m2crypto salt-minion-2018.3.4 m2crypto systemctl enable salt-master else - yum -y install salt-minion python-m2m2crypto m2crypto + yum -y install salt-minion-2018.3.4 python-m2m2crypto m2crypto fi - + echo "exclude=salt*" >> /etc/yum.conf else ADDUSER=useradd