Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into dev

salt/_modules/so.py

@@ -18,9 +18,17 @@ def mysql_conn(retry):
         return False
 
     mainint = __salt__['pillar.get']('host:mainint')
-    mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0]
+    ip_arr = __salt__['grains.get']('ip_interfaces').get(mainint)
 
     mysql_up = False
+
+    if len(ip_arr) == 1:
+        mainip = ip_arr[0]
+
+        if not(retry >= 1):
+            log.debug('`retry` set to value below 1, resetting it to 1 to prevent errors.')
+            retry = 1
+
         for i in range(0, retry):
             log.debug(f'Connection attempt {i+1}')
             try:
@@ -29,7 +37,7 @@ def mysql_conn(retry):
                     user='root',
                     passwd=__salt__['pillar.get']('secrets:mysql')
                 )
-            log.debug(f'Connected to MySQL server on {mainip} after {i} attempts.')
+                log.debug(f'Connected to MySQL server on {mainip} after {i+1} attempts.')
                 
                 db.query("""SELECT 1;""")
                 log.debug(f'Successfully completed query against MySQL server on {mainip}')
@@ -47,5 +55,10 @@ def mysql_conn(retry):
 
         if not mysql_up:
             log.error(f'Could not connect to MySQL server on {mainip} after {retry} attempts.')
+    else:
+        log.error(f'Main interface {mainint} has more than one IP address assigned to it, which is not supported.')
+        log.debug(f'{mainint}:')
+        for addr in ip_arr:
+            log.debug(f'  - {addr}')
 
     return mysql_up

salt/common/tools/sbin/so-fleet-setup

@@ -26,10 +26,9 @@ docker exec so-fleet /bin/sh -c 'for pack in /packs/palantir/Fleet/Endpoints/pac
 docker exec so-fleet fleetctl apply -f /packs/osquery-config.conf
 
 
-# Enable Fleet
+# Update the Enroll Secret
-echo "Enabling Fleet..."
+echo "Updating the Enroll Secret..."
-sleep 5
+salt-call state.apply fleet.event_update-enroll-secret queue=True >> /root/fleet-setup.log
-salt-call state.apply fleet.event_enable-fleet queue=True >> /root/fleet-setup.log
 salt-call state.apply nginx queue=True >> /root/fleet-setup.log
 
 # Generate osquery install packages

salt/fleet/event_enable-fleet.sls

@@ -1,10 +1,3 @@
-{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
-{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
-{% if FLEETNODE or FLEETMANAGER %}
-  {% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %}
-{% else %}
-  {% set ENROLLSECRET = '' %}
-{% endif %}
 {% set MAININT = salt['pillar.get']('host:mainint') %}
 {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
 
@@ -15,4 +8,3 @@ so/fleet:
         hostname: {{ grains.host }}
         mainip: {{ MAINIP }}
         role: {{ grains.role }}
-        enroll-secret: {{ ENROLLSECRET }}

salt/fleet/event_update-enroll-secret.sls

@@ -0,0 +1,7 @@
+{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %}
+
+so/fleet:
+  event.send:
+    - data:
+        action: 'update-enrollsecret'
+        enroll-secret: {{ ENROLLSECRET }}

salt/reactor/fleet.sls

@@ -17,7 +17,6 @@ def run():
     if ACTION == 'enablefleet':
       logging.info('so/fleet enablefleet reactor')
 
-      ESECRET = data['data']['enroll-secret']
       MAINIP = data['data']['mainip']
       ROLE = data['data']['role']
       HOSTNAME = data['data']['hostname']
@@ -30,12 +29,6 @@ def run():
           line = re.sub(r'fleet_manager: \S*', f"fleet_manager: True", line.rstrip())
         print(line) 
 
-      # Update the enroll secret in the secrets pillar
-      if ESECRET != "":
-        for line in fileinput.input(SECRETSFILE, inplace=True):
-          line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
-          print(line)
-
       # Update the Fleet host in the static pillar
       for line in fileinput.input(STATICFILE, inplace=True):
         line = re.sub(r'fleet_hostname: \S*', f"fleet_hostname: '{HOSTNAME}'", line.rstrip())
@@ -46,6 +39,18 @@ def run():
         line = re.sub(r'fleet_ip: \S*', f"fleet_ip: '{MAINIP}'", line.rstrip())
         print(line)   
 
+    if ACTION == 'update-enrollsecret':
+      logging.info('so/fleet update-enrollsecret reactor')
+
+      ESECRET = data['data']['enroll-secret']
+
+      # Update the enroll secret in the secrets pillar
+      if ESECRET != "":
+        for line in fileinput.input(SECRETSFILE, inplace=True):
+          line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
+          print(line)
+
+
     if ACTION == 'genpackages':
       logging.info('so/fleet genpackages reactor')
 

setup/so-setup

@@ -691,6 +691,9 @@ fi
 	
 	if [[ "$OSQUERY" = 1 ]]; then
 
+		set_progress_str 75 "$(print_salt_state_apply 'fleet.event_enable-fleet')"
+		salt-call state.apply -l info fleet.event_enable-fleet >> $setup_log 2>&1
+
 		set_progress_str 75 "$(print_salt_state_apply 'fleet')"
 		salt-call state.apply -l info fleet >> $setup_log 2>&1