CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

modify soup to update soup scripts without using salt

Browse Source
This commit is contained in:
m0duspwnens
2024-02-13 11:04:26 -05:00
parent e713b4c660
commit 3efaba1104
3 changed files with 20 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
salt/common/init.sls
View File

@@ -4,7 +4,6 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'vars/globals.map.jinja' import GLOBALS %}
include: include:
- common.soup_scripts
- common.packages - common.packages
{% if GLOBALS.role in GLOBALS.manager_roles %} {% if GLOBALS.role in GLOBALS.manager_roles %}
- manager.elasticsearch # needed for elastic_curl_config state - manager.elasticsearch # needed for elastic_curl_config state
@@ -134,6 +133,18 @@ common_sbin_jinja:
- file_mode: 755 - file_mode: 755
- template: jinja - template: jinja
{% if not GLOBALS.is_manager%}
# prior to 2.4.50 these scripts were in common/tools/sbin on the manager because of soup and distributed to non managers
# these two states remove the scripts from non manager nodes
remove_soup:
file.absent:
- name: /usr/sbin/soup
remove_so-firewall:
file.absent:
- name: /usr/sbin/so-firewall
{% endif %}
so-status_script: so-status_script:
file.managed: file.managed:
- name: /usr/sbin/so-status - name: /usr/sbin/so-status

23
salt/common/soup_scripts.sls
View File

@@ -1,23 +0,0 @@
# Sync some Utilities
soup_scripts:
file.recurse:
- name: /usr/sbin
- user: root
- group: root
- file_mode: 755
- source: salt://common/tools/sbin
- include_pat:
- so-common
- so-image-common
soup_manager_scripts:
file.recurse:
- name: /usr/sbin
- user: root
- group: root
- file_mode: 755
- source: salt://manager/tools/sbin
- include_pat:
- so-firewall
- so-repo-sync
- soup

23
salt/manager/tools/sbin/soup
View File

@@ -794,21 +794,14 @@ verify_latest_update_script() {
echo "This version of the soup script is up to date. Proceeding." echo "This version of the soup script is up to date. Proceeding."
else else
echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete." echo "You are not running the latest soup version. Updating soup and its components. This might take multiple runs to complete."
cp $UPDATE_DIR/salt/manager/tools/sbin/soup $DEFAULT_SALT_DIR/salt/manager/tools/sbin/ rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/soup
cp $UPDATE_DIR/salt/common/tools/sbin/so-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/ rm -f $DEFAULT_SALT_DIR/salt/common/tools/sbin/so-firewall
cp $UPDATE_DIR/salt/common/tools/sbin/so-image-common $DEFAULT_SALT_DIR/salt/common/tools/sbin/
cp $UPDATE_DIR/salt/manager/tools/sbin/so-firewall $DEFAULT_SALT_DIR/salt/manager/tools/sbin/ cp $UPDATE_DIR/salt/common/tools/sbin/* $DEFAULT_SALT_DIR/salt/common/tools/sbin/.
salt-call state.apply common.soup_scripts queue=True -linfo --file-root=$UPDATE_DIR/salt --local cp $UPDATE_DIR/salt/common/tools/sbin/* /usr/sbin/.
# Verify that soup scripts updated as expected cp $UPDATE_DIR/salt/manager/tools/sbin/* $DEFAULT_SALT_DIR/salt/manager/tools/sbin/.
get_soup_script_hashes cp $UPDATE_DIR/salt/manager/tools/sbin/* /usr/sbin/.
if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" && "$CURRENTSOFIREWALL" == "$GITSOFIREWALL" ]]; then
echo "Succesfully updated soup scripts."
else
# When STIGs are enabled soup scripts will fail to update using --file-root --local.
# After checking that the expected hashes are not present, retry updating soup scripts using salt master.
echo "There was a problem updating soup scripts.. Trying to rerun script update"
salt-call state.apply common.soup_scripts queue=True -linfo
fi
echo "" echo ""
echo "The soup script has been modified. Please run soup again to continue the upgrade." echo "The soup script has been modified. Please run soup again to continue the upgrade."
exit 0 exit 0