mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-08 02:02:50 +01:00
Initial support for ntp service via chronyd
This commit is contained in:
William Wernert
@@ -486,6 +486,17 @@ collect_node_ls_pipeline_worker_count() {
|
||||
done
|
||||
}
|
||||
|
||||
collect_ntp_servers() {
|
||||
if [[ $is_airgap || "$NSMSETUP" = 'ADVANCED' || "$MANAGERADV" = 'ADVANCED' ]]; then
|
||||
if whiptail_ntp_ask; then
|
||||
[[ $is_airgap ]] && ntp_servers=""
|
||||
whiptail_ntp_servers "$ntp_servers"
|
||||
else
|
||||
ntp_servers=""
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
collect_oinkcode() {
|
||||
whiptail_oinkcode
|
||||
|
||||
@@ -702,6 +713,38 @@ configure_minion() {
|
||||
} >> "$setup_log" 2>&1
|
||||
}
|
||||
|
||||
configure_ntp() {
|
||||
local chrony_conf=/etc/chrony.conf
|
||||
|
||||
# Install chrony if it isn't already installed
|
||||
if command -v chronyc &> /dev/null; then
|
||||
if [ "$OS" == centos ]; then
|
||||
yum -y install chrony
|
||||
else
|
||||
retry 50 10 "apt-get -y install chrony" || exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
[[ -f $chrony_conf ]] && rm -f $chrony_conf
|
||||
|
||||
# Build list of servers
|
||||
for addr in "${ntp_servers[@]}"; do
|
||||
echo "server $addr iburst" >> $chrony_conf
|
||||
done
|
||||
|
||||
printf '%s\n' \
|
||||
'driftfile /var/lib/chrony/drift' \
|
||||
'makestep 1.0 3' \
|
||||
'rtcsync' \
|
||||
'logdir /var/log/chrony' >> $chrony_conf
|
||||
|
||||
systemctl enable chronyd
|
||||
systemctl start chronyd
|
||||
|
||||
# Sync time
|
||||
chronyc -a makestep
|
||||
}
|
||||
|
||||
checkin_at_boot() {
|
||||
local minion_config=/etc/salt/minion
|
||||
|
||||
@@ -709,6 +752,12 @@ checkin_at_boot() {
|
||||
echo "startup_states: highstate" >> "$minion_config"
|
||||
}
|
||||
|
||||
check_ntp_configured() {
|
||||
if systemctl is-active --quiet chronyd || systemctl is-active --quiet ntpd; then
|
||||
ntp_configured=true
|
||||
fi
|
||||
}
|
||||
|
||||
check_requirements() {
|
||||
local standalone_or_dist=$1
|
||||
local node_type=$2 # optional
|
||||
@@ -1564,12 +1613,16 @@ manager_global() {
|
||||
"global:"\
|
||||
" soversion: '$SOVERSION'"\
|
||||
" hnmanager: '$HNMANAGER'"\
|
||||
" ntpserver: '$NTPSERVER'"\
|
||||
" dockernet: '$DOCKERNET'"\
|
||||
" mdengine: '$ZEEKVERSION'"\
|
||||
" ids: '$NIDS'"\
|
||||
" url_base: '$REDIRECTIT'"\
|
||||
" managerip: '$MAINIP'" > "$global_pillar"
|
||||
" managerip: '$MAINIP'"
|
||||
" ntp_servers:" > "$global_pillar"
|
||||
|
||||
for addr in "${ntp_servers[@]}"; do
|
||||
echo " - '$addr'" >> "$global_pillar"
|
||||
done
|
||||
|
||||
if [[ $is_airgap ]]; then
|
||||
printf '%s\n'\
|
||||
|
||||
Reference in New Issue
Block a user