From b396c39352df50fd092e31fdfdcde276311d4fac Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 15 Jun 2020 15:13:29 -0400
Subject: [PATCH 1/4] fix for master not having a node:mainip pillar - playbook

---
 salt/playbook/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index fec93b71e..2282d8518 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,7 +1,7 @@
 {% set MASTERIP = salt['pillar.get']('master:mainip', '') %}
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
-{% set MAINIP = salt['pillar.get']('node:mainip') %}
+{% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('master:mainint', salt['pillar.get']('node:mainint', salt['pillar.get']('host:mainint')))))[0] %}
 {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
 {%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook', None) -%}
 

From 91a50c091509ce3c3be94d342d16f66f6415cb95 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 15 Jun 2020 16:58:30 -0400
Subject: [PATCH 2/4] place searchnode role with node where referenced

---
 salt/common/maps/so-status.map.jinja | 2 +-
 salt/curator/files/curator.yml       | 2 +-
 salt/curator/init.sls                | 2 +-
 salt/telegraf/etc/telegraf.conf      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/salt/common/maps/so-status.map.jinja b/salt/common/maps/so-status.map.jinja
index f67f4bcd6..b7f408dea 100644
--- a/salt/common/maps/so-status.map.jinja
+++ b/salt/common/maps/so-status.map.jinja
@@ -36,7 +36,7 @@
   {{ append_containers('static', 'broversion', 'SURICATA') }}
 {% endif %}
 
-{% if role == 'searchnode' %}
+{% if role == 'node' %}
   {{ append_containers('master', 'wazuh', 0) }}
 {% endif %}
 
diff --git a/salt/curator/files/curator.yml b/salt/curator/files/curator.yml
index 5d51a3d41..f6c238a08 100644
--- a/salt/curator/files/curator.yml
+++ b/salt/curator/files/curator.yml
@@ -1,4 +1,4 @@
-{% if grains['role'] in ['so-node', 'so-searchnode', 'so-heavynode'] %}
+{% if grains['role'] in ['so-node', 'so-heavynode'] %}
   {%- set elasticsearch = salt['pillar.get']('node:mainip', '') -%}
 {% elif grains['role'] in ['so-eval', 'so-mastersearch', 'so-standalone'] %}
   {%- set elasticsearch = salt['pillar.get']('master:mainip', '') -%}
diff --git a/salt/curator/init.sls b/salt/curator/init.sls
index 37b4fac87..8d3147242 100644
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -1,6 +1,6 @@
 {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %}
 {% set MASTER = salt['grains.get']('master') %}
-{% if grains['role'] in ['so-searchnode', 'so-eval', 'so-node', 'so-mastersearch', 'so-heavynode', 'so-standalone'] %}
+{% if grains['role'] in ['so-eval', 'so-node', 'so-mastersearch', 'so-heavynode', 'so-standalone'] %}
 # Curator
 # Create the group
 curatorgroup:
diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf
index b077f9d5e..73cd194e2 100644
--- a/salt/telegraf/etc/telegraf.conf
+++ b/salt/telegraf/etc/telegraf.conf
@@ -623,7 +623,7 @@
 #   # you can add username and password to your url to use basic authentication:
 #   # servers = ["http://user:pass@localhost:9200"]
    servers = ["http://{{ MASTER }}:9200"]
-{% elif grains['role'] in ['so-searchnode', 'so-hotnode', 'so-warmnode', 'so-heavynode']  %}
+{% elif grains['role'] in ['so-node', 'so-hotnode', 'so-warmnode', 'so-heavynode']  %}
  [[inputs.elasticsearch]]
    servers = ["http://{{ NODEIP }}:9200"]
 {% endif %}

From fe39179ba15e126011994542a0b03051fac37068 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 15 Jun 2020 17:01:23 -0400
Subject: [PATCH 3/4] fix so-status for searchnode

---
 salt/common/maps/so-status.map.jinja | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/maps/so-status.map.jinja b/salt/common/maps/so-status.map.jinja
index b7f408dea..f67f4bcd6 100644
--- a/salt/common/maps/so-status.map.jinja
+++ b/salt/common/maps/so-status.map.jinja
@@ -36,7 +36,7 @@
   {{ append_containers('static', 'broversion', 'SURICATA') }}
 {% endif %}
 
-{% if role == 'node' %}
+{% if role == 'searchnode' %}
   {{ append_containers('master', 'wazuh', 0) }}
 {% endif %}
 

From 97d127218a54c2d2e78054ae2f559d6fc52ea09e Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Mon, 15 Jun 2020 17:40:53 -0400
Subject: [PATCH 4/4] fix: stop updating salt mine - this is an attempt to sort
 out why the CA intermittently disappears from the mine

---
 salt/ca/init.sls | 2 --
 1 file changed, 2 deletions(-)

diff --git a/salt/ca/init.sls b/salt/ca/init.sls
index 407516f6e..f3a1d431e 100644
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -44,5 +44,3 @@ send_x509_pem_entries_to_mine:
     - mine.send:
       - func: x509.get_pem_entries
       - glob_path: /etc/pki/ca.crt
-    - onchanges:
-      - x509: /etc/pki/ca.crt