CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/2.4/dev' into reyesj2-patch-sl

Browse Source
This commit is contained in:
reyesj2
2024-01-15 21:19:37 -05:00
parent a73d78300a 38965ccab5
commit 4bffd8e27c
3 changed files with 61 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/common/init.sls
View File

@@ -179,6 +179,14 @@ so-status_check_cron:
- month: '*' - month: '*'
- dayweek: '*' - dayweek: '*'
# This cronjob/script runs a check if the node needs restarted, but should be used for future status checks as well
common_status_check_cron:
cron.present:
- name: '/usr/sbin/so-common-status-check > /dev/null 2>&1'
- identifier: common_status_check
- user: root
- minute: '*/10'
remove_post_setup_cron: remove_post_setup_cron:
cron.absent: cron.absent:
- name: 'PATH=$PATH:/usr/sbin salt-call state.highstate' - name: 'PATH=$PATH:/usr/sbin salt-call state.highstate'

52
salt/common/tools/sbin/so-common-status-check Normal file
View File

@@ -0,0 +1,52 @@
#!/usr/bin/env python3
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
import sys
import subprocess
import os
sys.path.append('/opt/saltstack/salt/lib/python3.10/site-packages/')
import salt.config
import salt.loader
__opts__ = salt.config.minion_config('/etc/salt/minion')
__grains__ = salt.loader.grains(__opts__)
def check_needs_restarted():
osfam = __grains__['os_family']
val = '0'
outfile = "/opt/so/log/sostatus/needs_restarted"
if osfam == 'Debian':
if os.path.exists('/var/run/reboot-required'):
val = '1'
elif osfam == 'RedHat':
cmd = 'needs-restarting -r > /dev/null 2>&1'
try:
needs_restarting = subprocess.check_call(cmd, shell=True)
except subprocess.CalledProcessError:
val = '1'
else:
fail("Unsupported OS")
with open(outfile, 'w') as f:
f.write(val)
def fail(msg):
print(msg, file=sys.stderr)
sys.exit(1)
def main():
proc = subprocess.run(['id', '-u'], stdout=subprocess.PIPE, encoding="utf-8")
if proc.stdout.strip() != "0":
fail("This program must be run as root")
check_needs_restarted()
if __name__ == "__main__":
main()

14
salt/telegraf/scripts/os.sh
View File

@@ -8,19 +8,7 @@
# if this script isn't already running # if this script isn't already running
if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
NEEDS_RESTART=0 NEEDS_RESTART=$(cat /var/log/sostatus/needs_restarted)
if which needs-restarting &> /dev/null; then
# DNF/RPM family
if ! needs-restarting -r &> /dev/null; then
NEEDS_RESTART=1
fi
else
# APT family
if [ -f /var/run/reboot-required ]; then
NEEDS_RESTART=1
fi
fi
echo "os restart=$NEEDS_RESTART" echo "os restart=$NEEDS_RESTART"