From d02c440934553f5dec33df006e96c0dfabaa701a Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Tue, 22 Sep 2020 21:05:57 +0000
Subject: [PATCH 1/4] Add backup params to global.sls

---
 setup/so-functions | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index b383de6c9..fef58acd1 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1245,7 +1245,9 @@ manager_global() {
 		"  time_file: 1"\
 		"  upload_queue_size: 4"\
 		"  encoding: gzip"\
-		"  interval: 5" >> "$global_pillar"
+		"  interval: 5"\
+	        "backup:"\
+	        "  -\"/opt/so/saltstack/local/\""\ >> "$global_pillar"
 		
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
 }

From 4d42d04cc342e750723217592078489a7f45eb23 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 23 Sep 2020 13:45:42 +0000
Subject: [PATCH 2/4] Fix backup pillar definition

---
 setup/so-functions | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index fef58acd1..c771f2851 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1247,7 +1247,8 @@ manager_global() {
 		"  encoding: gzip"\
 		"  interval: 5"\
 	        "backup:"\
-	        "  -\"/opt/so/saltstack/local/\""\ >> "$global_pillar"
+                "  locations:"\
+                "    - /opt/so/saltstack/local" >> "$global_pillar"
 		
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
 }

From 57732b360ecda205ad3328602cf0c646676bf7ed Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 23 Sep 2020 13:47:14 +0000
Subject: [PATCH 3/4] Add config backup script

---
 salt/common/tools/sbin/so-config-backup | 44 +++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 salt/common/tools/sbin/so-config-backup

diff --git a/salt/common/tools/sbin/so-config-backup b/salt/common/tools/sbin/so-config-backup
new file mode 100644
index 000000000..2e2eea9bb
--- /dev/null
+++ b/salt/common/tools/sbin/so-config-backup
@@ -0,0 +1,44 @@
+!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.. /usr/sbin/so-common
+{% set BACKUPLOCATIONS = salt['pillar.get']('backup:locations', {}) %}
+
+TODAY=$(date '+%Y_%m_%d')
+BACKUPFILE="/nsm/backup/so-config-backup-$TODAY.tar"
+MAXBACKUPS=7
+
+# Create backup dir if it does not exist
+mkdir -p /nsm/backup
+
+# If we haven't already written a backup file for today, let's do so
+if [ ! -f $BACKUPFILE ]; then
+
+  # Create empty backup file
+  tar -cf $BACKUPFILE -T /dev/null
+
+  # Loop through all paths defined in global.sls, and append them to backup file
+  {%- for LOCATION in BACKUPLOCATIONS %}
+  tar -rf $BACKUPFILE {{ LOCATION }}
+  {%- endfor %}
+
+fi
+
+# Find oldest backup file and remove it
+NUMBACKUPS=$(find /nsm/backup/ -type f -name "so-config-backup*" | wc -l)
+OLDESTBACKUP=$(find /nsm/backup/ -type f -name "so-config-backup*" | ls -1t | tail -1)
+if [ "$NUMBACKUPS" -gt "$MAXBACKUPS" ]; then
+  rm -f /nsm/backup/$OLDESTBACKUP
+fi

From 71734ddc0a4f21180d912a8dfb5ca4f87e2d2d01 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 23 Sep 2020 13:55:32 +0000
Subject: [PATCH 4/4] Add cron job to common state for daily config backup

---
 salt/common/init.sls | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/salt/common/init.sls b/salt/common/init.sls
index 896e0f025..0df5b4953 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -192,6 +192,18 @@ sensorrotateconf:
 
 {% endif %}
 
+{% if role in ['eval', 'manager', 'managersearch', 'standalone'] %}
+# Add config backup
+/usr/sbin/so-config-backup:
+  cron.present:
+    - user: root
+    - minute: '1'
+    - hour: '0'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+{% endif %}
+
 # Make sure Docker is always running
 docker:
   service.running:
@@ -203,4 +215,4 @@ common_state_not_allowed:
   test.fail_without_changes:
     - name: common_state_not_allowed
 
-{% endif %}
\ No newline at end of file
+{% endif %}