From d13733e7166f0483fd61e5314c5591215fdd09a1 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 17 Nov 2020 09:59:01 -0500 Subject: [PATCH 1/6] Queue the registry state in case a highstate is already active --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 5ce777aa3..0453ea29d 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -98,7 +98,7 @@ airgap_update_dockers() { update_registry() { docker stop so-dockerregistry docker rm so-dockerregistry - salt-call state.apply registry + salt-call state.apply registry queue=True } check_airgap() { From 88c2ee0d36af415ff6c44143d25aa7e31ed73fdf Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 17 Nov 2020 11:58:22 -0500 Subject: [PATCH 2/6] The Hive ES update --- salt/thehive/init.sls | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls index e695c237f..c89017dda 100644 --- a/salt/thehive/init.sls +++ b/salt/thehive/init.sls @@ -89,14 +89,6 @@ so-thehive-es: - /opt/so/conf/thehive/etc/es/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro - /opt/so/log/thehive:/var/log/elasticsearch:rw - environment: - - http.host=0.0.0.0 - - http.port=9400 - - transport.tcp.port=9500 - - transport.host=0.0.0.0 - - cluster.name=thehive - - thread_pool.index.queue_size=100000 - - thread_pool.search.queue_size=100000 - - thread_pool.bulk.queue_size=100000 - ES_JAVA_OPTS=-Xms512m -Xmx512m - port_bindings: - 0.0.0.0:9400:9400 @@ -164,4 +156,4 @@ thehive_state_not_allowed: test.fail_without_changes: - name: thehive_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} From f31d459a24fea552f18e21fd38c27f9db90b6bf6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 17 Nov 2020 11:59:03 -0500 Subject: [PATCH 3/6] The Hive ES Update --- salt/thehive/etc/es/elasticsearch.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/salt/thehive/etc/es/elasticsearch.yml b/salt/thehive/etc/es/elasticsearch.yml index 7f268a671..77e09b071 100644 --- a/salt/thehive/etc/es/elasticsearch.yml +++ b/salt/thehive/etc/es/elasticsearch.yml @@ -1,7 +1,7 @@ cluster.name: "thehive" network.host: 0.0.0.0 discovery.zen.minimum_master_nodes: 1 -# This is a test -- if this is here, then the volume is mounted correctly. +discovery.type: single-node path.logs: /var/log/elasticsearch action.destructive_requires_name: true transport.bind_host: 0.0.0.0 @@ -11,6 +11,3 @@ http.host: 0.0.0.0 http.port: 9400 transport.tcp.port: 9500 transport.host: 0.0.0.0 -thread_pool.index.queue_size: 100000 -thread_pool.search.queue_size: 100000 -thread_pool.bulk.queue_size: 100000 From aa8d9c12a0727ae87b4834d7127b0af53a76637d Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 17 Nov 2020 12:15:20 -0500 Subject: [PATCH 4/6] Remove yara rule update that can't succeed since the script doesn't exist at this point of the setup process --- setup/so-setup | 3 --- 1 file changed, 3 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 065ba548f..e2728a571 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -604,9 +604,6 @@ fi docker_seed_registry # ~ 60% when finished set_progress_str 60 "$(print_salt_state_apply 'manager')" - if [[ "$STRELKARULES" == 1 ]]; then - /usr/sbin/so-yara-update >> $setup_log 2>&1 - fi salt-call state.apply -l info manager >> $setup_log 2>&1 set_progress_str 61 "$(print_salt_state_apply 'idstools')" From 65d28f98b5c851932e081354c27f62e97f8cea42 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 17 Nov 2020 12:51:13 -0500 Subject: [PATCH 5/6] Revert "The Hive ES Update" This reverts commit f31d459a24fea552f18e21fd38c27f9db90b6bf6. --- salt/thehive/etc/es/elasticsearch.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/salt/thehive/etc/es/elasticsearch.yml b/salt/thehive/etc/es/elasticsearch.yml index 77e09b071..7f268a671 100644 --- a/salt/thehive/etc/es/elasticsearch.yml +++ b/salt/thehive/etc/es/elasticsearch.yml @@ -1,7 +1,7 @@ cluster.name: "thehive" network.host: 0.0.0.0 discovery.zen.minimum_master_nodes: 1 -discovery.type: single-node +# This is a test -- if this is here, then the volume is mounted correctly. path.logs: /var/log/elasticsearch action.destructive_requires_name: true transport.bind_host: 0.0.0.0 @@ -11,3 +11,6 @@ http.host: 0.0.0.0 http.port: 9400 transport.tcp.port: 9500 transport.host: 0.0.0.0 +thread_pool.index.queue_size: 100000 +thread_pool.search.queue_size: 100000 +thread_pool.bulk.queue_size: 100000 From 2184c3b8ee517d5f36c5b703d7fe5c50c1ab3b6a Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 17 Nov 2020 12:51:42 -0500 Subject: [PATCH 6/6] Revert "The Hive ES update" This reverts commit 88c2ee0d36af415ff6c44143d25aa7e31ed73fdf. --- salt/thehive/init.sls | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls index c89017dda..e695c237f 100644 --- a/salt/thehive/init.sls +++ b/salt/thehive/init.sls @@ -89,6 +89,14 @@ so-thehive-es: - /opt/so/conf/thehive/etc/es/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties:ro - /opt/so/log/thehive:/var/log/elasticsearch:rw - environment: + - http.host=0.0.0.0 + - http.port=9400 + - transport.tcp.port=9500 + - transport.host=0.0.0.0 + - cluster.name=thehive + - thread_pool.index.queue_size=100000 + - thread_pool.search.queue_size=100000 + - thread_pool.bulk.queue_size=100000 - ES_JAVA_OPTS=-Xms512m -Xmx512m - port_bindings: - 0.0.0.0:9400:9400 @@ -156,4 +164,4 @@ thehive_state_not_allowed: test.fail_without_changes: - name: thehive_state_not_allowed -{% endif %} +{% endif %} \ No newline at end of file