From 5dad143c422859af429e22764f0d7941e6ad507a Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Wed, 20 Jan 2021 12:14:09 +0900 Subject: [PATCH 01/14] Need full path in order to work on cron --- salt/common/cron/common-rotate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/cron/common-rotate b/salt/common/cron/common-rotate index 55282f23f..69b84a4c0 100644 --- a/salt/common/cron/common-rotate +++ b/salt/common/cron/common-rotate @@ -1,2 +1,2 @@ #!/bin/bash -logrotate -f /opt/so/conf/log-rotate.conf >/dev/null 2>&1 +/usr/sbin/logrotate -f /opt/so/conf/log-rotate.conf >/dev/null 2>&1 From 8cca792a8fb564227613accb3e72cc334db35e00 Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Wed, 20 Jan 2021 12:16:17 +0900 Subject: [PATCH 02/14] To avoid lots of "[stenoloss.sh] " --- salt/common/files/log-rotate.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/files/log-rotate.conf b/salt/common/files/log-rotate.conf index f8a16a038..fd53d9983 100644 --- a/salt/common/files/log-rotate.conf +++ b/salt/common/files/log-rotate.conf @@ -18,6 +18,7 @@ /opt/so/log/filebeat/*.log /opt/so/log/telegraf/*.log /opt/so/log/redis/*.log +/opt/so/log/stenographer/*.log /opt/so/log/salt/so-salt-minion-check /opt/so/log/salt/minion /opt/so/log/salt/master From e20891ac4481c83816c6131f7aff2f399eb26ced Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Wed, 20 Jan 2021 13:10:33 +0900 Subject: [PATCH 03/14] Fix spacing --- salt/common/cron/common-rotate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/cron/common-rotate b/salt/common/cron/common-rotate index 69b84a4c0..63b8e2b5d 100644 --- a/salt/common/cron/common-rotate +++ b/salt/common/cron/common-rotate @@ -1,2 +1,2 @@ #!/bin/bash -/usr/sbin/logrotate -f /opt/so/conf/log-rotate.conf >/dev/null 2>&1 +/usr/sbin/logrotate -f /opt/so/conf/log-rotate.conf > /dev/null 2>&1 From b2b221fa46f4bdfa34cad674df25ce7c04e2cec5 Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Wed, 20 Jan 2021 13:20:04 +0900 Subject: [PATCH 04/14] Specify the file name for Suricata stats.log will be rotated by surirotate --- salt/common/files/log-rotate.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/files/log-rotate.conf b/salt/common/files/log-rotate.conf index fd53d9983..4d8dffac9 100644 --- a/salt/common/files/log-rotate.conf +++ b/salt/common/files/log-rotate.conf @@ -11,7 +11,7 @@ /opt/so/log/soctopus/*.log /opt/so/log/curator/*.log /opt/so/log/fleet/*.log -/opt/so/log/suricata/*.log +/opt/so/log/suricata/suricata.log /opt/so/log/mysql/*.log /opt/so/log/playbook/*.log /opt/so/log/logstash/*.log From d3d11ff67b876704d43cb4ae450a9ba2e2382f4d Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Wed, 20 Jan 2021 13:42:20 +0900 Subject: [PATCH 05/14] Delete some directories Delete some directories that should not be handled by common-rotate. --- salt/common/files/log-rotate.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/salt/common/files/log-rotate.conf b/salt/common/files/log-rotate.conf index 4d8dffac9..90ffcc2d7 100644 --- a/salt/common/files/log-rotate.conf +++ b/salt/common/files/log-rotate.conf @@ -14,8 +14,6 @@ /opt/so/log/suricata/suricata.log /opt/so/log/mysql/*.log /opt/so/log/playbook/*.log -/opt/so/log/logstash/*.log -/opt/so/log/filebeat/*.log /opt/so/log/telegraf/*.log /opt/so/log/redis/*.log /opt/so/log/stenographer/*.log From d53945888c9e309c23540a70eabf67b9928e9542 Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Wed, 20 Jan 2021 14:54:55 +0900 Subject: [PATCH 06/14] Add sensoroni dir --- salt/common/files/log-rotate.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/files/log-rotate.conf b/salt/common/files/log-rotate.conf index 90ffcc2d7..d1b7c891c 100644 --- a/salt/common/files/log-rotate.conf +++ b/salt/common/files/log-rotate.conf @@ -16,6 +16,7 @@ /opt/so/log/playbook/*.log /opt/so/log/telegraf/*.log /opt/so/log/redis/*.log +/opt/so/log/sensoroni/*.log /opt/so/log/stenographer/*.log /opt/so/log/salt/so-salt-minion-check /opt/so/log/salt/minion From 845ab92d362861c834ad3f01fa4d0919ef14a55e Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Thu, 21 Jan 2021 09:30:34 +0900 Subject: [PATCH 07/14] To make log rotation working --- salt/influxdb/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 9dc7ee692..e6313a2d8 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -19,7 +19,7 @@ influxconfdir: influxlogdir: file.directory: - name: /opt/so/log/influxdb - - dir_mode: 775 + - dir_mode: 755 - user: 939 - group: 939 - makedirs: True @@ -67,4 +67,4 @@ influxdb_state_not_allowed: test.fail_without_changes: - name: influxdb_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} From cd5abf924c8e45671359338c961f66e58eb9ccde Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Thu, 21 Jan 2021 09:31:15 +0900 Subject: [PATCH 08/14] To make log rotation working --- salt/playbook/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index dca898eec..3a080ee7d 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -62,7 +62,7 @@ query_updatepluginurls: playbooklogdir: file.directory: - name: /opt/so/log/playbook - - dir_mode: 775 + - dir_mode: 755 - user: 939 - group: 939 - makedirs: True @@ -118,4 +118,4 @@ playbook_state_not_allowed: test.fail_without_changes: - name: playbook_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} From bcdf82620435da04a65ed493fe4ee2e66fac750d Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Fri, 22 Jan 2021 09:26:52 +0900 Subject: [PATCH 09/14] Update init.sls --- salt/suricata/init.sls | 25 ++----------------------- 1 file changed, 2 insertions(+), 23 deletions(-) diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index 99609be32..f0e4a54a7 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -83,12 +83,6 @@ surilogscript: - source: salt://suricata/cron/surilogcompress - mode: 755 -surirotatescript: - file.managed: - - name: /usr/local/bin/surirotate - - source: salt://suricata/cron/surirotate - - mode: 755 - /usr/local/bin/surilogcompress: cron.present: - user: suricata @@ -141,7 +135,7 @@ suribpf: - contents: - "" {% endif %} - + so-suricata: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-suricata:{{ VERSION }} @@ -176,25 +170,10 @@ disable_so-suricata_so-status.conf: - regex: ^so-suricata$ {% endif %} -surilogrotate: - file.managed: - - name: /opt/so/conf/suricata/suri-rotate.conf - - source: salt://suricata/files/suri-rotate.conf - - mode: 644 - -/usr/local/bin/surirotate: - cron.present: - - user: root - - minute: '11' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' - {% else %} suricata_state_not_allowed: test.fail_without_changes: - name: suricata_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} From f156106e572c6bf40a63f93106887a79724650f6 Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Fri, 22 Jan 2021 09:29:08 +0900 Subject: [PATCH 10/14] Update salt/common/files/log-rotate.conf Co-authored-by: William Wernert --- salt/common/files/log-rotate.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/files/log-rotate.conf b/salt/common/files/log-rotate.conf index d1b7c891c..04c89c9d9 100644 --- a/salt/common/files/log-rotate.conf +++ b/salt/common/files/log-rotate.conf @@ -11,7 +11,7 @@ /opt/so/log/soctopus/*.log /opt/so/log/curator/*.log /opt/so/log/fleet/*.log -/opt/so/log/suricata/suricata.log +/opt/so/log/suricata/*.log /opt/so/log/mysql/*.log /opt/so/log/playbook/*.log /opt/so/log/telegraf/*.log From e0bbc8cc51398a3873f7214de9a2b849f8538d15 Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Fri, 22 Jan 2021 10:08:07 +0900 Subject: [PATCH 11/14] Delete surirotate --- salt/suricata/cron/surirotate | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 salt/suricata/cron/surirotate diff --git a/salt/suricata/cron/surirotate b/salt/suricata/cron/surirotate deleted file mode 100644 index 4da651d0e..000000000 --- a/salt/suricata/cron/surirotate +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -# Gzip the eve logs -/usr/sbin/logrotate -f /opt/so/conf/suricata/suri-rotate.conf > /dev/null 2>&1 From 249651edc703c9f59c6881d8d1f2fbe983fa5709 Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Fri, 22 Jan 2021 10:08:23 +0900 Subject: [PATCH 12/14] Delete suri-rotate.conf --- salt/suricata/files/suri-rotate.conf | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 salt/suricata/files/suri-rotate.conf diff --git a/salt/suricata/files/suri-rotate.conf b/salt/suricata/files/suri-rotate.conf deleted file mode 100644 index e8461c48f..000000000 --- a/salt/suricata/files/suri-rotate.conf +++ /dev/null @@ -1,12 +0,0 @@ -/opt/so/log/suricata/stats.log -{ - daily - rotate 2 - missingok - nocompress - create - sharedscripts - postrotate - docker exec -d so-suricata bash -c 'kill -HUP $(cat /var/run/suricata.pid)' - endscript -} From 995d618ff5f3e23a4ed40bcac62c59c89a14f51e Mon Sep 17 00:00:00 2001 From: Masaya-A <68965261+Masaya-A@users.noreply.github.com> Date: Mon, 25 Jan 2021 15:45:33 +0900 Subject: [PATCH 13/14] Add cron.absent to remove old cron job if present --- salt/suricata/init.sls | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index a3e5a38a3..3de6e3568 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -168,6 +168,15 @@ disable_so-suricata_so-status.conf: - regex: ^so-suricata$ {% endif %} +/usr/local/bin/surirotate: + cron.absent: + - user: root + - minute: '11' + - hour: '*' + - daymonth: '*' + - month: '*' + - dayweek: '*' + {% else %} {{sls}}_state_not_allowed: From 2e32b53158fe4303fde96bac3136da0f8f5e491e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 25 Jan 2021 13:20:46 -0500 Subject: [PATCH 14/14] Fix function for appliances --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 1df065e71..12d8fb247 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -736,7 +736,7 @@ check_requirements() { check_sos_appliance() { # Lets see if this is a SOS Appliance - if [ -f "/etc/SOSMODEL"]; then + if [ -f "/etc/SOSMODEL" ]; then local MODEL=$(cat /etc/SOSMODEL) echo "Found SOS Model $MODEL" echo "sosmodel: $MODEL" >> /etc/salt/grains