diff --git a/salt/salt/master.defaults.yaml b/salt/salt/master.defaults.yaml index a34a96b9e..c366ae6ce 100644 --- a/salt/salt/master.defaults.yaml +++ b/salt/salt/master.defaults.yaml @@ -1,4 +1,5 @@ #version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched +# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: master: version: 3001 \ No newline at end of file diff --git a/salt/salt/minion.defaults.yaml b/salt/salt/minion.defaults.yaml index 4978a4a73..cd061237b 100644 --- a/salt/salt/minion.defaults.yaml +++ b/salt/salt/minion.defaults.yaml @@ -1,4 +1,5 @@ #version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched +# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: minion: version: 3001 \ No newline at end of file diff --git a/setup/so-functions b/setup/so-functions index 2f1ea7198..cb9c75437 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1251,14 +1251,15 @@ reserve_group_ids() { groupadd -g 946 cyberchef } +# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and salt/salt/master.defaults.yaml and salt/salt/minion.defaults.yaml saltify() { # Install updates and Salt if [ $OS = 'centos' ]; then set_progress_str 5 'Installing Salt repo' { - sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/2019.2.5/SALTSTACK-GPG-KEY.pub; - cp ./yum_repos/salt-2019-2-5.repo /etc/yum.repos.d/salt-2019-2-5.repo; + sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/3001/SALTSTACK-GPG-KEY.pub; + cp ./yum_repos/saltstack.repo /etc/yum.repos.d/saltstack.repo; } >> "$setup_log" 2>&1 set_progress_str 6 'Installing various dependencies' yum -y install wget nmap-ncat >> "$setup_log" 2>&1 @@ -1269,12 +1270,12 @@ saltify() { yum -y install sqlite argon2 curl mariadb-devel >> "$setup_log" 2>&1 # Download Ubuntu Keys in case manager updates = 1 mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 - wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 + wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3001/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1 set_progress_str 7 'Installing salt-master' - yum -y install salt-master-2019.2.5 >> "$setup_log" 2>&1 + yum -y install salt-master-3001 >> "$setup_log" 2>&1 systemctl enable salt-master >> "$setup_log" 2>&1 ;; *) @@ -1284,8 +1285,7 @@ saltify() { cp ./public_keys/salt.pem /etc/pki/rpm-gpg/saltstack-signing-key; # Copy repo files over - cp ./yum_repos/salt-latest.repo /etc/yum.repos.d/salt-latest.repo; - cp ./yum_repos/salt-2019-2-5.repo /etc/yum.repos.d/salt-2019-2-5.repo; + cp ./yum_repos/saltstack.repo /etc/yum.repos.d/saltstack.repo; } >> "$setup_log" 2>&1 fi ;; @@ -1295,7 +1295,7 @@ saltify() { set_progress_str 8 'Installing salt-minion & python modules' { yum -y install epel-release - yum -y install salt-minion-2019.2.5\ + yum -y install salt-minion-3001\ python3\ python36-docker\ python36-dateutil\ @@ -1338,8 +1338,8 @@ saltify() { 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE') # TODO: should this also be HELIXSENSOR? # Add saltstack repo(s) - wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/2019.2.5/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5 $OSVER main" > /etc/apt/sources.list.d/saltstack2019.list 2>> "$setup_log" + wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3001/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" # Add Docker repo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 @@ -1347,7 +1347,7 @@ saltify() { # Get gpg keys mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 - wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 + wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3001/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 @@ -1360,7 +1360,7 @@ saltify() { set_progress_str 6 'Installing various dependencies' apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1 set_progress_str 7 'Installing salt-master' - apt-get -y install salt-master=2019.2.5+ds-1 >> "$setup_log" 2>&1 + apt-get -y install salt-master=3001+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-master >> "$setup_log" 2>&1 ;; *) @@ -1371,14 +1371,14 @@ saltify() { echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" ;; esac apt-get update >> "$setup_log" 2>&1 set_progress_str 8 'Installing salt-minion & python modules' - apt-get -y install salt-minion=2019.2.5+ds-1\ - salt-common=2019.2.5+ds-1 >> "$setup_log" 2>&1 + apt-get -y install salt-minion=3001+ds-1\ + salt-common=3001+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1 if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 diff --git a/setup/yum_repos/salt-2019-2-5.repo b/setup/yum_repos/salt-2019-2-5.repo deleted file mode 100644 index e456fdd87..000000000 --- a/setup/yum_repos/salt-2019-2-5.repo +++ /dev/null @@ -1,6 +0,0 @@ -[saltstack-repo] -name=SaltStack repo for RHEL/CentOS $releasever PY3 -baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/2019.2.5/ -enabled=1 -gpgcheck=1 -gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/2019.2.5/SALTSTACK-GPG-KEY.pub diff --git a/setup/yum_repos/salt-latest.repo b/setup/yum_repos/salt-latest.repo deleted file mode 100644 index 709053a9b..000000000 --- a/setup/yum_repos/salt-latest.repo +++ /dev/null @@ -1,7 +0,0 @@ -[salt-latest] -name=SaltStack Latest Release Channel for RHEL/Centos $releasever -baseurl=https://repo.saltstack.com/py3/redhat/7/$basearch/latest -failovermethod=priority -enabled=1 -gpgcheck=1 -gpgkey=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub \ No newline at end of file diff --git a/setup/yum_repos/saltstack.repo b/setup/yum_repos/saltstack.repo new file mode 100644 index 000000000..f04f02be0 --- /dev/null +++ b/setup/yum_repos/saltstack.repo @@ -0,0 +1,6 @@ +[saltstack-repo] +name=SaltStack repo for RHEL/CentOS $releasever PY3 +baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001/SALTSTACK-GPG-KEY.pub