CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

connect work

Browse Source
This commit is contained in:
Jason Ertel
2024-10-16 13:44:01 -04:00
parent 15c32f9103
commit 523ff66389
28 changed files with 513 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
pillar/top.sls
View File

@@ -47,6 +47,8 @@ base:
- kibana.adv_kibana
- kratos.soc_kratos
- kratos.adv_kratos
- hydra.soc_hydra
- hydra.adv_hydra
- redis.nodes
- redis.soc_redis
- redis.adv_redis
@@ -96,6 +98,7 @@ base:
- kibana.secrets
{% endif %}
- kratos.soc_kratos
- kratos.adv_kratos
- elasticsearch.soc_elasticsearch
- elasticsearch.adv_elasticsearch
- elasticfleet.soc_elasticfleet
@@ -113,8 +116,8 @@ base:
- kibana.adv_kibana
- strelka.soc_strelka
- strelka.adv_strelka
- kratos.soc_kratos
- kratos.adv_kratos
- hydra.soc_hydra
- hydra.adv_hydra
- redis.soc_redis
- redis.adv_redis
- influxdb.soc_influxdb
@@ -149,6 +152,8 @@ base:
- idstools.adv_idstools
- kratos.soc_kratos
- kratos.adv_kratos
- hydra.soc_hydra
- hydra.adv_hydra
- redis.nodes
- redis.soc_redis
- redis.adv_redis
@@ -262,6 +267,7 @@ base:
- kibana.secrets
{% endif %}
- kratos.soc_kratos
- kratos.adv_kratos
- elasticsearch.soc_elasticsearch
- elasticsearch.adv_elasticsearch
- elasticfleet.soc_elasticfleet
@@ -277,8 +283,8 @@ base:
- kibana.adv_kibana
- backup.soc_backup
- backup.adv_backup
- kratos.soc_kratos
- kratos.adv_kratos
- hydra.soc_hydra
- hydra.adv_hydra
- redis.soc_redis
- redis.adv_redis
- influxdb.soc_influxdb

5
salt/allowed_states.map.jinja
View File

@@ -24,6 +24,7 @@
'influxdb',
'soc',
'kratos',
'hydra',
'elasticfleet',
'elastic-fleet-package-registry',
'firewall',
@@ -68,6 +69,7 @@
'strelka.manager',
'soc',
'kratos',
'hydra',
'influxdb',
'telegraf',
'firewall',
@@ -95,6 +97,7 @@
'strelka.manager',
'soc',
'kratos',
'hydra',
'elasticfleet',
'elastic-fleet-package-registry',
'firewall',
@@ -117,6 +120,7 @@
'strelka.manager',
'soc',
'kratos',
'hydra',
'elastic-fleet-package-registry',
'elasticfleet',
'firewall',
@@ -151,6 +155,7 @@
'influxdb',
'soc',
'kratos',
'hydra',
'elastic-fleet-package-registry',
'elasticfleet',
'firewall',

1
salt/backup/defaults.yaml
View File

@@ -4,4 +4,5 @@ backup:
- /etc/pki
- /etc/salt
- /nsm/kratos
- /nsm/hydra
destination: "/nsm/backup"

2
salt/common/tools/sbin/so-image-common
View File

@@ -29,6 +29,7 @@ container_list() {
"so-influxdb"
"so-kibana"
"so-kratos"
"so-hydra"
"so-nginx"
"so-pcaptools"
"so-soc"
@@ -53,6 +54,7 @@ container_list() {
"so-kafka"
"so-kibana"
"so-kratos"
"so-hydra"
"so-logstash"
"so-nginx"
"so-pcaptools"

8
salt/docker/defaults.yaml
View File

@@ -51,6 +51,14 @@ docker:
custom_bind_mounts: []
extra_hosts: []
extra_env: []
'so-hydra':
final_octet: 28
port_bindings:
- 0.0.0.0:4444:4444
- 0.0.0.0:4454:4445
custom_bind_mounts: []
extra_hosts: []
extra_env: []
'so-logstash':
final_octet: 29
port_bindings:

1
salt/docker/soc_docker.yaml
View File

@@ -45,6 +45,7 @@ docker:
so-influxdb: *dockerOptions
so-kibana: *dockerOptions
so-kratos: *dockerOptions
so-hydra: *dockerOptions
so-logstash: *dockerOptions
so-nginx: *dockerOptions
so-nginx-fleet-node: *dockerOptions

30
salt/elasticfleet/files/integrations/grid-nodes_general/hydra-logs.json Normal file
View File

@@ -0,0 +1,30 @@
{
"package": {
"name": "log",
"version": ""
},
"name": "hydra-logs",
"namespace": "so",
"description": "Hydra logs",
"policy_id": "so-grid-nodes_general",
"inputs": {
"logs-logfile": {
"enabled": true,
"streams": {
"log.logs": {
"enabled": true,
"vars": {
"paths": [
"/opt/so/log/hydra/hydra.log"
],
"data_stream.dataset": "hydra",
"tags": ["so-hydra"],
"processors": "- decode_json_fields:\n fields: [\"message\"]\n target: \"\"\n add_error_key: true \n- add_fields:\n target: event\n fields:\n category: iam\n module: hydra",
"custom": "pipeline: hydra"
}
}
}
}
},
"force": true
}

110
salt/elasticsearch/defaults.yaml
View File

@@ -794,6 +794,116 @@ elasticsearch:
priority: 50
min_age: 30d
warm: 7
so-hydra:
close: 30
delete: 365
index_sorting: false
index_template:
composed_of:
- agent-mappings
- dtc-agent-mappings
- base-mappings
- dtc-base-mappings
- client-mappings
- dtc-client-mappings
- container-mappings
- destination-mappings
- dtc-destination-mappings
- pb-override-destination-mappings
- dll-mappings
- dns-mappings
- dtc-dns-mappings
- ecs-mappings
- dtc-ecs-mappings
- error-mappings
- event-mappings
- dtc-event-mappings
- file-mappings
- dtc-file-mappings
- group-mappings
- host-mappings
- dtc-host-mappings
- http-mappings
- dtc-http-mappings
- log-mappings
- network-mappings
- dtc-network-mappings
- observer-mappings
- dtc-observer-mappings
- organization-mappings
- package-mappings
- process-mappings
- dtc-process-mappings
- related-mappings
- rule-mappings
- dtc-rule-mappings
- server-mappings
- service-mappings
- dtc-service-mappings
- source-mappings
- dtc-source-mappings
- pb-override-source-mappings
- threat-mappings
- tls-mappings
- url-mappings
- user_agent-mappings
- dtc-user_agent-mappings
- common-settings
- common-dynamic-mappings
data_stream:
allow_custom_routing: false
hidden: false
ignore_missing_component_templates: []
index_patterns:
- logs-hydra-so*
priority: 500
template:
mappings:
date_detection: false
dynamic_templates:
- strings_as_keyword:
mapping:
ignore_above: 1024
type: keyword
match_mapping_type: string
settings:
index:
lifecycle:
name: so-hydra-logs
mapping:
total_fields:
limit: 5000
number_of_replicas: 0
number_of_shards: 1
refresh_interval: 30s
sort:
field: '@timestamp'
order: desc
policy:
phases:
cold:
actions:
set_priority:
priority: 0
min_age: 60d
delete:
actions:
delete: {}
min_age: 365d
hot:
actions:
rollover:
max_age: 30d
max_primary_shard_size: 50gb
set_priority:
priority: 100
min_age: 0ms
warm:
actions:
set_priority:
priority: 50
min_age: 30d
warm: 7
so-lists:
index_sorting: false
index_template:

9
salt/elasticsearch/files/ingest/hydra Normal file
View File

@@ -0,0 +1,9 @@
{
"description" : "hydra",
"processors" : [
{"set":{"field":"audience","value":"access","override":false,"ignore_failure":true}},
{"set":{"field":"event.dataset","ignore_empty_value":true,"ignore_failure":true,"value":"hydra.{{{audience}}}","media_type":"text/plain"}},
{"set":{"field":"event.action","ignore_failure":true,"copy_from":"msg" }},
{ "pipeline": { "name": "common" } }
]
}

1
salt/elasticsearch/soc_elasticsearch.yaml
View File

@@ -539,6 +539,7 @@ elasticsearch:
so-suricata_x_alerts: *indexSettings
so-import: *indexSettings
so-kratos: *indexSettings
so-hydra: *indexSettings
so-kismet: *indexSettings
so-logstash: *indexSettings
so-redis: *indexSettings

3
salt/firewall/containers.map.jinja
View File

@@ -9,6 +9,7 @@
'so-influxdb',
'so-kibana',
'so-kratos',
'so-hydra',
'so-nginx',
'so-redis',
'so-soc',
@@ -30,6 +31,7 @@
'so-kafka',
'so-kibana',
'so-kratos',
'so-hydra',
'so-logstash',
'so-nginx',
'so-redis',
@@ -73,6 +75,7 @@
'so-influxdb',
'so-kibana',
'so-kratos',
'so-hydra',
'so-nginx',
'so-soc'
] %}

50
salt/hydra/config.sls Normal file
View File

@@ -0,0 +1,50 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
{% from "hydra/map.jinja" import hydraMERGED %}
hydradir:
file.directory:
- name: /nsm/hydra
- user: 928
- group: 928
- mode: 700
- makedirs: True
hydradbdir:
file.directory:
- name: /nsm/hydra/db
- user: 928
- group: 928
- mode: 700
- makedirs: True
hydralogdir:
file.directory:
- name: /opt/so/log/hydra
- user: 928
- group: 928
- makedirs: True
hydraconfig:
file.managed:
- name: /opt/so/conf/hydra/hydra.yaml
- source: salt://hydra/files/hydra.yaml.jinja
- user: 928
- group: 928
- mode: 600
- template: jinja
- defaults:
hydraMERGED: {{ hydraMERGED }}
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

37
salt/hydra/defaults.yaml Normal file
View File

@@ -0,0 +1,37 @@
hydra:
enabled: False
config:
serve:
cookies:
same_site_mode: Lax
public:
port: 4444
admin:
port: 4445
urls:
self:
issuer: https://URL_BASE/connect
public: https://URL_BASE/connect
admin: http://localhost:4445
login: https://URL_BASE/login
logout: https://URL_BASE/logout
identity_provider:
url: http://127.0.0.1:4434/admin
publicUrl: https://URL_BASE/auth
headers:
Authorization: Bearer some-token
secrets:
system: []
oidc:
subject_identifiers:
supported_types:
- pairwise
- public
pairwise:
salt: ""
sqa:
opt_out: true

27
salt/hydra/disabled.sls Normal file
View File

@@ -0,0 +1,27 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
include:
- hydra.sostatus
so-hydra:
docker_container.absent:
- force: True
so-hydra_so-status.disabled:
file.comment:
- name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-hydra$
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

105
salt/hydra/enabled.sls Normal file
View File

@@ -0,0 +1,105 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
#
# Note: Per the Elastic License 2.0, the second limitation states:
#
# "You may not move, change, disable, or circumvent the license key functionality
# in the software, and you may not remove or obscure any functionality in the
# software that is protected by the license key."
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
{% from 'docker/docker.map.jinja' import DOCKER %}
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% if 'api' in salt['pillar.get']('features', []) %}
include:
- hydra.config
- hydra.sostatus
so-hydra:
docker_container.running:
- image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-hydra:{{ GLOBALS.so_version }}
- hostname: hydra
- name: so-hydra
- networks:
- sobridge:
- ipv4_address: {{ DOCKER.containers['so-hydra'].ip }}
- binds:
- /opt/so/conf/hydra/:/hydra-conf:ro
- /opt/so/log/hydra/:/hydra-log:rw
- /nsm/hydra/db:/hydra-data:rw
{% if DOCKER.containers['so-hydra'].custom_bind_mounts %}
{% for BIND in DOCKER.containers['so-hydra'].custom_bind_mounts %}
- {{ BIND }}
{% endfor %}
{% endif %}
- port_bindings:
{% for BINDING in DOCKER.containers['so-hydra'].port_bindings %}
- {{ BINDING }}
{% endfor %}
{% if DOCKER.containers['so-hydra'].extra_hosts %}
- extra_hosts:
{% for XTRAHOST in DOCKER.containers['so-hydra'].extra_hosts %}
- {{ XTRAHOST }}
{% endfor %}
{% endif %}
{% if DOCKER.containers['so-hydra'].extra_env %}
- environment:
{% for XTRAENV in DOCKER.containers['so-hydra'].extra_env %}
- {{ XTRAENV }}
{% endfor %}
{% endif %}
- restart_policy: unless-stopped
- watch:
- file: hydraschema
- file: hydraconfig
- require:
- file: hydraschema
- file: hydraconfig
- file: hydralogdir
- file: hydradir
delete_so-hydra_so-status.disabled:
file.uncomment:
- name: /opt/so/conf/so-status/so-status.conf
- regex: ^so-hydra$
wait_for_hydra:
http.wait_for_successful_query:
- name: 'http://{{ GLOBALS.manager }}:4444/'
- ssl: True
- verify_ssl: False
- status:
- 200
- 301
- 302
- 404
- status_type: list
- wait_for: 300
- request_interval: 10
- require:
- docker_container: so-hydra
{% else %}
{{sls}}_no_license_detected:
test.fail_without_changes:
- name: {{sls}}_no_license_detected
- comment:
- "This is a feature supported only for customers with a valid license.
Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com
for more information about purchasing a license to enable this feature."
include:
- hydra.disabled
{% endif %}
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

1
salt/hydra/files/hydra.yaml.jinja Normal file
View File

@@ -0,0 +1 @@
{{ HYDRAMERGED.config | yaml(false) }}

13
salt/hydra/init.sls Normal file
View File

@@ -0,0 +1,13 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'hydra/map.jinja' import HYDRAMERGED %}
include:
{% if HYDRAMERGED.enabled %}
- hydra.enabled
{% else %}
- hydra.disabled
{% endif %}

7
salt/hydra/map.jinja Normal file
View File

@@ -0,0 +1,7 @@
{# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
https://securityonion.net/license; you may not use this file except in compliance with the
Elastic License 2.0. #}
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% import_yaml 'hydra/defaults.yaml' as HYDRADEFAULTS %}

4
salt/hydra/soc_hydra.yaml Normal file
View File

@@ -0,0 +1,4 @@
hydra:
enabled:
description: Enables or disables the API authentication system, used for service account authentication.
helpLink: api.html

21
salt/hydra/sostatus.sls Normal file
View File

@@ -0,0 +1,21 @@
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
{% from 'allowed_states.map.jinja' import allowed_states %}
{% if sls.split('.')[0] in allowed_states %}
append_so-hydra_so-status.conf:
file.append:
- name: /opt/so/conf/so-status/so-status.conf
- text: so-hydra
- unless: grep -q so-hydra /opt/so/conf/so-status/so-status.conf
{% else %}
{{sls}}_state_not_allowed:
test.fail_without_changes:
- name: {{sls}}_state_not_allowed
{% endif %}

10
salt/logrotate/defaults.yaml
View File

@@ -40,6 +40,16 @@ logrotate:
- extension .log
- dateext
- dateyesterday
/opt/so/log/hydra/*_x_log:
- daily
- rotate 14
- missingok
- copytruncate
- compress
- create
- extension .log
- dateext
- dateyesterday
/opt/so/log/kibana/*_x_log:
- daily
- rotate 14

7
salt/logrotate/soc_logrotate.yaml
View File

@@ -28,6 +28,13 @@ logrotate:
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/hydra/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/hydra/*.log
advanced: True
multiline: True
global: True
forcedType: "[]string"
"/opt/so/log/kibana/*_x_log":
description: List of logrotate options for this file.
title: /opt/so/log/kibana/*.log

12
salt/manager/tools/sbin/so-minion
View File

@@ -368,6 +368,13 @@ function add_kratos_to_minion() {
" " >> $PILLARFILE
}
function add_hydra_to_minion() {
printf '%s\n'\
"hydra:"\
" enabled: True"\
" " >> $PILLARFILE
}
function add_idstools_to_minion() {
printf '%s\n'\
"idstools:"\
@@ -448,6 +455,7 @@ function createEVAL() {
add_soc_to_minion
add_registry_to_minion
add_kratos_to_minion
add_hydra_to_minion
add_idstools_to_minion
add_elastic_fleet_package_registry_to_minion
}
@@ -468,6 +476,7 @@ function createSTANDALONE() {
add_soc_to_minion
add_registry_to_minion
add_kratos_to_minion
add_hydra_to_minion
add_idstools_to_minion
add_elastic_fleet_package_registry_to_minion
}
@@ -484,6 +493,7 @@ function createMANAGER() {
add_soc_to_minion
add_registry_to_minion
add_kratos_to_minion
add_hydra_to_minion
add_idstools_to_minion
add_elastic_fleet_package_registry_to_minion
}
@@ -500,6 +510,7 @@ function createMANAGERSEARCH() {
add_soc_to_minion
add_registry_to_minion
add_kratos_to_minion
add_hydra_to_minion
add_idstools_to_minion
add_elastic_fleet_package_registry_to_minion
}
@@ -514,6 +525,7 @@ function createIMPORT() {
add_soc_to_minion
add_registry_to_minion
add_kratos_to_minion
add_hydra_to_minion
add_idstools_to_minion
add_elastic_fleet_package_registry_to_minion
}

2
salt/nginx/etc/nginx.conf
View File

@@ -219,6 +219,7 @@ http {
proxy_set_header X-Forwarded-Proto $scheme;
}
{% if 'api' in salt['pillar.get']('features', []) %}
location /connect/token {
rewrite /connect/token(.*) /oauth2/token$1 break;
limit_req zone=auth_throttle burst={{ NGINXMERGED.config.throttle_login_burst }} nodelay;
@@ -247,6 +248,7 @@ http {
proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Proto $scheme;
}
{%- endif %}
location /cyberchef/ {
auth_request /auth/sessions/whoami;

7
salt/soc/defaults.yaml
View File

@@ -119,6 +119,13 @@ soc:
- identity_id
- http_request.headers.user-agent
- msg
':kratos:':
- soc_timestamp
- event.dataset
- http_request.headers.x-real-ip
- identity_id
- http_request.headers.user-agent
- msg
'::conn':
- soc_timestamp
- event.dataset

5
salt/top.sls
View File

@@ -61,6 +61,7 @@ base:
- influxdb
- soc
- kratos
- hydra
- sensoroni
- telegraf
- firewall
@@ -90,6 +91,7 @@ base:
- strelka.manager
- soc
- kratos
- hydra
- firewall
- manager
- sensoroni
@@ -122,6 +124,7 @@ base:
- influxdb
- soc
- kratos
- hydra
- firewall
- sensoroni
- telegraf
@@ -168,6 +171,7 @@ base:
- strelka.manager
- soc
- kratos
- hydra
- firewall
- manager
- sensoroni
@@ -219,6 +223,7 @@ base:
- strelka.manager
- soc
- kratos
- hydra
- sensoroni
- telegraf
- firewall

23
setup/so-functions
View File

@@ -791,6 +791,7 @@ create_manager_pillars() {
redis_pillar
idstools_pillar
kratos_pillar
hydra_pillar
soc_pillar
idh_pillar
influxdb_pillar
@@ -1108,6 +1109,7 @@ generate_passwords(){
INFLUXTOKEN=$(head -c 64 /dev/urandom | base64 --wrap=0)
SENSORONIKEY=$(get_random_value)
KRATOSKEY=$(get_random_value)
HYDRAKEY=$(get_random_value)
REDISPASS=$(get_random_value)
SOCSRVKEY=$(get_random_value 64)
IMPORTPASS=$(get_random_value)
@@ -1303,6 +1305,18 @@ kratos_pillar() {
"" > "$kratos_pillar_file"
}
hydra_pillar() {
title "Create the Hydra pillar file"
touch $adv_hydra_pillar_file
printf '%s\n'\
"hydra:"\
" config:"\
" secrets:"\
" system:"\
" - '$HYDRAKEY'"\
"" > "$hydra_pillar_file"
}
create_global() {
title "Creating the global.sls"
touch $adv_global_pillar_file
@@ -1404,10 +1418,10 @@ make_some_dirs() {
mkdir -p $local_salt_dir/salt/firewall/portgroups
mkdir -p $local_salt_dir/salt/firewall/ports
for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni soc docker zeek suricata nginx telegraf logstash soc manager kratos idstools idh elastalert stig global kafka;do
mkdir -p $local_salt_dir/pillar/$THEDIR
touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls
touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls
for THEDIR in bpf pcap elasticsearch ntp firewall redis backup influxdb strelka sensoroni soc docker zeek suricata nginx telegraf logstash soc manager kratos hydra idstools idh elastalert stig global kafka;do
mkdir -p $local_salt_dir/pillar/$THEDIR
touch $local_salt_dir/pillar/$THEDIR/adv_$THEDIR.sls
touch $local_salt_dir/pillar/$THEDIR/soc_$THEDIR.sls
done
}
@@ -1639,6 +1653,7 @@ reinstall_init() {
# Backup (and erase) directories in /nsm to prevent app errors
backup_dir /nsm/mysql "$date_string"
backup_dir /nsm/kratos "$date_string"
backup_dir /nsm/hydra "$date_string"
backup_dir /nsm/influxdb "$date_string"
# Uninstall local Elastic Agent, if installed

6
setup/so-variables
View File

@@ -160,6 +160,12 @@ export kratos_pillar_file
adv_kratos_pillar_file="$local_salt_dir/pillar/kratos/adv_kratos.sls"
export adv_kratos_pillar_file
hydra_pillar_file="$local_salt_dir/pillar/hydra/soc_hydra.sls"
export hydra_pillar_file
adv_hydra_pillar_file="$local_salt_dir/pillar/hydra/adv_hydra.sls"
export adv_hydra_pillar_file
idstools_pillar_file="$local_salt_dir/pillar/idstools/soc_idstools.sls"
export idstools_pillar_file