diff --git a/salt/airgap/init.sls b/salt/airgap/init.sls
index b7ad3da1b..818bb3a3b 100644
--- a/salt/airgap/init.sls
+++ b/salt/airgap/init.sls
@@ -1,3 +1,6 @@
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
+
{% set MANAGER = salt['grains.get']('master') %}
airgapyum:
file.managed:
@@ -57,4 +60,12 @@ agssrepo:
agwazrepo:
file.absent:
- - name: /etc/yum.repos.d/wazuh.repo
\ No newline at end of file
+ - name: /etc/yum.repos.d/wazuh.repo
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+ test.fail_without_changes:
+ - name: {{sls}}_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
new file mode 100644
index 000000000..665fdbe3d
--- /dev/null
+++ b/salt/allowed_states.map.jinja
@@ -0,0 +1,299 @@
+{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
+{% set WAZUH = salt['pillar.get']('global:wazuh', '0') %}
+{% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
+{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
+{% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
+{% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
+{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
+{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
+{% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %}
+{% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %}
+{% set FILEBEAT = salt['pillar.get']('filebeat:enabled', True) %}
+{% set KIBANA = salt['pillar.get']('kibana:enabled', True) %}
+{% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %}
+{% set CURATOR = salt['pillar.get']('curator:enabled', True) %}
+{% set REDIS = salt['pillar.get']('redis:enabled', True) %}
+{% set STRELKA = salt['pillar.get']('strelka:enabled', '0') %}
+{% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
+{% import_yaml 'salt/minion.defaults.yaml' as saltversion %}
+{% set saltversion = saltversion.salt.minion.version %}
+
+{# this is the list we are returning from this map file, it gets built below #}
+{% set allowed_states= [] %}
+
+{% if grains.saltversion | string == saltversion | string %}
+
+ {% set allowed_states= salt['grains.filter_by']({
+ 'so-eval': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'manager',
+ 'nginx',
+ 'telegraf',
+ 'influxdb',
+ 'grafana',
+ 'soc',
+ 'firewall',
+ 'idstools',
+ 'suricata.manager',
+ 'healthcheck',
+ 'pcap',
+ 'suricata',
+ 'utility',
+ 'schedule',
+ 'soctopus',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ 'so-heavynode': [
+ 'ca',
+ 'ssl',
+ 'nginx',
+ 'telegraf',
+ 'firewall',
+ 'pcap',
+ 'suricata',
+ 'healthcheck',
+ 'schedule',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ 'so-helixsensor': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'telegraf',
+ 'firewall',
+ 'idstools',
+ 'suricata.manager',
+ 'zeek',
+ 'redis',
+ 'elasticsearch',
+ 'logstash',
+ 'schedule',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ 'so-fleet': [
+ 'ca',
+ 'ssl',
+ 'nginx',
+ 'telegraf',
+ 'firewall',
+ 'mysql',
+ 'redis',
+ 'fleet',
+ 'fleet.install_package',
+ 'filebeat',
+ 'schedule',
+ 'docker_clean'
+ ],
+ 'so-import': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'manager',
+ 'nginx',
+ 'soc',
+ 'firewall',
+ 'idstools',
+ 'suricata.manager',
+ 'pcap',
+ 'utility',
+ 'suricata',
+ 'zeek',
+ 'schedule',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ 'so-manager': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'manager',
+ 'nginx',
+ 'telegraf',
+ 'influxdb',
+ 'grafana',
+ 'soc',
+ 'firewall',
+ 'idstools',
+ 'suricata.manager',
+ 'utility',
+ 'schedule',
+ 'soctopus',
+ 'docker_clean'
+ ],
+ 'so-managersearch': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'nginx',
+ 'telegraf',
+ 'influxdb',
+ 'grafana',
+ 'soc',
+ 'firewall',
+ 'manager',
+ 'idstools',
+ 'suricata.manager',
+ 'utility',
+ 'schedule',
+ 'soctopus',
+ 'docker_clean'
+ ],
+ 'so-node': [
+ 'ca',
+ 'ssl',
+ 'nginx',
+ 'telegraf',
+ 'firewall',
+ 'schedule',
+ 'docker_clean'
+ ],
+ 'so-standalone': [
+ 'salt.master',
+ 'ca',
+ 'ssl',
+ 'registry',
+ 'manager',
+ 'nginx',
+ 'telegraf',
+ 'influxdb',
+ 'grafana',
+ 'soc',
+ 'firewall',
+ 'idstools',
+ 'suricata.manager',
+ 'pcap',
+ 'suricata',
+ 'healthcheck',
+ 'utility',
+ 'schedule',
+ 'soctopus',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ 'so-sensor': [
+ 'ca',
+ 'ssl',
+ 'telegraf',
+ 'firewall',
+ 'nginx',
+ 'pcap',
+ 'suricata',
+ 'healthcheck',
+ 'wazuh',
+ 'filebeat',
+ 'schedule',
+ 'tcpreplay',
+ 'docker_clean'
+ ],
+ }, grain='role') %}
+
+ {% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import'] %}
+ {% do allowed_states.append('filebeat') %}
+ {% endif %}
+
+ {% if ((FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0) and grains.role in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone'] %}
+ {% do allowed_states.append('mysql') %}
+ {% endif %}
+
+ {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %}
+ {% do allowed_states.append('fleet.install_package') %}
+ {% endif %}
+
+ {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
+ {% do allowed_states.append('fleet') %}
+ {% endif %}
+
+ {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-eval'] %}
+ {% do allowed_states.append('redis') %}
+ {% endif %}
+
+ {%- if ZEEKVER != 'SURICATA' and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %}
+ {% do allowed_states.append('zeek') %}
+ {%- endif %}
+
+ {% if STRELKA and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %}
+ {% do allowed_states.append('strelka') %}
+ {% endif %}
+
+ {% if WAZUH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode']%}
+ {% do allowed_states.append('wazuh') %}
+ {% endif %}
+
+ {% if ELASTICSEARCH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import'] %}
+ {% do allowed_states.append('elasticsearch') %}
+ {% endif %}
+
+ {% if KIBANA and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
+ {% do allowed_states.append('kibana') %}
+ {% endif %}
+
+ {% if CURATOR and grains.role in ['so-eval', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %}
+ {% do allowed_states.append('curator') %}
+ {% endif %}
+
+ {% if ELASTALERT and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
+ {% do allowed_states.append('elastalert') %}
+ {% endif %}
+
+ {% if (THEHIVE != 0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
+ {% do allowed_states.append('thehive') %}
+ {% endif %}
+
+ {% if (PLAYBOOK !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
+ {% do allowed_states.append('playbook') %}
+ {% endif %}
+
+ {% if (PLAYBOOK !=0) and grains.role in ['so-eval'] %}
+ {% do allowed_states.append('redis') %}
+ {% endif %}
+
+ {% if (FREQSERVER !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
+ {% do allowed_states.append('freqserver') %}
+ {% endif %}
+
+ {% if (DOMAINSTATS !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
+ {% do allowed_states.append('domainstats') %}
+ {% endif %}
+
+ {% if LOGSTASH and grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %}
+ {% do allowed_states.append('logstash') %}
+ {% endif %}
+
+ {% if REDIS and grains.role in ['so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
+ {% do allowed_states.append('redis') %}
+ {% endif %}
+
+ {% if grains.os == 'CentOS' %}
+ {% if not ISAIRGAP %}
+ {% do allowed_states.append('yum') %}
+ {% endif %}
+ {% do allowed_states.append('yum.packages') %}
+ {% endif %}
+
+ {# all nodes on the right salt version can run the following states #}
+ {% do allowed_states.append('common') %}
+ {% do allowed_states.append('patch.os.schedule') %}
+ {% do allowed_states.append('motd') %}
+ {% do allowed_states.append('salt.minion-check') %}
+ {% do allowed_states.append('sensoroni') %}
+ {% do allowed_states.append('salt.lasthighstate') %}
+
+{% endif %}
+
+
+{% if ISAIRGAP %}
+ {% do allowed_states.append('airgap') %}
+{% endif %}
+
+{# all nodes can always run salt.minion state #}
+{% do allowed_states.append('salt.minion') %}
\ No newline at end of file
diff --git a/salt/ca/init.sls b/salt/ca/init.sls
index 84c74ef3d..07cb75f31 100644
--- a/salt/ca/init.sls
+++ b/salt/ca/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'ca' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set manager = salt['grains.get']('master') %}
/etc/salt/minion.d/signing_policies.conf:
@@ -60,8 +58,8 @@ cakeyperms:
{% else %}
-ca_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: ca_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/common/files/99-reserved-ports.conf b/salt/common/files/99-reserved-ports.conf
new file mode 100644
index 000000000..a578ab9a5
--- /dev/null
+++ b/salt/common/files/99-reserved-ports.conf
@@ -0,0 +1 @@
+net.ipv4.ip_local_reserved_ports="55000,57314"
diff --git a/salt/common/init.sls b/salt/common/init.sls
index 337103fd9..8b17cc7f5 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'common' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set role = grains.id.split('_') | last %}
@@ -258,10 +256,21 @@ docker:
- watch:
- file: docker_daemon
+# Reserve OS ports for Docker proxy in case boot settings are not already applied/present
+dockerapplyports:
+ cmd.run:
+ - name: if [ ! -f /etc/sysctl.d/99-reserved-ports.conf ]; then sysctl -w net.ipv4.ip_local_reserved_ports="55000,57314"; fi
+
+# Reserve OS ports for Docker proxy
+dockerreserveports:
+ file.managed:
+ - source: salt://common/files/99-reserved-ports.conf
+ - name: /etc/sysctl.d/99-reserved-ports.conf
+
{% else %}
-common_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: common_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common
index ef53ce60f..1a4ca233f 100755
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -16,7 +16,7 @@
# along with this program. If not, see .
# NOTE: This script depends on so-common
-IMAGEREPO=securityonion
+IMAGEREPO=security-onion-solutions
container_list() {
MANAGERCHECK=$1
@@ -103,7 +103,7 @@ update_docker_containers() {
local PROGRESS_CALLBACK=$3
local LOG_FILE=$4
- local CONTAINER_REGISTRY=quay.io
+ local CONTAINER_REGISTRY=ghcr.io
local SIGNPATH=/root/sosigs
if [ -z "$CURLTYPE" ]; then
diff --git a/salt/common/tools/sbin/so-tcpreplay b/salt/common/tools/sbin/so-tcpreplay
index 22722ac9b..b5dbb4155 100755
--- a/salt/common/tools/sbin/so-tcpreplay
+++ b/salt/common/tools/sbin/so-tcpreplay
@@ -48,9 +48,15 @@ if ! docker ps | grep -q so-tcpreplay; then
echo
if is_manager_node; then
- TRUSTED_CONTAINERS=("so-tcpreplay")
- mkdir -p /opt/so/log/tcpreplay
- update_docker_containers "tcpreplay" "" "" "/opt/so/log/tcpreplay/init.log"
+ set_version
+ if ! docker images | grep so-tcpreplay | grep ":5000" | grep -q $VERSION ; then
+ echo "Pulling so-tcpreplay image"
+ TRUSTED_CONTAINERS=("so-tcpreplay")
+ mkdir -p /opt/so/log/tcpreplay
+ update_docker_containers "tcpreplay" "" "" "/opt/so/log/tcpreplay/init.log"
+ else
+ echo "so-tcpreplay image exists."
+ fi
fi
if is_sensor_node; then
if ! is_manager_node; then
diff --git a/salt/curator/init.sls b/salt/curator/init.sls
index 2f0147794..245b700d0 100644
--- a/salt/curator/init.sls
+++ b/salt/curator/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'curator' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -145,8 +143,8 @@ append_so-curator_so-status.conf:
{% else %}
-curator_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: curator_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/docker/init.sls b/salt/docker/init.sls
index 273dbae91..c01bb8e67 100644
--- a/salt/docker/init.sls
+++ b/salt/docker/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'docker' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
installdocker:
pkg.installed:
@@ -14,8 +12,8 @@ docker:
{% else %}
-docker_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: docker_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/docker_clean/init.sls b/salt/docker_clean/init.sls
index 9c5ce0d17..21e672c00 100644
--- a/salt/docker_clean/init.sls
+++ b/salt/docker_clean/init.sls
@@ -1,3 +1,6 @@
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
+
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2']%}
@@ -43,3 +46,11 @@ remove_images_{{ VERSION }}:
- '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-wazuh:{{ VERSION }}'
- '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}'
{% endfor %}
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+ test.fail_without_changes:
+ - name: {{sls}}_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls
index 965d87426..da9c2926c 100644
--- a/salt/domainstats/init.sls
+++ b/salt/domainstats/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'domainstats' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -63,8 +61,8 @@ append_so-domainstats_so-status.conf:
{% else %}
-domainstats_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: domainstats_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls
index 7caef532f..fcab3f57c 100644
--- a/salt/elastalert/init.sls
+++ b/salt/elastalert/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'elastalert' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -131,8 +129,8 @@ append_so-elastalert_so-status.conf:
{% else %}
-elastalert_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: elastalert_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml
index 1ad65c43f..4a7260bc6 100644
--- a/salt/elasticsearch/files/elasticsearch.yml
+++ b/salt/elasticsearch/files/elasticsearch.yml
@@ -7,6 +7,7 @@
{%- else %}
{%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername') %}
{%- endif %}
+{%- set NODE_ROLES = salt['pillar.get']('elasticsearch:node_roles', ['data', 'ingest']) %}
cluster.name: "{{ ESCLUSTERNAME }}"
network.host: 0.0.0.0
@@ -24,24 +25,24 @@ cluster.routing.allocation.disk.threshold_enabled: true
cluster.routing.allocation.disk.watermark.low: 95%
cluster.routing.allocation.disk.watermark.high: 98%
cluster.routing.allocation.disk.watermark.flood_stage: 98%
-{%- if FEATURES is sameas true %}
#xpack.security.enabled: false
-#xpack.security.http.ssl.enabled: false
-#xpack.security.transport.ssl.enabled: false
-#xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
-#xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
-#xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
-#xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
-#xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
-#xpack.security.transport.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
-#xpack.security.transport.ssl.verification_mode: none
-#xpack.security.http.ssl.client_authentication: none
+xpack.security.transport.ssl.enabled: true
+xpack.security.transport.ssl.verification_mode: none
+xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
+xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
+xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
+{%- if grains['role'] in ['so-node','so-heavynode'] %}
+xpack.security.http.ssl.enabled: true
+xpack.security.http.ssl.client_authentication: none
+xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
+xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
+xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
+{%- endif %}
#xpack.security.authc:
# anonymous:
# username: anonymous_user
# roles: superuser
# authz_exception: true
-{%- endif %}
node.name: {{ grains.host }}
script.max_compilations_rate: 1000/1m
{%- if TRUECLUSTER is sameas true %}
@@ -55,7 +56,7 @@ discovery.seed_hosts:
{%- endfor %}
{%- endif %}
{%- else %}
-node.roles: [ data, ingest ]
+node.roles: {{ NODE_ROLES }}
node.attr.box_type: {{ NODE_ROUTE_TYPE }}
discovery.seed_hosts:
- {{ grains.master }}
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 2d83f9882..ae8976e1d 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'elasticsearch' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -25,12 +23,6 @@
{% set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %}
{% set MANAGERIP = salt['pillar.get']('global:managerip') %}
-{% if FEATURES is sameas true %}
- {% set FEATUREZ = "-features" %}
-{% else %}
- {% set FEATUREZ = '' %}
-{% endif %}
-
{% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone', 'so-import'] %}
{% set esclustername = salt['pillar.get']('manager:esclustername') %}
{% set esheap = salt['pillar.get']('manager:esheap') %}
@@ -188,7 +180,7 @@ eslogdir:
so-elasticsearch:
docker_container.running:
- - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}{{ FEATUREZ }}
+ - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}
- hostname: elasticsearch
- name: so-elasticsearch
- user: elasticsearch
@@ -222,7 +214,13 @@ so-elasticsearch:
- /nsm/elasticsearch:/usr/share/elasticsearch/data:rw
- /opt/so/log/elasticsearch:/var/log/elasticsearch:rw
- /opt/so/conf/ca/cacerts:/etc/pki/ca-trust/extracted/java/cacerts:ro
+ {% if ismanager %}
- /etc/pki/ca.crt:/usr/share/elasticsearch/config/ca.crt:ro
+ {% else %}
+ - /etc/ssl/certs/intca.crt:/usr/share/elasticsearch/config/ca.crt:ro
+ {% endif %}
+ - /etc/pki/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt:ro
+ - /etc/pki/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key:ro
- /etc/pki/elasticsearch.p12:/usr/share/elasticsearch/config/elasticsearch.p12:ro
- /opt/so/conf/elasticsearch/sotls.yml:/usr/share/elasticsearch/config/sotls.yml:ro
- watch:
@@ -265,8 +263,8 @@ so-elasticsearch-templates:
{% else %}
-elasticsearch_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: elasticsearch_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %} {# if 'elasticsearch' in top_states #}
diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml
index 799a37337..1b902d542 100644
--- a/salt/filebeat/etc/filebeat.yml
+++ b/salt/filebeat/etc/filebeat.yml
@@ -11,6 +11,10 @@
{%- set STRELKAENABLED = salt['pillar.get']('strelka:enabled', '0') %}
{%- set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) -%}
{%- set FLEETNODE = salt['pillar.get']('global:fleet_node', False) -%}
+{%- set FBMEMEVENTS = salt['pillar.get']('filebeat:mem_events', 2048) -%}
+{%- set FBMEMFLUSHMINEVENTS = salt['pillar.get']('filebeat:mem_flush_min_events', 2048) -%}
+{%- set FBLSWORKERS = salt['pillar.get']('filebeat:ls_workers', 1) -%}
+{%- set FBLSBULKMAXSIZE = salt['pillar.get']('filebeat:ls_bulk_max_size', 2048) -%}
name: {{ HOSTNAME }}
@@ -290,7 +294,10 @@ output.logstash:
hosts: ["{{ MANAGER }}:5644"]
# Number of workers per Logstash host.
- #worker: 1
+ worker: {{ FBLSWORKERS }}
+
+ # Number of records to send to Logstash input at a time
+ bulk_max_size: {{ FBLSBULKMAXSIZE }}
# Set gzip compression level.
#compression_level: 3
@@ -491,3 +498,6 @@ setup.template.enabled: false
#http.host: localhost
# Port on which the HTTP endpoint will bind. Default is 5066.
+
+queue.mem.events: {{ FBMEMEVENTS }}
+queue.mem.flush.min_events: {{ FBMEMFLUSHMINEVENTS }}
diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls
index 98229ca35..eb5d8f351 100644
--- a/salt/filebeat/init.sls
+++ b/salt/filebeat/init.sls
@@ -11,10 +11,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'filebeat' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -66,7 +64,7 @@ filebeatconfsync:
OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }}
so-filebeat:
docker_container.running:
- - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-filebeat:{{ VERSION }}{{ FEATURES }}
+ - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-filebeat:{{ VERSION }}
- hostname: so-filebeat
- user: root
- extra_hosts: {{ MANAGER }}:{{ MANAGERIP }},{{ LOCALHOSTNAME }}:{{ LOCALHOSTIP }}
@@ -93,8 +91,8 @@ append_so-filebeat_so-status.conf:
{% else %}
-filebeat_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: filebeat_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 27f04bee0..687774a58 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'firewall' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
# Firewall Magic for the grid
{% from 'firewall/map.jinja' import hostgroups with context %}
@@ -138,8 +136,8 @@ iptables_drop_all_the_things:
{% else %}
-firewall_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: firewall_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index db3414a18..f286af347 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -1,3 +1,4 @@
+{# this state can run regardless if in allowed_states or not #}
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
{%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
{%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
diff --git a/salt/freqserver/init.sls b/salt/freqserver/init.sls
index f514353a1..36a17b6aa 100644
--- a/salt/freqserver/init.sls
+++ b/salt/freqserver/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'freqserver' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -63,9 +61,9 @@ append_so-freq_so-status.conf:
{% else %}
-freqserver_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: freqserver_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls
index 9c596ca98..4a0cc7b08 100644
--- a/salt/grafana/init.sls
+++ b/salt/grafana/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'grafana' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
{% set MANAGER = salt['grains.get']('master') %}
@@ -281,8 +279,8 @@ append_so-grafana_so-status.conf:
{% else %}
-grafana_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: grafana_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/healthcheck/init.sls b/salt/healthcheck/init.sls
index af1de6d83..610891980 100644
--- a/salt/healthcheck/init.sls
+++ b/salt/healthcheck/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'healthcheck' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set CHECKS = salt['pillar.get']('healthcheck:checks', {}) %}
{% set ENABLED = salt['pillar.get']('healthcheck:enabled', False) %}
@@ -31,8 +29,8 @@ healthcheck_schedule_{{ STATUS[1] }}:
{% else %}
-healthcheck_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: healthcheck_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index 2aacb973d..56f15a93d 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'idstools' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -83,8 +81,8 @@ append_so-idstools_so-status.conf:
{% else %}
-idstools_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: idstools_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif%}
diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls
index e6313a2d8..aace4e827 100644
--- a/salt/influxdb/init.sls
+++ b/salt/influxdb/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'influxdb' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
{% set MANAGER = salt['grains.get']('master') %}
@@ -63,8 +61,8 @@ append_so-influxdb_so-status.conf:
{% else %}
-influxdb_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: influxdb_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls
index 02e76495d..1b5d05e57 100644
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'kibana' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -75,7 +73,7 @@ kibanabin:
# Start the kibana docker
so-kibana:
docker_container.running:
- - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kibana:{{ VERSION }}{{ FEATURES }}
+ - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kibana:{{ VERSION }}
- hostname: kibana
- user: kibana
- environment:
@@ -106,7 +104,7 @@ wait_for_kibana:
module.run:
- http.wait_for_successful_query:
- url: "http://{{MANAGER}}:5601/api/saved_objects/_find?type=config"
- - wait_for: 180
+ - wait_for: 900
- onchanges:
- file: kibanadashtemplate
@@ -128,8 +126,8 @@ so-kibana-config-load:
{% else %}
-kibana_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: kibana_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls
index e23e4eef2..e37713a4e 100644
--- a/salt/logstash/init.sls
+++ b/salt/logstash/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'logstash' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -148,7 +146,7 @@ lslogdir:
so-logstash:
docker_container.running:
- - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }}{{ FEATURES }}
+ - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }}
- hostname: so-logstash
- name: so-logstash
- user: logstash
@@ -209,8 +207,8 @@ append_so-logstash_so-status.conf:
{% else %}
-logstash_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: logstash_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index 597ca3c43..908ef4502 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'manager' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -110,8 +108,8 @@ strelka_yara_update:
- minute: '1'
{% else %}
-manager_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: manager_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/minio/init.sls b/salt/minio/init.sls
index 484eac1f9..f61209c8b 100644
--- a/salt/minio/init.sls
+++ b/salt/minio/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'minio' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set access_key = salt['pillar.get']('minio:access_key', '') %}
{% set access_secret = salt['pillar.get']('minio:access_secret', '') %}
@@ -69,8 +67,8 @@ append_so-minio_so-status.conf:
{% else %}
-minio_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: minio_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/motd/init.sls b/salt/motd/init.sls
index bf9d276a6..c3b9c0209 100644
--- a/salt/motd/init.sls
+++ b/salt/motd/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'motd' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
so_motd:
file.managed:
@@ -11,8 +9,8 @@ so_motd:
{% else %}
-motd_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: motd_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls
index 5fb187ab8..be44b652c 100644
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'mysql' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
@@ -112,8 +110,8 @@ append_so-mysql_so-status.conf:
{% else %}
-mysql_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: mysql_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls
index 8d6dd46f7..15c1acc8e 100644
--- a/salt/nginx/init.sls
+++ b/salt/nginx/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'nginx' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
@@ -105,8 +103,8 @@ append_so-nginx_so-status.conf:
{% else %}
-nginx_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: nginx_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls
index c4fb8cb37..58145a6b7 100644
--- a/salt/nodered/init.sls
+++ b/salt/nodered/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'nodered' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -86,8 +84,8 @@ so-nodered-flows:
{% else %}
-nodered_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: nodered_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls
index b8580fd86..06ff30972 100644
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'pcap' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -150,8 +148,8 @@ delete_so-steno_so-status.disabled:
{% else %}
-pcap_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: pcap_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls
index 3a080ee7d..f9dd56d1d 100644
--- a/salt/playbook/init.sls
+++ b/salt/playbook/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'playbook' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -114,8 +112,8 @@ so-playbookruleupdatecron:
{% else %}
-playbook_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: playbook_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/redis/init.sls b/salt/redis/init.sls
index 57f189865..d28aa57c3 100644
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'redis' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -77,8 +75,8 @@ append_so-redis_so-status.conf:
{% else %}
-redis_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: redis_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/registry/init.sls b/salt/registry/init.sls
index 43b9d8fa6..d733b6f54 100644
--- a/salt/registry/init.sls
+++ b/salt/registry/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'registry' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
# Create the config directory for the docker registry
dockerregistryconfdir:
@@ -64,8 +62,8 @@ append_so-dockerregistry_so-status.conf:
{% else %}
-registry_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: registry_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/salt/master.sls b/salt/salt/master.sls
index 442a9d240..3c23bbb36 100644
--- a/salt/salt/master.sls
+++ b/salt/salt/master.sls
@@ -1,10 +1,8 @@
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
+
{% from 'salt/map.jinja' import COMMON with context %}
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'salt.master' in top_states %}
-
include:
- salt.minion
@@ -37,8 +35,8 @@ engines_config:
{% else %}
-salt_master_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: salt_master_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/soc/init.sls b/salt/soc/init.sls
index 0f58aab32..d31898e72 100644
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'soc' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -141,8 +139,8 @@ append_so-kratos_so-status.conf:
{% else %}
-soc_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: soc_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls
index 2137a4511..c2c8dc1ac 100644
--- a/salt/soctopus/init.sls
+++ b/salt/soctopus/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'soctopus' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
@@ -80,8 +78,8 @@ append_so-soctopus_so-status.conf:
{% else %}
-soctopus_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: soctopus_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index 221c58c93..d6c06d6fd 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'ssl' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set manager = salt['grains.get']('master') %}
{% set managerip = salt['pillar.get']('global:managerip', '') %}
@@ -578,8 +576,8 @@ elastickeyperms:
{% else %}
-ssl_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: ssl_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls
index 1bd9e3aad..46d9ef35d 100644
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'strelka' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set MANAGER = salt['grains.get']('master') %}
{% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
@@ -94,6 +92,11 @@ strelkaunprocessed:
- group: 939
- makedirs: True
+# Check to see if Strelka frontend port is available
+strelkaportavailable:
+ cmd.run:
+ - name: netstat -utanp | grep ":57314" | grep -qv docker && PROCESS=$(netstat -utanp | grep ":57314" | uniq) && echo "Another process ($PROCESS) appears to be using port 57314. Please terminate this process, or reboot to ensure a clean state so that Strelka can start properly." && exit 1 || exit 0
+
strelka_coordinator:
docker_container.running:
- image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }}
@@ -194,8 +197,8 @@ strelka_zeek_extracted_sync:
{% else %}
-strelka_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: strelka_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls
index f0e4a54a7..a3e5a38a3 100644
--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -12,10 +12,8 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'suricata' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
@@ -172,8 +170,8 @@ disable_so-suricata_so-status.conf:
{% else %}
-suricata_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: suricata_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/suricata/manager.sls b/salt/suricata/manager.sls
index 5998a484b..c196c5cae 100644
--- a/salt/suricata/manager.sls
+++ b/salt/suricata/manager.sls
@@ -1,3 +1,6 @@
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
+
surilocaldir:
file.directory:
- name: /opt/so/saltstack/local/salt/suricata
@@ -16,4 +19,12 @@ refresh_salt_master_fileserver_suricata_ruleslink:
salt.runner:
- name: fileserver.update
- onchanges:
- - file: ruleslink
\ No newline at end of file
+ - file: ruleslink
+
+{% else %}
+
+{{sls}}_state_not_allowed:
+ test.fail_without_changes:
+ - name: {{sls}}_state_not_allowed
+
+{% endif %}
\ No newline at end of file
diff --git a/salt/tcpreplay/init.sls b/salt/tcpreplay/init.sls
index a684d2fef..0fa853d22 100644
--- a/salt/tcpreplay/init.sls
+++ b/salt/tcpreplay/init.sls
@@ -1,4 +1,6 @@
-{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' or grains['role'] == 'so-standalone' %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
+
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
{% set MANAGER = salt['grains.get']('master') %}
@@ -17,8 +19,8 @@ so-tcpreplay:
{% else %}
-tcpreplay_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: tcpreplay_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf
index 2233b5c25..3d89628e4 100644
--- a/salt/telegraf/etc/telegraf.conf
+++ b/salt/telegraf/etc/telegraf.conf
@@ -670,47 +670,52 @@
{% if grains['role'] in ['so-manager', 'so-managersearch'] %}
[[inputs.exec]]
commands = [
- "/scripts/redis.sh",
- "/scripts/influxdbsize.sh"
+ "/scripts/redis.sh",
+ "/scripts/influxdbsize.sh"
]
- data_format = "influx"
+ data_format = "influx"
+ ## Timeout for each command to complete.
+ timeout = "15s"
{% elif grains['role'] in ['so-sensor', 'so-heavynode'] %}
[[inputs.exec]]
commands = [
- "/scripts/stenoloss.sh",
- "/scripts/suriloss.sh",
- "/scripts/checkfiles.sh",
- "/scripts/zeekloss.sh",
- "/scripts/zeekcaptureloss.sh",
- "/scripts/oldpcap.sh"
+ "/scripts/stenoloss.sh",
+ "/scripts/suriloss.sh",
+ "/scripts/checkfiles.sh",
+ "/scripts/zeekloss.sh",
+ "/scripts/zeekcaptureloss.sh",
+ "/scripts/oldpcap.sh"
]
- data_format = "influx"
+ data_format = "influx"
+ timeout = "15s"
{% elif grains['role'] == 'so-standalone' %}
[[inputs.exec]]
commands = [
- "/scripts/redis.sh",
- "/scripts/influxdbsize.sh",
- "/scripts/stenoloss.sh",
- "/scripts/suriloss.sh",
- "/scripts/checkfiles.sh",
- "/scripts/zeekloss.sh",
- "/scripts/zeekcaptureloss.sh",
- "/scripts/oldpcap.sh"
+ "/scripts/redis.sh",
+ "/scripts/influxdbsize.sh",
+ "/scripts/stenoloss.sh",
+ "/scripts/suriloss.sh",
+ "/scripts/checkfiles.sh",
+ "/scripts/zeekloss.sh",
+ "/scripts/zeekcaptureloss.sh",
+ "/scripts/oldpcap.sh"
]
- data_format = "influx"
+ data_format = "influx"
+ timeout = "15s"
{% elif grains['role'] == 'so-eval' %}
[[inputs.exec]]
commands = [
- "/scripts/redis.sh",
- "/scripts/stenoloss.sh",
- "/scripts/suriloss.sh",
- "/scripts/checkfiles.sh",
- "/scripts/zeekloss.sh",
- "/scripts/zeekcaptureloss.sh",
- "/scripts/oldpcap.sh",
- "/scripts/influxdbsize.sh"
+ "/scripts/redis.sh",
+ "/scripts/stenoloss.sh",
+ "/scripts/suriloss.sh",
+ "/scripts/checkfiles.sh",
+ "/scripts/zeekloss.sh",
+ "/scripts/zeekcaptureloss.sh",
+ "/scripts/oldpcap.sh",
+ "/scripts/influxdbsize.sh"
]
- data_format = "influx"
+ data_format = "influx"
+ timeout = "15s"
{% elif grains['role'] == 'so-helix' %}
[[inputs.exec]]
commands = [
@@ -723,19 +728,16 @@
"/scripts/helixeps.sh"
]
data_format = "influx"
+ timeout = "15s"
{% endif %}
-#
-# ## Timeout for each command to complete.
-# timeout = "5s"
-#
-# ## measurement name suffix (for separating different commands)
-# name_suffix = "_mycollector"
-#
-# ## Data format to consume.
-# ## Each data format has its own unique set of configuration options, read
-# ## more about them here:
-# ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
+ ## measurement name suffix (for separating different commands)
+ # name_suffix = "_mycollector"
+
+ ## Data format to consume.
+ ## Each data format has its own unique set of configuration options, read
+ ## more about them here:
+ ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls
index 1ff34ceae..81513eee2 100644
--- a/salt/telegraf/init.sls
+++ b/salt/telegraf/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'telegraf' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set MANAGER = salt['grains.get']('master') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -50,6 +48,7 @@ so-telegraf:
- HOST_MOUNT_PREFIX=/host
- GODEBUG=x509ignoreCN=0
- network_mode: host
+ - init: True
- binds:
- /opt/so/log/telegraf:/var/log/telegraf:rw
- /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro
@@ -81,8 +80,8 @@ append_so-telegraf_so-status.conf:
{% else %}
-telegraf_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: telegraf_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls
index 6c3d4d5ac..d1ee8a4bf 100644
--- a/salt/thehive/init.sls
+++ b/salt/thehive/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'thehive' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -152,8 +150,8 @@ thehivescript:
{% else %}
-thehive_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: thehive_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/top.sls b/salt/top.sls
index 18dd1b61a..68c392c25 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -292,47 +292,6 @@ base:
{%- endif %}
- docker_clean
- # Search node logic
-
- '*_node and I@node:node_type:parser and G@saltversion:{{saltversion}}':
- - match: compound
- - firewall
- {%- if LOGSTASH %}
- - logstash
- {%- endif %}
- {%- if FLEETMANAGER or FLEETNODE %}
- - fleet.install_package
- {%- endif %}
- - schedule
- - docker_clean
-
- '*_node and I@node:node_type:hot and G@saltversion:{{saltversion}}':
- - match: compound
- - firewall
- {%- if LOGSTASH %}
- - logstash
- {%- endif %}
- {%- if CURATOR %}
- - curator
- {%- endif %}
- {%- if FLEETMANAGER or FLEETNODE %}
- - fleet.install_package
- {%- endif %}
- - schedule
- - docker_clean
-
- '*_node and I@node:node_type:warm and G@saltversion:{{saltversion}}':
- - match: compound
- - firewall
- {%- if ELASTICSEARCH %}
- - elasticsearch
- {%- endif %}
- {%- if FLEETMANAGER or FLEETNODE %}
- - fleet.install_package
- {%- endif %}
- - schedule
- - docker_clean
-
'*_searchnode and G@saltversion:{{saltversion}}':
- match: compound
- ca
@@ -361,21 +320,6 @@ base:
- schedule
- docker_clean
- '*_managersensor and G@saltversion:{{saltversion}}':
- - match: compound
- - nginx
- - telegraf
- - influxdb
- - grafana
- - firewall
- - sensor
- - manager
- {%- if FLEETMANAGER or FLEETNODE %}
- - fleet.install_package
- {%- endif %}
- - schedule
- - docker_clean
-
'*_managersearch and G@saltversion:{{saltversion}}':
- match: compound
- salt.master
@@ -494,6 +438,7 @@ base:
- fleet
- fleet.install_package
- filebeat
+ - schedule
- docker_clean
'*_import and G@saltversion:{{saltversion}}':
diff --git a/salt/utility/init.sls b/salt/utility/init.sls
index d18ad5e1c..d8b8539fa 100644
--- a/salt/utility/init.sls
+++ b/salt/utility/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'utility' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
# This state is for checking things
{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] %}
@@ -27,8 +25,8 @@ fixsearch:
{% else %}
-utility_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: utility_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index 3cad6c367..cf40f739a 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'wazuh' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{%- set HOSTNAME = salt['grains.get']('host', '') %}
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
@@ -96,15 +94,10 @@ wazuhmgrwhitelist:
- mode: 755
- template: jinja
-# Reserve OS port for Wazuh API
-wazuhreserveport:
- cmd.run:
- - name: grep -q 55000 /proc/sys/net/ipv4/ip_local_reserved_ports || sysctl -w net.ipv4.ip_local_reserved_ports="55000" > /dev/null && echo "55000" >> /proc/sys/net/ipv4/ip_local_reserved_ports
-
# Check to see if Wazuh API port is available
wazuhportavailable:
- cmd.run:
- - name: netstat -anp | grep 55000 | grep -qv docker && PROCESS=$(netstat -anp | grep 55000 | awk '{print $NF}' | uniq) && echo "Another process ($PROCESS) appears to be using port 55000. Please terminate this process, or reboot to ensure a clean state so that the Wazuh API can start properly." && exit 1 || exit 0
+ cmd.run:
+ - name: netstat -utanp | grep ":55000" | grep -qv docker && PROCESS=$(netstat -utanp | grep ":55000" | uniq) && echo "Another process ($PROCESS) appears to be using port 55000. Please terminate this process, or reboot to ensure a clean state so that the Wazuh API can start properly." && exit 1 || exit 0
so-wazuh:
docker_container.running:
@@ -164,8 +157,8 @@ hidsruledir:
{% else %}
-wazuh_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: wazuh_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
diff --git a/salt/yum/init.sls b/salt/yum/init.sls
index b8a4df9ee..339a6f2a7 100644
--- a/salt/yum/init.sls
+++ b/salt/yum/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'yum' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
yumconf:
file.managed:
@@ -12,8 +10,8 @@ yumconf:
{% else %}
-yum_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: yum_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file
diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls
index 6fa289d5c..8cb9f5d21 100644
--- a/salt/zeek/init.sls
+++ b/salt/zeek/init.sls
@@ -1,7 +1,5 @@
-{% set show_top = salt['state.show_top']() %}
-{% set top_states = show_top.values() | join(', ') %}
-
-{% if 'zeek' in top_states %}
+{% from 'allowed_states.map.jinja' import allowed_states %}
+{% if sls in allowed_states %}
{% from "zeek/map.jinja" import START with context %}
@@ -211,8 +209,8 @@ disable_so-zeek_so-status.conf:
{% else %}
-zeek_state_not_allowed:
+{{sls}}_state_not_allowed:
test.fail_without_changes:
- - name: zeek_state_not_allowed
+ - name: {{sls}}_state_not_allowed
{% endif %}
\ No newline at end of file