Merge pull request #9162 from Security-Onion-Solutions/config

Config
2025-12-06 17:22:49 +01:00 · 2022-11-17 11:50:35 -05:00
parent c14c8c1306 ed9aa5b73f
commit 5f59ae52d5
5 changed files with 20 additions and 14 deletions
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -83,7 +83,7 @@ soc:
        bucket: telegraf
        verifyCert: false
      salt:
-        saltPipe: /opt/sensoroni/salt.pipe
+        saltPipe: /opt/sensoroni/salt/pipe
      sostatus:
        refreshIntervalMs: 30000
        offlineThresholdMs: 900000
--- a/salt/soc/files/bin/salt-relay.sh
+++ b/salt/soc/files/bin/salt-relay.sh
@@ -6,7 +6,8 @@

 PIPE_OWNER=${PIPE_OWNER:-socore}
 PIPE_GROUP=${PIPE_GROUP:-socore}
-SOC_PIPE=${SOC_PIPE_REQUEST:-/opt/so/conf/soc/salt.pipe}
+SOC_PIPE=${SOC_PIPE_REQUEST:-/opt/so/conf/soc/salt/pipe}
+PATH=${PATH}:/usr/sbin

 function log() {
  echo "$(date) | $1"
--- a/salt/soc/init.sls
+++ b/salt/soc/init.sls
@@ -27,6 +27,12 @@ soclogdir:
    - group: 939
    - makedirs: True

+socsaltdir:
+  file.directory:
+    - name: /opt/so/conf/soc/salt
+    - user: 939
+    - group: 939
+    - makedirs: True

 socconfig:
  file.managed:
@@ -81,11 +87,8 @@ socusersroles:
      - sls: manager.sync_es_users

 salt-relay:
-  cmd.run:
-  - env: 
-    - SOC_PIPE: /opt/sensoroni/salt.pipe
-  - name: '/opt/so/saltstack/default/salt/soc/files/bin/salt-relay.sh >> /opt/so/log/soc/salt-relay.log 2>&1 &'
-  - unless: ps -ef | grep salt-relay | grep -v grep
+  cron.present:
+  - name: 'ps -ef | grep salt-relay | grep -v grep || /opt/so/saltstack/default/salt/soc/files/bin/salt-relay.sh >> /opt/so/log/soc/salt-relay.log 2>&1 &'

 so-soc:
  docker_container.running:
@@ -101,7 +104,7 @@ so-soc:
      - /opt/so/conf/soc/custom.js:/opt/sensoroni/html/js/custom.js:ro
      - /opt/so/conf/soc/custom_roles:/opt/sensoroni/rbac/custom_roles:ro
      - /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw
-      - /opt/so/conf/soc/salt.pipe:/opt/sensoroni/salt.pipe:rw
+      - /opt/so/conf/soc/salt:/opt/sensoroni/salt:rw
      - /opt/so/saltstack:/opt/so/saltstack:rw
    {%- if salt['pillar.get']('nodestab', {}) %}
    - extra_hosts:
--- a/salt/strelka/filecheck/filecheck
+++ b/salt/strelka/filecheck/filecheck
@@ -65,6 +65,8 @@ if __name__ == "__main__":
    event_handler =CreatedEventHandler()

    observer = Observer()
+
+    logging.info("Starting filecheck")
    observer.schedule(event_handler, extract_path, recursive=True)
    observer.start()
    try:
@@ -73,3 +75,5 @@ if __name__ == "__main__":
    except KeyboardInterrupt:
        observer.stop()
    observer.join()
+
+    logging.info("Exiting filecheck")
--- a/salt/strelka/init.sls
+++ b/salt/strelka/init.sls
@@ -135,11 +135,9 @@ filecheck_script:
    - mode: 755

 filecheck_run:
-  cmd.run:
-    - name: 'python3 /opt/so/conf/strelka/filecheck'
-    - bg: True
-    - runas: socore
-    - unless: ps -ef | grep filecheck | grep -v grep
+  cron.present:
+    - name: 'ps -ef | grep filecheck | grep -v grep || python3 /opt/so/conf/strelka/filecheck >> /opt/so/log/strelka/filecheck_stdout.log 2>&1 &'
+    - user: socore

 filcheck_history_clean:
  cron.present: