Merge pull request #11255 from Security-Onion-Solutions/issue/10975

Issue/10975

pillar/top.sls

@@ -2,6 +2,9 @@ base:
   '*':
     - global.soc_global
     - global.adv_global
+    - docker.soc_docker
+    - docker.adv_docker
+    - influxdb.token
     - logrotate.soc_logrotate
     - logrotate.adv_logrotate
     - ntp.soc_ntp
@@ -9,21 +12,18 @@ base:
     - patch.needs_restarting
     - patch.soc_patch
     - patch.adv_patch
-
-  '* and not *_desktop':
-    - docker.soc_docker
-    - docker.adv_docker
-    - firewall.soc_firewall
-    - firewall.adv_firewall
-    - influxdb.token
-    - nginx.soc_nginx
-    - nginx.adv_nginx
-    - node_data.ips
     - sensoroni.soc_sensoroni
     - sensoroni.adv_sensoroni
     - telegraf.soc_telegraf
     - telegraf.adv_telegraf
 
+  '* and not *_desktop':
+    - firewall.soc_firewall
+    - firewall.adv_firewall
+    - nginx.soc_nginx
+    - nginx.adv_nginx
+    - node_data.ips
+
   '*_manager or *_managersearch':
     - match: compound
     {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}

salt/allowed_states.map.jinja

@@ -188,6 +188,9 @@
           'docker_clean'
           ],
       'so-desktop': [
+          'ssl',
+          'docker_clean',
+          'telegraf'
           ],
   }, grain='role') %}
 

salt/docker_clean/init.sls

@@ -9,6 +9,7 @@
 prune_images:
   cmd.run:
     - name: so-docker-prune
+    - order: last
 
 {% else %}
 

salt/firewall/defaults.yaml

@@ -289,6 +289,11 @@ firewall:
                 - elastic_agent_control
                 - elastic_agent_data
                 - elastic_agent_update
+            desktop:
+              portgroups:
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -463,7 +468,13 @@ firewall:
                 - endgame
             desktop:
               portgroups:
+                - docker_registry
+                - influxdb
+                - sensoroni
                 - yum
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -651,7 +662,13 @@ firewall:
                 - endgame
             desktop:
               portgroups:
+                - docker_registry
+                - influxdb
+                - sensoroni
                 - yum
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -847,7 +864,13 @@ firewall:
                 - strelka_frontend
             desktop:
               portgroups:
+                - docker_registry
+                - influxdb
+                - sensoroni
                 - yum
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
             customhostgroup0:
               portgroups: []
             customhostgroup1:
@@ -1205,9 +1228,6 @@ firewall:
             analyst:
               portgroups:
                 - nginx
-            desktop:
-              portgroups:
-                - yum
             customhostgroup0:
               portgroups: []
             customhostgroup1:

salt/manager/tools/sbin/so-minion

@@ -552,6 +552,7 @@ function createRECEIVER() {
 
 function createDESKTOP() {
 	add_desktop_to_minion
+	add_telegraf_to_minion
 }
 
 function testConnection() {

salt/telegraf/defaults.yaml

@@ -87,4 +87,5 @@ telegraf:
       - sostatus.sh
     fleet:
       - sostatus.sh
-    desktop: []
+    desktop:
+      - sostatus.sh

salt/top.sls

@@ -28,11 +28,9 @@ base:
     - motd
     - salt.minion-check
     - salt.lasthighstate
-
-  'not *_desktop and G@saltversion:{{saltversion}}':
-    - match: compound
     - common
     - docker
+    - docker_clean
 
   '*_sensor and G@saltversion:{{saltversion}}':
     - match: compound
@@ -47,7 +45,6 @@ base:
     - healthcheck
     - zeek
     - strelka
-    - docker_clean
     - elasticfleet.install_agent_grid
 
   '*_eval and G@saltversion:{{saltversion}}':
@@ -57,14 +54,14 @@ base:
     - ca
     - ssl
     - registry
-    - sensoroni
     - manager
     - backup.config_backup
     - nginx
-    - telegraf
     - influxdb
     - soc
     - kratos
+    - sensoroni
+    - telegraf
     - firewall
     - idstools
     - suricata.manager
@@ -84,7 +81,6 @@ base:
     - playbook
     - redis
     - elasticfleet
-    - docker_clean
 
   '*_manager and G@saltversion:{{saltversion}}':
     - match: compound
@@ -92,14 +88,14 @@ base:
     - ca
     - ssl
     - registry
-    - sensoroni
     - nginx
-    - telegraf
     - influxdb
     - soc
     - kratos
     - firewall
     - manager
+    - sensoroni
+    - telegraf
     - backup.config_backup
     - idstools
     - suricata.manager
@@ -115,7 +111,6 @@ base:
     - soctopus
     - playbook
     - elasticfleet
-    - docker_clean
 
   '*_standalone and G@saltversion:{{saltversion}}':
     - match: compound
@@ -124,15 +119,15 @@ base:
     - ca
     - ssl
     - registry
-    - sensoroni
     - manager
     - backup.config_backup
     - nginx
-    - telegraf
     - influxdb
     - soc
     - kratos
     - firewall
+    - sensoroni
+    - telegraf
     - idstools
     - suricata.manager    
     - healthcheck
@@ -152,19 +147,17 @@ base:
     - soctopus
     - playbook
     - elasticfleet
-    - docker_clean
 
   '*_searchnode and G@saltversion:{{saltversion}}':
     - match: compound
     - ssl
     - sensoroni
-    - nginx
     - telegraf
+    - nginx
     - firewall
     - elasticsearch
     - logstash
     - elasticfleet.install_agent_grid
-    - docker_clean
 
   '*_managersearch and G@saltversion:{{saltversion}}':
     - match: compound
@@ -172,14 +165,14 @@ base:
     - ca
     - ssl
     - registry
-    - sensoroni
     - nginx
-    - telegraf
     - influxdb
     - soc
     - kratos
     - firewall
     - manager
+    - sensoroni
+    - telegraf
     - backup.config_backup
     - idstools
     - suricata.manager
@@ -195,15 +188,14 @@ base:
     - soctopus
     - playbook
     - elasticfleet
-    - docker_clean
 
   '*_heavynode and G@saltversion:{{saltversion}}':
     - match: compound
     - sensor
     - ssl
     - sensoroni
-    - nginx
     - telegraf
+    - nginx
     - firewall
     - elasticsearch
     - logstash
@@ -215,7 +207,6 @@ base:
     - zeek
     - elasticfleet.install_agent_grid
     - elasticagent
-    - docker_clean
   
   '*_import and G@saltversion:{{saltversion}}':
     - match: compound
@@ -224,13 +215,13 @@ base:
     - ca
     - ssl
     - registry
-    - sensoroni
     - manager
     - nginx
-    - telegraf
     - influxdb
     - soc
     - kratos
+    - sensoroni
+    - telegraf
     - firewall
     - idstools
     - suricata.manager
@@ -242,7 +233,6 @@ base:
     - suricata
     - zeek
     - elasticfleet
-    - docker_clean
 
   '*_receiver and G@saltversion:{{saltversion}}':
     - match: compound
@@ -253,7 +243,6 @@ base:
     - logstash
     - redis
     - elasticfleet.install_agent_grid
-    - docker_clean
 
   '*_idh and G@saltversion:{{saltversion}}':
     - match: compound
@@ -262,7 +251,6 @@ base:
     - telegraf
     - firewall
     - elasticfleet.install_agent_grid
-    - docker_clean
     - idh
 
   '*_fleet and G@saltversion:{{saltversion}}':
@@ -275,7 +263,12 @@ base:
     - elasticfleet
     - elasticfleet.install_agent_grid
     - schedule
-    - docker_clean
+
+  '*_desktop and G@saltversion:{{saltversion}}':
+    - ssl
+    - sensoroni
+    - telegraf
+    - elasticfleet.install_agent_grid
 
   'J@desktop:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:OEL )':
     - match: compound

setup/so-functions

@@ -94,6 +94,9 @@ desktop_salt_local() {
 	logCmd "yum -y install salt-minion-$SALTVERSION httpd-tools python3 python3-dateutil yum-utils device-mapper-persistent-data lvm2 openssl jq"
 	logCmd "yum -y update --exclude=salt*"
 
+	salt_install_module_deps
+	salt_patch_x509_v2
+
 	logCmd "salt-call state.apply desktop --local --file-root=../salt/ -l info"
 	read -r -d '' message <<- EOM
 		Finished Security Onion Desktop installation.
@@ -2075,21 +2078,27 @@ saltify() {
 	fi
 
 	logCmd "mkdir -p /etc/salt/minion.d"
+	salt_install_module_deps
+	salt_patch_x509_v2
+
+}
+
+# Run a salt command to generate the minion key
+salt_firstcheckin() {
+	salt-call state.show_top >> /dev/null 2>&1 # send output to /dev/null because we don't actually care about the ouput
+}
+
+salt_install_module_deps() {
     logCmd "salt-pip install docker --no-index --only-binary=:all: --find-links files/salt_module_deps/docker/"
     logCmd "salt-pip install pymysql --no-index --only-binary=:all: --find-links files/salt_module_deps/pymysql/"
+}
 
+salt_patch_x509_v2() {
 	# this can be removed when https://github.com/saltstack/salt/issues/64195 is resolved
 	if [ $SALTVERSION == "3006.1" ]; then
 		info "Salt version 3006.1 found. Patching /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/x509_v2.py"
 		\cp -v ./files/patch/states/x509_v2.py /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/x509_v2.py
 	fi
-
-}
-
-
-# Run a salt command to generate the minion key
-salt_firstcheckin() {
-	salt-call state.show_top >> /dev/null 2>&1 # send output to /dev/null because we don't actually care about the ouput
 }
 
 # Create an secrets pillar so that passwords survive re-install