Merge pull request #11255 from Security-Onion-Solutions/issue/10975

Issue/10975
2025-12-06 09:12:45 +01:00 · 2023-09-05 11:57:58 -04:00
parent ba3ae92702 07ed93de19
commit 651393988a
8 changed files with 75 additions and 47 deletions
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -2,6 +2,9 @@ base:
  '*':
    - global.soc_global
    - global.adv_global
+    - docker.soc_docker
+    - docker.adv_docker
+    - influxdb.token
    - logrotate.soc_logrotate
    - logrotate.adv_logrotate
    - ntp.soc_ntp
@@ -9,21 +12,18 @@ base:
    - patch.needs_restarting
    - patch.soc_patch
    - patch.adv_patch
-
-  '* and not *_desktop':
-    - docker.soc_docker
-    - docker.adv_docker
-    - firewall.soc_firewall
-    - firewall.adv_firewall
-    - influxdb.token
-    - nginx.soc_nginx
-    - nginx.adv_nginx
-    - node_data.ips
    - sensoroni.soc_sensoroni
    - sensoroni.adv_sensoroni
    - telegraf.soc_telegraf
    - telegraf.adv_telegraf

+  '* and not *_desktop':
+    - firewall.soc_firewall
+    - firewall.adv_firewall
+    - nginx.soc_nginx
+    - nginx.adv_nginx
+    - node_data.ips
+
  '*_manager or *_managersearch':
    - match: compound
    {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -188,6 +188,9 @@
          'docker_clean'
          ],
      'so-desktop': [
+          'ssl',
+          'docker_clean',
+          'telegraf'
          ],
  }, grain='role') %}

--- a/salt/docker_clean/init.sls
+++ b/salt/docker_clean/init.sls
@@ -9,6 +9,7 @@
 prune_images:
  cmd.run:
    - name: so-docker-prune
+    - order: last

 {% else %}

--- a/salt/firewall/defaults.yaml
+++ b/salt/firewall/defaults.yaml
@@ -289,6 +289,11 @@ firewall:
                - elastic_agent_control
                - elastic_agent_data
                - elastic_agent_update
+            desktop:
+              portgroups:
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
            customhostgroup0:
              portgroups: []
            customhostgroup1:
@@ -463,7 +468,13 @@ firewall:
                - endgame
            desktop:
              portgroups:
+                - docker_registry
+                - influxdb
+                - sensoroni
                - yum
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
            customhostgroup0:
              portgroups: []
            customhostgroup1:
@@ -651,7 +662,13 @@ firewall:
                - endgame
            desktop:
              portgroups:
+                - docker_registry
+                - influxdb
+                - sensoroni
                - yum
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
            customhostgroup0:
              portgroups: []
            customhostgroup1:
@@ -847,7 +864,13 @@ firewall:
                - strelka_frontend
            desktop:
              portgroups:
+                - docker_registry
+                - influxdb
+                - sensoroni
                - yum
+                - elastic_agent_control
+                - elastic_agent_data
+                - elastic_agent_update
            customhostgroup0:
              portgroups: []
            customhostgroup1:
@@ -1205,9 +1228,6 @@ firewall:
            analyst:
              portgroups:
                - nginx
-            desktop:
-              portgroups:
-                - yum
            customhostgroup0:
              portgroups: []
            customhostgroup1:
--- a/salt/manager/tools/sbin/so-minion
+++ b/salt/manager/tools/sbin/so-minion
@@ -552,6 +552,7 @@ function createRECEIVER() {

 function createDESKTOP() {
 	add_desktop_to_minion
+	add_telegraf_to_minion
 }

 function testConnection() {
--- a/salt/telegraf/defaults.yaml
+++ b/salt/telegraf/defaults.yaml
@@ -87,4 +87,5 @@ telegraf:
      - sostatus.sh
    fleet:
      - sostatus.sh
-    desktop: []
+    desktop:
+      - sostatus.sh
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -28,11 +28,9 @@ base:
    - motd
    - salt.minion-check
    - salt.lasthighstate
-
-  'not *_desktop and G@saltversion:{{saltversion}}':
-    - match: compound
    - common
    - docker
+    - docker_clean

  '*_sensor and G@saltversion:{{saltversion}}':
    - match: compound
@@ -47,7 +45,6 @@ base:
    - healthcheck
    - zeek
    - strelka
-    - docker_clean
    - elasticfleet.install_agent_grid

  '*_eval and G@saltversion:{{saltversion}}':
@@ -57,14 +54,14 @@ base:
    - ca
    - ssl
    - registry
-    - sensoroni
    - manager
    - backup.config_backup
    - nginx
-    - telegraf
    - influxdb
    - soc
    - kratos
+    - sensoroni
+    - telegraf
    - firewall
    - idstools
    - suricata.manager
@@ -84,7 +81,6 @@ base:
    - playbook
    - redis
    - elasticfleet
-    - docker_clean

  '*_manager and G@saltversion:{{saltversion}}':
    - match: compound
@@ -92,14 +88,14 @@ base:
    - ca
    - ssl
    - registry
-    - sensoroni
    - nginx
-    - telegraf
    - influxdb
    - soc
    - kratos
    - firewall
    - manager
+    - sensoroni
+    - telegraf
    - backup.config_backup
    - idstools
    - suricata.manager
@@ -115,7 +111,6 @@ base:
    - soctopus
    - playbook
    - elasticfleet
-    - docker_clean

  '*_standalone and G@saltversion:{{saltversion}}':
    - match: compound
@@ -124,15 +119,15 @@ base:
    - ca
    - ssl
    - registry
-    - sensoroni
    - manager
    - backup.config_backup
    - nginx
-    - telegraf
    - influxdb
    - soc
    - kratos
    - firewall
+    - sensoroni
+    - telegraf
    - idstools
    - suricata.manager    
    - healthcheck
@@ -152,19 +147,17 @@ base:
    - soctopus
    - playbook
    - elasticfleet
-    - docker_clean

  '*_searchnode and G@saltversion:{{saltversion}}':
    - match: compound
    - ssl
    - sensoroni
-    - nginx
    - telegraf
+    - nginx
    - firewall
    - elasticsearch
    - logstash
    - elasticfleet.install_agent_grid
-    - docker_clean

  '*_managersearch and G@saltversion:{{saltversion}}':
    - match: compound
@@ -172,14 +165,14 @@ base:
    - ca
    - ssl
    - registry
-    - sensoroni
    - nginx
-    - telegraf
    - influxdb
    - soc
    - kratos
    - firewall
    - manager
+    - sensoroni
+    - telegraf
    - backup.config_backup
    - idstools
    - suricata.manager
@@ -195,15 +188,14 @@ base:
    - soctopus
    - playbook
    - elasticfleet
-    - docker_clean

  '*_heavynode and G@saltversion:{{saltversion}}':
    - match: compound
    - sensor
    - ssl
    - sensoroni
-    - nginx
    - telegraf
+    - nginx
    - firewall
    - elasticsearch
    - logstash
@@ -215,7 +207,6 @@ base:
    - zeek
    - elasticfleet.install_agent_grid
    - elasticagent
-    - docker_clean
  
  '*_import and G@saltversion:{{saltversion}}':
    - match: compound
@@ -224,13 +215,13 @@ base:
    - ca
    - ssl
    - registry
-    - sensoroni
    - manager
    - nginx
-    - telegraf
    - influxdb
    - soc
    - kratos
+    - sensoroni
+    - telegraf
    - firewall
    - idstools
    - suricata.manager
@@ -242,7 +233,6 @@ base:
    - suricata
    - zeek
    - elasticfleet
-    - docker_clean

  '*_receiver and G@saltversion:{{saltversion}}':
    - match: compound
@@ -253,7 +243,6 @@ base:
    - logstash
    - redis
    - elasticfleet.install_agent_grid
-    - docker_clean

  '*_idh and G@saltversion:{{saltversion}}':
    - match: compound
@@ -262,7 +251,6 @@ base:
    - telegraf
    - firewall
    - elasticfleet.install_agent_grid
-    - docker_clean
    - idh

  '*_fleet and G@saltversion:{{saltversion}}':
@@ -275,7 +263,12 @@ base:
    - elasticfleet
    - elasticfleet.install_agent_grid
    - schedule
-    - docker_clean
+
+  '*_desktop and G@saltversion:{{saltversion}}':
+    - ssl
+    - sensoroni
+    - telegraf
+    - elasticfleet.install_agent_grid

  'J@desktop:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:OEL )':
    - match: compound
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -94,6 +94,9 @@ desktop_salt_local() {
 	logCmd "yum -y install salt-minion-$SALTVERSION httpd-tools python3 python3-dateutil yum-utils device-mapper-persistent-data lvm2 openssl jq"
 	logCmd "yum -y update --exclude=salt*"

+	salt_install_module_deps
+	salt_patch_x509_v2
+
 	logCmd "salt-call state.apply desktop --local --file-root=../salt/ -l info"
 	read -r -d '' message <<- EOM
 		Finished Security Onion Desktop installation.
@@ -2075,21 +2078,27 @@ saltify() {
 	fi

 	logCmd "mkdir -p /etc/salt/minion.d"
+	salt_install_module_deps
+	salt_patch_x509_v2
+
+}
+
+# Run a salt command to generate the minion key
+salt_firstcheckin() {
+	salt-call state.show_top >> /dev/null 2>&1 # send output to /dev/null because we don't actually care about the ouput
+}
+
+salt_install_module_deps() {
    logCmd "salt-pip install docker --no-index --only-binary=:all: --find-links files/salt_module_deps/docker/"
    logCmd "salt-pip install pymysql --no-index --only-binary=:all: --find-links files/salt_module_deps/pymysql/"
+}

+salt_patch_x509_v2() {
 	# this can be removed when https://github.com/saltstack/salt/issues/64195 is resolved
 	if [ $SALTVERSION == "3006.1" ]; then
 		info "Salt version 3006.1 found. Patching /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/x509_v2.py"
 		\cp -v ./files/patch/states/x509_v2.py /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/x509_v2.py
 	fi
-
-}
-
-
-# Run a salt command to generate the minion key
-salt_firstcheckin() {
-	salt-call state.show_top >> /dev/null 2>&1 # send output to /dev/null because we don't actually care about the ouput
 }

 # Create an secrets pillar so that passwords survive re-install