From a6575e7910711eb43bd33f3f4d70498e37fd67c2 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 18 May 2020 17:00:18 -0400
Subject: [PATCH] prevent wazuh-agent from updating -
 https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/695

---
 salt/wazuh/init.sls        | 9 +++++----
 setup/so-functions         | 1 +
 setup/yum_repos/wazuh.repo | 1 +
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls
index 52c37c791..1f23423ad 100644
--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -45,10 +45,11 @@ ossec:
 
 # Add wazuh agent
 wazuhpkgs:
- pkg.installed:
-   - skip_suggestions: False
-   - pkgs:
-     - wazuh-agent: 3.10.2-1
+  pkg.installed:
+    - skip_suggestions: False
+    - pkgs:
+      - wazuh-agent: 3.10.2-1
+    - update_holds: True
 
 # Add Wazuh agent conf
 wazuhagentconf:
diff --git a/setup/so-functions b/setup/so-functions
index 88618339b..69b282961 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1131,6 +1131,7 @@ saltify() {
 				apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
 				echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list >> "$setup_log" 2>&1
 				echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list >> "$setup_log" 2>&1
+                apt-mark hold wazuh-agent >> "$setup_log" 2>&1
 				;;
 		esac
 		apt-get update >> "$setup_log" 2>&1
diff --git a/setup/yum_repos/wazuh.repo b/setup/yum_repos/wazuh.repo
index ae462c62f..1f75912ca 100644
--- a/setup/yum_repos/wazuh.repo
+++ b/setup/yum_repos/wazuh.repo
@@ -5,3 +5,4 @@ enabled=1
 name=Wazuh repository
 baseurl=https://packages.wazuh.com/3.x/yum/
 protect=1
+exclude=wazuh-agent
\ No newline at end of file