From cc5565d5bc1fe95993076fe0a5736fba5e5e9359 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 18 Nov 2019 15:33:21 -0500
Subject: [PATCH 1/5] fix needs_restarting module

---
 salt/_modules/needs_restarting.py | 7 +++----
 salt/motd/init.sls                | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/salt/_modules/needs_restarting.py b/salt/_modules/needs_restarting.py
index 49f82bbf2..5afb6f02a 100644
--- a/salt/_modules/needs_restarting.py
+++ b/salt/_modules/needs_restarting.py
@@ -4,20 +4,19 @@ import subprocess
 def check():
 
   os = __grains__['os']
+  retval = 'False'
 
   if os == 'Ubuntu':
     if path.exists('/var/run/reboot-required'):
       retval = 'True'
-    else:
-      retval = 'False'
 
   elif os == 'CentOS':
     cmd = 'needs-restarting -r > /dev/null 2>&1'
+    
     try:
-      needs_restarting = subprocess.check_call(cmd.split(), shell=True)
+      needs_restarting = subprocess.check_call(cmd, shell=True)
     except subprocess.CalledProcessError:
       retval = 'True'
-    retval = 'False'
 
   else:
     retval = 'Unsupported OS: %s' % os
diff --git a/salt/motd/init.sls b/salt/motd/init.sls
index a314ddb80..4dae979bf 100644
--- a/salt/motd/init.sls
+++ b/salt/motd/init.sls
@@ -1,5 +1,5 @@
 package_update_reboot_required_motd:
-  file.append:
+  file.managed:
     - name: /etc/motd
     - source: salt://motd/files/package_update_reboot_required.jinja
     - template: jinja

From 726251cd940b46d932f0e4e3b1939d70a375f82e Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 18 Nov 2019 16:02:48 -0500
Subject: [PATCH 2/5] changes to patch motd so nodes can be removed after they
 restarted -
 https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/112

---
 salt/patch/needs_restarting.sls | 4 ++++
 salt/patch/os/init.sls          | 9 +++------
 2 files changed, 7 insertions(+), 6 deletions(-)
 create mode 100644 salt/patch/needs_restarting.sls

diff --git a/salt/patch/needs_restarting.sls b/salt/patch/needs_restarting.sls
new file mode 100644
index 000000000..f7ba2626d
--- /dev/null
+++ b/salt/patch/needs_restarting.sls
@@ -0,0 +1,4 @@
+needs_restarting:
+  module.run:
+    - mine.send:
+      - func: needs_restarting.check
diff --git a/salt/patch/os/init.sls b/salt/patch/os/init.sls
index 97183199b..a29bf8d12 100644
--- a/salt/patch/os/init.sls
+++ b/salt/patch/os/init.sls
@@ -1,5 +1,6 @@
-{% if grains.os == "CentOS" %}
 include:
+  - patch.needs_restarting
+{% if grains.os == "CentOS" %}
   - yum.packages
 {% endif %}
 
@@ -7,8 +8,4 @@ patch_os:
   pkg.uptodate:
     - name: patch_os
     - refresh: True
-
-needs_restarting:
-  module.run:
-    - mine.send:
-      - func: needs_restarting.check
+    - onchanges_in: needs_restarting

From bec95f3aef89160d8c18b09d84966c4478bc8aa5 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 18 Nov 2019 16:25:06 -0500
Subject: [PATCH 3/5] apply patch.needs_restarting state to all nodes

---
 salt/top.sls | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/top.sls b/salt/top.sls
index 46745a38b..7f3d7fef4 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -6,6 +6,7 @@
 {%- set PLAYBOOK = salt['pillar.get']('master:playbook', '0') -%}
 base:
   '*':
+    = patch.needs_restarting
     - patch.os.schedule
     - motd
 

From 767115c218cb9c147a4d732d7168dc4979ac143e Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 18 Nov 2019 16:27:14 -0500
Subject: [PATCH 4/5] fix typo in salt top file

---
 salt/top.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/top.sls b/salt/top.sls
index 7f3d7fef4..b1c64def4 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -6,7 +6,7 @@
 {%- set PLAYBOOK = salt['pillar.get']('master:playbook', '0') -%}
 base:
   '*':
-    = patch.needs_restarting
+    - patch.needs_restarting
     - patch.os.schedule
     - motd
 

From 09bf22c97a6e738672de2f7a2bbb277af700939c Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 19 Nov 2019 10:06:52 -0500
Subject: [PATCH 5/5] fix issues with updating motd if nodes needs restarted
 due to OS patch updates

---
 salt/patch/needs_restarting.sls | 1 +
 salt/patch/os/init.sls          | 1 -
 salt/top.sls                    | 2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/patch/needs_restarting.sls b/salt/patch/needs_restarting.sls
index f7ba2626d..f60909d22 100644
--- a/salt/patch/needs_restarting.sls
+++ b/salt/patch/needs_restarting.sls
@@ -2,3 +2,4 @@ needs_restarting:
   module.run:
     - mine.send:
       - func: needs_restarting.check
+    - order: last
diff --git a/salt/patch/os/init.sls b/salt/patch/os/init.sls
index a29bf8d12..7f2adc65b 100644
--- a/salt/patch/os/init.sls
+++ b/salt/patch/os/init.sls
@@ -8,4 +8,3 @@ patch_os:
   pkg.uptodate:
     - name: patch_os
     - refresh: True
-    - onchanges_in: needs_restarting
diff --git a/salt/top.sls b/salt/top.sls
index b1c64def4..a2662a89b 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -6,8 +6,8 @@
 {%- set PLAYBOOK = salt['pillar.get']('master:playbook', '0') -%}
 base:
   '*':
-    - patch.needs_restarting
     - patch.os.schedule
+    - patch.needs_restarting
     - motd
 
   'G@role:so-sensor':