Merge pull request #14933 from Security-Onion-Solutions/reyesj2/ol9stg

profile update
2025-12-09 10:42:54 +01:00 · 2025-08-15 16:26:11 -05:00
parent 482847187c f7a1a3a172
commit 6fae4a9974
8 changed files with 181312 additions and 161869 deletions
--- a/salt/elasticfleet/artifact_registry.sls
+++ b/salt/elasticfleet/artifact_registry.sls
@@ -9,3 +9,6 @@ fleetartifactdir:
    - user: 947
    - group: 939
    - makedirs: True
    - recurse:
      - user
      - group
--- a/salt/elasticfleet/config.sls
+++ b/salt/elasticfleet/config.sls
@@ -9,6 +9,9 @@
 {% from 'elasticfleet/map.jinja' import ELASTICFLEETMERGED %}
 {% set node_data = salt['pillar.get']('node_data') %}
 include:
  - elasticfleet.artifact_registry
 # Add EA Group
 elasticfleetgroup:
  group.present:
--- a/salt/elasticfleet/enabled.sls
+++ b/salt/elasticfleet/enabled.sls
@@ -67,6 +67,8 @@ so-elastic-fleet-auto-configure-artifact-urls:
 elasticagent_syncartifacts:
  file.recurse:
    - name: /nsm/elastic-fleet/artifacts/beats
    - user: 947
    - group: 947
    - source: salt://beats
 {% endif %}
--- a/salt/ntp/chrony.conf
+++ b/salt/ntp/chrony.conf
@@ -1,7 +1,7 @@
 # NTP server list
 {%- for SERVER in NTPCONFIG.servers %}
-server {{ SERVER }} iburst
+server {{ SERVER }} iburst maxpoll 10
 {%- endfor %}
 # Config options
@@ -9,3 +9,5 @@ driftfile /var/lib/chrony/drift
 makestep 1.0 3
 rtcsync
 logdir /var/log/chrony
 port 0
 cmdport 0
--- a/salt/pcap/init.sls
+++ b/salt/pcap/init.sls
@@ -18,11 +18,19 @@ include:
 # This directory needs to exist regardless of whether STENO is enabled or not, in order for
 # Sensoroni to be able to look at old steno PCAP data
 # if stenographer has never run as the pcap engine no 941 user is created, so we use socore as a placeholder.
 # /nsm/pcap is empty until stenographer is used as pcap engine
 {% set pcap_id = 941 %}
 {% set user_list = salt['user.list_users']() %}
 {% if 'stenographer' not in user_list %}
 {%   set pcap_id = 939 %}
 {% endif %}
 pcapdir:
  file.directory:
    - name: /nsm/pcap
-    - user: 941
+    - user: {{ pcap_id }}
-    - group: 941
+    - group: {{ pcap_id }}
    - makedirs: True
 pcapoutdir:
--- a/salt/stig/enabled.sls
+++ b/salt/stig/enabled.sls
@@ -13,7 +13,11 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states and GLOBALS.os == 'OEL' %}
 {%   if 'stg' in salt['pillar.get']('features', []) %}
  {%   if GLOBALS.role != 'so-desktop' %}
  {%     set OSCAP_PROFILE_NAME = 'xccdf_org.ssgproject.content_profile_stig' %}
  {%   else %}
  {%     set OSCAP_PROFILE_NAME = 'xccdf_org.ssgproject.content_profile_stig_gui' %}
  {%   endif %}
  {% set OSCAP_PROFILE_LOCATION = '/opt/so/conf/stig/sos-oscap.xml' %}
  {% set OSCAP_OUTPUT_DIR = '/opt/so/log/stig' %}
 oscap_packages:
@@ -49,7 +53,7 @@ update_stig_profile:
 {% if not salt['file.file_exists'](OSCAP_OUTPUT_DIR ~ '/pre-oscap-report.html') %}
 run_initial_scan:
  cmd.run:
-    - name: 'oscap xccdf eval --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/pre-oscap-results.xml --report {{ OSCAP_OUTPUT_DIR }}/pre-oscap-report.html {{ OSCAP_PROFILE_LOCATION }}'
+    - name: 'oscap xccdf eval --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/pre-oscap-results.xml --report {{ OSCAP_OUTPUT_DIR }}/pre-oscap-report.html /usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml'
    - success_retcodes:
      - 2
 {% endif %}
--- a/salt/stig/files/sos-oscap.xml
+++ b/salt/stig/files/sos-oscap.xml
--- a/salt/zeek/config.sls
+++ b/salt/zeek/config.sls
@@ -22,7 +22,8 @@ zeek:
  user.present:
    - uid: 937
    - gid: 937
-    - home: /home/zeek
+    - home: /opt/so/conf/zeek
    - createhome: False
 # Create some directories
 zeekpolicydir: