diff --git a/salt/podman/files/podman.service b/salt/podman/files/podman.service deleted file mode 100644 index eaa2ec437..000000000 --- a/salt/podman/files/podman.service +++ /dev/null @@ -1,17 +0,0 @@ -[Unit] -Description=Podman API Service -Requires=podman.socket -After=podman.socket -Documentation=man:podman-api(1) -StartLimitIntervalSec=0 - -[Service] -Type=oneshot -Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=/usr/bin/podman system service -TimeoutStopSec=30 -KillMode=process - -[Install] -WantedBy=multi-user.target -Also=podman.socket diff --git a/salt/podman/files/podman.socket b/salt/podman/files/podman.socket deleted file mode 100644 index 8b22e31e4..000000000 --- a/salt/podman/files/podman.socket +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Podman API Socket -Documentation=man:podman-api(1) - -[Socket] -ListenStream=%t/podman/podman.sock -SocketMode=0660 - -[Install] -WantedBy=sockets.target diff --git a/salt/podman/files/sobridge.conflist b/salt/podman/files/sobridge.conflist deleted file mode 100644 index 45a7e2df9..000000000 --- a/salt/podman/files/sobridge.conflist +++ /dev/null @@ -1,48 +0,0 @@ -{ - "args": { - "podman_options": { - "isolate": "true", - "mtu": "1500" - } - }, - "cniVersion": "0.4.0", - "name": "sobridge", - "plugins": [ - { - "type": "bridge", - "bridge": "sobridge", - "isGateway": true, - "ipMasq": false, - "mtu": 1500, - "hairpinMode": false, - "ipam": { - "type": "host-local", - "routes": [ - { - "dst": "0.0.0.0/0" - } - ], - "ranges": [ - [ - { - "subnet": "172.17.1.0/24", - "gateway": "172.17.1.1" - } - ] - ] - }, - "capabilities": { - "ips": true - } - }, - { - "type": "portmap", - "capabilities": { - "portMappings": false - } - }, - { - "type": "tuning" - } - ] -} diff --git a/salt/podman/init.sls b/salt/podman/init.sls deleted file mode 100644 index 119857840..000000000 --- a/salt/podman/init.sls +++ /dev/null @@ -1,56 +0,0 @@ -{% from 'docker/docker.map.jinja' import DOCKER %} - -Podman pkg: - pkg.installed: - - name: podman - -cnipkg: - pkg.installed: - - name: containernetworking-plugins - -{# -Podman service: - file.managed: - - name: /usr/lib/systemd/system/podman.service - - source: salt://podman/podman.service -#} - -sobridgeconf: - file.managed: - - name: /etc/cni/net.d/sobridge.conflist - - source: salt://podman/files/sobridge.conflist - -Podman_socket_service: - service.running: - - name: podman.socket - - enable: true - -Podman_service: - service.running: - - name: podman.service - - enable: true - -Docker socket: - file.symlink: - - name: /var/run/docker.sock - - target: /var/run/podman/podman.sock - -podman_docker_symlink: - file.symlink: - - name: /usr/bin/docker - - target: /usr/bin/podman - -{# -sos_docker_net: - docker_network.present: - - name: sobridge - - subnet: {{ DOCKER.range }} - - gateway: {{ DOCKER.bip }} - - options: - com.docker.network.bridge.name: 'sobridge' - com.docker.network.driver.mtu: '1500' - com.docker.network.bridge.enable_ip_masquerade: 'true' - com.docker.network.bridge.enable_icc: 'true' - com.docker.network.bridge.host_binding_ipv4: '0.0.0.0' - - unless: 'docker network ls | grep sobridge' -#} diff --git a/setup/so-preflight b/setup/so-preflight deleted file mode 100755 index cc33ab36e..000000000 --- a/setup/so-preflight +++ /dev/null @@ -1,178 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -cd "$(dirname "$0")" || exit 255 - -source ../salt/common/tools/sbin/so-common -source ./so-functions - -script_run="$1" - -retry_count=10 -retry_sleep=5 -warning_prefix="[WARNING]" -info_prefix="[INFO ]" -error_prefix="[ERROR ]" - -if [[ $script_run == true ]]; then - preflight_log="${2:-'/root/preflight.log'}" -else - preflight_log='/root/preflight.log' -fi - -check_default_repos() { - local ret_code=0 - local repo_str=' Checking OS default repos with ' - if [[ $script_run == true ]]; then - printf '%s' "$repo_str" - else - printf '%s' "$repo_str" | tee -a "$preflight_log" - fi - - if [[ $script_run == true ]]; then - printf '%s' 'yum update.' - else - printf '%s' 'yum update.' | tee -a "$preflight_log" - fi - echo "" >> "$preflight_log" - yum -y check-update >> $preflight_log 2>&1 - ret_code=$? - if [[ $ret_code == 0 || $ret_code == 100 ]]; then - printf '%s\n' ' SUCCESS' - ret_code=0 - else - printf '%s\n' ' FAILURE' - fi - - return $ret_code -} - -check_new_repos() { - local repo_url_str=' Checking repo URLs added by setup.' - if [[ $script_run == true ]]; then - printf '%s' "$repo_url_str" - else - printf '%s' "$repo_url_str" | tee -a "$preflight_log" - fi - - local repo_arr=( - "https://download.docker.com/linux/centos/docker-ce.repo" - "https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub" - "https://download.docker.com/linux/ubuntu/gpg" - ) - - __check_url_arr "${repo_arr[@]}" - local ret_code=$? - [[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE' - return $ret_code -} - -check_misc_urls() { - local misc_url_str=' Checking various other URLs used by setup.' - if [[ $script_run == true ]]; then - printf '%s' "$misc_url_str" - else - printf '%s' "$misc_url_str" | tee -a "$preflight_log" - fi - - local so_version - so_version=$(cat ../VERSION) - local url_arr=( - "https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS" - "https://github.com/Neo23x0/signature-base" - "https://sigs.securityonion.net/$so_version/securityonion-$so_version.iso.sig" - "https://ghcr.io/" - "https://rules.emergingthreats.net/open/" - "https://rules.emergingthreatspro.com/" - ) - - __check_url_arr "${url_arr[@]}" - local ret_code=$? - [[ $ret_code == 0 ]] && printf '%s\n' ' SUCCESS' || printf '%s\n' ' FAILURE' - return $ret_code -} - -__check_url_arr() { - local ret_code=0 - echo "" >> "$preflight_log" - for url in "$@"; do - # Reset vars - local status=999 # Set status to something outside the range of normal HTTP codes but above the 200 range - local ret=1 - local count=0 - - while [[ $ret != 0 && $count -lt $retry_count ]]; do - ((count++)) - [[ $count != 1 ]] && sleep $retry_sleep - status=$(curl -s -o /dev/null -w "%{http_code}" -L "$url" 2> /dev/null) - ret=$? - local count_str - printf -v count_str '%02d' "$count" - [[ $ret != 0 ]] && echo "$warning_prefix ($count_str/$retry_count) Could not reach $url, curl error code: $ret" >> "$preflight_log" - done - - if [[ $ret == 0 ]]; then - url_success_str="Successfully reached $url" - if [[ $status -ge 400 ]]; then - echo "$warning_prefix $url_success_str but server responded with HTTP code $status." >> "$preflight_log" - else - printf '%s\n' "$info_prefix $url_success_str" >> "$preflight_log" - fi - else - ret_code=1 - echo "$error_prefix Could not reach $url after $retry_count attempts." >> "$preflight_log" - fi - done - echo "" >> "$preflight_log" - return $ret_code -} - - -main() { - local intro_str="Beginning pre-flight checks." - local success_str="Pre-flight checks completed successfully!" - local fail_str="Pre-flight checks could not complete." - - [[ -f $preflight_log ]] || touch "$preflight_log" - - detect_os "$preflight_log" - - if [[ $script_run == true ]]; then - echo "$intro_str" - else - echo "$intro_str" | tee "$preflight_log" - fi - - check_default_repos &&\ - check_new_repos &&\ - check_misc_urls - - local success=$? - - echo "" - if [[ $success == 0 ]]; then - if [[ $script_run == true ]]; then - echo "$success_str" - else - echo "$success_str" | tee -a "$preflight_log" - echo "" - fi - else - if [[ $script_run == true ]]; then - echo "$fail_str" - else - echo "$fail_str" | tee -a "$preflight_log" - echo "Check $preflight_log for details." - echo "" - fi - fi - - exit $success -} - -main diff --git a/setup/so-whiptail b/setup/so-whiptail index f44a0085f..9a1d21150 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1080,20 +1080,6 @@ whiptail_passwords_dont_match() { } -whiptail_preflight_err() { - [ -n "$TESTING" ] && return 1 - - read -r -d '' message <<- EOM - The so-preflight script failed checking one or more URLs required by setup. Check $setup_log for more details. - - Would you like to exit setup? - EOM - - whiptail --title "$whiptail_title" \ - --yesno "$message" 11 75 \ - --yes-button "Continue" --no-button "Exit" --defaultno -} - whiptail_proxy_ask() { [ -n "$TESTING" ] && return