From 29c5f3212f50792ad534d986517cb861d81d5f7b Mon Sep 17 00:00:00 2001
From: Pete <petiepooo@gmail.com>
Date: Wed, 17 Feb 2021 16:53:31 +0000
Subject: [PATCH 1/6] make log_size_limit calculation more specific

Extend the directory traversal into /nsm/elasticsearch in case that's a separate mountpoint from /nsm/.
---
 setup/so-functions | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/setup/so-functions b/setup/so-functions
index c12ae0a8c..5bce16236 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1743,6 +1743,9 @@ set_default_log_size() {
 	if [ -d /nsm ]; then
 		disk_dir="/nsm"
 	fi
+	if [ -d /nsm/elasticsearch ]; then
+		disk_dir="/nsm/elasticsearch"
+	fi
 	local disk_size_1k
 	disk_size_1k=$(df $disk_dir | grep -v "^Filesystem" | awk '{print $2}')
 

From 09c94ddf95742e36c618a89f84f49a45a2a908bb Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Wed, 24 Feb 2021 08:57:25 -0500
Subject: [PATCH 2/6] Docker Cleanup

---
 salt/docker_clean/init.sls | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/docker_clean/init.sls b/salt/docker_clean/init.sls
index 21e672c00..0f9e5d26f 100644
--- a/salt/docker_clean/init.sls
+++ b/salt/docker_clean/init.sls
@@ -3,7 +3,7 @@
 
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
-{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2']%}
+{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2','2.3.10','2.3.20']%}
 
 {% for VERSION in OLDVERSIONS %}
 remove_images_{{ VERSION }}:
@@ -53,4 +53,4 @@ remove_images_{{ VERSION }}:
   test.fail_without_changes:
     - name: {{sls}}_state_not_allowed
 
-{% endif %}
\ No newline at end of file
+{% endif %}

From 050058a959a54025dc55298eaf1692d91a0076a2 Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 24 Feb 2021 09:34:14 -0500
Subject: [PATCH 3/6] Add retry support for 'docker pull' command

---
 salt/common/tools/sbin/so-image-common | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common
index 4e5aedc5f..402ae97f3 100755
--- a/salt/common/tools/sbin/so-image-common
+++ b/salt/common/tools/sbin/so-image-common
@@ -151,7 +151,7 @@ update_docker_containers() {
 
     # Pull down the trusted docker image
     local image=$i:$VERSION$IMAGE_TAG_SUFFIX
-    docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image >> "$LOG_FILE" 2>&1 
+    retry 50 10 "docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$image" >> "$LOG_FILE" 2>&1 
     
     # Get signature
     retry 50 10 "curl -A '$CURLTYPE/$CURRENTVERSION/$OS/$(uname -r)' https://sigs.securityonion.net/$VERSION/$i:$VERSION$IMAGE_TAG_SUFFIX.sig --output $SIGNPATH/$image.sig" >> "$LOG_FILE" 2>&1

From 3552abfca15422ee44a7766f29596413632471ca Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 24 Feb 2021 11:50:08 -0500
Subject: [PATCH 4/6] ensure info log level -

---
 salt/salt/minion.sls | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls
index de85693c6..4b0bbcd3f 100644
--- a/salt/salt/minion.sls
+++ b/salt/salt/minion.sls
@@ -23,6 +23,15 @@ salt_minion_package:
     - hold: True
     - onlyif: test "{{INSTALLEDSALTVERSION}}" == "{{SALTVERSION}}"
 
+set_log_levels:
+  file.append:
+    - name: /etc/salt/minion
+    - text:
+      - "log_level: info"
+      - "log_level_log_file: info"
+    - listen_in:
+      - service: salt_minion_service
+
 salt_minion_service:
   service.running:
     - name: salt-minion

From eba5d271aa907db942a4bd1b79194f67ab09e366 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Wed, 24 Feb 2021 11:56:43 -0500
Subject: [PATCH 5/6] logfile is 1 word
 https://github.com/Security-Onion-Solutions/securityonion/issues/3115

---
 salt/salt/minion.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls
index 4b0bbcd3f..004fddebe 100644
--- a/salt/salt/minion.sls
+++ b/salt/salt/minion.sls
@@ -28,7 +28,7 @@ set_log_levels:
     - name: /etc/salt/minion
     - text:
       - "log_level: info"
-      - "log_level_log_file: info"
+      - "log_level_logfile: info"
     - listen_in:
       - service: salt_minion_service
 

From 6ea8eab9af98f05681e21b677f2f9a0fa8efed79 Mon Sep 17 00:00:00 2001
From: Wes Lambert <wlambertts@gmail.com>
Date: Wed, 24 Feb 2021 20:32:47 +0000
Subject: [PATCH 6/6] Modify soup to add Strelka rule repo in pillar

---
 salt/common/tools/sbin/soup | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index c1b649610..12ead2cf2 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -338,8 +338,16 @@ up_2.3.2X_to_2.3.30() {
   # Replace any curly brace scalars with the same scalar in single quotes
   readarray -t minion_pillars <<< "$(find /opt/so/saltstack/local/pillar/minions -type f -name '*.sls')"
   for pillar in "${minion_pillars[@]}"; do
-    sed -i -r "s/ (\{\{.*}})$/ '\1'/g" "$pillar" 
+    sed -i -r "s/ (\{\{.*}})$/ '\1'/g" "$pillar"
   done
+  # Strelka rule repo pillar addition
+  if [ $is_airgap -eq 0 ]; then
+      # Add manager as default Strelka YARA rule repo
+      sed -i "/^strelka:/a \\  repos: \n    - https://$HOSTNAME/repo/rules/strelka" /opt/so/saltstack/local/pillar/global.sls;
+  else
+      # Add Github repo for Strelka YARA rules
+      sed -i "/^strelka:/a \\  repos: \n    - https://github.com/Neo23x0/signature-base" /opt/so/saltstack/local/pillar/global.sls;
+  fi
 }
 
 space_check() {