From 71a409f21035dc58071d1ad34a3cb5b8a51b8c69 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 13 Nov 2020 18:23:55 -0500
Subject: [PATCH] fix threshold logic
 https://github.com/Security-Onion-Solutions/securityonion/issues/1831

---
 salt/common/tools/sbin/so-salt-minion-check | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/common/tools/sbin/so-salt-minion-check b/salt/common/tools/sbin/so-salt-minion-check
index a28fd1367..0d69c7e96 100644
--- a/salt/common/tools/sbin/so-salt-minion-check
+++ b/salt/common/tools/sbin/so-salt-minion-check
@@ -34,7 +34,7 @@ LAST_HIGHSTATE_END=$([ -e "/opt/so/log/salt/lasthighstate" ] && date -r /opt/so/
 LAST_HEALTHCHECK_STATE_APPLY=$([ -e "/opt/so/log/salt/state-apply-test" ] && date -r /opt/so/log/salt/state-apply-test +%s || echo 0)
 # SETTING THRESHOLD TO ANYTHING UNDER 600 seconds may cause a lot of salt-minion restarts
 THRESHOLD={{SALT_MINION_DEFAULTS.salt.minion.check_threshold}} #within how many seconds the file /opt/so/log/salt/state-apply-test must have been touched/modified before the salt minion is restarted
-THRESHOLD_DATE=$((CURRENT_TIME-THRESHOLD))
+THRESHOLD_DATE=$((LAST_HEALTHCHECK_STATE_APPLY+THRESHOLD))
 
 logCmd() {
   cmd=$1
@@ -87,7 +87,7 @@ log "running so-salt-minion-check"
 
 if [ $CURRENT_TIME -ge $((SYSTEM_START_TIME+$UPTIME_REQ))  ]; then
   log "system uptime is at least $UPTIME_REQ seconds" I
-  if [ $LAST_HEALTHCHECK_STATE_APPLY -le $THRESHOLD_DATE ]; then
+  if [ $THRESHOLD_DATE -le $CURRENT_TIME ]; then
     log "salt-minion is unable to apply states" E
     log "/opt/so/log/salt/healthcheck-state-apply ($LAST_HEALTHCHECK_STATE_APPLY) older than threshold date ($THRESHOLD_DATE)" I
     log "last highstate completed at $LAST_HIGHSTATE_END" I