diff --git a/salt/curator/disabled.sls b/salt/curator/disabled.sls new file mode 100644 index 000000000..df0274766 --- /dev/null +++ b/salt/curator/disabled.sls @@ -0,0 +1,32 @@ +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +so-curator: + docker_container.absent: + - force: True + +so-curator_so-status.disabled: + file.line: + - name: /opt/so/conf/so-status/so-status.conf + - match: ^so-curator$ + - mode: delete + +so-curator-cluster-close: + cron.absent: + - identifier: so-curator-cluster-close + +so-curator-cluster-delete: + cron.absent: + - identifier: so-curator-cluster-delete + +delete_curator_configuration: + file.absent: + - name: /opt/so/conf/curator + - recurse: True + +{% set files = salt.file.find(path='/usr/sbin', name='so-curator*') %} +delete_curator_scripts: + file.absent: + - names: {{files|yaml}} diff --git a/salt/elasticsearch/enabled.sls b/salt/elasticsearch/enabled.sls index 818b0666c..b9c66f231 100644 --- a/salt/elasticsearch/enabled.sls +++ b/salt/elasticsearch/enabled.sls @@ -201,14 +201,6 @@ so-elasticsearch-roles-load: - docker_container: so-elasticsearch - file: elasticsearch_sbin_jinja {% if grains.role in ['so-eval', 'so-standalone', 'so-managersearch', 'so-heavynode', 'so-manager'] %} -so-curator-cluster-close: - cron.absent: - - identifier: so-curator-cluster-close - -so-curator-cluster-delete: - cron.absent: - - identifier: so-curator-cluster-delete - so-elasticsearch-indices-delete: cron.present: - name: /usr/sbin/so-elasticsearch-indices-delete > /opt/so/log/elasticsearch/cron-elasticsearch-indices-delete.log 2>&1 diff --git a/salt/elasticsearch/tools/sbin/so-elastic-diagnose b/salt/elasticsearch/tools/sbin/so-elastic-diagnose index a94384fe8..971667c7a 100755 --- a/salt/elasticsearch/tools/sbin/so-elastic-diagnose +++ b/salt/elasticsearch/tools/sbin/so-elastic-diagnose @@ -11,7 +11,7 @@ . /usr/sbin/so-common # Check for log files -for FILE in /opt/so/log/elasticsearch/*.log /opt/so/log/logstash/*.log /opt/so/log/kibana/*.log /opt/so/log/elastalert/*.log /opt/so/log/curator/*.log /opt/so/log/freqserver/*.log /opt/so/log/nginx/*.log; do +for FILE in /opt/so/log/elasticsearch/*.log /opt/so/log/logstash/*.log /opt/so/log/kibana/*.log /opt/so/log/elastalert/*.log /opt/so/log/freqserver/*.log /opt/so/log/nginx/*.log; do # If file exists, then look for errors or warnings if [ -f $FILE ]; then diff --git a/salt/elasticsearch/tools/sbin_jinja/so-elastic-restart b/salt/elasticsearch/tools/sbin_jinja/so-elastic-restart index 1b5e9bf03..c5b9b71cd 100755 --- a/salt/elasticsearch/tools/sbin_jinja/so-elastic-restart +++ b/salt/elasticsearch/tools/sbin_jinja/so-elastic-restart @@ -23,10 +23,6 @@ /usr/sbin/so-restart logstash $1 {%- endif %} -{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} -/usr/sbin/so-restart curator $1 -{%- endif %} - {%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} /usr/sbin/so-restart elastalert $1 {%- endif %} diff --git a/salt/elasticsearch/tools/sbin_jinja/so-elastic-start b/salt/elasticsearch/tools/sbin_jinja/so-elastic-start index 6be969e9d..2a82dad21 100755 --- a/salt/elasticsearch/tools/sbin_jinja/so-elastic-start +++ b/salt/elasticsearch/tools/sbin_jinja/so-elastic-start @@ -22,10 +22,6 @@ /usr/sbin/so-start logstash $1 {%- endif %} -{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} -/usr/sbin/so-start curator $1 -{%- endif %} - {%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} /usr/sbin/so-start elastalert $1 {%- endif %} diff --git a/salt/elasticsearch/tools/sbin_jinja/so-elastic-stop b/salt/elasticsearch/tools/sbin_jinja/so-elastic-stop index b6ea04964..c4caa599c 100755 --- a/salt/elasticsearch/tools/sbin_jinja/so-elastic-stop +++ b/salt/elasticsearch/tools/sbin_jinja/so-elastic-stop @@ -22,10 +22,6 @@ /usr/sbin/so-stop logstash $1 {%- endif %} -{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%} -/usr/sbin/so-stop curator $1 -{%- endif %} - {%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%} /usr/sbin/so-stop elastalert $1 {%- endif %} diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 4a0adbc98..10a5d7023 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -417,7 +417,6 @@ postupgrade_changes() { [[ "$POSTVERSION" == 2.4.5 ]] && post_to_2.4.10 [[ "$POSTVERSION" == 2.4.10 ]] && post_to_2.4.20 [[ "$POSTVERSION" == 2.4.20 ]] && post_to_2.4.30 - [[ "$POSTVERSION" == 2.4.30 ]] && post_to_2.4.40 true } @@ -464,15 +463,6 @@ post_to_2.4.30() { POSTVERSION=2.4.30 } -post_to_2.4.40() { - echo "Stopping Curator" - so-curator-stop - echo "Removing Curator configuration" - rm -rf /opt/so/conf/curator/ - rm -f /usr/sbin/so-curator-* - sed -i '/so-curator/d' /opt/so/conf/so-status/so-status.conf -} - repo_sync() { echo "Sync the local repo." su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync." diff --git a/salt/top.sls b/salt/top.sls index 5e7d13532..a07f2d9e1 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -74,6 +74,7 @@ base: - suricata - zeek - strelka + - curator.disabled - elastalert - utility - soctopus @@ -103,6 +104,7 @@ base: - redis - elastic-fleet-package-registry - kibana + - curator.disabled - elastalert - utility - soctopus @@ -138,6 +140,7 @@ base: - suricata - zeek - strelka + - curator.disabled - elastalert - utility - soctopus @@ -176,6 +179,7 @@ base: - elasticsearch - logstash - redis + - curator.disabled - elastic-fleet-package-registry - kibana - elastalert @@ -195,6 +199,7 @@ base: - elasticsearch - logstash - redis + - curator.disabled - strelka - pcap - suricata