Merge pull request #12062 from Security-Onion-Solutions/fix/curator_remove

Curator Remove Changes

salt/curator/disabled.sls

@@ -0,0 +1,32 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+so-curator:
+  docker_container.absent:
+    - force: True
+
+so-curator_so-status.disabled:
+  file.line:
+    - name: /opt/so/conf/so-status/so-status.conf
+    - match: ^so-curator$
+    - mode: delete
+
+so-curator-cluster-close:
+  cron.absent:
+    - identifier: so-curator-cluster-close
+
+so-curator-cluster-delete:
+  cron.absent:
+    - identifier: so-curator-cluster-delete
+
+delete_curator_configuration:
+  file.absent:
+    - name: /opt/so/conf/curator
+    - recurse: True
+
+{% set files = salt.file.find(path='/usr/sbin', name='so-curator*') %}
+delete_curator_scripts:
+  file.absent:
+    - names: {{files|yaml}}

salt/elasticsearch/enabled.sls

@@ -201,14 +201,6 @@ so-elasticsearch-roles-load:
       - docker_container: so-elasticsearch
       - file: elasticsearch_sbin_jinja
 {% if grains.role in ['so-eval', 'so-standalone', 'so-managersearch', 'so-heavynode', 'so-manager'] %}
-so-curator-cluster-close:
-  cron.absent:
-    - identifier: so-curator-cluster-close
-
-so-curator-cluster-delete:
-  cron.absent:
-    - identifier: so-curator-cluster-delete
-
 so-elasticsearch-indices-delete:
   cron.present:
     - name: /usr/sbin/so-elasticsearch-indices-delete > /opt/so/log/elasticsearch/cron-elasticsearch-indices-delete.log 2>&1

salt/elasticsearch/tools/sbin/so-elastic-diagnose

@@ -11,7 +11,7 @@
 . /usr/sbin/so-common
 
 # Check for log files
-for FILE in /opt/so/log/elasticsearch/*.log /opt/so/log/logstash/*.log /opt/so/log/kibana/*.log /opt/so/log/elastalert/*.log /opt/so/log/curator/*.log /opt/so/log/freqserver/*.log /opt/so/log/nginx/*.log; do
+for FILE in /opt/so/log/elasticsearch/*.log /opt/so/log/logstash/*.log /opt/so/log/kibana/*.log /opt/so/log/elastalert/*.log /opt/so/log/freqserver/*.log /opt/so/log/nginx/*.log; do
 
 # If file exists, then look for errors or warnings 
 if [ -f $FILE ]; then

salt/elasticsearch/tools/sbin_jinja/so-elastic-restart

@@ -23,10 +23,6 @@
 /usr/sbin/so-restart logstash $1
 {%- endif %}
 
-{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
-/usr/sbin/so-restart curator $1
-{%- endif %}
-
 {%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%}
 /usr/sbin/so-restart elastalert $1
 {%- endif %}

salt/elasticsearch/tools/sbin_jinja/so-elastic-start

@@ -22,10 +22,6 @@
 /usr/sbin/so-start logstash $1
 {%- endif %}
 
-{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
-/usr/sbin/so-start curator $1
-{%- endif %}
-
 {%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%}
 /usr/sbin/so-start elastalert $1
 {%- endif %}

salt/elasticsearch/tools/sbin_jinja/so-elastic-stop

@@ -22,10 +22,6 @@
 /usr/sbin/so-stop logstash $1
 {%- endif %}
 
-{%- if GLOBALS.role in ['so-manager', 'so-managersearch', 'so-standalone', 'so-heavynode', 'so-searchnode']%}
-/usr/sbin/so-stop curator $1
-{%- endif %}
-
 {%- if GLOBALS.role in ['so-eval','so-manager', 'so-managersearch', 'so-standalone']%}
 /usr/sbin/so-stop elastalert $1
 {%- endif %}

salt/manager/tools/sbin/soup

@@ -417,7 +417,6 @@ postupgrade_changes() {
     [[ "$POSTVERSION" == 2.4.5 ]] && post_to_2.4.10 
     [[ "$POSTVERSION" == 2.4.10 ]] && post_to_2.4.20
     [[ "$POSTVERSION" == 2.4.20 ]] && post_to_2.4.30
-    [[ "$POSTVERSION" == 2.4.30 ]] && post_to_2.4.40 
     true
 }
 
@@ -464,15 +463,6 @@ post_to_2.4.30() {
   POSTVERSION=2.4.30
 }
 
-post_to_2.4.40() {
-  echo "Stopping Curator"
-  so-curator-stop
-  echo "Removing Curator configuration"
-  rm -rf /opt/so/conf/curator/
-  rm -f /usr/sbin/so-curator-*
-  sed -i '/so-curator/d' /opt/so/conf/so-status/so-status.conf
-}
-
 repo_sync() {
   echo "Sync the local repo."
   su socore -c '/usr/sbin/so-repo-sync' || fail "Unable to complete so-repo-sync."

salt/top.sls

@@ -74,6 +74,7 @@ base:
     - suricata
     - zeek
     - strelka
+    - curator.disabled
     - elastalert
     - utility
     - soctopus
@@ -103,6 +104,7 @@ base:
     - redis
     - elastic-fleet-package-registry
     - kibana
+    - curator.disabled
     - elastalert
     - utility
     - soctopus
@@ -138,6 +140,7 @@ base:
     - suricata
     - zeek
     - strelka
+    - curator.disabled
     - elastalert
     - utility
     - soctopus
@@ -176,6 +179,7 @@ base:
     - elasticsearch
     - logstash
     - redis
+    - curator.disabled
     - elastic-fleet-package-registry
     - kibana
     - elastalert
@@ -195,6 +199,7 @@ base:
     - elasticsearch
     - logstash
     - redis
+    - curator.disabled
     - strelka
     - pcap
     - suricata