diff --git a/pillar/top.sls b/pillar/top.sls index d0cea8798..cc6863e22 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -1,7 +1,6 @@ base: '*': - patch.needs_restarting - - docker.config '*_eval or *_helix or *_heavynode or *_sensor': - match: compound diff --git a/salt/common/maps/broversion.map.jinja b/salt/common/maps/broversion.map.jinja new file mode 100644 index 000000000..9a06b52ed --- /dev/null +++ b/salt/common/maps/broversion.map.jinja @@ -0,0 +1,5 @@ +{% set docker = { + 'containers': [ + 'so-zeek' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/domainstats.map.jinja b/salt/common/maps/domainstats.map.jinja new file mode 100644 index 000000000..221dcde03 --- /dev/null +++ b/salt/common/maps/domainstats.map.jinja @@ -0,0 +1,5 @@ +{% set docker = { + 'containers': [ + 'so-domainstats' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/eval.map.jinja b/salt/common/maps/eval.map.jinja new file mode 100644 index 000000000..56f2116b9 --- /dev/null +++ b/salt/common/maps/eval.map.jinja @@ -0,0 +1,18 @@ +{% set docker = { + 'containers': [ + 'so-nginx', + 'so-telegraf', + 'so-dockerregistry', + 'so-soc', + 'so-kratos', + 'so-idstools', + 'so-elasticsearch', + 'so-kibana', + 'so-steno', + 'so-suricata', + 'so-zeek', + 'so-curator', + 'so-elastalert', + 'so-soctopus' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/fleet.map.jinja b/salt/common/maps/fleet.map.jinja new file mode 100644 index 000000000..c55223125 --- /dev/null +++ b/salt/common/maps/fleet.map.jinja @@ -0,0 +1,10 @@ +{% set docker = { + 'containers': [ + 'so-mysql', + 'so-fleet', + 'so-redis', + 'so-filebeat', + 'so-nginx', + 'so-telegraf' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/fleet_master.map.jinja b/salt/common/maps/fleet_master.map.jinja new file mode 100644 index 000000000..91850846c --- /dev/null +++ b/salt/common/maps/fleet_master.map.jinja @@ -0,0 +1,7 @@ +{% set docker = { + 'containers': [ + 'so-mysql', + 'so-fleet', + 'so-redis' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/freq.map.jinja b/salt/common/maps/freq.map.jinja new file mode 100644 index 000000000..d3f692484 --- /dev/null +++ b/salt/common/maps/freq.map.jinja @@ -0,0 +1,5 @@ +{% set docker = { + 'containers': [ + 'so-freqserver' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/grafana.map.jinja b/salt/common/maps/grafana.map.jinja new file mode 100644 index 000000000..1118a50fe --- /dev/null +++ b/salt/common/maps/grafana.map.jinja @@ -0,0 +1,6 @@ +{% set docker = { + 'containers': [ + 'so-influxdb', + 'so-grafana' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/heavynode.map.jinja b/salt/common/maps/heavynode.map.jinja new file mode 100644 index 000000000..2b8257a6a --- /dev/null +++ b/salt/common/maps/heavynode.map.jinja @@ -0,0 +1,14 @@ +{% set docker = { + 'containers': [ + 'so-nginx', + 'so-telegraf', + 'so-redis', + 'so-logstash', + 'so-elasticsearch', + 'so-curator', + 'so-steno', + 'so-suricata', + 'so-wazuh', + 'so-filebeat + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/helixsensor.map.jinja b/salt/common/maps/helixsensor.map.jinja new file mode 100644 index 000000000..84866de3a --- /dev/null +++ b/salt/common/maps/helixsensor.map.jinja @@ -0,0 +1,12 @@ +{% set docker = { + 'containers': [ + 'so-nginx', + 'so-telegraf', + 'so-idstools', + 'so-steno', + 'so-zeek', + 'so-redis', + 'so-logstash', + 'so-filebeat + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/hotnode.map.jinja b/salt/common/maps/hotnode.map.jinja new file mode 100644 index 000000000..bc9d58360 --- /dev/null +++ b/salt/common/maps/hotnode.map.jinja @@ -0,0 +1,9 @@ +{% set docker = { + 'containers': [ + 'so-nginx', + 'so-telegraf', + 'so-logstash', + 'so-elasticsearch', + 'so-curator', + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/master.map.jinja b/salt/common/maps/master.map.jinja new file mode 100644 index 000000000..84918c39f --- /dev/null +++ b/salt/common/maps/master.map.jinja @@ -0,0 +1,18 @@ +{% set docker = { + 'containers': [ + 'so-dockerregistry', + 'so-nginx', + 'so-telegraf', + 'so-soc', + 'so-kratos', + 'so-acng', + 'so-idstools', + 'so-redis', + 'so-elasticsearch', + 'so-logstash', + 'so-kibana', + 'so-elastalert', + 'so-filebeat', + 'so-soctopus' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/mastersearch.map.jinja b/salt/common/maps/mastersearch.map.jinja new file mode 100644 index 000000000..9c2e6eff7 --- /dev/null +++ b/salt/common/maps/mastersearch.map.jinja @@ -0,0 +1,18 @@ +{% set docker = { + 'containers': [ + 'so-nginx', + 'so-telegraf', + 'so-soc', + 'so-kratos', + 'so-acng', + 'so-idstools', + 'so-redis', + 'so-logstash', + 'so-elasticsearch', + 'so-curator', + 'so-kibana', + 'so-elastalert', + 'so-filebeat', + 'so-soctopus' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/playbook.map.jinja b/salt/common/maps/playbook.map.jinja new file mode 100644 index 000000000..064262119 --- /dev/null +++ b/salt/common/maps/playbook.map.jinja @@ -0,0 +1,6 @@ +{% set docker = { + 'containers': [ + 'so-playbook', + 'so-navigator' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/searchnode.map.jinja b/salt/common/maps/searchnode.map.jinja new file mode 100644 index 000000000..b46652742 --- /dev/null +++ b/salt/common/maps/searchnode.map.jinja @@ -0,0 +1,10 @@ +{% set docker = { + 'containers': [ + 'so-nginx', + 'so-telegraf', + 'so-logstash', + 'so-elasticsearch', + 'so-curator', + 'so-filebeat' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/sensor.map.jinja b/salt/common/maps/sensor.map.jinja new file mode 100644 index 000000000..e77352692 --- /dev/null +++ b/salt/common/maps/sensor.map.jinja @@ -0,0 +1,9 @@ +{% set docker = { + 'containers': [ + 'so-nginx', + 'so-telegraf', + 'so-steno', + 'so-suricata', + 'so-filebeat' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/so-status.map.jinja b/salt/common/maps/so-status.map.jinja new file mode 100644 index 000000000..39672410c --- /dev/null +++ b/salt/common/maps/so-status.map.jinja @@ -0,0 +1,61 @@ +{% set role = grains.id.split('_') | last %} +{% from 'common/maps/'~ role ~'.map.jinja' import docker with context %} + +# Check if the service is enabled and append it's required containers +# to the list predefined by the role / minion id affix +{% macro append_containers(pillar_name, k, compare )%} + {% if salt['pillar.get'](pillar_name~':'~k, {}) != compare %} + {% from 'common/maps/'~k~'.map.jinja' import docker as d with context %} + {% for li in d['containers'] %} + {{ docker['containers'].append(li) }} + {% endfor %} + {% endif %} +{% endmacro %} + +{% set docker = salt['grains.filter_by']({ + '*_'~role: { + 'containers': docker['containers'] + } +},grain='id', merge=salt['pillar.get']('docker')) %} + +{% if role == 'eval' %} + {{ append_containers('master', 'grafana', 0) }} + {{ append_containers('static', 'fleet_master', 0) }} + {{ append_containers('master', 'wazuh', 0) }} + {{ append_containers('master', 'thehive', 0) }} + {{ append_containers('master', 'playbook', 0) }} + {{ append_containers('master', 'freq', 0) }} + {{ append_containers('master', 'domainstats', 0) }} +{% endif %} + +{% if role == 'heavynode' %} + {{ append_containers('static', 'broversion', 'SURICATA') }} +{% endif %} + +{% if role == 'mastersearch' %} + {{ append_containers('master', 'grafana', 0) }} + {{ append_containers('static', 'fleet_master', 0) }} + {{ append_containers('master', 'wazuh', 0) }} + {{ append_containers('master', 'thehive', 0) }} + {{ append_containers('master', 'playbook', 0) }} + {{ append_containers('master', 'freq', 0) }} + {{ append_containers('master', 'domainstats', 0) }} +{% endif %} + +{% if role == 'master' %} + {{ append_containers('master', 'grafana', 0) }} + {{ append_containers('static', 'fleet_master', 0) }} + {{ append_containers('master', 'wazuh', 0) }} + {{ append_containers('master', 'thehive', 0) }} + {{ append_containers('master', 'playbook', 0) }} + {{ append_containers('master', 'freq', 0) }} + {{ append_containers('master', 'domainstats', 0) }} +{% endif %} + +{% if role == 'searchnode' %} + {{ append_containers('master', 'wazuh', 0) }} +{% endif %} + +{% if role == 'sensor' %} + {{ append_containers('static', 'broversion', 'SURICATA') }} +{% endif %} \ No newline at end of file diff --git a/salt/common/maps/thehive.map.jinja b/salt/common/maps/thehive.map.jinja new file mode 100644 index 000000000..e4ca7d2a2 --- /dev/null +++ b/salt/common/maps/thehive.map.jinja @@ -0,0 +1,7 @@ +{% set docker = { + 'containers': [ + 'so-thehive', + 'so-thehive-es', + 'so-cortex' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/warmnode.map.jinja b/salt/common/maps/warmnode.map.jinja new file mode 100644 index 000000000..08cf2dbb8 --- /dev/null +++ b/salt/common/maps/warmnode.map.jinja @@ -0,0 +1,7 @@ +{% set docker = { + 'containers': [ + 'so-nginx', + 'so-telegraf', + 'so-elasticsearch' + ] +} %} \ No newline at end of file diff --git a/salt/common/maps/wazuh.map.jinja b/salt/common/maps/wazuh.map.jinja new file mode 100644 index 000000000..5217a79ee --- /dev/null +++ b/salt/common/maps/wazuh.map.jinja @@ -0,0 +1,5 @@ +{% set docker = { + 'containers': [ + 'so-wazuh' + ] +} %} \ No newline at end of file diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 0fb202a51..29c029623 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -14,35 +14,8 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . - -{%- set pillar_suffix = ':containers' -%} -{%- if (salt['grains.get']('role') == 'so-mastersearch') -%} - {%- set pillar_val = 'master_search' -%} -{%- elif (salt['grains.get']('role') == 'so-master') -%} - {%- set pillar_val = 'master' -%} -{%- elif (salt['grains.get']('role') == 'so-heavynode') -%} - {%- set pillar_val = 'heavy_node' -%} -{%- elif (salt['grains.get']('role') == 'so-sensor') -%} - {%- set pillar_val = 'sensor' -%} -{%- elif (salt['grains.get']('role') == 'so-eval') -%} - {%- set pillar_val = 'eval' -%} -{%- elif (salt['grains.get']('role') == 'so-fleet') -%} - {%- set pillar_val = 'fleet' -%} -{%- elif (salt['grains.get']('role') == 'so-helix') -%} - {%- set pillar_val = 'helix' -%} -{%- elif (salt['grains.get']('role') == 'so-node') -%} - {%- if (salt['pillar.get']('node:node_type') == 'parser') -%} - {%- set pillar_val = 'parser_node' -%} - {%- elif (salt['pillar.get']('node:node_type') == 'hot') -%} - {%- set pillar_val = 'hot_node' -%} - {%- elif (salt['pillar.get']('node:node_type') == 'warm') -%} - {%- set pillar_val = 'warm_node' -%} - {%- elif (salt['pillar.get']('node:node_type') == 'search') -%} - {%- set pillar_val = 'search_node' -%} - {%- endif -%} -{%- endif -%} -{%- set pillar_name = pillar_val ~ pillar_suffix -%} -{%- set container_list = salt['pillar.get'](pillar_name) %} +{%- from 'common/maps/so-status.map.jinja' import docker with context %} +{%- set container_list = docker['containers'] %} if ! [ "$(id -u)" = 0 ]; then echo "This command must be run as root" diff --git a/setup/so-functions b/setup/so-functions index b50821fd8..ecd6443fe 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -818,10 +818,10 @@ install_master() { else if [ $OSVER != "xenial" ]; then - apt-get install -y salt-common=2019.2.3+ds-1 salt-master=2019.2.3+ds-1 salt-minion=2019.2.3+ds-1 libssl-dev python-m2crypto + apt-get install -y salt-common=2019.2.4+ds-1 salt-master=2019.2.4+ds-1 salt-minion=2019.2.4+ds-1 libssl-dev python-m2crypto apt-mark hold salt-common salt-master salt-minion else - apt-get install -y salt-common=2019.2.3+ds-1 salt-master=2019.2.3+ds-1 salt-minion=2019.2.3+ds-1 libssl-dev python-m2crypto + apt-get install -y salt-common=2019.2.4+ds-1 salt-master=2019.2.4+ds-1 salt-minion=2019.2.4+ds-1 libssl-dev python-m2crypto apt-mark hold salt-common salt-master salt-minion fi fi @@ -1233,17 +1233,17 @@ EOF fi yum clean expire-cache - yum -y install epel-release salt-minion-2019.2.3 yum-utils device-mapper-persistent-data lvm2 openssl jq + yum -y install epel-release salt-minion-2019.2.4 yum-utils device-mapper-persistent-data lvm2 openssl jq yum -y update exclude=salt* systemctl enable salt-minion if [ $INSTALLTYPE == 'MASTER' ] || [ $INSTALLTYPE == 'EVAL' ] || [ $INSTALLTYPE == 'HELIXSENSOR' ] || [ $INSTALLTYPE == 'MASTERSEARCH' ]; then - yum -y install salt-master-2019.2.3 python3 python36-m2crypto salt-minion-2019.2.3 python36-dateutil python36-mysql python36-docker + yum -y install salt-master-2019.2.4 python3 python36-m2crypto salt-minion-2019.2.4 python36-dateutil python36-mysql python36-docker systemctl enable salt-master elif [ $INSTALLTYPE == 'FLEET' ]; then - yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker python36-mysql + yum -y install salt-minion-2019.2.4 python3 python36-m2crypto python36-dateutil python36-docker python36-mysql else - yum -y install salt-minion-2019.2.3 python3 python36-m2crypto python36-dateutil python36-docker + yum -y install salt-minion-2019.2.4 python3 python36-m2crypto python36-dateutil python36-docker fi echo "exclude=salt*" >> /etc/yum.conf @@ -1298,11 +1298,11 @@ EOF # Initialize the new repos apt-get update >> $SETUPLOG 2>&1 if [ $OSVER != "xenial" ]; then - apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1 + apt-get -y install salt-minion=2019.2.4+ds-1 salt-common=2019.2.4+ds-1 python3-dateutil python3-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1 apt-mark hold salt-minion salt-common else # Need to add python packages here - apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1 + apt-get -y install salt-minion=2019.2.4+ds-1 salt-common=2019.2.4+ds-1 python-dateutil python-m2crypto sqlite3 argon2 curl jq openssl >> $SETUPLOG 2>&1 apt-mark hold salt-minion salt-common fi else @@ -1329,11 +1329,11 @@ EOF # Initialize the new repos apt-get update >> $SETUPLOG 2>&1 if [ $OSVER != "xenial" ]; then - apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python3-dateutil python3-m2crypto >> $SETUPLOG 2>&1 + apt-get -y install salt-minion=2019.2.4+ds-1 salt-common=2019.2.4+ds-1 python3-dateutil python3-m2crypto >> $SETUPLOG 2>&1 apt-mark hold salt-minion salt-common else # Need to add python packages here - apt-get -y install salt-minion=2019.2.3+ds-1 salt-common=2019.2.3+ds-1 python-dateutil python-m2crypto >> $SETUPLOG 2>&1 + apt-get -y install salt-minion=2019.2.4+ds-1 salt-common=2019.2.4+ds-1 python-dateutil python-m2crypto >> $SETUPLOG 2>&1 apt-mark hold salt-minion salt-common fi fi diff --git a/upgrade/so-update-functions b/upgrade/so-update-functions index c5ba05a47..5666fc2d6 100644 --- a/upgrade/so-update-functions +++ b/upgrade/so-update-functions @@ -156,12 +156,12 @@ salt_highstate() { update_held_packages() { if [ $OS == "centos" ] - SALTVER=2019.2.3 + SALTVER=2019.2.4 DOCKERVER= yum -y --disableexcludes=all update salt-$SALTVER yum -y --disableexcludes=all update docker-ce-$DOCKERVER else - SALTVER=2019.2.3+ds-1 + SALTVER=2019.2.4+ds-1 DOCKERVER=5:19.03.8~3-0~ubuntu-xenial fi