From 81f0aa58b835ecc29928b0a3e582bd1dbb13031e Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Tue, 15 Mar 2022 08:28:03 -0400
Subject: [PATCH] Remove hive from more files

---
 salt/allowed_states.map.jinja                      | 5 -----
 salt/common/tools/sbin/so-elasticsearch-indices-rw | 2 --
 salt/common/tools/sbin/so-restart                  | 3 +--
 salt/common/tools/sbin/so-start                    | 2 +-
 salt/top.sls                                       | 6 ------
 5 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja
index 36fd86321..a1f6cdb8c 100644
--- a/salt/allowed_states.map.jinja
+++ b/salt/allowed_states.map.jinja
@@ -1,6 +1,5 @@
 {% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
 {% set WAZUH = salt['pillar.get']('global:wazuh', '0') %}
-{% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
 {% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
 {% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
 {% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
@@ -273,10 +272,6 @@
     {% do allowed_states.append('elastalert') %}
   {% endif %}
 
-  {% if (THEHIVE != 0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
-    {% do allowed_states.append('thehive') %}
-  {% endif %}
-
   {% if (PLAYBOOK !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
     {% do allowed_states.append('playbook') %}
   {% endif %}
diff --git a/salt/common/tools/sbin/so-elasticsearch-indices-rw b/salt/common/tools/sbin/so-elasticsearch-indices-rw
index 166c4b284..5aa24f91a 100755
--- a/salt/common/tools/sbin/so-elasticsearch-indices-rw
+++ b/salt/common/tools/sbin/so-elasticsearch-indices-rw
@@ -17,9 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
 ESPORT=9200
-THEHIVEESPORT=9400
 
 echo "Removing read only attributes for indices..."
 echo
 {{ ELASTICCURL }} -s -k -XPUT -H "Content-Type: application/json" -L https://$IP:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute.  Please ensure Elasticsearch is running.";fi;
-{{ ELASTICCURL }} -XPUT -H "Content-Type: application/json" -L http://$IP:9400/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute.  Please ensure Elasticsearch is running.";fi;
diff --git a/salt/common/tools/sbin/so-restart b/salt/common/tools/sbin/so-restart
index ecb58c301..dda4baf57 100755
--- a/salt/common/tools/sbin/so-restart
+++ b/salt/common/tools/sbin/so-restart
@@ -15,7 +15,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-# Usage: so-restart  filebeat | kibana | playbook | thehive
+# Usage: so-restart  filebeat | kibana | playbook 
 
 . /usr/sbin/so-common
 
@@ -31,7 +31,6 @@ if [ $# -ge 1 ]; then
         fi
 
         case $1 in
-                "cortex") docker stop so-thehive-cortex so-thehive && docker rm so-thehive-cortex so-thehive && salt-call state.apply hive queue=True;;
                 "steno") docker stop so-steno && docker rm so-steno && salt-call state.apply pcap queue=True;;
                 *)  docker stop so-$1 ; docker rm so-$1 ; salt-call state.apply $1 queue=True;;
         esac
diff --git a/salt/common/tools/sbin/so-start b/salt/common/tools/sbin/so-start
index 7859e8820..a592388d4 100755
--- a/salt/common/tools/sbin/so-start
+++ b/salt/common/tools/sbin/so-start
@@ -15,7 +15,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-# Usage: so-start  all | filebeat | kibana | playbook | thehive
+# Usage: so-start  all | filebeat | kibana | playbook 
 
 . /usr/sbin/so-common
 
diff --git a/salt/top.sls b/salt/top.sls
index 8630ac318..83c911992 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -277,9 +277,6 @@ base:
     - utility
     - schedule
     - soctopus
-    {%- if THEHIVE != 0 %}
-    - thehive
-    {%- endif %}
     {%- if PLAYBOOK != 0 %}
     - playbook
     {%- endif %}
@@ -369,9 +366,6 @@ base:
     - fleet.install_package
     {%- endif %}
     - soctopus
-    {%- if THEHIVE != 0 %}
-    - thehive
-    {%- endif %}
     {%- if PLAYBOOK != 0 %}
     - playbook
     {%- endif %}