From f106191e723ae04097924f0011c85ac7bbf486aa Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 4 Sep 2024 16:01:24 -0400 Subject: [PATCH 1/4] fix image for so-elasticsearch container --- salt/elasticsearch/enabled.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/enabled.sls b/salt/elasticsearch/enabled.sls index 92fa30705..48280c506 100644 --- a/salt/elasticsearch/enabled.sls +++ b/salt/elasticsearch/enabled.sls @@ -19,7 +19,7 @@ include: so-elasticsearch: docker_container.running: - - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elasticsearch:{{ ELASTICSEARCHMERGED.elasticsearch.version }} + - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elasticsearch:{{ ELASTICSEARCHMERGED.version }} - hostname: elasticsearch - name: so-elasticsearch - user: elasticsearch From 72f3eaa8f616408fc90c07e0a6722f811345bf35 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 4 Sep 2024 16:42:19 -0400 Subject: [PATCH 2/4] should not have changed this, so changing it back --- .../tools/sbin_jinja/so-elastic-agent-gen-installers | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers index e09ce7b67..be83963ad 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers @@ -7,13 +7,15 @@ #so-elastic-agent-gen-installers $FleetHostURLs $EnrollmentToken {% from 'vars/globals.map.jinja' import GLOBALS %} -{%- import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS -%} . /usr/sbin/so-common . /usr/sbin/so-elastic-fleet-common LOG="/opt/so/log/elasticfleet/so-elastic-agent-gen-installers.log" +# get the variables needed such as ELASTIC_AGENT_TARBALL_VERSION +get_elastic_agent_vars() + # Check to see if we are already running NUM_RUNNING=$(pgrep -cf "/bin/bash /sbin/so-elastic-agent-gen-installers") [ "$NUM_RUNNING" -gt 1 ] && echo "$(date) - $NUM_RUNNING gen installers script processes running...exiting." >>$LOG && exit 0 @@ -37,8 +39,9 @@ printf "\n### Creating a temp directory at /nsm/elastic-agent-workspace\n" rm -rf /nsm/elastic-agent-workspace mkdir -p /nsm/elastic-agent-workspace + printf "\n### Extracting outer tarball and then each individual tarball/zip\n" -tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-{{ELASTICSEARCHDEFAULTS.elasticsearch.version}}.tar.gz -C /nsm/elastic-agent-workspace/ +tar -xf /nsm/elastic-fleet/artifacts/elastic-agent_SO-$ELASTIC_AGENT_TARBALL_VERSION.tar.gz -C /nsm/elastic-agent-workspace/ unzip -q /nsm/elastic-agent-workspace/elastic-agent-*.zip -d /nsm/elastic-agent-workspace/ for archive in /nsm/elastic-agent-workspace/*.tar.gz do From df14cbad448e12ea596da9a300bb4702a6382a69 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 4 Sep 2024 17:43:49 -0400 Subject: [PATCH 3/4] fix calls to get_elastic_agent_vars --- .../tools/sbin_jinja/so-elastic-agent-gen-installers | 2 +- salt/elasticsearch/tools/sbin_jinja/so-catrust | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers index be83963ad..e2b7d734b 100755 --- a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers +++ b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-gen-installers @@ -14,7 +14,7 @@ LOG="/opt/so/log/elasticfleet/so-elastic-agent-gen-installers.log" # get the variables needed such as ELASTIC_AGENT_TARBALL_VERSION -get_elastic_agent_vars() +get_elastic_agent_vars # Check to see if we are already running NUM_RUNNING=$(pgrep -cf "/bin/bash /sbin/so-elastic-agent-gen-installers") diff --git a/salt/elasticsearch/tools/sbin_jinja/so-catrust b/salt/elasticsearch/tools/sbin_jinja/so-catrust index fe4ff58bc..16fd3ffdb 100644 --- a/salt/elasticsearch/tools/sbin_jinja/so-catrust +++ b/salt/elasticsearch/tools/sbin_jinja/so-catrust @@ -6,13 +6,14 @@ # Elastic License 2.0. . /usr/sbin/so-common +get_elastic_agent_vars # Exit on errors, since all lines must succeed set -e # Check to see if we have extracted the ca cert. if [ ! -f /opt/so/saltstack/local/salt/elasticsearch/cacerts ]; then - docker run -v /etc/pki/ca.crt:/etc/ssl/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elasticsearch:{{ GLOBALS.so_version }} -keystore /usr/share/elasticsearch/jdk/lib/security/cacerts -alias SOSCA -import -file /etc/ssl/ca.crt -storepass changeit -noprompt + docker run -v /etc/pki/ca.crt:/etc/ssl/ca.crt --name so-elasticsearchca --user root --entrypoint jdk/bin/keytool {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-elasticsearch:$ELASTIC_AGENT_TARBALL_VERSION -keystore /usr/share/elasticsearch/jdk/lib/security/cacerts -alias SOSCA -import -file /etc/ssl/ca.crt -storepass changeit -noprompt docker cp so-elasticsearchca:/usr/share/elasticsearch/jdk/lib/security/cacerts /opt/so/saltstack/local/salt/elasticsearch/cacerts docker cp so-elasticsearchca:/etc/ssl/certs/ca-certificates.crt /opt/so/saltstack/local/salt/elasticsearch/tls-ca-bundle.pem docker rm so-elasticsearchca From 658197950698ab3fd105cba1807ecd4c7356e984 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 5 Sep 2024 07:33:56 -0400 Subject: [PATCH 4/4] retry suricata rule reload --- salt/suricata/tools/sbin/so-suricata-reload-rules | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/salt/suricata/tools/sbin/so-suricata-reload-rules b/salt/suricata/tools/sbin/so-suricata-reload-rules index ea5f636cc..099cd2f7c 100644 --- a/salt/suricata/tools/sbin/so-suricata-reload-rules +++ b/salt/suricata/tools/sbin/so-suricata-reload-rules @@ -5,9 +5,7 @@ # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. - - . /usr/sbin/so-common -docker exec -it so-suricata /opt/suricata/bin/suricatasc -c reload-rules /var/run/suricata/suricata-command.socket -docker exec -it so-suricata /opt/suricata/bin/suricatasc -c ruleset-reload-nonblocking /var/run/suricata/suricata-command.socket +retry 40 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c reload-rules /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}' +retry 40 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c ruleset-reload-nonblocking /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}'