From 9541024eb77cd3af5f0582c03c0f419f7b0703d6 Mon Sep 17 00:00:00 2001
From: Josh Patterson <josh.patterson@securityonionsolutions.com>
Date: Thu, 30 Apr 2026 15:35:24 -0400
Subject: [PATCH] fix broken things

---
 salt/manager/tools/sbin/so-push-drainer |  3 +--
 salt/reactor/push_pillar.sls            |  6 +++---
 salt/reactor/push_strelka.sls           |  6 +++---
 salt/reactor/push_suricata.sls          |  6 +++---
 salt/salt/files/reactor_pushstate.conf  | 12 +++++++++---
 5 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/salt/manager/tools/sbin/so-push-drainer b/salt/manager/tools/sbin/so-push-drainer
index 3dc7bc8b3..4ce198fd0 100644
--- a/salt/manager/tools/sbin/so-push-drainer
+++ b/salt/manager/tools/sbin/so-push-drainer
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!/opt/saltstack/salt/bin/python3
 
 # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
 # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
@@ -35,7 +35,6 @@ import subprocess
 import sys
 import time
 
-sys.path.append('/opt/saltstack/salt/lib/python3.10/site-packages/')
 import salt.client
 
 PENDING_DIR = '/opt/so/state/push_pending'
diff --git a/salt/reactor/push_pillar.sls b/salt/reactor/push_pillar.sls
index a31fe9be4..0e7fd40eb 100644
--- a/salt/reactor/push_pillar.sls
+++ b/salt/reactor/push_pillar.sls
@@ -19,7 +19,7 @@ import logging
 import os
 import time
 
-import salt.client
+from salt.client import Caller
 import yaml
 
 LOG = logging.getLogger(__name__)
@@ -57,7 +57,7 @@ def _load_push_map():
 
 def _push_enabled():
     try:
-        caller = salt.client.Caller()
+        caller = Caller()
         return bool(caller.cmd('pillar.get', 'global:push:enabled', True))
     except Exception:
         LOG.exception('push_pillar: pillar.get global:push:enabled failed, assuming enabled')
@@ -132,7 +132,7 @@ def run():
         LOG.info('push_pillar: push disabled, skipping')
         return {}
 
-    path = data.get('data', {}).get('path', '')  # noqa: F821 -- data provided by reactor
+    path = data.get('path', '')  # noqa: F821 -- data provided by reactor
     if not path or not path.startswith(PILLAR_ROOT):
         LOG.debug('push_pillar: ignoring path outside pillar root: %s', path)
         return {}
diff --git a/salt/reactor/push_strelka.sls b/salt/reactor/push_strelka.sls
index b3ed30ed7..1d6a2b044 100644
--- a/salt/reactor/push_strelka.sls
+++ b/salt/reactor/push_strelka.sls
@@ -14,7 +14,7 @@ import logging
 import os
 import time
 
-import salt.client
+from salt.client import Caller
 
 LOG = logging.getLogger(__name__)
 
@@ -34,7 +34,7 @@ def _sensor_compound():
 
 def _push_enabled():
     try:
-        caller = salt.client.Caller()
+        caller = Caller()
         return bool(caller.cmd('pillar.get', 'global:push:enabled', True))
     except Exception:
         LOG.exception('push_strelka: pillar.get global:push:enabled failed, assuming enabled')
@@ -89,7 +89,7 @@ def run():
         LOG.info('push_strelka: push disabled, skipping')
         return {}
 
-    path = data.get('data', {}).get('path', '')  # noqa: F821 -- data provided by reactor
+    path = data.get('path', '')  # noqa: F821 -- data provided by reactor
     actions = [{'state': 'strelka', 'tgt': _sensor_compound()}]
     _write_intent('rules_strelka', actions, path)
     LOG.info('push_strelka: intent updated for path=%s', path)
diff --git a/salt/reactor/push_suricata.sls b/salt/reactor/push_suricata.sls
index c9c6eee92..468249296 100644
--- a/salt/reactor/push_suricata.sls
+++ b/salt/reactor/push_suricata.sls
@@ -14,7 +14,7 @@ import logging
 import os
 import time
 
-import salt.client
+from salt.client import Caller
 
 LOG = logging.getLogger(__name__)
 
@@ -33,7 +33,7 @@ def _sensor_compound_plus_import():
 
 def _push_enabled():
     try:
-        caller = salt.client.Caller()
+        caller = Caller()
         return bool(caller.cmd('pillar.get', 'global:push:enabled', True))
     except Exception:
         LOG.exception('push_suricata: pillar.get global:push:enabled failed, assuming enabled')
@@ -88,7 +88,7 @@ def run():
         LOG.info('push_suricata: push disabled, skipping')
         return {}
 
-    path = data.get('data', {}).get('path', '')  # noqa: F821 -- data provided by reactor
+    path = data.get('path', '')  # noqa: F821 -- data provided by reactor
     actions = [{'state': 'suricata', 'tgt': _sensor_compound_plus_import()}]
     _write_intent('rules_suricata', actions, path)
     LOG.info('push_suricata: intent updated for path=%s', path)
diff --git a/salt/salt/files/reactor_pushstate.conf b/salt/salt/files/reactor_pushstate.conf
index 7d3a5a0d7..ceab284e2 100644
--- a/salt/salt/files/reactor_pushstate.conf
+++ b/salt/salt/files/reactor_pushstate.conf
@@ -1,7 +1,13 @@
 reactor:
-  - 'salt/beacon/*/inotify//opt/so/saltstack/local/salt/suricata/rules/':
+  - 'salt/beacon/*/inotify//opt/so/saltstack/local/salt/suricata/rules':
     - salt://reactor/push_suricata.sls
-  - 'salt/beacon/*/inotify//opt/so/saltstack/local/salt/strelka/rules/compiled/':
+  - 'salt/beacon/*/inotify//opt/so/saltstack/local/salt/suricata/rules/*':
+    - salt://reactor/push_suricata.sls
+  - 'salt/beacon/*/inotify//opt/so/saltstack/local/salt/strelka/rules/compiled':
     - salt://reactor/push_strelka.sls
-  - 'salt/beacon/*/inotify//opt/so/saltstack/local/pillar/':
+  - 'salt/beacon/*/inotify//opt/so/saltstack/local/salt/strelka/rules/compiled/*':
+    - salt://reactor/push_strelka.sls
+  - 'salt/beacon/*/inotify//opt/so/saltstack/local/pillar':
+    - salt://reactor/push_pillar.sls
+  - 'salt/beacon/*/inotify//opt/so/saltstack/local/pillar/*':
     - salt://reactor/push_pillar.sls