Merge remote-tracking branch 'origin/mkrfixes' into ui/logstash

salt/elasticsearch/init.sls

@@ -378,7 +378,7 @@ so-es-cluster-settings:
     - template: jinja
     - require:
       - docker_container: so-elasticsearch
-      - file: es_sync_scripts
+      - file: elasticsearch_sbin_jinja
 
 so-elasticsearch-ilm-policy-load:
   cmd.run:
@@ -397,7 +397,7 @@ so-elasticsearch-templates:
     - template: jinja
     - require:
       - docker_container: so-elasticsearch
-      - file: es_sync_scripts
+      - file: elasticsearch_sbin_jinja
 
 so-elasticsearch-pipelines:
   cmd.run:
@@ -413,7 +413,7 @@ so-elasticsearch-roles-load:
     - template: jinja
     - require:
       - docker_container: so-elasticsearch
-      - file: es_sync_scripts
+      - file: elasticsearch_sbin_jinja
 {% endif %}
 {% else %}
 

salt/idh/init.sls

@@ -60,6 +60,23 @@ opencanary_config:
     - defaults:
         OPENCANARYCONFIG: {{ OPENCANARYCONFIG }}
 
+idh_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://idh/tools/sbin
+    - user: 934
+    - group: 939
+    - file_mode: 755
+
+#idh_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://idh/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 so-idh:
   docker_container.running:
     - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-idh:{{ GLOBALS.so_version }}

salt/idstools/init.sls

@@ -20,6 +20,23 @@ idstoolslogdir:
     - group: 939
     - makedirs: True
 
+idstools_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://idstools/tools/sbin
+    - user: 934
+    - group: 939
+    - file_mode: 755
+
+#idstools_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://idstools/tools/sbin_jinja
+#    - user: 934
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 so-rule-update:
   cron.present:
     - name: /usr/sbin/so-rule-update > /opt/so/log/idstools/download.log 2>&1

salt/influxdb/init.sls

@@ -31,6 +31,23 @@ influxdbdir:
     - name: /nsm/influxdb
     - makedirs: True
 
+influxdb_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://influxdb/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#influxdb_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://influxdb/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 influxdbconf:
   file.managed:
     - name: /opt/so/conf/influxdb/config.yaml

salt/kibana/init.sls

@@ -34,6 +34,25 @@ kibanaconfdir:
     - group: 939
     - makedirs: True
 
+kibana_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://kibana/tools/sbin
+    - user: 932
+    - group: 939
+    - file_mode: 755
+
+kibana_sbin_jinja:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://kibana/tools/sbin_jinja
+    - user: 932
+    - group: 939 
+    - file_mode: 755
+    - template: jinja
+    - defaults:
+      GLOBALS: {{ GLOBALS }}
+
 kibanaconfig:
   file.managed:
     - name: /opt/so/conf/kibana/etc/kibana.yml
@@ -67,15 +86,6 @@ synckibanacustom:
     - user: 932
     - group: 939
 
-kibanabin:
-  file.managed:
-    - name: /usr/sbin/so-kibana-config-load
-    - source: salt://kibana/bin/so-kibana-config-load
-    - mode: 755
-    - template: jinja
-    - defaults:
-        GLOBALS: {{ GLOBALS }}
-
 # Start the kibana docker
 so-kibana:
   docker_container.running:

salt/logstash/init.sls

@@ -43,6 +43,23 @@ lslibdir:
   file.absent:
     - name: /opt/so/conf/logstash/lib
 
+logstash_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://logstash/tools/sbin
+    - user: 931
+    - group: 939
+    - file_mode: 755
+
+#logstash_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://logstash/tools/sbin_jinja
+#    - user: 931
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 lsetcdir:
   file.directory:
     - name: /opt/so/conf/logstash/etc

salt/logstash/tools/sbin/so-logstash-events

@@ -5,13 +5,10 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{% set MAININT = salt['pillar.get']('host:mainint') -%}
-{% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%}
-
 . /usr/sbin/so-common
 
 if [ "$1" == "" ]; then
-        for i in $(curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines | jq '. | to_entries | .[].key' | sed 's/\"//g'); do echo ${i^}:; curl -s localhost:9600/_node/stats | jq .pipelines.$i.events; done
+        for i in $(curl -s -L http://localhost:9600/_node/stats | jq .pipelines | jq '. | to_entries | .[].key' | sed 's/\"//g'); do echo ${i^}:; curl -s localhost:9600/_node/stats | jq .pipelines.$i.events; done
 else
-        curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines.$1.events
+        curl -s -L http://localhost:9600/_node/stats | jq .pipelines.$1.events
 fi

salt/logstash/tools/sbin/so-logstash-get-parsed

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-
-
-. /usr/sbin/so-common
-
-docker exec -it so-redis redis-cli llen logstash:unparsed

salt/logstash/tools/sbin/so-logstash-pipeline-stats

@@ -5,13 +5,11 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{% set MAININT = salt['pillar.get']('host:mainint') -%}
-{% set NODEIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] -%}
 
 . /usr/sbin/so-common
 
 if [ "$1" == "" ]; then
-        curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines 
+        curl -s -L http://localhost:9600/_node/stats | jq .pipelines 
 else
-        curl -s -L http://{{ NODEIP }}:9600/_node/stats | jq .pipelines.$1
+        curl -s -L http://localhost:9600/_node/stats | jq .pipelines.$1
 fi

salt/manager/init.sls

@@ -43,6 +43,23 @@ repo_dir:
       - user
       - group
 
+manager_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://manager/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#manager_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://manager/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 repo_sync_script:
   file.managed:
     - name: /usr/sbin/so-repo-sync

salt/manager/tools/sbin/so-firewall

@@ -144,4 +144,4 @@ def main():
   sys.exit(code)
 
 if __name__ == "__main__":
-  main()
+  main()

salt/manager/tools/sbin/so-firewall-minion

@@ -79,4 +79,4 @@ fi
 		'RECEIVER')
 			so-firewall includehost receiver "$IP" --apply
 			;;
-    esac
+    esac

salt/mysql/init.sls

@@ -69,6 +69,23 @@ mysqldatadir:
     - group: 939
     - makedirs: True
 
+mysql_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://mysql/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#mysql_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://mysql/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 {% if MYSQLPASS == None %}
 
 mysql_password_none:

salt/nginx/init.sls

@@ -81,6 +81,23 @@ navigatorenterpriseattack:
     - makedirs: True
     - replace: False
 
+nginx_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://nginx/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#nginx_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://nginx/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 so-nginx:
   docker_container.running:
     - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-nginx:{{ GLOBALS.so_version }}

salt/pcap/init.sls

@@ -33,6 +33,23 @@ stenoconfdir:
     - group: 939
     - makedirs: True
 
+pcap_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://pcap/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#pcap_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://pcap/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 {% if PCAPBPF %}
    {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', GLOBALS.sensor.interface + ' ' + PCAPBPF|join(" "),cwd='/root') %}
    {% if BPF_CALC['stderr'] == "" %}

salt/playbook/init.sls

@@ -66,6 +66,23 @@ query_updatepluginurls:
     - connection_user: root
     - connection_pass: {{ MYSQLPASS }}
 
+playbook_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://playbook/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#playbook_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://playbook/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 playbooklogdir:
   file.directory:
     - name: /opt/so/log/playbook

salt/redis/init.sls

@@ -41,6 +41,23 @@ redisconf:
     - group: 939
     - template: jinja
 
+redis_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://redis/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+redis_sbin_jinja:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://redis/tools/sbin_jinja
+    - user: 939
+    - group: 939 
+    - file_mode: 755
+    - template: jinja
+
 so-redis:
   docker_container.running:
     - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-redis:{{ GLOBALS.so_version }}

salt/sensoroni/init.sls

@@ -39,6 +39,23 @@ analyzerscripts:
     - template: jinja
     - source: salt://sensoroni/files/analyzers
 
+sensoroni_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://sensoroni/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#sensoroni_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://sensoroni/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 so-sensoroni:
   docker_container.running:
     - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-soc:{{ GLOBALS.so_version }}

salt/soc/init.sls

@@ -64,6 +64,23 @@ socbanner:
     - mode: 600
     - template: jinja
 
+soc_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://soc/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#soc_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://soc/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 soccustom:
   file.managed:
     - name: /opt/so/conf/soc/custom.js

salt/soctopus/init.sls

@@ -58,6 +58,23 @@ playbookrulessync:
     - defaults:
         GLOBALS: {{ GLOBALS }}
 
+soctopus_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://soctopus/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#soctopus_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://soctopus/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 so-soctopus:
   docker_container.running:
     - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-soctopus:{{ GLOBALS.so_version }}

salt/strelka/init.sls

@@ -57,6 +57,23 @@ backend_passwords:
     - defaults:
         PASSWORDS: {{ STRELKAMERGED.config.backend.passwords }}
 
+strelka_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://strelka/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#strelka_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://strelka/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 backend_taste:
   file.managed:
     - name: /opt/so/conf/strelka/backend/taste/taste.yara

salt/suricata/init.sls

@@ -38,6 +38,23 @@ socoregroupwithsuricata:
     - addusers:
       - suricata
 
+suricata_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://suricata/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+suricata_sbin_jinja:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://suricata/tools/sbin_jinja
+    - user: 939
+    - group: 939 
+    - file_mode: 755
+    - template: jinja
+
 suridir:
   file.directory:
     - name: /opt/so/conf/suricata

salt/telegraf/init.sls

@@ -39,6 +39,23 @@ tgrafsyncscripts:
     - exclude_pat: zeekcaptureloss.sh
 {% endif %}
 
+telegraf_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://telegraf/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#telegraf_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://telegraf/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 tgrafconf:
   file.managed:
     - name: /opt/so/conf/telegraf/etc/telegraf.conf

salt/zeek/init.sls

@@ -92,6 +92,23 @@ zeekstatedbownership:
     - replace: False
     - create: False
 
+zeek_sbin:
+  file.recurse:
+    - name: /usr/sbin
+    - source: salt://zeek/tools/sbin
+    - user: 939
+    - group: 939
+    - file_mode: 755
+
+#zeek_sbin_jinja:
+#  file.recurse:
+#    - name: /usr/sbin
+#    - source: salt://zeek/tools/sbin_jinja
+#    - user: 939
+#    - group: 939 
+#    - file_mode: 755
+#    - template: jinja
+
 # Sync Intel
 zeekintelloadsync:
   file.managed: