move to so-image-common

2025-12-10 03:02:58 +01:00 · 2020-11-10 12:16:54 -05:00
parent c5bf9bf90d
commit 9a59ceee4e
4 changed files with 130 additions and 112 deletions
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -51,115 +51,3 @@ check_password() {
    echo "$password" | egrep -v "'|\"|\\$|\\\\" > /dev/null 2>&1
    return $?
 }
-
-container_list() {
-    MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}')
-    if [ $MANAGERCHECK == 'so-import' ]; then
-        TRUSTED_CONTAINERS=( \
-        "so-idstools" \
-        "so-nginx" \
-        "so-filebeat" \
-        "so-suricata" \
-        "so-soc" \
-        "so-elasticsearch" \
-        "so-kibana" \
-        "so-kratos" \
-        "so-suricata" \
-        "so-registry" \
-        "so-pcaptools" \
-        "so-zeek" )
-    elif [ $MANAGERCHECK != 'so-helix' ]; then
-        TRUSTED_CONTAINERS=( \
-        "so-acng" \
-        "so-thehive-cortex" \
-        "so-curator" \
-        "so-domainstats" \
-        "so-elastalert" \
-        "so-elasticsearch" \
-        "so-filebeat" \
-        "so-fleet" \
-        "so-fleet-launcher" \
-        "so-freqserver" \
-        "so-grafana" \
-        "so-idstools" \
-        "so-influxdb" \
-        "so-kibana" \
-        "so-kratos" \
-        "so-logstash" \
-        "so-minio" \
-        "so-mysql" \
-        "so-nginx" \
-        "so-pcaptools" \
-        "so-playbook" \
-        "so-redis" \
-        "so-soc" \
-        "so-soctopus" \
-        "so-steno" \
-        "so-strelka-frontend" \
-        "so-strelka-manager" \
-        "so-strelka-backend" \
-        "so-strelka-filestream" \
-        "so-suricata" \
-        "so-telegraf" \
-        "so-thehive" \
-        "so-thehive-es" \
-        "so-wazuh" \
-        "so-zeek" )
-    else
-        TRUSTED_CONTAINERS=( \
-        "so-filebeat" \
-        "so-idstools" \
-        "so-logstash" \
-        "so-nginx" \
-        "so-redis" \
-        "so-steno" \
-        "so-suricata" \
-        "so-telegraf" \
-        "so-zeek" )
-    fi
-}
-
-update_docker_containers() {
-  # Let's make sure we have the public key
-  curl -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS | gpg --import -
-  
-  CONTAINER_REGISTRY=quay.io
-  SIGNPATH=/root/sosigs
-  rm -rf $SIGNPATH
-  mkdir -p $SIGNPATH
-  if [ -z "$BRANCH" ]; then
-    BRANCH="master"
-  fi
-  # Download the containers from the interwebs
-  for i in "${TRUSTED_CONTAINERS[@]}"
-  do
-    # Pull down the trusted docker image
-    echo "Downloading $i"
-    docker pull $CONTAINER_REGISTRY/$IMAGEREPO/$i
-    
-    # Get signature
-    curl https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/$BRANCH/sigs/images/$i.gpg --output $SIGNPATH/$i.gpg
-    if [[ $? -ne 0 ]]; then
-      echo "Unable to pull signature file for $i"
-      exit 1
-    fi
-    # Dump our hash values
-    docker inspect $CONTAINER_REGISTRY/$IMAGEREPO/$i | jq '.[0].Created, .[0].Id, .[0].Size, .[0].RootFS.Layers' > $SIGNPATH/$i.txt
-    if [[ $? -ne 0 ]]; then
-      echo "Unable to inspect $i"
-      exit 1
-    fi
-    GPGTEST=$(gpg --verify $SIGNPATH/$i.gpg $SIGNPATH/$i.txt 2>&1)
-    if [[ $? -eq 0 ]]; then
-      # Tag it with the new registry destination
-      docker tag $CONTAINER_REGISTRY/$IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i
-      docker push $HOSTNAME:5000/$IMAGEREPO/$i
-    else
-      echo "There is a problem downloading the $i image. Details: "
-      echo ""
-      echo $GPGTEST
-      exit 1
-    fi
-  done
-  
-}