From ab7014d70a8add747767ebe907bbb8cde181920c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 10 Aug 2020 10:19:25 -0400 Subject: [PATCH 1/3] upgrading to salt 3001.1 --- salt/salt/master.defaults.yaml | 2 +- salt/salt/minion.defaults.yaml | 2 +- setup/so-functions | 20 ++++++++++---------- setup/yum_repos/saltstack.repo | 6 +++--- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/salt/salt/master.defaults.yaml b/salt/salt/master.defaults.yaml index c366ae6ce..8694ffbc7 100644 --- a/salt/salt/master.defaults.yaml +++ b/salt/salt/master.defaults.yaml @@ -2,4 +2,4 @@ # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: master: - version: 3001 \ No newline at end of file + version: 3001.1 \ No newline at end of file diff --git a/salt/salt/minion.defaults.yaml b/salt/salt/minion.defaults.yaml index cd061237b..31c313df6 100644 --- a/salt/salt/minion.defaults.yaml +++ b/salt/salt/minion.defaults.yaml @@ -2,4 +2,4 @@ # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: minion: - version: 3001 \ No newline at end of file + version: 3001.1 \ No newline at end of file diff --git a/setup/so-functions b/setup/so-functions index 00d9b7e1e..088aac7ad 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1269,7 +1269,7 @@ saltify() { if [ $OS = 'centos' ]; then set_progress_str 5 'Installing Salt repo' { - sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/3001/SALTSTACK-GPG-KEY.pub; + sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/SALTSTACK-GPG-KEY.pub; cp ./yum_repos/saltstack.repo /etc/yum.repos.d/saltstack.repo; } >> "$setup_log" 2>&1 set_progress_str 6 'Installing various dependencies' @@ -1281,12 +1281,12 @@ saltify() { yum -y install sqlite argon2 curl mariadb-devel >> "$setup_log" 2>&1 # Download Ubuntu Keys in case manager updates = 1 mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 - wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3001/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 + wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1 set_progress_str 7 'Installing salt-master' - yum -y install salt-master-3001 >> "$setup_log" 2>&1 + yum -y install salt-master-3001.1 >> "$setup_log" 2>&1 systemctl enable salt-master >> "$setup_log" 2>&1 ;; *) @@ -1349,8 +1349,8 @@ saltify() { 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE') # TODO: should this also be HELIXSENSOR? # Add saltstack repo(s) - wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3001/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" + wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001.1 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" # Add Docker repo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 @@ -1358,7 +1358,7 @@ saltify() { # Get gpg keys mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 - wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3001/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 + wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 @@ -1371,7 +1371,7 @@ saltify() { set_progress_str 6 'Installing various dependencies' apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1 set_progress_str 7 'Installing salt-master' - apt-get -y install salt-master=3001+ds-1 >> "$setup_log" 2>&1 + apt-get -y install salt-master=3001.1+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-master >> "$setup_log" 2>&1 ;; *) @@ -1382,14 +1382,14 @@ saltify() { echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001.1/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" ;; esac apt-get update >> "$setup_log" 2>&1 set_progress_str 8 'Installing salt-minion & python modules' - apt-get -y install salt-minion=3001+ds-1\ - salt-common=3001+ds-1 >> "$setup_log" 2>&1 + apt-get -y install salt-minion=3001.1+ds-1\ + salt-common=3001.1+ds-1 >> "$setup_log" 2>&1 apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1 if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 diff --git a/setup/yum_repos/saltstack.repo b/setup/yum_repos/saltstack.repo index f04f02be0..2e1b425fb 100644 --- a/setup/yum_repos/saltstack.repo +++ b/setup/yum_repos/saltstack.repo @@ -1,6 +1,6 @@ -[saltstack-repo] +[saltstack] name=SaltStack repo for RHEL/CentOS $releasever PY3 -baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001/ +baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/ enabled=1 gpgcheck=1 -gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001/SALTSTACK-GPG-KEY.pub +gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/SALTSTACK-GPG-KEY.pub \ No newline at end of file From 8146930b802d9f9ee51bf70203d7110a7a7872dc Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 10 Aug 2020 12:22:42 -0400 Subject: [PATCH 2/3] fix --exclude, add salt-minion-3001.1 where missed --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 088aac7ad..db8e3d6f1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1306,7 +1306,7 @@ saltify() { set_progress_str 8 'Installing salt-minion & python modules' { yum -y install epel-release - yum -y install salt-minion-3001\ + yum -y install salt-minion-3001.1\ python3\ python36-docker\ python36-dateutil\ @@ -1317,7 +1317,7 @@ saltify() { lvm2\ openssl\ jq; - yum -y update exclude=salt*; + yum -y update --exclude=salt*; systemctl enable salt-minion; } >> "$setup_log" 2>&1 yum versionlock salt* From 1f3ceb50dacf44b077a32b71637f27b88361ea54 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 10 Aug 2020 13:04:19 -0400 Subject: [PATCH 3/3] add replace: False to get rid of warning, eventhough it doesntt. bug report submitted on saltstack gh. --- salt/ca/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/ca/init.sls b/salt/ca/init.sls index dcec40d9a..62b89d351 100644 --- a/salt/ca/init.sls +++ b/salt/ca/init.sls @@ -36,6 +36,7 @@ pki_private_key: - days_valid: 3650 - days_remaining: 0 - backup: True + - replace: False - require: - file: /etc/pki