CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into feature/esssl

Browse Source
This commit is contained in:
Mike Reeves
2020-08-10 14:27:08 -04:00
parent e659af3466 6bb84f8513
commit 9d2d8d372f
5 changed files with 18 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/ca/init.sls
View File

@@ -36,6 +36,7 @@ pki_private_key:
- days_valid: 3650 - days_valid: 3650
- days_remaining: 0 - days_remaining: 0
- backup: True - backup: True
- replace: False
- require: - require:
- file: /etc/pki - file: /etc/pki

2
salt/salt/master.defaults.yaml
View File

@@ -2,4 +2,4 @@
# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions
salt: salt:
master: master:
version: 3001 version: 3001.1

2
salt/salt/minion.defaults.yaml
View File

@@ -2,4 +2,4 @@
# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions
salt: salt:
minion: minion:
version: 3001 version: 3001.1

24
setup/so-functions
View File

@@ -1269,7 +1269,7 @@ saltify() {
if [ $OS = 'centos' ]; then if [ $OS = 'centos' ]; then
set_progress_str 5 'Installing Salt repo' set_progress_str 5 'Installing Salt repo'
{ {
sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/3001/SALTSTACK-GPG-KEY.pub; sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/SALTSTACK-GPG-KEY.pub;
cp ./yum_repos/saltstack.repo /etc/yum.repos.d/saltstack.repo; cp ./yum_repos/saltstack.repo /etc/yum.repos.d/saltstack.repo;
} >> "$setup_log" 2>&1 } >> "$setup_log" 2>&1
set_progress_str 6 'Installing various dependencies' set_progress_str 6 'Installing various dependencies'
@@ -1281,12 +1281,12 @@ saltify() {
yum -y install sqlite argon2 curl mariadb-devel >> "$setup_log" 2>&1 yum -y install sqlite argon2 curl mariadb-devel >> "$setup_log" 2>&1
# Download Ubuntu Keys in case manager updates = 1 # Download Ubuntu Keys in case manager updates = 1
mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3001/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1 cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1
set_progress_str 7 'Installing salt-master' set_progress_str 7 'Installing salt-master'
yum -y install salt-master-3001 >> "$setup_log" 2>&1 yum -y install salt-master-3001.1 >> "$setup_log" 2>&1
systemctl enable salt-master >> "$setup_log" 2>&1 systemctl enable salt-master >> "$setup_log" 2>&1
;; ;;
*) *)
@@ -1306,7 +1306,7 @@ saltify() {
set_progress_str 8 'Installing salt-minion & python modules' set_progress_str 8 'Installing salt-minion & python modules'
{ {
yum -y install epel-release yum -y install epel-release
yum -y install salt-minion-3001\ yum -y install salt-minion-3001.1\
python3\ python3\
python36-docker\ python36-docker\
python36-dateutil\ python36-dateutil\
@@ -1317,7 +1317,7 @@ saltify() {
lvm2\ lvm2\
openssl\ openssl\
jq; jq;
yum -y update exclude=salt*; yum -y update --exclude=salt*;
systemctl enable salt-minion; systemctl enable salt-minion;
} >> "$setup_log" 2>&1 } >> "$setup_log" 2>&1
yum versionlock salt* yum versionlock salt*
@@ -1349,8 +1349,8 @@ saltify() {
'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE') # TODO: should this also be HELIXSENSOR? 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE') # TODO: should this also be HELIXSENSOR?
# Add saltstack repo(s) # Add saltstack repo(s)
wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3001/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001.1 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
# Add Docker repo # Add Docker repo
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1
@@ -1358,7 +1358,7 @@ saltify() {
# Get gpg keys # Get gpg keys
mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3001/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
@@ -1371,7 +1371,7 @@ saltify() {
set_progress_str 6 'Installing various dependencies' set_progress_str 6 'Installing various dependencies'
apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1 apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1
set_progress_str 7 'Installing salt-master' set_progress_str 7 'Installing salt-master'
apt-get -y install salt-master=3001+ds-1 >> "$setup_log" 2>&1 apt-get -y install salt-master=3001.1+ds-1 >> "$setup_log" 2>&1
apt-mark hold salt-master >> "$setup_log" 2>&1 apt-mark hold salt-master >> "$setup_log" 2>&1
;; ;;
*) *)
@@ -1382,14 +1382,14 @@ saltify() {
echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1 echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1
apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001.1/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log"
;; ;;
esac esac
apt-get update >> "$setup_log" 2>&1 apt-get update >> "$setup_log" 2>&1
set_progress_str 8 'Installing salt-minion & python modules' set_progress_str 8 'Installing salt-minion & python modules'
apt-get -y install salt-minion=3001+ds-1\ apt-get -y install salt-minion=3001.1+ds-1\
salt-common=3001+ds-1 >> "$setup_log" 2>&1 salt-common=3001.1+ds-1 >> "$setup_log" 2>&1
apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1 apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1
if [ "$OSVER" != 'xenial' ]; then if [ "$OSVER" != 'xenial' ]; then
apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1

6
setup/yum_repos/saltstack.repo
View File

@@ -1,6 +1,6 @@
[saltstack-repo] [saltstack]
name=SaltStack repo for RHEL/CentOS $releasever PY3 name=SaltStack repo for RHEL/CentOS $releasever PY3
baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001/ baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/
enabled=1 enabled=1
gpgcheck=1 gpgcheck=1
gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001/SALTSTACK-GPG-KEY.pub gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/SALTSTACK-GPG-KEY.pub