diff --git a/files/salt/master/master b/files/salt/master/master index 93e8ff938..e7c6030dd 100644 --- a/files/salt/master/master +++ b/files/salt/master/master @@ -67,3 +67,7 @@ peer: reactor: - 'so/fleet': - salt://reactor/fleet.sls + - salt/beacon/*/watch_sqlite_db//opt/so/conf/kratos/db/sqlite.db + - salt://reactor/kratos.sls + + diff --git a/salt/common/init.sls b/salt/common/init.sls index 09a0db934..9d20de62b 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -174,6 +174,7 @@ elastic_curl_config: - source: salt://elasticsearch/curl.config - mode: 600 - show_changes: False + - makedirs: True # Sync some Utilities utilsyncscripts: diff --git a/salt/manager/files/beacons.conf b/salt/manager/files/beacons.conf new file mode 100644 index 000000000..c40fe83cb --- /dev/null +++ b/salt/manager/files/beacons.conf @@ -0,0 +1,7 @@ +beacons: + watch_sqlite_db: + - files: + /opt/so/conf/kratos/db/sqlite.db: + mask: + - modify + - beacon_module: inotify diff --git a/salt/manager/init.sls b/salt/manager/init.sls index 7ef489496..9ae39e9a8 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -22,6 +22,7 @@ include: - elasticsearch.auth + - salt.minion socore_own_saltstack: file.directory: @@ -121,6 +122,13 @@ syncesusers: - /opt/so/saltstack/local/salt/elasticsearch/files/users - /opt/so/saltstack/local/salt/elasticsearch/files/users_roles +beacons_config: + file.managed: + - name: /etc/salt/minion.d/beacons.conf + - source: salt://manager/files/beacons.conf + - onchanges_in: + - service: salt_minion_service + {% else %} {{sls}}_state_not_allowed: diff --git a/salt/reactor/kratos.sls b/salt/reactor/kratos.sls new file mode 100644 index 000000000..fb90cc164 --- /dev/null +++ b/salt/reactor/kratos.sls @@ -0,0 +1,5 @@ +so_user_sync: + local.cmd.run: + - tgt: {{ data['data']['id'] }} + - arg: + - /usr/sbin/so-user sync diff --git a/salt/salt/helper-packages.sls b/salt/salt/helper-packages.sls index 93ad76a22..c26cdc7c0 100644 --- a/salt/salt/helper-packages.sls +++ b/salt/salt/helper-packages.sls @@ -1,3 +1,10 @@ +{% from 'salt/map.jinja' import PYINOTIFYPACKAGE with context%} +{% from 'salt/map.jinja' import PYTHONINSTALLER with context%} + patch_package: pkg.installed: - - name: patch \ No newline at end of file + - name: patch + +pyinotify: + {{PYTHONINSTALLER}}.installed: + - name: {{ PYINOTIFYPACKAGE }} diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index b0b9ffb2a..4b9577319 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -11,6 +11,7 @@ {% set PYTHON3INFLUX= 'influxdb == ' ~ PYTHONINFLUXVERSION %} {% set PYTHON3INFLUXDEPS= ['certifi', 'chardet', 'python-dateutil', 'pytz', 'requests'] %} {% set PYTHONINSTALLER = 'pip' %} + {% set PYINOTIFYPACKAGE = 'pyinotify' %} {% else %} {% set SPLITCHAR = '-' %} {% set SALTNOTHELD = salt['cmd.run']('yum versionlock list | grep -q salt ; echo $?', python_shell=True) %} @@ -21,6 +22,7 @@ {% set PYTHON3INFLUX= 'securityonion-python3-influxdb' %} {% set PYTHON3INFLUXDEPS= ['python36-certifi', 'python36-chardet', 'python36-dateutil', 'python36-pytz', 'python36-requests'] %} {% set PYTHONINSTALLER = 'pkg' %} + {% set PYINOTIFYPACKAGE = 'securityonion-python3-pyinotify' %} {% endif %} {% set INSTALLEDSALTVERSION = salt['pkg.version']('salt-minion').split(SPLITCHAR)[0] %} @@ -33,4 +35,4 @@ {% endif %} {% else %} {% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %} -{% endif %} \ No newline at end of file +{% endif %} diff --git a/salt/top.sls b/salt/top.sls index a063c4279..8a12aaa26 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -260,7 +260,7 @@ base: - filebeat {%- endif %} {%- if CURATOR %} - - curator0 + - curator {%- endif %} {%- if ELASTALERT %} - elastalert