Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into dev

salt/common/tools/sbin/soup

@@ -324,6 +324,8 @@ rc3_to_2.3.0() {
 
   fi
 
+  INSTALLEDVERSION=2.3.0
+
 }
 
 space_check() {
@@ -504,11 +506,12 @@ else
   update_docker_containers "soup"
   FEATURESCHECK=$(lookup_pillar features elastic)
   if [[ "$FEATURESCHECK" == "True" ]]; then 
-    TRUSTED_CONTAINERS=( \
-      "so-elasticsearch" \
-      "so-filebeat" \
-      "so-kibana" \
-      "so-logstash" )
+    TRUSTED_CONTAINERS=(
+      "so-elasticsearch"
+      "so-filebeat"
+      "so-kibana"
+      "so-logstash" 
+    )
     update_docker_containers "features" "-features"
   fi
 fi
@@ -580,6 +583,9 @@ if [[ "$FLEET_MANAGER" == "True" || "$FLEET_NODE" == "True" ]]; then
   echo ""
 fi
 
+echo ""
+echo "Applying common state for any package updates."
+salt-call -l info state.apply common queue=True
 echo ""
 echo "Running a highstate to complete the Security Onion upgrade on this manager. This could take several minutes."
 salt-call state.highstate -l info queue=True

salt/elasticsearch/init.sls

@@ -38,6 +38,8 @@
   {% set esclustername = salt['pillar.get']('elasticsearch:esclustername') %}
   {% set esheap = salt['pillar.get']('elasticsearch:esheap') %}
   {% set ismanager = False %}
+{% elif grains['role'] == 'so-helix' %}
+  {% set ismanager = True %} {# Solely for the sake of running so-catrust #}
 {% endif %}
 
 {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %}
@@ -86,6 +88,8 @@ capemz:
     - user: 939
     - group: 939
 
+{% if grains['role'] != 'so-helix' %}
+
 # Add ES Group
 elasticsearchgroup:
   group.present:
@@ -251,10 +255,12 @@ so-elasticsearch-templates:
     - template: jinja
 {% endif %}
 
+{% endif %} {# if grains['role'] != 'so-helix' #}
+
 {% else %}
 
 elasticsearch_state_not_allowed:
   test.fail_without_changes:
     - name: elasticsearch_state_not_allowed
 
-{% endif %}
+{% endif %} {# if 'elasticsearch' in top_states #}

salt/logstash/init.sls

@@ -45,10 +45,8 @@
 {% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %}
 {% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %}
 
-{% if grains['role'] != 'so-helix' %}
 include:
   - elasticsearch
-{% endif %}
 
 # Create the logstash group
 logstashgroup:

salt/sensoroni/files/sensoroni.json

@@ -1,9 +1,15 @@
-{% set URLBASE = salt['pillar.get']('global:url_base') -%}
-{% set DESCRIPTION = salt['pillar.get']('sensoroni:node_description') -%}
-{% set ADDRESS = salt['pillar.get']('sensoroni:node_address') -%}
-{% set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') -%}
-{% set CHECKININTERVALMS = salt['pillar.get']('sensoroni:node_checkin_interval_ms', 10000) -%}
-{% set STENOENABLED = salt['pillar.get']('steno:enabled', False) -%}
+{%- set URLBASE = salt['pillar.get']('global:url_base') %}
+{%- set DESCRIPTION = salt['pillar.get']('sensoroni:node_description') %}
+{%- set ADDRESS = salt['pillar.get']('sensoroni:node_address') %}
+{%- set SENSORONIKEY = salt['pillar.get']('global:sensoronikey', '') %}
+{%- set CHECKININTERVALMS = salt['pillar.get']('sensoroni:node_checkin_interval_ms', 10000) %}
+{%- set ROLE = grains.id.split('_') | last %}
+{%- if ROLE in ['eval', 'standalone', 'sensor', 'heavynode'] %}
+{%-   set STENODEFAULT = True %}
+{%- else %}
+{%-   set STENODEFAULT = False %}
+{%- endif %}
+{%-   set STENOENABLED = salt['pillar.get']('steno:enabled', STENODEFAULT) %}
 {
   "logFilename": "/opt/sensoroni/logs/sensoroni.log",
   "logLevel":"info",

salt/top.sls

@@ -61,6 +61,7 @@ base:
     - suricata
     - zeek
     - redis
+    - elasticsearch
     - logstash
     {%- if FILEBEAT %}
     - filebeat

setup/so-functions

@@ -996,8 +996,8 @@ fireeye_pillar() {
 	printf '%s\n'\
 		"fireeye:"\
 		"  helix:"\
-		"" > "$fireeye_pillar_path"/init.sls
 		"    api_key: '$HELIXAPIKEY'" \
+		"" > "$fireeye_pillar_path/init.sls"
 
 }
 

setup/so-setup

@@ -692,7 +692,7 @@ set_redirect >> $setup_log 2>&1
 		salt-call state.apply -l info nginx >> $setup_log 2>&1
 	fi
 
-	if [[ $is_manager || $is_node || $is_import ]]; then
+	if [[ $is_manager || $is_node || $is_import || $is_helix ]]; then
 		set_progress_str 64 "$(print_salt_state_apply 'elasticsearch')"
 		salt-call state.apply -l info elasticsearch >> $setup_log 2>&1
 	fi