mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-07-01 22:58:37 +02:00
Rename push-detection beacons to clearer names
Rename the two custom push-detection beacons for clarity: - pillar_db -> postgres_pillar_beacon - rules_db -> rules_beacon Salt resolves a beacon by its config-key name to a _beacons/ module of the same filename and tags its events salt/beacon/<minion>/<name>/<tag>, so each rename touches the module file, the beacon config key in beacons_pushstate.conf.jinja, and the reactor tag patterns in reactor_pushstate.conf together. Watermark filenames and log prefixes are updated to match; reactor run() logic is unchanged.
This commit is contained in:
@@ -22,7 +22,7 @@ import subprocess
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
WATERMARK_FILE = '/opt/so/state/pillar_db_watch.id'
|
||||
WATERMARK_FILE = '/opt/so/state/postgres_pillar_beacon_watch.id'
|
||||
CONTAINER = 'so-postgres'
|
||||
DATABASE = 'securityonion'
|
||||
|
||||
@@ -56,7 +56,7 @@ def _write_watermark(value):
|
||||
f.write(str(int(value)))
|
||||
os.rename(tmp, WATERMARK_FILE)
|
||||
except OSError:
|
||||
log.exception('pillar_db beacon: failed to persist watermark to %s', WATERMARK_FILE)
|
||||
log.exception('postgres_pillar_beacon: failed to persist watermark to %s', WATERMARK_FILE)
|
||||
|
||||
|
||||
def _query(sql):
|
||||
@@ -71,13 +71,13 @@ def _query(sql):
|
||||
try:
|
||||
result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
|
||||
except subprocess.TimeoutExpired:
|
||||
log.warning('pillar_db beacon: psql timed out')
|
||||
log.warning('postgres_pillar_beacon: psql timed out')
|
||||
return None
|
||||
except Exception:
|
||||
log.exception('pillar_db beacon: failed to exec psql')
|
||||
log.exception('postgres_pillar_beacon: failed to exec psql')
|
||||
return None
|
||||
if result.returncode != 0:
|
||||
log.warning('pillar_db beacon: psql failed (rc=%s): %s',
|
||||
log.warning('postgres_pillar_beacon: psql failed (rc=%s): %s',
|
||||
result.returncode, (result.stderr or '').strip())
|
||||
return None
|
||||
return result.stdout
|
||||
@@ -97,7 +97,7 @@ def beacon(config):
|
||||
try:
|
||||
_write_watermark(int((seed or '0').strip() or 0))
|
||||
except ValueError:
|
||||
log.warning('pillar_db beacon: could not parse MAX(id) seed: %r', seed)
|
||||
log.warning('postgres_pillar_beacon: could not parse MAX(id) seed: %r', seed)
|
||||
return retval
|
||||
|
||||
rows = _query(
|
||||
@@ -116,12 +116,12 @@ def beacon(config):
|
||||
continue
|
||||
parts = line.split(FIELD_SEP)
|
||||
if len(parts) < 3:
|
||||
log.warning('pillar_db beacon: skipping malformed row: %r', line)
|
||||
log.warning('postgres_pillar_beacon: skipping malformed row: %r', line)
|
||||
continue
|
||||
try:
|
||||
row_id = int(parts[0])
|
||||
except ValueError:
|
||||
log.warning('pillar_db beacon: skipping row with non-int id: %r', line)
|
||||
log.warning('postgres_pillar_beacon: skipping row with non-int id: %r', line)
|
||||
continue
|
||||
setting_id = parts[1]
|
||||
node_id = parts[2]
|
||||
@@ -136,7 +136,7 @@ def beacon(config):
|
||||
|
||||
if max_id > watermark:
|
||||
_write_watermark(max_id)
|
||||
log.info('pillar_db beacon: emitted %d change(s), watermark %d -> %d',
|
||||
log.info('postgres_pillar_beacon: emitted %d change(s), watermark %d -> %d',
|
||||
len(retval), watermark, max_id)
|
||||
|
||||
return retval
|
||||
@@ -19,7 +19,7 @@
|
||||
# up on the next one).
|
||||
#
|
||||
# Each emitted event carries the watched directory path under the configured tag
|
||||
# (e.g. salt/beacon/<minion>/rules_db/suricata); the push_suricata / push_strelka
|
||||
# (e.g. salt/beacon/<minion>/rules_beacon/suricata); the push_suricata / push_strelka
|
||||
# reactors write a push intent, after which the existing so-push-drainer /
|
||||
# orch.push_batch pipeline takes over unchanged.
|
||||
|
||||
@@ -95,7 +95,7 @@ def _fingerprint(directory):
|
||||
|
||||
|
||||
def _watermark_file(tag):
|
||||
return os.path.join(WATERMARK_DIR, 'rules_db_%s.hash' % tag)
|
||||
return os.path.join(WATERMARK_DIR, 'rules_beacon_%s.hash' % tag)
|
||||
|
||||
|
||||
def _read_watermark(tag):
|
||||
@@ -115,7 +115,7 @@ def _write_watermark(tag, digest):
|
||||
f.write(digest)
|
||||
os.rename(tmp, path)
|
||||
except OSError:
|
||||
log.exception('rules_db beacon: failed to persist watermark to %s', path)
|
||||
log.exception('rules_beacon: failed to persist watermark to %s', path)
|
||||
|
||||
|
||||
def beacon(config):
|
||||
@@ -134,6 +134,6 @@ def beacon(config):
|
||||
if digest != previous:
|
||||
_write_watermark(tag, digest)
|
||||
retval.append({'tag': tag, 'path': directory})
|
||||
log.info('rules_db beacon: change detected in %s, emitting %s', directory, tag)
|
||||
log.info('rules_beacon: change detected in %s, emitting %s', directory, tag)
|
||||
|
||||
return retval
|
||||
@@ -1,9 +1,9 @@
|
||||
{% from 'salt/auto_apply.map.jinja' import AUTOAPPLY %}
|
||||
beacons:
|
||||
pillar_db:
|
||||
postgres_pillar_beacon:
|
||||
- interval: {{ AUTOAPPLY.drain_interval }}
|
||||
- disable_during_state_run: False
|
||||
rules_db:
|
||||
rules_beacon:
|
||||
- interval: {{ AUTOAPPLY.drain_interval }}
|
||||
- disable_during_state_run: False
|
||||
- paths:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!py
|
||||
|
||||
# Reactor invoked by the pillar_db beacon when SOC records settings changes in
|
||||
# the securityonion.audit_settings table (see salt/_beacons/pillar_db.py). The beacon
|
||||
# Reactor invoked by the postgres_pillar_beacon when SOC records settings changes in
|
||||
# the securityonion.audit_settings table (see salt/_beacons/postgres_pillar_beacon.py). The beacon
|
||||
# emits one event per new row carrying setting_id and node_id.
|
||||
#
|
||||
# Two branches, keyed on node_id:
|
||||
@@ -134,7 +134,7 @@ def run():
|
||||
LOG.info('push_pillar: push disabled, skipping')
|
||||
return {}
|
||||
|
||||
# The pillar_db beacon nests its payload under data['data']; fall back to the
|
||||
# The postgres_pillar_beacon nests its payload under data['data']; fall back to the
|
||||
# top level so the reactor is robust to either shape.
|
||||
event = data.get('data', data) # noqa: F821 -- data provided by reactor
|
||||
setting_id = event.get('setting_id', '')
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!py
|
||||
|
||||
# Reactor invoked by the rules_db poll beacon (salt/_beacons/rules_db.py) on rule
|
||||
# Reactor invoked by the rules_beacon poll beacon (salt/_beacons/rules_beacon.py) on rule
|
||||
# file changes under /opt/so/saltstack/local/salt/strelka/rules/compiled/.
|
||||
#
|
||||
# Writes (or updates) a push intent at /opt/so/state/push_pending/rules_strelka.json
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#!py
|
||||
|
||||
# Reactor invoked by the rules_db poll beacon (salt/_beacons/rules_db.py) on rule
|
||||
# Reactor invoked by the rules_beacon poll beacon (salt/_beacons/rules_beacon.py) on rule
|
||||
# file changes under /opt/so/saltstack/local/salt/suricata/rules/.
|
||||
#
|
||||
# Writes (or updates) a push intent at /opt/so/state/push_pending/rules_suricata.json
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
reactor:
|
||||
- 'salt/beacon/*/rules_db/suricata':
|
||||
- 'salt/beacon/*/rules_beacon/suricata':
|
||||
- salt://reactor/push_suricata.sls
|
||||
- 'salt/beacon/*/rules_db/strelka':
|
||||
- 'salt/beacon/*/rules_beacon/strelka':
|
||||
- salt://reactor/push_strelka.sls
|
||||
- 'salt/beacon/*/pillar_db/audit_settings':
|
||||
- 'salt/beacon/*/postgres_pillar_beacon/audit_settings':
|
||||
- salt://reactor/push_pillar.sls
|
||||
|
||||
Reference in New Issue
Block a user