From a489b369d7fdd9515fe31f3e0c43b3d0a84b3b05 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 3 May 2021 15:23:34 -0400
Subject: [PATCH] Jertel Compliance

---
 salt/common/tools/sbin/so-airgap-hotfixapply |  8 ++++----
 salt/common/tools/sbin/so-common             |  8 ++++++++
 salt/common/tools/sbin/soup                  | 13 +++----------
 3 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/salt/common/tools/sbin/so-airgap-hotfixapply b/salt/common/tools/sbin/so-airgap-hotfixapply
index cb6bf6451..e57ea50fe 100644
--- a/salt/common/tools/sbin/so-airgap-hotfixapply
+++ b/salt/common/tools/sbin/so-airgap-hotfixapply
@@ -47,14 +47,14 @@ else
         exit 1
       else
         echo "We need to apply a hotfix"
-        rsync -a $HOTFIXDIR/salt /opt/so/saltstack/default/
-        rsync -a $HOTFIXDIR/pillar /opt/so/saltstack/default/
-        chown -R socore:socore /opt/so/saltstack/default/
-        chmod 755 /opt/so/saltstack/default/pillar/firewall/addfirewall.sh
+        cd $HOTFIXDIR
+        DEFAULT_SALT_DIR=/opt/so/saltstack/default
+        copy_new_files
         echo $HOTFIXVERSION > /etc/sohotfix
         salt-call state.highstate -l info queue=True
         echo "The Hotfix $HOTFIXVERSION has been applied"
         # Clean up 
+        cd /tmp
         rm -rf $HOTFIXDIR
         exit 0
       fi
diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index c099f33af..6aff0269a 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -122,6 +122,14 @@ check_elastic_license() {
 	fi  
 }
 
+copy_new_files() {
+  # Copy new files over to the salt dir
+  rsync -a salt $DEFAULT_SALT_DIR/
+  rsync -a pillar $DEFAULT_SALT_DIR/
+  chown -R socore:socore $DEFAULT_SALT_DIR/
+  chmod 755 $DEFAULT_SALT_DIR/pillar/firewall/addfirewall.sh
+}
+
 disable_fastestmirror() {
 	sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf
 }
diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 679e7a9db..ebf2562b0 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -214,16 +214,6 @@ clone_to_tmp() {
   fi
 }
 
-copy_new_files() {
-  # Copy new files over to the salt dir
-  cd $UPDATE_DIR
-  rsync -a salt $DEFAULT_SALT_DIR/
-  rsync -a pillar $DEFAULT_SALT_DIR/
-  chown -R socore:socore $DEFAULT_SALT_DIR/
-  chmod 755 $DEFAULT_SALT_DIR/pillar/firewall/addfirewall.sh
-  cd /tmp
-}
-
 generate_and_clean_tarballs() {
   local new_version
   new_version=$(cat $UPDATE_DIR/VERSION)
@@ -724,7 +714,9 @@ upgrade_check_salt
 
 if [[ $is_hotfix ]]; then
   echo "Applying $HOTFIXVERSION" 
+  cd $UPDATE_DIR
   copy_new_files
+  cd /tmp
   echo ""
   update_version
   salt-call state.highstate -l info queue=True
@@ -795,6 +787,7 @@ else
   echo ""
   echo "Copying new Security Onion code from $UPDATE_DIR to $DEFAULT_SALT_DIR."
   copy_new_files
+  cd /tmp
   echo ""
   update_version