From 74e315841a14e782322d65e0b211fec37f7a8435 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 21 Jan 2021 13:17:16 +0000 Subject: [PATCH 1/3] Modify common to reserve Docker proxy ports --- salt/common/init.sls | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/salt/common/init.sls b/salt/common/init.sls index 60ff87fd4..8b17cc7f5 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -256,6 +256,17 @@ docker: - watch: - file: docker_daemon +# Reserve OS ports for Docker proxy in case boot settings are not already applied/present +dockerapplyports: + cmd.run: + - name: if [ ! -f /etc/sysctl.d/99-reserved-ports.conf ]; then sysctl -w net.ipv4.ip_local_reserved_ports="55000,57314"; fi + +# Reserve OS ports for Docker proxy +dockerreserveports: + file.managed: + - source: salt://common/files/99-reserved-ports.conf + - name: /etc/sysctl.d/99-reserved-ports.conf + {% else %} {{sls}}_state_not_allowed: From 9a916746887a037358ba6ce85f8f9f9695e25780 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 21 Jan 2021 13:18:22 +0000 Subject: [PATCH 2/3] Add reserved ports file for sysctl --- salt/common/files/99-reserved-ports.conf | 1 + 1 file changed, 1 insertion(+) create mode 100644 salt/common/files/99-reserved-ports.conf diff --git a/salt/common/files/99-reserved-ports.conf b/salt/common/files/99-reserved-ports.conf new file mode 100644 index 000000000..a578ab9a5 --- /dev/null +++ b/salt/common/files/99-reserved-ports.conf @@ -0,0 +1 @@ +net.ipv4.ip_local_reserved_ports="55000,57314" From 0039877779ecc20906dabf3b25a3569b0aa6bbeb Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 21 Jan 2021 13:29:09 +0000 Subject: [PATCH 3/3] Check for port availability for Wazuh and Strelka --- salt/strelka/init.sls | 5 +++++ salt/wazuh/init.sls | 7 +------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index 315486519..46d9ef35d 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -92,6 +92,11 @@ strelkaunprocessed: - group: 939 - makedirs: True +# Check to see if Strelka frontend port is available +strelkaportavailable: + cmd.run: + - name: netstat -utanp | grep ":57314" | grep -qv docker && PROCESS=$(netstat -utanp | grep ":57314" | uniq) && echo "Another process ($PROCESS) appears to be using port 57314. Please terminate this process, or reboot to ensure a clean state so that Strelka can start properly." && exit 1 || exit 0 + strelka_coordinator: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }} diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index 089b60846..d6c7ac15e 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -94,15 +94,10 @@ wazuhmgrwhitelist: - mode: 755 - template: jinja -# Reserve OS port for Wazuh API -wazuhreserveport: - cmd.run: - - name: grep -q 55000 /proc/sys/net/ipv4/ip_local_reserved_ports || sysctl -w net.ipv4.ip_local_reserved_ports="55000" > /dev/null && echo "55000" >> /proc/sys/net/ipv4/ip_local_reserved_ports - # Check to see if Wazuh API port is available wazuhportavailable: cmd.run: - - name: netstat -anp | grep 55000 | grep -qv docker && PROCESS=$(netstat -anp | grep 55000 | awk '{print $NF}' | uniq) && echo "Another process ($PROCESS) appears to be using port 55000. Please terminate this process, or reboot to ensure a clean state so that the Wazuh API can start properly." && exit 1 || exit 0 + -name: netstat -utanp | grep ":55000" | grep -qv docker && PROCESS=$(netstat -utanp | grep ":55000" | uniq) && echo "Another process ($PROCESS) appears to be using port 55000. Please terminate this process, or reboot to ensure a clean state so that the Wazuh API can start properly." && exit 1 || exit 0 so-wazuh: docker_container.running: