From 2804247f8891acdc5c07e596ef2ddd1247c88f48 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Sun, 9 Feb 2020 16:35:08 -0500 Subject: [PATCH 1/3] [fix] Syntax errors in so-status --- salt/common/tools/sbin/so-status | 37 ++++++++++++++++---------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 8d37395dc..1527ee4a3 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -42,7 +42,7 @@ {%- set pillar_name = pillar_val ~ pillar_suffix -%} {%- set container_list = salt['pillar.get'](pillar_name) %} -if ! [ $(id -u)=0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "This command must be run as root" exit 1 fi @@ -52,8 +52,8 @@ ERROR_STRING="ERROR" SUCCESS_STRING="OK" PENDING_STRING="PENDING" MISSING_STRING='MISSING' -declare -a BAD_STATUSES=("removing", "paused", "exited", "dead") -declare -a PENDING_STATUSES=("paused", "created", "restarting") +declare -a BAD_STATUSES=("removing" "paused" "exited" "dead") +declare -a PENDING_STATUSES=("paused" "created" "restarting") declare -a GOOD_STATUSES=("running") declare -a temp_container_name_list=() @@ -72,16 +72,16 @@ compare_lists() { create_expected_container_list if [[ ${#expected_container_list[@]} = 0 ]]; then - container_name_list=$temp_container_name_list - container_state_list=$temp_container_state_list + container_name_list="${temp_container_name_list[*]}" + container_state_list="${temp_container_state_list[*]}" return 1 fi - for intended_item in ${expected_container_list[@]}; do - found = 0 - for i in ${!temp_container_name_list[@]}; do - [[ ${temp_container_name_list[$i]} = $intended_item ]] \ - && found = 1 \ + for intended_item in "${expected_container_list[@]}"; do + found=0 + for i in "${!temp_container_name_list[@]}"; do + [[ ${temp_container_name_list[$i]} = "$intended_item" ]] \ + && found=1 \ && container_name_list+=("${temp_container_name_list[$i]}") \ && container_state_list+=("${temp_container_state_list[$i]}") \ && break @@ -115,7 +115,7 @@ populate_container_lists() { local container_name="" local container_state="" - for line in ${docker_raw_list[@]}; do + for line in "${docker_raw_list[@]}"; do container_name="$( echo $line | sed -e 's/Name:\(.*\),State:\(.*\)/\1/' )" # Get value in the first search group (container names) container_state="$( echo $line | sed -e 's/Name:\(.*\),State:\(.*\)/\2/' )" # Get value in the second search group (container states) @@ -132,16 +132,16 @@ parse_status() { [[ $container_state = "missing" ]] && printf $MISSING_STRING && return 1 for state in "${GOOD_STATUSES[@]}"; do - [[ $container_state = $state ]] && printf $SUCCESS_STRING && return 0 + [[ $container_state = "$state" ]] && printf $SUCCESS_STRING && return 0 done for state in "${PENDING_STATUSES[@]}"; do - [[ $container_state = $state ]] && printf $PENDING_STRING && return 0 + [[ $container_state = "$state" ]] && printf $PENDING_STRING && return 0 done # This is technically not needed since the default is error state for state in "${BAD_STATUSES[@]}"; do - [[ $container_state = $state ]] && printf $ERROR_STRING && return 1 + [[ $container_state = "$state" ]] && printf $ERROR_STRING && return 1 done printf $ERROR_STRING && return 1 @@ -151,17 +151,17 @@ parse_status() { print_line() { local service_name=${1} - local service_state=$( parse_status ${2} ) + local service_state="$( parse_status ${2} )" local columns=$(tput cols) local state_color="\e[0m" local PADDING_CONSTANT=14 - if [[ $service_state = $ERROR_STRING ]] || [[ $service_state = $MISSING_STRING ]]; then + if [[ $service_state = "$ERROR_STRING" ]] || [[ $service_state = "$MISSING_STRING" ]]; then state_color="\e[1;31m" - elif [[ $service_state = $SUCCESS_STRING ]]; then + elif [[ $service_state = "$SUCCESS_STRING" ]]; then state_color="\e[1;32m" - elif [[ $service_state = $PENDING_STRING ]]; then + elif [[ $service_state = "$PENDING_STRING" ]]; then state_color="\e[1;33m" fi @@ -204,4 +204,3 @@ main() { main - From d29cd1caee815cea5d11899b309a4584de263714 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Sun, 9 Feb 2020 18:03:30 -0500 Subject: [PATCH 2/3] [fix] Elastalert typo --- pillar/docker/config.sls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pillar/docker/config.sls b/pillar/docker/config.sls index 454eead49..2dc592b69 100644 --- a/pillar/docker/config.sls +++ b/pillar/docker/config.sls @@ -29,7 +29,7 @@ eval: - so-suricata - so-zeek - so-curator - - so-elasalert + - so-elastalert {%- if WAZUH != 0 %} - so-wazuh {%- endif %} @@ -104,7 +104,7 @@ master_search: - so-elasticsearch - so-curator - so-kibana - - so-elasalert + - so-elastalert - so-filebeat - so-soctopus {%- if OSQUERY != 0 %} @@ -147,7 +147,7 @@ master: - so-elasticsearch - so-logstash - so-kibana - - so-elasalert + - so-elastalert - so-filebeat {%- if OSQUERY != 0 %} - so-mysql From 301ff7750173752a766de8ca5ccacf16071ccb46 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Sun, 9 Feb 2020 19:06:54 -0500 Subject: [PATCH 3/3] [fix] Jinja2 templating comparisons --- pillar/docker/config.sls | 39 ++++++++++++++++---------------- salt/common/tools/sbin/so-status | 2 +- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/pillar/docker/config.sls b/pillar/docker/config.sls index 2dc592b69..ab2f18d16 100644 --- a/pillar/docker/config.sls +++ b/pillar/docker/config.sls @@ -17,7 +17,7 @@ eval: - so-idstools - so-auth-api - so-auth-ui - {%- if OSQUERY != 0 %} + {%- if OSQUERY != '0' %} - so-mysql - so-fleet - so-redis @@ -30,23 +30,23 @@ eval: - so-zeek - so-curator - so-elastalert - {%- if WAZUH != 0 %} + {%- if WAZUH != '0' %} - so-wazuh {%- endif %} - so-soctopus - {%- if THEHIVE != 0 %} + {%- if THEHIVE != '0' %} - so-thehive - so-thehive-es - so-cortex {%- endif %} - {%- if PLAYBOOK != 0 %} + {%- if PLAYBOOK != '0' %} - so-playbook - so-navigator {%- endif %} - {%- if FREQSERVER != 0 %} + {%- if FREQSERVER != '0' %} - so-freqserver {%- endif %} - {%- if DOMAINSTATS != 0 %} + {%- if DOMAINSTATS != '0' %} - so-domainstats {%- endif %} heavy_node: @@ -107,28 +107,28 @@ master_search: - so-elastalert - so-filebeat - so-soctopus - {%- if OSQUERY != 0 %} + {%- if OSQUERY != '0' %} - so-mysql - so-fleet - so-redis {%- endif %} - {%- if WAZUH != 0 %} + {%- if WAZUH != '0' %} - so-wazuh {%- endif %} - so-soctopus - {%- if THEHIVE != 0 %} + {%- if THEHIVE != '0' %} - so-thehive - so-thehive-es - so-cortex {%- endif %} - {%- if PLAYBOOK != 0 %} + {%- if PLAYBOOK != '0' %} - so-playbook - so-navigator {%- endif %} - {%- if FREQSERVER != 0 %} + {%- if FREQSERVER != '0' %} - so-freqserver {%- endif %} - {%- if DOMAINSTATS != 0 %} + {%- if DOMAINSTATS != '0' %} - so-domainstats {%- endif %} master: @@ -149,28 +149,28 @@ master: - so-kibana - so-elastalert - so-filebeat - {%- if OSQUERY != 0 %} + {%- if OSQUERY != '0' %} - so-mysql - so-fleet - so-redis {%- endif %} - {%- if WAZUH != 0 %} + {%- if WAZUH != '0' %} - so-wazuh {%- endif %} - so-soctopus - {%- if THEHIVE != 0 %} + {%- if THEHIVE != '0' %} - so-thehive - so-thehive-es - so-cortex {%- endif %} - {%- if PLAYBOOK != 0 %} + {%- if PLAYBOOK != '0' %} - so-playbook - so-navigator {%- endif %} - {%- if FREQSERVER != 0 %} + {%- if FREQSERVER != '0' %} - so-freqserver {%- endif %} - {%- if DOMAINSTATS != 0 %} + {%- if DOMAINSTATS != '0' %} - so-domainstats {%- endif %} parser_node: @@ -190,7 +190,7 @@ search_node: - so-elasticsearch - so-curator - so-filebeat - {%- if WAZUH != 0 %} + {%- if WAZUH != '0' %} - so-wazuh {%- endif %} sensor: @@ -213,3 +213,4 @@ warm_node: - so-influxdb - so-grafana - so-elasticsearch + \ No newline at end of file diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status index 1527ee4a3..7f6e01eec 100755 --- a/salt/common/tools/sbin/so-status +++ b/salt/common/tools/sbin/so-status @@ -191,7 +191,7 @@ main() { printf "\n" printf "${focus_color}%b\e[0m" "Checking container statuses\n\n" - local num_containers=${#docker_raw_list[@]} + local num_containers=${#container_name_list[@]} for i in $(seq 0 $(($num_containers - 1 ))); do print_line ${container_name_list[$i]} ${container_state_list[$i]}