Merge pull request #11177 from Security-Onion-Solutions/wheelwatchdog

new python watchdog

salt/common/packages.sls

@@ -21,7 +21,6 @@ commonpkgs:
       - python3-dateutil
       - python3-docker
       - python3-packaging
-      - python3-watchdog
       - python3-lxml
       - git
       - rsync
@@ -74,7 +73,6 @@ commonpkgs:
       - python3-packaging
       - python3-pyyaml
       - python3-rich
-      - python3-watchdog
       - rsync
       - sqlite
       - tcpdump

salt/common/tools/sbin/so-common

@@ -446,6 +446,10 @@ set_os() {
 			OS=centos
 			OSVER=9
 			is_centos=true
+		elif grep -q "Oracle Linux Server release 9" /etc/system-release; then
+			OS=oel
+			OSVER=9
+			is_oracle=true
 		fi
 		cron_service_name="crond"
 	else

salt/manager/tools/sbin/soup

@@ -303,6 +303,7 @@ check_log_size_limit() {
 
 check_os_updates() {
   # Check to see if there are OS updates
+  echo "Checking for OS updates."
   NEEDUPDATES="We have detected missing operating system (OS) updates. Do you want to install these OS updates now? This could take a while depending on the size of your grid and how many packages are missing, but it is recommended to keep your system updated."
   OSUPDATES=$(dnf -q list updates | grep -v docker | grep -v containerd | grep -v salt | grep -v Available | wc -l)
   if [[ "$OSUPDATES" -gt 0 ]]; then
@@ -437,6 +438,11 @@ post_to_2.4.20() {
   POSTVERSION=2.4.20
 }
 
+repo_sync() {
+  echo "Sync the local repo."
+  su socore -c '/usr/sbin/so-repo-sync'
+}
+
 stop_salt_master() {
     # kill all salt jobs across the grid because the hang indefinitely if they are queued and salt-master restarts
     set +e
@@ -762,9 +768,7 @@ main() {
   fi
   echo "Verifying we have the latest soup script."
   verify_latest_update_script
-  echo "Checking for OS updates."
+
-  check_os_updates
-  
   echo "Let's see if we need to update Security Onion."
   upgrade_check
   upgrade_space
@@ -776,6 +780,10 @@ main() {
   if [[ $is_airgap -eq 0 ]]; then
     yum clean all
     check_os_updates
+  elif [[ $OS == 'oel' || $OS == 'rocky'|| $OS == 'centos' ]]; then
+    # sync remote repo down to local if not airgap
+    repo_sync
+    check_os_updates
   fi
 
   if [ "$is_hotfix" == "true" ]; then

salt/strelka/filestream/config.sls

@@ -47,6 +47,21 @@ filestream_config:
         FILESTREAMCONFIG: {{ STRELKAMERGED.filestream.config }}
 
 # Filecheck Section
+{% if GLOBALS.os_family == 'Debian' %}
+install_watchdog:
+  pkg.installed:
+    - name: python3-watchdog
+
+{% elif GLOBALS.os_family == 'RedHat' %}
+remove_old_watchdog:
+  pkg.removed:
+    - name: python3-watchdog
+
+install_watchdog:
+  pkg.installed:
+    - name: securityonion-python39-watchdog
+{% endif %}
+
 filecheck_logdir:
   file.directory:
     - name: /opt/so/log/strelka
@@ -127,6 +142,7 @@ filecheck_restart:
     - onchanges:
       - file: filecheck_script
       - file: filecheck_conf
+      - pkg: install_watchdog
 
 filcheck_history_clean:
   cron.present: