Merge pull request #9939 from Security-Onion-Solutions/kilo

automated testing support; removal of nonexistent ScanRuby strelka scanner

salt/common/tools/sbin/so-minion

@@ -23,6 +23,7 @@ if [[ $# -lt 1 ]]; then
   echo "   accept: Accepts a new key and adds the minion files"
   echo "   delete: Removes the key and deletes the minion files"
   echo "   reject: Rejects a key"
+  echo "     test: Ingest test data"
   echo ""
   exit 1
 fi
@@ -75,6 +76,22 @@ function getinstallinfo() {
 	source <(echo $INSTALLVARS)
 }
 
+function testminion() {
+	# Always run on the host, since this is going to be the manager of a distributed grid, or an eval/standalone.
+	# Distributed managers must run this in order for the sensor nodes to have access to the so-tcpreplay image.
+	so-test
+	result=$?
+
+	# If this so-minion script is not running on the given minion ID, run so-test remotely on the sensor as well
+	local_id=$(lookup_grain id)
+	if [[ ! "$local_id" =~ "${MINION_ID}_" ]]; then
+		salt "$MINION_ID" cmd.run 'so-test'
+		result=$?
+	fi
+
+	exit $result
+}
+
 function listminions() {
 	salt-key list -F --out=json
 	exit $?
@@ -277,3 +294,7 @@ if [[ "$OPERATION" = 'add' || "$OPERATION" = 'setup' ]]; then
 	create$NODETYPE
 	echo "Minion file created for $MINION_ID"	
 fi
+
+if [[ "$OPERATION" = 'test' ]]; then
+	testminion
+fi

salt/common/tools/sbin/so-playbook-reset

@@ -17,6 +17,6 @@ salt-call state.apply playbook,playbook.automation_user_create
 
 /usr/sbin/so-soctopus-restart
 
-echo "Importing Plays - this will take some time...."
+echo "Importing Plays - NOTE: this will continue after installation finishes and could take an hour or more. Rebooting while the import is in progress will delay playbook imports."
 sleep 5
 so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 &

salt/common/tools/sbin/so-status

@@ -24,12 +24,14 @@ def showUsage(options, args):
   print('   -h                  - Prints this usage information')
   print('   -q                  - Suppress output; useful for automation of exit code value')
   print('   -j                  - Output in JSON format')
+  print('   -i                  - Consider the installation outcome regardless of whether the system appears healthy')
   print('')
   print('  Exit codes:')
   print('    0                  - Success, system appears to be running correctly')
   print('    1                  - Error, one or more subsystems are not running')
   print('    2                  - System is starting')
   print('    99                 - Installation in progress')
+  print('    100                - System installation encountered errors')
   sys.exit(1)
 
 
@@ -38,6 +40,16 @@ def fail(msg):
   sys.exit(1)
 
 
+def check_installation_status(options, console):
+  if "-i" in options:
+    if os.path.isfile('/root/failure'):
+      return 100
+    if os.path.isfile('/root/success'):
+      return 0
+    return 99
+  return 0
+
+
 def check_system_status(options, console):
   code = 0
   highstate_end_time = 0
@@ -66,6 +78,8 @@ def output(options, console, code, data):
       console.print(" [bold yellow]:hourglass: [bold white]System appears to be starting. No highstate has completed since the system was restarted.")
     elif code == 99:
       console.print(" [bold red]:exclamation: [bold white]Installation does not appear to be complete. A highstate has not fully completed.")
+    elif code == 100:
+      console.print(" [bold red]:exclamation: [bold white]Installation encountered errors.")
     else:
       table = Table(title = "Security Onion Status", show_edge = False, safe_box = True, box = box.MINIMAL)
       table.add_column("Container", justify="right", style="white", no_wrap=True)
@@ -137,7 +151,9 @@ def check_container_status(options, console):
 
 def check_status(options, console):
   container_list = []
-  code = check_system_status(options, console)
+  code = check_installation_status(options, console)
+  if code == 0:
+    code = check_system_status(options, console)
   if code == 0:
     code, container_list = check_container_status(options, console)
   output(options, console, code, container_list)
@@ -150,9 +166,8 @@ def main():
   for option in args:
     if option.startswith("-"):
       options.append(option)
-      args.remove(option)
 
-  if len(args) != 0 or "-h" in options:
+  if "-h" in options or "--help" in options or "-?" in options:
     showUsage(options, None)
 
   if os.environ["USER"] != "root":

salt/common/tools/sbin/so-user

@@ -496,19 +496,6 @@ EOF
   fi
 }
 
-function migrateLockedUsers() {
-  # This is a migration function to convert locked users from prior to 2.3.90
-  # to inactive users using the newer Kratos functionality. This should only
-  # find locked users once.
-  lockedEmails=$(curl -s ${kratosUrl}/identities | jq -r '.[] | select(.traits.status == "locked") | .traits.email')
-  if [[ -n "$lockedEmails" ]]; then
-    echo "Disabling locked users..."
-    for email in $lockedEmails; do
-      updateStatus "$email" locked
-    done
-  fi
-}
-
 function updateStatus() {
   email=$1
   status=$2
@@ -703,11 +690,6 @@ case "${operation}" in
     echo "Password is acceptable"
     ;;
 
-  "migrate")
-    migrateLockedUsers
-    echo "User migration complete"
-    ;;
-
   *)
     fail "Unsupported operation: $operation"
     usage

salt/strelka/defaults.yaml

@@ -308,11 +308,6 @@ strelka:
               priority: 5
               options:
                 limit: 1000
-          'ScanRuby':
-            - positive:
-                flavors:
-                  - 'text/x-ruby'
-              priority: 5
           'ScanSwf':
             - positive:
                 flavors: