From ad64b873c0316106bc915df606405294c1487892 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 11 Apr 2023 12:58:40 -0400 Subject: [PATCH] ubuntu changes --- salt/common/init.sls | 7 ------- salt/common/packages.sls | 16 ++++++++++++---- salt/ntp/init.sls | 7 ++++++- salt/repo/client/ubuntu.sls | 20 -------------------- salt/salt/init.sls | 10 +--------- setup/so-functions | 29 ++++++++++++++++++----------- setup/so-setup | 1 + 7 files changed, 38 insertions(+), 52 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index 21c4ce369..b6495a84b 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -200,13 +200,6 @@ sostatus_log: - name: /opt/so/log/sostatus/status.log - mode: 644 -common_pip_dependencies: - pip.installed: - - user: root - - pkgs: - - rich - - target: /usr/lib64/python3.6/site-packages - # Install sostatus check cron sostatus_check_cron: cron.present: diff --git a/salt/common/packages.sls b/salt/common/packages.sls index 9e118f4da..7870eddf8 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -10,23 +10,31 @@ commonpkgs: - wget - ntpdate - jq - - python3-docker - curl - ca-certificates - software-properties-common - apt-transport-https - openssl - netcat - - python3-mysqldb - sqlite3 - libssl-dev - python3-dateutil - - python3-m2crypto - - python3-mysqldb - python3-packaging - python3-lxml - git - vim + +# since Ubuntu requires and internet connection we can use pip to install modules +python3-pip: + pkg.installed + +python-rich: + pip.installed: + - name: rich + - require: + - pkg: python3-pip + + {% elif GLOBALS.os == 'Rocky' %} commonpkgs: pkg.installed: diff --git a/salt/ntp/init.sls b/salt/ntp/init.sls index 42840d6ec..aeb878594 100644 --- a/salt/ntp/init.sls +++ b/salt/ntp/init.sls @@ -2,6 +2,7 @@ # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at # https://securityonion.net/license; you may not use this file except in compliance with the # Elastic License 2.0. +{% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'ntp/config.map.jinja' import NTPCONFIG %} chronyconf: @@ -12,8 +13,12 @@ chronyconf: - defaults: NTPCONFIG: {{ NTPCONFIG }} +{% if GLOBALS.os == 'Rocky' %} chronyd: +{% else %} +chrony: +{% endif %} service.running: - enable: True - watch: - - file: chronyconf \ No newline at end of file + - file: chronyconf diff --git a/salt/repo/client/ubuntu.sls b/salt/repo/client/ubuntu.sls index a5d55fa5e..e69de29bb 100644 --- a/salt/repo/client/ubuntu.sls +++ b/salt/repo/client/ubuntu.sls @@ -1,20 +0,0 @@ -# this removes the repo file left by bootstrap-salt.sh without -r -remove_salt.list: - file.absent: - - name: /etc/apt/sources.list.d/salt.list - -saltstack.list: - file.managed: - - name: /etc/apt/sources.list.d/saltstack.list - - contents: - - deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/{{grains.osrelease}}/amd64/salt3004.2/ {{grains.oscodename}} main - -apt_update: - cmd.run: - - name: apt-get update - - onchanges: - - file: saltstack.list - - timeout: 30 - - retry: - attempts: 5 - interval: 30 \ No newline at end of file diff --git a/salt/salt/init.sls b/salt/salt/init.sls index da66e100e..a190a84eb 100644 --- a/salt/salt/init.sls +++ b/salt/salt/init.sls @@ -1,16 +1,8 @@ -{% from 'vars/globals.map.jinja' import GLOBALS %} - -{% if GLOBALS.os != 'Rocky' %} +{% if grains.oscodename == 'focal' %} saltpymodules: pkg.installed: - pkgs: - {% if grains['oscodename'] == 'bionic' %} - - python-m2crypto - - python-docker - {% elif grains['oscodename'] == 'focal' %} - - python3-m2crypto - python3-docker - {% endif %} {% endif %} salt_bootstrap: diff --git a/setup/so-functions b/setup/so-functions index d4ec97a69..aa7cf98d4 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -674,8 +674,13 @@ configure_ntp() { 'rtcsync' \ 'logdir /var/log/chrony' >> $chrony_conf - systemctl enable chronyd - systemctl restart chronyd + if [ "$OS" == 'rocky' ]; then + systemctl enable chronyd + systemctl restart chronyd + elif [ "$OS" == 'ubuntu' ]; then + systemctl enable chrony + systemctl restart chrony + fi # Tell the chrony daemon to sync time & update the system time # Since these commands only make a call to chronyd, wait after each command to make sure the changes are made @@ -959,15 +964,17 @@ installer_progress_loop() { } installer_prereq_packages() { - if [ "$OS" == rocky ]; then - if [[ ! $is_iso ]]; then - if ! command -v nmcli > /dev/null 2>&1; then - logCmd "dnf -y install NetworkManager" - fi - fi - logCmd "systemctl enable NetworkManager" - logCmd "systemctl start NetworkManager" - elif [ "$OS" == ubuntu ]; then +# if [ "$OS" == rocky ]; then +# if [[ ! $is_iso ]]; then +# if ! command -v nmcli > /dev/null 2>&1; then +# logCmd "dnf -y install NetworkManager" +# fi +# fi +# logCmd "systemctl enable NetworkManager" +# logCmd "systemctl start NetworkManager" +# el + + if [ "$OS" == ubuntu ]; then # Print message to stdout so the user knows setup is doing something retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 # Install network manager so we can do interface stuff diff --git a/setup/so-setup b/setup/so-setup index 96e39b546..76bc79e5b 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -641,6 +641,7 @@ if ! [[ -f $install_opt_file ]]; then mkdir -p /opt/so es_heapsize ls_heapsize + installer_prereq_packages generate_interface_vars if [[ $monints ]]; then configure_network_sensor