CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-10 11:12:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

ubuntu changes

Browse Source
This commit is contained in:
m0duspwnens
2023-04-11 12:58:40 -04:00
parent 9ea3eaafae
commit ad64b873c0
7 changed files with 38 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
salt/common/init.sls
View File

@@ -200,13 +200,6 @@ sostatus_log:
- name: /opt/so/log/sostatus/status.log - name: /opt/so/log/sostatus/status.log
- mode: 644 - mode: 644
common_pip_dependencies:
pip.installed:
- user: root
- pkgs:
- rich
- target: /usr/lib64/python3.6/site-packages
# Install sostatus check cron # Install sostatus check cron
sostatus_check_cron: sostatus_check_cron:
cron.present: cron.present:

16
salt/common/packages.sls
View File

@@ -10,23 +10,31 @@ commonpkgs:
- wget - wget
- ntpdate - ntpdate
- jq - jq
- python3-docker
- curl - curl
- ca-certificates - ca-certificates
- software-properties-common - software-properties-common
- apt-transport-https - apt-transport-https
- openssl - openssl
- netcat - netcat
- python3-mysqldb
- sqlite3 - sqlite3
- libssl-dev - libssl-dev
- python3-dateutil - python3-dateutil
- python3-m2crypto
- python3-mysqldb
- python3-packaging - python3-packaging
- python3-lxml - python3-lxml
- git - git
- vim - vim
# since Ubuntu requires and internet connection we can use pip to install modules
python3-pip:
pkg.installed
python-rich:
pip.installed:
- name: rich
- require:
- pkg: python3-pip
{% elif GLOBALS.os == 'Rocky' %} {% elif GLOBALS.os == 'Rocky' %}
commonpkgs: commonpkgs:
pkg.installed: pkg.installed:

7
salt/ntp/init.sls
View File

@@ -2,6 +2,7 @@
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the # https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0. # Elastic License 2.0.
{% from 'vars/globals.map.jinja' import GLOBALS %}
{% from 'ntp/config.map.jinja' import NTPCONFIG %} {% from 'ntp/config.map.jinja' import NTPCONFIG %}
chronyconf: chronyconf:
@@ -12,8 +13,12 @@ chronyconf:
- defaults: - defaults:
NTPCONFIG: {{ NTPCONFIG }} NTPCONFIG: {{ NTPCONFIG }}
{% if GLOBALS.os == 'Rocky' %}
chronyd: chronyd:
{% else %}
chrony:
{% endif %}
service.running: service.running:
- enable: True - enable: True
- watch: - watch:
- file: chronyconf - file: chronyconf

20
salt/repo/client/ubuntu.sls
View File

@@ -1,20 +0,0 @@
# this removes the repo file left by bootstrap-salt.sh without -r
remove_salt.list:
file.absent:
- name: /etc/apt/sources.list.d/salt.list
saltstack.list:
file.managed:
- name: /etc/apt/sources.list.d/saltstack.list
- contents:
- deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/{{grains.osrelease}}/amd64/salt3004.2/ {{grains.oscodename}} main
apt_update:
cmd.run:
- name: apt-get update
- onchanges:
- file: saltstack.list
- timeout: 30
- retry:
attempts: 5
interval: 30

10
salt/salt/init.sls
View File

@@ -1,16 +1,8 @@
{% from 'vars/globals.map.jinja' import GLOBALS %} {% if grains.oscodename == 'focal' %}
{% if GLOBALS.os != 'Rocky' %}
saltpymodules: saltpymodules:
pkg.installed: pkg.installed:
- pkgs: - pkgs:
{% if grains['oscodename'] == 'bionic' %}
- python-m2crypto
- python-docker
{% elif grains['oscodename'] == 'focal' %}
- python3-m2crypto
- python3-docker - python3-docker
{% endif %}
{% endif %} {% endif %}
salt_bootstrap: salt_bootstrap:

29
setup/so-functions
View File

@@ -674,8 +674,13 @@ configure_ntp() {
'rtcsync' \ 'rtcsync' \
'logdir /var/log/chrony' >> $chrony_conf 'logdir /var/log/chrony' >> $chrony_conf
systemctl enable chronyd if [ "$OS" == 'rocky' ]; then
systemctl restart chronyd systemctl enable chronyd
systemctl restart chronyd
elif [ "$OS" == 'ubuntu' ]; then
systemctl enable chrony
systemctl restart chrony
fi
# Tell the chrony daemon to sync time & update the system time # Tell the chrony daemon to sync time & update the system time
# Since these commands only make a call to chronyd, wait after each command to make sure the changes are made # Since these commands only make a call to chronyd, wait after each command to make sure the changes are made
@@ -959,15 +964,17 @@ installer_progress_loop() {
} }
installer_prereq_packages() { installer_prereq_packages() {
if [ "$OS" == rocky ]; then # if [ "$OS" == rocky ]; then
if [[ ! $is_iso ]]; then # if [[ ! $is_iso ]]; then
if ! command -v nmcli > /dev/null 2>&1; then # if ! command -v nmcli > /dev/null 2>&1; then
logCmd "dnf -y install NetworkManager" # logCmd "dnf -y install NetworkManager"
fi # fi
fi # fi
logCmd "systemctl enable NetworkManager" # logCmd "systemctl enable NetworkManager"
logCmd "systemctl start NetworkManager" # logCmd "systemctl start NetworkManager"
elif [ "$OS" == ubuntu ]; then # el
if [ "$OS" == ubuntu ]; then
# Print message to stdout so the user knows setup is doing something # Print message to stdout so the user knows setup is doing something
retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1 retry 150 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
# Install network manager so we can do interface stuff # Install network manager so we can do interface stuff

1
setup/so-setup
View File

@@ -641,6 +641,7 @@ if ! [[ -f $install_opt_file ]]; then
mkdir -p /opt/so mkdir -p /opt/so
es_heapsize es_heapsize
ls_heapsize ls_heapsize
installer_prereq_packages
generate_interface_vars generate_interface_vars
if [[ $monints ]]; then if [[ $monints ]]; then
configure_network_sensor configure_network_sensor