Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion into feature/mkrsoup

salt/elasticsearch/files/ingest/osquery.query_result

@@ -18,8 +18,8 @@
         "source": "def dict = ['result': new HashMap()]; for (entry in ctx['message2'].entrySet()) { dict['result'][entry.getKey()] = entry.getValue(); } ctx['osquery'] = dict; "
       }
     },
-    { "set":           { "field": "event.module", "value": "osquery" }  },
-    { "set":           { "field": "event.dataset", "value": "{{osquery.result.name}}"}  },
+    { "set":           { "field": "event.module", "value": "osquery", "override": false }  },
+    { "set":           { "field": "event.dataset", "value": "{{osquery.result.name}}", "override": false}  },
     { "pipeline":    { "name": "common" } }
   ]
 }

salt/grafana/init.sls

@@ -91,7 +91,6 @@ dashboard-manager:
     - defaults:
       SERVERNAME: {{ SN }}
       MANINT: {{ SNDATA.manint }}
-      MONINT: {{ SNDATA.monint }}
       CPUS: {{ SNDATA.totalcpus }}
       UID: so_overview
       ROOTFS: {{ SNDATA.rootfs }}
@@ -183,7 +182,6 @@ dashboardsearch-{{ SN }}:
     - defaults:
       SERVERNAME: {{ SN }}
       MANINT: {{ SNDATA.manint }}
-      MONINT: {{ SNDATA.monint }}
       CPUS: {{ SNDATA.totalcpus }}
       UID: {{ SNDATA.guid }}
       ROOTFS: {{ SNDATA.rootfs }}

salt/ssl/init.sls

@@ -255,6 +255,13 @@ ealstickeyperms:
     - mode: 640
     - group: 930
     
+elasticp12perms:
+  file.managed:
+    - replace: False
+    - name: /etc/pki/elasticsearch.p12
+    - mode: 640
+    - group: 930
+
 # Create a cert for Redis encryption
 /etc/pki/redis.key:
   x509.private_key_managed:
@@ -530,11 +537,19 @@ fleetkeyperms:
     - onchanges:
       - x509: /etc/pki/elasticsearch.key
 
-miniokeyperms:
+elasticp12perms:
+  file.managed:
+    - replace: False
+    - name: /etc/pki/elasticsearch.p12
+    - mode: 640
+    - group: 930
+    
+elastickeyperms:
   file.managed:
     - replace: False
     - name: /etc/pki/elasticsearch.key
     - mode: 640
     - group: 930
+    
     {%- endif %}
 {%- endif %}

salt/top.sls

@@ -361,6 +361,9 @@ base:
     - logstash
     - curator
     - filebeat
+    {%- if STRELKA %}
+    - strelka
+    {%- endif %}
     {%- if FLEETMANAGER or FLEETNODE %}
     - fleet.install_package
     - redis

setup/so-functions

@@ -1207,7 +1207,6 @@ manager_global() {
 		"  interval: 5" >> "$global_pillar"
 		
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
-	cat "$global_pillar" >> "$setup_log" 2>&1
 }
 
 minio_generate_keys() {

setup/so-setup

@@ -326,7 +326,7 @@ if [[ $is_manager && ! $is_eval ]]; then
 	fi
 
 	if [[ $STRELKA == 1 ]]; then
-            whiptail_strelka_rules
+            STRELKARULES=1
         fi
 
 	if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then
@@ -711,7 +711,7 @@ success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}')
 if [[ $success != 0 ]]; then SO_ERROR=1; fi
 
 # Check entire setup log for errors or unexpected salt states and ensure cron jobs are not reporting errors to root's mailbox
-if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root ]]; then SO_ERROR=1; fi
+if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root && "$setup_type" == "iso" ]]; then SO_ERROR=1; fi
 
 if [[ -n $SO_ERROR ]]; then 
 	echo "Errors detected during setup; skipping post-setup steps to allow for analysis of failures." >> $setup_log 2>&1