CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-08 02:02:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Airgap Time

Browse Source
This commit is contained in:
Mike Reeves
2020-09-03 10:35:12 -04:00
parent 9745191f19
commit b2ee757db2
5 changed files with 39 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
salt/airgap/files/yum.conf Normal file
View File

@@ -0,0 +1,12 @@
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=2
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release

6
salt/airgap/init.sls
View File

@@ -1,5 +1,9 @@
{% set MANAGER = salt['grains.get']('master') %} {% set MANAGER = salt['grains.get']('master') %}
{% set IMAGEREPO = salt['pillar.get']('global:airgap') %} airgapyum:
file.managed:
- name: /etc/yum/yum.conf
- source: salt://airgap/files/yum.conf
airgap.repo: airgap.repo:
pkgrepo.managed: pkgrepo.managed:
- humanname: Airgap Repo - humanname: Airgap Repo

15
salt/nginx/etc/nginx.conf.so-standalone
View File

@@ -185,14 +185,13 @@ http {
{%- if ISAIRGAP is sameas true %} {%- if ISAIRGAP is sameas true %}
location /repo/ { location /repo/ {
#auth_request /auth/sessions/whoami; allow all;
proxy_read_timeout 90; sendfile on;
proxy_connect_timeout 90; sendfile_max_chunk 1m;
proxy_set_header Host $host; autoindex on;
proxy_set_header X-Real-IP $remote_addr; autoindex_exact_size off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; autoindex_format html;
proxy_set_header Proxy ""; autoindex_localtime on;
proxy_set_header X-Forwarded-Proto $scheme;
} }
{%- endif %} {%- endif %}

9
salt/top.sls
View File

@@ -9,17 +9,24 @@
{%- set STRELKA = salt['pillar.get']('strelka:enabled', '0') -%} {%- set STRELKA = salt['pillar.get']('strelka:enabled', '0') -%}
{% import_yaml 'salt/minion.defaults.yaml' as salt %} {% import_yaml 'salt/minion.defaults.yaml' as salt %}
{% set saltversion = salt.salt.minion.version %} {% set saltversion = salt.salt.minion.version %}
{% set ISAIRGAP = salt['pillar.get']('global:airgap') %}
base: base:
'not G@saltversion:{{saltversion}}': 'not G@saltversion:{{saltversion}}':
- match: compound - match: compound
{% if ISAIRGAP is sameas true %}
- airgap
{% endif %}
- salt.minion - salt.minion
'G@os:CentOS and G@saltversion:{{saltversion}}': 'G@os:CentOS and G@saltversion:{{saltversion}}':
- match: compound - match: compound
{% if ISAIRGAP is sameas true %}
- airgap
{% else %}
- yum - yum
{% endif %}
- yum.packages - yum.packages
'* and G@saltversion:{{saltversion}}': '* and G@saltversion:{{saltversion}}':

2
setup/so-functions
View File

@@ -1873,9 +1873,11 @@ set_redirect() {
set_updates() { set_updates() {
if [ "$MANAGERUPDATES" = '1' ]; then if [ "$MANAGERUPDATES" = '1' ]; then
if [ "$OS" = 'centos' ]; then if [ "$OS" = 'centos' ]; then
if [[ ! $is_airgap ]]; then
if ! grep -q "$MSRV" /etc/yum.conf; then if ! grep -q "$MSRV" /etc/yum.conf; then
echo "proxy=http://$MSRV:3142" >> /etc/yum.conf echo "proxy=http://$MSRV:3142" >> /etc/yum.conf
fi fi
fi
else else
# Set it up so the updates roll through the manager # Set it up so the updates roll through the manager
printf '%s\n'\ printf '%s\n'\