Merge remote-tracking branch 'remotes/origin/dev' into issue/1093

salt/common/init.sls

@@ -192,6 +192,18 @@ sensorrotateconf:
 
 {% endif %}
 
+{% if role in ['eval', 'manager', 'managersearch', 'standalone'] %}
+# Add config backup
+/usr/sbin/so-config-backup:
+  cron.present:
+    - user: root
+    - minute: '1'
+    - hour: '0'
+    - daymonth: '*'
+    - month: '*'
+    - dayweek: '*'
+{% endif %}
+
 # Make sure Docker is always running
 docker:
   service.running:
@@ -203,4 +215,4 @@ common_state_not_allowed:
   test.fail_without_changes:
     - name: common_state_not_allowed
 
-{% endif %}
+{% endif %}

salt/common/tools/sbin/so-config-backup

@@ -0,0 +1,44 @@
+!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.. /usr/sbin/so-common
+{% set BACKUPLOCATIONS = salt['pillar.get']('backup:locations', {}) %}
+
+TODAY=$(date '+%Y_%m_%d')
+BACKUPFILE="/nsm/backup/so-config-backup-$TODAY.tar"
+MAXBACKUPS=7
+
+# Create backup dir if it does not exist
+mkdir -p /nsm/backup
+
+# If we haven't already written a backup file for today, let's do so
+if [ ! -f $BACKUPFILE ]; then
+
+  # Create empty backup file
+  tar -cf $BACKUPFILE -T /dev/null
+
+  # Loop through all paths defined in global.sls, and append them to backup file
+  {%- for LOCATION in BACKUPLOCATIONS %}
+  tar -rf $BACKUPFILE {{ LOCATION }}
+  {%- endfor %}
+
+fi
+
+# Find oldest backup file and remove it
+NUMBACKUPS=$(find /nsm/backup/ -type f -name "so-config-backup*" | wc -l)
+OLDESTBACKUP=$(find /nsm/backup/ -type f -name "so-config-backup*" | ls -1t | tail -1)
+if [ "$NUMBACKUPS" -gt "$MAXBACKUPS" ]; then
+  rm -f /nsm/backup/$OLDESTBACKUP
+fi

salt/common/tools/sbin/so-cortex-user-add

@@ -40,7 +40,7 @@ test -t 0
 if [[ $? == 0 ]]; then
   echo "Enter new password:"
 fi
-read -s CORTEX_PASS
+read -rs CORTEX_PASS
 
 # Create new user in Cortex
 resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" "https://$CORTEX_IP/cortex/api/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }")

salt/common/tools/sbin/so-fleet-user-add

@@ -39,7 +39,7 @@ test -t 0
 if [[ $? == 0 ]]; then
   echo "Enter new password:"
 fi
-read -s FLEET_PASS
+read -rs FLEET_PASS
 
 FLEET_HASH=$(docker exec so-soctopus python -c "import bcrypt; print(bcrypt.hashpw('$FLEET_PASS'.encode('utf-8'), bcrypt.gensalt()).decode('utf-8'));" 2>&1)
 if [[ $? -ne 0 ]]; then

salt/common/tools/sbin/so-thehive-user-add

@@ -39,7 +39,7 @@ test -t 0
 if [[ $? == 0 ]]; then
   echo "Enter new password:"
 fi
-read -s THEHIVE_PASS
+read -rs THEHIVE_PASS
 
 # Create new user in TheHive
 resp=$(curl -sk -XPOST -H "Authorization: Bearer $THEHIVE_KEY" -H "Content-Type: application/json" "https://$THEHIVE_IP/thehive/api/user" -d "{\"login\" : \"$THEHIVE_USER\",\"name\" : \"$THEHIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$THEHIVE_PASS\"}")

salt/common/tools/sbin/so-user

@@ -96,7 +96,7 @@ function updatePassword() {
     if [[ $? == 0 ]]; then
       echo "Enter new password:"
     fi
-    read -s password
+    read -rs password
 
     validatePassword "$password"
   fi

setup/so-functions

@@ -1245,7 +1245,10 @@ manager_global() {
 		"  time_file: 1"\
 		"  upload_queue_size: 4"\
 		"  encoding: gzip"\
-		"  interval: 5" >> "$global_pillar"
+		"  interval: 5"\
+	        "backup:"\
+                "  locations:"\
+                "    - /opt/so/saltstack/local" >> "$global_pillar"
 		
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
 }

setup/so-setup

@@ -461,6 +461,7 @@ fi
 {
 	# Set initial percentage to 0
 	export percentage=0
+	set_path
 
     if [[ $is_manager && $is_airgap ]]; then
 	    info "Creating airgap repo"