mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
change how we allow or disallow states to be run https://github.com/Security-Onion-Solutions/securityonion/issues/2679
This commit is contained in:
m0duspwnens
@@ -1,3 +1,6 @@
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set MANAGER = salt['grains.get']('master') %}
|
||||
airgapyum:
|
||||
file.managed:
|
||||
@@ -57,4 +60,12 @@ agssrepo:
|
||||
|
||||
agwazrepo:
|
||||
file.absent:
|
||||
- name: /etc/yum.repos.d/wazuh.repo
|
||||
- name: /etc/yum.repos.d/wazuh.repo
|
||||
|
||||
{% else %}
|
||||
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
297
salt/allowed_states.map.jinja
Normal file
297
salt/allowed_states.map.jinja
Normal file
@@ -0,0 +1,297 @@
|
||||
{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
|
||||
{% set WAZUH = salt['pillar.get']('global:wazuh', '0') %}
|
||||
{% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
|
||||
{% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
|
||||
{% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
|
||||
{% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
|
||||
{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
|
||||
{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
|
||||
{% set ELASTALERT = salt['pillar.get']('elastalert:enabled', True) %}
|
||||
{% set ELASTICSEARCH = salt['pillar.get']('elasticsearch:enabled', True) %}
|
||||
{% set FILEBEAT = salt['pillar.get']('filebeat:enabled', True) %}
|
||||
{% set KIBANA = salt['pillar.get']('kibana:enabled', True) %}
|
||||
{% set LOGSTASH = salt['pillar.get']('logstash:enabled', True) %}
|
||||
{% set CURATOR = salt['pillar.get']('curator:enabled', True) %}
|
||||
{% set REDIS = salt['pillar.get']('redis:enabled', True) %}
|
||||
{% set STRELKA = salt['pillar.get']('strelka:enabled', '0') %}
|
||||
{% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
|
||||
{% import_yaml 'salt/minion.defaults.yaml' as saltversion %}
|
||||
{% set saltversion = saltversion.salt.minion.version %}
|
||||
|
||||
{# this is the list we are returning from this map file, it gets built below #}
|
||||
{% set allowed_states= [] %}
|
||||
|
||||
{% if grains.saltversion | string == saltversion | string %}
|
||||
|
||||
{% set allowed_states= salt['grains.filter_by']({
|
||||
'so-eval': [
|
||||
'salt.master',
|
||||
'ca',
|
||||
'ssl',
|
||||
'registry',
|
||||
'manager',
|
||||
'nginx',
|
||||
'telegraf',
|
||||
'influxdb',
|
||||
'grafana',
|
||||
'soc',
|
||||
'firewall',
|
||||
'idstools',
|
||||
'suricata.manager',
|
||||
'healthcheck',
|
||||
'pcap',
|
||||
'suricata',
|
||||
'utility',
|
||||
'schedule',
|
||||
'soctopus',
|
||||
'tcpreplay',
|
||||
'docker_clean'
|
||||
],
|
||||
'so-heavynode': [
|
||||
'ca',
|
||||
'ssl',
|
||||
'nginx',
|
||||
'telegraf',
|
||||
'firewall',
|
||||
'pcap',
|
||||
'suricata',
|
||||
'schedule',
|
||||
'tcpreplay',
|
||||
'docker_clean'
|
||||
],
|
||||
'so-helixsensor': [
|
||||
'salt.master',
|
||||
'ca',
|
||||
'ssl',
|
||||
'registry',
|
||||
'telegraf',
|
||||
'firewall',
|
||||
'idstools',
|
||||
'suricata.manager',
|
||||
'zeek',
|
||||
'redis',
|
||||
'elasticsearch',
|
||||
'logstash',
|
||||
'schedule',
|
||||
'tcpreplay',
|
||||
'docker_clean'
|
||||
],
|
||||
'so-fleet': [
|
||||
'ca',
|
||||
'ssl',
|
||||
'nginx',
|
||||
'telegraf',
|
||||
'firewall',
|
||||
'mysql',
|
||||
'redis',
|
||||
'fleet',
|
||||
'fleet.install_package',
|
||||
'filebeat',
|
||||
'schedule',
|
||||
'docker_clean'
|
||||
],
|
||||
'so-import': [
|
||||
'salt.master',
|
||||
'ca',
|
||||
'ssl',
|
||||
'registry',
|
||||
'manager',
|
||||
'nginx',
|
||||
'soc',
|
||||
'firewall',
|
||||
'idstools',
|
||||
'suricata.manager',
|
||||
'pcap',
|
||||
'utility',
|
||||
'suricata',
|
||||
'zeek',
|
||||
'schedule',
|
||||
'tcpreplay',
|
||||
'docker_clean'
|
||||
],
|
||||
'so-manager': [
|
||||
'salt.master',
|
||||
'ca',
|
||||
'ssl',
|
||||
'registry',
|
||||
'manager',
|
||||
'nginx',
|
||||
'telegraf',
|
||||
'influxdb',
|
||||
'grafana',
|
||||
'soc',
|
||||
'firewall',
|
||||
'idstools',
|
||||
'suricata.manager',
|
||||
'utility',
|
||||
'schedule',
|
||||
'soctopus',
|
||||
'docker_clean'
|
||||
],
|
||||
'so-managersearch': [
|
||||
'salt.master',
|
||||
'ca',
|
||||
'ssl',
|
||||
'registry',
|
||||
'nginx',
|
||||
'telegraf',
|
||||
'influxdb',
|
||||
'grafana',
|
||||
'soc',
|
||||
'firewall',
|
||||
'manager',
|
||||
'idstools',
|
||||
'suricata.manager',
|
||||
'utility',
|
||||
'schedule',
|
||||
'soctopus',
|
||||
'docker_clean'
|
||||
],
|
||||
'so-searchnode': [
|
||||
'ca',
|
||||
'ssl',
|
||||
'nginx',
|
||||
'telegraf',
|
||||
'firewall',
|
||||
'schedule',
|
||||
'docker_clean'
|
||||
],
|
||||
'so-standalone': [
|
||||
'salt.master',
|
||||
'ca',
|
||||
'ssl',
|
||||
'registry',
|
||||
'manager',
|
||||
'nginx',
|
||||
'telegraf',
|
||||
'influxdb',
|
||||
'grafana',
|
||||
'soc',
|
||||
'firewall',
|
||||
'idstools',
|
||||
'suricata.manager',
|
||||
'pcap',
|
||||
'suricata',
|
||||
'utility',
|
||||
'schedule',
|
||||
'soctopus',
|
||||
'tcpreplay',
|
||||
'docker_clean'
|
||||
],
|
||||
'so-sensor': [
|
||||
'ca',
|
||||
'ssl',
|
||||
'telegraf',
|
||||
'firewall',
|
||||
'nginx',
|
||||
'pcap',
|
||||
'suricata',
|
||||
'healthcheck',
|
||||
'wazuh',
|
||||
'filebeat',
|
||||
'schedule',
|
||||
'tcpreplay',
|
||||
'docker_clean'
|
||||
],
|
||||
}, grain='role') %}
|
||||
|
||||
{% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-import'] %}
|
||||
{% do allowed_states.append('filebeat') %}
|
||||
{% endif %}
|
||||
|
||||
{% if ((FLEETMANAGER or FLEETNODE) or PLAYBOOK != 0) and grains.role in ['so-eval', 'so-manager', 'so-managersearch', 'so-standalone'] %}
|
||||
{% do allowed_states.append('mysql') %}
|
||||
{% endif %}
|
||||
|
||||
{% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode'] %}
|
||||
{% do allowed_states.append('fleet.install_package') %}
|
||||
{% endif %}
|
||||
|
||||
{% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
|
||||
{% do allowed_states.append('fleet') %}
|
||||
{% endif %}
|
||||
|
||||
{% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-eval'] %}
|
||||
{% do allowed_states.append('redis') %}
|
||||
{% endif %}
|
||||
|
||||
{%- if ZEEKVER != 'SURICATA' and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %}
|
||||
{% do allowed_states.append('zeek') %}
|
||||
{%- endif %}
|
||||
|
||||
{% if STRELKA and grains.role in ['so-sensor', 'so-eval', 'so-standalone', 'so-heavynode'] %}
|
||||
{% do allowed_states.append('strelka') %}
|
||||
{% endif %}
|
||||
|
||||
{% if WAZUH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode']%}
|
||||
{% do allowed_states.append('wazuh') %}
|
||||
{% endif %}
|
||||
|
||||
{% if ELASTICSEARCH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode', 'so-import'] %}
|
||||
{% do allowed_states.append('elasticsearch') %}
|
||||
{% endif %}
|
||||
|
||||
{% if KIBANA and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
|
||||
{% do allowed_states.append('kibana') %}
|
||||
{% endif %}
|
||||
|
||||
{% if CURATOR and grains.role in ['so-eval', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode'] %}
|
||||
{% do allowed_states.append('curator') %}
|
||||
{% endif %}
|
||||
|
||||
{% if ELASTALERT and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
|
||||
{% do allowed_states.append('elastalert') %}
|
||||
{% endif %}
|
||||
|
||||
{% if (THEHIVE != 0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
|
||||
{% do allowed_states.append('thehive') %}
|
||||
{% endif %}
|
||||
|
||||
{% if (PLAYBOOK !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
|
||||
{% do allowed_states.append('playbook') %}
|
||||
{% endif %}
|
||||
|
||||
{% if (PLAYBOOK !=0) and grains.role in ['so-eval'] %}
|
||||
{% do allowed_states.append('redis') %}
|
||||
{% endif %}
|
||||
|
||||
{% if (FREQSERVER !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
|
||||
{% do allowed_states.append('freqserver') %}
|
||||
{% endif %}
|
||||
|
||||
{% if (DOMAINSTATS !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
|
||||
{% do allowed_states.append('domainstats') %}
|
||||
{% endif %}
|
||||
|
||||
{% if LOGSTASH and grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-searchnode', 'so-managersearch', 'so-heavynode'] %}
|
||||
{% do allowed_states.append('logstash') %}
|
||||
{% endif %}
|
||||
|
||||
{% if REDIS and grains.role in ['so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
|
||||
{% do allowed_states.append('redis') %}
|
||||
{% endif %}
|
||||
|
||||
{% if grains.os == 'CentOS' %}
|
||||
{% if not ISAIRGAP %}
|
||||
{% do allowed_states.append('yum') %}
|
||||
{% endif %}
|
||||
{% do allowed_states.append('yum.packages') %}
|
||||
{% endif %}
|
||||
|
||||
{# all nodes on the right salt version can run the following states #}
|
||||
{% do allowed_states.append('common') %}
|
||||
{% do allowed_states.append('patch.os.schedule') %}
|
||||
{% do allowed_states.append('motd') %}
|
||||
{% do allowed_states.append('salt.minion-check') %}
|
||||
{% do allowed_states.append('sensoroni') %}
|
||||
{% do allowed_states.append('salt.lasthighstate') %}
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
{% if ISAIRGAP %}
|
||||
{% do allowed_states.append('airgap') %}
|
||||
{% endif %}
|
||||
|
||||
{# all nodes can always run salt.minion state #}
|
||||
{% do allowed_states.append('salt.minion') %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'ca' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set manager = salt['grains.get']('master') %}
|
||||
/etc/salt/minion.d/signing_policies.conf:
|
||||
@@ -60,8 +58,8 @@ cakeyperms:
|
||||
|
||||
{% else %}
|
||||
|
||||
ca_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: ca_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'common' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set role = grains.id.split('_') | last %}
|
||||
|
||||
@@ -260,8 +258,8 @@ docker:
|
||||
|
||||
{% else %}
|
||||
|
||||
common_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: common_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'curator' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -145,8 +143,8 @@ append_so-curator_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
curator_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: curator_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'docker' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
installdocker:
|
||||
pkg.installed:
|
||||
@@ -14,8 +12,8 @@ docker:
|
||||
|
||||
{% else %}
|
||||
|
||||
docker_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: docker_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,3 +1,6 @@
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
{% set MANAGER = salt['grains.get']('master') %}
|
||||
{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2']%}
|
||||
@@ -43,3 +46,11 @@ remove_images_{{ VERSION }}:
|
||||
- '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-wazuh:{{ VERSION }}'
|
||||
- '{{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }}'
|
||||
{% endfor %}
|
||||
|
||||
{% else %}
|
||||
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'domainstats' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
|
||||
@@ -63,8 +61,8 @@ append_so-domainstats_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
domainstats_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: domainstats_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'elastalert' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -131,8 +129,8 @@ append_so-elastalert_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
elastalert_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: elastalert_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'elasticsearch' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -265,8 +263,8 @@ so-elasticsearch-templates:
|
||||
|
||||
{% else %}
|
||||
|
||||
elasticsearch_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: elasticsearch_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %} {# if 'elasticsearch' in top_states #}
|
||||
|
||||
@@ -11,10 +11,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'filebeat' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -93,8 +91,8 @@ append_so-filebeat_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
filebeat_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: filebeat_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'firewall' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
# Firewall Magic for the grid
|
||||
{% from 'firewall/map.jinja' import hostgroups with context %}
|
||||
@@ -138,8 +136,8 @@ iptables_drop_all_the_things:
|
||||
|
||||
{% else %}
|
||||
|
||||
firewall_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: firewall_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,3 +1,4 @@
|
||||
{# this state can run regardless if in allowed_states or not #}
|
||||
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%}
|
||||
{%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%}
|
||||
{%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%}
|
||||
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'freqserver' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
|
||||
@@ -63,9 +61,9 @@ append_so-freq_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
freqserver_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: freqserver_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'grafana' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
|
||||
{% set MANAGER = salt['grains.get']('master') %}
|
||||
@@ -281,8 +279,8 @@ append_so-grafana_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
grafana_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: grafana_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'healthcheck' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set CHECKS = salt['pillar.get']('healthcheck:checks', {}) %}
|
||||
{% set ENABLED = salt['pillar.get']('healthcheck:enabled', False) %}
|
||||
@@ -31,8 +29,8 @@ healthcheck_schedule_{{ STATUS[1] }}:
|
||||
|
||||
{% else %}
|
||||
|
||||
healthcheck_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: healthcheck_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'idstools' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -83,8 +81,8 @@ append_so-idstools_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
idstools_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: idstools_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif%}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'influxdb' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %}
|
||||
{% set MANAGER = salt['grains.get']('master') %}
|
||||
@@ -63,8 +61,8 @@ append_so-influxdb_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
influxdb_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: influxdb_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'kibana' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -128,8 +126,8 @@ so-kibana-config-load:
|
||||
|
||||
{% else %}
|
||||
|
||||
kibana_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: kibana_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'logstash' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -209,8 +207,8 @@ append_so-logstash_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
logstash_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: logstash_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'manager' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -110,8 +108,8 @@ strelka_yara_update:
|
||||
- minute: '1'
|
||||
{% else %}
|
||||
|
||||
manager_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: manager_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'minio' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set access_key = salt['pillar.get']('minio:access_key', '') %}
|
||||
{% set access_secret = salt['pillar.get']('minio:access_secret', '') %}
|
||||
@@ -69,8 +67,8 @@ append_so-minio_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
minio_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: minio_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'motd' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
so_motd:
|
||||
file.managed:
|
||||
@@ -11,8 +9,8 @@ so_motd:
|
||||
|
||||
{% else %}
|
||||
|
||||
motd_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: motd_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'mysql' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %}
|
||||
{%- set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
|
||||
@@ -112,8 +110,8 @@ append_so-mysql_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
mysql_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: mysql_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'nginx' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set FLEETMANAGER = salt['pillar.get']('global:fleet_manager', False) %}
|
||||
{% set FLEETNODE = salt['pillar.get']('global:fleet_node', False) %}
|
||||
@@ -105,8 +103,8 @@ append_so-nginx_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
nginx_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: nginx_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'nodered' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
|
||||
@@ -86,8 +84,8 @@ so-nodered-flows:
|
||||
|
||||
{% else %}
|
||||
|
||||
nodered_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: nodered_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'pcap' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -150,8 +148,8 @@ delete_so-steno_so-status.disabled:
|
||||
|
||||
{% else %}
|
||||
|
||||
pcap_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: pcap_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'playbook' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
@@ -114,8 +112,8 @@ so-playbookruleupdatecron:
|
||||
|
||||
{% else %}
|
||||
|
||||
playbook_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: playbook_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'redis' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -77,8 +75,8 @@ append_so-redis_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
redis_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: redis_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'registry' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
# Create the config directory for the docker registry
|
||||
dockerregistryconfdir:
|
||||
@@ -64,8 +62,8 @@ append_so-dockerregistry_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
registry_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: registry_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,10 +1,8 @@
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% from 'salt/map.jinja' import COMMON with context %}
|
||||
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'salt.master' in top_states %}
|
||||
|
||||
include:
|
||||
- salt.minion
|
||||
|
||||
@@ -37,8 +35,8 @@ engines_config:
|
||||
|
||||
{% else %}
|
||||
|
||||
salt_master_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: salt_master_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'soc' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -141,8 +139,8 @@ append_so-kratos_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
soc_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: soc_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'soctopus' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
@@ -80,8 +78,8 @@ append_so-soctopus_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
soctopus_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: soctopus_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'ssl' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set manager = salt['grains.get']('master') %}
|
||||
{% set managerip = salt['pillar.get']('global:managerip', '') %}
|
||||
@@ -578,8 +576,8 @@ elastickeyperms:
|
||||
|
||||
{% else %}
|
||||
|
||||
ssl_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: ssl_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'strelka' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set MANAGER = salt['grains.get']('master') %}
|
||||
{% set MANAGERIP = salt['pillar.get']('global:managerip', '') %}
|
||||
@@ -194,8 +192,8 @@ strelka_zeek_extracted_sync:
|
||||
|
||||
{% else %}
|
||||
|
||||
strelka_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: strelka_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -12,10 +12,8 @@
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'suricata' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %}
|
||||
{% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
|
||||
@@ -193,8 +191,8 @@ surilogrotate:
|
||||
|
||||
{% else %}
|
||||
|
||||
suricata_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: suricata_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,3 +1,6 @@
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
surilocaldir:
|
||||
file.directory:
|
||||
- name: /opt/so/saltstack/local/salt/suricata
|
||||
@@ -16,4 +19,12 @@ refresh_salt_master_fileserver_suricata_ruleslink:
|
||||
salt.runner:
|
||||
- name: fileserver.update
|
||||
- onchanges:
|
||||
- file: ruleslink
|
||||
- file: ruleslink
|
||||
|
||||
{% else %}
|
||||
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,4 +1,6 @@
|
||||
{% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' or grains['role'] == 'so-standalone' %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
{% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
|
||||
{% set MANAGER = salt['grains.get']('master') %}
|
||||
@@ -17,8 +19,8 @@ so-tcpreplay:
|
||||
|
||||
{% else %}
|
||||
|
||||
tcpreplay_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: tcpreplay_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'telegraf' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set MANAGER = salt['grains.get']('master') %}
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
@@ -81,8 +79,8 @@ append_so-telegraf_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
telegraf_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: telegraf_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'thehive' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %}
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
@@ -152,8 +150,8 @@ thehivescript:
|
||||
|
||||
{% else %}
|
||||
|
||||
thehive_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: thehive_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'utility' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
# This state is for checking things
|
||||
{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone'] %}
|
||||
@@ -27,8 +25,8 @@ fixsearch:
|
||||
|
||||
{% else %}
|
||||
|
||||
utility_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: utility_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'wazuh' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{%- set HOSTNAME = salt['grains.get']('host', '') %}
|
||||
{% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
|
||||
@@ -164,8 +162,8 @@ hidsruledir:
|
||||
|
||||
{% else %}
|
||||
|
||||
wazuh_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: wazuh_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'yum' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
yumconf:
|
||||
file.managed:
|
||||
@@ -12,8 +10,8 @@ yumconf:
|
||||
|
||||
{% else %}
|
||||
|
||||
yum_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: yum_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
@@ -1,7 +1,5 @@
|
||||
{% set show_top = salt['state.show_top']() %}
|
||||
{% set top_states = show_top.values() | join(', ') %}
|
||||
|
||||
{% if 'zeek' in top_states %}
|
||||
{% from 'allowed_states.map.jinja' import allowed_states %}
|
||||
{% if sls in allowed_states %}
|
||||
|
||||
{% from "zeek/map.jinja" import START with context %}
|
||||
|
||||
@@ -211,8 +209,8 @@ disable_so-zeek_so-status.conf:
|
||||
|
||||
{% else %}
|
||||
|
||||
zeek_state_not_allowed:
|
||||
{{sls}}_state_not_allowed:
|
||||
test.fail_without_changes:
|
||||
- name: zeek_state_not_allowed
|
||||
- name: {{sls}}_state_not_allowed
|
||||
|
||||
{% endif %}
|
||||
Reference in New Issue
Block a user