Merge pull request #11970 from Security-Onion-Solutions/jertel/hfm

grid page enhancements

salt/manager/tools/sbin/so-minion

@@ -9,23 +9,23 @@ if [ -f /usr/sbin/so-common ]; then
 	. /usr/sbin/so-common
 fi
 
-if [ "$(id -u)" -ne 0 ]; then
+function usage() {
-	echo "This script must be run using sudo!"
-	exit 1
-fi
-
-if [[ $# -lt 1 ]]; then
 	echo "Usage: $0 -o=<operation> -m=[id]"
 	echo ""
 	echo " where <operation> is one of the following:"
 	echo ""
-  echo "     list: Lists all keys with hashes"
+	echo "      add: Accepts a new key and adds the minion files"
-  echo "   accept: Accepts a new key and adds the minion files"
 	echo "   delete: Removes the key and deletes the minion files"
+	echo "     list: Lists all keys with hashes"
 	echo "   reject: Rejects a key"
+	echo "  restart: Restart a minion (reboot)"
 	echo "     test: Perform minion test"
 	echo ""
 	exit 1
+}
+
+if [[ $# -lt 1 ]]; then
+	usage
 fi
 
 for i in "$@"; do
@@ -38,6 +38,8 @@ for i in "$@"; do
 			MINION_ID="${i#*=}"
 			shift 
 			;;
+
+		# The following args are used internally during setup, not to be specified manually.
 		-e=*|--esheap=*)
 			ES_HEAP_SIZE="${i#*=}"
 			shift
@@ -63,6 +65,7 @@ for i in "$@"; do
 			exit 1
 			;;
 		*)
+			usage
 		;;
 	esac
 done
@@ -76,7 +79,7 @@ function getinstallinfo() {
 	source <(echo $INSTALLVARS)
 }
 
-function testminion() {
+function testMinion() {
 	# Always run on the host, since this is going to be the manager of a distributed grid, or an eval/standalone.
 	# Distributed managers must run this in order for the sensor nodes to have access to the so-tcpreplay image.
 	so-test
@@ -92,12 +95,19 @@ function testminion() {
 	exit $result
 }
 
-function listminions() {
+function restartMinion() {
+	salt "$MINION_ID" system.reboot
+	result=$?
+
+	exit $result
+}
+
+function listMinions() {
 	salt-key list -F --out=json
 	exit $?
 }
 
-function rejectminion() {
+function rejectMinion() {
 	salt-key -y -r $MINION_ID
 	exit $?
 }
@@ -106,11 +116,11 @@ function acceptminion() {
 	salt-key -y -a $MINION_ID
 }
 
-function deleteminion() {
+function deleteMinion() {
 	salt-key -y -d $MINION_ID
 }
 
-function deleteminionfiles () {
+function deleteMinionFiles () {
 	rm -f $PILLARFILE
 	rm -f $ADVPILLARFILE
 }
@@ -589,25 +599,33 @@ function testConnection() {
 	fi
 }
 
-if [[ "$OPERATION" = 'list' ]]; then
+function addMinion() {
-	listminions
-fi
-
-if [[ "$OPERATION" = 'delete' ]]; then
-	deleteminionfiles
-	deleteminion
-fi
-
-if [[ "$OPERATION" == 'add' || "$OPERATION" == 'setup' ]]; then
-	# Skip this if its setup
-	if [[ $OPERATION == 'add' ]]; then
 	# Accept the salt key
 	acceptminion
 	# Test to see if the minion was accepted
 	testConnection
 	# Pull the info from the file to build what is needed
 	getinstallinfo
+}
+
+function updateMineAndApplyStates() {
+	# tell the minion to populate the mine with data from mine_functions which is populated during setup
+	# this only needs to happen on non managers since they handle this during setup
+	# and they need to wait for ca creation to update the mine
+	updateMine
+	checkMine "network.ip_addrs"
+	# apply the elasticsearch state to the manager if a new searchnode was added
+	if [[ "$NODETYPE" == "SEARCHNODE" || "$NODETYPE" == "HEAVYNODE" ]]; then
+		# calls so-common and set_minionid sets MINIONID to local minion id
+		set_minionid
+		salt $MINIONID state.apply elasticsearch queue=True --async
+		salt $MINIONID state.apply soc queue=True --async
 	fi
+	# run this async so the cli doesn't wait for a return
+	salt "$MINION_ID" state.highstate --async queue=True
+}
+
+function setupMinionFiles() {
 	# Check to see if nodetype is set
 	if [ -z $NODETYPE ]; then
 		echo "No node type specified"
@@ -624,25 +642,41 @@ if [[ "$OPERATION" == 'add' || "$OPERATION" == 'setup' ]]; then
 
 	create$NODETYPE
 	echo "Minion file created for $MINION_ID"	
+}
 
-	if [[ "$OPERATION" == 'add' ]]; then
+case "$OPERATION" in
-		# tell the minion to populate the mine with data from mine_functions which is populated during setup
+	"add")
-		# this only needs to happen on non managers since they handle this during setup
+		addMinion
-		# and they need to wait for ca creation to update the mine
+		setupMinionFiles
-		updateMine
+		updateMineAndApplyStates
-		checkMine "network.ip_addrs"
+		;;
-		# apply the elasticsearch state to the manager if a new searchnode was added
-		if [[ "$NODETYPE" == "SEARCHNODE" || "$NODETYPE" == "HEAVYNODE" ]]; then
-			# calls so-common and set_minionid sets MINIONID to local minion id
-			set_minionid
-			salt $MINIONID state.apply elasticsearch queue=True --async
-			salt $MINIONID state.apply soc queue=True --async
-		fi
-		# run this async so the cli doesn't wait for a return
-		salt "$MINION_ID" state.highstate --async queue=True
-	fi
-fi
 
-if [[ "$OPERATION" = 'test' ]]; then
+	"delete")
-	testminion
+		deleteMinionFiles
-fi
+		deleteMinion
+		;;
+
+	"list")
+		listMinions
+		;;
+
+	"reject")
+		rejectMinion
+		;;
+
+	"restart")
+		restartMinion
+		;;
+		
+	"setup")
+		# only should be invoked directly during setup, never manually
+		setupMinionFiles
+		;;
+
+	"test")
+		testMinion
+		;;
+	*)
+		usage
+		;;
+esac

salt/telegraf/defaults.yaml

@@ -14,6 +14,7 @@ telegraf:
       - checkfiles.sh
       - influxdbsize.sh
       - oldpcap.sh
+      - os.sh
       - raid.sh
       - sostatus.sh
       - stenoloss.sh
@@ -25,6 +26,7 @@ telegraf:
       - eps.sh
       - influxdbsize.sh
       - oldpcap.sh
+      - os.sh
       - raid.sh
       - redis.sh
       - sostatus.sh
@@ -34,20 +36,24 @@ telegraf:
       - zeekloss.sh
     manager:
       - influxdbsize.sh
+      - os.sh
       - raid.sh
       - redis.sh
       - sostatus.sh
     managersearch:
       - eps.sh
       - influxdbsize.sh
+      - os.sh
       - raid.sh
       - redis.sh
       - sostatus.sh
     import:
+      - os.sh
       - sostatus.sh
     sensor:
       - checkfiles.sh
       - oldpcap.sh
+      - os.sh
       - raid.sh
       - sostatus.sh
       - stenoloss.sh
@@ -58,6 +64,7 @@ telegraf:
       - checkfiles.sh
       - eps.sh
       - oldpcap.sh
+      - os.sh
       - raid.sh
       - redis.sh
       - sostatus.sh
@@ -66,17 +73,22 @@ telegraf:
       - zeekcaptureloss.sh
       - zeekloss.sh
     idh:
+      - os.sh
       - sostatus.sh
     searchnode:
       - eps.sh
+      - os.sh
       - raid.sh
       - sostatus.sh
     receiver:
       - eps.sh
+      - os.sh
       - raid.sh
       - redis.sh
       - sostatus.sh
     fleet:
+      - os.sh
       - sostatus.sh
     desktop:
+      - os.sh
       - sostatus.sh

salt/telegraf/scripts/os.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+#
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+# if this script isn't already running
+if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
+
+    NEEDS_RESTART=0
+
+    if which needs-restarting &> /dev/null; then
+        # DNF/RPM family
+        if ! needs-restarting -r &> /dev/null; then
+            NEEDS_RESTART=1
+        fi
+    else
+        # APT family
+        if [ -f /var/run/reboot-required ]; then
+            NEEDS_RESTART=1
+        fi
+    fi
+
+    echo "os restart=$NEEDS_RESTART"
+
+fi
+
+exit 0