Merge pull request #11970 from Security-Onion-Solutions/jertel/hfm

grid page enhancements
2025-12-06 09:12:45 +01:00 · 2023-12-08 09:56:39 -05:00
parent b80d7fd610 a732985351
commit be8ed1e1d8
3 changed files with 131 additions and 56 deletions
--- a/salt/manager/tools/sbin/so-minion
+++ b/salt/manager/tools/sbin/so-minion
@@ -9,23 +9,23 @@ if [ -f /usr/sbin/so-common ]; then
 	. /usr/sbin/so-common
 fi

-if [ "$(id -u)" -ne 0 ]; then
-	echo "This script must be run using sudo!"
-	exit 1
-fi
-
-if [[ $# -lt 1 ]]; then
+function usage() {
 	echo "Usage: $0 -o=<operation> -m=[id]"
 	echo ""
 	echo " where <operation> is one of the following:"
 	echo ""
-  echo "     list: Lists all keys with hashes"
-  echo "   accept: Accepts a new key and adds the minion files"
+	echo "      add: Accepts a new key and adds the minion files"
 	echo "   delete: Removes the key and deletes the minion files"
+	echo "     list: Lists all keys with hashes"
 	echo "   reject: Rejects a key"
+	echo "  restart: Restart a minion (reboot)"
 	echo "     test: Perform minion test"
 	echo ""
 	exit 1
+}
+
+if [[ $# -lt 1 ]]; then
+	usage
 fi

 for i in "$@"; do
@@ -38,6 +38,8 @@ for i in "$@"; do
 			MINION_ID="${i#*=}"
 			shift 
 			;;
+
+		# The following args are used internally during setup, not to be specified manually.
 		-e=*|--esheap=*)
 			ES_HEAP_SIZE="${i#*=}"
 			shift
@@ -63,6 +65,7 @@ for i in "$@"; do
 			exit 1
 			;;
 		*)
+			usage
 		;;
 	esac
 done
@@ -76,7 +79,7 @@ function getinstallinfo() {
 	source <(echo $INSTALLVARS)
 }

-function testminion() {
+function testMinion() {
 	# Always run on the host, since this is going to be the manager of a distributed grid, or an eval/standalone.
 	# Distributed managers must run this in order for the sensor nodes to have access to the so-tcpreplay image.
 	so-test
@@ -92,12 +95,19 @@ function testminion() {
 	exit $result
 }

-function listminions() {
+function restartMinion() {
+	salt "$MINION_ID" system.reboot
+	result=$?
+
+	exit $result
+}
+
+function listMinions() {
 	salt-key list -F --out=json
 	exit $?
 }

-function rejectminion() {
+function rejectMinion() {
 	salt-key -y -r $MINION_ID
 	exit $?
 }
@@ -106,11 +116,11 @@ function acceptminion() {
 	salt-key -y -a $MINION_ID
 }

-function deleteminion() {
+function deleteMinion() {
 	salt-key -y -d $MINION_ID
 }

-function deleteminionfiles () {
+function deleteMinionFiles () {
 	rm -f $PILLARFILE
 	rm -f $ADVPILLARFILE
 }
@@ -589,25 +599,33 @@ function testConnection() {
 	fi
 }

-if [[ "$OPERATION" = 'list' ]]; then
-	listminions
-fi
-
-if [[ "$OPERATION" = 'delete' ]]; then
-	deleteminionfiles
-	deleteminion
-fi
-
-if [[ "$OPERATION" == 'add' || "$OPERATION" == 'setup' ]]; then
-	# Skip this if its setup
-	if [[ $OPERATION == 'add' ]]; then
+function addMinion() {
 	# Accept the salt key
 	acceptminion
 	# Test to see if the minion was accepted
 	testConnection
 	# Pull the info from the file to build what is needed
 	getinstallinfo
+}
+
+function updateMineAndApplyStates() {
+	# tell the minion to populate the mine with data from mine_functions which is populated during setup
+	# this only needs to happen on non managers since they handle this during setup
+	# and they need to wait for ca creation to update the mine
+	updateMine
+	checkMine "network.ip_addrs"
+	# apply the elasticsearch state to the manager if a new searchnode was added
+	if [[ "$NODETYPE" == "SEARCHNODE" || "$NODETYPE" == "HEAVYNODE" ]]; then
+		# calls so-common and set_minionid sets MINIONID to local minion id
+		set_minionid
+		salt $MINIONID state.apply elasticsearch queue=True --async
+		salt $MINIONID state.apply soc queue=True --async
 	fi
+	# run this async so the cli doesn't wait for a return
+	salt "$MINION_ID" state.highstate --async queue=True
+}
+
+function setupMinionFiles() {
 	# Check to see if nodetype is set
 	if [ -z $NODETYPE ]; then
 		echo "No node type specified"
@@ -624,25 +642,41 @@ if [[ "$OPERATION" == 'add' || "$OPERATION" == 'setup' ]]; then

 	create$NODETYPE
 	echo "Minion file created for $MINION_ID"	
+}

-	if [[ "$OPERATION" == 'add' ]]; then
-		# tell the minion to populate the mine with data from mine_functions which is populated during setup
-		# this only needs to happen on non managers since they handle this during setup
-		# and they need to wait for ca creation to update the mine
-		updateMine
-		checkMine "network.ip_addrs"
-		# apply the elasticsearch state to the manager if a new searchnode was added
-		if [[ "$NODETYPE" == "SEARCHNODE" || "$NODETYPE" == "HEAVYNODE" ]]; then
-			# calls so-common and set_minionid sets MINIONID to local minion id
-			set_minionid
-			salt $MINIONID state.apply elasticsearch queue=True --async
-			salt $MINIONID state.apply soc queue=True --async
-		fi
-		# run this async so the cli doesn't wait for a return
-		salt "$MINION_ID" state.highstate --async queue=True
-	fi
-fi
+case "$OPERATION" in
+	"add")
+		addMinion
+		setupMinionFiles
+		updateMineAndApplyStates
+		;;

-if [[ "$OPERATION" = 'test' ]]; then
-	testminion
-fi
+	"delete")
+		deleteMinionFiles
+		deleteMinion
+		;;
+
+	"list")
+		listMinions
+		;;
+
+	"reject")
+		rejectMinion
+		;;
+
+	"restart")
+		restartMinion
+		;;
+		
+	"setup")
+		# only should be invoked directly during setup, never manually
+		setupMinionFiles
+		;;
+
+	"test")
+		testMinion
+		;;
+	*)
+		usage
+		;;
+esac
--- a/salt/telegraf/defaults.yaml
+++ b/salt/telegraf/defaults.yaml
@@ -14,6 +14,7 @@ telegraf:
      - checkfiles.sh
      - influxdbsize.sh
      - oldpcap.sh
+      - os.sh
      - raid.sh
      - sostatus.sh
      - stenoloss.sh
@@ -25,6 +26,7 @@ telegraf:
      - eps.sh
      - influxdbsize.sh
      - oldpcap.sh
+      - os.sh
      - raid.sh
      - redis.sh
      - sostatus.sh
@@ -34,20 +36,24 @@ telegraf:
      - zeekloss.sh
    manager:
      - influxdbsize.sh
+      - os.sh
      - raid.sh
      - redis.sh
      - sostatus.sh
    managersearch:
      - eps.sh
      - influxdbsize.sh
+      - os.sh
      - raid.sh
      - redis.sh
      - sostatus.sh
    import:
+      - os.sh
      - sostatus.sh
    sensor:
      - checkfiles.sh
      - oldpcap.sh
+      - os.sh
      - raid.sh
      - sostatus.sh
      - stenoloss.sh
@@ -58,6 +64,7 @@ telegraf:
      - checkfiles.sh
      - eps.sh
      - oldpcap.sh
+      - os.sh
      - raid.sh
      - redis.sh
      - sostatus.sh
@@ -66,17 +73,22 @@ telegraf:
      - zeekcaptureloss.sh
      - zeekloss.sh
    idh:
+      - os.sh
      - sostatus.sh
    searchnode:
      - eps.sh
+      - os.sh
      - raid.sh
      - sostatus.sh
    receiver:
      - eps.sh
+      - os.sh
      - raid.sh
      - redis.sh
      - sostatus.sh
    fleet:
+      - os.sh
      - sostatus.sh
    desktop:
+      - os.sh
      - sostatus.sh
--- a/salt/telegraf/scripts/os.sh
+++ b/salt/telegraf/scripts/os.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+#
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+# if this script isn't already running
+if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
+
+    NEEDS_RESTART=0
+
+    if which needs-restarting &> /dev/null; then
+        # DNF/RPM family
+        if ! needs-restarting -r &> /dev/null; then
+            NEEDS_RESTART=1
+        fi
+    else
+        # APT family
+        if [ -f /var/run/reboot-required ]; then
+            NEEDS_RESTART=1
+        fi
+    fi
+
+    echo "os restart=$NEEDS_RESTART"
+
+fi
+
+exit 0