more changes for healthcheck - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/90

pillar/top.sls

@@ -13,6 +13,7 @@ base:
     - static
     - firewall.*
     - brologs
+    - healthcheck.sensor
     - minions.{{ grains.id }}
 
   '*_master or *_mastersearch':

salt/_modules/healthcheck.py

@@ -7,14 +7,20 @@ allowed_functions = ['zeek']
 states_to_apply = []
 
 
-def apply_states():
+def apply_states(states=''):
 
-  if states_to_apply:
+  calling_func = sys._getframe().f_back.f_code.co_name
+  logging.debug('healthcheck module: apply_states function caller: %s' % calling_func)
+
+  if not states:
     states = ','.join(states_to_apply)
+ 
+  if states: 
+    logging.info('healthcheck module: apply_states states: %s' % str(states))
     __salt__['state.apply'](states)
 
 
-def docker_restart(container, state):
+def docker_restart(container):
   
   try:
     stopdocker = __salt__['docker.rm'](container, 'stop=True')
@@ -22,27 +28,40 @@ def docker_restart(container, state):
     logging.error('healthcheck module: %s' % e)
   
 
-def run(checks):
+def run(checks=''):
+  
+  retval = []
+  calling_func = sys._getframe().f_back.f_code.co_name
+  logging.debug('healthcheck module: run function caller: %s' % calling_func)
+  
   if checks:
     checks = checks.split(',')
   else:  
     checks = __salt__['pillar.get']('healthcheck:checks', {})
   
+  logging.debug('healthcheck module: run checks to be run: %s' % str(checks))
   for check in checks:
     if check in allowed_functions:
+      retval.append(check)
       check = getattr(sys.modules[__name__], check)
       check()
     else:
       logging.warning('healthcheck module: attempted to run function %s' % check)
 
+  # If you want to apply states at the end of the run,
+  # be sure to append the state name to states_to_apply[]
+  apply_states()
 
-  return checks
+  return retval
 
 
 def zeek():
 
+  calling_func = sys._getframe().f_back.f_code.co_name
+  logging.debug('healthcheck module: zeek function caller: %s' % calling_func)
+
   retcode = __salt__['zeekctl.status'](verbose=False)
-  logging.info('zeekctl.status retcode: %i' % retcode)
+  logging.debug('zeekctl.status retcode: %i' % retcode)
   if retcode:
     docker_restart('so-zeek')
     states_to_apply.append('zeek')
@@ -50,7 +69,8 @@ def zeek():
   else:
     zeek_restarted = False
 
+  if calling_func == 'execute':
+    apply_states()
+
   __salt__['telegraf.send']('healthcheck zeek_restarted=%s' % str(zeek_restarted))
   return 'zeek_restarted: %s' % str(zeek_restarted)
-
-apply_states()

salt/healthcheck/init.sls

@@ -1,6 +1,6 @@
-{% set CHECKS = salt['pillar.get']('healthcheck:checks', {} %}
-{% set ENABLED = salt['pillar.get']('healthcheck:enabled', False %}
-{% set SCHEDULE = salt['pillar.get']('healthcheck:schedule', 30 %}
+{% set CHECKS = salt['pillar.get']('healthcheck:checks', {}) %}
+{% set ENABLED = salt['pillar.get']('healthcheck:enabled', False) %}
+{% set SCHEDULE = salt['pillar.get']('healthcheck:schedule', 30) %}
 
 {% if CHECKS and ENABLED %}
   {% set STATUS = ['present','enabled'] %}
@@ -10,17 +10,16 @@ nohealthchecks:
   test.configurable_test_state:
     - name: nohealthchecks
     - changes: True
-    - result: False
-    - comment: No checks are enabled for the healthcheck schedule
-    - warnings: Add checks to the healcheck:checks pillar
+    - result: True
+    - comment: 'No checks are enabled for the healthcheck schedule'
 {% endif %}
 
-healthcheck_schedule_{{STATUS[0]}}:
-  schedule.{{STATUS[0]}}:
+healthcheck_schedule_{{ STATUS[0] }}:
+  schedule.{{ STATUS[0] }}:
     - name: healthcheck
     - function: healthcheck.run
     - minutes: {{ SCHEDULE }}
 
-healthcheck_schedule_{{STATUS[1]}}:
-  schedule.{{STATUS[1]}}:
+healthcheck_schedule_{{ STATUS[1] }}:
+  schedule.{{ STATUS[1] }}:
     - name: healthcheck

salt/top.sls

@@ -35,6 +35,7 @@ base:
     - firewall
     - pcap
     - suricata
+    - healthcheck
     {%- if BROVER != 'SURICATA' %}
     - zeek
     {%- endif %}
@@ -55,6 +56,7 @@ base:
     - firewall
     - idstools
     - auth
+    - healthcheck
     {%- if FLEETMASTER or FLEETNODE %}
     - mysql
     {%- endif %}