Merge pull request #5259 from Security-Onion-Solutions/kilo

Merge 2.3.70 CURATOR Hotfix to Dev

HOTFIX

@@ -1,2 +0,0 @@
-
-CURATOR

VERIFY_ISO.md

@@ -1,18 +1,18 @@
-### 2.3.70 ISO image built on 2021/08/17
+### 2.3.70-CURATOR ISO image built on 2021/08/20
 
 
 
 ### Download and Verify
 
-2.3.70 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.70.iso
+2.3.70-CURATOR ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.70-CURATOR.iso
 
-MD5: F048FABC7FD2D0E1A8B02381F115D1E0  
-SHA1: DF6D20FEF13CDC1B19309D2A1178D6E5D25FDA6F  
-SHA256: B193FFD7EE69958A8E257117149DCFB2125C5772FBFA6003AD80FD1CC129E571 
+MD5: E0F7882E37B1B6BC4F9A6C8FD6F213F6  
+SHA1: 82E1204BAD9489B275A083A642F175E352F9A332  
+SHA256: 147CA7F5082273EDCC32EF6322D86A04CCB2E96B3A7F0B01EFA8A029BD84C3D7 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70-CURATOR.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.70-CURATOR.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.70.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.70-CURATOR.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.70.iso.sig securityonion-2.3.70.iso
+gpg --verify securityonion-2.3.70-CURATOR.iso.sig securityonion-2.3.70-CURATOR.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Tue 17 Aug 2021 10:52:17 PM EDT using RSA key ID FE507013
+gpg: Signature made Fri 20 Aug 2021 01:23:59 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.

VERSION

@@ -1 +1 @@
-2.3.70
+2.3.80

salt/curator/init.sls

@@ -4,6 +4,7 @@
 {% set VERSION = salt['pillar.get']('global:soversion', 'HH1.2.2') %}
 {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %}
 {% set MANAGER = salt['grains.get']('master') %}
+{% set REMOVECURATORCRON = False %}
 {% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone', 'so-manager'] %}
   {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
   {% from "curator/map.jinja" import CURATOROPTIONS with context %}
@@ -88,36 +89,6 @@ curdel:
     - group: 939
     - mode: 755
 
-so-curatorcloseddeletecron:
- cron.present:
-   - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1
-   - user: root
-   - minute: '*'
-   - hour: '*'
-   - daymonth: '*'
-   - month: '*'
-   - dayweek: '*'
-
-so-curatorclosecron:
- cron.present:
-   - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1
-   - user: root
-   - minute: '*'
-   - hour: '*'
-   - daymonth: '*'
-   - month: '*'
-   - dayweek: '*'
-
-so-curatordeletecron:
- cron.present:
-   - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1
-   - user: root
-   - minute: '*'
-   - hour: '*'
-   - daymonth: '*'
-   - month: '*'
-   - dayweek: '*'
-
 so-curator:
   docker_container.{{ CURATOROPTIONS.status }}:
   {% if CURATOROPTIONS.status == 'running' %}
@@ -152,11 +123,15 @@ so-curator_so-status.disabled:
   file.comment:
     - name: /opt/so/conf/so-status/so-status.conf
     - regex: ^so-curator$
+
+      # need to remove cronjobs here since curator is disabled
+      {% set REMOVECURATORCRON = True %}    
     {% else %}
 delete_so-curator_so-status.disabled:
   file.uncomment:
     - name: /opt/so/conf/so-status/so-status.conf
     - regex: ^so-curator$
+
     {% endif %}
 
   {% else %}
@@ -165,6 +140,60 @@ delete_so-curator_so-status:
     - name: /opt/so/conf/so-status/so-status.conf
     - match: ^so-curator$
     - mode: delete
+
+    # need to remove cronjobs here since curator is disabled
+    {% set REMOVECURATORCRON = True %}
+
+  {% endif %}
+
+  {% if REMOVECURATORCRON %}
+so-curatorcloseddeletecron:
+ cron.absent:
+   - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1
+   - user: root
+
+so-curatorclosecron:
+ cron.absent:
+   - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1
+   - user: root
+
+so-curatordeletecron:
+ cron.absent:
+   - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1
+   - user: root
+
+  {% else %}
+
+so-curatorcloseddeletecron:
+ cron.present:
+   - name: /usr/sbin/so-curator-closed-delete > /opt/so/log/curator/cron-closed-delete.log 2>&1
+   - user: root
+   - minute: '*'
+   - hour: '*'
+   - daymonth: '*'
+   - month: '*'
+   - dayweek: '*'
+
+so-curatorclosecron:
+ cron.present:
+   - name: /usr/sbin/so-curator-close > /opt/so/log/curator/cron-close.log 2>&1
+   - user: root
+   - minute: '*'
+   - hour: '*'
+   - daymonth: '*'
+   - month: '*'
+   - dayweek: '*'
+
+so-curatordeletecron:
+ cron.present:
+   - name: /usr/sbin/so-curator-delete > /opt/so/log/curator/cron-delete.log 2>&1
+   - user: root
+   - minute: '*'
+   - hour: '*'
+   - daymonth: '*'
+   - month: '*'
+   - dayweek: '*'
+
   {% endif %}
 
 # Begin Curator Cron Jobs