From 59ae5f63cf58baa83381e8e69c72caf461b63c2c Mon Sep 17 00:00:00 2001
From: Masaya-A <68965261+Masaya-A@users.noreply.github.com>
Date: Thu, 17 Dec 2020 22:14:03 +0900
Subject: [PATCH 1/5] Make yum removing unneeded packages

Reference: https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/2020-09-03/finding/V-204452
---
 salt/yum/etc/yum.conf.jinja | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/yum/etc/yum.conf.jinja b/salt/yum/etc/yum.conf.jinja
index bef9c2128..5e1d30510 100644
--- a/salt/yum/etc/yum.conf.jinja
+++ b/salt/yum/etc/yum.conf.jinja
@@ -10,6 +10,7 @@ plugins=1
 installonly_limit={{ salt['pillar.get']('yum:config:installonly_limit', 2) }}
 bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
 distroverpkg=centos-release
+clean_requirements_on_remove=1
 
 {% if (grains['role'] not in ['so-eval','so-managersearch', 'so-manager', 'so-standalone']) and salt['pillar.get']('global:managerupdate', '0') %}
 proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142

From f94e421f4ec9bb87723ea876876b28598c053461 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Mon, 4 Jan 2021 14:46:48 -0500
Subject: [PATCH 2/5] [fix] Fix automation compatibility

---
 setup/so-setup    | 6 ++----
 setup/so-whiptail | 7 +++++++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/setup/so-setup b/setup/so-setup
index bede7990d..8b8f99b01 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -175,7 +175,7 @@ if ! [[ -f $install_opt_file ]]; then
 		echo "User cancelled setup." | tee -a "$setup_log"
 		whiptail_cancel
 	fi
-	if [[ $setup_type == 'iso' ]]; then
+	if [[ $setup_type == 'iso' ]] && [ "$automated" == no ]; then
 		whiptail_first_menu_iso
 		if [[ $option == "Configure Network" ]]; then
 			network_init_whiptail
@@ -184,9 +184,7 @@ if ! [[ -f $install_opt_file ]]; then
 			printf '%s\n' \
 				"MNIC=$MNIC" \
 				"HOSTNAME=$HOSTNAME" > "$net_init_file"
-			whiptail --title "Security Onion Setup" \
-				--msgbox "Successfully set up networking, setup will now exit." 7 75
-			exit 0
+			whiptail_net_setup_complete
 		else
 			whiptail_install_type
 		fi
diff --git a/setup/so-whiptail b/setup/so-whiptail
index b034ab679..6af5b701f 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -794,6 +794,13 @@ whiptail_management_interface_setup() {
 	whiptail_check_exitstatus $exitstatus
 }
 
+whiptail_net_setup_complete() {
+	[ -n "$TESTING" ] && return
+
+	whiptail --title "Security Onion Setup" \
+		--msgbox "Successfully set up networking, setup will now exit." 7 75
+	exit 0
+}
 
 
 whiptail_management_server() {

From c1e245043ecdfcc2adb77c09e367debe13c35932 Mon Sep 17 00:00:00 2001
From: weslambert <wlambertts@gmail.com>
Date: Mon, 4 Jan 2021 16:29:32 -0500
Subject: [PATCH 3/5] Remove multiple old so-yara-update cron jobs, if needed

---
 salt/manager/init.sls | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/salt/manager/init.sls b/salt/manager/init.sls
index 502c89579..597ca3c43 100644
--- a/salt/manager/init.sls
+++ b/salt/manager/init.sls
@@ -88,7 +88,14 @@ append_so-aptcacherng_so-status.conf:
 
 {% endif %}
 
-strelka_yara_update_old:
+strelka_yara_update_old_1:
+  cron.absent:
+    - user: root
+    - name: '[ -d /opt/so/saltstack/default/salt/strelka/rules/ ] && /usr/sbin/so-yara-update > /dev/null 2>&1'
+    - hour: '7'
+    - minute: '1'
+
+strelka_yara_update_old_2:
   cron.absent:
     - user: root
     - name: '/usr/sbin/so-yara-update > /dev/null 2>&1'

From 294601ff64667d5617b2fd6edc0d7c63660ec5d7 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Mon, 4 Jan 2021 16:40:08 -0500
Subject: [PATCH 4/5] [feat] Reorder network-only prompt

---
 setup/so-whiptail | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-whiptail b/setup/so-whiptail
index 6af5b701f..f3e612f70 100755
--- a/setup/so-whiptail
+++ b/setup/so-whiptail
@@ -662,8 +662,8 @@ whiptail_first_menu_iso() {
 	[ -n "$TESTING" ] && return
 
 	option=$(whiptail --title "Security Onion Setup" --menu "Select an option" 10 75 2 \
-		"Configure Network" "Configure networking only " \
 		"Security Onion Installer" "Run the standard Security Onion installation " \
+		"Configure Network" "Configure networking only " \
 		 3>&1 1>&2 2>&3
 	)
 	local exitstatus=$?

From 1154b533d67f6d6dd2d09850ba1a7b72394c67b5 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Tue, 5 Jan 2021 13:56:56 -0500
Subject: [PATCH 5/5] Remove ERSPAN so log doesn't show a warning

---
 salt/suricata/defaults.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/salt/suricata/defaults.yaml b/salt/suricata/defaults.yaml
index 9f34c0871..49a25917c 100644
--- a/salt/suricata/defaults.yaml
+++ b/salt/suricata/defaults.yaml
@@ -460,8 +460,6 @@ suricata:
         enabled: true
         ports: $VXLAN_PORTS
       erspan:
-        typeI:
-          enabled: false
     detect:
       profile: medium
       custom-values: