From c96a95e52604f388d457ebc059c6734bc406aa2e Mon Sep 17 00:00:00 2001
From: Josh Brower <Josh@Defensivedepth.com>
Date: Fri, 31 Jan 2020 12:41:01 -0500
Subject: [PATCH] SO Scripts - fixes

---
 salt/common/tools/sbin/so-bro-restart      | 17 ------------
 salt/common/tools/sbin/so-bro-start        | 17 ------------
 salt/common/tools/sbin/so-bro-stop         | 17 ------------
 salt/common/tools/sbin/so-restart          |  1 +
 salt/common/tools/sbin/so-salt-start       | 25 +++++++++++++++++
 salt/common/tools/sbin/so-salt-stop        | 25 +++++++++++++++++
 salt/common/tools/sbin/so-start            |  4 +--
 salt/common/tools/sbin/so-suricata-restart | 31 ++++++++++++----------
 salt/common/tools/sbin/so-suricata-start   | 31 ++++++++++++----------
 salt/common/tools/sbin/so-suricata-stop    | 31 ++++++++++++----------
 10 files changed, 104 insertions(+), 95 deletions(-)
 delete mode 100644 salt/common/tools/sbin/so-bro-restart
 delete mode 100644 salt/common/tools/sbin/so-bro-start
 delete mode 100644 salt/common/tools/sbin/so-bro-stop
 create mode 100644 salt/common/tools/sbin/so-salt-start
 create mode 100644 salt/common/tools/sbin/so-salt-stop

diff --git a/salt/common/tools/sbin/so-bro-restart b/salt/common/tools/sbin/so-bro-restart
deleted file mode 100644
index 8161b7cb3..000000000
--- a/salt/common/tools/sbin/so-bro-restart
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-docker stop so-bro && sudo docker rm so-bro && salt-call state.apply bro
diff --git a/salt/common/tools/sbin/so-bro-start b/salt/common/tools/sbin/so-bro-start
deleted file mode 100644
index 87a47febe..000000000
--- a/salt/common/tools/sbin/so-bro-start
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-docker rm so-bro && salt-call state.apply bro
diff --git a/salt/common/tools/sbin/so-bro-stop b/salt/common/tools/sbin/so-bro-stop
deleted file mode 100644
index 62bc2e1b1..000000000
--- a/salt/common/tools/sbin/so-bro-stop
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
-#
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
-#
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-docker stop so-bro 
diff --git a/salt/common/tools/sbin/so-restart b/salt/common/tools/sbin/so-restart
index 968b7233a..8bd209610 100644
--- a/salt/common/tools/sbin/so-restart
+++ b/salt/common/tools/sbin/so-restart
@@ -31,5 +31,6 @@ fi
 
 case $1 in
    "cortex") docker stop so-thehive-cortex so-thehive && docker rm so-thehive-cortex so-thehive && salt-call state.apply hive queue=True;;
+   "steno") docker stop so-steno && docker rm so-steno && salt-call state.apply pcap queue=True;;
    *)  docker stop so-$1 ; docker rm so-$1 ; salt-call state.apply $1 queue=True;;
 esac
diff --git a/salt/common/tools/sbin/so-salt-start b/salt/common/tools/sbin/so-salt-start
new file mode 100644
index 000000000..c53a71535
--- /dev/null
+++ b/salt/common/tools/sbin/so-salt-start
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+echo $banner
+printf "Starting local Salt Minion...\n"
+echo $banner
+
+service salt-minion start
+service salt-minion status
diff --git a/salt/common/tools/sbin/so-salt-stop b/salt/common/tools/sbin/so-salt-stop
new file mode 100644
index 000000000..fa3394cd6
--- /dev/null
+++ b/salt/common/tools/sbin/so-salt-stop
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+echo $banner
+printf "Stopping local Salt Minion...\n"
+echo $banner
+
+service salt-minion stop
+service salt-minion status
diff --git a/salt/common/tools/sbin/so-start b/salt/common/tools/sbin/so-start
index 70b8d6aed..c73a5ac98 100644
--- a/salt/common/tools/sbin/so-start
+++ b/salt/common/tools/sbin/so-start
@@ -29,8 +29,8 @@ then
    salt-call saltutil.kill_all_jobs
 fi
 
-
 case $1 in
    "all") salt-call state.highstate queue=True;;
-   *) if docker ps | grep -q so-$1; then printf "\n$1 is already running!\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply $1 queue=True; fi
+   "steno") if docker ps | grep -q so-$1; then printf "\n$1 is already running!\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply pcap queue=True; fi ;; 
+   *) if docker ps | grep -q so-$1; then printf "\n$1 is already running\n\n"; else docker rm so-$1 >/dev/null 2>&1 ; salt-call state.apply $1 queue=True; fi ;; 
 esac
diff --git a/salt/common/tools/sbin/so-suricata-restart b/salt/common/tools/sbin/so-suricata-restart
index 0fabe198c..151e1a44c 100644
--- a/salt/common/tools/sbin/so-suricata-restart
+++ b/salt/common/tools/sbin/so-suricata-restart
@@ -1,17 +1,20 @@
 #!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
 #
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-docker stop so-suricata && sudo docker rm so-suricata && salt-call state.apply suricata
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-restart suricata $1
diff --git a/salt/common/tools/sbin/so-suricata-start b/salt/common/tools/sbin/so-suricata-start
index dd9bd8df9..9e04eedfb 100644
--- a/salt/common/tools/sbin/so-suricata-start
+++ b/salt/common/tools/sbin/so-suricata-start
@@ -1,17 +1,20 @@
 #!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
 #
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-docker rm so-suricata && salt-call state.apply suricata
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-start suricata $1
diff --git a/salt/common/tools/sbin/so-suricata-stop b/salt/common/tools/sbin/so-suricata-stop
index 8f0383164..7581f9c00 100644
--- a/salt/common/tools/sbin/so-suricata-stop
+++ b/salt/common/tools/sbin/so-suricata-stop
@@ -1,17 +1,20 @@
 #!/bin/bash
-
-# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC
-
-#    This program is free software: you can redistribute it and/or modify
-#    it under the terms of the GNU General Public License as published by
-#    the Free Software Foundation, either version 3 of the License, or
-#    (at your option) any later version.
 #
-#    This program is distributed in the hope that it will be useful,
-#    but WITHOUT ANY WARRANTY; without even the implied warranty of
-#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#    GNU General Public License for more details.
+# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
-#    You should have received a copy of the GNU General Public License
-#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-docker stop so-suricata
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+. /usr/sbin/so-common
+
+/usr/sbin/so-stop suricata $1