CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #135 from m0duspwnens/master

Browse Source 
os patch motd changes, install pip3 for Centos install
This commit is contained in:
Mike Reeves
2019-11-18 09:30:16 -05:00
committed by GitHub
parent f8fed24aa5 6bcadded14
commit cbc635da76
8 changed files with 85 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
salt/_modules/needs_restarting.py Normal file
View File

@@ -0,0 +1,25 @@
from os import path
import subprocess
def check():
os = __grains__['os']
if os == 'Ubuntu':
if path.exists('/var/run/reboot-required'):
retval = 'True'
else:
retval = 'False'
elif os == 'CentOS':
cmd = 'needs-restarting -r > /dev/null 2>&1'
try:
needs_restarting = subprocess.check_call(cmd.split(), shell=True)
except subprocess.CalledProcessError:
retval = 'True'
retval = 'False'
else:
retval = 'Unsupported OS: %s' % os
return retval

9
salt/master/init.sls
View File

@@ -17,6 +17,15 @@
{% if masterproxy == 1 %} {% if masterproxy == 1 %}
socore_own_saltstack:
file.directory:
- name: /opt/so/saltstack
- user: socore
- group: socore
- recurse:
- user
- group
# Create the directories for apt-cacher-ng # Create the directories for apt-cacher-ng
aptcacherconfdir: aptcacherconfdir:
file.directory: file.directory:

23
salt/motd/files/package_update_reboot_required.jinja Normal file
View File

@@ -0,0 +1,23 @@
{% set needs_restarting_check = salt['mine.get']('*', 'needs_restarting.check', tgt_type='glob') -%}
{%- if needs_restarting_check %}
{%- set minions_need_restarted = [] %}
{%- for minion, need_restarted in needs_restarting_check | dictsort() %}
{%- if need_restarted == 'True' %}
{% do minions_need_restarted.append(minion) %}
{%- endif %}
{%- endfor -%}
{%- if minions_need_restarted | length > 0 %}
*****************************************************************************************
* The following nodes in your Security Onion grid need restarted due to package updates *
*****************************************************************************************
{% for minion in minions_need_restarted -%}
{{ minion }}
{% endfor -%}
{%- endif -%}
{%- endif -%}

5
salt/motd/init.sls Normal file
View File

@@ -0,0 +1,5 @@
package_update_reboot_required_motd:
file.append:
- name: /etc/motd
- source: salt://motd/files/package_update_reboot_required.jinja
- template: jinja

10
salt/patch/os/init.sls
View File

@@ -1,4 +1,14 @@
{% if grains.os == "CentOS" %}
include:
- yum.packages
{% endif %}
patch_os: patch_os:
pkg.uptodate: pkg.uptodate:
- name: patch_os - name: patch_os
- refresh: True - refresh: True
needs_restarting:
module.run:
- mine.send:
- func: needs_restarting.check

1
salt/top.sls
View File

@@ -7,6 +7,7 @@
base: base:
'*': '*':
- patch.os.schedule - patch.os.schedule
- motd
'G@role:so-sensor': 'G@role:so-sensor':
- ca - ca

3
salt/yum/packages.sls Normal file
View File

@@ -0,0 +1,3 @@
install_yum_utils:
pkg.installed:
- name: yum-utils

13
so-setup-network.sh
View File

@@ -278,7 +278,7 @@ copy_minion_tmp_files() {
rsync -a -v $TMP/ /opt/so/saltstack/ >> $SETUPLOG 2>&1 rsync -a -v $TMP/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
else else
echo "scp all files in $TMP to master /opt/so/saltstack" >> $SETUPLOG 2>&1 echo "scp all files in $TMP to master /opt/so/saltstack" >> $SETUPLOG 2>&1
scp -prv -i /root/.ssh/so.key $TMP socore@$MSRV:/opt/so/saltstack >> $SETUPLOG 2>&1 scp -prv -i /root/.ssh/so.key $TMP/* socore@$MSRV:/opt/so/saltstack >> $SETUPLOG 2>&1
fi fi
} }
@@ -488,9 +488,12 @@ install_cleanup() {
install_pip3() { install_pip3() {
echo "Installing pip3"
if [ $OS == 'ubuntu' ]; then if [ $OS == 'ubuntu' ]; then
echo -e "XXX\n0\nInstalling pip3... \nXXX"
apt-get -y install python3-pip gcc python3-dev apt-get -y install python3-pip gcc python3-dev
elif [ $OS == 'centos' ]; then
yum -y install python3-pip gcc python3-devel
fi fi
} }
@@ -716,7 +719,7 @@ saltify() {
ADDUSER=adduser ADDUSER=adduser
if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-2019.2-2.el7.noarch.rpm
cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2019-2.repo cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2019-2.repo
sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-2019-2.repo sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-2019-2.repo
cat > /etc/yum.repos.d/wazuh.repo <<\EOF cat > /etc/yum.repos.d/wazuh.repo <<\EOF
@@ -1006,7 +1009,7 @@ salt_master_directories() {
salt_install_mysql_deps() { salt_install_mysql_deps() {
if [ $OS == 'centos' ]; then if [ $OS == 'centos' ]; then
yum -y install gcc mariadb-devel python3-devel yum -y install mariadb-devel
echo "Using pip3 to install mysqlclient for salt" echo "Using pip3 to install mysqlclient for salt"
pip3 install -t /usr/lib64/python3.6/site-packages/ mysqlclient pip3 install -t /usr/lib64/python3.6/site-packages/ mysqlclient
elif [ $OS == 'ubuntu' ]; then elif [ $OS == 'ubuntu' ]; then
@@ -2056,6 +2059,7 @@ if (whiptail_you_sure); then
copy_ssh_key copy_ssh_key
{ {
sleep 0.5 sleep 0.5
install_pip3 >> $SETUPLOG 2>&1
echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX" echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
set_initial_firewall_policy >> $SETUPLOG 2>&1 set_initial_firewall_policy >> $SETUPLOG 2>&1
echo -e "XXX\n3\nCreating Bond Interface... \nXXX" echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
@@ -2321,6 +2325,7 @@ if (whiptail_you_sure); then
copy_ssh_key copy_ssh_key
{ {
sleep 0.5 sleep 0.5
install_pip3 >> $SETUPLOG 2>&1
echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX" echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
set_initial_firewall_policy >> $SETUPLOG 2>&1 set_initial_firewall_policy >> $SETUPLOG 2>&1
echo -e "XXX\n5\nInstalling Salt Packages... \nXXX" echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"