Merge pull request #135 from m0duspwnens/master

os patch motd changes, install pip3 for Centos install
2025-12-06 17:22:49 +01:00 · 2019-11-18 09:30:16 -05:00
parent f8fed24aa5 6bcadded14
commit cbc635da76
8 changed files with 85 additions and 4 deletions
--- a/salt/_modules/needs_restarting.py
+++ b/salt/_modules/needs_restarting.py
@@ -0,0 +1,25 @@
+from os import path
+import subprocess
+
+def check():
+
+  os = __grains__['os']
+
+  if os == 'Ubuntu':
+    if path.exists('/var/run/reboot-required'):
+      retval = 'True'
+    else:
+      retval = 'False'
+
+  elif os == 'CentOS':
+    cmd = 'needs-restarting -r > /dev/null 2>&1'
+    try:
+      needs_restarting = subprocess.check_call(cmd.split(), shell=True)
+    except subprocess.CalledProcessError:
+      retval = 'True'
+    retval = 'False'
+
+  else:
+    retval = 'Unsupported OS: %s' % os
+
+  return retval
--- a/salt/master/init.sls
+++ b/salt/master/init.sls
@@ -17,6 +17,15 @@

 {% if masterproxy == 1 %}

+socore_own_saltstack:
+  file.directory:
+    - name: /opt/so/saltstack
+    - user: socore
+    - group: socore
+    - recurse:
+      - user
+      - group	
+
 # Create the directories for apt-cacher-ng
 aptcacherconfdir:
  file.directory:
--- a/salt/motd/files/package_update_reboot_required.jinja
+++ b/salt/motd/files/package_update_reboot_required.jinja
@@ -0,0 +1,23 @@
+{% set needs_restarting_check = salt['mine.get']('*', 'needs_restarting.check', tgt_type='glob') -%}
+
+{%- if needs_restarting_check %}
+  {%- set minions_need_restarted = [] %}
+
+  {%- for minion, need_restarted in needs_restarting_check | dictsort() %}
+    {%- if need_restarted == 'True' %}
+      {% do minions_need_restarted.append(minion) %}
+    {%- endif %}
+  {%- endfor -%}
+
+  {%- if minions_need_restarted | length > 0 %}
+*****************************************************************************************
+* The following nodes in your Security Onion grid need restarted due to package updates *
+*****************************************************************************************
+
+    {% for minion in minions_need_restarted -%}
+  {{ minion }}
+    {% endfor -%}
+
+  {%- endif -%}
+
+{%- endif -%}
--- a/salt/motd/init.sls
+++ b/salt/motd/init.sls
@@ -0,0 +1,5 @@
+package_update_reboot_required_motd:
+  file.append:
+    - name: /etc/motd
+    - source: salt://motd/files/package_update_reboot_required.jinja
+    - template: jinja
--- a/salt/patch/os/init.sls
+++ b/salt/patch/os/init.sls
@@ -1,4 +1,14 @@
+{% if grains.os == "CentOS" %}
+include:
+  - yum.packages
+{% endif %}
+
 patch_os:
  pkg.uptodate:
    - name: patch_os
    - refresh: True
+
+needs_restarting:
+  module.run:
+    - mine.send:
+      - func: needs_restarting.check
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -7,6 +7,7 @@
 base:
  '*':
    - patch.os.schedule
+    - motd

  'G@role:so-sensor':
    - ca
--- a/salt/yum/packages.sls
+++ b/salt/yum/packages.sls
@@ -0,0 +1,3 @@
+install_yum_utils:
+  pkg.installed:
+    - name: yum-utils
--- a/so-setup-network.sh
+++ b/so-setup-network.sh
@@ -278,7 +278,7 @@ copy_minion_tmp_files() {
    rsync -a -v $TMP/ /opt/so/saltstack/ >> $SETUPLOG 2>&1
  else
    echo "scp all files in $TMP to master /opt/so/saltstack" >> $SETUPLOG 2>&1
-    scp -prv -i /root/.ssh/so.key $TMP socore@$MSRV:/opt/so/saltstack >> $SETUPLOG 2>&1
+    scp -prv -i /root/.ssh/so.key $TMP/* socore@$MSRV:/opt/so/saltstack >> $SETUPLOG 2>&1
  fi

  }
@@ -488,9 +488,12 @@ install_cleanup() {

 install_pip3() {

+  echo "Installing pip3"
+
  if [ $OS == 'ubuntu' ]; then
-    echo -e "XXX\n0\nInstalling pip3... \nXXX"
    apt-get -y install python3-pip gcc python3-dev
+  elif [ $OS == 'centos' ]; then
+    yum -y install python3-pip gcc python3-devel
  fi

 }
@@ -716,7 +719,7 @@ saltify() {
    ADDUSER=adduser

    if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then
-      yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
+      yum -y install https://repo.saltstack.com/py3/redhat/salt-py3-repo-2019.2-2.el7.noarch.rpm
      cp /etc/yum.repos.d/salt-latest.repo /etc/yum.repos.d/salt-2019-2.repo
      sed -i 's/latest/2019.2/g' /etc/yum.repos.d/salt-2019-2.repo
      cat > /etc/yum.repos.d/wazuh.repo <<\EOF
@@ -1006,7 +1009,7 @@ salt_master_directories() {
 salt_install_mysql_deps() {

  if [ $OS == 'centos' ]; then
-    yum -y install gcc mariadb-devel python3-devel
+    yum -y install mariadb-devel
    echo "Using pip3 to install mysqlclient for salt"
    pip3 install -t /usr/lib64/python3.6/site-packages/ mysqlclient
  elif [ $OS == 'ubuntu' ]; then
@@ -2056,6 +2059,7 @@ if (whiptail_you_sure); then
    copy_ssh_key
    {
      sleep 0.5
+      install_pip3 >> $SETUPLOG 2>&1
      echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
      set_initial_firewall_policy >> $SETUPLOG 2>&1
      echo -e "XXX\n3\nCreating Bond Interface... \nXXX"
@@ -2321,6 +2325,7 @@ if (whiptail_you_sure); then
    copy_ssh_key
    {
      sleep 0.5
+      install_pip3 >> $SETUPLOG 2>&1
      echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"
      set_initial_firewall_policy >> $SETUPLOG 2>&1
      echo -e "XXX\n5\nInstalling Salt Packages... \nXXX"