From 7e4d7a698538d3e58ed8f7fc4e695972747cf414 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Thu, 11 Feb 2021 11:09:21 -0500
Subject: [PATCH 1/2] drop icmp timestamp replies
 https://github.com/Security-Onion-Solutions/securityonion/issues/1704

---
 salt/firewall/init.sls | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 687774a58..c9618554d 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -34,7 +34,6 @@ iptables_allow_established:
     - jump: ACCEPT
     - match: conntrack
     - ctstate: 'RELATED,ESTABLISHED'
-    - save: True
 
 # I like pings
 iptables_allow_pings:
@@ -43,7 +42,6 @@ iptables_allow_pings:
     - chain: INPUT
     - jump: ACCEPT
     - proto: icmp
-    - save: True
 
 # Create the chain for logging
 iptables_LOGGING_chain:
@@ -68,7 +66,6 @@ iptables_log_input_drops:
     - table: filter
     - chain: INPUT
     - jump: LOGGING
-    - save: True
 
 # Enable global DOCKER-USER block rule
 enable_docker_user_fw_policy:
@@ -79,7 +76,6 @@ enable_docker_user_fw_policy:
     - in-interface: '!docker0'
     - out-interface: docker0
     - position: 1
-    - save: True
 
 enable_docker_user_established:
   iptables.insert:
@@ -89,7 +85,6 @@ enable_docker_user_established:
     - in-interface: '!docker0'
     - out-interface: docker0
     - position: 1
-    - save: True
     - match: conntrack
     - ctstate: 'RELATED,ESTABLISHED'
 
@@ -115,7 +110,6 @@ enable_docker_user_established:
               {% if action == 'insert' %}
     - position: 1
               {% endif %}
-    - save: True
 
               {% endfor %}
             {% endfor %}
@@ -126,6 +120,15 @@ enable_docker_user_established:
   {% endfor %}
 {% endfor %}
 
+# Block icmp timestamp response
+block_icmp_timestamp_reply:
+  iptables.append:
+    - table: filter
+    - chain: OUTPUT
+    - jump: DROP
+    - proto: icmp
+    - icmp-type: 'timestamp-reply'
+
 # Make the input policy send stuff that doesn't match to be logged and dropped
 iptables_drop_all_the_things:
   iptables.append:

From 3b0c2b3e91725af0fcfaaa1455e86ca6fe7b4d3a Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 12 Feb 2021 12:04:08 -0500
Subject: [PATCH 2/2] remove /etc/yum.repos.d/salt-2019-2-5.repo if present
 https://github.com/Security-Onion-Solutions/securityonion/issues/2756

---
 salt/salt/init.sls | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/salt/salt/init.sls b/salt/salt/init.sls
index 2caae81cd..18be055db 100644
--- a/salt/salt/init.sls
+++ b/salt/salt/init.sls
@@ -11,3 +11,9 @@ salt_bootstrap:
     - name: /usr/sbin/bootstrap-salt.sh
     - source: salt://salt/scripts/bootstrap-salt.sh
     - mode: 755
+
+{% if grains.os == 'CentOS'  %}
+remove_salt-2019-2-5.repo:
+  file.absent:
+    - name: /etc/yum.repos.d/salt-2019-2-5.repo
+{% endif %}
\ No newline at end of file