Merge pull request #2950 from Security-Onion-Solutions/delta

Disable ICMP timestamps by default

salt/firewall/init.sls

@@ -120,6 +120,15 @@ enable_docker_user_established:
   {% endfor %}
 {% endfor %}
 
+# Block icmp timestamp response
+block_icmp_timestamp_reply:
+  iptables.append:
+    - table: filter
+    - chain: OUTPUT
+    - jump: DROP
+    - proto: icmp
+    - icmp-type: 'timestamp-reply'
+
 # Make the input policy send stuff that doesn't match to be logged and dropped
 iptables_drop_all_the_things:
   iptables.append:

salt/salt/init.sls

@@ -11,3 +11,9 @@ salt_bootstrap:
     - name: /usr/sbin/bootstrap-salt.sh
     - source: salt://salt/scripts/bootstrap-salt.sh
     - mode: 755
+
+{% if grains.os == 'CentOS'  %}
+remove_salt-2019-2-5.repo:
+  file.absent:
+    - name: /etc/yum.repos.d/salt-2019-2-5.repo
+{% endif %}