From df6ba5cbe9e6ef18fe37e2922fabaf192cfda034 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 7 Sep 2022 16:19:16 -0400 Subject: [PATCH 1/3] initial salt relay script for comms with soc --- salt/soc/files/bin/salt-relay.sh | 71 ++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100755 salt/soc/files/bin/salt-relay.sh diff --git a/salt/soc/files/bin/salt-relay.sh b/salt/soc/files/bin/salt-relay.sh new file mode 100755 index 000000000..558c68115 --- /dev/null +++ b/salt/soc/files/bin/salt-relay.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +PIPE_OWNER=${PIPE_OWNER:-socore} +PIPE_GROUP=${PIPE_GROUP:-socore} +SOC_PIPE=${SOC_PIPE_REQUEST:-/opt/so/conf/soc/salt.pipe} + +function log() { + echo "$(date) | $1" +} + +function make_pipe() { + path=$1 + + log "Creating pipe: $path" + rm -f "${path}" + mkfifo "${path}" + chmod 0660 "${path}" + chown ${PIPE_OWNER}:${PIPE_GROUP} "${path}" +} + +make_pipe "${SOC_PIPE}" + +function list_minions() { + response=$(so-minion -o=list) + exit_code=$? + if [[ $exit_code -eq 0 ]]; then + log "Successful command execution" + $(echo "$response" > "${SOC_PIPE}") + else + log "Unsuccessful command execution: $exit_code" + $(echo "false" > "${SOC_PIPE}") + fi +} + +function manage_minion() { + command=$1 + op=$2 + minion=$3 + + response=$(so-minion "-o=$op" "-m=$minion") + exit_code=$? + if [[ exit_code -eq 0 ]]; then + log "Successful command execution" + $(echo "true" > "${SOC_PIPE}") + else + log "Unsuccessful command execution: $response ($exit_code)" + $(echo "false" > "${SOC_PIPE}") + fi +} + +while true; do + log "Listening for request" + request=$(cat ${SOC_PIPE}) + if [[ "$request" != "" ]]; then + log "Received request: ${request}" + case "$request" in + list-minions) + list_minions + ;; + manage-minion*) + manage_minion ${request} + ;; + *) + log "Unsupported command: $request" + $(echo "false" > "${SOC_PIPE}") + esac + + # allow remote reader to get a clean reader before we try to read again on next loop + sleep 1 + fi +done From 193c3fc4cdc441fb4e05e3d37b6bc5fd9602ecb7 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 8 Sep 2022 10:26:39 -0400 Subject: [PATCH 2/3] Add salt relay --- salt/soc/init.sls | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/salt/soc/init.sls b/salt/soc/init.sls index 151a817f6..0b9f0a2e1 100644 --- a/salt/soc/init.sls +++ b/salt/soc/init.sls @@ -92,6 +92,13 @@ socusersroles: - require: - sls: manager.sync_es_users +salt-relay: + cmd.run: + - env: + - SOC_PIPE: /opt/sensoroni/salt.pipe + - name: '/opt/so/saltstack/default/salt/soc/files/bin/salt-relay.sh >> /opt/so/log/soc/salt-relay.log 2>&1 &' + - unless: ps -ef | grep salt-relay | grep -v grep + so-soc: docker_container.running: - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }} @@ -106,6 +113,7 @@ so-soc: - /opt/so/conf/soc/custom.js:/opt/sensoroni/html/js/custom.js:ro - /opt/so/conf/soc/custom_roles:/opt/sensoroni/rbac/custom_roles:ro - /opt/so/conf/soc/soc_users_roles:/opt/sensoroni/rbac/users_roles:rw + - /opt/so/conf/soc/salt.pipe:/opt/sensoroni/salt.pipe:rw {%- if salt['pillar.get']('nodestab', {}) %} - extra_hosts: {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %} From b7bbe7d69f508f96a2dd1260937fbf9620fc7f94 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 8 Sep 2022 10:27:56 -0400 Subject: [PATCH 3/3] Add copyright notice --- salt/soc/files/bin/salt-relay.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/soc/files/bin/salt-relay.sh b/salt/soc/files/bin/salt-relay.sh index 558c68115..732d48dc1 100755 --- a/salt/soc/files/bin/salt-relay.sh +++ b/salt/soc/files/bin/salt-relay.sh @@ -1,4 +1,8 @@ #!/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. PIPE_OWNER=${PIPE_OWNER:-socore} PIPE_GROUP=${PIPE_GROUP:-socore}