From f14df24ddc93f94a345591a556e0725bd0ce088f Mon Sep 17 00:00:00 2001
From: bryant-treacle <treacle.bryant@gmail.com>
Date: Wed, 21 Apr 2021 11:49:29 -0400
Subject: [PATCH 1/3] Update threading.map.jinja

---
 salt/suricata/threading.map.jinja | 32 +++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/salt/suricata/threading.map.jinja b/salt/suricata/threading.map.jinja
index fb9e16d6b..16bffb165 100644
--- a/salt/suricata/threading.map.jinja
+++ b/salt/suricata/threading.map.jinja
@@ -1,4 +1,18 @@
-{% if salt['pillar.get']('sensor:suriprocs') %}
+{% if salt['pillar.get']('sensor:suripins') %}
+  {% load_yaml as cpu_affinity%}
+cpu-affinity:
+  - management-cpu-set:
+      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
+  - receive-cpu-set:
+      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
+  - worker-cpu-set:
+      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]
+      mode: "exclusive"
+      threads: {{ salt['pillar.get']('sensor:suripins')|length }}
+      prio:
+        default: "high"
+  {% endload %}
+{% elif salt['pillar.get']('sensor:suriprocs') %}
   {% load_yaml as cpu_affinity%}
 cpu-affinity:
   - management-cpu-set:
@@ -15,18 +29,4 @@ cpu-affinity:
         high: [ 3 ]
         default: "high"
   {% endload %}
-{% elif salt['pillar.get']('sensor:suripins') %}
-  {% load_yaml as cpu_affinity%}
-cpu-affinity:
-  - management-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - receive-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]  # include only these cpus in affinity settings
-  - worker-cpu-set:
-      cpu: [ {{ salt['pillar.get']('sensor:suripins')|join(",") }} ]
-      mode: "exclusive"
-      threads: {{ salt['pillar.get']('sensor:suripins')|length }}
-      prio:
-        default: "high"
-  {% endload %}
-{% endif %}
\ No newline at end of file
+{% endif %}

From 075ba0d83b4b156837a2f885bddaf1d3acafe7e4 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Tue, 20 Apr 2021 13:12:55 -0400
Subject: [PATCH 2/3] Fix salt-master check

---
 setup/so-functions | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/setup/so-functions b/setup/so-functions
index a37867b5a..c1f61a768 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -175,10 +175,8 @@ __check_so_status() {
 }
 
 __check_salt_master() {
-	local salt_master_status
-	salt_master_status=$($sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master)
-	[[ -z $salt_master_status ]] && salt_master_status=1
-	return $salt_master_status
+	$sshcmd -i /root/.ssh/so.key soremote@"$MSRV" systemctl is-active --quiet salt-master
+	return $?
 }
 
 check_network_manager_conf() {

From 06ccad334b45f78eb9eb954fb06ac6e2aef311a1 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Wed, 21 Apr 2021 14:43:15 -0400
Subject: [PATCH 3/3] Fix Security

---
 salt/repo/client/files/centos/securityonioncache.repo | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/salt/repo/client/files/centos/securityonioncache.repo b/salt/repo/client/files/centos/securityonioncache.repo
index e4d47cb11..f4ec6ef3f 100644
--- a/salt/repo/client/files/centos/securityonioncache.repo
+++ b/salt/repo/client/files/centos/securityonioncache.repo
@@ -67,12 +67,12 @@ gpgcheck=1
 gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/GPG-KEY-WAZUH
 enabled=1
 name=Wazuh repository
-baseurl=https://repocache.securityonion.net/file/securityonion-repo/wazuh4_repo/
+baseurl=http://repocache.securityonion.net/file/securityonion-repo/wazuh4_repo/
 protect=1
 
 [securityonion]
 name=Security Onion Repo
-baseurl=https://repocache.securityonion.net/file/securityonion-repo/securityonion/
+baseurl=http://repocache.securityonion.net/file/securityonion-repo/securityonion/
 enabled=1
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub
\ No newline at end of file
+gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/securityonion.pub