From 6153c25c37127611b28ebfa4c4988d18313b345f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 19 Nov 2019 15:34:27 -0500 Subject: [PATCH 1/3] update mine via mine_interval now vs applying a state --- pillar/patch/needs_restarting.sls | 2 ++ pillar/top.sls | 3 +++ salt/patch/os/init.sls | 2 +- salt/top.sls | 1 - 4 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 pillar/patch/needs_restarting.sls diff --git a/pillar/patch/needs_restarting.sls b/pillar/patch/needs_restarting.sls new file mode 100644 index 000000000..f77dd2269 --- /dev/null +++ b/pillar/patch/needs_restarting.sls @@ -0,0 +1,2 @@ +mine_functions: + needs_restarting.check: [] diff --git a/pillar/top.sls b/pillar/top.sls index 031352a11..ffa99de59 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -1,4 +1,7 @@ base: + '*': + - patch.needs_restarting + 'G@role:so-sensor': - sensors.{{ grains.id }} - static diff --git a/salt/patch/os/init.sls b/salt/patch/os/init.sls index 7f2adc65b..ade35294a 100644 --- a/salt/patch/os/init.sls +++ b/salt/patch/os/init.sls @@ -1,8 +1,8 @@ include: - - patch.needs_restarting {% if grains.os == "CentOS" %} - yum.packages {% endif %} + - patch.needs_restarting patch_os: pkg.uptodate: diff --git a/salt/top.sls b/salt/top.sls index a2662a89b..46745a38b 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -7,7 +7,6 @@ base: '*': - patch.os.schedule - - patch.needs_restarting - motd 'G@role:so-sensor': From ed9c52925a92bebe75c5f1102fd294c5209a0f70 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Sat, 23 Nov 2019 14:09:41 -0500 Subject: [PATCH 2/3] Playbook - thehive alert tweak --- salt/soctopus/files/templates/generic.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soctopus/files/templates/generic.template b/salt/soctopus/files/templates/generic.template index e278afa2c..80dd1a762 100644 --- a/salt/soctopus/files/templates/generic.template +++ b/salt/soctopus/files/templates/generic.template @@ -12,7 +12,7 @@ hive_proxies: https: '' hive_alert_config: - title: '{rule[name]}' + title: '{rule[name]} - ' type: 'playbook' source: 'SecurityOnion' description: "`Play:` https://{{es}}/playbook/issues/6000 \n\n `View Event:` \n\n `Raw Data:` {match[message]}" From c0d342c46ee31d295ba42cb6f466ca3ad367417a Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 26 Nov 2019 09:54:27 -0500 Subject: [PATCH 3/3] changes for py3 salt on ubuntu --- so-setup-network.sh | 52 +++++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 18 deletions(-) diff --git a/so-setup-network.sh b/so-setup-network.sh index c32635574..474721bef 100644 --- a/so-setup-network.sh +++ b/so-setup-network.sh @@ -255,10 +255,10 @@ copy_master_config() { copy_minion_tmp_files() { if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then - echo "rsyncing all files in $TMP to /opt/so/saltstack" >> $SETUPLOG 2>&1 + echo "rsyncing all files in $TMP to /opt/so/saltstack" rsync -a -v $TMP/ /opt/so/saltstack/ >> $SETUPLOG 2>&1 else - echo "scp all files in $TMP to master /opt/so/saltstack" >> $SETUPLOG 2>&1 + echo "scp all files in $TMP to master /opt/so/saltstack" scp -prv -i /root/.ssh/so.key $TMP/* socore@$MSRV:/opt/so/saltstack >> $SETUPLOG 2>&1 fi @@ -266,10 +266,12 @@ copy_minion_tmp_files() { copy_ssh_key() { + echo "Generating SSH key" # Generate SSH key mkdir -p /root/.ssh cat /dev/zero | ssh-keygen -f /root/.ssh/so.key -t rsa -q -N "" chown -R $SUDO_USER:$SUDO_USER /root/.ssh + echo "Copying the SSH key to the master" #Copy the key over to the master ssh-copy-id -f -i /root/.ssh/so.key socore@$MSRV @@ -326,6 +328,16 @@ detect_os() { echo "We were unable to determine if you are using a supported OS." >> $SETUPLOG 2>&1 exit fi + echo "Detected OS as: $OS" >> $SETUPLOG 2>&1 + +} + +disable_dnsmasq() { + + if [ -f /etc/NetworkManager/NetworkManager.conf ]; then + echo "Disabling dnsmasq in /etc/NetworkManager/NetworkManager.conf" + sed -e 's/^dns=dnsmasq/#dns=dnsmasq/g' -i /etc/NetworkManager/NetworkManager.conf + fi } @@ -347,7 +359,7 @@ docker_install() { else if [ $INSTALLTYPE == 'MASTERONLY' ] || [ $INSTALLTYPE == 'EVALMODE' ]; then apt-get update >> $SETUPLOG 2>&1 - apt-get -y install docker-ce >> $SETUPLOG 2>&1 + apt-get -y install docker-ce python3-docker >> $SETUPLOG 2>&1 if [ $INSTALLTYPE != 'EVALMODE' ]; then docker_registry >> $SETUPLOG 2>&1 fi @@ -357,13 +369,11 @@ docker_install() { apt-key add $TMP/gpg/docker.pub >> $SETUPLOG 2>&1 add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" >> $SETUPLOG 2>&1 apt-get update >> $SETUPLOG 2>&1 - apt-get -y install docker-ce >> $SETUPLOG 2>&1 + apt-get -y install docker-ce python3-docker >> $SETUPLOG 2>&1 docker_registry >> $SETUPLOG 2>&1 echo "Restarting Docker" >> $SETUPLOG 2>&1 systemctl restart docker >> $SETUPLOG 2>&1 fi - echo "Using pip3 to install docker-py for salt" - pip3 install docker fi } @@ -471,9 +481,9 @@ install_python3() { echo "Installing Python3" if [ $OS == 'ubuntu' ]; then - apt-get -y install python3-pip gcc python3-dev - elif [ $OS == 'centos' ]; then - yum -y install epel-release python3 + apt-get -y install python3-pip python3-dev +# elif [ $OS == 'centos' ]; then +# yum -y install epel-release python3 fi } @@ -915,7 +925,10 @@ EOF # Copy down the gpg keys and install them from the master mkdir $TMP/gpg + echo "scp the gpg keys and install them from the master" + ls -l $TMP scp socore@$MSRV:/opt/so/gpg/* $TMP/gpg + echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" apt-key add $TMP/gpg/SALTSTACK-GPG-KEY.pub apt-key add $TMP/gpg/GPG-KEY-WAZUH echo "deb http://repo.saltstack.com/apt/ubuntu/$UVER/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list @@ -998,7 +1011,9 @@ salt_install_mysql_deps() { if [ $OS == 'centos' ]; then yum -y install mariadb-devel elif [ $OS == 'ubuntu' ]; then - apt-get -y install libmysqlclient-dev python3-mysqldb + apt-get -y install libmysqlclient-dev gcc + echo "Using pip3 to install mysqlclient for salt" + pip3 install mysqlclient fi } @@ -1893,7 +1908,8 @@ if (whiptail_you_sure); then get_filesystem_root get_filesystem_nsm # Enable Bro Logs - bro_logs_enabled + # comment this out since we already copy this file to the destination that this function writes to + #bro_logs_enabled # Figure out the main IP address get_main_ip @@ -1907,10 +1923,9 @@ if (whiptail_you_sure); then # Install salt and dependencies { sleep 0.5 - #install_pip3 >> $SETUPLOG 2>&1 + install_python3 >> $SETUPLOG 2>&1 echo -e "XXX\n1\nInstalling and configuring Salt... \nXXX" echo " ** Installing Salt and Dependencies **" >> $SETUPLOG - salt_install_mysql_deps >> $SETUPLOG 2>&1 saltify >> $SETUPLOG 2>&1 echo -e "XXX\n5\nInstalling Docker... \nXXX" docker_install >> $SETUPLOG 2>&1 @@ -1919,6 +1934,7 @@ if (whiptail_you_sure); then configure_minion master >> $SETUPLOG 2>&1 echo " ** Installing Salt Master **" >> $SETUPLOG install_master >> $SETUPLOG 2>&1 + salt_install_mysql_deps >> $SETUPLOG 2>&1 salt_master_directories >> $SETUPLOG 2>&1 update_sudoers >> $SETUPLOG 2>&1 chown_salt_master >> $SETUPLOG 2>&1 @@ -2038,7 +2054,7 @@ if (whiptail_you_sure); then mkdir -p /nsm get_filesystem_root get_filesystem_nsm - copy_ssh_key + copy_ssh_key >> $SETUPLOG 2>&1 { sleep 0.5 echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX" @@ -2145,15 +2161,15 @@ if (whiptail_you_sure); then sleep 0.5 echo -e "XXX\n0\nCreating Bond Interface... \nXXX" network_setup >> $SETUPLOG 2>&1 - #install_pip3 >> $SETUPLOG 2>&1 - echo -e "XXX\n1\nInstalling mysql dependencies for saltstack... \nXXX" - salt_install_mysql_deps >> $SETUPLOG 2>&1 + install_python3 >> $SETUPLOG 2>&1 echo -e "XXX\n1\nInstalling saltstack... \nXXX" saltify >> $SETUPLOG 2>&1 echo -e "XXX\n3\nInstalling docker... \nXXX" docker_install >> $SETUPLOG 2>&1 echo -e "XXX\n5\nInstalling master code... \nXXX" install_master >> $SETUPLOG 2>&1 + echo -e "XXX\n1\nInstalling mysql dependencies for saltstack... \nXXX" + salt_install_mysql_deps >> $SETUPLOG 2>&1 echo -e "XXX\n6\nCopying salt code... \nXXX" salt_master_directories >> $SETUPLOG 2>&1 echo -e "XXX\n6\nupdating suduers... \nXXX" @@ -2305,7 +2321,7 @@ if (whiptail_you_sure); then mkdir -p /nsm get_filesystem_root get_filesystem_nsm - copy_ssh_key + copy_ssh_key >> $SETUPLOG 2>&1 { sleep 0.5 echo -e "XXX\n0\nSetting Initial Firewall Policy... \nXXX"