diff --git a/salt/salt/master.defaults.yaml b/salt/salt/master.defaults.yaml
index 02742737a..e774a2c7d 100644
--- a/salt/salt/master.defaults.yaml
+++ b/salt/salt/master.defaults.yaml
@@ -2,4 +2,4 @@
# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions
salt:
master:
- version: 3002.1
\ No newline at end of file
+ version: 3002.2
\ No newline at end of file
diff --git a/salt/salt/minion.defaults.yaml b/salt/salt/minion.defaults.yaml
index 871babdeb..baaaff411 100644
--- a/salt/salt/minion.defaults.yaml
+++ b/salt/salt/minion.defaults.yaml
@@ -2,5 +2,5 @@
# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions
salt:
minion:
- version: 3002.1
+ version: 3002.2
check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. any value less than 600 seconds may cause a lot of salt-minion restarts since the job to touch the file occurs every 5-8 minutes by default
\ No newline at end of file
diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json
index 44298caf0..e18bf1dc9 100644
--- a/salt/soc/files/soc/changes.json
+++ b/salt/soc/files/soc/changes.json
@@ -12,7 +12,7 @@
{ "summary": "Resolved issue with Navigator layer(s) not loading correctly." },
{ "summary": "Wazuh authd is now started by default on port 1515/tcp." },
{ "summary": "Wazuh API default credentials are now removed after setup. Scripts have been added for API user management." },
- { "summary": "Upgraded Salt to 3002.1 due to CVEs." },
+ { "summary": "Upgraded Salt to 3002.2 due to CVEs." },
{ "summary": "If salt-minion is unable to apply states after the defined threshold, we assume salt-minion is in a bad state and the salt-minion service will be restarted." },
{ "summary": "Fixed bug that prevented mysql from installing for Fleet if Playbook wasn't also installed." },
{ "summary": "so-status will now show STARTING or WAIT_START, instead of ERROR, if so-status is run before a salt highstate has started or finished for the first time after system startup" },
diff --git a/setup/so-functions b/setup/so-functions
index a01515866..8254b2819 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -1445,7 +1445,7 @@ saltify() {
if [ $OS = 'centos' ]; then
set_progress_str 5 'Installing Salt repo'
{
- sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/SALTSTACK-GPG-KEY.pub;
+ sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.2/SALTSTACK-GPG-KEY.pub;
cp ./yum_repos/saltstack.repo /etc/yum.repos.d/saltstack.repo;
} >> "$setup_log" 2>&1
set_progress_str 6 'Installing various dependencies'
@@ -1462,14 +1462,14 @@ saltify() {
# Download Ubuntu Keys in case manager updates = 1
mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
if [[ ! $is_airgap ]]; then
- logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub"
+ logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub"
logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg"
logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH"
logCmd "cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo"
fi
set_progress_str 7 'Installing salt-master'
if [[ ! $is_iso ]]; then
- logCmd "yum -y install salt-master-3002.1"
+ logCmd "yum -y install salt-master-3002.2"
fi
systemctl enable salt-master >> "$setup_log" 2>&1
;;
@@ -1497,7 +1497,7 @@ saltify() {
{
if [[ ! $is_iso ]]; then
yum -y install epel-release
- yum -y install salt-minion-3002.1\
+ yum -y install salt-minion-3002.2\
python3\
python36-docker\
python36-dateutil\
@@ -1541,8 +1541,8 @@ saltify() {
'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # TODO: should this also be HELIXSENSOR?
# Add saltstack repo(s)
- wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
- echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.1 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
+ wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
+ echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.2 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
# Add Docker repo
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1
@@ -1550,7 +1550,7 @@ saltify() {
# Get gpg keys
mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
- wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
+ wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3002.2/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
@@ -1563,7 +1563,7 @@ saltify() {
set_progress_str 6 'Installing various dependencies'
apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1
set_progress_str 7 'Installing salt-master'
- apt-get -y install salt-master=3002.1+ds-1 >> "$setup_log" 2>&1
+ apt-get -y install salt-master=3002.2+ds-1 >> "$setup_log" 2>&1
apt-mark hold salt-master >> "$setup_log" 2>&1
;;
*)
@@ -1574,14 +1574,14 @@ saltify() {
echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1
apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
- echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.1/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
+ echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.2/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log"
;;
esac
apt-get update >> "$setup_log" 2>&1
set_progress_str 8 'Installing salt-minion & python modules'
- apt-get -y install salt-minion=3002.1+ds-1\
- salt-common=3002.1+ds-1 >> "$setup_log" 2>&1
+ apt-get -y install salt-minion=3002.2+ds-1\
+ salt-common=3002.2+ds-1 >> "$setup_log" 2>&1
apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1
if [ "$OSVER" != 'xenial' ]; then
apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1
diff --git a/setup/yum_repos/saltstack.repo b/setup/yum_repos/saltstack.repo
index d104e252c..856d4d80c 100644
--- a/setup/yum_repos/saltstack.repo
+++ b/setup/yum_repos/saltstack.repo
@@ -1,6 +1,6 @@
[saltstack]
name=SaltStack repo for RHEL/CentOS $releasever PY3
-baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/
+baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.2/
enabled=1
gpgcheck=1
-gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/SALTSTACK-GPG-KEY.pub
\ No newline at end of file
+gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.2/SALTSTACK-GPG-KEY.pub
\ No newline at end of file