From da3d0948b44e8edcb9e4fec1415d83c0b747ed60 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 8 Sep 2020 16:49:38 -0400
Subject: [PATCH 1/3] creating engine to watch the health of the salt mine

---
 salt/salt/engines/checkmine.py | 28 ++++++++++++++++++++++++++++
 salt/salt/files/engines.conf   |  6 ++++++
 salt/salt/master.sls           | 23 ++++++++++++++++++++++-
 3 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 salt/salt/engines/checkmine.py
 create mode 100644 salt/salt/files/engines.conf

diff --git a/salt/salt/engines/checkmine.py b/salt/salt/engines/checkmine.py
new file mode 100644
index 000000000..5cc0a5ad3
--- /dev/null
+++ b/salt/salt/engines/checkmine.py
@@ -0,0 +1,28 @@
+# -*- coding: utf-8 -*-
+
+import logging
+from time import sleep
+from os import remove
+
+log = logging.getLogger(__name__)
+
+def start(interval=30):
+  log.info("checkmine engine started")
+  minionid = __grains__['id']
+  while True:
+    try:
+      ca_crt = __salt__['saltutil.runner']('mine.get', tgt=minionid, fun='x509.get_pem_entries')[minionid]['/etc/pki/ca.crt']
+      log.info('Successfully queried Salt mine for the CA.')
+    except:
+      log.error('Could not pull CA from the Salt mine.')
+      log.info('Removing /var/cache/salt/master/minions/%s/mine.p to force Salt mine to be repopulated.' % minionid)
+      try:
+        remove('/var/cache/salt/master/minions/%s/mine.p' % minionid)
+        log.info('Removed /var/cache/salt/master/minions/%s/mine.p' % minionid)
+      except FileNotFoundError:
+        log.error('/var/cache/salt/master/minions/%s/mine.p does not exist' % minionid)
+
+      __salt__['mine.send'](name='x509.get_pem_entries', glob_path='/etc/pki/ca.crt')
+      log.warning('Salt mine repopulated with /etc/pki/ca.crt')
+
+    sleep(interval)
\ No newline at end of file
diff --git a/salt/salt/files/engines.conf b/salt/salt/files/engines.conf
new file mode 100644
index 000000000..c9e20adf3
--- /dev/null
+++ b/salt/salt/files/engines.conf
@@ -0,0 +1,6 @@
+engines_dirs:
+  - /etc/salt/engines
+
+engines:
+  - checkmine:
+      interval: 30
\ No newline at end of file
diff --git a/salt/salt/master.sls b/salt/salt/master.sls
index 481be743a..25d3acfca 100644
--- a/salt/salt/master.sls
+++ b/salt/salt/master.sls
@@ -1,3 +1,6 @@
+include:
+  - salt.minion
+
 salt_master_package:
   pkg.installed:
     - pkgs:
@@ -8,4 +11,22 @@ salt_master_package:
 salt_master_service:
   service.running:
     - name: salt-master
-    - enable: True
\ No newline at end of file
+    - enable: True
+
+engines:
+  file.directory:
+    - name: /etc/salt/engines
+
+checkmine_engine:
+  file.managed:
+    - name: /etc/salt/engines/checkmine.py
+    - source: salt://salt/engines/checkmine.py
+    - watch_in:
+        - service: salt_minion_service
+
+engines_config:
+  file.managed:
+    - name: /etc/salt/minion.d/engines.conf
+    - source: salt://salt/files/engines.conf
+    - watch_in:
+        - service: salt_minion_service
\ No newline at end of file

From eeb6c3128b591a1faf104a18e8a416758b8a7647 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 8 Sep 2020 17:27:13 -0400
Subject: [PATCH 2/3] add salt.master state to manager nodes

---
 salt/top.sls | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/salt/top.sls b/salt/top.sls
index d5277cafb..fbd48d8d5 100644
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -28,9 +28,10 @@ base:
     - common
     - patch.os.schedule
     - motd
-
+  
   '*_helix and G@saltversion:{{saltversion}}':
     - match: compound
+    - salt.master
     - ca
     - ssl
     - common
@@ -72,6 +73,7 @@ base:
 
   '*_eval and G@saltversion:{{saltversion}}':
     - match: compound
+    - salt.master
     - ca
     - ssl
     - common
@@ -129,6 +131,7 @@ base:
 
   '*_manager and G@saltversion:{{saltversion}}':
     - match: compound
+    - salt.master
     - ca
     - ssl
     - common
@@ -175,6 +178,7 @@ base:
 
   '*_standalone and G@saltversion:{{saltversion}}':
     - match: compound
+    - salt.master
     - ca
     - ssl
     - common
@@ -299,6 +303,7 @@ base:
 
   '*_managersearch and G@saltversion:{{saltversion}}':
     - match: compound
+    - salt.master
     - ca
     - ssl
     - common
@@ -389,6 +394,7 @@ base:
 
   '*_import and G@saltversion:{{saltversion}}':
     - match: compound
+    - salt.master
     - ca
     - ssl
     - common

From da34222931d7656375e192ffa762d243f78ac909 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 8 Sep 2020 17:36:27 -0400
Subject: [PATCH 3/3] makedirs

---
 salt/salt/master.sls | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/salt/salt/master.sls b/salt/salt/master.sls
index 25d3acfca..ca1bead2d 100644
--- a/salt/salt/master.sls
+++ b/salt/salt/master.sls
@@ -13,14 +13,11 @@ salt_master_service:
     - name: salt-master
     - enable: True
 
-engines:
-  file.directory:
-    - name: /etc/salt/engines
-
 checkmine_engine:
   file.managed:
     - name: /etc/salt/engines/checkmine.py
     - source: salt://salt/engines/checkmine.py
+    - makedirs: True
     - watch_in:
         - service: salt_minion_service