CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1298 from Security-Onion-Solutions/issue/1291

Browse Source 
Issue/1291
This commit is contained in:
Josh Patterson
2020-09-08 17:40:33 -04:00
committed by GitHub
parent 710a2be422 da34222931
commit d7016b4557
4 changed files with 60 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
salt/salt/engines/checkmine.py Normal file
View File

@@ -0,0 +1,28 @@
# -*- coding: utf-8 -*-
import logging
from time import sleep
from os import remove
log = logging.getLogger(__name__)
def start(interval=30):
log.info("checkmine engine started")
minionid = __grains__['id']
while True:
try:
ca_crt = __salt__['saltutil.runner']('mine.get', tgt=minionid, fun='x509.get_pem_entries')[minionid]['/etc/pki/ca.crt']
log.info('Successfully queried Salt mine for the CA.')
except:
log.error('Could not pull CA from the Salt mine.')
log.info('Removing /var/cache/salt/master/minions/%s/mine.p to force Salt mine to be repopulated.' % minionid)
try:
remove('/var/cache/salt/master/minions/%s/mine.p' % minionid)
log.info('Removed /var/cache/salt/master/minions/%s/mine.p' % minionid)
except FileNotFoundError:
log.error('/var/cache/salt/master/minions/%s/mine.p does not exist' % minionid)
__salt__['mine.send'](name='x509.get_pem_entries', glob_path='/etc/pki/ca.crt')
log.warning('Salt mine repopulated with /etc/pki/ca.crt')
sleep(interval)

6
salt/salt/files/engines.conf Normal file
View File

@@ -0,0 +1,6 @@
engines_dirs:
- /etc/salt/engines
engines:
- checkmine:
interval: 30

18
salt/salt/master.sls
View File

@@ -1,3 +1,6 @@
include:
- salt.minion
salt_master_package: salt_master_package:
pkg.installed: pkg.installed:
- pkgs: - pkgs:
@@ -9,3 +12,18 @@ salt_master_service:
service.running: service.running:
- name: salt-master - name: salt-master
- enable: True - enable: True
checkmine_engine:
file.managed:
- name: /etc/salt/engines/checkmine.py
- source: salt://salt/engines/checkmine.py
- makedirs: True
- watch_in:
- service: salt_minion_service
engines_config:
file.managed:
- name: /etc/salt/minion.d/engines.conf
- source: salt://salt/files/engines.conf
- watch_in:
- service: salt_minion_service

6
salt/top.sls
View File

@@ -38,6 +38,7 @@ base:
'*_helix and G@saltversion:{{saltversion}}': '*_helix and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- salt.master
- ca - ca
- ssl - ssl
- common - common
@@ -79,6 +80,7 @@ base:
'*_eval and G@saltversion:{{saltversion}}': '*_eval and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- salt.master
- ca - ca
- ssl - ssl
- common - common
@@ -136,6 +138,7 @@ base:
'*_manager and G@saltversion:{{saltversion}}': '*_manager and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- salt.master
- ca - ca
- ssl - ssl
- common - common
@@ -182,6 +185,7 @@ base:
'*_standalone and G@saltversion:{{saltversion}}': '*_standalone and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- salt.master
- ca - ca
- ssl - ssl
- common - common
@@ -306,6 +310,7 @@ base:
'*_managersearch and G@saltversion:{{saltversion}}': '*_managersearch and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- salt.master
- ca - ca
- ssl - ssl
- common - common
@@ -396,6 +401,7 @@ base:
'*_import and G@saltversion:{{saltversion}}': '*_import and G@saltversion:{{saltversion}}':
- match: compound - match: compound
- salt.master
- ca - ca
- ssl - ssl
- common - common