From e2244bd8395611f4afb8008012522971c1e1a439 Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Fri, 1 May 2020 13:21:11 -0400
Subject: [PATCH] use maps for so-status -
 https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/619

---
 salt/common/maps/broversion.map.jinja   |  5 ++
 salt/common/maps/domainstats.map.jinja  |  5 ++
 salt/common/maps/eval.map.jinja         | 19 ++++++++
 salt/common/maps/fleet.map.jinja        | 10 ++++
 salt/common/maps/fleet_master.map.jinja |  7 +++
 salt/common/maps/freq.map.jinja         |  5 ++
 salt/common/maps/grafana.map.jinja      |  6 +++
 salt/common/maps/heavynode.map.jinja    | 14 ++++++
 salt/common/maps/helixsensor.map.jinja  | 12 +++++
 salt/common/maps/hotnode.map.jinja      |  9 ++++
 salt/common/maps/master.map.jinja       | 18 ++++++++
 salt/common/maps/mastersearch.map.jinja | 18 ++++++++
 salt/common/maps/playbook.map.jinja     |  6 +++
 salt/common/maps/searchnode.map.jinja   | 10 ++++
 salt/common/maps/sensor.map.jinja       |  9 ++++
 salt/common/maps/so-status.map.jinja    | 61 +++++++++++++++++++++++++
 salt/common/maps/thehive.map.jinja      |  7 +++
 salt/common/maps/warmnode.map.jinja     |  7 +++
 salt/common/maps/wazuh.map.jinja        |  5 ++
 salt/common/tools/sbin/so-status        | 31 +------------
 20 files changed, 235 insertions(+), 29 deletions(-)
 create mode 100644 salt/common/maps/broversion.map.jinja
 create mode 100644 salt/common/maps/domainstats.map.jinja
 create mode 100644 salt/common/maps/eval.map.jinja
 create mode 100644 salt/common/maps/fleet.map.jinja
 create mode 100644 salt/common/maps/fleet_master.map.jinja
 create mode 100644 salt/common/maps/freq.map.jinja
 create mode 100644 salt/common/maps/grafana.map.jinja
 create mode 100644 salt/common/maps/heavynode.map.jinja
 create mode 100644 salt/common/maps/helixsensor.map.jinja
 create mode 100644 salt/common/maps/hotnode.map.jinja
 create mode 100644 salt/common/maps/master.map.jinja
 create mode 100644 salt/common/maps/mastersearch.map.jinja
 create mode 100644 salt/common/maps/playbook.map.jinja
 create mode 100644 salt/common/maps/searchnode.map.jinja
 create mode 100644 salt/common/maps/sensor.map.jinja
 create mode 100644 salt/common/maps/so-status.map.jinja
 create mode 100644 salt/common/maps/thehive.map.jinja
 create mode 100644 salt/common/maps/warmnode.map.jinja
 create mode 100644 salt/common/maps/wazuh.map.jinja

diff --git a/salt/common/maps/broversion.map.jinja b/salt/common/maps/broversion.map.jinja
new file mode 100644
index 000000000..9a06b52ed
--- /dev/null
+++ b/salt/common/maps/broversion.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+  'containers': [
+    'so-zeek'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/domainstats.map.jinja b/salt/common/maps/domainstats.map.jinja
new file mode 100644
index 000000000..221dcde03
--- /dev/null
+++ b/salt/common/maps/domainstats.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+  'containers': [
+    'so-domainstats'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/eval.map.jinja b/salt/common/maps/eval.map.jinja
new file mode 100644
index 000000000..9f6725d52
--- /dev/null
+++ b/salt/common/maps/eval.map.jinja
@@ -0,0 +1,19 @@
+{% set docker = {
+  'containers': [
+    'so-nginx',
+    'so-telegraf',
+    'so-dockerregistry',
+    'so-soc',
+    'so-kratos',
+    'so-idstools',
+    'so-elasticsearch',
+    'so-logstash',
+    'so-kibana',
+    'so-steno',
+    'so-suricata',
+    'so-zeek',
+    'so-curator',
+    'so-elastalert',
+    'so-soctopus'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/fleet.map.jinja b/salt/common/maps/fleet.map.jinja
new file mode 100644
index 000000000..c55223125
--- /dev/null
+++ b/salt/common/maps/fleet.map.jinja
@@ -0,0 +1,10 @@
+{% set docker = {
+  'containers': [
+    'so-mysql',
+    'so-fleet',
+    'so-redis',
+    'so-filebeat',
+    'so-nginx',
+    'so-telegraf'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/fleet_master.map.jinja b/salt/common/maps/fleet_master.map.jinja
new file mode 100644
index 000000000..91850846c
--- /dev/null
+++ b/salt/common/maps/fleet_master.map.jinja
@@ -0,0 +1,7 @@
+{% set docker = {
+  'containers': [
+    'so-mysql',
+    'so-fleet',
+    'so-redis'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/freq.map.jinja b/salt/common/maps/freq.map.jinja
new file mode 100644
index 000000000..d3f692484
--- /dev/null
+++ b/salt/common/maps/freq.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+  'containers': [
+    'so-freqserver'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/grafana.map.jinja b/salt/common/maps/grafana.map.jinja
new file mode 100644
index 000000000..1118a50fe
--- /dev/null
+++ b/salt/common/maps/grafana.map.jinja
@@ -0,0 +1,6 @@
+{% set docker = {
+  'containers': [
+    'so-influxdb',
+    'so-grafana'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/heavynode.map.jinja b/salt/common/maps/heavynode.map.jinja
new file mode 100644
index 000000000..2b8257a6a
--- /dev/null
+++ b/salt/common/maps/heavynode.map.jinja
@@ -0,0 +1,14 @@
+{% set docker = {
+  'containers': [
+    'so-nginx',
+    'so-telegraf',
+    'so-redis',
+    'so-logstash',
+    'so-elasticsearch',
+    'so-curator',
+    'so-steno',
+    'so-suricata',
+    'so-wazuh',
+    'so-filebeat
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/helixsensor.map.jinja b/salt/common/maps/helixsensor.map.jinja
new file mode 100644
index 000000000..84866de3a
--- /dev/null
+++ b/salt/common/maps/helixsensor.map.jinja
@@ -0,0 +1,12 @@
+{% set docker = {
+  'containers': [
+    'so-nginx',
+    'so-telegraf',
+    'so-idstools',
+    'so-steno',
+    'so-zeek',
+    'so-redis',
+    'so-logstash',
+    'so-filebeat
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/hotnode.map.jinja b/salt/common/maps/hotnode.map.jinja
new file mode 100644
index 000000000..bc9d58360
--- /dev/null
+++ b/salt/common/maps/hotnode.map.jinja
@@ -0,0 +1,9 @@
+{% set docker = {
+  'containers': [
+    'so-nginx',
+    'so-telegraf',
+     'so-logstash',
+    'so-elasticsearch',
+    'so-curator',
+   ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/master.map.jinja b/salt/common/maps/master.map.jinja
new file mode 100644
index 000000000..84918c39f
--- /dev/null
+++ b/salt/common/maps/master.map.jinja
@@ -0,0 +1,18 @@
+{% set docker = {
+  'containers': [
+    'so-dockerregistry',
+    'so-nginx',
+    'so-telegraf',
+    'so-soc',
+    'so-kratos',
+    'so-acng',
+    'so-idstools',
+    'so-redis',
+    'so-elasticsearch',
+    'so-logstash',
+    'so-kibana',
+    'so-elastalert',
+    'so-filebeat',
+    'so-soctopus'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/mastersearch.map.jinja b/salt/common/maps/mastersearch.map.jinja
new file mode 100644
index 000000000..9c2e6eff7
--- /dev/null
+++ b/salt/common/maps/mastersearch.map.jinja
@@ -0,0 +1,18 @@
+{% set docker = {
+  'containers': [
+    'so-nginx',
+    'so-telegraf',
+    'so-soc',
+    'so-kratos',
+    'so-acng',
+    'so-idstools',
+    'so-redis',
+    'so-logstash',
+    'so-elasticsearch',
+    'so-curator',
+    'so-kibana',
+    'so-elastalert',
+    'so-filebeat',
+    'so-soctopus'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/playbook.map.jinja b/salt/common/maps/playbook.map.jinja
new file mode 100644
index 000000000..064262119
--- /dev/null
+++ b/salt/common/maps/playbook.map.jinja
@@ -0,0 +1,6 @@
+{% set docker = {
+  'containers': [
+    'so-playbook',
+    'so-navigator'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/searchnode.map.jinja b/salt/common/maps/searchnode.map.jinja
new file mode 100644
index 000000000..b46652742
--- /dev/null
+++ b/salt/common/maps/searchnode.map.jinja
@@ -0,0 +1,10 @@
+{% set docker = {
+  'containers': [
+    'so-nginx',
+    'so-telegraf',
+    'so-logstash',
+    'so-elasticsearch',
+    'so-curator',
+    'so-filebeat'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/sensor.map.jinja b/salt/common/maps/sensor.map.jinja
new file mode 100644
index 000000000..e77352692
--- /dev/null
+++ b/salt/common/maps/sensor.map.jinja
@@ -0,0 +1,9 @@
+{% set docker = {
+  'containers': [
+    'so-nginx',
+    'so-telegraf',
+    'so-steno',
+    'so-suricata',
+    'so-filebeat'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/so-status.map.jinja b/salt/common/maps/so-status.map.jinja
new file mode 100644
index 000000000..5fff744d4
--- /dev/null
+++ b/salt/common/maps/so-status.map.jinja
@@ -0,0 +1,61 @@
+{% set role = grains.id.split('_') | last %}
+{% from 'common/map/'~ role ~'.map.jinja' import docker with context %}
+
+# Check if the service is enabled and append it's required containers
+# to the list predefined by the role / minion id affix
+{% macro append_containers(pillar_name, k, compare )%}
+  {% if salt['pillar.get'](pillar_name~':'~k, {}) !=  %}
+    {% from 'common/maps/'~k~'.map.jinja' import docker as d with context %}
+    {% for li in d['containers'] %}
+      {{ docker['containers'].append(li) }}
+    {% endfor %}
+  {% endif %}
+{% endmacro %}
+
+{% set docker = salt['grains.filter_by']({
+  '*_'~role: {
+    'containers': docker['containers']
+  } 
+},grain='id', merge=salt['pillar.get']('docker')) %}
+
+{% if role == 'eval' %}
+  {{ append_containers('master', 'grafana', '0') }}
+  {{ append_containers('static', 'fleet_master', '0') }}
+  {{ append_containers('master', 'wazuh', '0') }}
+  {{ append_containers('master', 'thehive', '0') }}
+  {{ append_containers('master', 'playbook', '0') }}
+  {{ append_containers('master', 'freq', '0') }}
+  {{ append_containers('master', 'domainstats', '0') }}
+{% endif %}
+
+{% if role == 'heavynode' %}
+  {{ append_containers('static', 'broversion', 'SURICATA') }}
+{% endif %}
+
+{% if role == 'mastersearch' %}
+  {{ append_containers('master', 'grafana', '0') }}
+  {{ append_containers('static', 'fleet_master, '0'') }}
+  {{ append_containers('master', 'wazuh', '0') }}
+  {{ append_containers('master', 'thehive', '0') }}
+  {{ append_containers('master', 'playbook', '0') }}
+  {{ append_containers('master', 'freq', '0') }}
+  {{ append_containers('master', 'domainstats', '0') }}
+{% endif %}
+
+{% if role == 'master' %}
+  {{ append_containers('master', 'grafana', '0') }}
+  {{ append_containers('static', 'fleet_master', '0') }}
+  {{ append_containers('master', 'wazuh', '0') }}
+  {{ append_containers('master', 'thehive', '0') }}
+  {{ append_containers('master', 'playbook', '0') }}
+  {{ append_containers('master', 'freq', '0') }}
+  {{ append_containers('master', 'domainstats', '0') }}
+{% endif %}
+
+{% if role == 'searchnode' %}
+  {{ append_containers('master', 'wazuh', '0') }}
+{% endif %}
+
+{% if role == 'sensor' %}
+  {{ append_containers('static', 'broversion', 'SURICATA') }}
+{% endif %}
\ No newline at end of file
diff --git a/salt/common/maps/thehive.map.jinja b/salt/common/maps/thehive.map.jinja
new file mode 100644
index 000000000..e4ca7d2a2
--- /dev/null
+++ b/salt/common/maps/thehive.map.jinja
@@ -0,0 +1,7 @@
+{% set docker = {
+  'containers': [
+    'so-thehive',
+    'so-thehive-es',
+    'so-cortex'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/warmnode.map.jinja b/salt/common/maps/warmnode.map.jinja
new file mode 100644
index 000000000..08cf2dbb8
--- /dev/null
+++ b/salt/common/maps/warmnode.map.jinja
@@ -0,0 +1,7 @@
+{% set docker = {
+  'containers': [
+    'so-nginx',
+    'so-telegraf',
+    'so-elasticsearch'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/maps/wazuh.map.jinja b/salt/common/maps/wazuh.map.jinja
new file mode 100644
index 000000000..5217a79ee
--- /dev/null
+++ b/salt/common/maps/wazuh.map.jinja
@@ -0,0 +1,5 @@
+{% set docker = {
+  'containers': [
+    'so-wazuh'
+  ]
+} %}
\ No newline at end of file
diff --git a/salt/common/tools/sbin/so-status b/salt/common/tools/sbin/so-status
index 0fb202a51..29c029623 100755
--- a/salt/common/tools/sbin/so-status
+++ b/salt/common/tools/sbin/so-status
@@ -14,35 +14,8 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-{%- set pillar_suffix = ':containers' -%}
-{%- if (salt['grains.get']('role') == 'so-mastersearch') -%}
-    {%- set pillar_val = 'master_search' -%}
-{%- elif (salt['grains.get']('role') == 'so-master') -%}
-    {%- set pillar_val = 'master' -%}
-{%- elif (salt['grains.get']('role') == 'so-heavynode') -%}
-    {%- set pillar_val = 'heavy_node' -%}
-{%- elif (salt['grains.get']('role') == 'so-sensor') -%}
-    {%- set pillar_val = 'sensor' -%}
-{%- elif (salt['grains.get']('role') == 'so-eval') -%}
-    {%- set pillar_val = 'eval' -%}
-{%- elif (salt['grains.get']('role') == 'so-fleet') -%}
-    {%- set pillar_val = 'fleet' -%}
-{%- elif (salt['grains.get']('role') == 'so-helix') -%}
-    {%- set pillar_val = 'helix' -%}
-{%- elif (salt['grains.get']('role') == 'so-node') -%}
-    {%- if (salt['pillar.get']('node:node_type') == 'parser') -%}
-        {%- set pillar_val = 'parser_node' -%}
-    {%- elif (salt['pillar.get']('node:node_type') == 'hot') -%}
-        {%- set pillar_val = 'hot_node' -%}
-    {%- elif (salt['pillar.get']('node:node_type') == 'warm') -%}
-        {%- set pillar_val = 'warm_node' -%}
-    {%- elif (salt['pillar.get']('node:node_type') == 'search') -%}
-        {%- set pillar_val = 'search_node' -%}
-    {%- endif -%}
-{%- endif -%}
-{%- set pillar_name = pillar_val ~ pillar_suffix -%}
-{%- set container_list = salt['pillar.get'](pillar_name) %}
+{%- from 'common/maps/so-status.map.jinja' import docker with context %}
+{%- set container_list = docker['containers'] %}
 
 if ! [ "$(id -u)" = 0 ]; then
    echo "This command must be run as root"