CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

change to salt 3001.1, fix dupe state name, add git branch option to soup

Browse Source
This commit is contained in:
m0duspwnens
2020-07-27 17:53:02 -04:00
parent 7606cc0ad0
commit e811718ebc
4 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pillar/salt/master.sls
View File

@@ -1,4 +1,4 @@
#version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched #version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
salt: salt:
master: master:
version: 3001 version: 3001.1

2
pillar/salt/minion.sls
View File

@@ -1,4 +1,4 @@
#version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched #version cannot be used elsewhere in this pillar as soup is grepping for it to determine if Salt needs to be patched
salt: salt:
minion: minion:
version: 3001 version: 3001.1

14
salt/common/tools/sbin/soup
View File

@@ -20,6 +20,7 @@ UPDATE_DIR=/tmp/sogh/securityonion
INSTALLEDVERSION=$(cat /etc/soversion) INSTALLEDVERSION=$(cat /etc/soversion)
INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'}) INSTALLEDSALTVERSION=$(salt --versions-report | grep Salt: | awk {'print $2'})
default_salt_dir=/opt/so/saltstack/default default_salt_dir=/opt/so/saltstack/default
SOUP_BRANCH=$1
manager_check() { manager_check() {
# Check to see if this is a manager # Check to see if this is a manager
@@ -44,11 +45,11 @@ clone_to_tmp() {
# Make a temp location for the files # Make a temp location for the files
mkdir -p /tmp/sogh mkdir -p /tmp/sogh
cd /tmp/sogh cd /tmp/sogh
SOUP_BRANCH="" if [ -n "$SOUP_BRANCH" ]; then
if [ -n "$BRANCH" ]; then git clone -b $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git
SOUP_BRANCH="-b $BRANCH" else
git clone https://github.com/Security-Onion-Solutions/securityonion.git
fi fi
git clone $SOUP_BRANCH https://github.com/Security-Onion-Solutions/securityonion.git
cd /tmp cd /tmp
if [ ! -f $UPDATE_DIR/VERSION ]; then if [ ! -f $UPDATE_DIR/VERSION ]; then
echo "Update was unable to pull from github. Please check your internet." echo "Update was unable to pull from github. Please check your internet."
@@ -151,7 +152,12 @@ update_version() {
upgrade_check() { upgrade_check() {
# Let's make sure we actually need to update. # Let's make sure we actually need to update.
if [ -n "$SOUP_BRANCH" ]; then
NEWVERSION="$SOUP_BRANCH"
else
NEWVERSION=$(cat $UPDATE_DIR/VERSION) NEWVERSION=$(cat $UPDATE_DIR/VERSION)
fi
if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then
echo "You are already running the latest version of Security Onion." echo "You are already running the latest version of Security Onion."
exit 0 exit 0

6
salt/ssl/init.sls
View File

@@ -253,7 +253,7 @@ fbcertdir:
- name: /opt/so/conf/filebeat/etc/pki - name: /opt/so/conf/filebeat/etc/pki
- makedirs: True - makedirs: True
/etc/pki/filebeat.key: /opt/so/conf/filebeat/etc/pki/filebeat.key:
x509.private_key_managed: x509.private_key_managed:
- CN: {{ manager }} - CN: {{ manager }}
- bits: 4096 - bits: 4096
@@ -261,9 +261,9 @@ fbcertdir:
- days_valid: 820 - days_valid: 820
- backup: True - backup: True
- new: True - new: True
{% if salt['file.file_exists']('/etc/pki/filebeat.key') -%} {% if salt['file.file_exists']('/opt/so/conf/filebeat/etc/pki/filebeat.key') -%}
- prereq: - prereq:
- x509: /etc/pki/filebeat.crt - x509: /opt/so/conf/filebeat/etc/pki/filebeat.crt
{%- endif %} {%- endif %}
# Request a cert and drop it where it needs to go to be distributed # Request a cert and drop it where it needs to go to be distributed