CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8485 from Security-Onion-Solutions/foxtrot

Browse Source 
Improve local file modification check in SOUP
This commit is contained in:
weslambert
2022-08-08 10:06:13 -04:00
committed by GitHub
parent 4827c9e0d4 fd7a118664
commit e950d865d8
1 changed files with 23 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
salt/common/tools/sbin/soup
View File

@@ -203,7 +203,7 @@ check_airgap() {
check_local_mods() { check_local_mods() {
local salt_local=/opt/so/saltstack/local local salt_local=/opt/so/saltstack/local
local_ignore_arr=("/opt/so/saltstack/local/salt/zeek/policy/intel/intel.dat")
local_mod_arr=() local_mod_arr=()
while IFS= read -r -d '' local_file; do while IFS= read -r -d '' local_file; do
@@ -211,10 +211,12 @@ check_local_mods() {
default_file="${DEFAULT_SALT_DIR}${stripped_path}" default_file="${DEFAULT_SALT_DIR}${stripped_path}"
if [[ -f $default_file ]]; then if [[ -f $default_file ]]; then
file_diff=$(diff "$default_file" "$local_file" ) file_diff=$(diff "$default_file" "$local_file" )
if [[ ! " ${local_ignore_arr[*]} " =~ " ${local_file} " ]]; then
if [[ $(echo "$file_diff" | grep -c "^<") -gt 0 ]]; then if [[ $(echo "$file_diff" | grep -c "^<") -gt 0 ]]; then
local_mod_arr+=( "$local_file" ) local_mod_arr+=( "$local_file" )
fi fi
fi fi
fi
done< <(find $salt_local -type f -print0) done< <(find $salt_local -type f -print0)
if [[ ${#local_mod_arr} -gt 0 ]]; then if [[ ${#local_mod_arr} -gt 0 ]]; then
@@ -223,11 +225,24 @@ check_local_mods() {
echo " $file_str" echo " $file_str"
done done
echo "" echo ""
echo "To reference this list later, check $SOUP_LOG" echo "To reference this list later, check $SOUP_LOG".
sleep 10 echo
if [[ -z $UNATTENDED ]]; then
while true; do
read -p "Please review the local modifications shown above as they may cause problems during or after the update.
Would you like to proceed with the update anyway?
If so, type 'YES'. Otherwise, type anything else to exit SOUP." yn
case $yn in
[yY][eE][sS] ) echo "Local modifications accepted. Continuing..."; break;;
* ) exit 0;;
esac
done
fi
fi fi
} }
# {% endraw %} # {% endraw %}
check_pillar_items() { check_pillar_items() {
@@ -448,7 +463,7 @@ enable_highstate() {
es_version_check() { es_version_check() {
CHECK_ES=$(echo $INSTALLEDVERSION | awk -F. '{print $3}') CHECK_ES=$(echo $INSTALLEDVERSION | awk -F. '{print $3}')
if [ "$CHECK_ES" -lt "110" ]; then if [[ "$CHECK_ES" -lt "110" ]]; then
echo "You are currently running Security Onion $INSTALLEDVERSION. You will need to update to version 2.3.130 before updating to 2.3.140 or higher." echo "You are currently running Security Onion $INSTALLEDVERSION. You will need to update to version 2.3.130 before updating to 2.3.140 or higher."
echo "" echo ""
echo "If your deployment has Internet access, you can use the following command to update to 2.3.130:" echo "If your deployment has Internet access, you can use the following command to update to 2.3.130:"
@@ -1218,6 +1233,7 @@ main() {
set_palette set_palette
check_elastic_license check_elastic_license
echo "" echo ""
check_local_mods
check_os_updates check_os_updates
echo "Generating new repo archive" echo "Generating new repo archive"