diff --git a/pillar/zeeklogs.sls b/pillar/zeeklogs.sls deleted file mode 100644 index 882cb92a9..000000000 --- a/pillar/zeeklogs.sls +++ /dev/null @@ -1,42 +0,0 @@ -zeeklogs: - enabled: - - conn - - dce_rpc - - dhcp - - dhcpv6 - - dnp3 - - dns - - dpd - - files - - ftp - - http - - intel - - irc - - kerberos - - modbus - - mqtt - - notice - - ntlm - - openvpn - - pe - - radius - - rfb - - rdp - - signatures - - sip - - smb_files - - smb_mapping - - smtp - - snmp - - software - - ssh - - ssl - - syslog - - telnet - - tunnel - - weird - - mysql - - socks - - x509 - - disabled: diff --git a/setup/so-functions b/setup/so-functions index 2c028174a..3d51a9bd9 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1119,8 +1119,6 @@ manager_pillar() { " kratoskey: $KRATOSKEY"\ "" >> "$pillar_file" - printf '%s\n' '----' >> "$setup_log" 2>&1 - cat "$pillar_file" >> "$setup_log" 2>&1 } manager_global() { @@ -1326,8 +1324,6 @@ elasticsearch_pillar() { " lsheap: $NODE_LS_HEAP_SIZE"\ "" >> "$pillar_file" - printf '%s\n' '----' >> "$setup_log" 2>&1 - cat "$pillar_file" >> "$setup_log" 2>&1 } parse_install_username() { @@ -1347,9 +1343,6 @@ patch_pillar() { " splay: 300"\ "" >> "$pillar_file" - printf '%s\n' '----' >> "$setup_log" 2>&1 - cat "$pillar_file" >> "$setup_log" 2>&1 - } patch_schedule_os_new() { @@ -1372,8 +1365,6 @@ patch_schedule_os_new() { done done - printf '%s\n' '----' >> "$setup_log" 2>&1 - cat "$OSPATCHSCHEDULE" >> "$setup_log" 2>&1 } print_salt_state_apply() { @@ -1746,8 +1737,6 @@ sensor_pillar() { echo " hnsensor: $HNSENSOR" >> "$pillar_file" fi - printf '%s\n' '----' >> "$setup_log" 2>&1 - cat "$pillar_file" >> "$setup_log" 2>&1 } set_default_log_size() { @@ -2031,7 +2020,7 @@ es_heapsize() { zeek_logs_enabled() { echo "Enabling Zeek Logs" >> "$setup_log" 2>&1 - local zeeklogs_pillar=./pillar/zeeklogs.sls + local zeeklogs_pillar=$local_salt_dir/pillar/zeeklogs.sls printf '%s\n'\ "zeeklogs:"\ @@ -2043,44 +2032,44 @@ zeek_logs_enabled() { done elif [ "$install_type" == "EVAL" ] || [ "$install_type" == "IMPORT" ]; then printf '%s\n'\ - " - conn"\ - " - dce_rpc"\ - " - dhcp"\ - " - dhcpv6"\ - " - dnp3"\ - " - dns"\ - " - dpd"\ - " - files"\ - " - ftp"\ - " - http"\ - " - intel"\ - " - irc"\ - " - kerberos"\ - " - modbus"\ - " - mqtt"\ - " - notice"\ - " - ntlm"\ - " - openvpn"\ - " - pe"\ - " - radius"\ - " - rfb"\ - " - rdp"\ - " - signatures"\ - " - sip"\ - " - smb_files"\ - " - smb_mapping"\ - " - smtp"\ - " - snmp"\ - " - software"\ - " - ssh"\ - " - ssl"\ - " - syslog"\ - " - telnet"\ - " - tunnel"\ - " - weird"\ - " - mysql"\ - " - socks"\ - " - x509" >> "$zeeklogs_pillar" + " - conn"\ + " - dce_rpc"\ + " - dhcp"\ + " - dhcpv6"\ + " - dnp3"\ + " - dns"\ + " - dpd"\ + " - files"\ + " - ftp"\ + " - http"\ + " - intel"\ + " - irc"\ + " - kerberos"\ + " - modbus"\ + " - mqtt"\ + " - notice"\ + " - ntlm"\ + " - openvpn"\ + " - pe"\ + " - radius"\ + " - rfb"\ + " - rdp"\ + " - signatures"\ + " - sip"\ + " - smb_files"\ + " - smb_mapping"\ + " - smtp"\ + " - snmp"\ + " - software"\ + " - ssh"\ + " - ssl"\ + " - syslog"\ + " - telnet"\ + " - tunnel"\ + " - weird"\ + " - mysql"\ + " - socks"\ + " - x509" >> "$zeeklogs_pillar" # Disable syslog log by default else printf '%s\n'\ @@ -2122,7 +2111,4 @@ zeek_logs_enabled() { " - socks"\ " - x509" >> "$zeeklogs_pillar" fi - - printf '%s\n' '----' >> "$setup_log" 2>&1 - cat "$zeeklogs_pillar" >> "$setup_log" 2>&1 } diff --git a/setup/so-setup b/setup/so-setup index 3c2a6e94d..d81423d94 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -490,17 +490,17 @@ fi set_progress_str 5 'Installing Salt and dependencies' saltify 2>> $setup_log - set_progress_str 7 'Installing Docker and dependencies' + set_progress_str 6 'Installing Docker and dependencies' docker_install >> $setup_log 2>&1 - set_progress_str 8 'Generating patch pillar' + set_progress_str 7 'Generating patch pillar' patch_pillar >> $setup_log 2>&1 - set_progress_str 9 'Initializing Salt minion' + set_progress_str 8 'Initializing Salt minion' configure_minion "$minion_type" >> $setup_log 2>&1 if [[ $is_manager || $is_helix || $is_import ]]; then - set_progress_str 10 'Configuring Salt master' + set_progress_str 9 'Configuring Salt master' { create_local_directories; addtotab_generate_templates; @@ -509,17 +509,22 @@ fi firewall_generate_templates; } >> $setup_log 2>&1 - set_progress_str 11 'Updating sudoers file for soremote user' + set_progress_str 10 'Updating sudoers file for soremote user' update_sudoers >> $setup_log 2>&1 - set_progress_str 12 'Generating manager global pillar' + set_progress_str 11 'Generating manager global pillar' #minio_generate_keys manager_global >> $setup_log 2>&1 - set_progress_str 13 'Generating manager pillar' + set_progress_str 12 'Generating manager pillar' manager_pillar >> $setup_log 2>&1 fi + if [[ $is_sensor || $is_import ]]; then + set_progress_str 13 'Generating zeeklogs pillar' + zeek_logs_enabled >> $setup_log 2>&1 + fi + set_progress_str 16 'Running first Salt checkin' salt_firstcheckin >> $setup_log 2>&1 @@ -617,6 +622,7 @@ fi salt-call state.apply -l info suricata >> $setup_log 2>&1 set_progress_str 67 "$(print_salt_state_apply 'zeek')" + zeek_logs_enabled >> $setup_log 2>&1 salt-call state.apply -l info zeek >> $setup_log 2>&1 fi diff --git a/setup/so-variables b/setup/so-variables index 057c67ff2..83b9b4325 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -54,8 +54,10 @@ export percentage_str='Getting started' export DEBIAN_FRONTEND=noninteractive export default_salt_dir=/opt/so/saltstack/default +mkdir -p "$default_salt_dir" export local_salt_dir=/opt/so/saltstack/local +mkdir -p "$local_salt_dir" SCRIPTDIR=$(cd "$(dirname "$0")" && pwd) export SCRIPTDIR