CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1832 from Security-Onion-Solutions/patch_2.3.3

Browse Source 
Patch 2.3.3
This commit is contained in:
Josh Patterson
2020-11-05 10:00:43 -05:00
committed by GitHub
parent 8d5c29340e fea6e6f4f9
commit ec3f35c360
10 changed files with 78 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -1,6 +1,6 @@
## Security Onion 2.3.2 ## Security Onion 2.3.3
Security Onion 2.3.2 is here! Security Onion 2.3.3 is here!
## Screenshots ## Screenshots

20
VERIFY_ISO.md
View File

@@ -1,16 +1,16 @@
### 2.3.2 ISO image built on 2020/10/25 ### 2.3.3 ISO image built on 2020/10/25
### Download and Verify ### Download and Verify
2.3.2 ISO image: 2.3.3 ISO image:
https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso https://download.securityonion.net/file/securityonion/securityonion-2.3.3.iso
MD5: EF2DEBCCBAE0B0BCCC906552B5FF918A MD5: 8010C32803CD62AA3F61487524E37049
SHA1: 16AFCACB102BD217A038044D64E7A86DA351640E SHA1: DCA300424C9DF81A4F332B8AA3945E18779C9D28
SHA256: 7125F90B6323179D0D29F5745681BE995BD2615E64FA1E0046D94888A72C539E SHA256: 1099494AA3E476D682746AAD9C2BD7DED292589DFAAB7B517933336C07AA01D0
Signature for ISO image: Signature for ISO image:
https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.3.iso.sig
Signing key: Signing key:
https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS
@@ -24,17 +24,17 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
Download the signature file for the ISO: Download the signature file for the ISO:
``` ```
wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.2.iso.sig wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.3.iso.sig
``` ```
Download the ISO image: Download the ISO image:
``` ```
wget https://download.securityonion.net/file/securityonion/securityonion-2.3.2.iso wget https://download.securityonion.net/file/securityonion/securityonion-2.3.3.iso
``` ```
Verify the downloaded ISO image using the signature file: Verify the downloaded ISO image using the signature file:
``` ```
gpg --verify securityonion-2.3.2.iso.sig securityonion-2.3.2.iso gpg --verify securityonion-2.3.3.iso.sig securityonion-2.3.3.iso
``` ```
The output should show "Good signature" and the Primary key fingerprint should match what's shown below: The output should show "Good signature" and the Primary key fingerprint should match what's shown below:

2
VERSION
View File

@@ -1 +1 @@
2.3.10 2.3.10

50
salt/common/tools/sbin/soup
View File

@@ -140,9 +140,8 @@ detect_os() {
} }
highstate() { highstate() {
# Run a highstate but first cancel a running one. # Run a highstate.
salt-call saltutil.kill_all_jobs salt-call state.highstate -l info queue=True
salt-call state.highstate -l info
} }
masterlock() { masterlock() {
@@ -286,7 +285,7 @@ unmount_update() {
update_centos_repo() { update_centos_repo() {
# Update the files in the repo # Update the files in the repo
echo "Syncing new updates to /nsm/repo" echo "Syncing new updates to /nsm/repo"
rsync -a $AGDOCKER/repo /nsm/repo rsync -av $AGREPO/* /nsm/repo/
echo "Creating repo" echo "Creating repo"
createrepo /nsm/repo createrepo /nsm/repo
} }
@@ -381,8 +380,6 @@ update_dockers() {
docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION
done done
fi fi
# Cleanup on Aisle 4
clean_dockers
echo "Add Registry back if airgap" echo "Add Registry back if airgap"
if [ $is_airgap -eq 0 ]; then if [ $is_airgap -eq 0 ]; then
docker load -i $AGDOCKER/registry_image.tar docker load -i $AGDOCKER/registry_image.tar
@@ -411,6 +408,10 @@ upgrade_check_salt() {
if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then
echo "You are already running the correct version of Salt for Security Onion." echo "You are already running the correct version of Salt for Security Onion."
else else
UPGRADESALT=1
fi
}
upgrade_salt() {
SALTUPGRADED=True SALTUPGRADED=True
echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION." echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION."
echo "" echo ""
@@ -421,7 +422,11 @@ upgrade_check_salt() {
yum versionlock delete "salt-*" yum versionlock delete "salt-*"
echo "Updating Salt packages and restarting services." echo "Updating Salt packages and restarting services."
echo "" echo ""
sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION" if [ $is_airgap -eq 0 ]; then
sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -r -F -M -x python3 stable "$NEWSALTVERSION"
else
sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -F -M -x python3 stable "$NEWSALTVERSION"
fi
echo "Applying yum versionlock for Salt." echo "Applying yum versionlock for Salt."
echo "" echo ""
yum versionlock add "salt-*" yum versionlock add "salt-*"
@@ -441,7 +446,6 @@ upgrade_check_salt() {
apt-mark hold "salt-master" apt-mark hold "salt-master"
apt-mark hold "salt-minion" apt-mark hold "salt-minion"
fi fi
fi
} }
verify_latest_update_script() { verify_latest_update_script() {
@@ -502,29 +506,39 @@ echo "Let's see if we need to update Security Onion."
upgrade_check upgrade_check
space_check space_check
echo "Checking for Salt Master and Minion updates."
upgrade_check_salt
echo "" echo ""
echo "Performing upgrade from Security Onion $INSTALLEDVERSION to Security Onion $NEWVERSION." echo "Performing upgrade from Security Onion $INSTALLEDVERSION to Security Onion $NEWVERSION."
echo "" echo ""
echo "Updating dockers to $NEWVERSION."
update_dockers
echo ""
echo "Stopping Salt Minion service." echo "Stopping Salt Minion service."
systemctl stop salt-minion systemctl stop salt-minion
echo "" echo ""
echo "Stopping Salt Master service." echo "Stopping Salt Master service."
systemctl stop salt-master systemctl stop salt-master
echo "" echo ""
echo "Checking for Salt Master and Minion updates."
upgrade_check_salt
# Does salt need upgraded. If so update it.
if [ "$UPGRADESALT" == "1" ]; then
echo "Upgrading Salt"
# Update the repo files so it can actually upgrade
if [ $is_airgap -eq 0 ]; then
update_centos_repo
yum clean all
fi
upgrade_salt
fi
echo "Making pillar changes." echo "Making pillar changes."
pillar_changes pillar_changes
echo "" echo ""
echo ""
echo "Updating dockers to $NEWVERSION."
update_dockers
# Only update the repo if its airgap # Only update the repo if its airgap
if [ $is_airgap -eq 0 ]; then if [[ $is_airgap -eq 0 ]] && [[ "$UPGRADESALT" != "1" ]]; then
update_centos_repo update_centos_repo
fi fi
@@ -561,10 +575,12 @@ highstate
playbook playbook
unmount_update unmount_update
SALTUPGRADED="True" if [ "$UPGRADESALT" == "1" ]; then
if [[ "$SALTUPGRADED" == "True" ]]; then
echo "" echo ""
echo "Upgrading Salt on the remaining Security Onion nodes from $INSTALLEDSALTVERSION to $NEWSALTVERSION." echo "Upgrading Salt on the remaining Security Onion nodes from $INSTALLEDSALTVERSION to $NEWSALTVERSION."
if [ $is_airgap -eq 0 ]; then
salt -C 'not *_eval and not *_helix and not *_manager and not *_managersearch and not *_standalone' cmd.run "yum clean all"
fi
salt -C 'not *_eval and not *_helix and not *_manager and not *_managersearch and not *_standalone' -b $BATCHSIZE state.apply salt.minion salt -C 'not *_eval and not *_helix and not *_manager and not *_managersearch and not *_standalone' -b $BATCHSIZE state.apply salt.minion
echo "" echo ""
fi fi

13
salt/salt/map.jinja
View File

@@ -1,5 +1,6 @@
{% import_yaml 'salt/minion.defaults.yaml' as salt %} {% import_yaml 'salt/minion.defaults.yaml' as saltminion %}
{% set SALTVERSION = salt.salt.minion.version %} {% set SALTVERSION = saltminion.salt.minion.version %}
{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
{% if grains.os|lower == 'ubuntu' %} {% if grains.os|lower == 'ubuntu' %}
{% set COMMON = 'salt-common' %} {% set COMMON = 'salt-common' %}
@@ -9,10 +10,14 @@
{% if grains.saltversion|string != SALTVERSION|string %} {% if grains.saltversion|string != SALTVERSION|string %}
{% if grains.os|lower in ['centos', 'redhat'] %} {% if grains.os|lower in ['centos', 'redhat'] %}
{% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION %} {% if ISAIRGAP is sameas true %}
{% set UPGRADECOMMAND = 'yum clean all && yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -r -F -x python3 stable ' ~ SALTVERSION %}
{% else %}
{% set UPGRADECOMMAND = 'yum versionlock delete "salt-*" && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION %}
{% endif %}
{% elif grains.os|lower == 'ubuntu' %} {% elif grains.os|lower == 'ubuntu' %}
{% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION %} {% set UPGRADECOMMAND = 'apt-mark unhold salt-common && apt-mark unhold salt-minion && sh /usr/sbin/bootstrap-salt.sh -F -x python3 stable ' ~ SALTVERSION %}
{% endif %} {% endif %}
{% else %} {% else %}
{% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %} {% set UPGRADECOMMAND = 'echo Already running Salt Minon version ' ~ SALTVERSION %}
{% endif %} {% endif %}

2
salt/salt/master.defaults.yaml
View File

@@ -2,4 +2,4 @@
# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions
salt: salt:
master: master:
version: 3001.1 version: 3002.1

2
salt/salt/minion.defaults.yaml
View File

@@ -2,4 +2,4 @@
# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions
salt: salt:
minion: minion:
version: 3001.1 version: 3002.1

5
salt/soc/files/soc/changes.json
View File

@@ -1,8 +1,7 @@
{ {
"title": "Security Onion 2.3.2 is here!", "title": "Security Onion 2.3.3 is here!",
"changes": [ "changes": [
{ "summary": "Elastic components have been upgraded to 7.9.3." }, { "summary": "Updated salt to 3002.1 to address CVE-2020-16846, CVE-2020-17490, CVE-2020-25592." },
{ "summary": "Fixed an issue where curator was unable to delete a closed index." },
{ "summary": "Cheat sheet is now available for airgap installs." }, { "summary": "Cheat sheet is now available for airgap installs." },
{ "summary": "Known Issues <ul><li>It is still possible to update your grid from any release candidate to 2.3. However, if you have a true production deployment, then we recommend a fresh image and install for best results.</li><li>In 2.3.0 we made some changes to data types in the elastic index templates. This will cause some errors in Kibana around field conflicts. You can address this in 2 ways:<ol><li>Delete all the data on the ES nodes preserving all of your other settings suchs as BPFs by running sudo so-elastic-clear on all the search nodes</li><li>Re-Index the data. This is not a quick process but you can find more information at <a href='https://docs.securityonion.net/en/2.3/elasticsearch.html#re-indexing' target='so-help'>https://docs.securityonion.net/en/2.3/elasticsearch.html#re-indexing</a></li></ol><li>Please be patient as we update our documentation. We have made a concerted effort to update as much as possible but some things still may be incorrect or ommited. If you have questions or feedback, please start a discussion at <a href='https://securityonion.net/discuss' target='so-discuss'>https://securityonion.net/discuss</a>.</li><li>Once you update your grid to 2.3.0, any new nodes that join the grid must be 2.3.0. For example, if you try to join a new RC1 node it will fail. For best results, use the latest ISO (or 2.3.0 installer from github) when joining to an 2.3.0 grid.</li><li>Shipping Windows Eventlogs with Osquery will fail intermittently with utf8 errors logged in the Application log. This is scheduled to be fixed in Osquery 4.5.</li><li>When running soup to upgrade from RC1/RC2/RC3 to 2.3.0, there is a Salt error that occurs during the final highstate. This error is related to the patch_os_schedule and can be ignored as it will not occur again in subsequent highstates.</li><li>When Search Nodes are upgraded from RC1 to 2.3.0, there is a chance of a race condition where certificates are missing. This will show errors in the manager log to the remote node. To fix this run the following on the search node that is having the issue:<ol><li>Stop elasticsearch - <i>sudo so-elasticsearch-stop</i></li><li>Run the SSL state - <i>sudo salt-call state.apply ssl</i></li><li>Restart elasticsearch - <i>sudo so-elasticsearch-restart</i></li></ol></li><li>If you are upgrading from RC1 you might see errors around registry:2 missing. This error does not break the actual upgrade. To fix, run the following on the manager:</li><ol><li>Stop the Docker registry - sudo docker stop so-dockerregistry</li><li>Remove the container - sudo docker rm so-dockerregistry</li><li>Run the registry state - sudo salt-call state.apply registry</li></ol></ul>" } { "summary": "Known Issues <ul><li>It is still possible to update your grid from any release candidate to 2.3. However, if you have a true production deployment, then we recommend a fresh image and install for best results.</li><li>In 2.3.0 we made some changes to data types in the elastic index templates. This will cause some errors in Kibana around field conflicts. You can address this in 2 ways:<ol><li>Delete all the data on the ES nodes preserving all of your other settings suchs as BPFs by running sudo so-elastic-clear on all the search nodes</li><li>Re-Index the data. This is not a quick process but you can find more information at <a href='https://docs.securityonion.net/en/2.3/elasticsearch.html#re-indexing' target='so-help'>https://docs.securityonion.net/en/2.3/elasticsearch.html#re-indexing</a></li></ol><li>Please be patient as we update our documentation. We have made a concerted effort to update as much as possible but some things still may be incorrect or ommited. If you have questions or feedback, please start a discussion at <a href='https://securityonion.net/discuss' target='so-discuss'>https://securityonion.net/discuss</a>.</li><li>Once you update your grid to 2.3.0, any new nodes that join the grid must be 2.3.0. For example, if you try to join a new RC1 node it will fail. For best results, use the latest ISO (or 2.3.0 installer from github) when joining to an 2.3.0 grid.</li><li>Shipping Windows Eventlogs with Osquery will fail intermittently with utf8 errors logged in the Application log. This is scheduled to be fixed in Osquery 4.5.</li><li>When running soup to upgrade from RC1/RC2/RC3 to 2.3.0, there is a Salt error that occurs during the final highstate. This error is related to the patch_os_schedule and can be ignored as it will not occur again in subsequent highstates.</li><li>When Search Nodes are upgraded from RC1 to 2.3.0, there is a chance of a race condition where certificates are missing. This will show errors in the manager log to the remote node. To fix this run the following on the search node that is having the issue:<ol><li>Stop elasticsearch - <i>sudo so-elasticsearch-stop</i></li><li>Run the SSL state - <i>sudo salt-call state.apply ssl</i></li><li>Restart elasticsearch - <i>sudo so-elasticsearch-restart</i></li></ol></li><li>If you are upgrading from RC1 you might see errors around registry:2 missing. This error does not break the actual upgrade. To fix, run the following on the manager:</li><ol><li>Stop the Docker registry - sudo docker stop so-dockerregistry</li><li>Remove the container - sudo docker rm so-dockerregistry</li><li>Run the registry state - sudo salt-call state.apply registry</li></ol></ul>" }
] ]

29
setup/so-functions
View File

@@ -1408,14 +1408,19 @@ reserve_group_ids() {
groupadd -g 946 cyberchef groupadd -g 946 cyberchef
} }
# When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and salt/salt/master.defaults.yaml and salt/salt/minion.defaults.yaml # CAUTION! SALT VERSION UDDATES - READ BELOW
# When updating the salt version, also update the version in:
# - securityonion-builds/iso-resources/build.sh
# - securityonion-builds/iso-resources/packages.lst
# - securityonion/salt/salt/master.defaults.yaml
# - securityonion/salt/salt/minion.defaults.yaml
saltify() { saltify() {
# Install updates and Salt # Install updates and Salt
if [ $OS = 'centos' ]; then if [ $OS = 'centos' ]; then
set_progress_str 5 'Installing Salt repo' set_progress_str 5 'Installing Salt repo'
{ {
sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/SALTSTACK-GPG-KEY.pub; sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/SALTSTACK-GPG-KEY.pub;
cp ./yum_repos/saltstack.repo /etc/yum.repos.d/saltstack.repo; cp ./yum_repos/saltstack.repo /etc/yum.repos.d/saltstack.repo;
} >> "$setup_log" 2>&1 } >> "$setup_log" 2>&1
set_progress_str 6 'Installing various dependencies' set_progress_str 6 'Installing various dependencies'
@@ -1432,14 +1437,14 @@ saltify() {
# Download Ubuntu Keys in case manager updates = 1 # Download Ubuntu Keys in case manager updates = 1
mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
if [[ ! $is_airgap ]]; then if [[ ! $is_airgap ]]; then
logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub" logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub"
logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg" logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg"
logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH" logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH"
logCmd "cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo" logCmd "cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo"
fi fi
set_progress_str 7 'Installing salt-master' set_progress_str 7 'Installing salt-master'
if [[ ! $is_iso ]]; then if [[ ! $is_iso ]]; then
logCmd "yum -y install salt-master-3001.1" logCmd "yum -y install salt-master-3002.1"
fi fi
systemctl enable salt-master >> "$setup_log" 2>&1 systemctl enable salt-master >> "$setup_log" 2>&1
;; ;;
@@ -1467,7 +1472,7 @@ saltify() {
{ {
if [[ ! $is_iso ]]; then if [[ ! $is_iso ]]; then
yum -y install epel-release yum -y install epel-release
yum -y install salt-minion-3001.1\ yum -y install salt-minion-3002.1\
python3\ python3\
python36-docker\ python36-docker\
python36-dateutil\ python36-dateutil\
@@ -1511,8 +1516,8 @@ saltify() {
'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # TODO: should this also be HELIXSENSOR? 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT') # TODO: should this also be HELIXSENSOR?
# Add saltstack repo(s) # Add saltstack repo(s)
wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001.1 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.1 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
# Add Docker repo # Add Docker repo
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1
@@ -1520,7 +1525,7 @@ saltify() {
# Get gpg keys # Get gpg keys
mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3001.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/archive/3002.1/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
@@ -1533,7 +1538,7 @@ saltify() {
set_progress_str 6 'Installing various dependencies' set_progress_str 6 'Installing various dependencies'
apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1 apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1
set_progress_str 7 'Installing salt-master' set_progress_str 7 'Installing salt-master'
apt-get -y install salt-master=3001.1+ds-1 >> "$setup_log" 2>&1 apt-get -y install salt-master=3002.1+ds-1 >> "$setup_log" 2>&1
apt-mark hold salt-master >> "$setup_log" 2>&1 apt-mark hold salt-master >> "$setup_log" 2>&1
;; ;;
*) *)
@@ -1544,14 +1549,14 @@ saltify() {
echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1 echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1
apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3001.1/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/3002.1/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log"
;; ;;
esac esac
apt-get update >> "$setup_log" 2>&1 apt-get update >> "$setup_log" 2>&1
set_progress_str 8 'Installing salt-minion & python modules' set_progress_str 8 'Installing salt-minion & python modules'
apt-get -y install salt-minion=3001.1+ds-1\ apt-get -y install salt-minion=3002.1+ds-1\
salt-common=3001.1+ds-1 >> "$setup_log" 2>&1 salt-common=3002.1+ds-1 >> "$setup_log" 2>&1
apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1 apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1
if [ "$OSVER" != 'xenial' ]; then if [ "$OSVER" != 'xenial' ]; then
apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1 apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1

4
setup/yum_repos/saltstack.repo
View File

@@ -1,6 +1,6 @@
[saltstack] [saltstack]
name=SaltStack repo for RHEL/CentOS $releasever PY3 name=SaltStack repo for RHEL/CentOS $releasever PY3
baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/ baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/
enabled=1 enabled=1
gpgcheck=1 gpgcheck=1
gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3001.1/SALTSTACK-GPG-KEY.pub gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3002.1/SALTSTACK-GPG-KEY.pub