CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10662 from Security-Onion-Solutions/desktop

Browse Source 
Desktop State
This commit is contained in:
Mike Reeves
2023-06-26 10:48:41 -04:00
committed by GitHub
parent c2efd7ef64 3952c1a9b7
commit ec427cde08
7 changed files with 315 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/workstation/init.sls → salt/desktop/init.sls
View File

@@ -1,7 +1,7 @@
include:
- workstation.xwindows
- desktop.xwindows
{# If the master is 'salt' then the minion hasn't been configured and isn't connected to the grid. #}
{# We need this since the trusted-ca state uses mine data. #}
{% if grains.master != 'salt' %}
- workstation.trusted-ca
- desktop.trusted-ca
{% endif %}

302
salt/desktop/packages.sls Normal file
View File

@@ -0,0 +1,302 @@
{% from 'vars/globals.map.jinja' import GLOBALS %}
{# we only want this state to run it is CentOS #}
{% if GLOBALS.os == 'Rocky' %}
desktop_packages:
pkg.installed:
- pkgs:
- NetworkManager
- NetworkManager-adsl
- NetworkManager-bluetooth
- NetworkManager-l2tp-gnome
- NetworkManager-libreswan-gnome
- NetworkManager-openconnect-gnome
- NetworkManager-openvpn-gnome
- NetworkManager-ppp
- NetworkManager-pptp-gnome
- NetworkManager-team
- NetworkManager-tui
- NetworkManager-wifi
- NetworkManager-wwan
- PackageKit-gstreamer-plugin
- aajohan-comfortaa-fonts
- abattis-cantarell-fonts
- acl
- alsa-ucm
- alsa-utils
- anaconda
- anaconda-install-env-deps
- anaconda-live
- at
- attr
- audit
- authselect
- basesystem
- bash
- bash-completion
- bc
- blktrace
- bluez
- bolt
- bpftool
- bzip2
- chkconfig
- chrony
- cinnamon
- cinnamon-control-center
- cinnamon-screensaver
- cockpit
- coreutils
- cpio
- cronie
- crontabs
- crypto-policies
- crypto-policies-scripts
- cryptsetup
- curl
- cyrus-sasl-plain
- dbus
- dejavu-sans-fonts
- dejavu-sans-mono-fonts
- dejavu-serif-fonts
- dnf
- dnf-plugins-core
- dos2unix
- dosfstools
- dracut-config-rescue
- dracut-live
- e2fsprogs
- ed
- efi-filesystem
- efibootmgr
- efivar-libs
- eom
- ethtool
- f36-backgrounds-extras-gnome
- f36-backgrounds-gnome
- f37-backgrounds-extras-gnome
- f37-backgrounds-gnome
- file
- filesystem
- firewall-config
- firewalld
- fprintd-pam
- git
- glibc
- glibc-all-langpacks
- gnome-calculator
- gnome-disk-utility
- gnome-screenshot
- gnome-system-monitor
- gnome-terminal
- gnupg2
- google-noto-emoji-color-fonts
- google-noto-sans-cjk-ttc-fonts
- google-noto-sans-gurmukhi-fonts
- google-noto-sans-sinhala-vf-fonts
- google-noto-serif-cjk-ttc-fonts
- grub2-common
- grub2-pc-modules
- grub2-tools
- grub2-tools-efi
- grub2-tools-extra
- grub2-tools-minimal
- grubby
- gstreamer1-plugins-bad-free
- gstreamer1-plugins-good
- gstreamer1-plugins-ugly-free
- gvfs-gphoto2
- gvfs-mtp
- gvfs-smb
- hostname
- hyperv-daemons
- ibus-anthy
- ibus-hangul
- ibus-libpinyin
- ibus-libzhuyin
- ibus-m17n
- ibus-typing-booster
- imsettings-systemd
- initial-setup-gui
- initscripts
- initscripts-rename-device
- iproute
- iproute-tc
- iprutils
- iputils
- irqbalance
- iwl100-firmware
- iwl1000-firmware
- iwl105-firmware
- iwl135-firmware
- iwl2000-firmware
- iwl2030-firmware
- iwl3160-firmware
- iwl5000-firmware
- iwl5150-firmware
- iwl6000g2a-firmware
- iwl6000g2b-firmware
- iwl6050-firmware
- iwl7260-firmware
- jomolhari-fonts
- julietaula-montserrat-fonts
- kbd
- kernel
- kernel-modules
- kernel-modules-extra
- kernel-tools
- kexec-tools
- khmer-os-system-fonts
- kmod-kvdo
- kpatch
- kpatch-dnf
- ledmon
- less
- liberation-mono-fonts
- liberation-sans-fonts
- liberation-serif-fonts
- libertas-sd8787-firmware
- libstoragemgmt
- libsysfs
- lightdm
- linux-firmware
- logrotate
- lohit-assamese-fonts
- lohit-bengali-fonts
- lohit-devanagari-fonts
- lohit-gujarati-fonts
- lohit-kannada-fonts
- lohit-odia-fonts
- lohit-tamil-fonts
- lohit-telugu-fonts
- lshw
- lsof
- lsscsi
- lvm2
- mailcap
- man-db
- man-pages
- mcelog
- mdadm
- memtest86+
- metacity
- microcode_ctl
- mlocate
- mtr
- nano
- ncurses
- nemo-fileroller
- nemo-image-converter
- nemo-preview
- net-tools
- netronome-firmware
- nm-connection-editor
- nmap-ncat
- nvme-cli
- open-vm-tools-desktop
- openssh-clients
- openssh-server
- p11-kit
- paktype-naskh-basic-fonts
- parole
- parted
- passwd
- pciutils
- pinfo
- pipewire
- pipewire-alsa
- pipewire-gstreamer
- pipewire-jack-audio-connection-kit
- pipewire-pulseaudio
- pipewire-utils
- plymouth
- policycoreutils
- powerline
- ppp
- prefixdevname
- procps-ng
- psacct
- pt-sans-fonts
- python3-libselinux
- qemu-guest-agent
- quota
- realmd
- redshift-gtk
- rocky-backgrounds
- rocky-release
- rootfiles
- rpm
- rpm-plugin-audit
- rsync
- rsyslog
- rsyslog-gnutls
- rsyslog-gssapi
- rsyslog-relp
- salt-minion
- sane-backends-drivers-scanners
- selinux-policy-targeted
- setroubleshoot
- setup
- sg3_utils
- sg3_utils-libs
- shadow-utils
- sil-abyssinica-fonts
- sil-nuosu-fonts
- sil-padauk-fonts
- slick-greeter
- slick-greeter-cinnamon
- smartmontools
- smc-meera-fonts
- sos
- spice-vdagent
- sssd
- sssd-common
- sssd-kcm
- stix-fonts
- strace
- sudo
- symlinks
- syslinux
- systemd
- systemd-udev
- tar
- tcpdump
- teamd
- thai-scalable-waree-fonts
- time
- tmux
- tmux-powerline
- transmission
- tree
- tuned
- unzip
- usb_modeswitch
- usbutils
- util-linux
- util-linux-user
- vdo
- vim-enhanced
- vim-minimal
- vim-powerline
- virt-what
- wget
- which
- wireplumber
- words
- xdg-user-dirs-gtk
- xed
- xfsdump
- xfsprogs
- xreader
- yum
- zip
{% else %}
desktop_packages_os_fail:
test.fail_without_changes:
- comment: 'SO Analyst Workstation can only be installed on Rocky'
{% endif %}

4
salt/workstation/remove_gui.sls → salt/desktop/remove_gui.sls
View File

@@ -10,8 +10,8 @@ remove_graphical_target:
- force: True
{% else %}
workstation_trusted-ca_os_fail:
desktop_trusted-ca_os_fail:
test.fail_without_changes:
- comment: 'SO Analyst Workstation can only be installed on CentOS'
- comment: 'SO Desktop can only be installed on Rocky'
{% endif %}

2
salt/workstation/trusted-ca.sls → salt/desktop/trusted-ca.sls
View File

@@ -29,7 +29,7 @@ update_ca_certs:
{% else %}
workstation_trusted-ca_os_fail:
desktop_trusted-ca_os_fail:
test.fail_without_changes:
- comment: 'SO Analyst Workstation can only be installed on CentOS'

9
salt/workstation/xwindows.sls → salt/desktop/xwindows.sls
View File

@@ -4,7 +4,7 @@
{% if GLOBALS.os == 'Rocky' %}
include:
- workstation.packages
- desktop.packages
graphical_target:
file.symlink:
@@ -12,13 +12,12 @@ graphical_target:
- target: /lib/systemd/system/graphical.target
- force: True
- require:
- pkg: X Window System
- pkg: graphical_extras
- desktop_packages
{% else %}
workstation_xwindows_os_fail:
desktop_xwindows_os_fail:
test.fail_without_changes:
- comment: 'SO Analyst Workstation can only be installed on CentOS'
- comment: 'SO Analyst Workstation can only be installed on Rocky'
{% endif %}

8
salt/docker/init.sls
View File

@@ -26,10 +26,10 @@ dockerheldpackages:
dockerheldpackages:
pkg.installed:
- pkgs:
- containerd.io: 1.6.20-3.1.el9
- docker-ce: 23.0.5-1.el9
- docker-ce-cli: 23.0.5-1.el9
- docker-ce-rootless-extras: 23.0.5-1.el9
- containerd.io: 1.6.21-3.1.el9
- docker-ce: 24.0.2-1.el9
- docker-ce-cli: 24.0.2-1.el9
- docker-ce-rootless-extras: 24.0.2-1.el9
- hold: True
- update_holds: True
{% endif %}

62
salt/workstation/packages.sls
View File

@@ -1,62 +0,0 @@
{% from 'vars/globals.map.jinja' import GLOBALS %}
{# we only want this state to run it is CentOS #}
{% if GLOBALS.os == 'Rocky' %}
xwindows_group:
pkg.group_installed:
- name: X Window System
graphical_extras:
pkg.installed:
- pkgs:
- gnome-classic-session
- gnome-terminal
- gnome-terminal-nautilus
- control-center
- liberation-mono-fonts
- file-roller
workstation_packages:
pkg.installed:
- pkgs:
- wget
- curl
- unzip
- gedit
- mono-core
- mono-basic
- mono-winforms
- expect
- wireshark-gnome
- dsniff
- hping3
- netsed
- ngrep
- python36-scapy
- ssldump
- tcpdump
- tcpflow
- whois
- chromium
- libevent
- sslsplit
- perl-IO-Compress
- perl-Net-DNS
- securityonion-networkminer
- securityonion-chaosreader
- securityonion-analyst-extras
- securityonion-bittwist
- securityonion-tcpstat
- securityonion-tcptrace
- securityonion-foremost
- securityonion-strelka-oneshot
- securityonion-strelka-fileshot
{% else %}
workstation_packages_os_fail:
test.fail_without_changes:
- comment: 'SO Analyst Workstation can only be installed on CentOS'
{% endif %}