From 09c94ddf95742e36c618a89f84f49a45a2a908bb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 24 Feb 2021 08:57:25 -0500 Subject: [PATCH 1/4] Docker Cleanup --- salt/docker_clean/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/docker_clean/init.sls b/salt/docker_clean/init.sls index 21e672c00..0f9e5d26f 100644 --- a/salt/docker_clean/init.sls +++ b/salt/docker_clean/init.sls @@ -3,7 +3,7 @@ {% set IMAGEREPO = salt['pillar.get']('global:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} -{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2']%} +{% set OLDVERSIONS = ['2.0.0-rc.1','2.0.1-rc.1','2.0.2-rc.1','2.0.3-rc.1','2.1.0-rc.2','2.2.0-rc.3','2.3.0','2.3.1','2.3.2','2.3.10','2.3.20']%} {% for VERSION in OLDVERSIONS %} remove_images_{{ VERSION }}: @@ -53,4 +53,4 @@ remove_images_{{ VERSION }}: test.fail_without_changes: - name: {{sls}}_state_not_allowed -{% endif %} \ No newline at end of file +{% endif %} From 3552abfca15422ee44a7766f29596413632471ca Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 24 Feb 2021 11:50:08 -0500 Subject: [PATCH 2/4] ensure info log level - --- salt/salt/minion.sls | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index de85693c6..4b0bbcd3f 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -23,6 +23,15 @@ salt_minion_package: - hold: True - onlyif: test "{{INSTALLEDSALTVERSION}}" == "{{SALTVERSION}}" +set_log_levels: + file.append: + - name: /etc/salt/minion + - text: + - "log_level: info" + - "log_level_log_file: info" + - listen_in: + - service: salt_minion_service + salt_minion_service: service.running: - name: salt-minion From eba5d271aa907db942a4bd1b79194f67ab09e366 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 24 Feb 2021 11:56:43 -0500 Subject: [PATCH 3/4] logfile is 1 word https://github.com/Security-Onion-Solutions/securityonion/issues/3115 --- salt/salt/minion.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 4b0bbcd3f..004fddebe 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -28,7 +28,7 @@ set_log_levels: - name: /etc/salt/minion - text: - "log_level: info" - - "log_level_log_file: info" + - "log_level_logfile: info" - listen_in: - service: salt_minion_service From 6ea8eab9af98f05681e21b677f2f9a0fa8efed79 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Wed, 24 Feb 2021 20:32:47 +0000 Subject: [PATCH 4/4] Modify soup to add Strelka rule repo in pillar --- salt/common/tools/sbin/soup | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index c1b649610..12ead2cf2 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -338,8 +338,16 @@ up_2.3.2X_to_2.3.30() { # Replace any curly brace scalars with the same scalar in single quotes readarray -t minion_pillars <<< "$(find /opt/so/saltstack/local/pillar/minions -type f -name '*.sls')" for pillar in "${minion_pillars[@]}"; do - sed -i -r "s/ (\{\{.*}})$/ '\1'/g" "$pillar" + sed -i -r "s/ (\{\{.*}})$/ '\1'/g" "$pillar" done + # Strelka rule repo pillar addition + if [ $is_airgap -eq 0 ]; then + # Add manager as default Strelka YARA rule repo + sed -i "/^strelka:/a \\ repos: \n - https://$HOSTNAME/repo/rules/strelka" /opt/so/saltstack/local/pillar/global.sls; + else + # Add Github repo for Strelka YARA rules + sed -i "/^strelka:/a \\ repos: \n - https://github.com/Neo23x0/signature-base" /opt/so/saltstack/local/pillar/global.sls; + fi } space_check() {