Add content trust to all modules

salt/bro/init.sls

@@ -90,8 +90,14 @@ localbrosync:
     - group: 939
     - template: jinja
 
+so-communitybroimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-communitybro:HH1.0.3
+
 so-bro:
   docker_container.running:
+    - require:
+      - so-communitybroimage
     - image: soshybridhunter/so-communitybro:HH1.0.3
     - privileged: True
     - binds:
@@ -117,8 +123,14 @@ localbrosync:
     - group: 939
     - template: jinja
 
+so-broimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-bro:HH1.0.6
+
 so-bro:
   docker_container.running:
+    - require:
+      - so-broimage
     - image: soshybridhunter/so-bro:HH1.0.6
     - privileged: True
     - binds:

salt/common/init.sls

@@ -101,8 +101,13 @@ nginxtmp:
     - makedirs: True
 
 # Start the core docker
+so-coreimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-core:HH1.0.7
+
 so-core:
   docker_container.running:
+    - require: so-coreimage
     - image: soshybridhunter/so-core:HH1.0.7
     - hostname: so-core
     - user: socore
@@ -155,8 +160,14 @@ tgrafconf:
     - template: jinja
     - source: salt://common/telegraf/etc/telegraf.conf
 
+so-telegrafimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-telegraf:HH1.0.7
+
 so-telegraf:
   docker_container.running:
+    - require:
+      - so-telegrafimage
     - image: soshybridhunter/so-telegraf:HH1.0.7
     - environment:
       - HOST_PROC=/host/proc
@@ -210,8 +221,14 @@ influxdbconf:
     - template: jinja
     - source: salt://common/influxdb/etc/influxdb.conf
 
+so-influximage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-influxdb:HH1.0.7
+
 so-influxdb:
   docker_container.running:
+    - require:
+      - so-influximage
     - image: soshybridhunter/so-influxdb:HH1.0.7
     - hostname: influxdb
     - environment:

salt/curator/init.sls

@@ -112,9 +112,14 @@ curdel:
    - month: '*'
    - dayweek: '*'
 
+so-curatorimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-curator:HH1.0.3
 
 so-curator:
   docker_container.running:
+    - require:
+      - so-curatorimage
     - image: soshybridhunter/so-curator:HH1.0.3
     - hostname: curator
     - name: so-curator

salt/elastalert/init.sls

@@ -79,8 +79,14 @@ elastarules:
 #    - group: 939
 #    - template: jinja
 
+so-elastalertimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-elastalert:HH1.0.3
+
 so-elastalert:
   docker_container.running:
+    - require:
+      - so-elastalertimage
     - image: soshybridhunter/so-elastalert:HH1.0.3
     - hostname: elastalert
     - name: so-elastalert

salt/elasticsearch/init.sls

@@ -90,8 +90,14 @@ eslogdir:
     - group: 939
     - makedirs: True
 
+so-elasticsearchimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-elasticsearch:HH1.0.6
+
 so-elasticsearch:
   docker_container.running:
+    - require:
+      - so-elasticsearchimage
     - image: soshybridhunter/so-elasticsearch:HH1.0.6
     - hostname: elasticsearch
     - name: so-elasticsearch
@@ -143,8 +149,14 @@ freqlogdir:
     - group: 935
     - makedirs: True
 
+so-freqimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-freqserver:HH1.0.3
+
 so-freq:
   docker_container.running:
+    - require:
+      - so-freqimage
     - image: soshybridhunter/so-freqserver:HH1.0.3
     - hostname: freqserver
     - name: so-freqserver
@@ -179,8 +191,14 @@ dstatslogdir:
     - group: 939
     - makedirs: True
 
+so-domainstatsimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-domainstats:HH1.0.3
+
 so-domainstats:
   docker_container.running:
+    - require:
+      - so-domainstatsimage
     - image: soshybridhunter/so-domainstats:HH1.0.3
     - hostname: domainstats
     - name: so-domainstats

salt/filebeat/init.sls

@@ -49,9 +49,14 @@ filebeatconfsync:
 #    - name: /opt/so/conf/filebeat/etc/pki/filebeat.key
 #    - source: salt://filebeat/files/filebeat.key
 
+so-filebeatimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-filebeat:HH1.0.6
 
 so-filebeat:
   docker_container.running:
+    - require:
+      - so-filebeatimage
     - image: soshybridhunter/so-filebeat:HH1.0.6
     - hostname: so-filebeat
     - user: root

salt/fleet/init.sls

@@ -59,8 +59,14 @@ fleetdbpriv:
     - user: fleetdbuser
     - host: 172.17.0.0/255.255.0.0
 
+so-fleetimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-fleet:HH1.0.6
+
 so-fleet:
   docker_container.running:
+    - require:
+      - so-fleetimage
     - image: soshybridhunter/so-fleet:HH1.0.6
     - hostname: so-fleet
     - port_bindings:

salt/hive/init.sls

@@ -30,8 +30,14 @@ hiveesdata:
     - user: 939
     - group: 939
 
+so-thehive-esimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-thehive-es:HH1.0.7
+
 so-thehive-es:
   docker_container.running:
+    - require:
+      - so-thehive-esimage
     - image: soshybridhunter/so-thehive-es:HH1.0.7
     - hostname: so-thehive-es
     - name: so-thehive-es
@@ -60,16 +66,26 @@ so-thehive-es:
 
 # Install Cortex
 
-so-cortex:
+#so-corteximage:
-  docker_container.running:
+# cmd.run:
-    - image: thehiveproject/cortex:latest
+#   - name: docker pull --disable-content-trust=false soshybridhunter/so-cortex:HH1.0.3
-    - hostname: so-cortex
+
-    - name: so-cortex
+#so-cortex:
-    - port_bindings:
+#  docker_container.running:
-      - 0.0.0.0:9001:9001
+#    - image: thehiveproject/cortex:latest
+#    - hostname: so-cortex
+#    - name: so-cortex
+#    - port_bindings:
+#      - 0.0.0.0:9001:9001
+
+so-thehiveimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-thehive:HH1.0.7
 
 so-thehive:
   docker_container.running:
+    - require:
+      - so-thehiveimage
     - image: soshybridhunter/so-thehive:HH1.0.7
     - hostname: so-thehive
     - name: so-thehive

salt/idstools/init.sls

@@ -48,11 +48,14 @@ ruleslink:
     - name: /opt/so/saltstack/salt/suricata/rules
     - target: /opt/so/rules/nids
 
-toosmooth/so-idstools:test2:
+so-idstoolsimage:
-  docker_image.present
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-idstools:HH1.0.3
 
 so-idstools:
   docker_container.running:
+    - require:
+      - so-idstoolsimage
     - image: soshybridhunter/so-idstools:HH1.0.3
     - hostname: so-idstools
     - user: socore

salt/kibana/init.sls

@@ -54,9 +54,15 @@ synckibanacustom:
 
 # File.Recurse for custom saved dashboards
 
+so-kibanaimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-kibana:HH1.0.7
+
 # Start the kibana docker
 so-kibana:
   docker_container.running:
+    - require:
+      - so-kibanaimage
     - image: soshybridhunter/so-kibana:HH1.0.7
     - hostname: kibana
     - user: kibana

salt/logstash/init.sls

@@ -146,9 +146,14 @@ lslogdir:
     - makedirs: True
 
 # Add the container
+so-logstashimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-logstash:HH1.0.6
 
 so-logstash:
   docker_container.running:
+    - require:
+      - so-logstashimage
     - image: soshybridhunter/so-logstash:HH1.0.6
     - hostname: so-logstash
     - name: so-logstash

salt/master/init.sls

@@ -46,9 +46,15 @@ acngcopyconf:
     - name: /opt/so/conf/aptcacher-ng/etc/acng.conf
     - source: salt://master/files/acng/acng.conf
 
+so-acngimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-acng:HH1.0.7
+
 # Install the apt-cacher-ng container
 so-aptcacherng:
   docker_container.running:
+    - require:
+      - so-acngimage
     - image: soshybridhunter/so-acng:HH1.0.7
     - hostname: so-acng
     - port_bindings:

salt/mysql/init.sls

@@ -48,8 +48,14 @@ mysqldatadir:
     - group: 939
     - makedirs: True
 
+so-mysqlimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-mysql:HH1.0.7
+
 so-mysql:
   docker_container.running:
+    - require:
+      - so-mysqlimage
     - image: soshybridhunter/so-mysql:HH1.0.7
     - hostname: so-mysql
     - user: socore

salt/pcap/init.sls

@@ -85,8 +85,14 @@ stenolog:
     - group: 941
     - makedirs: True
 
+so-stenoimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-steno:HH1.0.3
+
 so-steno:
   docker_container.running:
+    - require:
+      - so-stenoimage
     - image: soshybridhunter/so-steno:HH1.0.3
     - network_mode: host
     - privileged: True

salt/redis/init.sls

@@ -47,8 +47,14 @@ redisconfsync:
 toosmooth/so-redis:test2:
   docker_image.present
 
+so-redisimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-redis:HH1.0.7
+
 so-redis:
   docker_container.running:
+    - require:
+      - so-redisimage
     - image: soshybridhunter/so-redis:HH1.0.7
     - hostname: so-redis
     - user: socore

salt/soctopus/init.sls

@@ -18,8 +18,7 @@ soctopussync:
 #    - name: docker pull --disable-content-trust=false so-soctopus:HH1.0.8
 
 so-soctopus:
-  docker_container.run:
+  docker_container.running:
-    - onlyif: docker pull --disable-content-trust=false soshybridhunter/so-soctopus:HH1.0.9
     - image: soshybridhunter/so-soctopus:HH1.0.9
     - hostname: soctopus
     - name: so-soctopus

salt/suricata/init.sls

@@ -70,8 +70,14 @@ suriconfigsync:
     - group: 940
     - template: jinja
 
+so-suricataimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-suricata:HH1.0.8
+
 so-suricata:
   docker_container.running:
+    - require:
+      - so-suricataimage
     - image: soshybridhunter/so-suricata:HH1.0.8
     - privileged: True
     - environment:

salt/wazuh/init.sls

@@ -56,8 +56,14 @@ wazuhagentregister:
     - mode: 755
     - template: jinja
 
+so-wazuhimage:
+ cmd.run:
+   - name: docker pull --disable-content-trust=false soshybridhunter/so-wazuh:HH1.0.7
+
 so-wazuh:
   docker_container.running:
+    - require:
+      - so-wazuhimage
     - image: soshybridhunter/so-wazuh:HH1.0.7
     - hostname: {{HOSTNAME}}-wazuh-manager
     - name: so-wazuh