From a0841ee7a7148f42f4af7bcc696a4445c0696da2 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 24 Mar 2022 09:57:58 -0400 Subject: [PATCH 1/6] workstation state --- salt/workstation/init.sls | 2 ++ salt/workstation/packages.sls | 47 +++++++++++++++++++++++++++++++++++ salt/workstation/xwindows.sls | 11 ++++++++ 3 files changed, 60 insertions(+) create mode 100644 salt/workstation/init.sls create mode 100644 salt/workstation/packages.sls create mode 100644 salt/workstation/xwindows.sls diff --git a/salt/workstation/init.sls b/salt/workstation/init.sls new file mode 100644 index 000000000..ffc48f39b --- /dev/null +++ b/salt/workstation/init.sls @@ -0,0 +1,2 @@ +include: + - xwindows diff --git a/salt/workstation/packages.sls b/salt/workstation/packages.sls new file mode 100644 index 000000000..e344ded6b --- /dev/null +++ b/salt/workstation/packages.sls @@ -0,0 +1,47 @@ +xwindows_group: + pkg.group_installed: + - name: X Window System + +graphical_extras: + pkg.installed: + - pkgs: + - gnome-classic-session + - gnome-terminal + - nautilus-open-terminal + - control-center + - liberation-mono-fonts + - file-roller + +workstation_packages: + pkg.installed: + - pkgs: + - wget + - curl + - unzip + - gedit + - mono-core + - mono-basic + - mono-winforms + - expect + - securityonion-networkminer + - wireshark-gnome + - dsniff + - hping3 + - netsed + - ngrep + - python36-scapy + - ssldump + - tcpdump + - tcpflow + - whois + - securityonion-foremost + - chromium + - securityonion-tcpstat + - securityion-tcptrace + - libevent + - sslplit + - securityonion-bittwist + - perl-IO-Compress + - perl-Net-DNS + - securityonion-chaosreader + - securityonion-analyst-extras diff --git a/salt/workstation/xwindows.sls b/salt/workstation/xwindows.sls new file mode 100644 index 000000000..c4d870f07 --- /dev/null +++ b/salt/workstation/xwindows.sls @@ -0,0 +1,11 @@ +include: + - workstation.packages + +graphical_target: + file.symlink: + - name: /etc/systemd/system/default.target + - target: /lib/systemd/system/graphical.target + - force: True + - require: + - pkg: X Window System + - pkg: graphical_extras From 7cfc52da8ae57cd45e911b24db09a47a0e0cb525 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 24 Mar 2022 10:02:25 -0400 Subject: [PATCH 2/6] fix include --- salt/workstation/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/workstation/init.sls b/salt/workstation/init.sls index ffc48f39b..66d926847 100644 --- a/salt/workstation/init.sls +++ b/salt/workstation/init.sls @@ -1,2 +1,2 @@ include: - - xwindows + - workstation.xwindows From 293de159dbe9aad99d7b2d4e3ebca55cd8172314 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 24 Mar 2022 11:33:16 -0400 Subject: [PATCH 3/6] fix package names --- salt/workstation/packages.sls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/workstation/packages.sls b/salt/workstation/packages.sls index e344ded6b..3d4794fb5 100644 --- a/salt/workstation/packages.sls +++ b/salt/workstation/packages.sls @@ -7,7 +7,7 @@ graphical_extras: - pkgs: - gnome-classic-session - gnome-terminal - - nautilus-open-terminal + - gnome-terminal-nautilus - control-center - liberation-mono-fonts - file-roller @@ -37,9 +37,9 @@ workstation_packages: - securityonion-foremost - chromium - securityonion-tcpstat - - securityion-tcptrace + - securityonion-tcptrace - libevent - - sslplit + - sslsplit - securityonion-bittwist - perl-IO-Compress - perl-Net-DNS From 0ddfaf8d742c303ce273d88cb034cc93baae5807 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 28 Mar 2022 15:34:15 -0400 Subject: [PATCH 4/6] changes for workstation --- pillar/top.sls | 3 +++ salt/allowed_states.map.jinja | 2 ++ salt/common/tools/sbin/so-common | 2 +- salt/repo/client/init.sls | 2 +- salt/salt/minion.sls | 2 +- salt/top.sls | 9 ++++++++- salt/workstation/init.sls | 1 + salt/workstation/trusted-ca.sls | 24 ++++++++++++++++++++++++ 8 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 salt/workstation/trusted-ca.sls diff --git a/pillar/top.sls b/pillar/top.sls index 097f5b108..1cf3bdc8a 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -131,3 +131,6 @@ base: {% endif %} - global - minions.{{ grains.id }} + + '*_workstation': + - minions.{{ grains.id }} diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index a1f6cdb8c..3dbc6d24a 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -217,6 +217,8 @@ 'schedule', 'docker_clean' ], + 'so-workstation': [ + ], }, grain='role') %} {% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import', 'so-receiver'] %} diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index a7677a754..fa4a7af80 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -367,7 +367,7 @@ run_check_net_err() { exit $exit_code fi } -set_cron_service_name() { + set_cron_service_name() { if [[ "$OS" == "centos" ]]; then cron_service_name="crond" else diff --git a/salt/repo/client/init.sls b/salt/repo/client/init.sls index 160782267..927a1091d 100644 --- a/salt/repo/client/init.sls +++ b/salt/repo/client/init.sls @@ -43,7 +43,7 @@ repair_yumdb: crsynckeys: file.recurse: - - name: /etc/pki/rpm_gpg + - name: /etc/pki/rpm-gpg - source: salt://repo/client/files/centos/keys/ {% if not ISAIRGAP %} diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index cf26c1249..882fe7580 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -66,7 +66,7 @@ set_log_levels: salt_minion_service_unit_file: file.managed: - - name: /etc/systemd/system/multi-user.target.wants/salt-minion.service + - name: /usr/lib/systemd/system/salt-minion.service - source: salt://salt/service/salt-minion.service.jinja - template: jinja - defaults: diff --git a/salt/top.sls b/salt/top.sls index 83c911992..6e2de8d33 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -35,11 +35,14 @@ base: '* and G@saltversion:{{saltversion}}': - match: compound - salt.minion - - common - patch.os.schedule - motd - salt.minion-check - salt.lasthighstate + + 'not *_workstation and G@saltversion:{{saltversion}}': + - match: compound + - common '*_helixsensor and G@saltversion:{{saltversion}}': - match: compound @@ -507,3 +510,7 @@ base: - docker_clean - filebeat - idh + + '*_workstation and G@saltversion:{{saltversion}}': + - match: compound + - workstation diff --git a/salt/workstation/init.sls b/salt/workstation/init.sls index 66d926847..c786cdab5 100644 --- a/salt/workstation/init.sls +++ b/salt/workstation/init.sls @@ -1,2 +1,3 @@ include: - workstation.xwindows + - workstation.trusted-ca diff --git a/salt/workstation/trusted-ca.sls b/salt/workstation/trusted-ca.sls new file mode 100644 index 000000000..6d86a8157 --- /dev/null +++ b/salt/workstation/trusted-ca.sls @@ -0,0 +1,24 @@ + + {% set global_ca_text = [] %} + {% set global_ca_server = [] %} + {% set manager = salt['grains.get']('master') %} + {% set x509dict = salt['mine.get'](manager | lower~'*', 'x509.get_pem_entries') %} + {% for host in x509dict %} + {% if host.split('_')|last in ['manager', 'managersearch', 'standalone', 'import'] %} + {% do global_ca_text.append(x509dict[host].get('/etc/pki/ca.crt')|replace('\n', '')) %} + {% do global_ca_server.append(host) %} + {% endif %} + {% endfor %} + {% set trusttheca_text = global_ca_text[0] %} + {% set ca_server = global_ca_server[0] %} + +trusted_ca: + x509.pem_managed: + - name: /etc/pki/ca-trust/source/anchors/ca.crt + - text: {{ trusttheca_text }} + +update_ca_certs: + cmd.run: + - name: update-ca-trust + - onchanges: + - x509: trusted_ca From 2f489895ef870f1ada7879f0606159c56b4813ae Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 29 Mar 2022 10:17:21 -0400 Subject: [PATCH 5/6] top match and remove_gui state --- salt/top.sls | 6 +++++- salt/workstation/remove_gui.sls | 5 +++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 salt/workstation/remove_gui.sls diff --git a/salt/top.sls b/salt/top.sls index 6e2de8d33..dd41ff9fe 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -511,6 +511,10 @@ base: - filebeat - idh - '*_workstation and G@saltversion:{{saltversion}}': + 'J@workstation:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:CentOS )': - match: compound - workstation + + 'J@workstation:gui:enabled:^[Ff][Aa][Ll][Ss][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:CentOS )': + - match: compound + - workstation.remove_gui diff --git a/salt/workstation/remove_gui.sls b/salt/workstation/remove_gui.sls new file mode 100644 index 000000000..96880a5ab --- /dev/null +++ b/salt/workstation/remove_gui.sls @@ -0,0 +1,5 @@ +remove_graphical_target: + file.symlink: + - name: /etc/systemd/system/default.target + - target: /lib/systemd/system/multi-user.target + - force: True From e3f3af52e17a35c4efb8cb6d41c1d5f294a4e7ec Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 29 Mar 2022 10:19:29 -0400 Subject: [PATCH 6/6] fix spacing --- salt/common/tools/sbin/so-common | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index fa4a7af80..5e1ecfbeb 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -367,7 +367,8 @@ run_check_net_err() { exit $exit_code fi } - set_cron_service_name() { + +set_cron_service_name() { if [[ "$OS" == "centos" ]]; then cron_service_name="crond" else