From f7e614f35859edc8809c81d3867351b856dcdc2b Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Mon, 19 Sep 2022 14:06:30 -0400
Subject: [PATCH] Add NTP

---
 salt/ntp/chrony.conf      | 11 +++++++++++
 salt/ntp/config.map.jinja |  3 +++
 salt/ntp/defaults.yaml    |  4 ++++
 salt/ntp/init.sls         | 19 +++++++++++++++++++
 salt/ntp/soc_ntp.yaml     |  4 ++++
 5 files changed, 41 insertions(+)
 create mode 100644 salt/ntp/chrony.conf
 create mode 100644 salt/ntp/config.map.jinja
 create mode 100644 salt/ntp/defaults.yaml
 create mode 100644 salt/ntp/init.sls
 create mode 100644 salt/ntp/soc_ntp.yaml

diff --git a/salt/ntp/chrony.conf b/salt/ntp/chrony.conf
new file mode 100644
index 000000000..3f9a06d46
--- /dev/null
+++ b/salt/ntp/chrony.conf
@@ -0,0 +1,11 @@
+
+# NTP server list
+{% for SERVER in NTPCONFIG.ntp.servers %}
+server {{ SERVER }} iburst
+{% endfor %}
+
+# Config options
+driftfile /var/lib/chrony/drift
+makestep 1.0 3
+rtcsync
+logdir /var/log/chrony
diff --git a/salt/ntp/config.map.jinja b/salt/ntp/config.map.jinja
new file mode 100644
index 000000000..11d7a0ae7
--- /dev/null
+++ b/salt/ntp/config.map.jinja
@@ -0,0 +1,3 @@
+{% import_yaml 'ntp/defaults.yaml' as NTP with context %}
+
+{% set NTPCONFIG = salt['pillar.get']('ntp', default=NTP, merge=True) %}
diff --git a/salt/ntp/defaults.yaml b/salt/ntp/defaults.yaml
new file mode 100644
index 000000000..2886f4c69
--- /dev/null
+++ b/salt/ntp/defaults.yaml
@@ -0,0 +1,4 @@
+ntp:
+  servers:
+    - 0.pool.ntp.org
+    - 1.pool.ntp.org
\ No newline at end of file
diff --git a/salt/ntp/init.sls b/salt/ntp/init.sls
new file mode 100644
index 000000000..0939b52dd
--- /dev/null
+++ b/salt/ntp/init.sls
@@ -0,0 +1,19 @@
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+{% from 'ntp/config.map.jinja' import NTPCONFIG %}
+
+chronyconf:
+  file.managed:
+    - name: /etc/chrony.conf
+    - source: salt://ntp/chrony.conf
+    - template: jinja
+    - defaults:
+      - NTPCONFIG: {{ NTPCONFIG.ntp }}
+
+chronyd:
+  service.running:
+    - enable: True
+    - watch: 
+      - file: chronyconf
\ No newline at end of file
diff --git a/salt/ntp/soc_ntp.yaml b/salt/ntp/soc_ntp.yaml
new file mode 100644
index 000000000..70ea8d7ae
--- /dev/null
+++ b/salt/ntp/soc_ntp.yaml
@@ -0,0 +1,4 @@
+ntp:
+  servers:
+    description: NTP Server List
+    title: NTP Servers