CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

osquery package versioning bugfix

Browse Source
This commit is contained in:
Josh Brower
2020-04-14 16:42:25 -04:00
parent 7360f6ce7f
commit fabec23b37
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
salt/fleet/event_gen-packages.sls
View File

@@ -1,5 +1,6 @@
{% set MASTER = salt['grains.get']('master') %}
{% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %} {% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
{% set CURRENTPACKAGEVERSION = salt['pillar.get']('static:fleet_package-version') %} {% set CURRENTPACKAGEVERSION = salt['pillar.get']('static:fleet_packages-version') %}
so/fleet: so/fleet:
event.send: event.send:
@@ -10,3 +11,5 @@ so/fleet:
mainip: {{ grains.host }} mainip: {{ grains.host }}
enroll-secret: {{ ENROLLSECRET }} enroll-secret: {{ ENROLLSECRET }}
current-package-version: {{ CURRENTPACKAGEVERSION }} current-package-version: {{ CURRENTPACKAGEVERSION }}
master: {{ MASTER }}

8
salt/reactor/fleet.sls
View File

@@ -13,7 +13,6 @@ def run():
ROLE = data['data']['role'] ROLE = data['data']['role']
ESECRET = data['data']['enroll-secret'] ESECRET = data['data']['enroll-secret']
MAINIP = data['data']['mainip'] MAINIP = data['data']['mainip']
PACKAGEVERSION = data['data']['current-package-version']
STATICFILE = '/opt/so/saltstack/pillar/static.sls' STATICFILE = '/opt/so/saltstack/pillar/static.sls'
SECRETSFILE = '/opt/so/saltstack/pillar/secrets.sls' SECRETSFILE = '/opt/so/saltstack/pillar/secrets.sls'
@@ -48,12 +47,15 @@ def run():
if ACTION == 'genpackages': if ACTION == 'genpackages':
logging.info('so/fleet genpackages reactor') logging.info('so/fleet genpackages reactor')
PACKAGEVERSION = data['data']['current-package-version']
MASTER = data['data']['master']
# Increment the package version by 1 # Increment the package version by 1
PACKAGEVERSION += 1 PACKAGEVERSION += 1
# Run Docker container that will build the packages # Run Docker container that will build the packages
gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=/opt/so/saltstack/salt/fleet/packages,target=/output", \ gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=/opt/so/saltstack/salt/fleet/packages,target=/output", \
"--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", "docker.io/soshybridhunter/so-fleet-launcher:HH1.1.0", \ "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.1", \
f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii') f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')
# Update the 'packages-built' timestamp on the webpage (stored in the static pillar) # Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
@@ -63,7 +65,7 @@ def run():
# Update the Fleet Osquery package version in the static pillar # Update the Fleet Osquery package version in the static pillar
for line in fileinput.input(STATICFILE, inplace=True): for line in fileinput.input(STATICFILE, inplace=True):
line = re.sub(r'fleet_package-version: \S*', f"fleet_package-version: {PACKAGEVERSION}", line.rstrip()) line = re.sub(r'fleet_packages-version: \S*', f"fleet_packages-version: {PACKAGEVERSION}", line.rstrip())
print(line) print(line)
# Copy over newly-built packages # Copy over newly-built packages