diff --git a/files/master b/files/master
index 8739a043a..aa9a7a986 100644
--- a/files/master
+++ b/files/master
@@ -38,6 +38,7 @@ log_file: /opt/so/log/salt/master
file_roots:
base:
- /opt/so/saltstack/default/salt
+ - /opt/so/saltstack/local/salt
# The master_roots setting configures a master-only copy of the file_roots dictionary,
# used by the state compiler.
@@ -54,6 +55,7 @@ file_roots:
pillar_roots:
base:
- /opt/so/saltstack/default/pillar
+ - /opt/so/saltstack/local/pillar
peer:
.*:
diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh
index 33c73c21e..b20bf22d9 100644
--- a/pillar/data/addtotab.sh
+++ b/pillar/data/addtotab.sh
@@ -1,7 +1,7 @@
#!/usr/bin/env bash
# This script adds sensors/nodes/etc to the nodes tab
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
TYPE=$1
NAME=$2
IPADDRESS=$3
@@ -15,7 +15,7 @@ MONINT=$9
#HOTNAME=$11
echo "Seeing if this host is already in here. If so delete it"
-if grep -q $NAME "$default_salt_dir/pillar/data/$TYPE.sls"; then
+if grep -q $NAME "$local_salt_dir/pillar/data/$TYPE.sls"; then
echo "Node Already Present - Let's re-add it"
awk -v blah=" $NAME:" 'BEGIN{ print_flag=1 }
{
@@ -31,27 +31,27 @@ if grep -q $NAME "$default_salt_dir/pillar/data/$TYPE.sls"; then
if ( print_flag == 1 )
print $0
-} ' $default_salt_dir/pillar/data/$TYPE.sls > $default_salt_dir/pillar/data/tmp.$TYPE.sls
-mv $default_salt_dir/pillar/data/tmp.$TYPE.sls $default_salt_dir/pillar/data/$TYPE.sls
+} ' $local_salt_dir/pillar/data/$TYPE.sls > $local_salt_dir/pillar/data/tmp.$TYPE.sls
+mv $local_salt_dir/pillar/data/tmp.$TYPE.sls $local_salt_dir/pillar/data/$TYPE.sls
echo "Deleted $NAME from the tab. Now adding it in again with updated info"
fi
-echo " $NAME:" >> $default_salt_dir/pillar/data/$TYPE.sls
-echo " ip: $IPADDRESS" >> $default_salt_dir/pillar/data/$TYPE.sls
-echo " manint: $MANINT" >> $default_salt_dir/pillar/data/$TYPE.sls
-echo " totalcpus: $CPUS" >> $default_salt_dir/pillar/data/$TYPE.sls
-echo " guid: $GUID" >> $default_salt_dir/pillar/data/$TYPE.sls
-echo " rootfs: $ROOTFS" >> $default_salt_dir/pillar/data/$TYPE.sls
-echo " nsmfs: $NSM" >> $default_salt_dir/pillar/data/$TYPE.sls
+echo " $NAME:" >> $local_salt_dir/pillar/data/$TYPE.sls
+echo " ip: $IPADDRESS" >> $local_salt_dir/pillar/data/$TYPE.sls
+echo " manint: $MANINT" >> $local_salt_dir/pillar/data/$TYPE.sls
+echo " totalcpus: $CPUS" >> $local_salt_dir/pillar/data/$TYPE.sls
+echo " guid: $GUID" >> $local_salt_dir/pillar/data/$TYPE.sls
+echo " rootfs: $ROOTFS" >> $local_salt_dir/pillar/data/$TYPE.sls
+echo " nsmfs: $NSM" >> $local_salt_dir/pillar/data/$TYPE.sls
if [ $TYPE == 'sensorstab' ]; then
- echo " monint: $MONINT" >> $default_salt_dir/pillar/data/$TYPE.sls
+ echo " monint: $MONINT" >> $local_salt_dir/pillar/data/$TYPE.sls
salt-call state.apply common queue=True
fi
if [ $TYPE == 'evaltab' ]; then
- echo " monint: $MONINT" >> $default_salt_dir/pillar/data/$TYPE.sls
+ echo " monint: $MONINT" >> $local_salt_dir/pillar/data/$TYPE.sls
salt-call state.apply common queue=True
salt-call state.apply utility queue=True
fi
#if [ $TYPE == 'nodestab' ]; then
-# echo " nodetype: $NODETYPE" >> $default_salt_dir/pillar/data/$TYPE.sls
-# echo " hotname: $HOTNAME" >> $default_salt_dir/pillar/data/$TYPE.sls
+# echo " nodetype: $NODETYPE" >> $local_salt_dir/pillar/data/$TYPE.sls
+# echo " hotname: $HOTNAME" >> $local_salt_dir/pillar/data/$TYPE.sls
#fi
diff --git a/pillar/firewall/addfirewall.sh b/pillar/firewall/addfirewall.sh
index 856fda869..c30451aa5 100644
--- a/pillar/firewall/addfirewall.sh
+++ b/pillar/firewall/addfirewall.sh
@@ -1,13 +1,13 @@
#!/usr/bin/env bash
# This script adds ip addresses to specific rule sets defined by the user
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
POLICY=$1
IPADDRESS=$2
-if grep -q $2 "$default_salt_dir/pillar/firewall/$1.sls"; then
+if grep -q $2 "$local_salt_dir/pillar/firewall/$1.sls"; then
echo "Firewall Rule Already There"
else
- echo " - $2" >> $default_salt_dir/pillar/firewall/$1.sls
+ echo " - $2" >> $local_salt_dir/pillar/firewall/$1.sls
salt-call state.apply firewall queue=True
fi
diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow
index d3906e67c..9be770bed 100755
--- a/salt/common/tools/sbin/so-allow
+++ b/salt/common/tools/sbin/so-allow
@@ -18,6 +18,8 @@
. /usr/sbin/so-common
default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
+
SKIP=0
while getopts "abowi:" OPTION
@@ -84,7 +86,7 @@ echo "Adding $IP to the $FULLROLE role. This can take a few seconds"
$default_salt_dir/pillar/firewall/addfirewall.sh $FULLROLE $IP
# Check if Wazuh enabled
-if grep -q -R "wazuh: 1" $default_salt_dir/pillar/*; then
+if grep -q -R "wazuh: 1" $local_salt_dir/pillar/*; then
# If analyst, add to Wazuh AR whitelist
if [ "$FULLROLE" == "analyst" ]; then
WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
diff --git a/salt/common/tools/sbin/so-bro-logs b/salt/common/tools/sbin/so-bro-logs
index ac70ea857..173d23029 100755
--- a/salt/common/tools/sbin/so-bro-logs
+++ b/salt/common/tools/sbin/so-bro-logs
@@ -1,12 +1,12 @@
#!/bin/bash
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
bro_logs_enabled() {
- echo "brologs:" > $default_salt_dir/pillar/brologs.sls
- echo " enabled:" >> $default_salt_dir/pillar/brologs.sls
+ echo "brologs:" > $local_salt_dir/pillar/brologs.sls
+ echo " enabled:" >> $local_salt_dir/pillar/brologs.sls
for BLOG in ${BLOGS[@]}; do
- echo " - $BLOG" | tr -d '"' >> $default_salt_dir/pillar/brologs.sls
+ echo " - $BLOG" | tr -d '"' >> $local_salt_dir/pillar/brologs.sls
done
}
diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable
index 3f7034e2a..6ba9252a9 100755
--- a/salt/common/tools/sbin/so-features-enable
+++ b/salt/common/tools/sbin/so-features-enable
@@ -15,11 +15,11 @@
# along with this program. If not, see .
. /usr/sbin/so-common
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
-VERSION=$(grep soversion $default_salt_dir/pillar/static.sls | cut -d':' -f2|sed 's/ //g')
+VERSION=$(grep soversion $local_salt_dir/pillar/static.sls | cut -d':' -f2|sed 's/ //g')
# Modify static.sls to enable Features
-sed -i 's/features: False/features: True/' $default_salt_dir/pillar/static.sls
+sed -i 's/features: False/features: True/' $local_salt_dir/pillar/static.sls
SUFFIX="-features"
TRUSTED_CONTAINERS=( \
"so-elasticsearch:$VERSION$SUFFIX" \
diff --git a/salt/common/tools/sbin/so-helix-apikey b/salt/common/tools/sbin/so-helix-apikey
index 6f93d9f55..c58d2ad89 100755
--- a/salt/common/tools/sbin/so-helix-apikey
+++ b/salt/common/tools/sbin/so-helix-apikey
@@ -1,6 +1,6 @@
#!/bin/bash
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
got_root() {
@@ -13,13 +13,13 @@ got_root() {
}
got_root
-if [ ! -f $default_salt_dir/pillar/fireeye/init.sls ]; then
+if [ ! -f $local_salt_dir/pillar/fireeye/init.sls ]; then
echo "This is nto configured for Helix Mode. Please re-install."
exit
else
echo "Enter your Helix API Key: "
read APIKEY
- sed -i "s/^ api_key.*/ api_key: $APIKEY/g" $default_salt_dir/pillar/fireeye/init.sls
+ sed -i "s/^ api_key.*/ api_key: $APIKEY/g" $local_salt_dir/pillar/fireeye/init.sls
docker stop so-logstash
docker rm so-logstash
echo "Restarting Logstash for updated key"
diff --git a/salt/fleet/files/scripts/so-fleet-packages b/salt/fleet/files/scripts/so-fleet-packages
index 3b804e472..e68517bde 100644
--- a/salt/fleet/files/scripts/so-fleet-packages
+++ b/salt/fleet/files/scripts/so-fleet-packages
@@ -2,7 +2,7 @@
{% set MAIN_HOSTNAME = salt['grains.get']('host') %}
{% set MAIN_IP = salt['pillar.get']('node:mainip') %}
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
#so-fleet-packages $FleetHostname/IP
@@ -27,8 +27,8 @@ docker run \
--mount type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt \
docker.io/soshybridhunter/so-fleet-launcher:HH1.1.0 "$esecret" "$1":8090
-cp /opt/so/conf/fleet/packages/launcher.* $default_salt_dir/salt/launcher/packages/
+cp /opt/so/conf/fleet/packages/launcher.* $local_salt_dir/salt/launcher/packages/
#Update timestamp on packages webpage
sed -i "s@.*Generated.*@Generated: $(date '+%m%d%Y')@g" /opt/so/conf/fleet/packages/index.html
-sed -i "s@.*Generated.*@Generated: $(date '+%m%d%Y')@g" $default_salt_dir/salt/fleet/files/dedicated-index.html
\ No newline at end of file
+sed -i "s@.*Generated.*@Generated: $(date '+%m%d%Y')@g" $local_salt_dir/salt/fleet/files/dedicated-index.html
\ No newline at end of file
diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls
index 0b641c83d..c42d4ef5b 100644
--- a/salt/idstools/init.sls
+++ b/salt/idstools/init.sls
@@ -60,7 +60,7 @@ synclocalnidsrules:
ruleslink:
file.symlink:
- - name: /opt/so/saltstack/default/salt/suricata/rules
+ - name: /opt/so/saltstack/local/salt/suricata/rules
- target: /opt/so/rules/nids
so-idstools:
diff --git a/salt/master/files/add_minion.sh b/salt/master/files/add_minion.sh
index 043a09ead..40d1c6adf 100755
--- a/salt/master/files/add_minion.sh
+++ b/salt/master/files/add_minion.sh
@@ -1,10 +1,10 @@
#!/usr/bin/env bash
# This script adds pillar and schedule files securely
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
MINION=$1
echo "Adding $1"
- cp /tmp/$MINION/pillar/$MINION.sls $default_salt_dir/pillar/minions/
- cp /tmp/$MINION/schedules/* $default_salt_dir/salt/patch/os/schedules/
+ cp /tmp/$MINION/pillar/$MINION.sls $local_salt_dir/pillar/minions/
+ cp --parents /tmp/$MINION/schedules/* $local_salt_dir/salt/patch/os/schedules/
rm -rf /tmp/$MINION
\ No newline at end of file
diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls
index e93ab73f5..759cfaf58 100644
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -13,9 +13,9 @@ def run():
ROLE = data['data']['role']
ESECRET = data['data']['enroll-secret']
MAINIP = data['data']['mainip']
- default_salt_dir = /opt/so/saltstack/default
- STATICFILE = default_salt_dir + '/pillar/static.sls'
- SECRETSFILE = default_salt_dir + '/pillar/secrets.sls'
+ local_salt_dir = /opt/so/saltstack/local
+ STATICFILE = local_salt_dir + '/pillar/static.sls'
+ SECRETSFILE = local_salt_dir + '/pillar/secrets.sls'
if MINIONID.split('_')[-1] in ['master','eval','fleet','mastersearch']:
@@ -55,7 +55,7 @@ def run():
PACKAGEVERSION += 1
# Run Docker container that will build the packages
- gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=" + default_salt_dir + "/salt/fleet/packages,target=/output", \
+ gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=" + local_salt_dir + "/salt/fleet/packages,target=/output", \
"--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.3.0", \
f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')
diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls
index ed967c6f9..9ecf65941 100644
--- a/salt/ssl/init.sls
+++ b/salt/ssl/init.sls
@@ -84,17 +84,17 @@ chownilogstashfilebeatp8:
# Create Symlinks to the keys so I can distribute it to all the things
filebeatdir:
file.directory:
- - name: /opt/so/saltstack/default/salt/filebeat/files
+ - name: /opt/so/saltstack/local/salt/filebeat/files
- mkdirs: True
fbkeylink:
file.symlink:
- - name: /opt/so/saltstack/default/salt/filebeat/files/filebeat.p8
+ - name: /opt/so/saltstack/local/salt/filebeat/files/filebeat.p8
- target: /etc/pki/filebeat.p8
fbcrtlink:
file.symlink:
- - name: /opt/so/saltstack/default/salt/filebeat/files/filebeat.crt
+ - name: /opt/so/saltstack/local/salt/filebeat/files/filebeat.crt
- target: /etc/pki/filebeat.crt
# Create a cert for the docker registry
diff --git a/salt/wazuh/files/wazuh-manager-whitelist b/salt/wazuh/files/wazuh-manager-whitelist
index af4761950..19ad63415 100755
--- a/salt/wazuh/files/wazuh-manager-whitelist
+++ b/salt/wazuh/files/wazuh-manager-whitelist
@@ -1,6 +1,6 @@
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
#!/bin/bash
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
#
@@ -18,7 +18,7 @@ default_salt_dir=/opt/so/saltstack/default
# along with this program. If not, see .
# Check if Wazuh enabled
-if grep -q -R "wazuh: 1" $default_salt_dir/pillar/*; then
+if grep -q -R "wazuh: 1" $local_salt_dir/pillar/*; then
WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
if ! grep -q "{{ MASTERIP }}" $WAZUH_MGR_CFG ; then
DATE=`date`
diff --git a/setup/so-functions b/setup/so-functions
index 72d252e6d..922046d5e 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -116,16 +116,16 @@ add_web_user() {
# Create an secrets pillar so that passwords survive re-install
secrets_pillar(){
- if [ ! -f $default_salt_dir/pillar/secrets.sls ]; then
+ if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then
echo "Creating Secrets Pillar" >> "$setup_log" 2>&1
- mkdir -p $default_salt_dir/pillar
+ mkdir -p $local_salt_dir/pillar
printf '%s\n'\
"secrets:"\
" mysql: $MYSQLPASS"\
" playbook: $PLAYBOOKPASS"\
" fleet: $FLEETPASS"\
" fleet_jwt: $FLEETJWT"\
- " fleet_enroll-secret: False" > $default_salt_dir/pillar/secrets.sls
+ " fleet_enroll-secret: False" > $local_salt_dir/pillar/secrets.sls
fi
}
@@ -327,10 +327,10 @@ configure_minion() {
"mysql.host: '$MAINIP'"\
"mysql.port: 3306"\
"mysql.user: 'root'" >> "$minion_config"
- if [ ! -f $default_salt_dir/pillar/secrets.sls ]; then
+ if [ ! -f $local_salt_dir/pillar/secrets.sls ]; then
echo "mysql.pass: '$MYSQLPASS'" >> "$minion_config"
else
- OLDPASS=$(grep "mysql" $default_salt_dir/pillar/secrets.sls | awk '{print $2}')
+ OLDPASS=$(grep "mysql" $local_salt_dir/pillar/secrets.sls | awk '{print $2}')
echo "mysql.pass: '$OLDPASS'" >> "$minion_config"
fi
;;
@@ -409,15 +409,15 @@ copy_master_config() {
copy_minion_tmp_files() {
case "$install_type" in
'MASTER' | 'EVAL' | 'HELIXSENSOR' | 'MASTERSEARCH' | 'STANDALONE')
- echo "Copying pillar and salt files in $temp_install_dir to $default_salt_dir"
- cp -Rv "$temp_install_dir"/pillar/ $default_salt_dir/ >> "$setup_log" 2>&1
+ echo "Copying pillar and salt files in $temp_install_dir to $local_salt_dir"
+ cp -Rv "$temp_install_dir"/pillar/ $local_salt_dir/ >> "$setup_log" 2>&1
if [ -d "$temp_install_dir"/salt ] ; then
- cp -Rv "$temp_install_dir"/salt/ $default_salt_dir/ >> "$setup_log" 2>&1
+ cp -Rv "$temp_install_dir"/salt/ $local_salt_dir/ >> "$setup_log" 2>&1
fi
;;
*)
{
- echo "scp pillar and salt files in $temp_install_dir to master $default_salt_dir";
+ echo "scp pillar and salt files in $temp_install_dir to master $local_salt_dir";
ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar;
ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules;
scp -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/;
@@ -695,7 +695,7 @@ docker_seed_registry() {
fireeye_pillar() {
- local fireeye_pillar_path=$default_salt_dir/pillar/fireeye
+ local fireeye_pillar_path=$local_salt_dir/pillar/fireeye
mkdir -p "$fireeye_pillar_path"
printf '%s\n'\
@@ -709,7 +709,7 @@ fireeye_pillar() {
# Generate Firewall Templates
firewall_generate_templates() {
- local firewall_pillar_path=$default_salt_dir/pillar/firewall
+ local firewall_pillar_path=$local_salt_dir/pillar/firewall
mkdir -p "$firewall_pillar_path"
for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoint search_nodes wazuh_endpoint
@@ -851,7 +851,7 @@ master_pillar() {
}
master_static() {
- local static_pillar="$default_salt_dir/pillar/static.sls"
+ local static_pillar="$local_salt_dir/pillar/static.sls"
# Create a static file for global values
printf '%s\n'\
@@ -1197,8 +1197,8 @@ setup_salt_master_dirs() {
# Create salt paster directories
mkdir -p $default_salt_dir/pillar
mkdir -p $default_salt_dir/salt
- mkdir -p $custom_salt_dir/pillar
- mkdir -p $custom_salt_dir/salt
+ mkdir -p $local_salt_dir/pillar
+ mkdir -p $local_salt_dir/salt
# Copy over the salt code and templates
if [ "$setup_type" = 'iso' ]; then
@@ -1313,14 +1313,14 @@ set_initial_firewall_policy() {
case "$install_type" in
'MASTER')
- printf " - %s\n" "$MAINIP" | tee -a $default_salt_dir/pillar/firewall/minions.sls $default_salt_dir/pillar/firewall/masterfw.sls
+ printf " - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls $local_salt_dir/pillar/firewall/masterfw.sls
$default_salt_dir/pillar/data/addtotab.sh mastertab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
;;
'EVAL' | 'MASTERSEARCH')
- printf " - %s\n" "$MAINIP" | tee -a $default_salt_dir/pillar/firewall/minions.sls\
- $default_salt_dir/pillar/firewall/masterfw.sls\
- $default_salt_dir/pillar/firewall/forward_nodes.sls\
- $default_salt_dir/pillar/firewall/search_nodes.sls
+ printf " - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls\
+ $local_salt_dir/pillar/firewall/masterfw.sls\
+ $local_salt_dir/pillar/firewall/forward_nodes.sls\
+ $local_salt_dir/pillar/firewall/search_nodes.sls
case "$install_type" in
'EVAL')
$default_salt_dir/pillar/data/addtotab.sh evaltab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
@@ -1331,9 +1331,9 @@ set_initial_firewall_policy() {
esac
;;
'HELIXSENSOR')
- printf " - %s\n" "$MAINIP" | tee -a $default_salt_dir/pillar/firewall/minions.sls\
- $default_salt_dir/pillar/firewall/masterfw.sls\
- $default_salt_dir/pillar/firewall/forward_nodes.sls
+ printf " - %s\n" "$MAINIP" | tee -a $local_salt_dir/pillar/firewall/minions.sls\
+ $local_salt_dir/pillar/firewall/masterfw.sls\
+ $local_salt_dir/pillar/firewall/forward_nodes.sls
;;
'SENSOR' | 'SEARCHNODE' | 'HEAVYNODE' | 'FLEET')
ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/pillar/firewall/addfirewall.sh minions "$MAINIP"