change from default to local - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/749

salt/common/tools/sbin/so-allow

@@ -18,6 +18,8 @@
 . /usr/sbin/so-common
 
 default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
+
 SKIP=0
 
 while getopts "abowi:" OPTION
@@ -84,7 +86,7 @@ echo "Adding $IP to the $FULLROLE role. This can take a few seconds"
 $default_salt_dir/pillar/firewall/addfirewall.sh $FULLROLE $IP
 
 # Check if Wazuh enabled
-if grep -q -R "wazuh: 1" $default_salt_dir/pillar/*; then
+if grep -q -R "wazuh: 1" $local_salt_dir/pillar/*; then
     # If analyst, add to Wazuh AR whitelist
     if [ "$FULLROLE" == "analyst" ]; then
           WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"

salt/common/tools/sbin/so-bro-logs

@@ -1,12 +1,12 @@
 #!/bin/bash
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
 
 bro_logs_enabled() {
 
-  echo "brologs:" > $default_salt_dir/pillar/brologs.sls
-  echo "  enabled:" >> $default_salt_dir/pillar/brologs.sls
+  echo "brologs:" > $local_salt_dir/pillar/brologs.sls
+  echo "  enabled:" >> $local_salt_dir/pillar/brologs.sls
   for BLOG in ${BLOGS[@]}; do
-    echo "    - $BLOG" | tr -d '"' >> $default_salt_dir/pillar/brologs.sls
+    echo "    - $BLOG" | tr -d '"' >> $local_salt_dir/pillar/brologs.sls
   done
 
 }

salt/common/tools/sbin/so-features-enable

@@ -15,11 +15,11 @@
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 . /usr/sbin/so-common
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
 
-VERSION=$(grep soversion $default_salt_dir/pillar/static.sls | cut -d':' -f2|sed 's/ //g')
+VERSION=$(grep soversion $local_salt_dir/pillar/static.sls | cut -d':' -f2|sed 's/ //g')
 # Modify static.sls to enable Features
-sed -i 's/features: False/features: True/' $default_salt_dir/pillar/static.sls
+sed -i 's/features: False/features: True/' $local_salt_dir/pillar/static.sls
 SUFFIX="-features"
 TRUSTED_CONTAINERS=( \
   "so-elasticsearch:$VERSION$SUFFIX" \

salt/common/tools/sbin/so-helix-apikey

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
 
 got_root() {
 
@@ -13,13 +13,13 @@ got_root() {
 }
 
 got_root
-if [ ! -f $default_salt_dir/pillar/fireeye/init.sls ]; then
+if [ ! -f $local_salt_dir/pillar/fireeye/init.sls ]; then
   echo "This is nto configured for Helix Mode. Please re-install."
   exit
 else
   echo "Enter your Helix API Key: "
   read APIKEY
-  sed -i "s/^    api_key.*/    api_key: $APIKEY/g" $default_salt_dir/pillar/fireeye/init.sls
+  sed -i "s/^    api_key.*/    api_key: $APIKEY/g" $local_salt_dir/pillar/fireeye/init.sls
   docker stop so-logstash
   docker rm so-logstash
   echo "Restarting Logstash for updated key"

salt/fleet/files/scripts/so-fleet-packages

@@ -2,7 +2,7 @@
 {% set MAIN_HOSTNAME = salt['grains.get']('host') %}
 {% set MAIN_IP = salt['pillar.get']('node:mainip') %}
 
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
 
 #so-fleet-packages $FleetHostname/IP 
 
@@ -27,8 +27,8 @@ docker run \
   --mount type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt \
   docker.io/soshybridhunter/so-fleet-launcher:HH1.1.0 "$esecret" "$1":8090
 
-cp /opt/so/conf/fleet/packages/launcher.* $default_salt_dir/salt/launcher/packages/
+cp /opt/so/conf/fleet/packages/launcher.* $local_salt_dir/salt/launcher/packages/
 
 #Update timestamp on packages webpage
 sed -i "s@.*Generated.*@Generated: $(date '+%m%d%Y')@g" /opt/so/conf/fleet/packages/index.html
-sed -i "s@.*Generated.*@Generated: $(date '+%m%d%Y')@g" $default_salt_dir/salt/fleet/files/dedicated-index.html
+sed -i "s@.*Generated.*@Generated: $(date '+%m%d%Y')@g" $local_salt_dir/salt/fleet/files/dedicated-index.html

salt/idstools/init.sls

@@ -60,7 +60,7 @@ synclocalnidsrules:
 
 ruleslink:
   file.symlink:
-    - name: /opt/so/saltstack/default/salt/suricata/rules
+    - name: /opt/so/saltstack/local/salt/suricata/rules
     - target: /opt/so/rules/nids
 
 so-idstools:

salt/master/files/add_minion.sh

@@ -1,10 +1,10 @@
 #!/usr/bin/env bash
 
 # This script adds pillar and schedule files securely
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
 MINION=$1
 
   echo "Adding $1" 
-  cp /tmp/$MINION/pillar/$MINION.sls $default_salt_dir/pillar/minions/
-  cp /tmp/$MINION/schedules/* $default_salt_dir/salt/patch/os/schedules/
+  cp /tmp/$MINION/pillar/$MINION.sls $local_salt_dir/pillar/minions/
+  cp --parents /tmp/$MINION/schedules/* $local_salt_dir/salt/patch/os/schedules/
   rm -rf /tmp/$MINION

salt/reactor/fleet.sls

@@ -13,9 +13,9 @@ def run():
   ROLE = data['data']['role']
   ESECRET = data['data']['enroll-secret']
   MAINIP = data['data']['mainip']
-  default_salt_dir = /opt/so/saltstack/default
-  STATICFILE = default_salt_dir + '/pillar/static.sls'
-  SECRETSFILE = default_salt_dir + '/pillar/secrets.sls'
+  local_salt_dir = /opt/so/saltstack/local
+  STATICFILE = local_salt_dir + '/pillar/static.sls'
+  SECRETSFILE = local_salt_dir + '/pillar/secrets.sls'
 
   if MINIONID.split('_')[-1] in ['master','eval','fleet','mastersearch']:
     
@@ -55,7 +55,7 @@ def run():
       PACKAGEVERSION += 1
 
       # Run Docker container that will build the packages
-      gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=" + default_salt_dir + "/salt/fleet/packages,target=/output", \
+      gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=" + local_salt_dir + "/salt/fleet/packages,target=/output", \
          "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.3.0", \
          f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')  
       

salt/ssl/init.sls

@@ -84,17 +84,17 @@ chownilogstashfilebeatp8:
 # Create Symlinks to the keys so I can distribute it to all the things
 filebeatdir:
   file.directory:
-    - name: /opt/so/saltstack/default/salt/filebeat/files
+    - name: /opt/so/saltstack/local/salt/filebeat/files
     - mkdirs: True
 
 fbkeylink:
   file.symlink:
-    - name: /opt/so/saltstack/default/salt/filebeat/files/filebeat.p8
+    - name: /opt/so/saltstack/local/salt/filebeat/files/filebeat.p8
     - target: /etc/pki/filebeat.p8
 
 fbcrtlink:
   file.symlink:
-    - name: /opt/so/saltstack/default/salt/filebeat/files/filebeat.crt
+    - name: /opt/so/saltstack/local/salt/filebeat/files/filebeat.crt
     - target: /etc/pki/filebeat.crt
 
 # Create a cert for the docker registry

salt/wazuh/files/wazuh-manager-whitelist

@@ -1,6 +1,6 @@
 {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
 #!/bin/bash
-default_salt_dir=/opt/so/saltstack/default
+local_salt_dir=/opt/so/saltstack/local
 
 # Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC
 #
@@ -18,7 +18,7 @@ default_salt_dir=/opt/so/saltstack/default
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 # Check if Wazuh enabled
-if grep -q -R "wazuh: 1" $default_salt_dir/pillar/*; then
+if grep -q -R "wazuh: 1" $local_salt_dir/pillar/*; then
       WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf"
       if ! grep -q "<white_list>{{ MASTERIP }}</white_list>" $WAZUH_MGR_CFG ; then
               DATE=`date`