CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-12 20:22:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1183 from Security-Onion-Solutions/issue/1170

Browse Source 
Issue/1170
This commit is contained in:
Josh Patterson
2020-08-14 12:56:57 -04:00
committed by GitHub
parent 2a8e4e4eb2 b7bfa6f9a9
commit fbbec71165
1 changed files with 109 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
setup/so-functions
View File

@@ -229,6 +229,51 @@ check_pass_match() {
fi fi
} }
check_service_status() {
local service_name=$1
echo "Checking service $service_name status" >> "$setup_log" 2>&1
systemctl status $service_name >> "$setup_log" 2>&1
local status=$?
#true if there is an issue with the service false if it is running properly
if [ $status -gt 0 ]; then
echo "$service_name is not running" >> "$setup_log" 2>&1
echo 1;
else
echo "$service_name is running" >> "$setup_log" 2>&1
echo 0;
fi
}
check_salt_master_status() {
echo "Checking if we can talk to the salt master" >> "$setup_log" 2>&1
salt-call state.show_top > /dev/null 2>&1
local status=$?
#true if there is an issue talking to salt master
if [ $status -gt 0 ]; then
echo 1;
else
echo "Can talk to salt master" >> "$setup_log" 2>&1
echo 0;
fi
}
check_salt_minion_status() {
echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1
salt "$MINION_ID" test.ping >> "$setup_log" 2>&1
local status=$?
#true if there is an issue getting a job response from the minion
if [ $status -gt 0 ]; then
echo 1;
else
echo "Received job response from salt minion" >> "$setup_log" 2>&1
echo 0;
fi
}
check_soremote_pass() { check_soremote_pass() {
check_pass_match "$SOREMOTEPASS1" "$SOREMOTEPASS2" "SCMATCH" check_pass_match "$SOREMOTEPASS1" "$SOREMOTEPASS2" "SCMATCH"
} }
@@ -1431,17 +1476,75 @@ salt_checkin() {
echo "Building Certificate Authority"; echo "Building Certificate Authority";
salt-call state.apply ca; salt-call state.apply ca;
echo " *** Restarting Salt to fix any SSL errors. ***"; echo " *** Restarting Salt to fix any SSL errors. ***";
systemctl restart salt-master;
local SALT_SERVICES=(\
"salt-master" \
"salt-minion"
)
local LOOP_COUNT=0
for service in "${SALT_SERVICES[@]}"; do
echo "Stopping service $service" >> "$setup_log" 2>&1
systemctl stop "$service" >> "$setup_log" 2>&1
LOOP_COUNT=0
while ! (( $(check_service_status $service) )); do
echo "$service still running" >> "$setup_log" 2>&1
if [ $LOOP_COUNT -gt 60 ]; then
echo "$service could not be stopped in 60 seconds, exiting" >> "$setup_log" 2>&1
exit 1
fi
sleep 1;
((LOOP_COUNT+=1))
done
done
sleep 5; sleep 5;
systemctl restart salt-minion;
sleep 15; for service in "${SALT_SERVICES[@]}"; do
echo "Starting service $service" >> "$setup_log" 2>&1
systemctl start "$service" >> "$setup_log" 2>&1
LOOP_COUNT=0
while (( $(check_service_status $service) )); do
echo "$service still not running" >> "$setup_log" 2>&1
if [ $LOOP_COUNT -gt 60 ]; then
echo "$service could not be started in 60 seconds, exiting" >> "$setup_log" 2>&1
exit 1
fi
sleep 1;
((LOOP_COUNT+=1))
done
done
sleep 5;
LOOP_COUNT=0
while (( $(check_salt_master_status) )); do
echo "salt minion cannot talk to salt master" >> "$setup_log" 2>&1
if [ $LOOP_COUNT -gt 30 ]; then
echo "salt minion could not talk to salt master after 30 attempts, exiting" >> "$setup_log" 2>&1
exit 1
fi
sleep 1;
((LOOP_COUNT+=1))
done
LOOP_COUNT=0
while (( $(check_salt_minion_status) )); do
echo "salt master did not get a job response from salt minion" >> "$setup_log" 2>&1
if [ $LOOP_COUNT -gt 30 ]; then
echo "salt master did not get a job response from salt minion after 30 attempts, exiting" >> "$setup_log" 2>&1
exit 1
fi
sleep 1;
((LOOP_COUNT+=1))
done
echo " Confirming existence of the CA certificate" echo " Confirming existence of the CA certificate"
cat /etc/pki/ca.crt cat /etc/pki/ca.crt
echo " Applyng a mine hack"; echo " Applyng a mine hack";
salt '*' mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt; salt "$MINION_ID" mine.send x509.get_pem_entries glob_path=/etc/pki/ca.crt;
salt '*' mine.update; salt "$MINION_ID" mine.update;
echo " Confirming salt mine now contain the certificate"; echo " Confirming salt mine now contain the certificate";
salt '*' mine.get '*' x509.get_pem_entries; salt "$MINION_ID" mine.get '*' x509.get_pem_entries;
echo " Applying SSL state"; echo " Applying SSL state";
salt-call state.apply ssl; salt-call state.apply ssl;
} >> "$setup_log" 2>&1 } >> "$setup_log" 2>&1