Allow Firewall to update between versions

2025-12-06 17:22:49 +01:00 · 2020-05-05 13:57:36 -04:00
parent 754f3ac537
commit fbbf9dab60
10 changed files with 35 additions and 40 deletions
--- a/pillar/firewall/analyst.sls
+++ b/pillar/firewall/analyst.sls
@@ -1,3 +0,0 @@
 analyst:
  - 127.0.0.1
--- a/pillar/firewall/beats_endpoint.sls
+++ b/pillar/firewall/beats_endpoint.sls
@@ -1,3 +0,0 @@
 beats_endpoint:
  - 127.0.0.1
--- a/pillar/firewall/forward_nodes.sls
+++ b/pillar/firewall/forward_nodes.sls
@@ -1,3 +0,0 @@
 forward_nodes:
  - 127.0.0.1
--- a/pillar/firewall/masterfw.sls
+++ b/pillar/firewall/masterfw.sls
@@ -1,2 +0,0 @@
 masterfw:
  - 127.0.0.1
--- a/pillar/firewall/minions.sls
+++ b/pillar/firewall/minions.sls
@@ -1,3 +0,0 @@
 minions:
  - 127.0.0.1
--- a/pillar/firewall/osquery_endpoint.sls
+++ b/pillar/firewall/osquery_endpoint.sls
@@ -1,3 +0,0 @@
 osquery_endpoint:
  - 127.0.0.1
--- a/pillar/firewall/search_nodes.sls
+++ b/pillar/firewall/search_nodes.sls
@@ -1,2 +0,0 @@
 search_nodes:
  - 127.0.0.1
--- a/pillar/firewall/wazuh_endpoint.sls
+++ b/pillar/firewall/wazuh_endpoint.sls
@@ -1,2 +0,0 @@
 wazuh_endpoint:
  - 127.0.0.1
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -705,9 +705,19 @@ fireeye_pillar() {
 }
-# Run a salt command to generate the minion key
+# Generate Firewall Templates
-salt_firstcheckin() {
+firewall_generate_templates() {
-	salt-call state.show_top >> /dev/null # send output to /dev/null because we don't actually care about the ouput
+
 	local firewall_pillar_path=/opt/so/saltstack/salt/firewall
 	mkdir -p "$firewall_pillar_path"
 	for i in analyst beats_endpoint forward_nodes masterfw minions osquery_endpoints search_nodes wazuh_endpoint
 	do
 	  printf '%s\n'\
 	  "$i:"\
 	  "  - 127.0.0.1"\
 	  "" > "$firewall_pillar_path"
 	done
 }
 fleet_pillar() {
@@ -734,10 +744,6 @@ generate_passwords(){
  KRATOSKEY=$(tr -dc 'a-zA-Z0-9' < /dev/urandom  | fold -w 20 | head -n 1)
 }
 set_main_ip() {
 	MAINIP=$(ip route get 1 | awk '{print $7;exit}')
 }
 get_redirect() {
 	whiptail_set_redirect_info
 	whiptail_set_redirect
@@ -755,15 +761,6 @@ got_root() {
 	fi
 }
 install_cleanup() {
 	echo "Installer removing the following files:"
 	ls -lR "$temp_install_dir"
 	# Clean up after ourselves
 	rm -rf "$temp_install_dir"
 }
 get_minion_type() {
 	local minion_type
 	case "$install_type" in
@@ -780,9 +777,13 @@ get_minion_type() {
 	echo "$minion_type"
 }
-set_base_heapsizes() {
+install_cleanup() {
-	es_heapsize
+	echo "Installer removing the following files:"
-	ls_heapsize
+	ls -lR "$temp_install_dir"
 	# Clean up after ourselves
 	rm -rf "$temp_install_dir"
 }
 master_pillar() {
@@ -1173,6 +1174,20 @@ salt_checkin() {
 	} >> "$setup_log" 2>&1
 }
 # Run a salt command to generate the minion key
 salt_firstcheckin() {
 	salt-call state.show_top >> /dev/null # send output to /dev/null because we don't actually care about the ouput
 }
 set_base_heapsizes() {
 	es_heapsize
 	ls_heapsize
 }
 set_main_ip() {
 	MAINIP=$(ip route get 1 | awk '{print $7;exit}')
 }
 setup_salt_master_dirs() {
 	# Create salt paster directories
 	mkdir -p /opt/so/saltstack/salt
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -294,6 +294,7 @@ export percentage=0
 		set_progress_str 10 'Configuring Salt master'
 		copy_master_config 2>> "$setup_log"
 		setup_salt_master_dirs 2>> "$setup_log"
 		firewall_generate_templates 2>> "$setup_log"
 		set_progress_str 11 'Updating sudoers file for soremote user'
 		update_sudoers 2>> "$setup_log"