Merge branch 'dev' of https://github.com/Security-Onion-Solutions/securityonion-saltstack into dev

salt/elastalert/files/elastalert_config.yaml

@@ -2,7 +2,7 @@
 {% set esport = salt['pillar.get']('master:es_port', '') %}
 # This is the folder that contains the rule yaml files
 # Any .yaml file will be loaded as a rule
-rules_folder: /etc/elastalert/rules/
+rules_folder: /opt/elastalert/rules/
 
 # Sets whether or not ElastAlert should recursively descend
 # the rules directory - true or false

salt/elastalert/files/rules/so/nids2hive.yaml

@@ -15,7 +15,7 @@ timeframe:
 buffer_time:
     minutes: 10
 allow_buffer_time_overlap: true
-query_key: ["rule.signature_id"]
+query_key: ["rule.uuid"]
 realert:
     days: 1
 filter:
@@ -23,13 +23,13 @@ filter:
    query_string:
       query: "event.module: suricata"
 
-alert: modules.so.thehive.TheHiveAlerter
+alert: hivealerter
 
 hive_connection:
   hive_host: http://{{hivehost}}
-  hive_port: 9000
+  hive_port: 9000/thehive
   hive_apikey: {{hivekey}}
-
+  
 hive_proxies:
   http: ''
   https: ''
@@ -38,9 +38,9 @@ hive_alert_config:
   title: '{match[rule][name]}'
   type: 'NIDS'
   source: 'SecurityOnion'
-  description: "`NIDS Dashboard:` \n\n <https://{{es}}/kibana/app/kibana#/dashboard/ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'sid:')),sort:!('@timestamp',desc))> \n\n `IPs: `{match[source][ip]}:{match[source][port]} --> {match[destination][ip]}:{match[destination][port]} \n\n `Signature:`{match[rule][rule]}"
+  description: "`Hunting Pivot:` \n\n <https://{{es}}/#/hunt?q=event.module%3A%20suricata%20AND%20rule.uuid%3A{match[rule][uuid]}%20%7C%20groupby%20source.ip%20destination.ip%20rule.name>  \n\n `Kibana Dashboard:` \n\n <https://{{es}}/kibana/app/kibana#/dashboard/ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'sid:')),sort:!('@timestamp',desc))> \n\n `IPs: `{match[source][ip]}:{match[source][port]} --> {match[destination][ip]}:{match[destination][port]} \n\n `Signature:`{match[rule][rule]}"
   severity: 2
-  tags: ['{match[rule][signature_id]}','{match[source][ip]}','{match[destination][ip]}']
+  tags: ['{match[rule][uuid]}','{match[source][ip]}','{match[destination][ip]}']
   tlp: 3
   status: 'New'
   follow: True

salt/elastalert/init.sls

@@ -118,7 +118,7 @@ so-elastalert:
     - user: elastalert
     - detach: True
     - binds:
-      - /opt/so/rules/elastalert:/opt/rules/:ro
+      - /opt/so/rules/elastalert:/opt/elastalert/rules/:ro
       - /opt/so/log/elastalert:/var/log/elastalert:rw
       - /opt/so/conf/elastalert/modules/:/opt/elastalert/modules/:ro
       - /opt/so/conf/elastalert/elastalert_config.yaml:/opt/config/elastalert_config.yaml:ro

salt/reactor/fleet.sls

@@ -55,7 +55,7 @@ def run():
 
       # Run Docker container that will build the packages
       gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=/opt/so/saltstack/salt/fleet/packages,target=/output", \
-         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.2.2", \
+         "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:HH1.3.0", \
          f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')  
       
       # Update the 'packages-built' timestamp on the webpage (stored in the static pillar)

salt/soc/files/soc/soc.json

@@ -83,6 +83,7 @@
         },
         "queries": [
           { "name": "Default Query", "description": "Show all events grouped by the origin host", "query": "* | groupby observer.name"},
+          { "name": "Log Type", "description": "Show all events grouped by type", "query": "* | groupby event.module"},
           { "name": "Elastalerts", "description": "", "query": "_type:elastalert | groupby rule.name"},
           { "name": "Alerts", "description": "Show all alerts grouped by alert source", "query": "event.dataset: alert | groupby event.module"},
           { "name": "NIDS Alerts", "description": "Show all NIDS alerts grouped by alert name", "query": "event.category: network AND event.dataset: alert | groupby rule.name"},
@@ -95,7 +96,7 @@
           { "name": "Zeek Notice", "description": "Show notices from Zeek", "query": "event.module:zeek AND event.dataset:notice | groupby notice.note,notice.message"},
           { "name": "Connections", "description": "Connections grouped by IP and Port", "query": "event.module:zeek AND event.dataset:conn | groupby source.ip,destination.ip,network.protocol,destination.port"},
           { "name": "Connections", "description": "Connections grouped by Service", "query": "event.module:zeek AND event.dataset:conn | groupby network.protocol,destination.port"},
-          { "name": "Connections", "description": "Connections grouped by destination Geo", "query": "event.module:zeek AND event.dataset:conn | groupby destination_geo.country_name"},
+          { "name": "Connections", "description": "Connections grouped by destination Geo", "query": "event.module:zeek AND event.dataset:conn | groupby destination.geo.country_name"},
           { "name": "Connections", "description": "Connections grouped by source Geo", "query": "event.module:zeek AND event.dataset:conn | groupby source.geo.country_name"},
           { "name": "DCE_RPC", "description": "DCE_RPC grouped by operation", "query": "event.module:zeek AND event.dataset:dce_rpc | groupby operation"},
           { "name": "DHCP", "description": "DHCP leases", "query": "event.module:zeek AND event.dataset:dhcp | groupby host.hostname,host.domain,destination.ip"},
@@ -115,7 +116,7 @@
           { "name": "HTTP", "description": "HTTP grouped by status message", "query": "event.module:zeek AND event.dataset:http | groupby http.status_message"},
           { "name": "HTTP", "description": "HTTP grouped by user agent", "query": "event.module:zeek AND event.dataset:http | groupby http.useragent"},
           { "name": "HTTP", "description": "HTTP grouped by virtual host", "query": "event.module:zeek AND event.dataset:http | groupby http.virtual_host"},
-          { "name": "HTTP", "description": "HTTP with exe downloads", "query": "event.module:zeek AND event.dataset:http AND resp_mime_types:dosexec | groupby http.virtual_host"},
+          { "name": "HTTP", "description": "HTTP with exe downloads", "query": "event.module:zeek AND event.dataset:http AND file.resp_mime_types:dosexec | groupby http.virtual_host"},
           { "name": "Intel", "description": "Intel framework hits grouped by indicator", "query": "event.module:zeek AND event.dataset:intel | groupby intel.indicator"},
           { "name": "IRC", "description": "IRC grouped by command", "query": "event.module:zeek AND event.dataset:irc | groupby irc.command.type"},
           { "name": "KERBEROS", "description": "KERBEROS grouped by service", "query": "event.module:zeek AND event.dataset:kerberos | groupby kerberos.service"},
@@ -127,11 +128,11 @@
           { "name": "PE", "description": "PE files list", "query": "event.module:zeek AND event.dataset:pe | groupby file.machine,file.os,file.subsystem"},
           { "name": "RADIUS", "description": "RADIUS grouped by username", "query": "event.module:zeek AND event.dataset:radius | groupby user.name"},
           { "name": "RDP", "description": "RDP grouped by client name", "query": "event.module:zeek AND event.dataset:rdp | groupby client.name"},
-          { "name": "RFB", "description": "RFB grouped by desktop name", "query": "event.module:zeek AND event.dataset:rfb | groupby rfp.desktop.name"},
+          { "name": "RFB", "description": "RFB grouped by desktop name", "query": "event.module:zeek AND event.dataset:rfb | groupby rfb.desktop.name"},
           { "name": "Signatures", "description": "Zeek signatures grouped by signature id", "query": "event.module:zeek AND event.dataset:signatures | groupby signature_id"},
           { "name": "SIP", "description": "SIP grouped by user agent", "query": "event.module:zeek AND event.dataset:sip | groupby client.user_agent"},
           { "name": "SMB_Files", "description": "SMB files grouped by action", "query": "event.module:zeek AND event.dataset:smb_files | groupby file.action"},
-          { "name": "SMB_Mapping", "description": "SMB mapping grouped by path", "query": "event.module:zeek AND event.dataset:smb_mapping | groupby file.path"},
+          { "name": "SMB_Mapping", "description": "SMB mapping grouped by path", "query": "event.module:zeek AND event.dataset:smb_mapping | groupby smb.path"},
           { "name": "SMTP", "description": "SMTP grouped by subject", "query": "event.module:zeek AND event.dataset:smtp | groupby smtp.subject"},
           { "name": "SNMP", "description": "SNMP grouped by version and string", "query": "event.module:zeek AND event.dataset:snmp | groupby snmp.community,snmp.version"},
           { "name": "Software", "description": "List of software seen on the network", "query": "event.module:zeek AND event.dataset:software | groupby software.type,software.name"},
@@ -146,4 +147,4 @@
       }
     }
   }
-}
+}

salt/soctopus/files/templates/generic.template

@@ -1,12 +1,13 @@
 {% set es = salt['pillar.get']('static:masterip', '') %}
 {% set hivehost = salt['pillar.get']('static:masterip', '') %}
 {% set hivekey = salt['pillar.get']('static:hivekey', '') %}
-alert: modules.so.thehive.TheHiveAlerter
+alert: hivealerter
 
 hive_connection:
-  hive_host: https://{{hivehost}}/thehive/
+  hive_host: http://{{hivehost}}
+  hive_port: 9000/thehive
   hive_apikey: {{hivekey}}
-
+  
 hive_proxies:
   http: ''
   https: ''

salt/soctopus/files/templates/osquery.template

@@ -1,12 +1,13 @@
 {% set es = salt['pillar.get']('static:masterip', '') %}
 {% set hivehost = salt['pillar.get']('static:masterip', '') %}
 {% set hivekey = salt['pillar.get']('static:hivekey', '') %}
-alert: modules.so.thehive.TheHiveAlerter
+alert: hivealerter
 
 hive_connection:
-  hive_host: https://{{hivehost}}/thehive/
+  hive_host: http://{{hivehost}}
+  hive_port: 9000/thehive
   hive_apikey: {{hivekey}}
-
+  
 hive_proxies:
   http: ''
   https: ''

salt/top.sls

@@ -261,6 +261,9 @@ base:
     {%- if PLAYBOOK != 0 %}
     - playbook
     {%- endif %}
+    {%- if NAVIGATOR != 0 %}
+    - navigator
+    {%- endif %}
     {%- if FREQSERVER != 0 %}
     - freqserver
     {%- endif %}

setup/so-functions

@@ -823,11 +823,9 @@ master_pillar() {
 		"  cur_close_days: $CURCLOSEDAYS"\
 		"  grafana: $GRAFANA"\
 		"  osquery: $OSQUERY"\
-		"  wazuh: $WAZUH"\
 		"  thehive: $THEHIVE"\
 		"  playbook: $PLAYBOOK"\
 		"  navigator: $NAVIGATOR"\
-		"  strelka: $STRELKA"\
 		""\
 		"kratos:" >> "$pillar_file"
 
@@ -881,9 +879,11 @@ master_static() {
 		"  fleet_hostname: N/A"\
 		"  fleet_ip: N/A"\
 		"  sensoronikey: $SENSORONIKEY"\
-		"  masterupdate: $MASTERUPDATES" > "$static_pillar"
+		"  strelka: $STRELKA"\
-	echo "elastic:" >> /opt/so/saltstack/pillar/static.sls
+        "  wazuh: $WAZUH"\
-	echo "  features: False" >> /opt/so/saltstack/pillar/static.sls
+		"  masterupdate: $MASTERUPDATES"\
+		"elastic:"\
+		"  features: False" > "$static_pillar"
 
 	printf '%s\n'  '----' >> "$setup_log" 2>&1
 	cat "$static_pillar" >> "$setup_log" 2>&1
@@ -1016,11 +1016,11 @@ saltify() {
 	if [ $OS = 'centos' ]; then
 		set_progress_str 5 'Installing Salt repo'
 		{
-			sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/2019.2/SALTSTACK-GPG-KEY.pub;
+			sudo rpm --import https://repo.saltstack.com/py3/redhat/7/x86_64/archive/2019.2.5/SALTSTACK-GPG-KEY.pub;
-			cp ./yum_repos/salt-2019-2.repo /etc/yum.repos.d/salt-2019-2.repo;
+			cp ./yum_repos/salt-2019-2-5.repo /etc/yum.repos.d/salt-2019-2-5.repo;
 		} >> "$setup_log" 2>&1
 		set_progress_str 6 'Installing various dependencies'
-		yum -y install wget nmap >> "$setup_log" 2>&1
+		yum -y install wget nmap-ncat >> "$setup_log" 2>&1
 		case "$install_type" in
 			'MASTER' | 'EVAL' | 'MASTERSEARCH' | 'FLEET' | 'HELIXSENSOR')
 				reserve_group_ids >> "$setup_log" 2>&1
@@ -1028,12 +1028,12 @@ saltify() {
 				yum -y install sqlite argon2 curl mariadb-devel >> "$setup_log" 2>&1
 				# Download Ubuntu Keys in case master updates = 1
 				mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
-				wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
+				wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
-				wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
+				wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
-				wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
+				wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
 				cp ./yum_repos/wazuh.repo /etc/yum.repos.d/wazuh.repo >> "$setup_log" 2>&1
 				set_progress_str 7 'Installing salt-master'
-				yum -y install salt-master-2019.2.4 >> "$setup_log" 2>&1
+				yum -y install salt-master-2019.2.5 >> "$setup_log" 2>&1
 				systemctl enable salt-master >> "$setup_log" 2>&1
 				;;
 			*)
@@ -1044,7 +1044,7 @@ saltify() {
 
 						# Copy repo files over
 						cp ./yum_repos/salt-latest.repo /etc/yum.repos.d/salt-latest.repo;
-						cp ./yum_repos/salt-2019-2.repo /etc/yum.repos.d/salt-2019-2.repo;
+						cp ./yum_repos/salt-2019-2-5.repo /etc/yum.repos.d/salt-2019-2-5.repo;
 					} >> "$setup_log" 2>&1
 				fi
 				;;
@@ -1054,7 +1054,7 @@ saltify() {
 		set_progress_str 8 'Installing salt-minion & python modules'
 		{
 			yum -y install epel-release
-			yum -y install salt-minion-2019.2.4\
+			yum -y install salt-minion-2019.2.5\
 				python3\
 				python36-docker\
 				python36-dateutil\
@@ -1097,8 +1097,8 @@ saltify() {
 				if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi
 
 				# Add saltstack repo(s)
-				wget --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/2019.2/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
+				wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/2019.2.5/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
-				echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack2019.list
+				echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5 $OSVER main" > /etc/apt/sources.list.d/saltstack2019.list
 
 				# Add Docker repo
 				curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1
@@ -1106,9 +1106,9 @@ saltify() {
 
 				# Get gpg keys
 				mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
-				wget --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/"$ubuntu_version"/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
+				wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/"$ubuntu_version"/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
-				wget --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
+				wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
-				wget --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
+				wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
 
 				# Get key and install wazuh
 				curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - >> "$setup_log" 2>&1
@@ -1119,7 +1119,7 @@ saltify() {
 				set_progress_str 6 'Installing various dependencies'
 				apt-get -y install sqlite3 argon2 libssl-dev >> "$setup_log" 2>&1
 				set_progress_str 7 'Installing salt-master'
-				apt-get -y salt-master=2019.2.4+ds-1 >> "$setup_log" 2>&1
+				apt-get -y install salt-master=2019.2.5+ds-1 >> "$setup_log" 2>&1
 				apt-mark hold salt-master >> "$setup_log" 2>&1
 				;;
 			*)
@@ -1130,14 +1130,14 @@ saltify() {
 				echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1
 				apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
 				apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
-				echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/2019.2 $OSVER main" > /etc/apt/sources.list.d/saltstack.list >> "$setup_log" 2>&1
+				echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list >> "$setup_log" 2>&1
 				echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list >> "$setup_log" 2>&1
 				;;
 		esac
 		apt-get update >> "$setup_log" 2>&1
 		set_progress_str 8 'Installing salt-minion & python modules'
-		apt-get -y install salt-minion=2019.2.4+ds-1\
+		apt-get -y install salt-minion=2019.2.5+ds-1\
-					salt-common=2019.2.4+ds-1 >> "$setup_log" 2>&1
+					salt-common=2019.2.5+ds-1 >> "$setup_log" 2>&1
 		apt-mark hold salt-minion salt-common >> "$setup_log" 2>&1
 		if [ "$OSVER" != 'xenial' ]; then 
 			apt-get -y install python3-dateutil python3-m2crypto python3-mysqldb >> "$setup_log" 2>&1
@@ -1282,12 +1282,9 @@ set_hostname() {
 
 	set_hostname_iso
 
-	HOSTNAME=$(cat /etc/hostname)
 	if [[ ! $install_type =~ ^(MASTER|EVAL|HELIXSENSOR|MASTERSEARCH)$ ]]; then
-		if [[ $TESTHOST = *"not found"* ]] || [ -z "$TESTHOST" ] || [[ $TESTHOST = *"connection timed out"* ]]; then
+		if ! getent hosts "$MSRV"; then
-			if ! grep -q "$MSRVIP" /etc/hosts; then
+			echo "$MSRVIP   $MSRV" >> /etc/hosts
-				echo "$MSRVIP   $MSRV" >> /etc/hosts
-			fi
 		fi
 	fi
 
@@ -1297,9 +1294,10 @@ set_hostname_iso() {
 
 	hostnamectl set-hostname --static "$HOSTNAME"
 	echo "127.0.0.1   $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost4 localhost4.localdomain" > /etc/hosts
-	echo "::1   $HOSTNAME $HOSTNAME localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts
+	echo "::1   $HOSTNAME $HOSTNAME.localdomain localhost localhost.localdomain localhost6 localhost6.localdomain6" >> /etc/hosts
 	echo "$HOSTNAME" > /etc/hostname
 
+	hostname -F /etc/hostname
 
 }
 

setup/so-whiptail

@@ -905,6 +905,8 @@ whiptail_set_hostname() {
 
 	[ -n "$TESTING" ] && return
 
+	HOSTNAME=$(cat /etc/hostname)
+
 	HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \
 	"Enter the Hostname you would like to set." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3)
 

setup/yum_repos/salt-2019-2-5.repo

@@ -0,0 +1,6 @@
+[saltstack-repo]
+name=SaltStack repo for RHEL/CentOS $releasever PY3
+baseurl=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/2019.2.5/
+enabled=1
+gpgcheck=1
+gpgkey=https://repo.saltstack.com/py3/redhat/7/x86_64/archive/2019.2.5/SALTSTACK-GPG-KEY.pub

setup/yum_repos/salt-2019-2.repo

@@ -1,6 +0,0 @@
-[saltstack-repo]
-name=SaltStack repo for RHEL/CentOS $releasever PY3
-baseurl=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/2019.2
-enabled=1
-gpgcheck=1
-gpgkey=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/2019.2/SALTSTACK-GPG-KEY.pub