From 981371c72fab84bbd2a21dd2d1e6e7c25a5d3fce Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 27 Sep 2022 16:48:47 -0400
Subject: [PATCH 1/3] log salt-relay responses for troubleshooting assistance

---
 salt/soc/files/bin/salt-relay.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/soc/files/bin/salt-relay.sh b/salt/soc/files/bin/salt-relay.sh
index bc6f70e51..2fa486bdd 100755
--- a/salt/soc/files/bin/salt-relay.sh
+++ b/salt/soc/files/bin/salt-relay.sh
@@ -109,7 +109,7 @@ function manage_user() {
   esac
 
   if [[ exit_code -eq 0 ]]; then
-    log "Successful command execution"
+    log "Successful command execution: $response"
     $(echo "true" > "${SOC_PIPE}")
   else
     log "Unsuccessful command execution: $response ($exit_code)"
@@ -150,7 +150,7 @@ function manage_salt() {
   esac
 
   if [[ exit_code -eq 0 ]]; then
-    log "Successful command execution"
+    log "Successful command execution: $response"
     $(echo "true" > "${SOC_PIPE}")
   else
     log "Unsuccessful command execution: $response ($exit_code)"

From e519548557d86fc2a8a3229d66778b42f3e7bb1f Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 27 Sep 2022 16:55:28 -0400
Subject: [PATCH 2/3] add logLevel default and annotation for quick access to
 enabling debug logs

---
 salt/soc/defaults.yaml | 1 +
 salt/soc/soc_soc.yaml  | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index fbd2acb6e..4eb5d07c3 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1,5 +1,6 @@
 soc:
   logFilename: /opt/sensoroni/logs/sensoroni-server.log
+  logLevel: info
   actions:
     - name: actionHunt
       description: actionHuntHelp
diff --git a/salt/soc/soc_soc.yaml b/salt/soc/soc_soc.yaml
index 8d7cc8481..5be2dbed0 100644
--- a/salt/soc/soc_soc.yaml
+++ b/salt/soc/soc_soc.yaml
@@ -1,4 +1,8 @@
 soc:
+  logLevel:
+    description: The SOC log level, useful for enabling debug logging for advanced troubleshooting. Allowed values are debug, info, warn, error. The SOC log is available at /opt/so/log/soc/sensoroni-server.log.
+    global: True
+    regex: (info|debug|warn|error)
   files:
     soc:
       banner__md:

From 5708f3595e143ced0c4030ebae0cd85168ea0d6c Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Tue, 27 Sep 2022 17:27:28 -0400
Subject: [PATCH 3/3] Avoid overwriting the file inode since it's mapped into a
 running container

---
 salt/common/tools/sbin/so-user | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index 0a287aa7c..737efb7f0 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -573,7 +573,7 @@ function deleteUser() {
   rolesTmpFile="${socRolesFile}.tmp"
   createFile "$rolesTmpFile" "$soUID" "$soGID"
   grep -v "$identityId" "$socRolesFile" > "$rolesTmpFile"
-  mv "$rolesTmpFile" "$socRolesFile"
+  cat "$rolesTmpFile" > "$socRolesFile"
 }
 
 case "${operation}" in