update all nodes motd with nodes that need restarted from patch updates - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/112

2025-12-06 09:12:45 +01:00 · 2019-11-15 13:58:32 -05:00
parent b2b75acedb
commit ff4077a46f
6 changed files with 67 additions and 0 deletions
--- a/salt/_modules/needs_restarting.py
+++ b/salt/_modules/needs_restarting.py
@@ -0,0 +1,25 @@
+from os import path
+import subprocess
+
+def check():
+
+  os = __grains__['os']
+  cmd = 'needs-restarting -r > /dev/null 2>&1'
+
+  if os == 'Ubuntu':
+    if path.exists('/var/run/reboot-required'):
+      retval = 'True'
+    else:
+      retval = 'False'
+
+  elif os == 'CentOS':
+    try:
+      needs_restarting = subprocess.check_call(cmd.split(), shell=True)
+    except subprocess.CalledProcessError:
+      retval = 'True'
+    retval = 'False'
+
+  else:
+    retval = 'Unsupported OS: %s' % os
+
+  return retval
--- a/salt/motd/files/package_update_reboot_required.jinja
+++ b/salt/motd/files/package_update_reboot_required.jinja
@@ -0,0 +1,23 @@
+{% set needs_restarting_check = salt['mine.get']('*', 'needs_restarting.check', tgt_type='glob') -%}
+
+{%- if needs_restarting_check %}
+  {%- set minions_need_restarted = [] %}
+
+  {%- for minion, need_restarted in needs_restarting_check | dictsort() %}
+    {%- if need_restarted == 'True' %}
+      {% do minions_need_restarted.append(minion) %}
+    {%- endif %}
+  {%- endfor -%}
+
+  {%- if minions_need_restarted | length > 0 %}
+*****************************************************************************************
+* The following nodes in your Security Onion grid need restarted due to package updates *
+*****************************************************************************************
+
+    {% for minion in minions_need_restarted -%}
+  {{ minion }}
+    {% endfor -%}
+
+  {%- endif -%}
+
+{%- endif -%}
--- a/salt/motd/init.sls
+++ b/salt/motd/init.sls
@@ -0,0 +1,5 @@
+package_update_reboot_required_motd:
+  file.append:
+    - name: /etc/motd
+    - source: salt://motd/files/package_update_reboot_required.jinja
+    - template: jinja
--- a/salt/patch/os/init.sls
+++ b/salt/patch/os/init.sls
@@ -1,4 +1,14 @@
+{% if grains.os == "CentOS" %}
+include:
+  - yum.packages
+{% endif %}
+
 patch_os:
  pkg.uptodate:
    - name: patch_os
    - refresh: True
+
+needs_restarting:
+  module.run:
+    - mine.send:
+      - func: needs_restarting.check
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -7,6 +7,7 @@
 base:
  '*':
    - patch.os.schedule
+    - motd

  'G@role:so-sensor':
    - ca
--- a/salt/yum/packages.sls
+++ b/salt/yum/packages.sls
@@ -0,0 +1,3 @@
+install_yum_utils:
+  pkg.installed:
+    - name: yum-utils