Merge pull request #7720 from Security-Onion-Solutions/hotfix/2.3.110

Hotfix/2.3.110

HOTFIX

@@ -0,0 +1 @@
+04012022 04052022

VERIFY_ISO.md

@@ -1,18 +1,18 @@
-### 2.3.110-20220309 ISO image built on 2022/03/09
+### 2.3.110-20220405 ISO image built on 2022/04/05
 
 
 
 ### Download and Verify
 
-2.3.110-20220309 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220309.iso
+2.3.110-20220405 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220405.iso
 
-MD5: 537564F8B56633E2D46E5E7C4E2BF18A  
-SHA1: 1E1B42EDB711AC8B5963B3460056770B91AE6BFC  
-SHA256: 4D73E5BE578DA43DCFD3C1B5F9AF07A7980D8DF90ACDDFEF6CEA177F872EECA0 
+MD5: 9CE982FE45DC2957A3A6D376E6DCC048  
+SHA1: 10E3FF28A69F9617D4CCD2F5061AA2DC062B8F94  
+SHA256: 0C178A422ABF7B61C08728E32CE20A9F9C1EC65807EB67D06F1C23F7D1EA51A7 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220309.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220405.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220309.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220405.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220309.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220405.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.110-20220309.iso.sig securityonion-2.3.110-20220309.iso
+gpg --verify securityonion-2.3.110-20220405.iso.sig securityonion-2.3.110-20220405.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Wed 09 Mar 2022 10:20:47 AM EST using RSA key ID FE507013
+gpg: Signature made Tue 05 Apr 2022 06:37:40 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.

salt/common/tools/sbin/soup

@@ -93,8 +93,7 @@ check_err() {
     fi
     set +e
     systemctl_func "start" "$cron_service_name"
-    echo "Ensuring highstate is enabled."
-    salt-call state.enable highstate --local
+    enable_highstate
     exit $exit_code
   fi
 
@@ -366,6 +365,12 @@ clone_to_tmp() {
   fi
 }
 
+enable_highstate() {
+    echo "Enabling highstate."
+    salt-call state.enable highstate -l info --local
+    echo ""
+}
+
 generate_and_clean_tarballs() {
   local new_version
   new_version=$(cat $UPDATE_DIR/VERSION)
@@ -492,10 +497,10 @@ stop_salt_master() {
     set +e
     echo ""
     echo "Killing all Salt jobs across the grid."
-    salt \* saltutil.kill_all_jobs
+    salt \* saltutil.kill_all_jobs >> $SOUP_LOG 2>&1
     echo ""
     echo "Killing any queued Salt jobs on the manager."
-    pkill -9 -ef "/usr/bin/python3 /bin/salt"
+    pkill -9 -ef "/usr/bin/python3 /bin/salt" >> $SOUP_LOG 2>&1
     set -e
 
     echo ""
@@ -880,7 +885,7 @@ upgrade_salt() {
     echo ""
     set +e
     run_check_net_err \
-    "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -F -M -x python3 stable \"$NEWSALTVERSION\"" \
+    "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -r -F -M -x python3 stable \"$NEWSALTVERSION\"" \
     "Could not update salt, please check $SOUP_LOG for details."
     set -e
     echo "Applying apt hold for Salt."
@@ -889,11 +894,27 @@ upgrade_salt() {
     apt-mark hold "salt-master"
     apt-mark hold "salt-minion"
   fi
+
+  echo "Checking if Salt was upgraded."
+  echo ""
+  # Check that Salt was upgraded
+  SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
+  if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
+    echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
+    echo "Once the issue is resolved, run soup again."
+    echo "Exiting."
+    echo ""
+    exit 0
+  else
+    echo "Salt upgrade success."
+    echo ""
+  fi
+
 }
 
 update_repo() {
-  echo "Performing repo changes."
   if [[ "$OS" == "centos" ]]; then
+    echo "Performing repo changes."
     # Import GPG Keys
     gpg_rpm_import
     echo "Disabling fastestmirror."
@@ -913,6 +934,20 @@ update_repo() {
       yum clean all
       yum repolist
     fi
+  elif [[ "$OS" == "ubuntu" ]]; then
+    ubuntu_version=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}')
+
+    if grep -q "UBUNTU_CODENAME=bionic" /etc/os-release; then
+      OSVER=bionic
+    elif grep -q "UBUNTU_CODENAME=focal" /etc/os-release; then
+      OSVER=focal
+    else
+      echo "We do not support your current version of Ubuntu."
+      exit 1
+    fi
+
+    echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt $OSVER main" > /etc/apt/sources.list.d/saltstack.list
+    apt-get update
   fi
 }
 
@@ -945,6 +980,8 @@ verify_latest_update_script() {
 apply_hotfix() {
   if [[ "$INSTALLEDVERSION" == "2.3.90" ]] ; then
     fix_wazuh
+  elif [[ "$INSTALLEDVERSION" == "2.3.110" ]] ; then
+    2_3_10_hotfix_1
   else
     echo "No actions required. ($INSTALLEDVERSION/$HOTFIXVERSION)"
   fi
@@ -966,6 +1003,28 @@ fix_wazuh() {
   fi
 }
 
+#upgrade salt to 3004.1
+2_3_10_hotfix_1() {
+    systemctl_func "stop" "$cron_service_name"
+    # update mine items prior to stopping salt-minion and salt-master
+    update_salt_mine
+    stop_salt_minion
+    stop_salt_master
+    update_repo
+    # Does salt need upgraded. If so update it.
+    if [[ $UPGRADESALT -eq 1 ]]; then
+      echo "Upgrading Salt"
+      # Update the repo files so it can actually upgrade
+      upgrade_salt
+    fi
+    rm -f /opt/so/state/influxdb_continuous_query.py.patched /opt/so/state/influxdbmod.py.patched /opt/so/state/influxdb_retention_policy.py.patched
+    systemctl_func "start" "salt-master"
+    salt-call state.apply salt.python3-influxdb -l info
+    systemctl_func "start" "salt-minion"
+    systemctl_func "start" "$cron_service_name"
+
+}
+
 main() {
   trap 'check_err $?' EXIT
   
@@ -1041,6 +1100,7 @@ main() {
     apply_hotfix
     echo "Hotfix applied"
     update_version
+    enable_highstate
     salt-call state.highstate -l info queue=True
   else
     echo ""
@@ -1080,21 +1140,6 @@ main() {
       echo "Upgrading Salt"
       # Update the repo files so it can actually upgrade
       upgrade_salt
-    
-      echo "Checking if Salt was upgraded."
-      echo ""
-      # Check that Salt was upgraded
-      SALTVERSIONPOSTUPGRADE=$(salt --versions-report | grep Salt: | awk '{print $2}')
-      if [[ "$SALTVERSIONPOSTUPGRADE" != "$NEWSALTVERSION" ]]; then
-        echo "Salt upgrade failed. Check of indicators of failure in $SOUP_LOG."
-        echo "Once the issue is resolved, run soup again."
-        echo "Exiting."
-        echo ""
-        exit 0
-      else
-        echo "Salt upgrade success."
-        echo ""
-      fi
     fi
 
     preupgrade_changes
@@ -1150,9 +1195,7 @@ main() {
       echo ""
     fi
 
-    echo "Enabling highstate."
-    salt-call state.enable highstate -l info --local
-    echo ""
+    enable_highstate
 
     echo ""
     echo "Running a highstate. This could take several minutes."

salt/repo/client/centos.sls

@@ -0,0 +1,98 @@
+{% from 'repo/client/map.jinja' import ABSENTFILES with context %}
+{% from 'repo/client/map.jinja' import REPOPATH with context %}
+{% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
+{% set managerupdates = salt['pillar.get']('global:managerupdate', 0) %}
+{% set role = grains.id.split('_') | last %}
+
+# from airgap state
+{% if ISAIRGAP and grains.os == 'CentOS' %}
+{% set MANAGER = salt['grains.get']('master') %}
+airgapyum:
+  file.managed:
+    - name: /etc/yum/yum.conf
+    - source: salt://repo/client/files/centos/airgap/yum.conf
+
+airgap_repo:
+  pkgrepo.managed:
+    - humanname: Airgap Repo
+    - baseurl: https://{{ MANAGER }}/repo
+    - gpgcheck: 0
+    - sslverify: 0
+
+{% endif %}
+
+# from airgap and common
+{% if ABSENTFILES|length > 0%}
+  {% for file in ABSENTFILES  %}
+{{ file }}:
+  file.absent:
+    - name: {{ REPOPATH }}{{ file }}
+    - onchanges_in:
+      - cmd: cleanyum
+  {% endfor %}
+{% endif %}
+
+# from common state
+# Remove default Repos
+{% if grains['os'] == 'CentOS' %}
+repair_yumdb:
+  cmd.run:
+    - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all'
+    - onlyif:
+      - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"'
+
+crsynckeys:
+  file.recurse:
+    - name: /etc/pki/rpm_gpg
+    - source: salt://repo/client/files/centos/keys/
+
+{% if not ISAIRGAP %}
+    {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] or managerupdates == 0 %}
+remove_securityonionrepocache:
+  file.absent:
+    - name: /etc/yum.repos.d/securityonioncache.repo
+    {% endif %}
+
+    {% if role not in ['eval', 'standalone', 'import', 'manager', 'managersearch'] and managerupdates == 1 %}
+remove_securityonionrepo:
+  file.absent:
+    - name: /etc/yum.repos.d/securityonion.repo
+    {% endif %}
+
+crsecurityonionrepo:
+  file.managed:
+    {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] or managerupdates == 0 %}
+    - name: /etc/yum.repos.d/securityonion.repo
+    - source: salt://repo/client/files/centos/securityonion.repo
+    {% else %}
+    - name: /etc/yum.repos.d/securityonioncache.repo
+    - source: salt://repo/client/files/centos/securityonioncache.repo
+    {% endif %}
+    - mode: 644
+
+yumconf:
+  file.managed:
+    - name: /etc/yum.conf
+    - source: salt://repo/client/files/centos/yum.conf.jinja
+    - mode: 644
+    - template: jinja
+    - show_changes: False
+
+cleanairgap:
+  file.absent:
+    - name: /etc/yum.repos.d/airgap_repo.repo
+{% endif %}
+
+cleanyum:
+  cmd.run:
+    - name: 'yum clean metadata'
+    - onchanges:
+{% if ISAIRGAP %}
+      - file: airgapyum
+      - pkgrepo: airgap_repo
+{% else %}
+      - file: crsecurityonionrepo
+      - file: yumconf
+{% endif %}
+
+{% endif %}

salt/repo/client/init.sls

@@ -1,98 +1,2 @@
-{% from 'repo/client/map.jinja' import ABSENTFILES with context %}
-{% from 'repo/client/map.jinja' import REPOPATH with context %}
-{% set ISAIRGAP = salt['pillar.get']('global:airgap', False) %}
-{% set managerupdates = salt['pillar.get']('global:managerupdate', 0) %}
-{% set role = grains.id.split('_') | last %}
-
-# from airgap state
-{% if ISAIRGAP and grains.os == 'CentOS' %}
-{% set MANAGER = salt['grains.get']('master') %}
-airgapyum:
-  file.managed:
-    - name: /etc/yum/yum.conf
-    - source: salt://repo/client/files/centos/airgap/yum.conf
-
-airgap_repo:
-  pkgrepo.managed:
-    - humanname: Airgap Repo
-    - baseurl: https://{{ MANAGER }}/repo
-    - gpgcheck: 0
-    - sslverify: 0
-
-{% endif %}
-
-# from airgap and common
-{% if ABSENTFILES|length > 0%}
-  {% for file in ABSENTFILES  %}
-{{ file }}:
-  file.absent:
-    - name: {{ REPOPATH }}{{ file }}
-    - onchanges_in:
-      - cmd: cleanyum
-  {% endfor %}
-{% endif %}
-
-# from common state
-# Remove default Repos
-{% if grains['os'] == 'CentOS' %}
-repair_yumdb:
-  cmd.run:
-    - name: 'mv -f /var/lib/rpm/__db* /tmp && yum clean all'
-    - onlyif:
-      - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"'
-
-crsynckeys:
-  file.recurse:
-    - name: /etc/pki/rpm_gpg
-    - source: salt://repo/client/files/centos/keys/
-
-{% if not ISAIRGAP %}
-    {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] or managerupdates == 0 %}
-remove_securityonionrepocache:
-  file.absent:
-    - name: /etc/yum.repos.d/securityonioncache.repo
-    {% endif %}
-
-    {% if role not in ['eval', 'standalone', 'import', 'manager', 'managersearch'] and managerupdates == 1 %}
-remove_securityonionrepo:
-  file.absent:
-    - name: /etc/yum.repos.d/securityonion.repo
-    {% endif %}
-
-crsecurityonionrepo:
-  file.managed:
-    {% if role in ['eval', 'standalone', 'import', 'manager', 'managersearch'] or managerupdates == 0 %}
-    - name: /etc/yum.repos.d/securityonion.repo
-    - source: salt://repo/client/files/centos/securityonion.repo
-    {% else %}
-    - name: /etc/yum.repos.d/securityonioncache.repo
-    - source: salt://repo/client/files/centos/securityonioncache.repo
-    {% endif %}
-    - mode: 644
-
-yumconf:
-  file.managed:
-    - name: /etc/yum.conf
-    - source: salt://repo/client/files/centos/yum.conf.jinja
-    - mode: 644
-    - template: jinja
-    - show_changes: False
-
-cleanairgap:
-  file.absent:
-    - name: /etc/yum.repos.d/airgap_repo.repo
-{% endif %}
-
-cleanyum:
-  cmd.run:
-    - name: 'yum clean metadata'
-    - onchanges:
-{% if ISAIRGAP %}
-      - file: airgapyum
-      - pkgrepo: airgap_repo
-{% else %}
-      - file: crsecurityonionrepo
-      - file: yumconf
-{% endif %}
-
-{% endif %}
+include:
+  - repo.client.{{grains.os | lower}}

salt/repo/client/ubuntu.sls

@@ -0,0 +1,5 @@
+saltstack.list:
+  file.managed:
+    - name: /etc/apt/sources.list.d/saltstack.list
+    - contents:
+      - deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/{{grains.osrelease}}/amd64/salt/ {{grains.oscodename}} main

salt/salt/map.jinja

@@ -29,7 +29,7 @@
   {% if grains.os|lower in ['centos', 'redhat'] %}
       {% set UPGRADECOMMAND = 'yum clean all ; /usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
   {% elif grains.os|lower == 'ubuntu' %}
-    {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -F -x python3 stable ' ~ SALTVERSION %}
+    {% set UPGRADECOMMAND = '/usr/sbin/bootstrap-salt.sh -s 120 -r -F -x python3 stable ' ~ SALTVERSION %}
   {% endif %}
 {% else %}
   {% set UPGRADECOMMAND = 'echo Already running Salt Minion version ' ~ SALTVERSION %}

salt/salt/master.defaults.yaml

@@ -2,4 +2,4 @@
 # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions
 salt:
   master:
-    version: 3004
+    version: 3004.1

salt/salt/minion.defaults.yaml

@@ -2,6 +2,6 @@
 # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions
 salt:
   minion:
-    version: 3004
+    version: 3004.1
     check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. any value less than 600 seconds may cause a lot of salt-minion restarts since the job to touch the file occurs every 5-8 minutes by default
     service_start_delay: 30 # in seconds.

salt/salt/minion.sls

@@ -31,6 +31,22 @@ install_salt_minion:
         exec 1>&- # close stdout
         exec 2>&- # close stderr
         nohup /bin/sh -c '{{ UPGRADECOMMAND }}' &
+
+  {# if we are the salt master #}
+  {% if grains.id.split('_')|first == grains.master %}
+remove_influxdb_continuous_query_state_file:
+  file.absent:
+    - name: /opt/so/state/influxdb_continuous_query.py.patched
+
+remove_influxdbmod_state_file:
+  file.absent:
+    - name: /opt/so/state/influxdbmod.py.patched
+
+remove_influxdb_retention_policy_state_file:
+  file.absent:
+    - name: /opt/so/state/influxdb_retention_policy.py.patched
+  {% endif %}
+
 {% endif %}
 
 {% if INSTALLEDSALTVERSION|string == SALTVERSION|string %}

salt/top.sls

@@ -21,16 +21,15 @@ base:
 
   '*':
     - cron.running
+    - repo.client
 
   'not G@saltversion:{{saltversion}}':
     - match: compound
     - salt.minion-state-apply-test
-    - repo.client
     - salt.minion
 
   'G@os:CentOS and G@saltversion:{{saltversion}}':
     - match: compound
-    - repo.client
     - yum.packages
 
   '* and G@saltversion:{{saltversion}}':

setup/so-functions

@@ -2277,13 +2277,13 @@ saltify() {
 				# Download Ubuntu Keys in case manager updates = 1
 				logCmd "mkdir -vp /opt/so/gpg"
 				if [[ ! $is_airgap ]]; then
-				  logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3004/SALTSTACK-GPG-KEY.pub"
+				  logCmd "wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt/SALTSTACK-GPG-KEY.pub"
 				  logCmd "wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg"
 				  logCmd "wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH"
 				fi
 				set_progress_str 7 'Installing salt-master'
 				if [[ ! $is_iso ]]; then
-				  logCmd "yum -y install salt-master-3004"
+				  logCmd "yum -y install salt-master-3004.1"
 				fi
 				logCmd "systemctl enable salt-master"
 				;;
@@ -2295,7 +2295,7 @@ saltify() {
 		fi
 		set_progress_str 8 'Installing salt-minion & python modules'
 			if [[ ! $is_iso ]]; then
-				logCmd "yum -y install salt-minion-3004 httpd-tools python3 python36-docker python36-dateutil python36-m2crypto python36-mysql python36-packaging python36-lxml yum-utils device-mapper-persistent-data lvm2 openssl jq"
+				logCmd "yum -y install salt-minion-3004.1 httpd-tools python3 python36-docker python36-dateutil python36-m2crypto python36-mysql python36-packaging python36-lxml yum-utils device-mapper-persistent-data lvm2 openssl jq"
 				logCmd "yum -y update --exclude=salt*"
 			fi
 		logCmd "systemctl enable salt-minion"
@@ -2334,8 +2334,8 @@ saltify() {
 			'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE' | 'IMPORT' | 'HELIXSENSOR')
 
 				# Add saltstack repo(s)
-				wget -q --inet4-only -O - https://repo.saltstack.com/py3/ubuntu/"$ubuntu_version"/amd64/archive/3004/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
-				echo "deb http://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3004 $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
+				wget -q --inet4-only -O - https://repo.securityonion.net/file/securityonion-repo/ubuntu/"$ubuntu_version"/amd64/salt/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1
+				echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
 
 				# Add Docker repo
 				curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1
@@ -2343,7 +2343,7 @@ saltify() {
 
 				# Get gpg keys
 				mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
-				wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/py3/ubuntu/"$ubuntu_version"/amd64/archive/3004/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
+				wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.securityonion.net/file/securityonion-repo/ubuntu/"$ubuntu_version"/amd64/salt/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
 				wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1
 				wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1
 
@@ -2356,7 +2356,7 @@ saltify() {
 				set_progress_str 6 'Installing various dependencies'
 				retry 50 10 "apt-get -y install sqlite3 libssl-dev" >> "$setup_log" 2>&1 || exit 1
 				set_progress_str 7 'Installing salt-master'
-				retry 50 10 "apt-get -y install salt-master=3004+ds-1" >> "$setup_log" 2>&1 || exit 1
+				retry 50 10 "apt-get -y install salt-master=3004.1+ds-1" >> "$setup_log" 2>&1 || exit 1
 				retry 50 10 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || exit 1
 				;;
 			*)
@@ -2367,14 +2367,14 @@ saltify() {
 				echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1
 				apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1
 				apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1
-				echo "deb http://repo.saltstack.com/py3/ubuntu/$ubuntu_version/amd64/archive/3004/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
+				echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log"
 				echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log"
 				;;
 		esac
 
 		retry 50 10 "apt-get update" "" "Err:" >> "$setup_log" 2>&1 || exit 1
 		set_progress_str 8 'Installing salt-minion & python modules'
-		retry 50 10 "apt-get -y install salt-minion=3004+ds-1 salt-common=3004+ds-1" >> "$setup_log" 2>&1 || exit 1
+		retry 50 10 "apt-get -y install salt-minion=3004.1+ds-1 salt-common=3004.1+ds-1" >> "$setup_log" 2>&1 || exit 1
 		retry 50 10 "apt-mark hold salt-minion salt-common" >> "$setup_log" 2>&1 || exit 1
 		retry 50 10 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" >> "$setup_log" 2>&1 || exit 1
 	fi