Merge remote-tracking branch 'remotes/origin/dev' into feature/users

Merge remote-tracking branch 'remotes/origin/master' into feature/users
remove requirement on groups
2026-05-09 12:52:38 +02:00 · 2021-11-19 09:58:01 -05:00 · 2021-07-02 08:13:56 -04:00 · 2021-06-23 18:28:19 -04:00 · 2021-06-23 18:17:18 -04:00 · 2021-06-23 17:49:06 -04:00
612 changed files with 8292 additions and 433730 deletions
@@ -1,546 +0,0 @@
 title = "gitleaks config"
 # Gitleaks rules are defined by regular expressions and entropy ranges.
 # Some secrets have unique signatures which make detecting those secrets easy.
 # Examples of those secrets would be GitLab Personal Access Tokens, AWS keys, and GitHub Access Tokens.
 # All these examples have defined prefixes like `glpat`, `AKIA`, `ghp_`, etc.
 #
 # Other secrets might just be a hash which means we need to write more complex rules to verify
 # that what we are matching is a secret.
 #
 # Here is an example of a semi-generic secret
 #
 #   discord_client_secret = "8dyfuiRyq=vVc3RRr_edRk-fK__JItpZ"
 #
 # We can write a regular expression to capture the variable name (identifier),
 # the assignment symbol (like '=' or ':='), and finally the actual secret.
 # The structure of a rule to match this example secret is below:
 #
 #                                                           Beginning string
 #                                                               quotation
 #                                                                   │            End string quotation
 #                                                                   │                      │
 #                                                                   ▼                      ▼
 #    (?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"]
 #
 #                   ▲                              ▲                                ▲
 #                   │                              │                                │
 #                   │                              │                                │
 #              identifier                  assignment symbol
 #                                                                                Secret
 #
 [[rules]]
 id = "gitlab-pat"
 description = "GitLab Personal Access Token"
 regex = '''glpat-[0-9a-zA-Z\-\_]{20}'''
 [[rules]]
 id = "aws-access-token"
 description = "AWS"
 regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
 # Cryptographic keys
 [[rules]]
 id = "PKCS8-PK"
 description = "PKCS8 private key"
 regex = '''-----BEGIN PRIVATE KEY-----'''
 [[rules]]
 id = "RSA-PK"
 description = "RSA private key"
 regex = '''-----BEGIN RSA PRIVATE KEY-----'''
 [[rules]]
 id = "OPENSSH-PK"
 description = "SSH private key"
 regex = '''-----BEGIN OPENSSH PRIVATE KEY-----'''
 [[rules]]
 id = "PGP-PK"
 description = "PGP private key"
 regex = '''-----BEGIN PGP PRIVATE KEY BLOCK-----'''
 [[rules]]
 id = "github-pat"
 description = "GitHub Personal Access Token"
 regex = '''ghp_[0-9a-zA-Z]{36}'''
 [[rules]]
 id = "github-oauth"
 description = "GitHub OAuth Access Token"
 regex = '''gho_[0-9a-zA-Z]{36}'''
 [[rules]]
 id = "SSH-DSA-PK"
 description = "SSH (DSA) private key"
 regex = '''-----BEGIN DSA PRIVATE KEY-----'''
 [[rules]]
 id = "SSH-EC-PK"
 description = "SSH (EC) private key"
 regex = '''-----BEGIN EC PRIVATE KEY-----'''
 [[rules]]
 id = "github-app-token"
 description = "GitHub App Token"
 regex = '''(ghu|ghs)_[0-9a-zA-Z]{36}'''
 [[rules]]
 id = "github-refresh-token"
 description = "GitHub Refresh Token"
 regex = '''ghr_[0-9a-zA-Z]{76}'''
 [[rules]]
 id = "shopify-shared-secret"
 description = "Shopify shared secret"
 regex = '''shpss_[a-fA-F0-9]{32}'''
 [[rules]]
 id = "shopify-access-token"
 description = "Shopify access token"
 regex = '''shpat_[a-fA-F0-9]{32}'''
 [[rules]]
 id = "shopify-custom-access-token"
 description = "Shopify custom app access token"
 regex = '''shpca_[a-fA-F0-9]{32}'''
 [[rules]]
 id = "shopify-private-app-access-token"
 description = "Shopify private app access token"
 regex = '''shppa_[a-fA-F0-9]{32}'''
 [[rules]]
 id = "slack-access-token"
 description = "Slack token"
 regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
 [[rules]]
 id = "stripe-access-token"
 description = "Stripe"
 regex = '''(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}'''
 [[rules]]
 id = "pypi-upload-token"
 description = "PyPI upload token"
 regex = '''pypi-AgEIcHlwaS5vcmc[A-Za-z0-9\-_]{50,1000}'''
 [[rules]]
 id = "gcp-service-account"
 description = "Google (GCP) Service-account"
 regex = '''\"type\": \"service_account\"'''
 [[rules]]
 id = "heroku-api-key"
 description = "Heroku API Key"
 regex = ''' (?i)(heroku[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "slack-web-hook"
 description = "Slack Webhook"
 regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}'''
 [[rules]]
 id = "twilio-api-key"
 description = "Twilio API Key"
 regex = '''SK[0-9a-fA-F]{32}'''
 [[rules]]
 id = "age-secret-key"
 description = "Age secret key"
 regex = '''AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}'''
 [[rules]]
 id = "facebook-token"
 description = "Facebook token"
 regex = '''(?i)(facebook[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "twitter-token"
 description = "Twitter token"
 regex = '''(?i)(twitter[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{35,44})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "adobe-client-id"
 description = "Adobe Client ID (Oauth Web)"
 regex = '''(?i)(adobe[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "adobe-client-secret"
 description = "Adobe Client Secret"
 regex = '''(p8e-)(?i)[a-z0-9]{32}'''
 [[rules]]
 id = "alibaba-access-key-id"
 description = "Alibaba AccessKey ID"
 regex = '''(LTAI)(?i)[a-z0-9]{20}'''
 [[rules]]
 id = "alibaba-secret-key"
 description = "Alibaba Secret Key"
 regex = '''(?i)(alibaba[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "asana-client-id"
 description = "Asana Client ID"
 regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{16})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "asana-client-secret"
 description = "Asana Client Secret"
 regex = '''(?i)(asana[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "atlassian-api-token"
 description = "Atlassian API token"
 regex = '''(?i)(atlassian[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{24})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "bitbucket-client-id"
 description = "Bitbucket client ID"
 regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{32})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "bitbucket-client-secret"
 description = "Bitbucket client secret"
 regex = '''(?i)(bitbucket[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9_\-]{64})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "beamer-api-token"
 description = "Beamer API token"
 regex = '''(?i)(beamer[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](b_[a-z0-9=_\-]{44})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "clojars-api-token"
 description = "Clojars API token"
 regex = '''(CLOJARS_)(?i)[a-z0-9]{60}'''
 [[rules]]
 id = "contentful-delivery-api-token"
 description = "Contentful delivery API token"
 regex = '''(?i)(contentful[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{43})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "databricks-api-token"
 description = "Databricks API token"
 regex = '''dapi[a-h0-9]{32}'''
 [[rules]]
 id = "discord-api-token"
 description = "Discord API key"
 regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{64})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "discord-client-id"
 description = "Discord client ID"
 regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9]{18})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "discord-client-secret"
 description = "Discord client secret"
 regex = '''(?i)(discord[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_\-]{32})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "doppler-api-token"
 description = "Doppler API token"
 regex = '''['\"](dp\.pt\.)(?i)[a-z0-9]{43}['\"]'''
 [[rules]]
 id = "dropbox-api-secret"
 description = "Dropbox API secret/key"
 regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{15})['\"]'''
 [[rules]]
 id = "dropbox--api-key"
 description = "Dropbox API secret/key"
 regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{15})['\"]'''
 [[rules]]
 id = "dropbox-short-lived-api-token"
 description = "Dropbox short lived API token"
 regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](sl\.[a-z0-9\-=_]{135})['\"]'''
 [[rules]]
 id = "dropbox-long-lived-api-token"
 description = "Dropbox long lived API token"
 regex = '''(?i)(dropbox[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43}['\"]'''
 [[rules]]
 id = "duffel-api-token"
 description = "Duffel API token"
 regex = '''['\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\"]'''
 [[rules]]
 id = "dynatrace-api-token"
 description = "Dynatrace API token"
 regex = '''['\"]dt0c01\.(?i)[a-z0-9]{24}\.[a-z0-9]{64}['\"]'''
 [[rules]]
 id = "easypost-api-token"
 description = "EasyPost API token"
 regex = '''['\"]EZAK(?i)[a-z0-9]{54}['\"]'''
 [[rules]]
 id = "easypost-test-api-token"
 description = "EasyPost test API token"
 regex = '''['\"]EZTK(?i)[a-z0-9]{54}['\"]'''
 [[rules]]
 id = "fastly-api-token"
 description = "Fastly API token"
 regex = '''(?i)(fastly[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9\-=_]{32})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "finicity-client-secret"
 description = "Finicity client secret"
 regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{20})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "finicity-api-token"
 description = "Finicity API token"
 regex = '''(?i)(finicity[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "flutterwave-public-key"
 description = "Flutterwave public key"
 regex = '''FLWPUBK_TEST-(?i)[a-h0-9]{32}-X'''
 [[rules]]
 id = "flutterwave-secret-key"
 description = "Flutterwave secret key"
 regex = '''FLWSECK_TEST-(?i)[a-h0-9]{32}-X'''
 [[rules]]
 id = "flutterwave-enc-key"
 description = "Flutterwave encrypted key"
 regex = '''FLWSECK_TEST[a-h0-9]{12}'''
 [[rules]]
 id = "frameio-api-token"
 description = "Frame.io API token"
 regex = '''fio-u-(?i)[a-z0-9\-_=]{64}'''
 [[rules]]
 id = "gocardless-api-token"
 description = "GoCardless API token"
 regex = '''['\"]live_(?i)[a-z0-9\-_=]{40}['\"]'''
 [[rules]]
 id = "grafana-api-token"
 description = "Grafana API token"
 regex = '''['\"]eyJrIjoi(?i)[a-z0-9\-_=]{72,92}['\"]'''
 [[rules]]
 id = "hashicorp-tf-api-token"
 description = "HashiCorp Terraform user/org API token"
 regex = '''['\"](?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70}['\"]'''
 [[rules]]
 id = "hubspot-api-token"
 description = "HubSpot API token"
 regex = '''(?i)(hubspot[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "intercom-api-token"
 description = "Intercom API token"
 regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9=_]{60})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "intercom-client-secret"
 description = "Intercom client secret/ID"
 regex = '''(?i)(intercom[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "ionic-api-token"
 description = "Ionic API token"
 regex = '''(?i)(ionic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](ion_[a-z0-9]{42})['\"]'''
 [[rules]]
 id = "linear-api-token"
 description = "Linear API token"
 regex = '''lin_api_(?i)[a-z0-9]{40}'''
 [[rules]]
 id = "linear-client-secret"
 description = "Linear client secret/ID"
 regex = '''(?i)(linear[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "lob-api-key"
 description = "Lob API Key"
 regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((live|test)_[a-f0-9]{35})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "lob-pub-api-key"
 description = "Lob Publishable API Key"
 regex = '''(?i)(lob[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]((test|live)_pub_[a-f0-9]{31})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "mailchimp-api-key"
 description = "Mailchimp API key"
 regex = '''(?i)(mailchimp[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-f0-9]{32}-us20)['\"]'''
 secretGroup = 3
 [[rules]]
 id = "mailgun-private-api-token"
 description = "Mailgun private API token"
 regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](key-[a-f0-9]{32})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "mailgun-pub-key"
 description = "Mailgun public validation key"
 regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"](pubkey-[a-f0-9]{32})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "mailgun-signing-key"
 description = "Mailgun webhook signing key"
 regex = '''(?i)(mailgun[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "mapbox-api-token"
 description = "Mapbox API token"
 regex = '''(?i)(pk\.[a-z0-9]{60}\.[a-z0-9]{22})'''
 [[rules]]
 id = "messagebird-api-token"
 description = "MessageBird API token"
 regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{25})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "messagebird-client-id"
 description = "MessageBird API client ID"
 regex = '''(?i)(messagebird[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "new-relic-user-api-key"
 description = "New Relic user API Key"
 regex = '''['\"](NRAK-[A-Z0-9]{27})['\"]'''
 [[rules]]
 id = "new-relic-user-api-id"
 description = "New Relic user API ID"
 regex = '''(?i)(newrelic[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([A-Z0-9]{64})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "new-relic-browser-api-token"
 description = "New Relic ingest browser API token"
 regex = '''['\"](NRJS-[a-f0-9]{19})['\"]'''
 [[rules]]
 id = "npm-access-token"
 description = "npm access token"
 regex = '''['\"](npm_(?i)[a-z0-9]{36})['\"]'''
 [[rules]]
 id = "planetscale-password"
 description = "PlanetScale password"
 regex = '''pscale_pw_(?i)[a-z0-9\-_\.]{43}'''
 [[rules]]
 id = "planetscale-api-token"
 description = "PlanetScale API token"
 regex = '''pscale_tkn_(?i)[a-z0-9\-_\.]{43}'''
 [[rules]]
 id = "postman-api-token"
 description = "Postman API token"
 regex = '''PMAK-(?i)[a-f0-9]{24}\-[a-f0-9]{34}'''
 [[rules]]
 id = "pulumi-api-token"
 description = "Pulumi API token"
 regex = '''pul-[a-f0-9]{40}'''
 [[rules]]
 id = "rubygems-api-token"
 description = "Rubygem API token"
 regex = '''rubygems_[a-f0-9]{48}'''
 [[rules]]
 id = "sendgrid-api-token"
 description = "SendGrid API token"
 regex = '''SG\.(?i)[a-z0-9_\-\.]{66}'''
 [[rules]]
 id = "sendinblue-api-token"
 description = "Sendinblue API token"
 regex = '''xkeysib-[a-f0-9]{64}\-(?i)[a-z0-9]{16}'''
 [[rules]]
 id = "shippo-api-token"
 description = "Shippo API token"
 regex = '''shippo_(live|test)_[a-f0-9]{40}'''
 [[rules]]
 id = "linkedin-client-secret"
 description = "LinkedIn Client secret"
 regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z]{16})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "linkedin-client-id"
 description = "LinkedIn Client ID"
 regex = '''(?i)(linkedin[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{14})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "twitch-api-token"
 description = "Twitch API token"
 regex = '''(?i)(twitch[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([a-z0-9]{30})['\"]'''
 secretGroup = 3
 [[rules]]
 id = "typeform-api-token"
 description = "Typeform API token"
 regex = '''(?i)(typeform[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\-_\.=]{59})'''
 secretGroup = 3
 [[rules]]
 id = "generic-api-key"
 description = "Generic API Key"
 regex = '''(?i)((key|api[^Version]|token|secret|password)[a-z0-9_ .\-,]{0,25})(=|>|:=|\|\|:|<=|=>|:).{0,5}['\"]([0-9a-zA-Z\-_=]{8,64})['\"]'''
 entropy = 3.7
 secretGroup = 4
 [allowlist]
 description = "global allow lists"
 regexes = ['''219-09-9999''', '''078-05-1120''', '''(9[0-9]{2}|666)-\d{2}-\d{4}''']
 paths = [
    '''gitleaks.toml''',
    '''(.*?)(jpg|gif|doc|pdf|bin|svg|socket)$''',
    '''(go.mod|go.sum)$''',
    '''salt/nginx/files/enterprise-attack.json'''
 ]
@@ -13,5 +13,3 @@ jobs:
    - name: Gitleaks
      uses: zricethezav/gitleaks-action@master
      with:
        config-path: .github/.gitleaks.toml
@@ -29,11 +29,6 @@
 * See this document's [code styling and conventions section](#code-style-and-conventions) below to be sure your PR fits our code requirements prior to submitting.
 * Change behavior (fix a bug, add a new feature) separately from refactoring code. Refactor pull requests are welcome, but ensure your new code behaves exactly the same as the old.
 * **Do not refactor code for non-functional reasons**. If you are submitting a pull request that refactors code, ensure the refactor is improving the functionality of the code you're refactoring (e.g. decreasing complexity, removing reliance on 3rd party tools, improving performance).
 * Before submitting a PR with significant changes to the project, [start a discussion](https://github.com/Security-Onion-Solutions/securityonion/discussions/new) explaining what you hope to acheive. The project maintainers will provide feedback and determine whether your goal aligns with the project. 
 ### Code style and conventions
@@ -42,5 +37,3 @@
 * All new Bash code should pass [ShellCheck](https://www.shellcheck.net/) analysis. Where errors can be *safely* [ignored](https://github.com/koalaman/shellcheck/wiki/Ignore), the relevant disable directive should be accompanied by a brief explanation as to why the error is being ignored.
 * **Ensure all YAML (this includes Salt states and pillars) is properly formatted**. The spec for YAML v1.2 can be found [here](https://yaml.org/spec/1.2/spec.html), however there are numerous online resources with simpler descriptions of its formatting rules. 
 * **All code of any language should match the style of other code of that same language within the project.** Be sure that any changes you make do not break from the pre-existing style of Security Onion code.
@@ -1 +0,0 @@
@@ -1,6 +1,6 @@
-## Security Onion 2.3.120
+## Security Onion 2.3.80
-Security Onion 2.3.120 is here!
+Security Onion 2.3.80 is here!
 ## Screenshots
@@ -1,18 +1,18 @@
-### 2.3.120-20220425 ISO image built on 2022/04/25
+### 2.3.80 ISO image built on 2021/09/27
 ### Download and Verify
-2.3.120-20220425 ISO image:  
+2.3.80 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.120-20220425.iso
+https://download.securityonion.net/file/securityonion/securityonion-2.3.80.iso
-MD5: C99729E452B064C471BEF04532F28556  
+MD5: 24F38563860416F4A8ABE18746913E14  
-SHA1: 60BF07D5347C24568C7B793BFA9792E98479CFBF  
+SHA1: F923C005F54EA2A17AB225ADA0DA46042707AAD9  
-SHA256: CD17D0D7CABE21D45FA45E1CF91C5F24EB9608C79FF88480134E5592AFDD696E 
+SHA256: 8E95D10AF664D9A406C168EC421D943CB23F0D0C1813C6C2DBA9B4E131984018 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.120-20220425.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.80.iso.sig
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.120-20220425.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.80.iso.sig
 ```
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.120-20220425.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.80.iso
 ```
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.120-20220425.iso.sig securityonion-2.3.120-20220425.iso
+gpg --verify securityonion-2.3.80.iso.sig securityonion-2.3.80.iso
 ```
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Mon 25 Apr 2022 08:20:40 AM EDT using RSA key ID FE507013
+gpg: Signature made Mon 27 Sep 2021 08:55:01 AM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
@@ -1 +1 @@
-2.3.120
+2.3.90
@@ -13,11 +13,9 @@ role:
  fleet:
  heavynode:
  helixsensor:
  idh:
  import:
  manager:
  managersearch:
  receiver:
  standalone:
  searchnode:
  sensor:
@@ -28,10 +28,6 @@ firewall:
      ips:
        delete:
        insert:
    idh:
      ips:
        delete:
        insert: 
    manager:
      ips:
        delete:
@@ -48,10 +44,6 @@ firewall:
      ips:
        delete:
        insert:
    receiver:
      ips:
        delete:
        insert:
    search_node:
      ips:
        delete:
@@ -1,2 +1,13 @@
 elasticsearch:
  templates:
    - so/so-beats-template.json.jinja
    - so/so-common-template.json.jinja
    - so/so-firewall-template.json.jinja
    - so/so-flow-template.json.jinja
    - so/so-ids-template.json.jinja
    - so/so-import-template.json.jinja
    - so/so-osquery-template.json.jinja
    - so/so-ossec-template.json.jinja
    - so/so-strelka-template.json.jinja
    - so/so-syslog-template.json.jinja
    - so/so-zeek-template.json.jinja
@@ -1,2 +0,0 @@
 elasticsearch:
  index_settings:
@@ -1,2 +1,14 @@
 elasticsearch:
  templates:
    - so/so-beats-template.json.jinja
    - so/so-common-template.json.jinja
    - so/so-endgame-template.json.jinja
    - so/so-firewall-template.json.jinja
    - so/so-flow-template.json.jinja
    - so/so-ids-template.json.jinja
    - so/so-import-template.json.jinja
    - so/so-osquery-template.json.jinja
    - so/so-ossec-template.json.jinja
    - so/so-strelka-template.json.jinja
    - so/so-syslog-template.json.jinja
    - so/so-zeek-template.json.jinja
@@ -1,2 +1,14 @@
 elasticsearch:
  templates:
    - so/so-beats-template.json.jinja
    - so/so-common-template.json.jinja
    - so/so-endgame-template.json.jinja
    - so/so-firewall-template.json.jinja
    - so/so-flow-template.json.jinja
    - so/so-ids-template.json.jinja
    - so/so-import-template.json.jinja
    - so/so-osquery-template.json.jinja
    - so/so-ossec-template.json.jinja
    - so/so-strelka-template.json.jinja
    - so/so-syslog-template.json.jinja
    - so/so-zeek-template.json.jinja
@@ -1,3 +1,4 @@
 {%- set PIPELINE = salt['pillar.get']('global:pipeline', 'redis') %}
 logstash:
  pipelines:
    manager:
@@ -1,31 +0,0 @@
 {% set node_types = {} %}
 {% set cached_grains = salt.saltutil.runner('cache.grains', tgt='*') %}
 {% for minionid, ip in salt.saltutil.runner(
    'mine.get',
    tgt='G@role:so-manager or G@role:so-managersearch or G@role:so-standalone or G@role:so-node or G@role:so-heavynode or G@role:so-receiver or G@role:so-helix ',
    fun='network.ip_addrs',
    tgt_type='compound') | dictsort()
 %}
 {%   set hostname = cached_grains[minionid]['host'] %}
 {%   set node_type = minionid.split('_')[1] %}
 {%   if node_type not in node_types.keys() %}
 {%     do node_types.update({node_type: {hostname: ip[0]}}) %}
 {%   else %}
 {%     if hostname not in node_types[node_type] %}
 {%       do node_types[node_type].update({hostname: ip[0]}) %}
 {%     else %}
 {%       do node_types[node_type][hostname].update(ip[0]) %}
 {%     endif %}
 {%   endif %}
 {% endfor %}
 logstash:
  nodes:
 {% for node_type, values in node_types.items() %}
    {{node_type}}:
 {%   for hostname, ip in values.items() %}
      {{hostname}}:
        ip: {{ip}}
 {%   endfor %}
 {% endfor %}
@@ -1,9 +0,0 @@
 logstash:
  pipelines:
    receiver:
      config:
        - so/0009_input_beats.conf      
        - so/0010_input_hhbeats.conf
        - so/0011_input_endgame.conf
        - so/9999_output_redis.conf.jinja
@@ -1,3 +1,4 @@
 {%- set PIPELINE = salt['pillar.get']('global:pipeline', 'minio') %}
 logstash:
  pipelines:
    search:
@@ -13,5 +14,4 @@ logstash:
        - so/9600_output_ossec.conf.jinja
        - so/9700_output_strelka.conf.jinja
        - so/9800_output_logscan.conf.jinja
        - so/9801_output_rita.conf.jinja
        - so/9900_output_endgame.conf.jinja
@@ -1,33 +0,0 @@
 {% set node_types = {} %}
 {% set manage_alived = salt.saltutil.runner('manage.alived', show_ip=True) %}
 {% set manager = grains.master %}
 {% set manager_type = manager.split('_')|last %}
 {% for minionid, ip in salt.saltutil.runner('mine.get', tgt='*', fun='network.ip_addrs', tgt_type='glob') | dictsort() %}
 {%   set hostname = minionid.split('_')[0] %}
 {%   set node_type = minionid.split('_')[1] %}
 {%   set is_alive = False %}
 {%   if minionid in manage_alived.keys() %}
 {%     if ip[0] == manage_alived[minionid] %}
 {%       set is_alive = True %}
 {%     endif %}
 {%   endif %}
 {%   if node_type not in node_types.keys() %}
 {%     do node_types.update({node_type: {hostname: {'ip':ip[0], 'alive':is_alive }}}) %}
 {%   else %}
 {%     if hostname not in node_types[node_type] %}
 {%       do node_types[node_type].update({hostname: {'ip':ip[0], 'alive':is_alive}}) %}
 {%     else %}
 {%       do node_types[node_type][hostname].update({'ip':ip[0], 'alive':is_alive}) %}
 {%     endif %}
 {%   endif %}
 {% endfor %}
 node_data:
 {% for node_type, host_values in node_types.items() %}
  {{node_type}}:
 {%   for hostname, details in host_values.items() %}
    {{hostname}}:
      ip: {{details.ip}}
      alive: {{ details.alive }}
 {%   endfor %}
 {% endfor %}
@@ -2,9 +2,7 @@ base:
  '*':
    - patch.needs_restarting
    - logrotate
-
+    - users
  '* and not *_eval and not *_import':
    - logstash.nodes
  '*_eval or *_helixsensor or *_heavynode or *_sensor or *_standalone or *_import':
    - match: compound
@@ -15,12 +13,12 @@ base:
    - logstash
    - logstash.manager
    - logstash.search
-    - elasticsearch.index_templates
+    - elasticsearch.search
  '*_manager':
    - logstash
    - logstash.manager
-    - elasticsearch.index_templates
+    - elasticsearch.manager
  '*_manager or *_managersearch':
    - match: compound
@@ -46,7 +44,7 @@ base:
    - zeeklogs
    - secrets
    - healthcheck.eval
-    - elasticsearch.index_templates
+    - elasticsearch.eval
 {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
    - elasticsearch.auth
 {% endif %}
@@ -60,7 +58,7 @@ base:
    - logstash
    - logstash.manager
    - logstash.search
-    - elasticsearch.index_templates
+    - elasticsearch.search
 {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
    - elasticsearch.auth
 {% endif %}
@@ -98,31 +96,19 @@ base:
    - global
    - minions.{{ grains.id }}
  '*_idh':
    - data.*
    - global
    - minions.{{ grains.id }}
  '*_searchnode':
    - logstash
    - logstash.search
-    - elasticsearch.index_templates
+    - elasticsearch.search
    - elasticsearch.auth
    - global
    - minions.{{ grains.id }}
    - data.nodestab
  '*_receiver':
    - logstash
    - logstash.receiver
    - elasticsearch.auth
    - global
    - minions.{{ grains.id }}
  '*_import':
    - zeeklogs
    - secrets
-    - elasticsearch.index_templates
+    - elasticsearch.eval
 {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
    - elasticsearch.auth
 {% endif %}
@@ -131,6 +117,3 @@ base:
 {% endif %}
    - global
    - minions.{{ grains.id }}
  '*_workstation':
    - minions.{{ grains.id }}
@@ -0,0 +1,2 @@
 # users pillar goes in /opt/so/saltstack/local/pillar/users/init.sls
 # the users directory may need to be created under /opt/so/saltstack/local/pillar
@@ -0,0 +1,19 @@
 users:
  sclapton:
    # required fields
    status: present
    # node_access determines which node types the user can access.
    # this can either be by grains.role or by final part of the minion id after the _
    node_access:
      - standalone
      - searchnode
    # optional fields
    fullname: Stevie Claptoon
    uid: 1001
    gid: 1001
    homephone: does not have a phone
    groups:
      - mygroup1
      - mygroup2
      - wheel # give sudo access
@@ -0,0 +1,20 @@
 users:
  sclapton:
    # required fields
    status: <present | absent>
    # node_access determines which node types the user can access.
    # this can either be by grains.role or by final part of the minion id after the _
    node_access:
      - standalone
      - searchnode
    # optional fields
    fullname: <string>
    uid: <integer>
    gid: <integer>
    roomnumber: <string>
    workphone: <string>
    homephone: <string>
    groups:
      - <string>
      - <string>
      - wheel # give sudo access
@@ -1,5 +1,6 @@
 {% set ZEEKVER = salt['pillar.get']('global:mdengine', '') %}
 {% set WAZUH = salt['pillar.get']('global:wazuh', '0') %}
 {% set THEHIVE = salt['pillar.get']('manager:thehive', '0') %}
 {% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %}
 {% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %}
 {% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %}
@@ -49,6 +50,7 @@
          'learn'
          ],
      'so-heavynode': [
          'ca',
          'ssl',
          'nginx',
          'telegraf',
@@ -78,6 +80,7 @@
          'docker_clean'
          ],
      'so-fleet': [
          'ca',
          'ssl',
          'nginx',
          'telegraf',
@@ -90,16 +93,6 @@
          'schedule',
          'docker_clean'
          ],
     'so-idh': [
          'ssl',
          'telegraf',
          'firewall',
          'fleet.install_package',
          'filebeat',
          'idh',
          'schedule',
          'docker_clean'
          ],
      'so-import': [
          'salt.master',
          'ca',
@@ -164,6 +157,7 @@
          'learn'
          ],
      'so-node': [
          'ca',
          'ssl',
          'nginx',
          'telegraf',
@@ -197,6 +191,7 @@
          'learn'
          ],
      'so-sensor': [
          'ca',
          'ssl',
          'telegraf',
          'firewall',
@@ -210,18 +205,9 @@
          'tcpreplay',
          'docker_clean'
          ],
      'so-receiver': [
          'ssl',
          'telegraf',
          'firewall',
          'schedule',
          'docker_clean'
          ],
      'so-workstation': [
          ],
  }, grain='role') %}
-  {% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import', 'so-receiver'] %}
+  {% if FILEBEAT and grains.role in ['so-helixsensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-import'] %}
    {% do allowed_states.append('filebeat') %}
  {% endif %}
@@ -229,7 +215,7 @@
    {% do allowed_states.append('mysql') %}
  {% endif %}
-  {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
+  {% if (FLEETMANAGER or FLEETNODE) and grains.role in ['so-sensor', 'so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %}
    {% do allowed_states.append('fleet.install_package') %}
  {% endif %}
@@ -249,7 +235,7 @@
    {% do allowed_states.append('strelka') %}
  {% endif %}
-  {% if WAZUH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-receiver','so-idh']%}
+  {% if WAZUH and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode']%}
    {% do allowed_states.append('wazuh') %}
  {% endif %}
@@ -274,6 +260,10 @@
    {% do allowed_states.append('elastalert') %}
  {% endif %}
  {% if (THEHIVE != 0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
    {% do allowed_states.append('thehive') %}
  {% endif %}
  {% if (PLAYBOOK !=0) and grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch'] %}
    {% do allowed_states.append('playbook') %}
  {% endif %}
@@ -290,11 +280,11 @@
    {% do allowed_states.append('domainstats') %}
  {% endif %}
-  {% if LOGSTASH and grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
+  {% if LOGSTASH and grains.role in ['so-helixsensor', 'so-manager', 'so-standalone', 'so-node', 'so-managersearch', 'so-heavynode'] %}
    {% do allowed_states.append('logstash') %}
  {% endif %}
-  {% if REDIS and grains.role in ['so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode', 'so-receiver'] %}
+  {% if REDIS and grains.role in ['so-manager', 'so-standalone', 'so-managersearch', 'so-heavynode'] %}
    {% do allowed_states.append('redis') %}
  {% endif %}
@@ -1,4 +0,0 @@
 pki_issued_certs:
  file.directory:
    - name: /etc/pki/issued_certs
    - makedirs: True
@@ -1,6 +1,3 @@
 mine_functions:
  x509.get_pem_entries: [/etc/pki/ca.crt]
 x509_signing_policies:
  filebeat:
    - minions: '*'
@@ -1,14 +1,17 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls in allowed_states %}
 include:
  - ca.dirs
 {% set manager = salt['grains.get']('master') %}
 /etc/salt/minion.d/signing_policies.conf:
  file.managed:
    - source: salt://ca/files/signing_policies.conf
 /etc/pki:
  file.directory: []
 /etc/pki/issued_certs:
  file.directory: []
 pki_private_key:
  x509.private_key_managed:
    - name: /etc/pki/ca.key
@@ -39,12 +42,18 @@ pki_public_ca_crt:
    - backup: True
    - replace: False
    - require:
-      - sls: ca.dirs
+      - file: /etc/pki
    - timeout: 30
    - retry:
        attempts: 5
        interval: 30
 x509_pem_entries:
  module.run:
    - mine.send:
       - name: x509.get_pem_entries
       - glob_path: /etc/pki/ca.crt
 cakeyperms:
  file.managed:
    - replace: False
@@ -1,7 +0,0 @@
 pki_private_key:
  file.absent:
    - name: /etc/pki/ca.key
 pki_public_ca_crt:
  file.absent:
    - name: /etc/pki/ca.crt
@@ -23,7 +23,6 @@
 /opt/so/log/salt/minion
 /opt/so/log/salt/master
 /opt/so/log/logscan/*.log
 /nsm/idh/*.log
 {
    {{ logrotate_conf | indent(width=4) }}
 }
@@ -4,12 +4,6 @@
 {% set role = grains.id.split('_') | last %}
 {% from 'elasticsearch/auth.map.jinja' import ELASTICAUTH with context %}
 include:
  - common.soup_scripts
 {% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
  - manager.elasticsearch # needed for elastic_curl_config state
 {% endif %}
 # Remove variables.txt from /tmp - This is temp
 rmvariablesfile:
  file.absent:
@@ -188,7 +182,6 @@ alwaysupdated:
 Etc/UTC:
  timezone.system
 {% if salt['pillar.get']('elasticsearch:auth:enabled', False) %}
 elastic_curl_config:
  file.managed:
    - name: /opt/so/conf/elasticsearch/curl.config
@@ -196,11 +189,6 @@ elastic_curl_config:
    - mode: 600
    - show_changes: False
    - makedirs: True
  {% if grains.role in ['so-eval', 'so-manager', 'so-standalone', 'so-managersearch', 'so-import'] %}
    - require:
      - file: elastic_curl_config_distributed
  {% endif %}
 {% endif %}
 # Sync some Utilities
 utilsyncscripts:
@@ -215,11 +203,6 @@ utilsyncscripts:
        ELASTICCURL: 'curl'
    - context:
        ELASTICCURL: {{ ELASTICAUTH.elasticcurl }}
    - exclude_pat:
        - so-common
        - so-firewall
        - so-image-common
        - soup
 {% if role in ['eval', 'standalone', 'sensor', 'heavynode'] %}
 # Add sensor cleanup
@@ -300,17 +283,8 @@ sostatus_log:
    - month: '*'
    - dayweek: '*'
 {% if role in ['eval', 'manager', 'managersearch', 'standalone'] %}
 # Install cron job to determine size of influxdb for telegraf
 'du -s -k /nsm/influxdb | cut -f1 > /opt/so/log/telegraf/influxdb_size.log 2>&1':
  cron.present:
    - user: root
    - minute: '*/1'
    - hour: '*'
    - daymonth: '*'
    - month: '*'
    - dayweek: '*'
 {% if role in ['eval', 'manager', 'managersearch', 'standalone'] %}
 # Lock permissions on the backup directory
 backupdir:
  file.directory:
@@ -1,13 +0,0 @@
 # Sync some Utilities
 soup_scripts:
  file.recurse:
    - name: /usr/sbin
    - user: root
    - group: root
    - file_mode: 755
    - source: salt://common/tools/sbin
    - include_pat:
        - so-common
        - so-firewall
        - so-image-common
        - soup
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -23,6 +23,7 @@ import sys
 import argparse
 import re
 from lxml import etree as ET
 from xml.dom import minidom
 from datetime import datetime as dt
 from datetime import timezone as tz
@@ -78,15 +79,20 @@ def ip_prompt() -> str:
 def wazuh_enabled() -> bool:
-  file = f'{LOCAL_SALT_DIR}/pillar/global.sls'
+  for file in os.listdir(f'{LOCAL_SALT_DIR}/pillar'):
-  with open(file, 'r') as pillar:
+    with open(file, 'r') as pillar:
-    if 'wazuh: 1' in pillar.read():
+      if 'wazuh: 1' in pillar.read():
-      return True
+        return True
  return False
 def root_to_str(root: ET.ElementTree) -> str:
-    return ET.tostring(root, encoding='unicode', method='xml', xml_declaration=False, pretty_print=True)
+    xml_str = ET.tostring(root, encoding='unicode', method='xml').replace('\n', '')
    xml_str = re.sub(r'(?:(?<=>) *)', '', xml_str)
    xml_str = re.sub(r'       -', '', xml_str)
    xml_str = re.sub(r'      -->', ' -->', xml_str)
    dom = minidom.parseString(xml_str)
    return dom.toprettyxml(indent="  ")
 def add_wl(ip):
@@ -118,7 +124,7 @@ def apply(role: str, ip: str) -> int:
  else:
    return cmd.returncode
  if cmd.returncode == 0:
-    if wazuh_enabled() and role=='analyst':
+    if wazuh_enabled and role=='analyst':
      try:
        add_wl(ip)
        print(f'Added whitelist entry for {ip} from {WAZUH_CONF}', file=sys.stderr)
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014-2020 Security Onion Solutions, LLC
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -15,86 +15,295 @@
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-doc_workstation_url="https://docs.securityonion.net/en/2.3/analyst-vm.html"
+if [ "$(id -u)" -ne 0 ]; then
-{# we only want the script to install the workstation if it is CentOS -#}
+	echo "This script must be run using sudo!"
-{% if grains.os == 'CentOS' -%}
+	exit 1
-{#   if this is a manager -#}
+fi
 {%   if grains.master == grains.id.split('_')|first -%}
-source /usr/sbin/so-common
+INSTALL_LOG=/root/so-analyst-install.log
-pillar_file="/opt/so/saltstack/local/pillar/minions/{{grains.id}}.sls"
+exec &> >(tee -a "$INSTALL_LOG")
-if [ -f "$pillar_file" ]; then
+log() {
-  if ! grep -q "^workstation:$" "$pillar_file"; then
+	msg=$1
 	level=${2:-I}
 	now=$(TZ=GMT date +"%Y-%m-%dT%H:%M:%SZ")
 	echo -e "$now | $level | $msg" >> "$INSTALL_LOG" 2>&1
 }
 error() {
 	log "$1" "E"
 }
 info() {
 	log "$1" "I"
 }
 title() {
 	echo -e "\n-----------------------------\n $1\n-----------------------------\n" >> "$INSTALL_LOG" 2>&1
 }
 logCmd() {
 	cmd=$1
 	info "Executing command: $cmd"
 	$cmd >> "$INSTALL_LOG" 2>&1
 }
 analyze_system() {
 	title "System Characteristics"
 	logCmd "uptime"
 	logCmd "uname -a"
 	logCmd "free -h"
 	logCmd "lscpu"
 	logCmd "df -h"
 	logCmd "ip a"
 }
 analyze_system
 OS=$(grep PRETTY_NAME /etc/os-release | grep 'CentOS Linux 7')
 if [ $? -ne 0 ]; then
  echo "This is an unsupported OS. Please use CentOS 7 to install the analyst node."
  exit 1
 fi
 if [[ "$manufacturer" == "Security Onion Solutions" && "$family" == "Automated" ]]; then
  INSTALL=yes
  CURLCONTINUE=no
 else
  INSTALL=''
  CURLCONTINUE=''
 fi
 FIRSTPASS=yes
 while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do
  if [[ "$FIRSTPASS" == "yes" ]]; then
    clear
    echo "###########################################"
    echo "##          ** W A R N I N G **          ##"
    echo "##    _______________________________    ##"
    echo "##                                       ##"
    echo "##    Installing the Security Onion      ##"
    echo "##   analyst node on this device will    ##"
    echo "##       make permanent changes to       ##"
    echo "##              the system.              ##"
    echo "##                                       ##"
    echo "###########################################"
    echo "Do you wish to continue? (Type the entire word 'yes' to proceed or 'no' to exit)"
    FIRSTPASS=no
  else
    echo "Please type 'yes' to continue or 'no' to exit."
  fi      
  read INSTALL
 done
 if [[ $INSTALL == "no" ]]; then
  echo "Exiting analyst node installation."
  exit 0
 fi
 echo "Testing for internet connection with curl https://securityonionsolutions.com/"
 CANCURL=$(curl -sI https://securityonionsolutions.com/ | grep "200 OK")
  if [ $? -ne 0 ]; then
    FIRSTPASS=yes
-    while [[ $INSTALL != "yes" ]] && [[ $INSTALL != "no" ]]; do
+    while [[ $CURLCONTINUE != "yes" ]] && [[ $CURLCONTINUE != "no" ]]; do
      if [[ "$FIRSTPASS" == "yes" ]]; then
-        echo "###########################################"
+        echo "We could not access https://securityonionsolutions.com/."
-        echo "##          ** W A R N I N G **          ##"
+        echo "Since packages are downloaded from the internet, internet acceess is required."
-        echo "##    _______________________________    ##"
+        echo "If you would like to ignore this warning and continue anyway, please type 'yes'."
-        echo "##                                       ##"
+        echo "Otherwise, type 'no' to exit."
        echo "##    Installing the Security Onion      ##"
        echo "##   analyst node on this device will    ##"
        echo "##       make permanent changes to       ##"
        echo "##              the system.              ##"
        echo "##    A system reboot will be required   ##"
        echo "##        to complete the install.       ##"
        echo "##                                       ##"
        echo "###########################################"
        echo "Do you wish to continue? (Type the entire word 'yes' to proceed or 'no' to exit)"
        FIRSTPASS=no
      else
        echo "Please type 'yes' to continue or 'no' to exit."
      fi  
-      read INSTALL
+      read CURLCONTINUE
    done
-
+    if [[ "$CURLCONTINUE" == "no" ]]; then
    if [[ $INSTALL == "no" ]]; then
      echo "Exiting analyst node installation."
      exit 0
    fi
-
+  else
-    # Add workstation pillar to the minion's pillar file
+    echo "We were able to curl https://securityonionsolutions.com/."
-    printf '%s\n'\
+    sleep 3
      "workstation:"\
      "  gui:"\
      "    enabled: true"\
 		  "" >> "$pillar_file"
    echo "Applying the workstation state. This could take some time since there are many packages that need to be installed."
    if salt-call state.apply workstation -linfo queue=True; then # make sure the state ran successfully
      echo ""
      echo "Analyst workstation has been installed!"
      echo "Press ENTER to reboot or Ctrl-C to cancel."
      read pause
      reboot;
    else
      echo "There was an issue applying the workstation state. Please review the log above or at /opt/so/logs/salt/minion."
    fi
  else # workstation is already added
    echo "The workstation pillar already exists in $pillar_file."
    echo "To enable/disable the gui, set 'workstation:gui:enabled' to true or false in $pillar_file."
    echo "Additional documentation can be found at $doc_workstation_url."
  fi
-else # if the pillar file doesn't exist
+
-  echo "Could not find $pillar_file and add the workstation pillar."
+# Install a GUI text editor
 yum -y install gedit
 # Install misc utils
 yum -y install wget curl unzip epel-release yum-plugin-versionlock;
 # Install xWindows
 yum -y groupinstall "X Window System";
 yum -y install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts;
 unlink /etc/systemd/system/default.target;
 ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target;
 yum -y install file-roller
 # Install Mono - prereq for NetworkMiner
 yum -y install mono-core mono-basic mono-winforms expect
 # Install NetworkMiner
 yum -y install libcanberra-gtk2;
 wget https://www.netresec.com/?download=NetworkMiner -O /tmp/nm.zip;
 mkdir -p /opt/networkminer/
 unzip /tmp/nm.zip -d /opt/networkminer/;
 rm /tmp/nm.zip;
 mv /opt/networkminer/NetworkMiner_*/* /opt/networkminer/
 chmod +x /opt/networkminer/NetworkMiner.exe;
 chmod -R go+w /opt/networkminer/AssembledFiles/;
 chmod -R go+w /opt/networkminer/Captures/;
 # Create networkminer shim
 cat << EOF >> /bin/networkminer
 #!/bin/bash
 /bin/mono /opt/networkminer/NetworkMiner.exe --noupdatecheck "\$@"
 EOF
 chmod +x /bin/networkminer
 # Convert networkminer ico file to png format
 yum -y install ImageMagick
 convert /opt/networkminer/networkminericon.ico /opt/networkminer/networkminericon.png
 # Create menu entry
 cat << EOF >> /usr/share/applications/networkminer.desktop
 [Desktop Entry]
 Name=NetworkMiner
 Comment=NetworkMiner
 Encoding=UTF-8
 Exec=/bin/networkminer %f
 Icon=/opt/networkminer/networkminericon-4.png
 StartupNotify=true
 Terminal=false
 X-MultipleArgs=false
 Type=Application
 MimeType=application/x-pcap;
 Categories=Network;
 EOF
 # Set default monospace font to Liberation
 cat << EOF >> /etc/fonts/local.conf
 <match target="pattern">
  <test name="family" qual="any">
   <string>monospace</string>
  </test>
  <edit binding="strong" mode="prepend" name="family">
   <string>Liberation Mono</string>
  </edit>
 </match>
 EOF
 # Install Wireshark for Gnome
 yum -y install wireshark-gnome; 
 # Install dnsiff
 yum -y install dsniff;
 # Install hping3
 yum -y install hping3;
 # Install netsed
 yum -y install netsed;
 # Install ngrep
 yum -y install ngrep;
 # Install scapy
 yum -y install python36-scapy;
 # Install ssldump
 yum -y install ssldump;
 # Install tcpdump
 yum -y install tcpdump;
 # Install tcpflow
 yum -y install tcpflow;
 # Install tcpxtract
 yum -y install tcpxtract;
 # Install whois
 yum -y install whois;
 # Install foremost
 yum -y install https://forensics.cert.org/centos/cert/7/x86_64//foremost-1.5.7-13.1.el7.x86_64.rpm;
 # Install chromium
 yum -y install chromium;
 # Install tcpstat
 yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcpstat-1.5.0/securityonion-tcpstat-1.5.0.rpm;
 # Install tcptrace
 yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-tcptrace-6.6.7/securityonion-tcptrace-6.6.7.rpm;
 # Install sslsplit
 yum -y install libevent;
 yum -y install sslsplit;
 # Install Bit-Twist
 yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-bittwist-2.0.0/securityonion-bittwist-2.0.0.rpm;
 # Install chaosreader
 yum -y install perl-IO-Compress perl-Net-DNS;
 yum -y install https://github.com/Security-Onion-Solutions/securityonion-docker-rpm/releases/download/securityonion-chaosreader-0.95.10/securityonion-chaosreader-0.95.10.rpm;
 chmod +x /bin/chaosreader;
 if [ -f ../../files/analyst/README ]; then
  cp ../../files/analyst/README /;
  cp ../../files/analyst/so-wallpaper.jpg /usr/share/backgrounds/;
  cp ../../files/analyst/so-lockscreen.jpg /usr/share/backgrounds/;
  cp ../../files/analyst/so-login-logo-dark.svg /usr/share/pixmaps/;
 else
  cp /opt/so/saltstack/default/salt/common/files/analyst/README /;
  cp /opt/so/saltstack/default/salt/common/files/analyst/so-wallpaper.jpg /usr/share/backgrounds/;
  cp /opt/so/saltstack/default/salt/common/files/analyst/so-lockscreen.jpg /usr/share/backgrounds/;
  cp /opt/so/saltstack/default/salt/common/files/analyst/so-login-logo-dark.svg /usr/share/pixmaps/;
 fi
-{#-  if this is not a manager #}
+# Set background wallpaper
-{%   else -%}
+cat << EOF >> /etc/dconf/db/local.d/00-background
 # Specify the dconf path
 [org/gnome/desktop/background]
-echo "Since this is not a manager, the pillar values to enable analyst workstation must be set manually. Please view the documentation at $doc_workstation_url."
+# Specify the path to the desktop background image file
 picture-uri='file:///usr/share/backgrounds/so-wallpaper.jpg'
 # Specify one of the rendering options for the background image:
 # 'none', 'wallpaper', 'centered', 'scaled', 'stretched', 'zoom', 'spanned'
 picture-options='zoom'
 # Specify the left or top color when drawing gradients or the solid color
 primary-color='000000'
 # Specify the right or bottom color when drawing gradients
 secondary-color='FFFFFF'
 EOF
-{#- endif if this is a manager #}
+# Set lock screen
-{%   endif -%}
+cat << EOF >> /etc/dconf/db/local.d/00-screensaver
 [org/gnome/desktop/session]
 idle-delay=uint32 180
-{#- if not CentOS #}
+[org/gnome/desktop/screensaver]
-{%- else %}
+lock-enabled=true
 lock-delay=uint32 120
 picture-options='zoom'
 picture-uri='file:///usr/share/backgrounds/so-lockscreen.jpg'
 EOF
-echo "The Analyst Workstation can only be installed on CentOS. Please view the documentation at $doc_workstation_url."
+cat << EOF >> /etc/dconf/db/local.d/locks/screensaver
 /org/gnome/desktop/session/idle-delay
 /org/gnome/desktop/screensaver/lock-enabled
 /org/gnome/desktop/screensaver/lock-delay
 EOF
-{#- endif grains.os == CentOS #}
+# Do not show the user list at login screen
-{% endif -%}
+cat << EOF >> /etc/dconf/db/local.d/00-login-screen
 [org/gnome/login-screen]
 logo='/usr/share/pixmaps/so-login-logo-dark.svg'
 disable-user-list=true
 EOF
-exit 0
+dconf update;
 echo
 echo "Analyst workstation has been installed!"
 echo "Press ENTER to reboot or Ctrl-C to cancel."
 read pause
 reboot;
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -120,30 +120,6 @@ check_elastic_license() {
 	fi  
 }
 check_salt_master_status() {
 	local timeout=$1
 	echo "Checking if we can talk to the salt master"
 	salt-call state.show_top concurrent=true
 	return
 }
 check_salt_minion_status() {
 	local timeout=$1
 	echo "Checking if the salt minion will respond to jobs" >> "$setup_log" 2>&1
 	salt "$MINION_ID" test.ping -t $timeout > /dev/null 2>&1
 	local status=$?
 	if [ $status -gt 0 ]; then
 		echo "  Minion did not respond" >> "$setup_log" 2>&1
 	else
 		echo "  Received job response from salt minion" >> "$setup_log" 2>&1
 	fi
 	return $status
 }
 copy_new_files() {
  # Copy new files over to the salt dir
  cd $UPDATE_DIR
@@ -273,7 +249,6 @@ lookup_salt_value() {
 	group=$2
 	kind=$3
 	output=${4:-newline_values_only}
 	local=$5
 	if [ -z "$kind" ]; then
 		kind=pillar
@@ -283,13 +258,7 @@ lookup_salt_value() {
 		group=${group}:
 	fi
-	if [[ "$local" == "--local" ]] || [[ "$local" == "local" ]]; then
+	salt-call --no-color  ${kind}.get ${group}${key} --out=${output}
 		local="--local"
 	else
 		local=""
 	fi
 	salt-call --no-color  ${kind}.get ${group}${key} --out=${output} ${local}
 }
 lookup_pillar() {
@@ -325,49 +294,32 @@ require_manager() {
 }
 retry() {
-        maxAttempts=$1
+	maxAttempts=$1
-        sleepDelay=$2
+	sleepDelay=$2
-        cmd=$3
+	cmd=$3
-        expectedOutput=$4
+	expectedOutput=$4
-        failedOutput=$5
+	attempt=0
-        attempt=0
+	local exitcode=0
-        local exitcode=0
+	while [[ $attempt -lt $maxAttempts ]]; do			
-        while [[ $attempt -lt $maxAttempts ]]; do
+		attempt=$((attempt+1))
-                attempt=$((attempt+1))
+		echo "Executing command with retry support: $cmd"
-                echo "Executing command with retry support: $cmd"
+		output=$(eval "$cmd")
-                output=$(eval "$cmd")
+		exitcode=$?
-                exitcode=$?
+		echo "Results: $output ($exitcode)"
-                echo "Results: $output ($exitcode)"
+		if [ -n "$expectedOutput" ]; then
-                if [ -n "$expectedOutput" ]; then
+			if [[ "$output" =~ "$expectedOutput" ]]; then
-                        if [[ "$output" =~ "$expectedOutput" ]]; then
+				return $exitCode
-                                return $exitcode
+			else
-                        else
+				echo "Expected '$expectedOutput' but got '$output'"
-                                echo "Did not find expectedOutput: '$expectedOutput' in the output below from running the command: '$cmd'"
+			fi
-								echo "<Start of output>"
+		elif [[ $exitcode -eq 0 ]]; then
-								echo "$output"
+			return $exitCode
-								echo "<End of output>"
+		fi
-                        fi
+		echo "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
-                elif [ -n "$failedOutput" ]; then
+		sleep $sleepDelay
-                        if [[ "$output" =~ "$failedOutput" ]]; then
+	done
-                                echo "Found failedOutput: '$failedOutput' in the output below from running the command: '$cmd'"
+	echo "Command continues to fail; giving up."
-								echo "<Start of output>"
+	return $exitcode
 								echo "$output"
 								echo "<End of output>"
 								if [[ $exitcode -eq 0 ]]; then
 									echo "The exitcode was 0, but we are setting to 1 since we found $failedOutput in the output."
 									exitcode=1
 								fi
                        else
                                return $exitcode
                        fi
                elif [[ $exitcode -eq 0 ]]; then
                        return $exitcode
                fi
                echo "Command failed with exit code $exitcode; will retry in $sleepDelay seconds ($attempt / $maxAttempts)..."
                sleep $sleepDelay
        done
        echo "Command continues to fail; giving up."
        return $exitcode
 }
 run_check_net_err() {
@@ -392,14 +344,6 @@ run_check_net_err() {
 	fi
 }
 set_cron_service_name() {
  if [[ "$OS" == "centos" ]]; then
    cron_service_name="crond"
  else
    cron_service_name="cron"
  fi
 }
 set_os() {
 	if [ -f /etc/redhat-release ]; then
 		OS=centos
@@ -437,21 +381,6 @@ set_version() {
 	fi
 }
 systemctl_func() {
 	local action=$1
 	local echo_action=$1
 	local service_name=$2
 	if [[ "$echo_action" == "stop" ]]; then
 		echo_action="stopp"
 	fi
 	echo ""
 	echo "${echo_action^}ing $service_name service at $(date +"%T.%6N")"
    systemctl $action $service_name && echo "Successfully ${echo_action}ed $service_name." || echo "Failed to $action $service_name."
 	echo ""
 }
 has_uppercase() {
 	local string=$1
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,4 +17,5 @@
 . /usr/sbin/so-common
-echo "TheHive and its components are no longer part of Security Onion"
+/usr/sbin/so-stop cortex $1
 /usr/sbin/so-start thehive $1
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,4 +17,4 @@
 . /usr/sbin/so-common
-echo "TheHive and its components are no longer part of Security Onion"
+/usr/sbin/so-start thehive $1
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,4 +17,4 @@
 . /usr/sbin/so-common
-echo "TheHive and its components are no longer part of Security Onion"
+/usr/sbin/so-stop cortex $1
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,4 +17,38 @@
 . /usr/sbin/so-common
-echo "TheHive and its components are no longer part of Security Onion"
+usage() {
    echo "Usage: $0 <new-user-name>"
    echo ""
    echo "Adds a new user to Cortex. The new password will be read from STDIN."
    exit 1
 }
 if [ $# -ne 1 ]; then
  usage
 fi
 USER=$1
 CORTEX_KEY=$(lookup_pillar cortexorguserkey)
 CORTEX_API_URL="$(lookup_pillar url_base)/cortex/api"
 CORTEX_ORG_NAME=$(lookup_pillar cortexorgname)
 CORTEX_USER=$USER
 # Read password for new user from stdin
 test -t 0
 if [[ $? == 0 ]]; then
  echo "Enter new password:"
 fi
 read -rs CORTEX_PASS
 # Create new user in Cortex
 resp=$(curl -sk -XPOST -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user" -d "{\"name\": \"$CORTEX_USER\",\"roles\": [\"read\",\"analyze\",\"orgadmin\"],\"organization\": \"$CORTEX_ORG_NAME\",\"login\": \"$CORTEX_USER\",\"password\" : \"$CORTEX_PASS\" }")
 if [[ "$resp" =~ \"status\":\"Ok\" ]]; then
    echo "Successfully added user to Cortex."
 else
    echo "Unable to add user to Cortex; user might already exist."
    echo $resp
    exit 2
 fi
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,4 +17,41 @@
 . /usr/sbin/so-common
-echo "TheHive and its components are no longer part of Security Onion"
+usage() {
    echo "Usage: $0 <user-name> <true|false>"
    echo ""
    echo "Enables or disables a user in Cortex."
    exit 1
 }
 if [ $# -ne 2 ]; then
  usage
 fi
 USER=$1
 CORTEX_KEY=$(lookup_pillar cortexorguserkey)
 CORTEX_API_URL="$(lookup_pillar url_base)/cortex/api"
 CORTEX_USER=$USER
 case "${2^^}" in
 	FALSE | NO | 0)
 		CORTEX_STATUS=Locked
 		;;
 	TRUE | YES | 1)
 		CORTEX_STATUS=Ok
 		;;
 	*)
 		usage
 		;;
 esac
 resp=$(curl -sk -XPATCH -H "Authorization: Bearer $CORTEX_KEY" -H "Content-Type: application/json" -L "https://$CORTEX_API_URL/user/${CORTEX_USER}" -d "{\"status\":\"${CORTEX_STATUS}\" }")
 if [[ "$resp" =~ \"status\":\"Locked\" || "$resp" =~ \"status\":\"Ok\" ]]; then
    echo "Successfully updated user in Cortex."
 else
    echo "Failed to update user in Cortex."
    echo $resp
    exit 2
 fi
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #    This program is free software: you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,23 +0,0 @@
 #!/bin/bash
 #
 # Copyright 2014-2022 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
 . /usr/sbin/so-common
 if [ "$1" == "" ]; then
    {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_component_template | jq '.component_templates[] |.name'| sort
 else
    {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_component_template/$1 | jq
 fi
@@ -1,23 +0,0 @@
 #!/bin/bash
 #
 # Copyright 2014-2022 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 {%- set NODEIP = salt['pillar.get']('elasticsearch:mainip', '') -%}
 . /usr/sbin/so-common
 if [ "$1" == "" ]; then
    {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_index_template | jq '.index_templates[] |.name'| sort
 else
    {{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_index_template/$1 | jq
 fi
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -18,4 +18,4 @@
 . /usr/sbin/so-common
-{{ ELASTICCURL }} -s -k -L "https://{{ NODEIP }}:9200/_cat/indices?pretty&v&s=index"
+{{ ELASTICCURL }} -s -k -L https://{{ NODEIP }}:9200/_cat/indices?pretty
@@ -1,7 +1,7 @@
 #!/bin/bash
 #
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -17,7 +17,9 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 IP={{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}
 ESPORT=9200
 THEHIVEESPORT=9400
 echo "Removing read only attributes for indices..."
 echo
 {{ ELASTICCURL }} -s -k -XPUT -H "Content-Type: application/json" -L https://$IP:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute.  Please ensure Elasticsearch is running.";fi;
 {{ ELASTICCURL }} -XPUT -H "Content-Type: application/json" -L http://$IP:9400/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}' 2>&1 | if grep -q ack; then echo "Index settings updated..."; else echo "There was any issue updating the read-only attribute.  Please ensure Elasticsearch is running.";fi;
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -33,8 +33,6 @@ while [[ "$COUNT" -le 240 ]]; do
 	if [ $? -eq 0 ]; then
 		ELASTICSEARCH_CONNECTED="yes"
 		echo "connected!"
 		# Check cluster health once connected
 		so-elasticsearch-query _cluster/health?wait_for_status=yellow > /dev/null 2>&1
 		break
 	else
 		((COUNT+=1))
@@ -50,7 +48,7 @@ fi
 cd ${ELASTICSEARCH_ROLES}
-echo "Loading roles..."
+echo "Loading templates..."
 for role in *; do
 	name=$(echo "$role" | cut -d. -f1)
 	so-elasticsearch-query _security/role/$name -XPUT -d @"$role"
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -30,7 +30,7 @@ echo -n "Waiting for ElasticSearch..."
 COUNT=0
 ELASTICSEARCH_CONNECTED="no"
 while [[ "$COUNT" -le 240 ]]; do
-      so-elasticsearch-query -k --output /dev/null --silent --head --fail
+    {{ ELASTICCURL }} -k --output /dev/null --silent --head --fail -L https://"$ELASTICSEARCH_HOST":"$ELASTICSEARCH_PORT"
 	if [ $? -eq 0 ]; then
 		ELASTICSEARCH_CONNECTED="yes"
 		echo "connected!"
@@ -47,23 +47,11 @@ if [ "$ELASTICSEARCH_CONNECTED" == "no" ]; then
 	echo
 fi
-cd ${ELASTICSEARCH_TEMPLATES}/component/ecs
+cd ${ELASTICSEARCH_TEMPLATES}
 echo "Loading ECS component templates..."
 for i in *; do TEMPLATE=$(echo $i | cut -d '.' -f1); echo "$TEMPLATE-mappings"; so-elasticsearch-query _component_template/$TEMPLATE-mappings -d@$i -XPUT 2>/dev/null; echo; done
-# Load SO-specific component templates
+echo "Loading templates..."
-cd ${ELASTICSEARCH_TEMPLATES}/component/so
+for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; {{ ELASTICCURL }} -k ${ELASTICSEARCH_AUTH} -s -XPUT -L https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_template/so-$TEMPLATE -H 'Content-Type: application/json' -d@$i 2>/dev/null; echo; done
 echo "Loading Security Onion component templates..."
 for i in *; do TEMPLATE=$(echo $i | cut -d '.' -f1); echo "$TEMPLATE"; so-elasticsearch-query _component_template/$TEMPLATE -d@$i -XPUT 2>/dev/null; echo; done
 echo
 # Load SO index templates
 cd ${ELASTICSEARCH_TEMPLATES}/index
 echo "Loading Security Onion index templates..."
 for i in *; do TEMPLATE=$(echo $i | cut -d '-' -f2); echo "so-$TEMPLATE"; so-elasticsearch-query _index_template/so-$TEMPLATE -d@$i -XPUT 2>/dev/null; echo; done
 echo
 cd - >/dev/null
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,20 +0,0 @@
 #!/bin/bash
 # Copyright 2014-2022 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 . /usr/sbin/so-common
 /usr/sbin/so-restart idh $1
@@ -1,20 +0,0 @@
 #!/bin/bash
 # Copyright 2014-2022 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 . /usr/sbin/so-common
 /usr/sbin/so-start idh $1
@@ -1,20 +0,0 @@
 #!/bin/bash
 # Copyright 2014-2022 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 . /usr/sbin/so-common
 /usr/sbin/so-stop idh $1
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -55,7 +55,6 @@ container_list() {
      "so-fleet"
      "so-fleet-launcher"
      "so-grafana"
      "so-idh"
      "so-idstools"
      "so-influxdb"
      "so-kibana"
@@ -75,6 +74,9 @@ container_list() {
      "so-strelka-manager"
      "so-suricata"
      "so-telegraf"
      "so-thehive"
      "so-thehive-cortex"
      "so-thehive-es"
      "so-wazuh"
      "so-zeek" 
    )
@@ -130,7 +132,7 @@ update_docker_containers() {
  # Let's make sure we have the public key
  run_check_net_err \
  "curl --retry 5 --retry-delay 60 -sSL https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS -o $SIGNPATH/KEYS" \
-  "Could not pull signature key file, please ensure connectivity to https://raw.githubusercontent.com" \
+  "Could not pull signature key file, please ensure connectivity to https://raw.gihubusercontent.com" \
  noretry >> "$LOG_FILE" 2>&1
  result=$?
  if [[ $result -eq 0 ]]; then
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -21,7 +21,7 @@
 {%- set MANAGERIP = salt['pillar.get']('global:managerip') -%}
 {%- set URLBASE = salt['pillar.get']('global:url_base') %}
 {% set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %}
-{% set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
+{% set ES_PW = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %}
 INDEX_DATE=$(date +'%Y.%m.%d')
 RUNID=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 8 | head -n 1)
@@ -42,7 +42,7 @@ function evtx2es() {
  EVTX=$1
  HASH=$2
-  ES_PASS=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch")
+  ES_PW=$(lookup_pillar "auth:users:so_elastic_user:pass" "elasticsearch")
  ES_USER=$(lookup_pillar "auth:users:so_elastic_user:user" "elasticsearch")
  docker run --rm \
@@ -51,7 +51,7 @@ function evtx2es() {
    {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} \
    --host {{ MANAGERIP }} --scheme https \
    --index so-beats-$INDEX_DATE --pipeline import.wel \
-    --login $ES_USER --pwd "$ES_PASS" \
+    --login $ES_USER --pwd $ES_PW \
    "/tmp/$RUNID.evtx" >> $LOG_FILE 2>&1
  docker run --rm \
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -1,6 +1,6 @@
 #!/bin/bash
-# Copyright 2014-2022 Security Onion Solutions, LLC
+# Copyright 2014,2015,2016,2017,2018,2019,2020,2021 Security Onion Solutions, LLC
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
m0duspwnens	62c702e269	Merge remote-tracking branch 'remotes/origin/dev' into feature/users	2021-11-19 09:58:01 -05:00
m0duspwnens	f10290246f	Merge remote-tracking branch 'remotes/origin/master' into feature/users	2021-07-02 08:13:56 -04:00
m0duspwnens	c919f6bca0	remove requirement on groups	2021-06-23 18:28:19 -04:00
m0duspwnens	51b421a165	add usergroup, dont create additional groupos	2021-06-23 18:17:18 -04:00
m0duspwnens	86ff54e844	update pillar examples	2021-06-23 17:49:06 -04:00
m0duspwnens	b8cb3f5815	update comment	2021-06-23 17:02:53 -04:00
m0duspwnens	381a51271f	add users to pillar and salt top	2021-06-23 15:53:20 -04:00
m0duspwnens	10500178d5	remove users: from users pillar	2021-06-23 15:51:40 -04:00
m0duspwnens	e81e66f40d	add additional reserved usernames	2021-06-23 15:33:49 -04:00
m0duspwnens	f6bd74aadf	add a list of reserved usernames for centos	2021-06-23 15:21:19 -04:00
m0duspwnens	322c2804fc	add support for managing users that can ssh to a node via key	2021-06-23 12:39:48 -04:00
		`@@ -0,0 +1,2 @@`
							`# users pillar goes in /opt/so/saltstack/local/pillar/users/init.sls`
							`# the users directory may need to be created under /opt/so/saltstack/local/pillar`