Mike Reeves
f1746b0f59
Both SLS files used `sls.split('.')[0]` to derive what to look up in
allowed_states. For these files (sls='salt.master.ext_pillar_postgres'
and sls='salt.master.pg_notify_pillar_engine') that returns 'salt',
which is never in any role's allowed_states list — only specific keys
like 'salt.master', 'salt.minion', 'salt.cloud' are. The guard's else
branch fired on every highstate, emitting two cosmetic
ID: <sls>_state_not_allowed
Function: test.fail_without_changes
Comment: Failure!
entries that polluted the so-setup error summary even on green installs.
Both states drop config under /etc/salt/master.d/ and watch_in the
salt-master service, so the natural intent is "only run when this node
hosts the salt master". Switching the guard to a literal
{% if 'salt.master' in allowed_states %}
expresses that directly without string-parsing the SLS path, and
matches the existing membership in manager_states (which is in turn
included in every manager-bearing role: so-eval, so-manager,
so-managerhype, so-managersearch, so-standalone, so-import).
Security Onion
Security Onion is a free and open Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes a comprehensive suite of tools designed to work together to provide visibility into your network and host activity.
✨ Features
Security Onion includes everything you need to monitor your network and host systems:
- Security Onion Console (SOC): A unified web interface for analyzing security events and managing your grid.
- Elastic Stack: Powerful search backed by Elasticsearch.
- Intrusion Detection: Network-based IDS with Suricata and host-based monitoring with Elastic Fleet.
- Network Metadata: Detailed network metadata generated by Zeek or Suricata.
- Full Packet Capture: Retain and analyze raw network traffic with Suricata PCAP.
⭐ Security Onion Pro
For organizations and enterprises requiring advanced capabilities, Security Onion Pro offers additional features designed for scale and efficiency:
- Onion AI: Leverage powerful AI-driven insights to accelerate your analysis and investigations.
- Enterprise Features: Enhanced tools and integrations tailored for enterprise-grade security operations.
For more information, visit the Security Onion Pro page.
☁️ Cloud Deployment
Security Onion is available and ready to deploy in the AWS, Azure, and Google Cloud (GCP) marketplaces.
🚀 Getting Started
| Goal | Resource |
|---|---|
| Download | Security Onion ISO |
| Requirements | Hardware Guide |
| Install | Installation Instructions |
| What's New | Release Notes |
📖 Documentation & Support
For more detailed information, please visit our Documentation.
- FAQ: Frequently Asked Questions
- Community: Discussions & Support
- Training: Official Training
🤝 Contributing
We welcome contributions! Please see our CONTRIBUTING.md for guidelines on how to get involved.
🛡️ License
Security Onion is licensed under the terms of the license found in the LICENSE file.
Built with 🧅 by Security Onion Solutions.