Merge pull request #13624 from Security-Onion-Solutions/esver

m0duspwnens · web-flow · commit ba0779ea1e56 · 2024-09-06T10:46:18.000-04:00
fix es agent update for soup
diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
@@ -677,7 +677,8 @@ has_uppercase() {
 }
 
 update_elastic_agent() {
-	get_elastic_agent_vars
+	local path="${1:-/opt/so/saltstack/default}"
+	get_elastic_agent_vars "$path"
 	echo "Checking if Elastic Agent update is necessary..."
 	download_and_verify "$ELASTIC_AGENT_URL" "$ELASTIC_AGENT_MD5_URL" "$ELASTIC_AGENT_FILE" "$ELASTIC_AGENT_MD5" "$ELASTIC_AGENT_EXPANSION_DIR"
 }
diff --git a/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-grid-upgrade b/salt/elasticfleet/tools/sbin_jinja/so-elastic-agent-grid-upgrade
@@ -5,7 +5,7 @@
 # this file except in compliance with the Elastic License 2.0.
 
 . /usr/sbin/so-common
-{%- import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS -%}
+{%- import_yaml 'elasticsearch/defaults.yaml' as ELASTICSEARCHDEFAULTS %}
 
 # Only run on Managers
 if ! is_manager_node; then
diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
@@ -837,12 +837,13 @@ determine_elastic_agent_upgrade() {
   if [[ $is_airgap -eq 0 ]]; then
     update_elastic_agent_airgap
   else
-    update_elastic_agent
+    # the new elasticsearch defaults.yaml file is not yet placed in /opt/so/saltstack/default/salt/elasticsearch yet
+    update_elastic_agent "$UPDATE_DIR"
   fi
 }
 
 update_elastic_agent_airgap() {
-  get_elastic_agent_vars
+  get_elastic_agent_vars "/tmp/soagupdate/SecurityOnion"
   rsync -av /tmp/soagupdate/fleet/* /nsm/elastic-fleet/artifacts/
   tar -xf "$ELASTIC_AGENT_FILE" -C "$ELASTIC_AGENT_EXPANSION_DIR"
 }
diff --git a/salt/suricata/tools/sbin/so-suricata-reload-rules b/salt/suricata/tools/sbin/so-suricata-reload-rules
@@ -7,5 +7,5 @@
 
 . /usr/sbin/so-common
 
-retry 40 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c reload-rules /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}'
-retry 40 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c ruleset-reload-nonblocking /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}'
+retry 60 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c reload-rules /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}' || fail "The Suricata container was not ready in time."
+retry 60 3 'docker exec -it so-suricata /opt/suricata/bin/suricatasc -c ruleset-reload-nonblocking /var/run/suricata/suricata-command.socket' '{"message": "done", "return": "OK"}' || fail "The Suricata container was not ready in time."
diff --git a/setup/so-setup b/setup/so-setup
@@ -759,8 +759,8 @@ if ! [[ -f $install_opt_file ]]; then
 			title "Downloading IDS Rules"
 			logCmd "so-rule-update"
 			if [[ $monints || $is_import ]]; then
-				title "Restarting Suricata to pick up the new rules"
-				logCmd "so-suricata-restart"
+				title "Applying the Suricata state to load the new rules"
+				logCmd "salt-call state.apply suricata -l info"
 			fi
 		fi
 		title "Setting up Kibana Default Space"

Original file line number	Diff line number	Diff line change
`@@ -677,7 +677,8 @@ has_uppercase() {`
`677`	`677`	`}`
`678`	`678`
`679`	`679`	`update_elastic_agent() {`
`680`		`- get_elastic_agent_vars`
	`680`	`+ local path="${1:-/opt/so/saltstack/default}"`
	`681`	`+ get_elastic_agent_vars "$path"`
`681`	`682`	`echo "Checking if Elastic Agent update is necessary..."`
`682`	`683`	`download_and_verify "$ELASTIC_AGENT_URL" "$ELASTIC_AGENT_MD5_URL" "$ELASTIC_AGENT_FILE" "$ELASTIC_AGENT_MD5" "$ELASTIC_AGENT_EXPANSION_DIR"`
`683`	`684`	`}`