From 98947f3906c626c42882c852f6bb8f5a01acfb85 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 8 Dec 2023 08:37:42 -0500 Subject: [PATCH 1/2] grid page enhancements --- salt/manager/tools/sbin/so-minion | 148 ++++++++++++++++++------------ salt/telegraf/defaults.yaml | 12 +++ 2 files changed, 103 insertions(+), 57 deletions(-) diff --git a/salt/manager/tools/sbin/so-minion b/salt/manager/tools/sbin/so-minion index 1baf88cad9..ada56dc2a0 100755 --- a/salt/manager/tools/sbin/so-minion +++ b/salt/manager/tools/sbin/so-minion @@ -9,23 +9,23 @@ if [ -f /usr/sbin/so-common ]; then . /usr/sbin/so-common fi -if [ "$(id -u)" -ne 0 ]; then - echo "This script must be run using sudo!" +function usage() { + echo "Usage: $0 -o= -m=[id]" + echo "" + echo " where is one of the following:" + echo "" + echo " add: Accepts a new key and adds the minion files" + echo " delete: Removes the key and deletes the minion files" + echo " list: Lists all keys with hashes" + echo " reject: Rejects a key" + echo " restart: Restart a minion (reboot)" + echo " test: Perform minion test" + echo "" exit 1 -fi +} if [[ $# -lt 1 ]]; then - echo "Usage: $0 -o= -m=[id]" - echo "" - echo " where is one of the following:" - echo "" - echo " list: Lists all keys with hashes" - echo " accept: Accepts a new key and adds the minion files" - echo " delete: Removes the key and deletes the minion files" - echo " reject: Rejects a key" - echo " test: Perform minion test" - echo "" - exit 1 + usage fi for i in "$@"; do @@ -38,6 +38,8 @@ for i in "$@"; do MINION_ID="${i#*=}" shift ;; + + # The following args are used internally during setup, not to be specified manually. -e=*|--esheap=*) ES_HEAP_SIZE="${i#*=}" shift @@ -63,6 +65,7 @@ for i in "$@"; do exit 1 ;; *) + usage ;; esac done @@ -76,7 +79,7 @@ function getinstallinfo() { source <(echo $INSTALLVARS) } -function testminion() { +function testMinion() { # Always run on the host, since this is going to be the manager of a distributed grid, or an eval/standalone. # Distributed managers must run this in order for the sensor nodes to have access to the so-tcpreplay image. so-test @@ -92,12 +95,19 @@ function testminion() { exit $result } -function listminions() { +function restartMinion() { + salt "$MINION_ID" system.reboot + result=$? + + exit $result +} + +function listMinions() { salt-key list -F --out=json exit $? } -function rejectminion() { +function rejectMinion() { salt-key -y -r $MINION_ID exit $? } @@ -106,11 +116,11 @@ function acceptminion() { salt-key -y -a $MINION_ID } -function deleteminion() { +function deleteMinion() { salt-key -y -d $MINION_ID } -function deleteminionfiles () { +function deleteMinionFiles () { rm -f $PILLARFILE rm -f $ADVPILLARFILE } @@ -589,25 +599,33 @@ function testConnection() { fi } -if [[ "$OPERATION" = 'list' ]]; then - listminions -fi - -if [[ "$OPERATION" = 'delete' ]]; then - deleteminionfiles - deleteminion -fi - -if [[ "$OPERATION" == 'add' || "$OPERATION" == 'setup' ]]; then - # Skip this if its setup - if [[ $OPERATION == 'add' ]]; then - # Accept the salt key - acceptminion - # Test to see if the minion was accepted - testConnection - # Pull the info from the file to build what is needed - getinstallinfo +function addMinion() { + # Accept the salt key + acceptminion + # Test to see if the minion was accepted + testConnection + # Pull the info from the file to build what is needed + getinstallinfo +} + +function updateMineAndApplyStates() { + # tell the minion to populate the mine with data from mine_functions which is populated during setup + # this only needs to happen on non managers since they handle this during setup + # and they need to wait for ca creation to update the mine + updateMine + checkMine "network.ip_addrs" + # apply the elasticsearch state to the manager if a new searchnode was added + if [[ "$NODETYPE" == "SEARCHNODE" || "$NODETYPE" == "HEAVYNODE" ]]; then + # calls so-common and set_minionid sets MINIONID to local minion id + set_minionid + salt $MINIONID state.apply elasticsearch queue=True --async + salt $MINIONID state.apply soc queue=True --async fi + # run this async so the cli doesn't wait for a return + salt "$MINION_ID" state.highstate --async queue=True +} + +function setupMinionFiles() { # Check to see if nodetype is set if [ -z $NODETYPE ]; then echo "No node type specified" @@ -624,25 +642,41 @@ if [[ "$OPERATION" == 'add' || "$OPERATION" == 'setup' ]]; then create$NODETYPE echo "Minion file created for $MINION_ID" +} - if [[ "$OPERATION" == 'add' ]]; then - # tell the minion to populate the mine with data from mine_functions which is populated during setup - # this only needs to happen on non managers since they handle this during setup - # and they need to wait for ca creation to update the mine - updateMine - checkMine "network.ip_addrs" - # apply the elasticsearch state to the manager if a new searchnode was added - if [[ "$NODETYPE" == "SEARCHNODE" || "$NODETYPE" == "HEAVYNODE" ]]; then - # calls so-common and set_minionid sets MINIONID to local minion id - set_minionid - salt $MINIONID state.apply elasticsearch queue=True --async - salt $MINIONID state.apply soc queue=True --async - fi - # run this async so the cli doesn't wait for a return - salt "$MINION_ID" state.highstate --async queue=True - fi -fi +case "$OPERATION" in + "add") + addMinion + setupMinionFiles + updateMineAndApplyStates + ;; -if [[ "$OPERATION" = 'test' ]]; then - testminion -fi + "delete") + deleteMinionFiles + deleteMinion + ;; + + "list") + listMinions + ;; + + "reject") + rejectMinion + ;; + + "restart") + restartMinion + ;; + + "setup") + # only should be invoked directly during setup, never manually + setupMinionFiles + ;; + + "test") + testMinion + ;; + *) + usage + ;; +esac \ No newline at end of file diff --git a/salt/telegraf/defaults.yaml b/salt/telegraf/defaults.yaml index 0b7d532b1b..676f365cf2 100644 --- a/salt/telegraf/defaults.yaml +++ b/salt/telegraf/defaults.yaml @@ -14,6 +14,7 @@ telegraf: - checkfiles.sh - influxdbsize.sh - oldpcap.sh + - os.sh - raid.sh - sostatus.sh - stenoloss.sh @@ -25,6 +26,7 @@ telegraf: - eps.sh - influxdbsize.sh - oldpcap.sh + - os.sh - raid.sh - redis.sh - sostatus.sh @@ -34,20 +36,24 @@ telegraf: - zeekloss.sh manager: - influxdbsize.sh + - os.sh - raid.sh - redis.sh - sostatus.sh managersearch: - eps.sh - influxdbsize.sh + - os.sh - raid.sh - redis.sh - sostatus.sh import: + - os.sh - sostatus.sh sensor: - checkfiles.sh - oldpcap.sh + - os.sh - raid.sh - sostatus.sh - stenoloss.sh @@ -58,6 +64,7 @@ telegraf: - checkfiles.sh - eps.sh - oldpcap.sh + - os.sh - raid.sh - redis.sh - sostatus.sh @@ -66,17 +73,22 @@ telegraf: - zeekcaptureloss.sh - zeekloss.sh idh: + - os.sh - sostatus.sh searchnode: - eps.sh + - os.sh - raid.sh - sostatus.sh receiver: - eps.sh + - os.sh - raid.sh - redis.sh - sostatus.sh fleet: + - os.sh - sostatus.sh desktop: + - os.sh - sostatus.sh From a7329853514b2422aba6843d91c8e018088770ac Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 8 Dec 2023 08:38:42 -0500 Subject: [PATCH 2/2] grid page enhancements --- salt/telegraf/scripts/os.sh | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 salt/telegraf/scripts/os.sh diff --git a/salt/telegraf/scripts/os.sh b/salt/telegraf/scripts/os.sh new file mode 100644 index 0000000000..a067806a13 --- /dev/null +++ b/salt/telegraf/scripts/os.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +# if this script isn't already running +if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then + + NEEDS_RESTART=0 + + if which needs-restarting &> /dev/null; then + # DNF/RPM family + if ! needs-restarting -r &> /dev/null; then + NEEDS_RESTART=1 + fi + else + # APT family + if [ -f /var/run/reboot-required ]; then + NEEDS_RESTART=1 + fi + fi + + echo "os restart=$NEEDS_RESTART" + +fi + +exit 0