Sunday, September 14, 2014

OnionSalt Saltstack Cheat Sheet

I was asked by a couple of folks about some handy dandy salt commands that would help with a Security Onion deployment with Onionsalt at BSides Augusta and the Security Onion Conference. So being true to my word here are a few good things to know when writing your own salt scripts. Also feel free to fork and contribute to my repo on github HERE.

Let's start with some basics.

createadirectoy:
  file.directory:
    - name: /opt/somedir

Createdirectory is the name of the task we are performing. We are saying make sure you have the directory /opt/somedir

managedfile:
  file.manage:
    - name: /opt/somedir/somefile.sh
    - source: salt://files/somefile.sh

We are saying in that last example always make sure that /opt/somedir/somefile.sh matches the one we have on our salt file area.

manageddirectory:
  file.recurse:
    - name: /opt/somedir
    - source: salt://files/somedir

This says lets make sure that all the files in file/somedir are copied to /opt/somedir

runascriptatcheckin:
  cmd.script:
    - source: salt://scripts/somescript.sh
    - shell: /bin/bash
    - cwd: /root

Sometime you want to write a script that you run every time the minion checks in. I typically use this to check certain states on the box to make sure everything looks good. We are saying use bash to execute the script somescript.sh from the /root directory.

runsomecommand:
  cmd.run:
    - name: df -h

This one is if you just want to run some sort of command each time something checks in.

watchsomethingthendosomething:
  cmd.wait:
    - name: service httpd restart
    - watch:
      - file: /etc/httpd.conf
      - file: /etc/somedir

Here we are saying watch for anything changing in the httpd.conf or any file in /etc/somedir and if you see something run "service httpd restart"

These are a few easy things to use to get you started in writing your own salt scripts. Saltstack.com has a lot of documentation that can enable you to get much deeper than this.