I was asked by a couple of folks about some handy dandy salt commands that would help with a Security Onion deployment with Onionsalt at BSides Augusta and the Security Onion Conference. So being true to my word here are a few good things to know when writing your own salt scripts. Also feel free to fork and contribute to my repo on github HERE.
Let's start with some basics.
createadirectoy:
  file.directory:
    - name: /opt/somedir
Createdirectory is the name of the task we are performing. We are saying make sure you have the directory /opt/somedir
managedfile:
  file.manage:
    - name: /opt/somedir/somefile.sh
    - source: salt://files/somefile.sh
We are saying in that last example always make sure that /opt/somedir/somefile.sh matches the one we have on our salt file area.
manageddirectory:
  file.recurse:
    - name: /opt/somedir
    - source: salt://files/somedir
This says lets make sure that all the files in file/somedir are copied to /opt/somedir
runascriptatcheckin:
  cmd.script:
    - source: salt://scripts/somescript.sh
    - shell: /bin/bash
    - cwd: /root
Sometime you want to write a script that you run every time the minion checks in. I typically use this to check certain states on the box to make sure everything looks good. We are saying use bash to execute the script somescript.sh from the /root directory.
runsomecommand:
  cmd.run:
    - name: df -h
This one is if you just want to run some sort of command each time something checks in.
watchsomethingthendosomething:
  cmd.wait:
    - name: service httpd restart
    - watch:
      - file: /etc/httpd.conf
      - file: /etc/somedir
Here we are saying watch for anything changing in the httpd.conf or any file in /etc/somedir and if you see something run "service httpd restart"
These are a few easy things to use to get you started in writing your own salt scripts. Saltstack.com has a lot of documentation that can enable you to get much deeper than this.
 
