I was asked by a couple of folks about some handy dandy salt commands that would help with a Security Onion deployment with Onionsalt at BSides Augusta and the Security Onion Conference. So being true to my word here are a few good things to know when writing your own salt scripts. Also feel free to fork and contribute to my repo on github HERE.
Let's start with some basics.
createadirectoy:
file.directory:
- name: /opt/somedir
Createdirectory is the name of the task we are performing. We are saying make sure you have the directory /opt/somedir
managedfile:
file.manage:
- name: /opt/somedir/somefile.sh
- source: salt://files/somefile.sh
We are saying in that last example always make sure that /opt/somedir/somefile.sh matches the one we have on our salt file area.
manageddirectory:
file.recurse:
- name: /opt/somedir
- source: salt://files/somedir
This says lets make sure that all the files in file/somedir are copied to /opt/somedir
runascriptatcheckin:
cmd.script:
- source: salt://scripts/somescript.sh
- shell: /bin/bash
- cwd: /root
Sometime you want to write a script that you run every time the minion checks in. I typically use this to check certain states on the box to make sure everything looks good. We are saying use bash to execute the script somescript.sh from the /root directory.
runsomecommand:
cmd.run:
- name: df -h
This one is if you just want to run some sort of command each time something checks in.
watchsomethingthendosomething:
cmd.wait:
- name: service httpd restart
- watch:
- file: /etc/httpd.conf
- file: /etc/somedir
Here we are saying watch for anything changing in the httpd.conf or any file in /etc/somedir and if you see something run "service httpd restart"
These are a few easy things to use to get you started in writing your own salt scripts. Saltstack.com has a lot of documentation that can enable you to get much deeper than this.