Security-Onion-Solutions · TOoSmOotH · Sep 28, 2023 · Sep 28, 2023 · Sep 28, 2023 · Sep 28, 2023
diff --git a/salt/manager/init.sls b/salt/manager/init.sls
@@ -26,6 +26,15 @@ repo_log_dir:
       - user
       - group
 
+yara_log_dir:
+  file.directory:
+    - name: /opt/so/log/yarasync
+    - user: socore
+    - group: socore
+    - recurse:
+      - user
+      - group
+
 repo_conf_dir:
   file.directory:
     - name: /opt/so/conf/reposync
@@ -52,21 +61,23 @@ manager_sbin:
     - group: 939
     - file_mode: 755
 
-#manager_sbin_jinja:
-#  file.recurse:
-#    - name: /usr/sbin
-#    - source: salt://manager/tools/sbin_jinja
-#    - user: 939
-#    - group: 939 
-#    - file_mode: 755
-#    - template: jinja
+yara_update_scripts:
+  file.recurse:
+    - name: /usr/sbin/
+    - source: salt://manager/tools/sbin_jinja/
+    - user: socore
+    - group: socore
+    - file_mode: 755
+    - template: jinja
+    - defaults:
+        EXCLUDEDRULES: {{ STRELKAMERGED.rules.excluded }}
 
 so-repo-sync:
-  {% if MANAGERMERGED.reposync.enabled %}
+  {%     if MANAGERMERGED.reposync.enabled %}
   cron.present:
-  {% else %}
+  {%     else %}
   cron.absent:
-  {% endif %}
+  {%     endif %}
     - user: socore
     - name: '/usr/sbin/so-repo-sync >> /opt/so/log/reposync/reposync.log 2>&1'
     - identifier: so-repo-sync
@@ -82,7 +93,15 @@ socore_own_saltstack:
       - user
       - group
 
-{%   if STRELKAMERGED.rules.enabled %}
+rules_dir:
+  file.directory:
+    - name: /nsm/rules/yara
+    - user: socore
+    - group: socore
+    - makedirs: True
+
+{%    if STRELKAMERGED.rules.enabled %}
+
 strelkarepos:
   file.managed:
     - name: /opt/so/conf/strelka/repos.txt
@@ -91,67 +110,45 @@ strelkarepos:
     - defaults:
         STRELKAREPOS: {{ STRELKAMERGED.rules.repos }}
     - makedirs: True
-{%   endif %}
-
-yara_update_scripts:
-  file.recurse:
-    - name: /usr/sbin/
-    - source: salt://manager/tools/sbin_jinja/
-    - user: socore
-    - group: socore
-    - file_mode: 755
-    - template: jinja
-    - defaults:
-        EXCLUDEDRULES: {{ STRELKAMERGED.rules.excluded }}
-
-rules_dir:
-  file.directory:
-    - name: /nsm/rules/yara
-    - user: socore
-    - group: socore
-    - makedirs: True
-
-{%   if GLOBALS.airgap %}
-remove_strelka-yara-download:
-  cron.absent:
-    - user: socore
-    - identifier: strelka-yara-download
 
 strelka-yara-update:
+  {%       if MANAGERMERGED.reposync.enabled and not GLOBALS.airgap %} 
   cron.present:
+  {%       else %}
+  cron.absent:
+  {%       endif %}
     - user: socore
-    - name: '/usr/sbin/so-yara-update >> /nsm/strelka/log/yara-update.log 2>&1'
+    - name: '/usr/sbin/so-yara-update >> /opt/so/log/yarasync/yara-update.log 2>&1'
     - identifier: strelka-yara-update
     - hour: '7'
     - minute: '1'
 
-update_yara_rules:
-  cmd.run:
-    - name: /usr/sbin/so-yara-update
-    - onchanges:
-      - file: yara_update_scripts
-{%   else %}
-remove_strelka-yara-update:
-  cron.absent:
-    - user: socore
-    - identifier: strelka-yara-update
-
 strelka-yara-download:
+  {%       if MANAGERMERGED.reposync.enabled and not GLOBALS.airgap %}
   cron.present:
+  {%       else %}
+  cron.absent:
+  {%       endif %}
     - user: socore
-    - name: '/usr/sbin/so-yara-download >> /nsm/strelka/log/yara-download.log 2>&1'
+    - name: '/usr/sbin/so-yara-download >> /opt/so/log/yarasync/yara-download.log 2>&1'
     - identifier: strelka-yara-download
     - hour: '7'
     - minute: '1'
 
+{%      if not GLOBALS.airgap %}
+update_yara_rules:
+  cmd.run:
+    - name: /usr/sbin/so-yara-update
+    - onchanges:
+      - file: yara_update_scripts
+
 download_yara_rules:
   cmd.run:
     - name: /usr/sbin/so-yara-download
     - onchanges:
       - file: yara_update_scripts
-{%   endif %}
-
-
+{%      endif %}
+{%     endif %}
 {% else %}
 
 {{sls}}_state_not_allowed:

diff --git a/salt/strelka/tools/sbin_jinja/so-yara-download b/salt/strelka/tools/sbin_jinja/so-yara-download
diff --git a/setup/so-functions b/setup/so-functions
@@ -1963,12 +1963,10 @@ securityonion_repo() {
 	fi
 	if [[ $is_rpm ]]; then logCmd "dnf repolist all"; fi
 	if [[ $waitforstate ]]; then
-		if [[ ! $is_airgap ]]; then
-			if [[ $is_rpm ]]; then
+		if [[ $is_rpm ]]; then
 				# Build the repo locally so we can use it
 				echo "Syncing Repos"
 				repo_sync_local
-			fi
 		fi
 	fi
 }
@@ -1978,7 +1976,7 @@ repo_sync_local() {
 	if [[ $is_supported ]]; then
 		# Sync the repo from the the SO repo locally.
 		# Check for reposync
-		info "Backing up old repos"
+		info "Adding Repo Download Configuration"
 		mkdir -p /nsm/repo
 		mkdir -p /opt/so/conf/reposync/cache
 		echo "https://repo.securityonion.net/file/so-repo/prod/2.4/oracle/9" > /opt/so/conf/reposync/mirror.txt
@@ -2002,10 +2000,10 @@ repo_sync_local() {
 		if [[ ! $is_airgap ]]; then
         	curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
 			logCmd "dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
+			# After the download is complete run createrepo
+			create_repo
 		fi
 
-	# After the download is complete run createrepo
-	create_repo
 	else
 		# Add the proper repos for unsupported stuff
 		echo "Adding Repos"