Salt
From https://docs.saltproject.io/en/latest/topics/about_salt_project.html#about-salt:
Built on Python, Salt is an event-driven automation tool and framework to deploy, configure, and manage complex IT systems. Use Salt to automate common infrastructure administration tasks and ensure that all the components of your infrastructure are operating in a consistent desired state.
Note
Salt is a core component of Security Onion as it manages all processes on all nodes. In a distributed deployment, the manager node controls all other nodes via salt. These non-manager nodes are referred to as salt minions.
Firewall Requirements
Salt minions must be able to connect to the manager node on ports 4505/tcp and 4506/tcp.
Checking Status
You can use salt’s test.ping to verify that all your nodes are up:
sudo salt \* test.ping
Remote Execution
Similarly, you can use salt’s cmd.run to execute a command on all your nodes at once. For example, to check disk space on all nodes:
sudo salt \* cmd.run 'df'
Node checkin
If you want to force a node to do a full update of all salt states, you can run so-checkin. This will execute salt-call state.highstate -l info which outputs to the terminal with the log level set to info so that you can see exactly what’s happening:
sudo so-checkin
Configuration
Many of the options that are configurable in Security Onion are done by going to Administration and then Configuration.
Diagnostic Logs
Diagnostic logs can be found in /opt/so/log/salt/.
Known Issues
You may see the following error in the salt-master log located at /opt/so/log/salt/master:
[ERROR ][24983] Event iteration failed with exception: 'list' object has no attribute 'items'
The root cause of this error is a state trying to run on a minion when another state is already running. This error now occurs in the log due to a change in the exception handling within Salt’s event module. Previously, in the case of an exception, the code would just pass. However, the exception is now logged. The error can be ignored as it is not an indication of any issue with the minions.
More Information
Note
For more information about Salt, please see https://docs.saltproject.io/en/latest/contents.html.