From 834d79ae013b3b3a6ec321e74c7ea707bbd44420 Mon Sep 17 00:00:00 2001 From: bkeep Date: Mon, 22 Jun 2020 18:38:03 -0500 Subject: [PATCH 1/2] fix: linting issues --- .github/workflows/commitlint.yml | 16 + .gitignore | 2 +- .rubocop.yml | 16 + .salt-lint | 14 + .travis.yml | 128 +++-- .yamllint | 37 ++ CODEOWNERS | 40 ++ Gemfile | 7 +- Gemfile.lock | 531 ++++++++++++++++++ commitlint.config.js | 3 + README.rst => docs/README.rst | 30 +- pillar.example | 10 +- pre-commit_semantic-release.sh | 30 + release-rules.js | 18 + release.config.js | 106 ++++ .../default/controls/config_spec.rb | 4 +- .../default/controls/ldconfig_spec.rb | 3 + .../default/controls/packages_spec.rb | 2 + .../default/controls/services_spec.rb | 6 +- test/integration/default/inspec.yml | 3 + test/salt/pillar/default.sls | 12 +- zeek/init.sls | 2 +- zeek/map.jinja | 36 +- zeek/zeek-config.sls | 4 +- zeek/zeek-prereqs.sls | 2 +- zeek/zeek-service.sls | 2 +- zeek/zeek-syslog.sls | 2 +- 27 files changed, 983 insertions(+), 83 deletions(-) create mode 100644 .github/workflows/commitlint.yml create mode 100644 .rubocop.yml create mode 100644 .salt-lint create mode 100644 .yamllint create mode 100644 CODEOWNERS create mode 100644 Gemfile.lock create mode 100644 commitlint.config.js rename README.rst => docs/README.rst (68%) create mode 100755 pre-commit_semantic-release.sh create mode 100644 release-rules.js create mode 100644 release.config.js diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml new file mode 100644 index 0000000..42a5375 --- /dev/null +++ b/.github/workflows/commitlint.yml @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +name: Commitlint +'on': [pull_request] + +jobs: + lint: + runs-on: ubuntu-latest + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - uses: wagoid/commitlint-github-action@v1 diff --git a/.gitignore b/.gitignore index e90defb..db9cf84 100644 --- a/.gitignore +++ b/.gitignore @@ -105,7 +105,7 @@ ENV/ .mypy_cache/ # Bundler -Gemfile.lock +.bundle/ # copied `.md` files used for conversion to `.rst` using `m2r` docs/*.md diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..7fd75ac --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,16 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# General overrides used across formulas in the org +Layout/LineLength: + # Increase from default of `80` + # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) + Max: 88 +Metrics/BlockLength: + ExcludedMethods: + - control + - describe + # Increase from default of `25` + Max: 30 + +# Any offenses that should be fixed, e.g. collected via. `rubocop --auto-gen-config` diff --git a/.salt-lint b/.salt-lint new file mode 100644 index 0000000..3715677 --- /dev/null +++ b/.salt-lint @@ -0,0 +1,14 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +exclude_paths: [] +rules: {} +skip_list: + # Using `salt-lint` for linting other files as well, such as Jinja macros/templates + - 205 # Use ".sls" as a Salt State file extension + # Skipping `207` and `208` because `210` is sufficient, at least for the time-being + # I.e. Allows 3-digit unquoted codes to still be used, such as `644` and `755` + - 207 # File modes should always be encapsulated in quotation marks + - 208 # File modes should always contain a leading zero +tags: [] +verbosity: 1 diff --git a/.travis.yml b/.travis.yml index 1805a8e..ea74150 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,7 @@ os: 'linux' arch: 'amd64' dist: 'bionic' +version: '~> 1.0' ## Language and cache config language: 'ruby' @@ -14,39 +15,96 @@ cache: 'bundler' services: - docker -## Require sudo -sudo: 'required' - -# Make sure the instances listed below match up with -# the `platforms` defined in `kitchen.yml` -# NOTE: Please try to select up to six instances that add some meaningful -# testing of the formula's behaviour. If possible, try to refrain from -# the classical "chosing all the instances because I want to test on -# another/all distro/s" trap: it will just add time to the testing (see -# the discussion on #121). As an example, the set chosen below covers -# the most used distros families, systemd and non-systemd and the latest -# three supported Saltstack versions with python2 and 3. -# As for `kitchen.yml`, that should still contain all of the platforms, -# to allow for comprehensive local testing -# Ref: https://github.com/saltstack-formulas/template-formula/issues/118 -# Ref: https://github.com/saltstack-formulas/template-formula/issues/121 - matrix: - - INSTANCE: default-ubuntu-1804-master-py3 - # - INSTANCE: default-debian-10-master-py3 - # - INSTANCE: default-centos-8-master-py3 - # - INSTANCE: default-ubuntu-1804-3000-3-py3 - # - INSTANCE: default-debian-10-3000-3-py3 - - INSTANCE: default-debian-9-3000-3-py3 - - INSTANCE: default-centos-8-3000-3-py3 - # - INSTANCE: default-centos-7-3000-3-py3 - # - INSTANCE: default-ubuntu-1804-2019-2-py3 - # - INSTANCE: default-debian-10-2019-2-py3 - # - INSTANCE: default-debian-9-2019-2-py3 - # - INSTANCE: default-centos-8-2019-2-py3 - - INSTANCE: default-centos-7-2019-2-py3 - -before_install: - - bundle install - +## Script to run for the test stage script: - - bin/kitchen verify ${INSTANCE} + - bin/kitchen verify "${INSTANCE}" + +## Stages and jobs matrix +stages: + - test + - name: 'release' + if: 'branch = master AND type != pull_request' +jobs: + include: + ## Define the test stage that runs the linters (and testing matrix, if applicable) + + # Run all of the linters in a single job + - language: 'node_js' + node_js: 'lts/*' + env: 'Lint' + name: 'Lint: salt-lint, yamllint, rubocop, shellcheck & commitlint' + before_install: 'skip' + script: + # Install and run `salt-lint` + - pip install --user salt-lint + - git ls-files -- '*.sls' '*.jinja' '*.j2' '*.tmpl' '*.tst' + | xargs salt-lint + # Install and run `yamllint` + # Need at least `v1.17.0` for the `yaml-files` setting + - pip install --user yamllint>=1.17.0 + - yamllint -s . + # Install and run `rubocop` + - gem install rubocop + - rubocop -d + # Run `shellcheck` (already pre-installed in Travis) + - shellcheck --version + - git ls-files -- '*.sh' '*.bash' '*.ksh' + | xargs shellcheck + # Install and run `commitlint` + - npm i -D @commitlint/config-conventional + @commitlint/travis-cli + - commitlint-travis + + ## Define the rest of the matrix based on Kitchen testing + # Make sure the instances listed below match up with + # the `platforms` defined in `kitchen.yml` + # NOTE: Please try to select up to six instances that add some meaningful + # testing of the formula's behaviour. If possible, try to refrain from + # the classical "chosing all the instances because I want to test on + # another/all distro/s" trap: it will just add time to the testing (see + # the discussion on #121). As an example, the set chosen below covers + # the most used distros families, systemd and non-systemd and the latest + # three supported Saltstack versions with python2 and 3. + # As for `kitchen.yml`, that should still contain all of the platforms, + # to allow for comprehensive local testing + # Ref: https://github.com/saltstack-formulas/template-formula/issues/118 + # Ref: https://github.com/saltstack-formulas/template-formula/issues/121 + - env: INSTANCE=default-ubuntu-1804-master-py3 + # - env: INSTANCE=default-debian-10-master-py3 + # - env: INSTANCE=default-centos-8-master-py3 + # - env: INSTANCE=default-ubuntu-1804-3000-3-py3 + # - env: INSTANCE=default-debian-10-3000-3-py3 + - env: INSTANCE=default-debian-9-3000-3-py3 + - env: INSTANCE=default-centos-8-3000-3-py3 + # - env: INSTANCE=default-centos-7-3000-3-py3 + # - env: INSTANCE=default-ubuntu-1804-2019-2-py3 + # - env: INSTANCE=default-debian-10-2019-2-py3 + # - env: INSTANCE=default-debian-9-2019-2-py3 + # - env: INSTANCE=default-centos-8-2019-2-py3 + - env: INSTANCE=default-centos-7-2019-2-py3 + + ## Define the release stage that runs `semantic-release` + - stage: 'release' + language: 'node_js' + node_js: 'lts/*' + env: 'Release' + name: 'Run semantic-release inc. file updates to AUTHORS, CHANGELOG & FORMULA' + before_install: 'skip' + script: + # Update `AUTHORS.md` + - export MAINTAINER_TOKEN=${GH_TOKEN} + - go get github.com/myii/maintainer + - maintainer contributor + + # Install all dependencies required for `semantic-release` + - npm i -D @semantic-release/changelog@3 + @semantic-release/exec@3 + @semantic-release/git@7 + deploy: + provider: 'script' + # Opt-in to `dpl v2` to complete the Travis build config validation (beta) + # * https://docs.travis-ci.com/user/build-config-validation + # Deprecated `skip_cleanup` can now be avoided, `cleanup: false` is by default + edge: true + # Run `semantic-release` + script: 'npx semantic-release@15.14' diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..f8795dd --- /dev/null +++ b/.yamllint @@ -0,0 +1,37 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +# Extend the `default` configuration provided by `yamllint` +extends: default + +# Files to ignore completely +# 1. All YAML files under directory `node_modules/`, introduced during the Travis run +# 2. Any SLS files under directory `test/`, which are actually state files +# 3. Any YAML files under directory `.kitchen/`, introduced during local testing +ignore: | + node_modules/ + test/**/states/**/*.sls + .kitchen/ + +yaml-files: + # Default settings + - '*.yaml' + - '*.yml' + - .salt-lint + - .yamllint + # SaltStack Formulas additional settings + # Disabled due to use of jinja in example pillar + # - '*.example' + # - test/**/*.sls + +rules: + empty-values: + forbid-in-block-mappings: true + forbid-in-flow-mappings: true + line-length: + # Increase from default of `80` + # Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`) + max: 150 + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..3593ec1 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,40 @@ +# https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners + +# SECTION: Owner(s) for everything in the repo, unless a later match takes precedence +# FILE PATTERN OWNER(S) +* @NONE + +# SECTION: Owner(s) for specific directories +# FILE PATTERN OWNER(S) + +# SECTION: Owner(s) for files/directories related to `semantic-release` +# FILE PATTERN OWNER(S) +/.github/workflows/ @saltstack-formulas/ssf +/bin/kitchen @saltstack-formulas/ssf +/docs/AUTHORS.rst @saltstack-formulas/ssf +/docs/CHANGELOG.rst @saltstack-formulas/ssf +/docs/TOFS_pattern.rst @saltstack-formulas/ssf +/template/libsaltcli.jinja @saltstack-formulas/ssf +/template/libtofs.jinja @saltstack-formulas/ssf +/test/integration/**/inspec.yml @saltstack-formulas/ssf +/test/integration/**/README.md @saltstack-formulas/ssf +/.gitignore @saltstack-formulas/ssf +/.cirrus.yml @saltstack-formulas/ssf +/.rubocop.yml @saltstack-formulas/ssf +/.salt-lint @saltstack-formulas/ssf +/.travis.yml @saltstack-formulas/ssf +/.yamllint @saltstack-formulas/ssf +/AUTHORS.md @saltstack-formulas/ssf +/CHANGELOG.md @saltstack-formulas/ssf +/CODEOWNERS @saltstack-formulas/ssf +/commitlint.config.js @saltstack-formulas/ssf +/FORMULA @saltstack-formulas/ssf +/Gemfile @saltstack-formulas/ssf +/Gemfile.lock @saltstack-formulas/ssf +/kitchen.yml @saltstack-formulas/ssf +/pre-commit_semantic-release.sh @saltstack-formulas/ssf +/release-rules.js @saltstack-formulas/ssf +/release.config.js @saltstack-formulas/ssf + +# SECTION: Owner(s) for specific files +# FILE PATTERN OWNER(S) diff --git a/Gemfile b/Gemfile index 3b36de3..5a232b6 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,7 @@ -source "https://rubygems.org" +# frozen_string_literal: true + +source 'https://rubygems.org' gem 'kitchen-docker', '>= 2.9' -gem 'kitchen-salt', '>= 0.6.0' gem 'kitchen-inspec', '>= 1.1' - +gem 'kitchen-salt', '>= 0.6.0' diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..7679ba0 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,531 @@ +GEM + remote: https://rubygems.org/ + specs: + activesupport (5.2.4.3) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 0.7, < 2) + minitest (~> 5.1) + tzinfo (~> 1.1) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) + aws-eventstream (1.1.0) + aws-partitions (1.332.0) + aws-sdk-apigateway (1.46.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-apigatewayv2 (1.22.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-athena (1.28.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-autoscaling (1.22.0) + aws-sdk-core (~> 3, >= 3.52.1) + aws-sigv4 (~> 1.1) + aws-sdk-budgets (1.31.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudformation (1.38.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudfront (1.31.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudhsm (1.23.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudhsmv2 (1.24.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudtrail (1.24.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudwatch (1.39.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-cloudwatchlogs (1.32.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-codecommit (1.34.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-codedeploy (1.32.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-codepipeline (1.32.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-configservice (1.46.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-core (3.100.0) + aws-eventstream (~> 1, >= 1.0.2) + aws-partitions (~> 1, >= 1.239.0) + aws-sigv4 (~> 1.1) + jmespath (~> 1.0) + aws-sdk-costandusagereportservice (1.22.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-dynamodb (1.49.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-ec2 (1.168.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-ecr (1.31.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-ecs (1.65.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-efs (1.30.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-eks (1.38.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-elasticache (1.38.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-elasticbeanstalk (1.32.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-elasticloadbalancing (1.23.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-elasticloadbalancingv2 (1.45.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-elasticsearchservice (1.37.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-firehose (1.29.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-iam (1.40.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-kafka (1.22.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-kinesis (1.24.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-kms (1.34.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-lambda (1.44.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-organizations (1.17.0) + aws-sdk-core (~> 3, >= 3.39.0) + aws-sigv4 (~> 1.0) + aws-sdk-rds (1.87.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-redshift (1.44.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-route53 (1.38.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-route53domains (1.23.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-route53resolver (1.15.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-s3 (1.69.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sdk-kms (~> 1) + aws-sigv4 (~> 1.1) + aws-sdk-securityhub (1.27.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-ses (1.31.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-sms (1.21.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-sns (1.25.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-sqs (1.27.1) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sdk-ssm (1.82.0) + aws-sdk-core (~> 3, >= 3.99.0) + aws-sigv4 (~> 1.1) + aws-sigv4 (1.2.0) + aws-eventstream (~> 1, >= 1.0.2) + azure_graph_rbac (0.17.2) + ms_rest_azure (~> 0.12.0) + azure_mgmt_key_vault (0.17.6) + ms_rest_azure (~> 0.12.0) + azure_mgmt_resources (0.17.9) + ms_rest_azure (~> 0.12.0) + azure_mgmt_security (0.18.2) + ms_rest_azure (~> 0.12.0) + azure_mgmt_storage (0.21.1) + ms_rest_azure (~> 0.12.0) + bcrypt_pbkdf (1.0.1) + builder (3.2.4) + chef-config (16.2.44) + addressable + chef-utils (= 16.2.44) + fuzzyurl + mixlib-config (>= 2.2.12, < 4.0) + mixlib-shellout (>= 2.0, < 4.0) + tomlrb (~> 1.2) + chef-telemetry (1.0.8) + chef-config + concurrent-ruby (~> 1.0) + ffi-yajl (~> 2.2) + chef-utils (16.2.44) + coderay (1.1.3) + concurrent-ruby (1.1.6) + declarative (0.0.10) + declarative-option (0.1.0) + diff-lcs (1.3) + docker-api (1.34.2) + excon (>= 0.47.0) + multi_json + domain_name (0.5.20190701) + unf (>= 0.0.5, < 1.0.0) + ecma-re-validator (0.2.1) + regexp_parser (~> 1.2) + ed25519 (1.2.4) + equatable (0.6.1) + erubi (1.9.0) + excon (0.75.0) + faraday (0.17.3) + multipart-post (>= 1.2, < 3) + faraday-cookie_jar (0.0.6) + faraday (>= 0.7.4) + http-cookie (~> 1.0.0) + faraday_middleware (0.12.2) + faraday (>= 0.7.4, < 1.0) + ffi (1.13.1) + ffi-yajl (2.3.3) + libyajl2 (~> 1.2) + fuzzyurl (0.9.0) + google-api-client (0.34.1) + addressable (~> 2.5, >= 2.5.1) + googleauth (~> 0.9) + httpclient (>= 2.8.1, < 3.0) + mini_mime (~> 1.0) + representable (~> 3.0) + retriable (>= 2.0, < 4.0) + signet (~> 0.12) + googleauth (0.10.0) + faraday (~> 0.12) + jwt (>= 1.4, < 3.0) + memoist (~> 0.16) + multi_json (~> 1.11) + os (>= 0.9, < 2.0) + signet (~> 0.12) + gssapi (1.3.0) + ffi (>= 1.0.1) + gyoku (1.3.1) + builder (>= 2.1.2) + hana (1.3.6) + hashie (3.6.0) + htmlentities (4.3.4) + http-cookie (1.0.3) + domain_name (~> 0.5) + httpclient (2.8.3) + i18n (1.8.3) + concurrent-ruby (~> 1.0) + inifile (3.0.0) + inspec (4.20.10) + faraday_middleware (~> 0.12.2) + inspec-core (= 4.20.10) + train (~> 3.0) + train-aws (~> 0.1) + train-habitat (~> 0.1) + train-winrm (~> 0.2) + inspec-core (4.20.10) + addressable (~> 2.4) + chef-telemetry (~> 1.0) + faraday (>= 0.9.0) + hashie (~> 3.4) + htmlentities (~> 4.3) + json_schemer (~> 0.2.1) + license-acceptance (>= 0.2.13, < 2.0) + method_source (>= 0.8, < 2.0) + mixlib-log (~> 3.0) + multipart-post (~> 2.0) + parallel (~> 1.9) + parslet (~> 1.5) + pry (~> 0.13) + rspec (~> 3.9) + rspec-its (~> 1.2) + rubyzip (~> 1.2, >= 1.2.2) + semverse (~> 3.0) + sslshake (~> 1.2) + term-ansicolor (~> 1.7) + thor (>= 0.20, < 2.0) + tomlrb (~> 1.2.0) + train-core (~> 3.0) + tty-prompt (~> 0.17) + tty-table (~> 0.10) + jmespath (1.4.0) + json (2.3.0) + json_schemer (0.2.11) + ecma-re-validator (~> 0.2) + hana (~> 1.3) + regexp_parser (~> 1.5) + uri_template (~> 0.7) + jwt (2.2.1) + kitchen-docker (2.10.0) + test-kitchen (>= 1.0.0) + kitchen-inspec (2.0.0) + hashie (~> 3.4) + inspec (>= 2.2.64, < 5.0) + test-kitchen (>= 1.6, < 3) + kitchen-salt (0.6.3) + hashie (>= 3.5) + test-kitchen (>= 1.4) + libyajl2 (1.2.0) + license-acceptance (1.0.19) + pastel (~> 0.7) + tomlrb (~> 1.2) + tty-box (~> 0.3) + tty-prompt (~> 0.18) + little-plugger (1.1.4) + logging (2.2.2) + little-plugger (~> 1.1) + multi_json (~> 1.10) + memoist (0.16.2) + method_source (1.0.0) + mini_mime (1.0.2) + minitest (5.14.1) + mixlib-config (3.0.6) + tomlrb + mixlib-install (3.12.1) + mixlib-shellout + mixlib-versioning + thor + mixlib-log (3.0.8) + mixlib-shellout (3.0.9) + mixlib-versioning (1.2.12) + ms_rest (0.7.6) + concurrent-ruby (~> 1.0) + faraday (>= 0.9, < 2.0.0) + timeliness (~> 0.3.10) + ms_rest_azure (0.12.0) + concurrent-ruby (~> 1.0) + faraday (>= 0.9, < 2.0.0) + faraday-cookie_jar (~> 0.0.6) + ms_rest (~> 0.7.6) + multi_json (1.14.1) + multipart-post (2.1.1) + necromancer (0.5.1) + net-scp (3.0.0) + net-ssh (>= 2.6.5, < 7.0.0) + net-ssh (6.1.0) + net-ssh-gateway (2.0.0) + net-ssh (>= 4.0.0) + nori (2.6.0) + os (1.1.0) + parallel (1.19.2) + parslet (1.8.2) + pastel (0.7.4) + equatable (~> 0.6) + tty-color (~> 0.5) + pry (0.13.1) + coderay (~> 1.1) + method_source (~> 1.0) + public_suffix (4.0.5) + regexp_parser (1.7.1) + representable (3.0.4) + declarative (< 0.1.0) + declarative-option (< 0.2.0) + uber (< 0.2.0) + retriable (3.1.2) + rspec (3.9.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-core (3.9.2) + rspec-support (~> 3.9.3) + rspec-expectations (3.9.2) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-its (1.3.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.9.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.9.0) + rspec-support (3.9.3) + rubyntlm (0.6.2) + rubyzip (1.3.0) + semverse (3.0.0) + signet (0.14.0) + addressable (~> 2.3) + faraday (>= 0.17.3, < 2.0) + jwt (>= 1.5, < 3.0) + multi_json (~> 1.10) + sslshake (1.3.1) + strings (0.1.8) + strings-ansi (~> 0.1) + unicode-display_width (~> 1.5) + unicode_utils (~> 1.4) + strings-ansi (0.2.0) + sync (0.5.0) + term-ansicolor (1.7.1) + tins (~> 1.0) + test-kitchen (2.5.2) + bcrypt_pbkdf (~> 1.0) + ed25519 (~> 1.2) + license-acceptance (~> 1.0, >= 1.0.11) + mixlib-install (~> 3.6) + mixlib-shellout (>= 1.2, < 4.0) + net-scp (>= 1.1, < 4.0) + net-ssh (>= 2.9, < 7.0) + net-ssh-gateway (>= 1.2, < 3.0) + thor (>= 0.19, < 2.0) + winrm (~> 2.0) + winrm-elevated (~> 1.0) + winrm-fs (~> 1.1) + thor (1.0.1) + thread_safe (0.3.6) + timeliness (0.3.10) + tins (1.25.0) + sync + tomlrb (1.2.9) + train (3.3.1) + activesupport (>= 5.2.4.3, < 6.0.0) + azure_graph_rbac (~> 0.16) + azure_mgmt_key_vault (~> 0.17) + azure_mgmt_resources (~> 0.15) + azure_mgmt_security (~> 0.18) + azure_mgmt_storage (~> 0.18) + docker-api (~> 1.26) + google-api-client (>= 0.23.9, < 0.35.0) + googleauth (>= 0.6.6, < 0.11.0) + inifile (~> 3.0) + train-core (= 3.3.1) + train-winrm (~> 0.2) + train-aws (0.1.17) + aws-sdk-apigateway (~> 1.0) + aws-sdk-apigatewayv2 (~> 1.0) + aws-sdk-athena (~> 1.0) + aws-sdk-autoscaling (~> 1.22.0) + aws-sdk-budgets (~> 1.0) + aws-sdk-cloudformation (~> 1.0) + aws-sdk-cloudfront (~> 1.0) + aws-sdk-cloudhsm (~> 1.0) + aws-sdk-cloudhsmv2 (~> 1.0) + aws-sdk-cloudtrail (~> 1.8) + aws-sdk-cloudwatch (~> 1.13) + aws-sdk-cloudwatchlogs (~> 1.13) + aws-sdk-codecommit (~> 1.0) + aws-sdk-codedeploy (~> 1.0) + aws-sdk-codepipeline (~> 1.0) + aws-sdk-configservice (~> 1.21) + aws-sdk-core (~> 3.0) + aws-sdk-costandusagereportservice (~> 1.6) + aws-sdk-dynamodb (~> 1.31) + aws-sdk-ec2 (~> 1.70) + aws-sdk-ecr (~> 1.18) + aws-sdk-ecs (~> 1.30) + aws-sdk-efs (~> 1.0) + aws-sdk-eks (~> 1.9) + aws-sdk-elasticache (~> 1.0) + aws-sdk-elasticbeanstalk (~> 1.0) + aws-sdk-elasticloadbalancing (~> 1.8) + aws-sdk-elasticloadbalancingv2 (~> 1.0) + aws-sdk-elasticsearchservice (~> 1.0) + aws-sdk-firehose (~> 1.0) + aws-sdk-iam (~> 1.13) + aws-sdk-kafka (~> 1.0) + aws-sdk-kinesis (~> 1.0) + aws-sdk-kms (~> 1.13) + aws-sdk-lambda (~> 1.0) + aws-sdk-organizations (~> 1.17.0) + aws-sdk-rds (~> 1.43) + aws-sdk-redshift (~> 1.0) + aws-sdk-route53 (~> 1.0) + aws-sdk-route53domains (~> 1.0) + aws-sdk-route53resolver (~> 1.0) + aws-sdk-s3 (~> 1.30) + aws-sdk-securityhub (~> 1.0) + aws-sdk-ses (~> 1.0) + aws-sdk-sms (~> 1.0) + aws-sdk-sns (~> 1.9) + aws-sdk-sqs (~> 1.10) + aws-sdk-ssm (~> 1.0) + train-core (3.3.1) + addressable (~> 2.5) + ffi (!= 1.13.0) + json (>= 1.8, < 3.0) + mixlib-shellout (>= 2.0, < 4.0) + net-scp (>= 1.2, < 4.0) + net-ssh (>= 2.9, < 7.0) + train-habitat (0.2.13) + train-winrm (0.2.6) + winrm (~> 2.0) + winrm-fs (~> 1.0) + tty-box (0.5.0) + pastel (~> 0.7.2) + strings (~> 0.1.6) + tty-cursor (~> 0.7) + tty-color (0.5.1) + tty-cursor (0.7.1) + tty-prompt (0.21.0) + necromancer (~> 0.5.0) + pastel (~> 0.7.0) + tty-reader (~> 0.7.0) + tty-reader (0.7.0) + tty-cursor (~> 0.7) + tty-screen (~> 0.7) + wisper (~> 2.0.0) + tty-screen (0.8.0) + tty-table (0.11.0) + equatable (~> 0.6) + necromancer (~> 0.5) + pastel (~> 0.7.2) + strings (~> 0.1.5) + tty-screen (~> 0.7) + tzinfo (1.2.7) + thread_safe (~> 0.1) + uber (0.1.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.7.7) + unicode-display_width (1.7.0) + unicode_utils (1.4.0) + uri_template (0.7.0) + winrm (2.3.4) + builder (>= 2.1.2) + erubi (~> 1.8) + gssapi (~> 1.2) + gyoku (~> 1.0) + httpclient (~> 2.2, >= 2.2.0.2) + logging (>= 1.6.1, < 3.0) + nori (~> 2.0) + rubyntlm (~> 0.6.0, >= 0.6.1) + winrm-elevated (1.2.1) + erubi (~> 1.8) + winrm (~> 2.0) + winrm-fs (~> 1.0) + winrm-fs (1.3.3) + erubi (~> 1.8) + logging (>= 1.6.1, < 3.0) + rubyzip (~> 1.1) + winrm (~> 2.0) + wisper (2.0.1) + +PLATFORMS + ruby + +DEPENDENCIES + kitchen-docker (>= 2.9) + kitchen-inspec (>= 1.1) + kitchen-salt (>= 0.6.0) + +BUNDLED WITH + 2.1.4 diff --git a/commitlint.config.js b/commitlint.config.js new file mode 100644 index 0000000..2f9d1aa --- /dev/null +++ b/commitlint.config.js @@ -0,0 +1,3 @@ +module.exports = { + extends: ['@commitlint/config-conventional'], +}; diff --git a/README.rst b/docs/README.rst similarity index 68% rename from README.rst rename to docs/README.rst index 4404d03..6bdf824 100644 --- a/README.rst +++ b/docs/README.rst @@ -1,11 +1,18 @@ +.. _readme: + zeek-formula ============ -|img_travis| +|img_travis| |img_sr| .. |img_travis| image:: https://travis-ci.com/saltstack-formulas/zeek-formula.svg?branch=master :alt: Travis CI Build Status :scale: 100% + :target: https://travis-ci.com/saltstack-formulas/zeek-formula +.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg + :alt: Semantic Release + :scale: 100% + :target: https://github.com/semantic-release/semantic-release A saltstack formula to install the Zeek Network Security Monitor on RHEL or Debian based systems. @@ -28,12 +35,25 @@ Compile a custom Zeek package using the guide `RPM package creation for ZEEK IDS General notes ------------- -.. note:: +See the full `SaltStack Formulas installation and usage instructions +`_. + +If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section +`_. + +If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``, +which contains the currently released version. This formula is versioned according to `Semantic Versioning `_. + +See `Formula Versioning Section `_ for more details. + +If you need (non-default) configuration, please pay attention to the ``pillar.example`` file and/or `Special notes`_ section. + +Contributing +------------ - The ``FORMULA`` file, contains information about the version of this formula, tested OS and OS families, and the minimum tested version of salt. +**Commit message formatting is significant!!** - See the full `Salt Formulas installation and usage instructions - `_. +Please see `How to contribute `_ for more details. Available states ---------------- diff --git a/pillar.example b/pillar.example index c99cf4a..503ba34 100644 --- a/pillar.example +++ b/pillar.example @@ -6,7 +6,7 @@ zeek: lookup: package: {% if grains['os_family'] == 'RedHat' %} - install_type: 'package' # Install type can be package or local (support for tarball not implemented) + install_type: 'package' # Install type can be package or local (support for tarball not implemented) local_package: # Can be multiple packages like zeek, zeekctl, zeekccoli etc. - pack_id: 'zeek-full' package: 'zeek-lts-3.0.7-1.2.x86_64' # Custom package to be deployed @@ -28,7 +28,7 @@ zeek: {% endif %} skip_verify: '0' {% elif grains['os_family'] == 'Debian' %} - install_type: 'package' # Install type can be package (support for tarball or local not implemented) + install_type: 'package' # Install type can be package (support for tarball or local not implemented) use_repo: 'True' # Debian 9 does not require an external repo {% if grains['osmajorrelease'] == 9 %} package: @@ -54,7 +54,7 @@ zeek: zeek: use_ZeekPKG: 'True' # Use zeek-pkg to manage plugins (requird for plugins such as af_packet etc) python_pip_cmd: '/usr/bin/pip3' # Use pip3 to install zeekPKG - addon_plugins: # List of plugins to install if zeek-pkg is enabled + addon_plugins: # List of plugins to install if zeek-pkg is enabled - plugin: 'zeek-af_packet-plugin' # af_packet is required when use_afpacket == True MailTo: 'root@localhost' # Recipient address for all emails sent out by Zeek and ZeekControl SendMail: '/sbin/sendmail' # Path to sendmail binary @@ -69,7 +69,7 @@ zeek: CrashExpireInterval: '0' # Number of days that crash directories are kept SitePolicyScripts: 'local.zeek' # Site-specific policy script to load base_dir: '/opt/zeek' # /opt/zeek is default for yum package install - mode: 'lb_cluster' # Mode can be standalone or lb_cluster (load balanced cluster) + mode: 'lb_cluster' # Mode can be standalone or lb_cluster (load balanced cluster) use_pfring: 'False' # If pf_ring is installed set this to True. Must use "pf_ring" lb_method use_afpacket: 'False' # If you use AF_PACKET set this to True. Must use "custom" lb_method and use_ZeekPKG set to True lb_method: 'custom' # Load balancer type ("pf_ring" or "custom" are supported) @@ -82,7 +82,7 @@ zeek: use_sendmail: 'False' # Use sendmail(needs sendmail/postfix to be installed) relayhost: 'mail.domain.tld' # Send email to a relay host interfaces: - ip_binary_path: '/sbin/ip' # path to ip binary for managing + ip_binary_path: '/sbin/ip' # path to ip binary for managing management: 'eth0' # Management interface name eth0, ens192, etc capture: enable: 'True' diff --git a/pre-commit_semantic-release.sh b/pre-commit_semantic-release.sh new file mode 100755 index 0000000..ba80535 --- /dev/null +++ b/pre-commit_semantic-release.sh @@ -0,0 +1,30 @@ +#!/bin/sh + +############################################################################### +# (A) Update `FORMULA` with `${nextRelease.version}` +############################################################################### +sed -i -e "s_^\(version:\).*_\1 ${1}_" FORMULA + + +############################################################################### +# (B) Use `m2r` to convert automatically produced `.md` docs to `.rst` +############################################################################### + +# Install `m2r` +sudo -H pip install m2r + +# Copy and then convert the `.md` docs +cp ./*.md docs/ +cd docs/ || exit +m2r --overwrite ./*.md + +# Change excess `H1` headings to `H2` in converted `CHANGELOG.rst` +sed -i -e '/^=.*$/s/=/-/g' CHANGELOG.rst +sed -i -e '1,4s/-/=/g' CHANGELOG.rst + +# Use for debugging output, when required +# cat AUTHORS.rst +# cat CHANGELOG.rst + +# Return back to the main directory +cd .. diff --git a/release-rules.js b/release-rules.js new file mode 100644 index 0000000..c63c850 --- /dev/null +++ b/release-rules.js @@ -0,0 +1,18 @@ +// No release is triggered for the types commented out below. +// Commits using these types will be incorporated into the next release. +// +// NOTE: Any changes here must be reflected in `CONTRIBUTING.md`. +module.exports = [ + {breaking: true, release: 'major'}, + // {type: 'build', release: 'patch'}, + // {type: 'chore', release: 'patch'}, + // {type: 'ci', release: 'patch'}, + {type: 'docs', release: 'patch'}, + {type: 'feat', release: 'minor'}, + {type: 'fix', release: 'patch'}, + {type: 'perf', release: 'patch'}, + {type: 'refactor', release: 'patch'}, + {type: 'revert', release: 'patch'}, + {type: 'style', release: 'patch'}, + {type: 'test', release: 'patch'}, +]; diff --git a/release.config.js b/release.config.js new file mode 100644 index 0000000..6af7aa8 --- /dev/null +++ b/release.config.js @@ -0,0 +1,106 @@ +module.exports = { + branch: 'master', + plugins: [ + ['@semantic-release/commit-analyzer', { + preset: 'angular', + releaseRules: './release-rules.js', + }], + '@semantic-release/release-notes-generator', + ['@semantic-release/changelog', { + changelogFile: 'CHANGELOG.md', + changelogTitle: '# Changelog', + }], + ['@semantic-release/exec', { + prepareCmd: 'sh ./pre-commit_semantic-release.sh ${nextRelease.version}', + }], + ['@semantic-release/git', { + assets: ['*.md', 'docs/*.rst', 'FORMULA'], + }], + '@semantic-release/github', + ], + generateNotes: { + preset: 'angular', + writerOpts: { + // Required due to upstream bug preventing all types being displayed. + // Bug: https://github.com/conventional-changelog/conventional-changelog/issues/317 + // Fix: https://github.com/conventional-changelog/conventional-changelog/pull/410 + transform: (commit, context) => { + const issues = [] + + commit.notes.forEach(note => { + note.title = `BREAKING CHANGES` + }) + + // NOTE: Any changes here must be reflected in `CONTRIBUTING.md`. + if (commit.type === `feat`) { + commit.type = `Features` + } else if (commit.type === `fix`) { + commit.type = `Bug Fixes` + } else if (commit.type === `perf`) { + commit.type = `Performance Improvements` + } else if (commit.type === `revert`) { + commit.type = `Reverts` + } else if (commit.type === `docs`) { + commit.type = `Documentation` + } else if (commit.type === `style`) { + commit.type = `Styles` + } else if (commit.type === `refactor`) { + commit.type = `Code Refactoring` + } else if (commit.type === `test`) { + commit.type = `Tests` + } else if (commit.type === `build`) { + commit.type = `Build System` + // } else if (commit.type === `chore`) { + // commit.type = `Maintenance` + } else if (commit.type === `ci`) { + commit.type = `Continuous Integration` + } else { + return + } + + if (commit.scope === `*`) { + commit.scope = `` + } + + if (typeof commit.hash === `string`) { + commit.shortHash = commit.hash.substring(0, 7) + } + + if (typeof commit.subject === `string`) { + let url = context.repository + ? `${context.host}/${context.owner}/${context.repository}` + : context.repoUrl + if (url) { + url = `${url}/issues/` + // Issue URLs. + commit.subject = commit.subject.replace(/#([0-9]+)/g, (_, issue) => { + issues.push(issue) + return `[#${issue}](${url}${issue})` + }) + } + if (context.host) { + // User URLs. + commit.subject = commit.subject.replace(/\B@([a-z0-9](?:-?[a-z0-9/]){0,38})/g, (_, username) => { + if (username.includes('/')) { + return `@${username}` + } + + return `[@${username}](${context.host}/${username})` + }) + } + } + + // remove references that already appear in the subject + commit.references = commit.references.filter(reference => { + if (issues.indexOf(reference.issue) === -1) { + return true + } + + return false + }) + + return commit + }, + }, + }, +}; diff --git a/test/integration/default/controls/config_spec.rb b/test/integration/default/controls/config_spec.rb index 9324ef1..c73f88f 100644 --- a/test/integration/default/controls/config_spec.rb +++ b/test/integration/default/controls/config_spec.rb @@ -1,4 +1,6 @@ -#override by OS +# frozen_string_literal: true + +# Override by OS if os.family == 'redhat' file_name = '/opt/zeek/etc/node.cfg' elsif os.family == 'debian' diff --git a/test/integration/default/controls/ldconfig_spec.rb b/test/integration/default/controls/ldconfig_spec.rb index 84867bf..36d0232 100644 --- a/test/integration/default/controls/ldconfig_spec.rb +++ b/test/integration/default/controls/ldconfig_spec.rb @@ -1,3 +1,6 @@ +# frozen_string_literal: true + +# Check for specific OS if os.family == 'redhat' control 'zeek library configuration' do title 'should match desired lines' diff --git a/test/integration/default/controls/packages_spec.rb b/test/integration/default/controls/packages_spec.rb index 57a86c5..1ec8ddd 100644 --- a/test/integration/default/controls/packages_spec.rb +++ b/test/integration/default/controls/packages_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + # Overide by OS if os.family == 'redhat' if os[:release].start_with?('8') diff --git a/test/integration/default/controls/services_spec.rb b/test/integration/default/controls/services_spec.rb index bfcc6ee..5f0a455 100644 --- a/test/integration/default/controls/services_spec.rb +++ b/test/integration/default/controls/services_spec.rb @@ -1,8 +1,8 @@ +# frozen_string_literal: true + # Overide by OS service_name = 'zeek' -if os[:name] == 'centos' and os[:release].start_with?('7') - service_name = 'zeek' -end +service_name = 'zeek' if (os[:name] == 'centos') && os[:release].start_with?('7') control 'zeek service' do impact 0.5 diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml index d69d527..a12dcff 100644 --- a/test/integration/default/inspec.yml +++ b/test/integration/default/inspec.yml @@ -1,3 +1,6 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- name: default title: zeek formula maintainer: SaltStack Formulas diff --git a/test/salt/pillar/default.sls b/test/salt/pillar/default.sls index d87cd94..fa23901 100644 --- a/test/salt/pillar/default.sls +++ b/test/salt/pillar/default.sls @@ -1,12 +1,12 @@ # -*- coding: utf-8 -*- # vim: ft=yaml - +--- # ZEEK docs https://www.zeek.org/documentation/index.html zeek: lookup: package: {% if grains['os_family'] == 'RedHat' %} - install_type: 'package' # Install type can be package or local (support for tarball not implemented) + install_type: 'package' # Install type can be package or local (support for tarball not implemented) local_package: # Can be multiple packages like zeek, zeekctl, zeekccoli etc. - pack_id: 'zeek-full' package: 'zeek-lts-3.0.7-1.2.x86_64' # Custom package to be deployed @@ -28,7 +28,7 @@ zeek: {% endif %} skip_verify: '0' {% elif grains['os_family'] == 'Debian' %} - install_type: 'package' # Install type can be package (support for tarball or local not implemented) + install_type: 'package' # Install type can be package (support for tarball or local not implemented) use_repo: 'True' # Debian 9 does not require an external repo {% if grains['osmajorrelease'] == 9 %} package: @@ -54,7 +54,7 @@ zeek: zeek: use_ZeekPKG: 'True' # Use zeek-pkg to manage plugins (requird for plugins such as af_packet etc) python_pip_cmd: '/usr/bin/pip3' # Use pip3 to install zeekPKG - addon_plugins: # List of plugins to install if zeek-pkg is enabled + addon_plugins: # List of plugins to install if zeek-pkg is enabled - plugin: 'zeek-af_packet-plugin' # af_packet is required when use_afpacket == True MailTo: 'root@localhost' # Recipient address for all emails sent out by Zeek and ZeekControl SendMail: '/sbin/sendmail' # Path to sendmail binary @@ -69,7 +69,7 @@ zeek: CrashExpireInterval: '0' # Number of days that crash directories are kept SitePolicyScripts: 'local.zeek' # Site-specific policy script to load base_dir: '/opt/zeek' # /opt/zeek is default for yum package install - mode: 'standalone' # Mode can be standalone or lb_cluster (load balanced cluster) + mode: 'standalone' # Mode can be standalone or lb_cluster (load balanced cluster) use_pfring: 'False' # If pf_ring is installed set this to True. Must use "pf_ring" lb_method use_afpacket: 'True' # If you use AF_PACKET set this to True. Must use "custom" lb_method and use_ZeekPKG set to True lb_method: 'custom' # Load balancer type ("pf_ring" or "custom" are supported) @@ -84,7 +84,7 @@ zeek: use_sendmail: 'False' # Use sendmail(needs sendmail/postfix to be installed) relayhost: 'mail.domain.tld' # Send email to a relay host interfaces: - ip_binary_path: '/sbin/ip' # path to ip binary for managing + ip_binary_path: '/sbin/ip' # path to ip binary for managing management: 'eth0' # Management interface name capture: enable: 'False' diff --git a/zeek/init.sls b/zeek/init.sls index 06ab6bf..0d586c1 100644 --- a/zeek/init.sls +++ b/zeek/init.sls @@ -7,7 +7,7 @@ include: - .zeek-package - .zeek-config - .zeek-bpfconf - - .zeek-sendmail + - .zeek-sendmail - .zeek-service - .zeek-syslog - .zeek-zeekpkg diff --git a/zeek/map.jinja b/zeek/map.jinja index 024718e..5715266 100644 --- a/zeek/map.jinja +++ b/zeek/map.jinja @@ -40,50 +40,50 @@ 'use_rsyslog': 'True', 'target': 'esnode00.alias454.local', 'port': '13514', - 'protocol': 'tcp', + 'protocol': 'tcp' }, 'bpf': { 'use_BPFconf': 'True', - 'bpf_rules': [], + 'bpf_rules': [] }, 'optional': { 'use_LibgeoIP': 'False', 'use_sendmail': 'False', - 'relayhost': 'mail.domain.tld', + 'relayhost': 'mail.domain.tld' }, 'interfaces': { 'ip_binary_path': '/sbin/ip', 'management': 'eth0', - 'capture': + 'capture': { 'enable': 'False', 'device_names': 'eth1', 'enable_tx': '0', - 'min_num_slots': '4096', - }, - }, - }, + 'min_num_slots': '4096' + } + } + } }, 'zeek00': - { + { 'zeek': { 'interfaces': { 'management': 'eth0', - 'capture': + 'capture': { 'enable': 'True', 'device_names': 'eth1', 'enable_tx': '0', - 'min_num_slots': '32768', - }, - }, - }, - }, + 'min_num_slots': '32768' + } + } + } + } }, grain='host', base='default') %} # Get settings for os_family @@ -101,7 +101,7 @@ ], 'skip_verify': '0', 'repo_baseurl': 'http://download.opensuse.org/repositories/security:/zeek/CentOS_7/', - 'repo_gpgkey': 'http://download.opensuse.org/repositories/security:/zeek/CentOS_7/repodata/repomd.xml.key', + 'repo_gpgkey': 'http://download.opensuse.org/repositories/security:/zeek/CentOS_7/repodata/repomd.xml.key' } }, 'Debian': @@ -117,11 +117,11 @@ ], 'skip_verify': '0', 'repo_baseurl': 'deb http://download.opensuse.org/repositories/security:/zeek/Debian_9.0/ /', - 'repo_gpgkey': 'https://download.opensuse.org/repositories/security:zeek/Debian_9.0/Release.key', + 'repo_gpgkey': 'https://download.opensuse.org/repositories/security:zeek/Debian_9.0/Release.key' } } } %} -{% set os_map = os_lookup.get(grains.os_family, {}) %} +{% set os_map = os_lookup.get(grains.os_family, {}) %} # update the default config with os specific settings {% do default_config.update(os_map) %} diff --git a/zeek/zeek-config.sls b/zeek/zeek-config.sls index 17cbe5a..dcb689b 100644 --- a/zeek/zeek-config.sls +++ b/zeek/zeek-config.sls @@ -61,7 +61,7 @@ group-manage-zeek: 10.0.0.0/8 Private IP space 172.16.0.0/12 Private IP space 192.168.0.0/16 Private IP space - + # Configure network options {% if config.zeek.interfaces.capture.enable == 'True' %} network_configure_{{ config.zeek.interfaces.capture.device_names }}: @@ -105,7 +105,7 @@ network_configure_{{ config.zeek.interfaces.capture.device_names }}: [Install] WantedBy=multi-user.target - + # Manage systemd unit file to control zeek # https://gist.github.com/JustinAzoff/db71b901b1070a88f2d72738bf212749 /usr/lib/systemd/system/zeek.service: diff --git a/zeek/zeek-prereqs.sls b/zeek/zeek-prereqs.sls index f98bd32..7800119 100644 --- a/zeek/zeek-prereqs.sls +++ b/zeek/zeek-prereqs.sls @@ -36,7 +36,7 @@ command-add-libpcap-devel-zeek: # It must be configured at compile time. # In most cases this will not be an issue # One can do GeoIP lookups further upstream - + # Install GeoIP on RHEL based systems {% if config.zeek.optional.use_LibgeoIP == 'True' %} package-install-LibgeoIP-zeek: diff --git a/zeek/zeek-service.sls b/zeek/zeek-service.sls index 0724924..00dff7f 100644 --- a/zeek/zeek-service.sls +++ b/zeek/zeek-service.sls @@ -7,7 +7,7 @@ systemd-reload-zeek: cmd.run: - name: systemctl --system daemon-reload - - onchanges: + - onchanges: - file: /usr/lib/systemd/system/zeek.service # Make sure zeek service is running and restart the service diff --git a/zeek/zeek-syslog.sls b/zeek/zeek-syslog.sls index ad3e28c..7b77126 100644 --- a/zeek/zeek-syslog.sls +++ b/zeek/zeek-syslog.sls @@ -17,7 +17,7 @@ zeek_rsyslog_config: {% if salt.grains.get('os_family') == 'RedHat' %} command-semanage-{{ config.zeek.logging.protocol }}-{{ config.zeek.logging.port }}-rsyslog-port: cmd.run: - - name: semanage port -a -t syslogd_port_t -p {{ config.zeek.logging.protocol }} {{ config.zeek.logging.port }} + - name: semanage port -a -t syslogd_port_t -p {{ config.zeek.logging.protocol }} {{ config.zeek.logging.port }} - unless: semanage port -l |grep syslog |grep {{ config.zeek.logging.port }} - require-in: - service: service-rsyslog-zeek From 55b42b4b3a16dcb196493855bee4ed883100879d Mon Sep 17 00:00:00 2001 From: bkeep Date: Mon, 22 Jun 2020 22:13:25 -0500 Subject: [PATCH 2/2] fix: update spacing issue for alt tag --- docs/README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.rst b/docs/README.rst index 6bdf824..b75a2a7 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -10,7 +10,7 @@ zeek-formula :scale: 100% :target: https://travis-ci.com/saltstack-formulas/zeek-formula .. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg - :alt: Semantic Release + :alt: Semantic Release :scale: 100% :target: https://github.com/semantic-release/semantic-release