Merge pull request #12192 from Security-Onion-Solutions/needsrestarted

Needsrestarted
Security-Onion-Solutions · Jan 16, 2024 · 38965cc · 38965cc
2 parents 790f517 + eeb249e
commit 38965cc
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 13 deletions.
diff --git a/salt/common/init.sls b/salt/common/init.sls
@@ -179,6 +179,14 @@ so-status_check_cron:
     - month: '*'
     - dayweek: '*'
 
+# This cronjob/script runs a check if the node needs restarted, but should be used for future status checks as well
+common_status_check_cron:
+  cron.present:
+    - name: '/usr/sbin/so-common-status-check > /dev/null 2>&1'
+    - identifier: common_status_check
+    - user: root
+    - minute: '*/10'
+
 remove_post_setup_cron:
   cron.absent:
     - name: 'PATH=$PATH:/usr/sbin salt-call state.highstate'

diff --git a/salt/common/tools/sbin/so-common-status-check b/salt/common/tools/sbin/so-common-status-check
@@ -0,0 +1,52 @@
+#!/usr/bin/env python3
+
+# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
+# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
+# https://securityonion.net/license; you may not use this file except in compliance with the
+# Elastic License 2.0.
+
+import sys
+import subprocess
+import os
+
+sys.path.append('/opt/saltstack/salt/lib/python3.10/site-packages/')
+import salt.config
+import salt.loader
+
+__opts__ = salt.config.minion_config('/etc/salt/minion')
+__grains__ = salt.loader.grains(__opts__)
+
+def check_needs_restarted():
+  osfam = __grains__['os_family']
+  val = '0'
+  outfile = "/opt/so/log/sostatus/needs_restarted"
+
+  if osfam == 'Debian':
+    if os.path.exists('/var/run/reboot-required'):
+      val = '1'
+  elif osfam == 'RedHat':
+    cmd = 'needs-restarting -r > /dev/null 2>&1'
+    try:
+      needs_restarting = subprocess.check_call(cmd, shell=True)
+    except subprocess.CalledProcessError:
+      val = '1'
+  else:
+    fail("Unsupported OS")
+
+  with open(outfile, 'w') as f:
+    f.write(val)
+
+def fail(msg):
+  print(msg, file=sys.stderr)
+  sys.exit(1)
+
+
+def main():
+  proc = subprocess.run(['id', '-u'], stdout=subprocess.PIPE, encoding="utf-8")
+  if proc.stdout.strip() != "0":
+    fail("This program must be run as root")
+
+  check_needs_restarted()
+
+if __name__ == "__main__":
+  main()
diff --git a/salt/telegraf/scripts/os.sh b/salt/telegraf/scripts/os.sh
@@ -8,19 +8,7 @@
 # if this script isn't already running
 if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
 
-    NEEDS_RESTART=0
-
-    if which needs-restarting &> /dev/null; then
-        # DNF/RPM family
-        if ! needs-restarting -r &> /dev/null; then
-            NEEDS_RESTART=1
-        fi
-    else
-        # APT family
-        if [ -f /var/run/reboot-required ]; then
-            NEEDS_RESTART=1
-        fi
-    fi
+    NEEDS_RESTART=$(cat /var/log/sostatus/needs_restarted)
 
     echo "os restart=$NEEDS_RESTART"