Salt issue

276 views
Skip to first unread message

Michael Bower

unread,
Aug 27, 2014, 12:08:45 PM8/27/14
to securit...@googlegroups.com
Im trying to get Salt up and running am Im seeing an issue running sudo salt '*' state.highstate. 6/11 fail with "does not exist on the salt fileserver in saltenv 'base'"

Mike

----------
ID: sudoers
Function: file.append
Name: /etc/sudoers
Result: True
Comment: Appended 0 lines
Changes:
----------
ID: sensor
Function: pkgrepo.managed
Name: deb http://ppa.launchpad.net/securityonion/stable/ubuntu precise main
Result: True
Comment: Package repo 'deb http://ppa.launchpad.net/securityonion/stable/ubuntu precise main' already configured
Changes:
----------
ID: securityonion-sensor
Function: pkg.installed
Result: True
Comment: Package securityonion-sensor is already installed
Changes:
----------
ID: rule-sync
Function: file.recurse
Name: /etc/nsm/rules
Result: False
Comment: The directory 'salt://sensor/rules' does not exist on the salt fileserver in saltenv 'base'
Changes:
---------
ID: restart-ids
Function: cmd.wait
Name: /usr/sbin/nsm_sensor_ps-restart --only-snort-alert
Result: False
Comment: One or more requisite failed
Changes:
----------
ID: restart-barnyard
Function: cmd.wait
Name: /usr/sbin/nsm_sensor_ps-restart --only-barnyard2
Result: False
Comment: One or more requisite failed
Changes:
----------
ID: bro-rules-sync
Function: file.recurse
Name: /opt/bro/share/bro/policy
Result: False
Comment: The directory 'salt://sensor/bro/policy' does not exist on the salt fileserver in saltenv 'base'
Changes:
----------
ID: ossec-sync
Function: file.recurse
Name: /var/ossec/rules
Result: False
Comment: The directory 'salt://sensor/ossec' does not exist on the salt fileserver in saltenv 'base'
Changes:
----------
ID: restart-ossec
Function: cmd.wait
Name: service ossec-hids-server restart
Result: False
Comment: One or more requisite failed
Changes:
----------
ID: /etc/cron.d/rule-update
Function: file.absent
Result: True
Comment: File /etc/cron.d/rule-update is not present
Changes:
----------
ID: cron-update-salt-checkin
Function: file.managed
Name: /etc/cron.d/salt-update
Result: True
Comment: File /etc/cron.d/salt-update is in the correct state
Changes:

Summary
------------
Succeeded: 5
Failed: 6
------------
Total: 11

Doug Burks

unread,
Aug 27, 2014, 12:50:16 PM8/27/14
to securit...@googlegroups.com
Hi Mike,

I assume that these errors are from a sensor?

On your master server, please run "sudo salt '*' state.highstate" a
couple of times and see if it completes without error. If so, then
try your sensor again.
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



--
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com

Michael Bower

unread,
Aug 27, 2014, 12:56:06 PM8/27/14
to securit...@googlegroups.com
Sorry, forgot to mention I was running that from the master.

Mike

Doug Burks

unread,
Aug 27, 2014, 1:04:46 PM8/27/14
to securit...@googlegroups.com
What is the output of the following?

sudo service salt-master status

sudo service salt-minion status

Michael Bower

unread,
Aug 27, 2014, 1:17:53 PM8/27/14
to securit...@googlegroups.com
Doug, here is the output:

salt-master start/running, process 6508
salt-minion start/running, process 17621

Doug Burks

unread,
Aug 27, 2014, 1:31:29 PM8/27/14
to securit...@googlegroups.com
OK, can you go ahead and run "sudo salt '*' state.highstate" a couple
of times and see if it does anything different?

If not, please try running "sudo salt-call state.highstate" a few
times and see if it does anything different.

Michael Bower

unread,
Aug 27, 2014, 1:41:42 PM8/27/14
to securit...@googlegroups.com
Fails in the same spot. The output is from a sensor.

[INFO    ] Loading fresh modules for state activity
[INFO    ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://top.sls'
[INFO    ] Creating module dir '/var/cache/salt/minion/extmods/modules'
[INFO    ] Syncing modules for environment 'base'
[INFO    ] Loading cache from salt://_modules, for base)
[INFO    ] Caching directory '_modules/' for environment 'base'
[INFO    ] Creating module dir '/var/cache/salt/minion/extmods/states'
[INFO    ] Syncing states for environment 'base'
[INFO    ] Loading cache from salt://_states, for base)
[INFO    ] Caching directory '_states/' for environment 'base'
[INFO    ] Creating module dir '/var/cache/salt/minion/extmods/grains'
[INFO    ] Syncing grains for environment 'base'
[INFO    ] Loading cache from salt://_grains, for base)
[INFO    ] Caching directory '_grains/' for environment 'base'
[INFO    ] Creating module dir '/var/cache/salt/minion/extmods/renderers'
[INFO    ] Syncing renderers for environment 'base'
[INFO    ] Loading cache from salt://_renderers, for base)
[INFO    ] Caching directory '_renderers/' for environment 'base'
[INFO    ] Creating module dir '/var/cache/salt/minion/extmods/returners'
[INFO    ] Syncing returners for environment 'base'
[INFO    ] Loading cache from salt://_returners, for base)
[INFO    ] Caching directory '_returners/' for environment 'base'
[INFO    ] Creating module dir '/var/cache/salt/minion/extmods/outputters'
[INFO    ] Syncing outputters for environment 'base'
[INFO    ] Loading cache from salt://_outputters, for base)
[INFO    ] Caching directory '_outputters/' for environment 'base'
[INFO    ] Loading fresh modules for state activity
[INFO    ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://users/init.sls'
[INFO    ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://sudo/init.sls'
[INFO    ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://sensor/init.sls'
[INFO    ] Running state [/etc/sudoers] at time 17:37:10.735705
[INFO    ] Executing state file.append for /etc/sudoers
[INFO    ] Appended 0 lines
[INFO    ] Completed state [/etc/sudoers] at time 17:37:10.741006
[INFO    ] Running state [deb http://ppa.launchpad.net/securityonion/stable/ubuntu precise main] at time 17:37:10.741683
[INFO    ] Executing state pkgrepo.managed for deb http://ppa.launchpad.net/securityonion/stable/ubuntu precise main
[INFO    ] Package repo 'deb http://ppa.launchpad.net/securityonion/stable/ubuntu precise main' already configured
[INFO    ] Completed state [deb http://ppa.launchpad.net/securityonion/stable/ubuntu precise main] at time 17:37:10.791899
[INFO    ] Running state [securityonion-sensor] at time 17:37:10.792325
[INFO    ] Executing state pkg.installed for securityonion-sensor
[INFO    ] Executing command "dpkg-query --showformat='${Status} ${Package} ${Version} ${Architecture}\n' -W" in directory '/h
ome/mbower'
[INFO    ] Executing command 'grep-available -F Provides -s Package,Provides -e "^.+$"' in directory '/home/mbower'
[INFO    ] Package securityonion-sensor is already installed
[INFO    ] Completed state [securityonion-sensor] at time 17:37:10.917345
[INFO    ] Running state [/etc/nsm/rules] at time 17:37:10.918042
[INFO    ] Executing state file.recurse for /etc/nsm/rules
[ERROR   ] The directory 'salt://sensor/rules' does not exist on the salt fileserver in saltenv 'base'
[INFO    ] Completed state [/etc/nsm/rules] at time 17:37:11.865851
[INFO    ] Running state [/opt/bro/share/bro/policy] at time 17:37:11.866567
[INFO    ] Executing state file.recurse for /opt/bro/share/bro/policy
[ERROR   ] The directory 'salt://sensor/bro/policy' does not exist on the salt fileserver in saltenv 'base'
[INFO    ] Completed state [/opt/bro/share/bro/policy] at time 17:37:12.034752
[INFO    ] Running state [/var/ossec/rules] at time 17:37:12.034988
[INFO    ] Executing state file.recurse for /var/ossec/rules
[ERROR   ] The directory 'salt://sensor/ossec' does not exist on the salt fileserver in saltenv 'base'
[INFO    ] Completed state [/var/ossec/rules] at time 17:37:12.195596
[INFO    ] Running state [/etc/cron.d/rule-update] at time 17:37:12.196505
[INFO    ] Executing state file.absent for /etc/cron.d/rule-update
[INFO    ] File /etc/cron.d/rule-update is not present
[INFO    ] Completed state [/etc/cron.d/rule-update] at time 17:37:12.198177
[INFO    ] Running state [/etc/cron.d/salt-update] at time 17:37:12.198469
[INFO    ] Executing state file.managed for /etc/cron.d/salt-update
[INFO    ] File /etc/cron.d/salt-update is in the correct state
[INFO    ] Completed state [/etc/cron.d/salt-update] at time 17:37:12.356692
local:
----------
You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/NRoT56LtNSA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.

To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.



--

Mike

Doug Burks

unread,
Aug 27, 2014, 1:44:12 PM8/27/14
to securit...@googlegroups.com
On Wed, Aug 27, 2014 at 1:41 PM, Michael Bower <mbo...@gmail.com> wrote:
> Fails in the same spot. The output is from a sensor.

I'm confused. In the beginning of the thread, I assumed we were
talking about a sensor, but then you said master. If you're getting
errors on the master, we need to focus on getting the master fixed
first.

Michael Bower

unread,
Aug 27, 2014, 1:54:53 PM8/27/14
to securit...@googlegroups.com
I am running the command, sudo salt '*' state.highstate, from the master. I also get the same errors about directories not existing when I run it on a sensor with the command, sudo salt-call state.highstate.

Running sudo salt-call state.highstate on the master gets me this:

local:
----------
ID: sudoers
Function: file.append
Name: /etc/sudoers
Result: True
Comment: Appended 0 lines
Changes:

Summary
------------
Succeeded: 1
Failed: 0
------------
Total: 1

Mike

Doug Burks

unread,
Aug 27, 2014, 3:56:09 PM8/27/14
to securit...@googlegroups.com
Did you do this part of the procedure?

# Edit /opt/onionsalt/salt/top.sls and add your master as a "backend"
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.



Michael Bower

unread,
Aug 27, 2014, 4:47:03 PM8/27/14
to securit...@googlegroups.com
Yes, I did. What I finally ended up doing was rebuilding the Server and letting setup handle it. That worked. My assumption is I had something wrong in the top.sls file.

Thanks for the help!
Mike


You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/NRoT56LtNSA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.

To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.



--

Mike
Reply all
Reply to author
Forward
0 new messages