Please note that Salt is totally optional. If you're happy with your current method of sensor management, then you don't have to install securityonion-onionsalt and nothing will change for you. Should you decide to install securityonion-onionsalt, you get the following features out of the box:
- manage user accounts, sudoers, and SSH keys from one location and have it replicate to all sensors
- have sensors check for new IDS rules every 15 minutes, copy files, and restart engines as necessary
In addition, Salt is a full configuration management system, so you can script anything that you want to deploy across your army of sensors.
Thanks to Mike Reeves for developing OnionSalt!
Thanks to the following for testing:
OnionSalt is still considered experimental. You'll want to test in a lab environment before deciding to deploy in production.
To read more about how to integrate OnionSalt into a new or existing Security Onion deployment, please see our Salt page:
|Enabling Salt on Master Server via Advanced Setup|
|After completing Setup, verifying that the Master can manage itself|
|Enabling Salt on sensor1 via Advanced Setup|
|After completing Setup, verifying that the Master can now manage both boxes|
|Salt can run arbitrary commands on all boxes at once|
|Adding johndoe to /opt/onionsalt/pillar/users/init.sls|
|Adding johndoe's public key to /opt/onionsalt/salt/users/keys/|
|Running "sudo salt '*' state.highstate" to push accounts and keys to all boxes|
|Verifying that we can now login using the new account/key|
If you have any questions or problems, please use our mailing list:
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
We especially need help in answering support questions on the mailing list and IRC channel. Thanks!