Syntax updates to Sensu & Tenable

Sensu Go Upgrade Notes.md

@@ -54,10 +54,10 @@ Starting with Moose and Internal infra within `GC TEST`.  After deployment is ve
 6. `GC Test` first; `GC PROD` second; From target servers; clean out the cache
     ```
     # XDR Infrastructure - be sure to note the different Salt minions to target between TEST and PROD
-    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'yum clean all && yum makecache fast'
+    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* )' cmd.run 'yum clean all && yum makecache fast'
 
     # From target servers; view the available packages
-    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'yum --disablerepo="*" --enablerepo="msoc" list available'
+    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* )' cmd.run 'yum --disablerepo="*" --enablerepo="msoc" list available'
 
     # Customer Slices Search Heads Only
     salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'yum clean all && yum makecache fast'
@@ -99,133 +99,49 @@ Starting with Moose and Internal infra within `GC TEST`.  After deployment is ve
     
     ```
 
-7. Verify and then Stop agent on minions `systemctl stop sensu-agent`
+7. Stop / Update / Reload daemon / Start agent on minions `systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent`
     ```
     # XDR Infrastructure 
-    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'sensu-agent version'
+    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* )' cmd.run 'sensu-agent version'
     
-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'systemctl stop sensu-agent'
+    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* )' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
 
     # LCPs
-    salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'sensu-agent version'
+    salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
     
     date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl stop sensu-agent'
 
     # Customer Slices
     salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'sensu-agent version'
 
-    date; salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'systemctl stop sensu-agent'
+    date; salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
 
     # Customer Slices Search Heads Only
-    date; salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'systemctl stop sensu-agent'
+    date; salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
 
     # Customer Slices Cluster masters and Heavy Forwarders 
-    date; salt -C '( *splunk-cm* or *splunk-hf* ) not moose*' cmd.run 'systemctl stop sensu-agent'
+    date; salt -C '( *splunk-cm* or *splunk-hf* ) not moose*' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
 
     # Customer Slices Indexers
     
     # us-east-1a
     salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' test.ping --out=txt
 
-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' cmd.run 'systemctl stop sensu-agent'
+    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
 
     # us-gov-east-1b
     salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' test.ping --out=txt
     
-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' cmd.run 'systemctl stop sensu-agent'
+    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
 
     # us-gov-east-1c
     salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' test.ping --out=txt
 
-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' cmd.run 'systemctl stop sensu-agent'
+    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
 
     ```
 
-8. Update the agent on minion `yum update -y sensu-go-agent`
-    ```
-    # XDR Infrastructure
-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'yum update -y sensu-go-agent'
-
-    # LCPs
-    date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'yum update -y sensu-go-agent'
-
-    # Customer Slices
-    salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'sensu-agent version'
-
-    date; salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'systemctl stop sensu-agent'
-
-    # Customer Slices Search Heads Only
-    salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'yum update -y sensu-go-agent'
-
-    # Customer Slices Cluster masters and Heavy Forwarders 
-    salt -C '( *splunk-cm* or *splunk-hf* ) not moose*' cmd.run 'yum update -y sensu-go-agent'
-
-    # Customer Slices Indexers
-    
-    # us-east-1a
-    salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' cmd.run 'yum update -y sensu-go-agent'
-
-    # us-gov-east-1b
-    salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' cmd.run 'yum update -y sensu-go-agent'
-
-    # us-gov-east-1c
-    salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' cmd.run 'yum update -y sensu-go-agent'
-
-    ```
-
-9. Reload the daemon `systemctl daemon-reload`
-    ```
-    # XDR Infrastructure
-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'systemctl daemon-reload'
-
-    # LCPs
-    date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl daemon-reload'
-
-    # Customer Slices Search Heads Only
-    date; salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'systemctl daemon-reload'
-
-    # Customer Slices Cluster masters and Heavy Forwarders 
-    date; salt -C '( *splunk-cm* or *splunk-hf* ) not moose*' cmd.run 'systemctl daemon-reload'
-
-    # Customer Slices Indexers
-    # us-east-1a
-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' cmd.run 'systemctl daemon-reload'
-
-    # us-gov-east-1b
-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' cmd.run 'systemctl daemon-reload'
-
-    # us-gov-east-1c
-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' cmd.run 'systemctl daemon-reload'
-
-    ```
-
-10. Start agent `systemctl start sensu-agent`
-    ```
-    # XDR Infrastructure
-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'systemctl start sensu-agent'
-
-    # LCPs
-    date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl start sensu-agent'
-
-    # Customer Slices Search Heads Only
-    date; salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'systemctl start sensu-agent'
-
-    # Customer Slices Cluster masters and Heavy Forwarders 
-    date; salt -C '( *splunk-cm* or *splunk-hf* ) not moose*' cmd.run 'systemctl start sensu-agent'
-
-    # Customer Slices Indexers
-    # us-east-1a
-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' cmd.run 'systemctl start sensu-agent'
-
-    # us-gov-east-1b
-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' cmd.run 'systemctl start sensu-agent'
-
-    # us-gov-east-1c
-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' cmd.run 'systemctl start sensu-agent'
-    
-    ```
-
-11. Verify with this: 
+8. Verify with this: 
     ```
     salt '*' cmd.run 'sensu-agent version'
     salt -C '* not salt* not sensu* not jira*' cmd.run 'sensu-agent version'

Tenable Notes.md

@@ -28,7 +28,7 @@ sudo /opt/nessus_agent/sbin/nessuscli -v
 
 - Download the latest RPM from [Tenable Download - Nessus](https://www.tenable.com/downloads/nessus)
 - Check the sha256 on your mac with `shasum -a 256 Nessus-8.15.1-es7.x86_64.rpm`
-- Use teleport scp to upload the file to the TEST and PROD repo server; See [How to add a new package to the Reposerver](Reposerver%20Notes.md)
+- Use `teleport scp` to upload the file to the TEST and PROD repo server; See [How to add a new package to the Reposerver](Reposerver%20Notes.md)
 - Update the tenable repo per the Reposerver Notes above
 - Stop the service and take an EBS snapshot as a backup
     - `systemctl stop SecurityCenter`