3 rokov pred · 61f60846a3
--- a/Notes.md
+++ b/Notes.md
@@ -54,10 +54,10 @@ Starting with Moose and Internal infra within `GC TEST`.  After deployment is ve
 
				 6. `GC Test` first; `GC PROD` second; From target servers; clean out the cache
			
 
				     ```
			
 
				     # XDR Infrastructure - be sure to note the different Salt minions to target between TEST and PROD
			
 
				-    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'yum clean all && yum makecache fast'
			
 
				+    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* )' cmd.run 'yum clean all && yum makecache fast'
			
 
				 
			
 
				     # From target servers; view the available packages
			
 
				-    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'yum --disablerepo="*" --enablerepo="msoc" list available'
			
 
				+    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* )' cmd.run 'yum --disablerepo="*" --enablerepo="msoc" list available'
			
 
				 
			
 
				     # Customer Slices Search Heads Only
			
 
				     salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'yum clean all && yum makecache fast'
			
@@ -99,133 +99,49 @@ Starting with Moose and Internal infra within `GC TEST`.  After deployment is ve
 
				     
			
 
				     ```
			
 
				 
			
 
				-7. Verify and then Stop agent on minions `systemctl stop sensu-agent`
			
 
				+7. Stop / Update / Reload daemon / Start agent on minions `systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent`
			
 
				     ```
			
 
				     # XDR Infrastructure 
			
 
				-    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'sensu-agent version'
			
 
				+    salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* )' cmd.run 'sensu-agent version'
			
 
				     
			
 
				-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'systemctl stop sensu-agent'
			
 
				+    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* )' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
			
 
				 
			
 
				     # LCPs
			
 
				-    salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'sensu-agent version'
			
 
				+    salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
			
 
				     
			
 
				     date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl stop sensu-agent'
			
 
				 
			
 
				     # Customer Slices
			
 
				     salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'sensu-agent version'
			
 
				 
			
 
				-    date; salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'systemctl stop sensu-agent'
			
 
				+    date; salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
			
 
				 
			
 
				     # Customer Slices Search Heads Only
			
 
				-    date; salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'systemctl stop sensu-agent'
			
 
				+    date; salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
			
 
				 
			
 
				     # Customer Slices Cluster masters and Heavy Forwarders 
			
 
				-    date; salt -C '( *splunk-cm* or *splunk-hf* ) not moose*' cmd.run 'systemctl stop sensu-agent'
			
 
				+    date; salt -C '( *splunk-cm* or *splunk-hf* ) not moose*' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
			
 
				 
			
 
				     # Customer Slices Indexers
			
 
				     
			
 
				     # us-east-1a
			
 
				     salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' test.ping --out=txt
			
 
				 
			
 
				-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' cmd.run 'systemctl stop sensu-agent'
			
 
				+    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
			
 
				 
			
 
				     # us-gov-east-1b
			
 
				     salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' test.ping --out=txt
			
 
				     
			
 
				-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' cmd.run 'systemctl stop sensu-agent'
			
 
				+    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
			
 
				 
			
 
				     # us-gov-east-1c
			
 
				     salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' test.ping --out=txt
			
 
				 
			
 
				-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' cmd.run 'systemctl stop sensu-agent'
			
 
				+    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' cmd.run 'systemctl stop sensu-agent && yum update -y sensu-go-agent && systemctl daemon-reload && systemctl start sensu-agent'
			
 
				 
			
 
				     ```
			
 
				 
			
 
				-8. Update the agent on minion `yum update -y sensu-go-agent`
			
 
				-    ```
			
 
				-    # XDR Infrastructure
			
 
				-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'yum update -y sensu-go-agent'
			
 
				-
			
 
				-    # LCPs
			
 
				-    date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'yum update -y sensu-go-agent'
			
 
				-
			
 
				-    # Customer Slices
			
 
				-    salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'sensu-agent version'
			
 
				-
			
 
				-    date; salt -C 'afs*local or afs*com or ma-*com or la-*com or nga*com or nga*local or dc*com or bas-*com or frtib*com or ca-c19*com or dgi*com' cmd.run 'systemctl stop sensu-agent'
			
 
				-
			
 
				-    # Customer Slices Search Heads Only
			
 
				-    salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'yum update -y sensu-go-agent'
			
 
				-
			
 
				-    # Customer Slices Cluster masters and Heavy Forwarders 
			
 
				-    salt -C '( *splunk-cm* or *splunk-hf* ) not moose*' cmd.run 'yum update -y sensu-go-agent'
			
 
				-
			
 
				-    # Customer Slices Indexers
			
 
				-    
			
 
				-    # us-east-1a
			
 
				-    salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' cmd.run 'yum update -y sensu-go-agent'
			
 
				-
			
 
				-    # us-gov-east-1b
			
 
				-    salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' cmd.run 'yum update -y sensu-go-agent'
			
 
				-
			
 
				-    # us-gov-east-1c
			
 
				-    salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' cmd.run 'yum update -y sensu-go-agent'
			
 
				-
			
 
				-    ```
			
 
				-
			
 
				-9. Reload the daemon `systemctl daemon-reload`
			
 
				-    ```
			
 
				-    # XDR Infrastructure
			
 
				-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'systemctl daemon-reload'
			
 
				-
			
 
				-    # LCPs
			
 
				-    date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl daemon-reload'
			
 
				-
			
 
				-    # Customer Slices Search Heads Only
			
 
				-    date; salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'systemctl daemon-reload'
			
 
				-
			
 
				-    # Customer Slices Cluster masters and Heavy Forwarders 
			
 
				-    date; salt -C '( *splunk-cm* or *splunk-hf* ) not moose*' cmd.run 'systemctl daemon-reload'
			
 
				-
			
 
				-    # Customer Slices Indexers
			
 
				-    # us-east-1a
			
 
				-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' cmd.run 'systemctl daemon-reload'
			
 
				-
			
 
				-    # us-gov-east-1b
			
 
				-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' cmd.run 'systemctl daemon-reload'
			
 
				-
			
 
				-    # us-gov-east-1c
			
 
				-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' cmd.run 'systemctl daemon-reload'
			
 
				-
			
 
				-    ```
			
 
				-
			
 
				-10. Start agent `systemctl start sensu-agent`
			
 
				-    ```
			
 
				-    # XDR Infrastructure
			
 
				-    date; salt -C '* not ( afs* or nga* or ma-* or dc-c19* or la-c19* or bas-* or ca-c19* or frtib* or dgi* or threatq* or vmray* or sensu* or rhsso-0* or fm-shared-search-0* or modelclient-splunk-idx-326* or modelclient-splunk-idx-8b8* or moose-splunk-idx-eed* )' cmd.run 'systemctl start sensu-agent'
			
 
				-
			
 
				-    # LCPs
			
 
				-    date; salt -C '* not *.local not *.pvt.xdr.accenturefederalcyber.com' cmd.run 'systemctl start sensu-agent'
			
 
				-
			
 
				-    # Customer Slices Search Heads Only
			
 
				-    date; salt -C '*-sh* and not *moose* and not fm-shared-search*' cmd.run 'systemctl start sensu-agent'
			
 
				-
			
 
				-    # Customer Slices Cluster masters and Heavy Forwarders 
			
 
				-    date; salt -C '( *splunk-cm* or *splunk-hf* ) not moose*' cmd.run 'systemctl start sensu-agent'
			
 
				-
			
 
				-    # Customer Slices Indexers
			
 
				-    # us-east-1a
			
 
				-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' cmd.run 'systemctl start sensu-agent'
			
 
				-
			
 
				-    # us-gov-east-1b
			
 
				-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1b or G@ec2:placement:availability_zone:us-gov-east-1b ) not moose*' cmd.run 'systemctl start sensu-agent'
			
 
				-
			
 
				-    # us-gov-east-1c
			
 
				-    date; salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1c or G@ec2:placement:availability_zone:us-gov-east-1c ) not moose*' cmd.run 'systemctl start sensu-agent'
			
 
				-    
			
 
				-    ```
			
 
				-
			
 
				-11. Verify with this: 
			
 
				+8. Verify with this: 
			
 
				     ```
			
 
				     salt '*' cmd.run 'sensu-agent version'
			
 
				     salt -C '* not salt* not sensu* not jira*' cmd.run 'sensu-agent version'
			
--- a/Notes.md
+++ b/Notes.md
@@ -28,7 +28,7 @@ sudo /opt/nessus_agent/sbin/nessuscli -v
 
				 
			
 
				 - Download the latest RPM from [Tenable Download - Nessus](https://www.tenable.com/downloads/nessus)
			
 
				 - Check the sha256 on your mac with `shasum -a 256 Nessus-8.15.1-es7.x86_64.rpm`
			
 
				-- Use teleport scp to upload the file to the TEST and PROD repo server; See [How to add a new package to the Reposerver](Reposerver%20Notes.md)
			
 
				+- Use `teleport scp` to upload the file to the TEST and PROD repo server; See [How to add a new package to the Reposerver](Reposerver%20Notes.md)
			
 
				 - Update the tenable repo per the Reposerver Notes above
			
 
				 - Stop the service and take an EBS snapshot as a backup
			
 
				     - `systemctl stop SecurityCenter`