adds stuff

AFS Forcepoint Neuterage Notes.md

@@ -17,4 +17,7 @@ touch ForcepointEndpointDC.kext
 chflags schg ForcepointEndpointDC.kext
 do the same thing in /Library/StagedExtensions/Library/Application Support/Websense Endpoint/DC/
 exit out of recovery console, unmount your disk
-reboot
+reboot
+
+Alternate
+`alias killfp='while [[ 1 ]]; do sudo killall -9 fpdcd; done'`

CIS Benchmarks Audit.md

@@ -17,7 +17,8 @@ saltless master in packer
 packer/scripts/salt-virtualenv-minion.sh
       "../../scripts/salt-virtualenv-minion.sh",
 
-# Does the CIS Hardening
+Does the CIS Hardening
+```
   provisioner "salt-masterless" {
     skip_bootstrap     = true
     salt_bin_dir       = "/mnt/bin"
@@ -27,6 +28,7 @@ packer/scripts/salt-virtualenv-minion.sh
     salt_call_args     = "-c /mnt/etc/salt"
     no_exit_on_failure = true
   }
+```
 
 
  - migrate packer salt states 
@@ -37,7 +39,7 @@ packer/scripts/salt-virtualenv-minion.sh
 
  Packer gets us 50% to CIS and salt fine tunes and gets us to 100% and it is ok that they are duplicated because salt is the final say.
 
- Both AWS and Vmware are usign the masterless salt. 
+ Both AWS and Vmware are using the masterless salt. 
 
 
 
@@ -82,29 +84,29 @@ salt/fileroots/os_modifications/auditd.sls
 salt vault-1* state.sls os_modifications.sshd_config saltenv=feature/bp_MSOCI-1676_cis_audit test=true
 salt/fileroots/os_modifications/sshd_config.sls
 
-TODO
-salt/fileroots/os_modifications/journald.sls
-
-
-
-
-
-
 
+```
 
+# TODO
+Add new files to init.sls
+salt/fileroots/os_modifications/journald.sls
+Fix the auditd in this file:
+salt/fileroots/docker/init.sls
 
+create internal DNS entries for these in test and prod so they will show up in Nessus.
+10.20.32.59 customer-portal
+10.20.16.86 moose-splunk-indexer-0
+10.20.16.237 moose-splunk-indexer-1
+10.20.17.42 moose-splunk-indexer-2
+10.20.32.84 customer-portal
+10.20.0.25 sensu
 
 
-```
 
 
 
+# Audit Controls and Exceptions
 
-########################
-#
-# Check Audit and Exceptions?
-#
-#########################
 
 Control ID: 1073
 Statement: Status of the 'Maximum Password Age' setting (expiration) / Accounts having the 'password never expires' flag set

Patching Notes.md

@@ -758,6 +758,7 @@ Command to view "three green check marks" from salt.
 BETTER:
 `salt \*-splunk-cm* cmd.run runas=splunk "/opt/splunk/bin/splunk show cluster-status -auth minion:'{{ pillar['minion_pass'] }}'" | grep -2 factor`
 
+NOTICE: Using compound targeting doesn't seem to work with multi-level grains?  
 
 ```
 salt -C '*splunk-i* and ( G@ec2:placement:availability_zone:us-east-1a or G@ec2:placement:availability_zone:us-gov-east-1a ) not moose*' test.ping --out=txt

Portal Notes.md

@@ -16,6 +16,22 @@ salt 'customer-portal*' cmd.run 'docker restart portal nginx'
 
 For PROD: Stop docker containers on both servers, but upgrade the containers one server at a time. This way you can quickly get the site back up on the previous server. 
 
+One at a time ( this should work, but doesn't?)
+```
+#Stop both
+salt 'customer-portal*' test.ping
+salt 'customer-portal*' cmd.run 'docker container ls'
+salt 'customer-portal*' cmd.run 'docker stop portal nginx'
+
+#Update First Portal Server
+salt -C 'customer* and G@ec2:availability_zone:us-gov-east-1a' cmd.run 'docker rm portal nginx'
+salt -C 'customer* and G@ec2:availability_zone:us-gov-east-1a' test.ping
+
+#Update Second Portal Server
+salt -C 'customer* and G@ec2:availability_zone:us-gov-east-1b' test.ping
+```
+
+Both at the same time
 ```
 salt 'customer-portal*' test.ping
 salt 'customer-portal*' cmd.run 'docker container ls'
@@ -27,6 +43,7 @@ salt 'customer-portal*' cmd.run 'docker rmi <image-ids>'
 salt 'customer-portal*' state.sls docker.portal --output-diff
 ```
 
+To verify the version, login to Portal and go to the Staff Tools. 
 
 From the [Wiki page](https://github.xdr.accenturefederalcyber.com/MDR-Content/mdr-content/wiki/Customer-Portal)
 Last time we tried the `ec2_tags` grain targeting did not work.