Anti-virus and security scanners may flag the Salt minion or the Salt master daemon incorrectly if they are not configured for Salt.

Aria Automation Config

Tanzu Salt

VCF Salt

VCF Automation

The AV scanners have not been configured to be aware of Salt and it's components.

Some users may be running anti-virus software, or other security scanning tools. Here is a brief overview of the services involved in a standard deployment along with some key information that may be useful in configuring these tools.

• RaaS daemon

  User: raas

  Port: 8080 (default), commonly reconfigured to 443

  Directories:

  • /var/lib/raas
  • /var/cache/raas
  • /var/run/raas
  • /srv/raas
  • /var/log/raas/
  • /etc/raas
  • /opt/saltstack/raas (depending on version)

  This daemon creates forks two sets of processes for “Webserver” and for “CeleryWorker”.

• Postgresql

  User: postgres

  Port: 5432 (default), may vary depending on configuration

  Directories:

  • /var/lib/postgres/<VERSION>/data

  This directory contains the daemon configuration, logs, as well as the database itself.

• Redis

  User: redis

  Port: 6379 (default), may vary depending on configuration

  Directories:

  • /etc/redis
  • /etc/redis.conf
  • /var/log/redis

• Salt master

  User: root or salt (runs as root when integrated with Aria Config)

  Port: 4505, 4506

  Directories:

  • /srv/pillar
  • /srv/salt
  • /etc/salt
  • /var/cache/salt
  • /var/run/salt
  • /opt/saltstack/salt
  • /var/log/salt

  List of processes varies depending on any additional engines that are loaded. Additional engines may require other directories, though engines provided from Broadcom use the standard directories above. This daemon is a forking and threading daemon that manages sub-processes. All processes should fork from the main process as managed by SystemD. This should remain the case if started from salt-master -d.

• Salt minion

  User: Administrator (Windows), root (Linux)

  Port: None (daemon does not listen on any ports)

  Directories:

  • Windows Directories:
    • C:\Salt (if using an older version)
    • C:\Program Files\Salt Project\Salt
    • C:\ProgramData\Salt Project\Salt
    • Additional Windows Installation Details
  • Linux Directories:
    • /etc/salt
    • /var/cache/salt
    • /var/run/salt
    • /opt/saltstack/salt
    • /var/log/salt

  This is a forking threading daemon so it may spawn additional processes expected to be owned by the main process. There are some cases where a state may execute something in “background mode” where the minion does a single fork of the process to execute. This daemon may also be expected to create a process as another user to execute with correct permissions.