CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

IDH - Finalize Firewall config

Browse Source
This commit is contained in:
Josh Brower
2022-02-18 13:23:48 -05:00
parent f995d0768f
commit 0362afb260
3 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -662,7 +662,7 @@ role:
- {{ portgroups.ssh }} - {{ portgroups.ssh }}
{% set idh_services = salt['pillar.get']('idh:services', []) %} {% set idh_services = salt['pillar.get']('idh:services', []) %}
{% for service in idh_services %} {% for service in idh_services %}
- {{ portgroups.service }} - {{ portgroups['idh_'~service] }}
{% endfor %} {% endfor %}
dockernet: dockernet:
portgroups: portgroups:

22
salt/firewall/portgroups.yaml
View File

@@ -1,3 +1,8 @@
{% if grains.role == 'so-idh' %}
{% from 'idh/opencanary_config.map.jinja' import OPENCANARYCONFIG %}
{% set idh_services = salt['pillar.get']('idh:services', []) %}
{% endif %}
firewall: firewall:
aliases: aliases:
ports: ports:
@@ -48,15 +53,6 @@ firewall:
fleet_webui: fleet_webui:
tcp: tcp:
- 443 - 443
ftp:
tcp:
- 21
git:
tcp:
- 9418
http:
tcp:
- 80
influxdb: influxdb:
tcp: tcp:
- 8086 - 8086
@@ -115,3 +111,11 @@ firewall:
yum: yum:
tcp: tcp:
- 443 - 443
{% if idh_services is defined %}
{% for service in idh_services %}
idh_{{service}}:
tcp:
- {{ OPENCANARYCONFIG[service~'.port'] }}
{% endfor %}
{% endif %}

6
salt/idh/init.sls
View File

@@ -37,4 +37,8 @@ so-idh:
- network_mode: host - network_mode: host
- binds: - binds:
- /nsm/idh:/var/tmp:rw - /nsm/idh:/var/tmp:rw
- /opt/so/conf/idh/opencanary.conf:/etc/opencanaryd/opencanary.conf:ro - /opt/so/conf/idh/opencanary.conf:/etc/opencanaryd/opencanary.conf:ro
- watch:
- file: opencanary_config
- require:
- file: opencanary_config