diff --git a/pillar/firewall/fleet_nodes.sls b/pillar/firewall/fleet_nodes.sls
deleted file mode 100644
index ca2bd1ff3..000000000
--- a/pillar/firewall/fleet_nodes.sls
+++ /dev/null
@@ -1,3 +0,0 @@
-fleet_nodes:
- - 127.0.0.1
-
diff --git a/salt/firewall/init.sls b/salt/firewall/init.sls
index 16492dd47..85db566f6 100644
--- a/salt/firewall/init.sls
+++ b/salt/firewall/init.sls
@@ -8,6 +8,8 @@
{%- elif grains['role'] == 'so-fleet' %}
{%- set ip = salt['pillar.get']('node:mainip', '') %}
{%- endif %}
+{%- set FLEET_NODE = salt['pillar.get']('static:fleet_node') %}
+{%- set FLEET_NODE_IP = salt['pillar.get']('static:fleet_ip') %}
# Quick Fix for Docker being difficult
iptables_fix_docker:
@@ -424,6 +426,22 @@ enable_forwardnode_sensoroni_9822_{{ip}}:
{% endfor %}
+# Allow Fleet Node to send its beats traffic
+{% if FLEET_NODE %}
+
+enable_fleetnode_beats_5644_{{FLEET_NODE_IP}}:
+ iptables.insert:
+ - table: filter
+ - chain: DOCKER-USER
+ - jump: ACCEPT
+ - proto: tcp
+ - source: {{ FLEET_NODE_IP }}
+ - dport: 5644
+ - position: 1
+ - save: True
+
+{% endif %}
+
{% for ip in pillar.get('search_nodes') %}
enable_searchnode_redis_6379_{{ip}}:
diff --git a/salt/fleet/event_gen-packages.sls b/salt/fleet/event_gen-packages.sls
index affc9a72a..c9b50bc9a 100644
--- a/salt/fleet/event_gen-packages.sls
+++ b/salt/fleet/event_gen-packages.sls
@@ -1,4 +1,4 @@
-{% set ENROLLSECRET = salt['pillar.get']('auth:fleet_enroll-secret') %}
+{% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
so/fleet:
event.send:
diff --git a/salt/fleet/files/dedicated-index.html b/salt/fleet/files/dedicated-index.html
index c53cae95b..4a27b6104 100644
--- a/salt/fleet/files/dedicated-index.html
+++ b/salt/fleet/files/dedicated-index.html
@@ -86,40 +86,9 @@ a {
Security Onion - Dedicated Fleet Node
- Osquery Packages
- Notes
-
- - These packages are customized for this specific Fleet install and will only be generated after the Fleet setup script has been run. If you want vanilla osquery packages, you can get them directly from osquery.io
- - Packages are not signed.
-
- Downloads
-
- Generated: {{ PACKAGESTS }}
-
-
- Packages:
-
-
-
- Config Files:
-
-
- Known Issues
-
diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls
index c1d6bdd5c..3b5706f98 100644
--- a/salt/reactor/fleet.sls
+++ b/salt/reactor/fleet.sls
@@ -15,9 +15,9 @@ def run():
MAINIP = data['data']['mainip']
STATICFILE = '/opt/so/saltstack/pillar/static.sls'
- AUTHFILE = '/opt/so/saltstack/pillar/auth.sls'
+ SECRETSFILE = '/opt/so/saltstack/pillar/secrets.sls'
- if MINIONID.split('_')[-1] in ['master','eval','fleet']:
+ if MINIONID.split('_')[-1] in ['master','eval','fleet','mastersearch']:
if ACTION == 'enablefleet':
logging.info('so/fleet enablefleet reactor')
@@ -29,8 +29,8 @@ def run():
line = re.sub(r'fleet_master: \S*', f"fleet_master: True", line.rstrip())
print(line)
- # Update the enroll secret in the auth pillar
- for line in fileinput.input(AUTHFILE, inplace=True):
+ # Update the enroll secret in the secrets pillar
+ for line in fileinput.input(SECRETSFILE, inplace=True):
line = re.sub(r'fleet_enroll-secret: \S*', f"fleet_enroll-secret: {ESECRET}", line.rstrip())
print(line)