CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-24 00:43:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'remotes/origin/dev' into feature/metasuri

Browse Source
This commit is contained in:
Mike Reeves
2020-06-12 08:54:17 -04:00
parent 6f3fd407dd d146e65412
commit 0559e2d16b
11 changed files with 6472 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pillar/data/addtotab.sh
View File

@@ -47,7 +47,7 @@ if [ $TYPE == 'sensorstab' ]; then
echo " monint: $MONINT" >> $local_salt_dir/pillar/data/$TYPE.sls
salt-call state.apply grafana queue=True
fi
if [ $TYPE == 'evaltab' ]; then
if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then
echo " monint: $MONINT" >> $local_salt_dir/pillar/data/$TYPE.sls
if [ ! $10 ]; then
salt-call state.apply grafana queue=True

8
salt/grafana/dashboards/eval/eval.json
View File

@@ -3226,7 +3226,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -3290,7 +3290,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -3798,7 +3798,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -3862,7 +3862,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"dsType": "influxdb",
"groupBy": [
{

16
salt/grafana/dashboards/master/master.json
View File

@@ -1969,7 +1969,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -2033,7 +2033,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -2633,7 +2633,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -2697,7 +2697,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -3342,7 +3342,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -3406,7 +3406,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -3874,7 +3874,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -3938,7 +3938,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"dsType": "influxdb",
"groupBy": [
{

14
salt/grafana/dashboards/mastersearch/mastersearch.json
View File

@@ -1971,7 +1971,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -2035,7 +2035,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -2718,7 +2718,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -2782,7 +2782,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -3470,7 +3470,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"groupBy": [
{
"params": [
@@ -3875,7 +3875,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"groupBy": [
{
"params": [
@@ -3936,7 +3936,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"groupBy": [
{
"params": [

8
salt/grafana/dashboards/search_nodes/searchnode.json
View File

@@ -2827,7 +2827,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -2891,7 +2891,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -3399,7 +3399,7 @@
"steppedLine": false,
"targets": [
{
"alias": "InBound",
"alias": "Inbound",
"dsType": "influxdb",
"groupBy": [
{
@@ -3463,7 +3463,7 @@
]
},
{
"alias": "OutBound",
"alias": "Outbound",
"dsType": "influxdb",
"groupBy": [
{

6392
salt/grafana/dashboards/standalone/standalone.json Normal file
View File

File diff suppressed because it is too large Load Diff

7
salt/grafana/etc/dashboards/dashboard.yml
View File

@@ -31,6 +31,13 @@ providers:
editable: true
options:
path: /etc/grafana/grafana_dashboards/search_nodes
- name: 'Standalone'
folder: 'Standalone'
type: file
disableDeletion: false
editable: true
options:
path: /etc/grafana/grafana_dashboards/standalone
{%- else %}
- name: 'Security Onion'
folder: 'Eval Mode'

32
salt/grafana/init.sls
View File

@@ -40,6 +40,13 @@ grafanadashmsdir:
- group: 939
- makedirs: True
grafanadashsadir:
file.directory:
- name: /opt/so/conf/grafana/grafana_dashboards/standalone
- user: 939
- group: 939
- makedirs: True
grafanadashevaldir:
file.directory:
- name: /opt/so/conf/grafana/grafana_dashboards/eval
@@ -96,7 +103,7 @@ dashboard-master:
{% for SN, SNDATA in salt['pillar.get']('mastersearchtab', {}).items() %}
{% set NODETYPE = SN.split('_')|last %}
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
dashboard-master:
dashboard-mastersearch:
file.managed:
- name: /opt/so/conf/grafana/grafana_dashboards/mastersearch/{{ SN }}-MasterSearch.json
- user: 939
@@ -115,6 +122,29 @@ dashboard-master:
{% endfor %}
{% endif %}
{% if salt['pillar.get']('standalonetab', False) %}
{% for SN, SNDATA in salt['pillar.get']('standalonetab', {}).items() %}
{% set NODETYPE = SN.split('_')|last %}
{% set SN = SN | regex_replace('_' ~ NODETYPE, '') %}
dashboard-standalone:
file.managed:
- name: /opt/so/conf/grafana/grafana_dashboards/standalone/{{ SN }}-Standalone.json
- user: 939
- group: 939
- template: jinja
- source: salt://grafana/dashboards/standalone/standalone.json
- defaults:
SERVERNAME: {{ SN }}
MANINT: {{ SNDATA.manint }}
MONINT: {{ SNDATA.manint }}
CPUS: {{ SNDATA.totalcpus }}
UID: {{ SNDATA.guid }}
ROOTFS: {{ SNDATA.rootfs }}
NSMFS: {{ SNDATA.nsmfs }}
{% endfor %}
{% endif %}
{% if salt['pillar.get']('sensorstab', False) %}
{% for SN, SNDATA in salt['pillar.get']('sensorstab', {}).items() %}
{% set NODETYPE = SN.split('_')|last %}

15
salt/telegraf/etc/telegraf.conf
View File

@@ -616,7 +616,7 @@
# # Read stats from one or more Elasticsearch servers or clusters
{% if grains['role'] in ['so-master', 'so-eval', 'so-mastersearch'] %}
{% if grains['role'] in ['so-master', 'so-eval', 'so-mastersearch', 'so-standalone'] %}
[[inputs.elasticsearch]]
# ## specify a list of one or more Elasticsearch servers
@@ -683,7 +683,18 @@
"/scripts/oldpcap.sh"
]
data_format = "influx"
{% elif grains['role'] == 'so-standalone' %}
[[inputs.exec]]
commands = [
"/scripts/redis.sh",
"/scripts/influxdbsize.sh",
"/scripts/stenoloss.sh",
"/scripts/suriloss.sh",
"/scripts/checkfiles.sh",
"/scripts/broloss.sh",
"/scripts/oldpcap.sh"
]
data_format = "influx"
{% elif grains['role'] == 'so-eval' %}
[[inputs.exec]]
commands = [

10
salt/wazuh/init.sls
View File

@@ -50,15 +50,7 @@ wazuhdir:
- name: /opt/so/wazuh
- user: 945
- group: 945
- recurse:
- group
- user
wazuhdirfirewall:
file.directory:
- name: /opt/so/wazuh/logs/firewall
- user: 945
- group: 945
- makedirs: True
# Add Wazuh agent conf
wazuhagentconf:

5
setup/so-functions
View File

@@ -60,7 +60,7 @@ addtotab_generate_templates() {
local addtotab_path=$local_salt_dir/pillar/data
for i in evaltab mastersearchtab mastertab nodestab sensorstab; do
for i in evaltab mastersearchtab mastertab nodestab sensorstab standalonetab; do
printf '%s\n'\
"$i:"\
"" > "$addtotab_path"/$i.sls
@@ -1435,6 +1435,9 @@ set_initial_firewall_policy() {
'MASTERSEARCH')
$default_salt_dir/pillar/data/addtotab.sh mastersearchtab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm"
;;
'STANDALONE')
$default_salt_dir/pillar/data/addtotab.sh standalonetab "$MINION_ID" "$MAINIP" "$num_cpu_cores" "$random_uid" "$MNIC" "$filesystem_root" "$filesystem_nsm" bond0
;;
esac
;;
'HELIXSENSOR')