CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

2.4/firewall

Browse Source
This commit is contained in:
m0duspwnens
2022-09-22 13:39:10 -04:00
parent c77fcc74c1
commit 06d3681cec
8 changed files with 32 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
files/firewall/assigned_hostgroups.local.map.yaml
View File

@@ -1,8 +1,8 @@
{% import_yaml 'firewall/portgroups.yaml' as default_portgroups %} {% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %}
{% set default_portgroups = default_portgroups.firewall.aliases.ports %} {% set default_portgroups = default_portgroups.firewall.ports %}
{% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %} {% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %}
{% if local_portgroups.firewall.aliases.ports %} {% if local_portgroups.firewall.ports %}
{% set local_portgroups = local_portgroups.firewall.aliases.ports %} {% set local_portgroups = local_portgroups.firewall.ports %}
{% else %} {% else %}
{% set local_portgroups = {} %} {% set local_portgroups = {} %}
{% endif %} {% endif %}

38
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -1,7 +1,7 @@
{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %} {% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
{% import_yaml 'firewall/portgroups.yaml' as portgroups %} {% import_yaml 'firewall/ports/ports.yaml' as portgroups %}
{% set portgroups = portgroups.firewall.aliases.ports %} {% set portgroups = portgroups.firewall.ports %}
{% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %} {% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', True) %}
role: role:
eval: eval:
@@ -14,16 +14,11 @@ role:
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.kibana }} - {{ portgroups.kibana }}
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion: minion:
portgroups: portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -34,12 +29,10 @@ role:
searchnodes: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
heavynodes: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
self: self:
portgroups: portgroups:
@@ -90,19 +83,14 @@ role:
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.kibana }} - {{ portgroups.kibana }}
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
{% if ISAIRGAP is sameas true %} {% if ISAIRGAP is sameas true %}
- {{ portgroups.agrules }} - {{ portgroups.agrules }}
{% endif %} {% endif %}
minion: minion:
portgroups: portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -116,13 +104,11 @@ role:
searchnodes: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
heavynodes: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.beats_5644 }} - {{ portgroups.beats_5644 }}
self: self:
@@ -170,16 +156,11 @@ role:
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.kibana }} - {{ portgroups.kibana }}
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion: minion:
portgroups: portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -191,12 +172,10 @@ role:
searchnodes: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
heavynodes: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
self: self:
portgroups: portgroups:
@@ -247,16 +226,11 @@ role:
- {{ portgroups.mysql }} - {{ portgroups.mysql }}
- {{ portgroups.kibana }} - {{ portgroups.kibana }}
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion: minion:
portgroups: portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}
@@ -268,12 +242,10 @@ role:
searchnodes: searchnodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
heavynodes: heavynodes:
portgroups: portgroups:
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
self: self:
portgroups: portgroups:
@@ -328,14 +300,10 @@ role:
- {{ portgroups.kibana }} - {{ portgroups.kibana }}
- {{ portgroups.redis }} - {{ portgroups.redis }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }} - {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }} - {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion: minion:
portgroups: portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }} - {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }} - {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }} - {{ portgroups.sensoroni }}

23
salt/firewall/hostgroups.yaml Normal file
View File

@@ -0,0 +1,23 @@
{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %}
firewall:
hostgroups:
anywhere:
ips:
delete:
insert:
- 0.0.0.0/0
dockernet:
ips:
delete:
insert:
- {{ DNET }}/24
localhost:
ips:
delete:
insert:
- 127.0.0.1
self:
ips:
delete:
insert:
- {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}

0
salt/firewall/hostgroups/analyst_workstation → salt/firewall/hostgroups/analyst_workstations
View File

0
salt/firewall/hostgroups/heavynode → salt/firewall/hostgroups/heavynodes
View File

0
salt/firewall/hostgroups/receiver → salt/firewall/hostgroups/receivers
View File

0
salt/firewall/hostgroups/searchnode → salt/firewall/hostgroups/searchnodes
View File

4
salt/firewall/map.jinja
View File

@@ -4,8 +4,8 @@
{% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %} {% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %}
{% set default_portgroups = default_portgroups.firewall.ports %} {% set default_portgroups = default_portgroups.firewall.ports %}
{% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %} {% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %}
{% if local_portgroups.firewall.aliases.ports %} {% if local_portgroups.firewall.ports %}
{% set local_portgroups = local_portgroups.firewall.aliases.ports %} {% set local_portgroups = local_portgroups.firewall.ports %}
{% else %} {% else %}
{% set local_portgroups = {} %} {% set local_portgroups = {} %}
{% endif %} {% endif %}