CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

2.4/firewall

Browse Source
This commit is contained in:
m0duspwnens
2022-09-22 13:39:10 -04:00
parent c77fcc74c1
commit 06d3681cec
8 changed files with 32 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
files/firewall/assigned_hostgroups.local.map.yaml
View File

@@ -1,8 +1,8 @@
{% import_yaml 'firewall/portgroups.yaml' as default_portgroups %}
{% set default_portgroups = default_portgroups.firewall.aliases.ports %}
{% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %}
{% set default_portgroups = default_portgroups.firewall.ports %}
{% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %}
{% if local_portgroups.firewall.aliases.ports %}
{% set local_portgroups = local_portgroups.firewall.aliases.ports %}
{% if local_portgroups.firewall.ports %}
{% set local_portgroups = local_portgroups.firewall.ports %}
{% else %}
{% set local_portgroups = {} %}
{% endif %}

38
salt/firewall/assigned_hostgroups.map.yaml
View File

@@ -1,7 +1,7 @@
{% set ISAIRGAP = salt['pillar.get']('global:airgap', 'False') %}
{% import_yaml 'firewall/portgroups.yaml' as portgroups %}
{% set portgroups = portgroups.firewall.aliases.ports %}
{% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %}
{% import_yaml 'firewall/ports/ports.yaml' as portgroups %}
{% set portgroups = portgroups.firewall.ports %}
{% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', True) %}
role:
eval:
@@ -14,16 +14,11 @@ role:
- {{ portgroups.mysql }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.influxdb }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }}
@@ -34,12 +29,10 @@ role:
searchnodes:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }}
heavynodes:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }}
self:
portgroups:
@@ -90,19 +83,14 @@ role:
- {{ portgroups.mysql }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.influxdb }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
{% if ISAIRGAP is sameas true %}
- {{ portgroups.agrules }}
{% endif %}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }}
@@ -116,13 +104,11 @@ role:
searchnodes:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.beats_5644 }}
heavynodes:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.beats_5644 }}
self:
@@ -170,16 +156,11 @@ role:
- {{ portgroups.mysql }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.influxdb }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }}
@@ -191,12 +172,10 @@ role:
searchnodes:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }}
heavynodes:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }}
self:
portgroups:
@@ -247,16 +226,11 @@ role:
- {{ portgroups.mysql }}
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.influxdb }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }}
@@ -268,12 +242,10 @@ role:
searchnodes:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }}
heavynodes:
portgroups:
- {{ portgroups.redis }}
- {{ portgroups.minio }}
- {{ portgroups.elasticsearch_node }}
self:
portgroups:
@@ -328,14 +300,10 @@ role:
- {{ portgroups.kibana }}
- {{ portgroups.redis }}
- {{ portgroups.influxdb }}
- {{ portgroups.cortex }}
- {{ portgroups.elasticsearch_rest }}
- {{ portgroups.elasticsearch_node }}
- {{ portgroups.cortex_es_rest }}
- {{ portgroups.cortex_es_node }}
minion:
portgroups:
- {{ portgroups.acng }}
- {{ portgroups.docker_registry }}
- {{ portgroups.influxdb }}
- {{ portgroups.sensoroni }}

23
salt/firewall/hostgroups.yaml Normal file
View File

@@ -0,0 +1,23 @@
{%- set DNET = salt['pillar.get']('global:dockernet', '172.17.0.0') %}
firewall:
hostgroups:
anywhere:
ips:
delete:
insert:
- 0.0.0.0/0
dockernet:
ips:
delete:
insert:
- {{ DNET }}/24
localhost:
ips:
delete:
insert:
- 127.0.0.1
self:
ips:
delete:
insert:
- {{ salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] }}

0
salt/firewall/hostgroups/analyst_workstation → salt/firewall/hostgroups/analyst_workstations
View File

0
salt/firewall/hostgroups/heavynode → salt/firewall/hostgroups/heavynodes
View File

0
salt/firewall/hostgroups/receiver → salt/firewall/hostgroups/receivers
View File

0
salt/firewall/hostgroups/searchnode → salt/firewall/hostgroups/searchnodes
View File

4
salt/firewall/map.jinja
View File

@@ -4,8 +4,8 @@
{% import_yaml 'firewall/ports/ports.yaml' as default_portgroups %}
{% set default_portgroups = default_portgroups.firewall.ports %}
{% import_yaml 'firewall/portgroups.local.yaml' as local_portgroups %}
{% if local_portgroups.firewall.aliases.ports %}
{% set local_portgroups = local_portgroups.firewall.aliases.ports %}
{% if local_portgroups.firewall.ports %}
{% set local_portgroups = local_portgroups.firewall.ports %}
{% else %}
{% set local_portgroups = {} %}
{% endif %}