CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from TOoSmOotH/master

Browse Source 
....
This commit is contained in:
Josh Brower
2019-04-03 10:06:12 -04:00
committed by GitHub
parent b84b356c22 2bbd31c954
commit 08462ff69e
12 changed files with 62 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
salt/common/init.sls
View File

@@ -103,7 +103,7 @@ nginxtmp:
# Start the core docker # Start the core docker
so-core: so-core:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-core:HH1.0.5 - image: soshybridhunter/so-core:HH1.0.7
- hostname: so-core - hostname: so-core
- user: socore - user: socore
- binds: - binds:
@@ -114,6 +114,7 @@ so-core:
- /opt/so/tmp/nginx/:/run:rw - /opt/so/tmp/nginx/:/run:rw
- /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro - /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
- /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro - /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
- /opt/so/conf/fleet/packages:/opt/so/html/packages
- cap_add: NET_BIND_SERVICE - cap_add: NET_BIND_SERVICE
- port_bindings: - port_bindings:
- 80:80 - 80:80
@@ -156,7 +157,7 @@ tgrafconf:
so-telegraf: so-telegraf:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-telegraf:HH1.0.4 - image: soshybridhunter/so-telegraf:HH1.0.7
- environment: - environment:
- HOST_PROC=/host/proc - HOST_PROC=/host/proc
- HOST_ETC=/host/etc - HOST_ETC=/host/etc
@@ -211,7 +212,7 @@ influxdbconf:
so-influxdb: so-influxdb:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-influxdb:HH1.0.4 - image: soshybridhunter/so-influxdb:HH1.0.7
- hostname: influxdb - hostname: influxdb
- environment: - environment:
- INFLUXDB_HTTP_LOG_ENABLED=false - INFLUXDB_HTTP_LOG_ENABLED=false
@@ -368,7 +369,7 @@ dashboard-{{ SN }}:
# Install the docker. This needs to be behind nginx at some point # Install the docker. This needs to be behind nginx at some point
so-grafana: so-grafana:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-grafana:HH1.0.4 - image: soshybridhunter/so-grafana:HH1.0.7
- hostname: grafana - hostname: grafana
- user: socore - user: socore
- binds: - binds:

5
salt/hive/init.sls
View File

@@ -78,3 +78,8 @@ so-thehive:
- /opt/so/conf/hive/etc/application.conf:/opt/thehive/conf/application.conf:ro - /opt/so/conf/hive/etc/application.conf:/opt/thehive/conf/application.conf:ro
- port_bindings: - port_bindings:
- 0.0.0.0:9000:9000 - 0.0.0.0:9000:9000
hivescript:
cmd.script:
- source: salt://hive/thehive/scripts/hive_init.sh
- template: jinja

37
salt/hive/thehive/scripts/hive_init.sh Executable file
View File

@@ -0,0 +1,37 @@
#!/bin/bash
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
{%- set HIVEUSER = salt['pillar.get']('static:hiveuser', '') %}
{%- set HIVEPASSWORD = salt['pillar.get']('static:hivepassword', '') %}
{%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}
hive_init(){
sleep 60
HIVE_IP="{{MASTERIP}}"
HIVE_USER="{{HIVEUSER}}"
HIVE_PASSWORD="{{HIVEPASSWORD}}"
SOCTOPUS_CONFIG="/opt/so/saltstack/salt/soctopus/files/SOCtopus.conf"
# Migrate DB
curl -v -k -XPOST "https://$HIVE_IP:/thehive/api/maintenance/migrate"
# Generate unique ID for apikey
HIVE_KEY="{{HIVEKEY}}"
# Create intial TheHive user
curl -v -k "https://$HIVE_IP/thehive/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$HIVE_USER\",\"name\" : \"$HIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$HIVE_PASSWORD\", \"key\": \"$HIVE_KEY\"}"
# Update SOCtopus config with apikey value
#sed -i "s/hive_key = .*/hive_key = $HIVE_KEY/" $SOCTOPUS_CONFIG
# Check for correct authentication
#curl -v -k -H "Authorization: Bearer $HIVE_KEY" "https://$HIVE_IP/thehive/api/user/$USER"
touch /opt/so/state/thehive.txt
}
if [ -f /opt/so/state/thehive.txt ]; then
exit 0
else
hive_init
fi

2
salt/kibana/init.sls
View File

@@ -57,7 +57,7 @@ synckibanacustom:
# Start the kibana docker # Start the kibana docker
so-kibana: so-kibana:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-kibana:HH1.0.6 - image: soshybridhunter/so-kibana:HH1.0.7
- hostname: kibana - hostname: kibana
- user: kibana - user: kibana
- environment: - environment:

2
salt/master/init.sls
View File

@@ -49,7 +49,7 @@ acngcopyconf:
# Install the apt-cacher-ng container # Install the apt-cacher-ng container
so-aptcacherng: so-aptcacherng:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-acng:HH1.0.5 - image: soshybridhunter/so-acng:HH1.0.7
- hostname: so-acng - hostname: so-acng
- port_bindings: - port_bindings:
- 0.0.0.0:3142:3142 - 0.0.0.0:3142:3142

2
salt/mysql/init.sls
View File

@@ -50,7 +50,7 @@ mysqldatadir:
so-mysql: so-mysql:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-mysql:HH1.0.5 - image: soshybridhunter/so-mysql:HH1.0.7
- hostname: so-mysql - hostname: so-mysql
- user: socore - user: socore
- port_bindings: - port_bindings:

2
salt/redis/init.sls
View File

@@ -49,7 +49,7 @@ toosmooth/so-redis:test2:
so-redis: so-redis:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-redis:HH1.0.5 - image: soshybridhunter/so-redis:HH1.0.7
- hostname: so-redis - hostname: so-redis
- user: socore - user: socore
- port_bindings: - port_bindings:

5
salt/soctopus/files/SOCtopus.conf
View File

@@ -1,4 +1,5 @@
{%- set ip = salt['pillar.get']('static:masterip', '') %} {%- set ip = salt['pillar.get']('static:masterip', '') %}
{%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}
[es] [es]
es_url = http://{{ip}}:9200 es_url = http://{{ip}}:9200
@@ -20,14 +21,14 @@ grr_pass = YOURGRRPASS
[hive] [hive]
hive_url = https://{{ip}}/thehive/ hive_url = https://{{ip}}/thehive/
hive_key = YOURHIVEKEY hive_key = {{ HIVEKEY }}
hive_tlp = 3 hive_tlp = 3
hive_verifycert = False hive_verifycert = False
[misp] [misp]
misp_url = YOURMISPURL misp_url = YOURMISPURL
misp_key = YOURMISPKEY misp_key = YOURMISPKEY
misp_verifycert = False misp_verifycert = False
distrib = 0 distrib = 0
threat = 4 threat = 4
analysis = 0 analysis = 0

2
salt/suricata/init.sls
View File

@@ -72,7 +72,7 @@ suriconfigsync:
so-suricata: so-suricata:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-suricata:HH1.0.6 - image: soshybridhunter/so-suricata:HH1.0.7
- privileged: True - privileged: True
- environment: - environment:
- INTERFACE={{ interface }} - INTERFACE={{ interface }}

2
salt/top.sls
View File

@@ -44,6 +44,7 @@ base:
- filebeat - filebeat
- utility - utility
- schedule - schedule
- soctopus
'G@role:so-master': 'G@role:so-master':
@@ -64,6 +65,7 @@ base:
- utility - utility
- schedule - schedule
- fleet - fleet
- soctopus
# Storage node logic # Storage node logic

2
salt/wazuh/init.sls
View File

@@ -58,7 +58,7 @@ wazuhagentregister:
so-wazuh: so-wazuh:
docker_container.running: docker_container.running:
- image: soshybridhunter/so-wazuh:HH1.0.5 - image: soshybridhunter/so-wazuh:HH1.0.7
- hostname: {{HOSTNAME}}-wazuh-manager - hostname: {{HOSTNAME}}-wazuh-manager
- name: so-wazuh - name: so-wazuh
- detach: True - detach: True

4
so-setup-network.sh
View File

@@ -427,6 +427,7 @@ generate_passwords(){
# Generate Random Passwords for Things # Generate Random Passwords for Things
MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
HIVEKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
} }
get_filesystem_nsm(){ get_filesystem_nsm(){
@@ -588,6 +589,9 @@ master_static() {
echo " broversion: $BROVERSION" >> /opt/so/saltstack/pillar/static.sls echo " broversion: $BROVERSION" >> /opt/so/saltstack/pillar/static.sls
echo " ids: $NIDS" >> /opt/so/saltstack/pillar/static.sls echo " ids: $NIDS" >> /opt/so/saltstack/pillar/static.sls
echo " masterip: $MAINIP" >> /opt/so/saltstack/pillar/static.sls echo " masterip: $MAINIP" >> /opt/so/saltstack/pillar/static.sls
echo " hiveuser: hiveadmin" >> /opt/so/saltstack/pillar/static.sls
echo " hivepassword: hivechangeme" >> /opt/so/saltstack/pillar/static.sls
echo " hivekey: $HIVEKEY" >> /opt/so/saltstack/pillar/static.sls
if [[ $MASTERUPDATES == 'MASTER' ]]; then if [[ $MASTERUPDATES == 'MASTER' ]]; then
echo " masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls echo " masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls
else else