Merge pull request #1 from TOoSmOotH/master

....
2025-12-07 01:32:47 +01:00 · 2019-04-03 10:06:12 -04:00
parent b84b356c22 2bbd31c954
commit 08462ff69e
12 changed files with 62 additions and 12 deletions
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -103,7 +103,7 @@ nginxtmp:
 # Start the core docker
 so-core:
  docker_container.running:
-    - image: soshybridhunter/so-core:HH1.0.5
+    - image: soshybridhunter/so-core:HH1.0.7
    - hostname: so-core
    - user: socore
    - binds:
@@ -114,6 +114,7 @@ so-core:
      - /opt/so/tmp/nginx/:/run:rw
      - /etc/pki/masterssl.crt:/etc/pki/nginx/server.crt:ro
      - /etc/pki/masterssl.key:/etc/pki/nginx/server.key:ro
+      - /opt/so/conf/fleet/packages:/opt/so/html/packages
    - cap_add: NET_BIND_SERVICE
    - port_bindings:
      - 80:80
@@ -156,7 +157,7 @@ tgrafconf:

 so-telegraf:
  docker_container.running:
-    - image: soshybridhunter/so-telegraf:HH1.0.4
+    - image: soshybridhunter/so-telegraf:HH1.0.7
    - environment:
      - HOST_PROC=/host/proc
      - HOST_ETC=/host/etc
@@ -211,7 +212,7 @@ influxdbconf:

 so-influxdb:
  docker_container.running:
-    - image: soshybridhunter/so-influxdb:HH1.0.4
+    - image: soshybridhunter/so-influxdb:HH1.0.7
    - hostname: influxdb
    - environment:
      - INFLUXDB_HTTP_LOG_ENABLED=false
@@ -368,7 +369,7 @@ dashboard-{{ SN }}:
 # Install the docker. This needs to be behind nginx at some point
 so-grafana:
  docker_container.running:
-    - image: soshybridhunter/so-grafana:HH1.0.4
+    - image: soshybridhunter/so-grafana:HH1.0.7
    - hostname: grafana
    - user: socore
    - binds:
--- a/salt/hive/init.sls
+++ b/salt/hive/init.sls
@@ -78,3 +78,8 @@ so-thehive:
      - /opt/so/conf/hive/etc/application.conf:/opt/thehive/conf/application.conf:ro
    - port_bindings:
      - 0.0.0.0:9000:9000
+
+hivescript:
+  cmd.script:
+    - source: salt://hive/thehive/scripts/hive_init.sh
+    - template: jinja
--- a/salt/hive/thehive/scripts/hive_init.sh
+++ b/salt/hive/thehive/scripts/hive_init.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
+{%- set HIVEUSER = salt['pillar.get']('static:hiveuser', '') %}
+{%- set HIVEPASSWORD = salt['pillar.get']('static:hivepassword', '') %}
+{%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}
+
+hive_init(){
+    sleep 60
+    HIVE_IP="{{MASTERIP}}"
+    HIVE_USER="{{HIVEUSER}}"
+    HIVE_PASSWORD="{{HIVEPASSWORD}}"
+    SOCTOPUS_CONFIG="/opt/so/saltstack/salt/soctopus/files/SOCtopus.conf"
+
+    # Migrate DB
+    curl -v -k -XPOST "https://$HIVE_IP:/thehive/api/maintenance/migrate"
+
+    # Generate unique ID for apikey
+    HIVE_KEY="{{HIVEKEY}}"
+
+    # Create intial TheHive user
+    curl -v -k "https://$HIVE_IP/thehive/api/user" -H "Content-Type: application/json" -d "{\"login\" : \"$HIVE_USER\",\"name\" : \"$HIVE_USER\",\"roles\" : [\"read\",\"alert\",\"write\",\"admin\"],\"preferences\" : \"{}\",\"password\" : \"$HIVE_PASSWORD\", \"key\": \"$HIVE_KEY\"}"
+
+    # Update SOCtopus config with apikey value
+    #sed -i "s/hive_key = .*/hive_key = $HIVE_KEY/" $SOCTOPUS_CONFIG
+
+    # Check for correct authentication
+    #curl -v -k -H "Authorization: Bearer $HIVE_KEY" "https://$HIVE_IP/thehive/api/user/$USER"
+
+    touch /opt/so/state/thehive.txt
+
+}
+
+if [ -f /opt/so/state/thehive.txt ]; then
+    exit 0
+else
+    hive_init
+fi
--- a/salt/kibana/init.sls
+++ b/salt/kibana/init.sls
@@ -57,7 +57,7 @@ synckibanacustom:
 # Start the kibana docker
 so-kibana:
  docker_container.running:
-    - image: soshybridhunter/so-kibana:HH1.0.6
+    - image: soshybridhunter/so-kibana:HH1.0.7
    - hostname: kibana
    - user: kibana
    - environment:
--- a/salt/master/init.sls
+++ b/salt/master/init.sls
@@ -49,7 +49,7 @@ acngcopyconf:
 # Install the apt-cacher-ng container
 so-aptcacherng:
  docker_container.running:
-    - image: soshybridhunter/so-acng:HH1.0.5
+    - image: soshybridhunter/so-acng:HH1.0.7
    - hostname: so-acng
    - port_bindings:
      - 0.0.0.0:3142:3142
--- a/salt/mysql/init.sls
+++ b/salt/mysql/init.sls
@@ -50,7 +50,7 @@ mysqldatadir:

 so-mysql:
  docker_container.running:
-    - image: soshybridhunter/so-mysql:HH1.0.5
+    - image: soshybridhunter/so-mysql:HH1.0.7
    - hostname: so-mysql
    - user: socore
    - port_bindings:
--- a/salt/redis/init.sls
+++ b/salt/redis/init.sls
@@ -49,7 +49,7 @@ toosmooth/so-redis:test2:

 so-redis:
  docker_container.running:
-    - image: soshybridhunter/so-redis:HH1.0.5
+    - image: soshybridhunter/so-redis:HH1.0.7
    - hostname: so-redis
    - user: socore
    - port_bindings:
--- a/salt/soctopus/files/SOCtopus.conf
+++ b/salt/soctopus/files/SOCtopus.conf
@@ -1,4 +1,5 @@
 {%- set ip = salt['pillar.get']('static:masterip', '') %}
+{%- set HIVEKEY = salt['pillar.get']('static:hivekey', '') %}

 [es]
 es_url = http://{{ip}}:9200
@@ -20,7 +21,7 @@ grr_pass = YOURGRRPASS

 [hive]
 hive_url = https://{{ip}}/thehive/
-hive_key = YOURHIVEKEY
+hive_key = {{ HIVEKEY }}
 hive_tlp = 3
 hive_verifycert = False

--- a/salt/suricata/init.sls
+++ b/salt/suricata/init.sls
@@ -72,7 +72,7 @@ suriconfigsync:

 so-suricata:
  docker_container.running:
-    - image: soshybridhunter/so-suricata:HH1.0.6
+    - image: soshybridhunter/so-suricata:HH1.0.7
    - privileged: True
    - environment:
      - INTERFACE={{ interface }}
--- a/salt/top.sls
+++ b/salt/top.sls
@@ -44,6 +44,7 @@ base:
    - filebeat
    - utility
    - schedule
+    - soctopus


  'G@role:so-master':
@@ -64,6 +65,7 @@ base:
    - utility
    - schedule
    - fleet
+    - soctopus

  # Storage node logic

--- a/salt/wazuh/init.sls
+++ b/salt/wazuh/init.sls
@@ -58,7 +58,7 @@ wazuhagentregister:

 so-wazuh:
  docker_container.running:
-    - image: soshybridhunter/so-wazuh:HH1.0.5
+    - image: soshybridhunter/so-wazuh:HH1.0.7
    - hostname: {{HOSTNAME}}-wazuh-manager
    - name: so-wazuh
    - detach: True
--- a/so-setup-network.sh
+++ b/so-setup-network.sh
@@ -427,6 +427,7 @@ generate_passwords(){
  # Generate Random Passwords for Things
  MYSQLPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
  FLEETPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
+  HIVEKEY=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
 }

 get_filesystem_nsm(){
@@ -588,6 +589,9 @@ master_static() {
  echo "  broversion: $BROVERSION" >> /opt/so/saltstack/pillar/static.sls
  echo "  ids: $NIDS" >> /opt/so/saltstack/pillar/static.sls
  echo "  masterip: $MAINIP" >> /opt/so/saltstack/pillar/static.sls
+  echo "  hiveuser: hiveadmin" >> /opt/so/saltstack/pillar/static.sls
+  echo "  hivepassword: hivechangeme" >> /opt/so/saltstack/pillar/static.sls
+  echo "  hivekey: $HIVEKEY" >> /opt/so/saltstack/pillar/static.sls
  if [[ $MASTERUPDATES == 'MASTER' ]]; then
    echo "  masterupdate: 1" >> /opt/so/saltstack/pillar/static.sls
  else