From 0ade4d78477a38eb28ec76e44666f73da9506838 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 20 Sep 2022 13:45:29 -0400 Subject: [PATCH] Adjust portgroup yaml --- salt/firewall/portgroups/portgroups.yaml | 1163 ++++++++++------------ 1 file changed, 552 insertions(+), 611 deletions(-) diff --git a/salt/firewall/portgroups/portgroups.yaml b/salt/firewall/portgroups/portgroups.yaml index 490d74d36..331b5e3f2 100644 --- a/salt/firewall/portgroups/portgroups.yaml +++ b/salt/firewall/portgroups/portgroups.yaml @@ -1,611 +1,552 @@ -firewall: - portgroups: - role: - eval: - ports: - - playbook - - mysql - - kibana - - redis - - influxdb - - elasticsearch_rest - - elasticsearch_node - - docker_registry - - influxdb - - sensoroni - - beats_5044 - - beats_5644 - - redis - - syslog - - strelka_frontend - - nginx - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - minion: - portgroups: - - salt_manager - manager: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - wazuh_agent - - wazuh_api - - wazuh_authd - - playbook - - mysql - - kibana - - redis - - minio - - influxdb - - fleet_api - - cortex - - elasticsearch_rest - - elasticsearch_node - - cortex_es_rest - - cortex_es_node - minion: - portgroups: - - acng - - docker_registry - - osquery_8080 - - influxdb - - wazuh_api - - fleet_api - - sensoroni - - yum - sensor: - portgroups: - - beats_5044 - - beats_5644 - search_node: - portgroups: - - redis - - minio - - elasticsearch_node - - beats_5644 - heavy_node: - portgroups: - - redis - - minio - - elasticsearch_node - - beats_5644 - self: - portgroups: - - syslog}} - syslog: - portgroups: - - syslog - beats_endpoint: - portgroups: - - beats_5044 - beats_endpoint_ssl: - portgroups: - - beats_5644 - elasticsearch_rest: - portgroups: - - elasticsearch_rest - endgame: - portgroups: - - endgame - osquery_endpoint: - portgroups: - - fleet_api - wazuh_agent: - portgroups: - - wazuh_agent - wazuh_api: - portgroups: - - wazuh_api - wazuh_authd: - portgroups: - - wazuh_authd - analyst: - portgroups: - - nginx - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - minion: - portgroups: - - salt_manager - managersearch: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - wazuh_agent - - wazuh_api - - wazuh_authd - - playbook - - mysql - - kibana - - redis - - minio - - influxdb - - fleet_api - - cortex - - elasticsearch_rest - - elasticsearch_node - - cortex_es_rest - - cortex_es_node - minion: - portgroups: - - acng - - docker_registry - - osquery_8080 - - influxdb - - wazuh_api - - fleet_api - - sensoroni - - yum - sensor: - portgroups: - - beats_5044 - - beats_5644 - search_node: - portgroups: - - redis - - minio - - elasticsearch_node - heavy_node: - portgroups: - - redis - - minio - - elasticsearch_node - self: - portgroups: - - syslog}} - beats_endpoint: - portgroups: - - beats_5044 - beats_endpoint_ssl: - portgroups: - - beats_5644 - elasticsearch_rest: - portgroups: - - elasticsearch_rest - endgame: - portgroups: - - endgame - osquery_endpoint: - portgroups: - - fleet_api - syslog: - portgroups: - - syslog - wazuh_agent: - portgroups: - - wazuh_agent - wazuh_api: - portgroups: - - wazuh_api - wazuh_authd: - portgroups: - - wazuh_authd - analyst: - portgroups: - - nginx - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - minion: - portgroups: - - salt_manager - standalone: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - wazuh_agent - - wazuh_api - - wazuh_authd - - playbook - - mysql - - kibana - - redis - - minio - - influxdb - - fleet_api - - cortex - - elasticsearch_rest - - elasticsearch_node - - cortex_es_rest - - cortex_es_node - minion: - portgroups: - - acng - - docker_registry - - osquery_8080 - - influxdb - - wazuh_api - - fleet_api - - sensoroni - - yum - sensor: - portgroups: - - beats_5044 - - beats_5644 - search_node: - portgroups: - - redis - - minio - - elasticsearch_node - heavy_node: - portgroups: - - redis - - minio - - elasticsearch_node - self: - portgroups: - - syslog}} - beats_endpoint: - portgroups: - - beats_5044 - beats_endpoint_ssl: - portgroups: - - beats_5644 - elasticsearch_rest: - portgroups: - - elasticsearch_rest - endgame: - portgroups: - - endgame - osquery_endpoint: - portgroups: - - fleet_api - strelka_frontend: - portgroups: - - strelka_frontend - syslog: - portgroups: - - syslog - wazuh_agent: - portgroups: - - wazuh_agent - wazuh_api: - portgroups: - - wazuh_api - wazuh_authd: - portgroups: - - wazuh_authd - analyst: - portgroups: - - nginx - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - minion: - portgroups: - - salt_manager - helixsensor: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - wazuh_agent - - playbook - - mysql - - kibana - - redis - - influxdb - - fleet_api - - cortex - - elasticsearch_rest - - elasticsearch_node - - cortex_es_rest - - cortex_es_node - minion: - portgroups: - - acng - - docker_registry - - osquery_8080 - - influxdb - - wazuh_api - - sensoroni - sensor: - portgroups: - - beats_5044 - - beats_5644 - search_node: - portgroups: - - redis - - elasticsearch_node - self: - portgroups: - - syslog}} - beats_endpoint: - portgroups: - - beats_5044 - osquery_endpoint: - portgroups: - - fleet_api - wazuh_agent: - portgroups: - - wazuh_agent - analyst: - portgroups: - - nginx - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - minion: - portgroups: - - salt_manager - searchnode: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - elasticsearch_node - - elasticsearch_rest - dockernet: - portgroups: - - elasticsearch_node - - elasticsearch_rest - elasticsearch_rest: - portgroups: - - elasticsearch_rest - search_node: - portgroups: - - elasticsearch_node - self: - portgroups: - - syslog}} - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - sensor: - chain: - DOCKER-USER: - hostgroups: - self: - portgroups: - - syslog - strelka_frontend: - portgroups: - - strelka_frontend - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - heavynode: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - elasticsearch_node - - elasticsearch_rest - dockernet: - portgroups: - - elasticsearch_node - - elasticsearch_rest - elasticsearch_rest: - portgroups: - - elasticsearch_rest - self: - portgroups: - - syslog}} - strelka_frontend: - portgroups: - - strelka_frontend - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - fleet: - chain: - DOCKER-USER: - hostgroups: - self: - portgroups: - - redis - - mysql - - osquery_8080 - localhost: - portgroups: - - mysql - - osquery_8080 - analyst: - portgroups: - - fleet_webui - minion: - portgroups: - - fleet_api - osquery_endpoint: - portgroups: - - fleet_api}} - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - import: - chain: - DOCKER-USER: - hostgroups: - manager: - portgroups: - - kibana - - redis - - influxdb - - elasticsearch_rest - - elasticsearch_node - minion: - portgroups: - - docker_registry - - sensoroni - sensor: - portgroups: - - beats_5044 - - beats_5644 - search_node: - portgroups: - - redis - - elasticsearch_node - beats_endpoint: - portgroups: - - beats_5044 - beats_endpoint_ssl: - portgroups: - - beats_5644 - elasticsearch_rest: - portgroups: - - elasticsearch_rest - analyst: - portgroups: - - nginx - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - minion: - portgroups: - - salt_manager - - receiver: - chain: - DOCKER-USER: - hostgroups: - sensor: - portgroups: - - beats_5644 - search_node: - portgroups: - - redis - - beats_5644 - self: - portgroups: - - redis - - syslog}} - - beats_5644 - syslog: - portgroups: - - syslog - beats_endpoint: - portgroups: - - beats_5044 - beats_endpoint_ssl: - portgroups: - - beats_5644 - endgame: - portgroups: - - endgame - wazuh_agent: - portgroups: - - wazuh_agent - wazuh_api: - portgroups: - - wazuh_api - wazuh_authd: - portgroups: - - wazuh_authd - INPUT: - hostgroups: - anywhere: - portgroups: - - ssh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - idh: - chain: - INPUT: - hostgroups: - anywhere: - portgroups: - - idh - dockernet: - portgroups: - - all - localhost: - portgroups: - - all - manager: - portgroups: - - ssh \ No newline at end of file +role: + eval: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - playbook + - mysql + - kibana + - redis + - minio + - influxdb + - cortex + - elasticsearch_rest + - elasticsearch_node + - cortex_es_rest + - cortex_es_node + minion: + portgroups: + - acng + - docker_registry + - influxdb + - sensoroni + sensor: + portgroups: + - beats_5044 + - beats_5644 + search_node: + portgroups: + - redis + - minio + - elasticsearch_node + heavy_node: + portgroups: + - redis + - minio + - elasticsearch_node + self: + portgroups: + - syslog + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + elasticsearch_rest: + portgroups: + - elasticsearch_rest + elastic_agent_endpoint: + portgroups: + - elastic_agent_control + - elastic_agent_data + strelka_frontend: + portgroups: + - strelka_frontend + syslog: + portgroups: + - syslog + analyst: + portgroups: + - nginx + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + minion: + portgroups: + - salt_manager + manager: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - playbook + - mysql + - kibana + - redis + - minio + - influxdb + - cortex + - elasticsearch_rest + - elasticsearch_node + - cortex_es_rest + - cortex_es_node + minion: + portgroups: + - acng + - docker_registry + - influxdb + - sensoroni + - yum + sensor: + portgroups: + - beats_5044 + - beats_5644 + search_node: + portgroups: + - redis + - minio + - elasticsearch_node + - beats_5644 + heavy_node: + portgroups: + - redis + - minio + - elasticsearch_node + - beats_5644 + self: + portgroups: + - syslog + syslog: + portgroups: + - syslog + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + elasticsearch_rest: + portgroups: + - elasticsearch_rest + endgame: + portgroups: + - endgame + analyst: + portgroups: + - nginx + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + minion: + portgroups: + - salt_manager + managersearch: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - playbook + - mysql + - kibana + - redis + - minio + - influxdb + - cortex + - elasticsearch_rest + - elasticsearch_node + - cortex_es_rest + - cortex_es_node + minion: + portgroups: + - acng + - docker_registry + - influxdb + - sensoroni + - yum + sensor: + portgroups: + - beats_5044 + - beats_5644 + search_node: + portgroups: + - redis + - minio + - elasticsearch_node + heavy_node: + portgroups: + - redis + - minio + - elasticsearch_node + self: + portgroups: + - syslog}} + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + elasticsearch_rest: + portgroups: + - elasticsearch_rest + elastic_agent_endpoint: + portgroups: + - elastic_agent_control + - elastic_agent_data + endgame: + portgroups: + - endgame + syslog: + portgroups: + - syslog + analyst: + portgroups: + - nginx + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + minion: + portgroups: + - salt_manager + standalone: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - playbook + - mysql + - kibana + - redis + - minio + - influxdb + - cortex + - elasticsearch_rest + - elasticsearch_node + - cortex_es_rest + - cortex_es_node + minion: + portgroups: + - acng + - docker_registry + - influxdb + - sensoroni + - yum + sensor: + portgroups: + - beats_5044 + - beats_5644 + search_node: + portgroups: + - redis + - minio + - elasticsearch_node + heavy_node: + portgroups: + - redis + - minio + - elasticsearch_node + self: + portgroups: + - syslog}} + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + elasticsearch_rest: + portgroups: + - elasticsearch_rest + elastic_agent_endpoint: + portgroups: + - elastic_agent_control + - elastic_agent_data + endgame: + portgroups: + - endgame + strelka_frontend: + portgroups: + - strelka_frontend + syslog: + portgroups: + - syslog + analyst: + portgroups: + - nginx + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + minion: + portgroups: + - salt_manager + helixsensor: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - playbook + - mysql + - kibana + - redis + - influxdb + - cortex + - elasticsearch_rest + - elasticsearch_node + - cortex_es_rest + - cortex_es_node + minion: + portgroups: + - acng + - docker_registry + - influxdb + - sensoroni + sensor: + portgroups: + - beats_5044 + - beats_5644 + search_node: + portgroups: + - redis + - elasticsearch_node + self: + portgroups: + - syslog}} + beats_endpoint: + portgroups: + - beats_5044 + analyst: + portgroups: + - nginx + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + minion: + portgroups: + - salt_manager + searchnode: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - elasticsearch_node + - elasticsearch_rest + dockernet: + portgroups: + - elasticsearch_node + - elasticsearch_rest + elasticsearch_rest: + portgroups: + - elasticsearch_rest + search_node: + portgroups: + - elasticsearch_node + self: + portgroups: + - syslog + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + sensor: + chain: + DOCKER-USER: + hostgroups: + self: + portgroups: + - syslog + strelka_frontend: + portgroups: + - strelka_frontend + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + heavynode: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - elasticsearch_node + - elasticsearch_rest + dockernet: + portgroups: + - elasticsearch_node + - elasticsearch_rest + elasticsearch_rest: + portgroups: + - elasticsearch_rest + self: + portgroups: + - syslog + strelka_frontend: + portgroups: + - strelka_frontend + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + import: + chain: + DOCKER-USER: + hostgroups: + manager: + portgroups: + - kibana + - redis + - influxdb + - elasticsearch_rest + - elasticsearch_node + minion: + portgroups: + - docker_registry + - sensoroni + sensor: + portgroups: + - beats_5044 + - beats_5644 + search_node: + portgroups: + - redis + - elasticsearch_node + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + elasticsearch_rest: + portgroups: + - elasticsearch_rest + analyst: + portgroups: + - nginx + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + minion: + portgroups: + - salt_manager + + receiver: + chain: + DOCKER-USER: + hostgroups: + sensor: + portgroups: + - beats_5644 + search_node: + portgroups: + - redis + - beats_5644 + self: + portgroups: + - redis + - syslog + - beats_5644 + syslog: + portgroups: + - syslog + beats_endpoint: + portgroups: + - beats_5044 + beats_endpoint_ssl: + portgroups: + - beats_5644 + endgame: + portgroups: + - endgame + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + idh: + chain: + INPUT: + hostgroups: + anywhere: + portgroups: + - ssh + dockernet: + portgroups: + - all + localhost: + portgroups: + - all + manager: + portgroups: + - ssh \ No newline at end of file